Bruce Schneier |
|||||||||
Schneier on SecurityA weblog covering security and security technology. « Passport Required to Use the Internet in Italy | Main | UK Terrorism Law Used for Non-Terrorism Purposes » October 19, 2005Secret Forensic Codes in Color Laser PrintersMany color laser printers embed secret information in every page they print, basically to identify you by. Here, the EFF has cracked the code of the Xerox DocuColor series of printers. The DocuColor series prints a rectangular grid of 15 by 8 miniscule yellow dots on every color page. The same grid is printed repeatedly over the entire page, but the repetitions of the grid are offset slightly from one another so that each grid is separated from the others. The grid is printed parallel to the edges of the page, and the offset of the grid from the edges of the page seems to vary. These dots encode up to 14 7-bit bytes of tracking information, plus row and column parity for error correction. Typically, about four of these bytes were unused (depending on printer model), giving 10 bytes of useful data. Below, we explain how to extract serial number, date, and time from these dots. Following the explanation, we implement the decoding process in an interactive computer program. EDITED TO ADD: New story here. Trackback PingsTrackBack URL for this
entry: Listed below are links to weblogs that reference Secret Forensic Codes in Color Laser Printers: » Your
Printer's Fingerprint - Exposed; A Way for Government to Track Your
Documents from Zmetro.com Tracked on October 19, 2005 08:58 AM » Hint to criminals using computers from The View From
North Central Idaho Tracked on October 19, 2005 09:31 AM » Secret Forensic Codes in Color Laser Printers from Von
Freud Tracked on October 19, 2005 10:04 AM » Schneier on Security: Secret Forensic Codes in Color Laser
Printers from Chris Mosby at myITforum.com Tracked on October 19, 2005 01:55 PM » Secret identifiers in color laser printers from Stephen
Laniel’s Unspecified Bunker Tracked on October 20, 2005 09:20 AM » Secret identifiers in color laser printers from Stephen
Laniel’s Unspecified Bunker Tracked on October 20, 2005 09:21 AM I am surprised I have never heard of this before. What do you think would be the public's reaction to this? Posted by: Joseph at October 19, 2005 08:52 AM Pure blue LEDs: http://www.superbrightleds.com/specs/v1015_specs.htm Main page: http://www.superbrightleds.com/leds.htm Posted by: Joseph at October 19, 2005 08:57 AM It wasn't a big secret that it was there, I'd certainly never seen
anyone explain what form it takes before. Posted by: Ian Woollard at October 19, 2005 09:10 AM This will be (and probably is) a superb tool to aid forensic document analysis in criminal cases. Pareticulalrly as there seems to be hardly any compromises with regards to printed image quality. I must say though that the title of the trackback"... a way for the government to track your documents" was rather perplexing. I can;t possibly imagine that a random individual's documents are of any more interest to the government than what colour trousers a given person wears on a given day. Posted by: DarkFire at October 19, 2005 09:14 AM @Joseph: The public's reaction will be complete apathy. Posted by: Bill Mill at October 19, 2005 09:18 AM The dot pattern is in-band, in the sense that the data (the image printed) and the dots both share the same medium. Detection might be thwarted if you simply overlay all of the possible dot positions with dots in the printed image. If the printer adjusts to that by XOR-ing the image with the dot pattern then a random pattern can be used. Another way to thwart detection is to break the evidence trail by buying the printer in cash and in disguise and in an out-of-town place, or steal it, or buy it used and in cash. Posted by: Arik at October 19, 2005 09:18 AM Isn't this intended to trace people copying money? Especially those easily copyable US Dollars (even if many machines can detect and stop if asked to copy notes). However I wonder how much of our valuable ink is used to produce these dots? Must be environmentally unfriendly over time! Posted by: CM at October 19, 2005 09:20 AM All of which explains why my yellow cartridge seems to evaporate even when I'm only doing b/w text printouts... Posted by: mark at October 19, 2005 09:40 AM @Dark Fire The worry is more about what the gov will do with groups that it doesn't like. Imagine if Martin Luther had used one of those printers. Or Benjamin Franklin. Or any group that prints the truths the government doesn't want published. Posted by: phessler at October 19, 2005 09:50 AM It's like CM said, to keep people from copying currency. It's probably how they found out a bunch of Columbia U. students were circulating copies of $20 bills just around Xmas a few years back... Posted by: what_he_said at October 19, 2005 10:05 AM I personally have no problem with this. Forensic analysis can usually trace back a document to a printer due to small discrepancies in the drum or fuser, now it's just a bit easier. I can also see how this could be useful to organizations tracking leaks of confidential/secret documents since we can see exactly which printer was used. I think the only objection was that it was done w/o the public's knowledge. Posted by: stewarsh at October 19, 2005 10:12 AM @stewash -- I remember seeing articles about this months, if not years ago. Posted by: Joe at October 19, 2005 10:57 AM To me this is a serious privacy issue. The US government has secretly asked to insert tracking codes on every printed pages. I really prefer to naively believe this was done specifically for money copying problems. Whatever the original intent was, the fact is that tracking codes are systematically inserted without your knowledge and without your consent. Add to that a weak and easily forgeable coding scheme. Yuk. Where else does the US government has asked to put secret/hidden tracking codes? Next thing you know everyone will be wearing RFIDs, surveillance cameras will be everywhere, and why not, you will be required to also wear your personnal blackbox, recording everything, at all time. But eh! this is for the better of the community! Posted by: niloC at October 19, 2005 10:58 AM @ DarkFire "... any more interest to the government than what colour trousers a given person wears on a given day." And thanks to RFID being embedded in clothing, they know that too. But seriously, consider the case of the corporate (or government) whistle-blower who prints out and incriminating email or document. If the evil-doers can get ahold of the printout, it's almost trivial to reconstruct when and where it was printed, and therefore significantly narrow down the person who leaked the information and punish them. A certain amount of "anonymous" data is a good safeguard for society. (Also, it's unlikely that our hypothetical whistle-blower would be able to sneak in an "untraceable" printer.) -- Mitch Posted by: Mitch at October 19, 2005 11:11 AM Does anyone know if this type of identification is admissable in court?
Should it be? Posted by: James Walker at October 19, 2005 11:25 AM @ James Good question. I believe it has been used extensively in investigations, but have not heard/seen any specific court references to the technology. Note: this is not new at all. There was a big blow-up about it late last year, and I believe it was in the news the year before related to catching a suspect in a high-profile case. When I have some more time I'll see if I can dig up the actual story. In the meantime, here's a good reference: http://www.pcworld.com/news/article/0,aid,118664,00.asp "Laser-printing technology makes it incredibly easy to counterfeit money and documents, and [senior research fellow at Xerox] Crean says the dots, in use in some printers for decades, allow law enforcement to identify and track down counterfeiters. However, they could also be employed to track a document back to any person or business that printed it. Although the technology has existed for a long time, printer companies have not been required to notify customers of the feature. Lorelei Pagano, a counterfeiting specialist with the U.S. Secret Service, stresses that the government uses the embedded serial numbers only when alerted to a forgery. 'The only time any information is gained from these documents is purely in [the case of] a criminal act,' she says." Posted by: Davi Ottenheimer at October 19, 2005 11:33 AM As far as I can tell, this only applies to color laser printers. Are ink-jet printers affected? Posted by: x at October 19, 2005 11:47 AM Here's the EFF page that came after the PC World article: http://www.eff.org/Privacy/printers/wp.php It even had an early list of printers confirmed to have yellow-dot syndrome (updated version here: http://www.eff.org/Privacy/printers/list.php). You would think they could start a campaign with something that strikes
a chord with people, like "Yellow-dot fever. Has your printer been
infected?" Posted by: Davi Ottenheimer at October 19, 2005 11:58 AM I have a vague recollection that this was worked out with the U.S. Treasury Dept. back when color copiers started to be good enough to make fake securities, currency (good enough to fool a bill changer), etc. It traces the machine, not the user, of course. I wonder what a second-generation copy does. It must not see the glyph on the first copy and make a new one, you think? Posted by: orcmid at October 19, 2005 12:32 PM There's a whole lot of underhand stuff embedded in printers, scanners and image-manipulation software. Much currency has a special pattern [nicknamed the EURion Constellation"] appearing on it - this is detected by some image-processing software [Adobe, Paint Shop Pro] and if you try to open such documents you are referred to http://www.rulesforuse.org/ where you get a homily on the evils of currency counteirfeiting. Posted by: Tanuki at October 19, 2005 12:37 PM Its more then So the counter responses will be to a)avoid the tracking printer technology b) use older untraceable technologies and or c) simply mass produce on a scale such that it would be impossible to link back to original source printer technology (unless they are all unique? Questionable whether someone could prove beyond a reasonable doubt someone used a printer unless their biometric was also obstensibly embedded into the documents. Who would submit to these sorts of intrusions? Think of the broader privacy & security concerns and issues. Counterfeiting aside maybe they should upgrade the US money faster rather then waiting a dozen years for the criminals to catch on. Posted by: deidentified at October 19, 2005 12:49 PM If the only excuse for this is currency counterfeiting, the simple solution is to make currency that isn't so easily copied with a $300 printer. US currency in particular is among the easiest to duplicate. I noticed on a recent trip to Canada that they have all sorts of neat things like Braille and metallic strips that aren't so easily copied with a printer. Posted by: Sorvi at October 19, 2005 12:53 PM Strange, I thought everyone knew about this. Everyone who watched CSI Miami last season anyway. And yes, the evidence is admissible in court. That's why the time/date stamp is there...not that this can't be duped. Posted by: Tom Grant at October 19, 2005 12:57 PM Remember back when subversive people didn't have the budget for color printing? Seriously, if you think about it, counterfeiting seems to be a much bigger target of this scheme than tracking down government dissidents. What I'm waiting for is for someone to figure out how to "mod" the chip in the printer so that one can spoof another printer. All it it takes is the technology to exist and then the utility of the tracking dots becomes much less valuable. Posted by: martini at October 19, 2005 12:57 PM @niloC: "The US government has secretly asked to insert tracking codes on every printed pages. I really prefer to naively believe this was done specifically for money copying problems." This is actually very likely, since AFAIK B&W laser printers do not contain such codes. However, considering the resolution of modern printers, it may not be difficult to hide such things beneath what can be seen with the naked eye or perhaps even a strong magnifying glass. @deidentified: "simply mass produce on a scale such that it would be impossible to link back to original source printer technology (unless they are all unique?" I believe the serial number of the printer is included in the encoded information, and so it may be possible to trace where that printer is. At the very least, it can be combined with other evidence to provide corroboration as to means and opportunity. Posted by: Jarrod at October 19, 2005 01:10 PM Stupid question: Could you get the information from the MANUFACTURERS
as part of a lawsuit, eg a civil suit involving printed
evidence? Posted by: Nicholas weaver at October 19, 2005 01:16 PM When I was working on a classified project in 1995, one of the subcontractors showed me some work being done on another classified project. That project concerned counterfeiting money on laser printers and how to detect it. I didn't get the details on how it worked but the samples I saw were detected easily. They told me that the same fake money fooled all the other equipment and experts. The fakes looked good to me and I'm sure they have schemes for ink-jets
now. Posted by: Torus at October 19, 2005 01:28 PM 'The only time any information is gained from these documents is purely in [the case of] a criminal act,' she says. Uh-huh. Like the goalpost of "criminal act" isn't already being shifted ... Posted by: GM at October 19, 2005 01:36 PM @Tom You wouldn't happen to know specific examples of it being used in the courts would you? @martini I'm willing to bet that the technology does already exist. If not, the capability is within grasp of the sufficiently motivated, talented, or funded. I think the difficulty, or cost, with which such identification remarks are forged is going to be central to arguments about admissibility. Another interesting thought is the implications in countries without rights to free speech. E.g. antigovermental or religious writings. Posted by: James Walker at October 19, 2005 01:50 PM After the reading of this message, I am is look at my firewall log (The printer in question has an Ethernet connection). It had already rather been notable me once that there was a line in it coming from the IP address of the printer. After a couple hour a packet has been stored that in the first place a attempt seems indicate that there new toner has been ordered must become. However also in the data comes a stiff data for that by chance corresponds to the number what in the dots stands. When not blocked is the printer thus also to find on basis of the tracing of the IP address. Posted by: LH at October 19, 2005 02:31 PM Just thinking, what if a custom printer driver was made to add in little yellow dots to fill in the missing dots? Since you can't remove the dots, add your own. Posted by: jammit at October 19, 2005 03:48 PM @ Tanuki Interesting info. I remember HP talking about a next gen system supposed to try and actively detect and prevent printing currency. Here's a link I dug up: http://www.hpl.hp.com/news/2003/july_sept/counterfeit.html "Measures HP suggested include: I liked this quote: "'We had to have a solution that was inexpensive, and it had to be unobtrusive,' says HP Labs researcher Henry Sang. 'Nobody's going to pay an extra $50 for a printer because it prevents counterfeiting, and they're not going to buy one that won't print green or that prints three times slower because it's trying to detect a counterfeit.'" How true. Security enhancements never seem to be popular when you introduce them as "pay a lot more to do less". Posted by: Davi Ottenheimer at October 19, 2005 05:54 PM Here in Australia we have had polymer bank notes for over 15 years. I believe they are significantly harder to forge than paper and also last a lot longer in circulation. http://www.rba.gov.au/CurrencyNotes/NotesInCirculation/hundred_dollar.html#security_100 http://www.rba.gov.au/CurrencyNotes/ConferencePapers/cu_carlin_0402.html Posted by: Dave Collins at October 19, 2005 06:12 PM @Dave All Australian notes have the dot-pattern mentioned above that will not allow the notes to be scanned or printed on many devices. It's quite a fun exercise to try to spot them. the Reserve Bank of Australia and the CSIRO hold about 25 patents regarding polymer banknotes, and Australia is the largest manufacturer and exporter of polymer currency in the world. http://www.noteprinting.com/showText.asp?SectionID=1&ID=24 Conveniently, polymer notes are also printed on the same machines used for paper ones. This means note designers can still use intaglio, the engraving process that creates texture - another protection against photocopying. Security features are the chief selling point but using polymer is cheaper, too. Although the advance costs are greater - to produce a polymer note costs about double its paper equivalent - acentral bank's costs are smaller because polymer notes last longer. Polymer is more durable partly because, unlike paper, it is not porous and therefore does not absorb sweat, bacteria or dirt. This also makes NPA notes more hygienic and helps preserve the sharpness of security features. When they are accidentally put through the washing machine, they just come out cleaner. When Australia's $10 notes were printed on paper, they had to be replaced every eight months. Polymer ones last at least 30 months. And, once withdrawn from circulation, they are melted, broken down into granules and sold to make plastic gardening equipment. Paper notes have to be burnt or buried." Posted by: Dylan at October 19, 2005 07:41 PM @Dylan Is that why I feel so excited in the gardening section at Bunnings ? :-) Posted by: Robbo at October 19, 2005 09:01 PM @stewarsh: "Forensic analysis can usually trace back a document to a printer due to small discrepancies in the drum or fuser, now it's just a bit easier." No, it's at a whole new level. In the above situation the document itself doesn't point to a specific printer so a priori knowledge (probable cause, if you will) of what printer to test is required. In the embedded dot situation the printer itself is identified, and the document itself might be construed as probable cause for further action. As others have mentioned, consider the ramifications of this for anonymity in free speech. Posted by: dmr at October 20, 2005 02:55 PM Post a commentPowered by Movable
Type 3.2. Photo at top by Steve Woit.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Counterpane Internet Security, Inc. |
|
Comments