Those photocopies of your bottom, which you thought would be an original and funny statement of the contents of your soul during the office Christmas party, have started to worry the US Federal Trade Commission.
The FTC is worried that the pictures at the bottom end of the market are being stored on the photocopier’s hard drive and could be used to make an ass of you.
At the moment it is just happy with issuing a warning that if you photocopy your butt on a modern copier, it’s probably still there, but it might be forced to do something about it in the future.
Modern copiers store the image on the copier’s hard drive, along with medical forms, financial documents, and all your company secrets.
Once the copiers are resold or their lease expires it is possible to lift it out and use the information.
CBS got its paws on one of these hard-drives and found “a list of targets in a major drug raid” from the Buffalo Police Narcotics Unit. It also scored Social Security numbers, medical documents, and “$40,000 in copied cheques.”
The Chairman of the FTC, Jon Leibowitz, said his agency is taking the matter quite seriously. After all, there might be a hairy posture view of Leibowitz or any one else in the FTC hanging on a notice board of the Chinese secret service, causing much mirth.
According to Leibowitz, the FTC is now “reaching out” to copier manufacturers, resellers, and retail copy and office supply stores to ensure that they are aware of the privacy risks associated with digital copiers and to determine whether they are warning their customers about these risks.
“We will work with these entities to help ensure that they provide appropriate educational materials on the subject to their clients,” he said.
The FTC said it avoids the problem internally by signing lease agreements that give the agency full ownership of the hard drives inside the copiers.
When the lease is up, the FTC will “erase and subsequently destroy these hard drives” before returning the copiers.
I have a question; Why did it take almost 9 years for the media and now Government to catch onto this security threat? Warnings were given back in 2001, and fell on deaf ears. What gives?
This news came out a couple months ago on one TV network, other TV networks just recently picking it up, as well as print media, however doing a search on the net I found an article below, dated 2001, on this same subject. Someone was on the ball back then.
Here is the article, from the August 31, 2001 issue of CRN.
When it comes to securing corporate data, IT administrators may overlook the risks associated with digital copiers and printers.
According to a survey of more than 1,100 IT professionals recently sponsored by Sharp Electronics, nearly half said they did not believe copiers and printers have hard drives. Sixty-five percent said the machines presented little or no risk to data security.
“People have been focusing on antivirus software and firewalls and protecting workstations but not peripherals,” says Peter Cybuck, senior manager of product planning, marketing and program management at Sharp’s Document & Network Solutions Group.
The most common threats to digital copiers and printers stem from intruders stealing the hard drives containing confidential data, or reprinting documents directly from the machine after the earlier print command was canceled, according to Sharp, based here.
Today’s multifunctional copiers and printers store documents in memory, Cybuck says. “They might not just retain the last job, but the last 20 to 30,” he adds.
Sharp offers a Data Security Kit, through its dealers, that protects confidential documents processed by its digital copiers and printers by overwriting the data with random numbers.
Sharp, based here, recently announced that the kit won a Common Criteria certificate from the National Information Assurance Partnership (NIAP), a joint program of the National Security Agency and the National Institute of Standards and Technology. The Common Criteria program defines general concepts and principles of IT security evaluation.
While high-end copiers have the ability to store print jobs, the amount of storage is limited, compared with network storage, says Jim Kelton, president of Software Unlimited, an IT consulting company in Irvine, Calif.
Companies need to have a system in place to ensure they’re not disclosing confidential information when they discard the machine, he says.
In addition to its Data Security Kit, Sharp’s copier, scanner and printer products include a security feature that requires user authorization to prevent unauthorized viewing of documents sent to shared network printers.
Sharp also offers Windows NT server-based software that puts digital fingerprints on printed documents to determine the origin of final hard copy. The company recently added network interface controls to allow administrators to limit access to the machines.
Xerox (NYSE:XRX) also offers several security features on its digital copiers and printers. Hard drives on the machines are protected from unauthorized users by a strong encryption system, says Mark Burris, manager of product marketing for Xerox’s document center products.
And two years ago, the company addressed a need among its government accounts by providing the ability to remove the hard drive from the machines, he says.
“Security-conscious customers can physically remove those hard drives at the end of the day,” Burris says.
The company also recently unveiled new software that provides authenticated scanning.
——–
Health Insurer Notifies More Than 409,000 Of Potential Breach
Sensitive medical records found on previously leased digital copier, company says
Apr 21, 2010
By Tim Wilson
DarkReading
Affinity Health Plan, a New York managed care service, is notifying more than 400,000 current and former customers employees that their personal data might have been leaked through the loss of an unerased digital copier hard drive.
According to a press release (PDF) quietly issued earlier this month, some personal records were found on the hard drive of a copier found in a New Jersey warehouse. The copier had previously been leased by Affinity and was then returned to the leasing company, the release states.
The disclosure follows the airing of a CBS News report that called attention to the practice of recycling or resale of copiers whose hard drives have not been properly erased.
The report showed the discovery of numerous medical records found on warehoused digital copiers. An executive at a company that makes hard-drive-erasure products used a free forensics tool to glean the data from one of the copiers in the CBS News report.
The CBS investigation also turned up sensitive data from other organizations, including personal information from a restaurant in the Phoenix area and criminal records information from a Buffalo-area police department.
Affinity Health Plan says it has not had a chance to review the data found on the copier, but in a news report, a spokesman said the figure of 409,262 notifications includes former and current employees, providers, applicants for jobs, members, and applicants for coverage.
Failure to properly dispose of medical records is a violation of New York privacy regulations and could carry fines or other sanctions.
