Your Laser Printer/Copier Hides Metadata on Your Document

Some people know that larger laser jet copiers and printers contain a hard drive that stores an image of everything that was printed or copied, and that these images can be used forensically to find the source of a document.  Did you know that color laser printers and copiers print tiny invisible dots of information on each sheet of paper that passes through the printer?  This information is known as metadata, and is usually embedded into the printed page using a system of invisible yellow dots that fluoresce under ultraviolet or blue LED light.  As such, it is a form of steganography or hidden writing.  Information about the printer manufacturer, model and serial number are encoded on the page.  If you registered your printer with the manufacturer for warranty purposes, this information ties your printer, and the printed output, directly to you.

This is used by law enforcement to track printers and copiers used in money counterfeiting operations.  But this information has also been used in other criminal  investigations to link printed pages to the human who printed it through their printer as well.  For example, this is how the FBI caught NSA whistleblower Reality Leigh Winner.

The Electronic Frontier Foundation (EFF) tried to keep a list of affected laser printers, but gave up, and posted this statement.

“Some of the documents that we previously received through FOIA suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable. Although we still don’t know if this is correct, or how subsequent generations of forensic tracking technologies might work, it is probably safest to assume that all modern color laser printers do include some form of tracking information that associates documents with the printer’s serial number.”

At TU Dresden’s Chair of Privacy and Data Security, researchers Timo Richter and Stephan Escher  have created software that will allow individuals to make changes to the metadata, and anonymize the source of the documents.  This tool is called Dot Extraction, Decoding and Anonymisation (DEDA). You can read their paper detailing its inner workings.  This ability would give whistleblowers a bit of protection form forensic document analysis by those looking to track down the source of an information leak.

So now you know how police and other agencies can use the hidden metadata on documents to find the printer they were printed with, and trace the source back to a human suspect.   If you are planning to rip the cover off a corporate or government secret, you may want to be careful what and where you print out any documentary evidence.  It would be pretty easy for this information to be traced back to you.

More information:

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.