Forensic Printer Codes May Be Illegal in Europe

I've already written about secret forensic codes embedded in color laser printers. Seems like these codes may breach European privacy laws.

Posted on February 25, 2008 at 5:50 AM • 27 Comments

Comments

aeschylusFebruary 25, 2008 8:46 AM

Why on earth would someone talk about "breaching" a law? Try the commonplace "break". "Breach" is awkward at best, and suggests that the use of printing codes exploits a vulnerability in the body of law (i.e., a loophole), rather than being simply illegal.

BBFebruary 25, 2008 8:56 AM

Bruce, have you seen the movie "The Life of Others" ? Review on IMDB : http://www.imdb.com/title/tt0405094/

There are some fascinating scenes about identifying the author of an article through the typewritter model he used. This is essentially the same as forensic code in printers, and misuse by governments looks quite plausible then.

antibozoFebruary 25, 2008 9:25 AM

BB> There are some fascinating scenes about identifying the author of an article through the typewritter model he used. This is essentially the same as forensic code in printers, and misuse by governments looks quite plausible then.

Deliberate introduction of an identifying mark in printer output is arguably different from exploiting natural variation in type across typewriter models, or even within the same model, to identify the typewriter used. In addition, the use of a Selectric typewriter may introduce doubt in such identification, as a Selectric type ball could be shared among several typewriters.

The film "Jagged Edge", among others, also demonstrates the tactic, BTW.

TheDoctorFebruary 25, 2008 9:39 AM

Some people at german boards joked that it will illegal in europe as long as the FBI will not share their knowledge about these codes with european security agencies.

Then it will magically transform into a nessesary security measure.

TheDoctorFebruary 25, 2008 9:39 AM

Some people at german boards joked that it will be illegal in europe as long as the FBI will not share their knowledge about these codes with european security agencies.

Then it will magically transform into a nessesary security measure.

John RidleyFebruary 25, 2008 9:43 AM

There was a case a while back where an online document was traced back to a guy via the GUID that MS Office embeds in the .DOC file. He posted the .DOC file anonymously but he had also published other documents with his identity attached, and both contained the GUID for his Office install, thereby linking him to the document.

If the printer dots are in violation of this law, then perhaps other ways of identifying a document's author are as well; GUIDs embedded in the document, or even logging IP addresses of people posting anonymously on websites.

If they do not find this to be the case, ISTM that they are claiming a fundamental difference in electronic free-speech rights versus printed-on-paper free speech.

Carlo GrazianiFebruary 25, 2008 9:57 AM

I wonder if one could jam the system through the printer driver, by arranging for the driver to always print yellow dots in some pattern that obfuscates the printer's ID/date/time pattern.

It seems like it ought to be possible, although the EFF claims that there is some variation in the dot array positions on the page, which might make jamming non-trivial. At a minimum, one could print correctly-coded patterns with bad information, in a way that would be difficult to distinguish from the genuine pattern.

supersnailFebruary 25, 2008 10:51 AM

I presume the reason dont bother with this technoligy on InkJet printers is because the ink used would be worth more than the resulting currency.

erikjanFebruary 25, 2008 10:52 AM

I agree with the german folks. It looks like powerplay. I think about two weeks ago there was news about the gathering of search data by search engines being illegal under european law. it might very well be that this also is an attempt to gain access to the data. Besides, if I remember correctly, color printers have had these codes for years (to fight money forgery), Scanners may have build in identification. How about digital camera´s? CD/DVD burners? i don´t think that the powers that be would want to miss these huge amounts of ¨absolutely necessary for security¨ data

RogerFebruary 25, 2008 2:13 PM

This has nothing to do with sharing the technology with German intelligence services; the technology has already been published, and is fairly simple to decode (it isn't encrypted.) Interested amateurs have already done so. If the German intelligence services can't figure it out for themselves, well...

However, the claim that this could be used to track pamphleteers in China is a little overwrought, at least at the present. The tracking code (which is intended to stop the counterfeiting of currency) is only in colour laser printers, which are still too expensive to be widely deployed in homes in the US, never mind in China. The hypothetical Chinese pamphleteers will be distributing their pamphlets in balck and white, or colour inkjet printed, all sans ID code.

cracFebruary 25, 2008 2:21 PM

what I fail to comprehend (maybe living in a country where free speech is protected by law is the problem) is how these codes are useful in tracking down who made the printout. From reading the EFF docs this doesn't seem particularly useful to me, maybe I'm obtuse... could someone please explain?

TSFebruary 25, 2008 2:26 PM

@aeschylus

Breach is the correct legal term. Break is more associated with physical acts like "breaking and entering" in law. "Breaking" the law is a common term; you might hear a DA telling the jurors the def. was "breaking the law", but he wouldn't say the same to the judge.

Carlo GrazianiFebruary 25, 2008 2:53 PM

@crac:

The printer's serial number is encoded in the printout. That means that there may be a discoverable paper trail from the manufacturer to the original purchaser.

I'll be surprised if these codes don't start showing up as evidence in civil trials as well. There are certainly instances in which the ability to ascertain the time and place at which certain documents were produced can have interesting legal consequences.

AnonymousFebruary 25, 2008 3:17 PM

@erikjan

"How about digital camera´s?"

In many ways its already been done.

There have been a number of pornography cases where it has been shown that a particuler camera was used to make the picture.

For my sins back in 1994/5 I sugested puting the following in all news gathering cameras used by the UK ITN Service,

1, GPS
2, Electronic compass
3, Inclinometer
4, ASL height in meters
5, Time

Along with the lens info. This was so incoming auto feeds and stories could be electronicaly linked via time and spacial data to reduce the effort on editors etc.

However with the wisdom of hindsight I thing that as general idea it is quit bad. However that being said most modern phones have GPS and camera built in so it would not take a work of genius to tie the two together and use spare data slots in the various image format files.

Nicholas JordanFebruary 25, 2008 5:40 PM

@aeschylus

Breech sounds a lot more natural for the issue in my take on it. I have had too many things break in my life, breach is what is occuring ~ nothing is actually broken.

aeschylusFebruary 25, 2008 7:32 PM

@Nicholas Jordan:

Really? Then I suppose we'll have to start talking about "lawbreachers". And in response to "What are you in for?" I suppose the incarcerated man should say, "I breached the law."

Perhaps you should go look up the word "breach" in a dictionary.

@TS:

"Breach" is the correct legal term for failing to fulfill requirements of a contract. It is not synonymous with "violation of law".

LeoNerdFebruary 26, 2008 9:48 AM

Forgetting colour printers for a moment, even black-and-white lasers or copiers are known to produce characteristic dot patterns, due to small imperfections on the drum. These occur as regular, repeatable dots on the output pages. These have been used in forensic cases numerous times, to compare a given page to a test page printed by the "suspect" printer. The equivalent of a human fingerprint.

The argument to embed dots purposely in colour printers loses ground here - the natural imperfections of the drum. These are sufficient for criminal cases where all you want to do is prove that a given printer really was responsible for a given page. It's already possible to perform this identification using existing means - purposely adding dots does not help you here.

aeschylusFebruary 26, 2008 11:32 AM

@Colossal Squid:

The particular citation you are referring to is found in the full OED (1979 edition I have on hand) under "Corpus" as:

"5. phr. 'Corpus delicti' (see quot. 1832). 'Corpus juris': a body of law; esp. the body of Roman or civil law ('corpus juris civilis').
"1832 AUSTIN Jurispr, 1879 1. xxiv. 470 'Corpus delicti (a phrase introduced by certain modern civilians is a collective name for the sum or aggregate of the various ingredients which make a given fact a breach of a given law.'" [The absence of a closing parenthesis is as written.]

Returning to "breach" itself: the full OED has this in "Breach", part 3, where the meaning you wish to refer to is in fact defined:

"Breach... 3. fig. The breaking of a command, rule, engagement, duty or of any legal or moral bond or obligation; violation, infraction: common in such phrases as 'breach of contract, covenant, faith, premise, trust'."

Yes, it /can/ be used that way. No, OED does not mention it as common to say "breach a law", nor explicitly mention "law" at all, and it identifies this use as "figurative", not "legal". The common way of saying what Schneier wants to say is, "break privacy law"--or, better, "violate privacy law"--and clearly not "breach privacy law". No amount of squirming by his sycophants will change this.

antibozoFebruary 26, 2008 8:56 PM

LeoNerd> These occur as regular, repeatable dots on the output pages. These have been used in forensic cases numerous times, to compare a given page to a test page printed by the "suspect" printer.

There's a big difference between matching distinguishing printing artifacts on a page with a printer you located via an authorized search and seizure, and actually tracking down the printer *by means of* coded information on the page.

If a printer actually printed a visible line of text at the bottom of every page stating "This page was printed on an HP LaserFoo 9000 with serial number HLF932G01," people would know that they can't generate truly anonymous documents with it. In fact, this is what the printers are doing, but they're doing it subliminally. People whose lives depend on anonymity are at risk because of this.

Nicholas JordanMarch 5, 2008 2:03 PM

@aeschylus

I'll go with Colossal Squid, if you want me to I will go read his cite and work the issue. For now breach elicits a mental image for me of a perimeter wall on a 16-th century castle being ineffective.

You would not want to live in a world where the law was broken would you ?

aeschylusMarch 6, 2008 12:08 AM

@Nicholas Jordan: "I'll go with Colossal Squid, if you want me to I will go read his cite and work the issue."

And right there we learn all we need to know in order to judge your sense of English.

You never responded to my earlier remarks directed to you.

Nicholas JordanMarch 6, 2008 8:02 AM

The Eleusinian Mysteries kept their work secret, I thought I responded better than my usual style. Guessing that you want me to go read his cite and work the issue. we get my response: a breech is a plant with large deep-cut leaves and tall spikes of purple and white flowers. In my experience with the law, this describes their primary interest effectively. I had a worker in the law with 5 Ph.D. do exactly this to me and the fact that I am still alive twenty years later suggests that the law consists of words, supported by radio-controlled drones who will crack skulls if the law says they can. I am ready to further clarifiy if I may be so izatwit as to have to ask which earlier remarks.

If forensic codes may be illegal in a jurisdiction, then we have no way to do diagnostics for machine repair. For clarity, my sense of english is illustrated in the movie Bottle Rocket where DPD interviews brother Road Dogs at Cold Slab Bank. When I view the scene, I cannot figure out why the production company would use real road dogs instead of hiring commercial actors. I spoke with a lady who told me she was the most powerful person in hollywood. She said whoever holds the post has a hotline to Georgetown University and they call the shots, but I know GWU would insist on commercial-grade acting. I recently saw a commercial production of Gene Hackman portraying a Naval senior officer. It had a cool steadycam of the bow of a heavy cruiser for an extended take, then went to Farragut North.

I have to turn away at that cut, it breaks me.

I know my way around in corners of your soul you don't even know you have.

ModeratorMarch 6, 2008 4:58 PM

@Nicholas Jordan:
"The Eleusinian Mysteries kept their work secret, I thought I responded better than my usual style. Guessing that you want me to go read his cite and work the issue. we get my response: a breech is a plant with large deep-cut leaves and tall spikes of purple and white flowers. In my experience with the law, this describes their primary interest effectively. I had a worker in the law with 5 Ph.D. do exactly this to me and the fact that I am still alive twenty years later suggests that the law consists of words, supported by radio-controlled drones who will crack skulls if the law says they can."

I think that speaks for itself. Since you can't or won't make sense, you are no longer welcome to post here.

aeschylusMarch 7, 2008 9:34 AM

Actually, I rather enjoyed it. And I like Wes Anderson's films as well, although "Bottle Rocket" is one I haven't seen yet.

The earlier remarks I referred to are those posted February 25, 2008 07:32 PM.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.