Well worth reading, IMHO
Tue, 07 Dec 1999 23:14:33 -0500
VOLUME 08, ISSUE 18
Date: Mon, 6 Dec 99 13:31 PST
From: email@example.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: IDs in Color Copies--A PRIVACY Forum Special Report
Greetings. We've recently seen a tirade of stories about "hidden"
identification codes and what many would consider to be surreptitious
centralized information flowing from various popular Internet products
packages. These have tended to highlight an important truth--whether
users really would be concerned about the particular identifiers or
involved, they tend to get the most upset when they feel that an
made to perform such functions "behind their backs." While it can be
how routine, intrusive, or even mundane and innocent a particular case
be, it's certainly true that people feel a lot better when they know
This issue isn't restricted only to the Internet world. A case in
the recurring rumors floating around regarding the presence or absence
identification codes in color copies (or color prints xerographically
generated from computer output systems).
A recent story involved a customer who was refused permission to make
color copy of his driver's license (to deal with an identification
with his local telephone company). A Kinko's (copying center) worker
reportedly told him that such a copy was "illegal," and could be
to the store through a "hidden ID."
Regardless of whether or not the Kinko's employee was being
his interpretation of the rules, what's really going on here regarding
so-called hidden ID code?
In fact, rumors about this, often chalked up as an "urban legend,"
circulating for a long time. This is a bit ironic, given that in the
copier/printer industry it's been well known for years--no
"invisible" IDs *are* imprinted on virtually all color xerographic
from (apparently) all of the manufacturers. But for persons outside
"the trade," this hasn't been as widely known (even though the issue
back to the early 90's, and the topic has appeared in publications
the Wall Street Journal). However, it does not appear that the
privacy-related aspects of this technology have ever been subject to
significant public discussion.
In an effort to pin down the current state of the art in this area, I
long and pleasant chat with one of Xerox's anti-counterfeiting
is the technical product manager for several of their color-copying
products. The conversation was quite illuminating. Please note that
details apply only to Xerox products, though we can safely assume
systems from competing manufacturers, although their specific policies
Years ago, when the potential for counterfeiting of valuable documents
color copiers/xerographic printers became apparent in Japan (where
machines first appeared) manufacturers were concerned about negative
governmental reaction to such technology. In an effort to stave off
legislative efforts to restrict such devices, various ID systems began
implemented at that point. At one stage for at least one U.S.
manufacturer, this was as crude as a serial number etched on the
of the imaging area glass!
Modern systems, which are now reportedly implemented universally, use
more sophisticated methods, encoding the ID effectively as "noise"
repeatedly throughout the image, making it impossible to circumvent
system through copying or printing over a small portion of the image
or by cutting off portions of printed documents. Effectively, I'd
as sort of the printing equivalent of "spread spectrum" in radio
To read these IDs, the document in question is scanned and the "noise"
decoded via a secret and proprietary algorithm. In the case of
Xerox-manufactured equipment, only Xerox has the means to do this, and
require a court order to do so (except for some specific government
agencies, for whom they no longer require court authorizations). I'm
that the number of requests Xerox receives for this service is on the
of a couple a week from within the U.S.
The ID is encoded in all color copies/prints from the Xerox color
copier/printer line. It does not appear in black and white copies.
technology has continued to evolve, and it is possible that it might
implemented within other printing technologies as well (e.g. inkjet).
one time there were efforts made to also include date/time stamps
encoded data, but these were dropped by Xerox (at least for now) due
inconsistencies such as the printer clocks not being set properly by
operators, rendering their value questionable.
It's interesting to note that these machines also include other
anti-counterfeiting measures, such as dumping extra cyan toner onto
when the unit believes it has detected an attempt to specifically copy
currency. These techniques have all apparently been fairly
Secret Service has reported something on the order of a 30% drop in
copying counterfeiting attempts since word of such measures has been
circulating in the industry. The average person might wonder who the
would ever accept a xerographic copy of money in any case... but
many persons are not very discerning. I'm told that the Secret
examples in their files of counterfeit currency successfully passed
printed on *dot matrix* printers. So counterfeiting is certainly a
OK, so now you know--the IDs are there. The next question is, what
this really mean? Obviously the vast majority of uses for color
completely innocuous or even directly beneficial to the public good
whistleblowers attempting to expose a fraud against the public). Is
acceptable for an ID to be embedded in all color copies just to catch
cases? The answer seems to be, it depends.
In some cases, even having an ID number doesn't necessarily tell you
currently owns the machine. While some countries (e.g. China) do keep
reign on the ownership and transfer of such equipment, there is no
"registration" requirement for such devices in the U.S. (though the
servicing realities of large units might well create something of a
registration in many situations).
Xerox points out that non-color copies (at least on their machines)
IDs, and that most copying applications don't need color. It is
also true that as the prices of color copiers and printers continue to
seems only a matter of time before they become the "standard" even for
copying, at which time the presence of IDs could cover a much vaster
of documents and become increasingly significant from a routine
It's also the case that we need to be watchful for the "spread" of
technology, intended for one purpose, into other areas or broader
applications (what I call "technology creep"). We've seen this effect
repeatedly with other technologies over the years, from automated toll
collection to cell phone location tracking. While there is currently
U.S. legislative requirement that manufacturers of copier technology
on color copies, it is also the case that these manufacturers have the
impression that if they do not include such IDs, legislation to
would be immediately forthcoming.
It is important to be vigilant to avoid such perceived or real
from causing possibly intrusive technology creep in this area. In the
copier case, that ID technology being used for color copies *could* be
adapted to black and white copies and prints as well. The addition of
cheap GPS units to copiers could provide not only valid date/time
but also the physical *locations* of the units, all of which could be
invisibly encoded within the printed images.
Pressures to extend the surveillance of commercial copyright
take such concepts out of the realm of science-fiction, and into the
of actual future possibilities. What many would consider to be
acceptable anti-counterfeiting technology could be easily extended
realm of serious privacy invasions. It would only require, as Dr.
once said, "The will to do so."
Perhaps the most important point is that unless we as a society
stay aware of these technologies, however laudable their initial
applications may often be, we will be unable to participate in the
that is crucial to determining their future evolution. And it's in
vacuum of technology evolving without meaningful input from society
most serious abuses, be they related to the Internet or that copy
over on your desk, are the most likely to occur.
Moderator, PRIVACY Forum - http://www.vortex.com
Co-Founder, PFIR: People for Internet Responsibility -
Member, ACM Committee on Computers and Public Policy
End of PRIVACY Forum Digest 08.18