Clandestine codes used to track the output of some color laser printers have been cracked by a research team led by the Electronic Frontier Foundation (EFF).
According to the organization, the codes are part of a deal cut by the U.S. Secret Service with some printer makers to help curb the counterfeiting of currency.
In a statement released yesterday, the EFF said the codes, which are invisible to the human eye but can be seen with a microscope or under blue light, reveal the date and time a page was printed as well as the printer’s serial number.
Industry on Board
The EFF has published a list of printers that deploy the coding scheme at its Web site.
“The whole industry has agreed to do this tracking without regard to how expensive the printers are,” EFF staff technologist Seth David Schoen told TechNewsWorld.
The EFF has broken codes on pages printed on Xerox DocuColor printers, which cost tens of thousands of dollars, Schoen said. But code crackers saw similar dots on pages printed with Dell color lasers, which sell for US$299 to $399.
Privacy Concerns
While the codes may aid the Secret Service’s fight against counterfeiting, the practice raises some larger issues for society, according to EFF Staff Attorney Lee Tien.
“People who want to protect their anonymity — whether they’re whistleblowers or dissidents or journalists or whatever — when they print something out, should know that there’s an issue here,” he told TechNewsWorld.
An even bigger issue, he argued, lies with how this protection scheme was implemented in the first place.
“What right does the government have to make backroom deals with makers of equipment to make it easier for people to be tracked or traced without their knowledge and without any public debate?” he asked rhetorically.
“When the government is essentially making design decisions that are intended to facilitate surveillance or tracking,” he observed, “we think that raises some really serious, big picture policy issues.”
Public’s Right to Know
Jonathan Zittrain, director Harvard Law School’s Berkman Center for Internet and Society in Cambridge, Mass., found the printer tracking scheme “pretty extraordinary.”
“I think this particular implementation is not per se such a problem, but the general public ought to be told which particular forms of technology encode serial number or other information in its output, and have a choice about whether to use that technology,” he told TechNewsWorld via e-mail.
“Counterfeiting is a serious problem,” he continued, “and there ought to be some way to prevent its undue exacerbation through color printing technologies without compromising the anonymity of every single document the printer might ever be asked to print.”
Those ways do exist. Since all printers have characteristics that distinguish them as fingerprints distinguish people, there are less Draconian ways to track documents, like those developed by Professor Edward J. Delp at Purdue University’s School of Electrical and Computer Engineering in West Lafayette, Ind. “The techniques that we developed in our research projects are a little bit more costly,” he told TechNewsWorld. “This is easy to do and easy to extract. Our method is a little harder to do.”
Initiated in Copiers
Although reports about the codes, which appear as yellow dot patterns in a 15-by-8 matrix, were revealed in the press last fall, the practice appears to have been going on for some time. A Xerox researcher told PC World, for example, last year that his company pioneered the coding scheme with its color copiers. Several nations balked at allowing the copiers to be sold within their borders because they feared the machines would be used to counterfeit currency, he explained.
When contacted by TechNewsWorld, Xerox declined to comment on its use of stealth codes to track printer output.
“Xerox Corporation is the world’s leading expert on the copying process — after all, we invented it,” Bill McKee, a spokesman for the company, said via e-mail.
“However,” he continued, “as you can imagine for security reasons, we cannot disclose any additional details.
“Please rest assured that Xerox does not routinely share any information about its customers. We, like any manufacturer, assist investigating agencies, when asked,” he added.
Doesn’t Track PCs
As for the Secret Service, it sees the coding scheme as important part on its war on counterfeiters.
“The Secret Service has worked in conjunction with not only government agencies but with industry partners in coming up with preventive measures for this type of equipment to make it more difficult to use illegally to produce counterfeit currency,” spokesperson Eric Zahren told TechNewsWorld.
“It is a very specific technology,” he added, “and it in no way tracks what’s on or how a personal computer is being used.”