scary privacy story: photocopiers w/hard drives retaining images of all copied documents

One of my duties at work is HIPAA compliance for our county fire & EMS department. I am among those that didn't realize these devices had a hard drive. This story caught my attention a couple of weeks ago and I promptly opened a can of worms over it, eventually getting the purchasing, general services, IT, county attorney, and risk management departments involved.

We changed printer/copier vendors a few months ago. When this story broke I asked what verification we had that the old hard drives were wiped clean or destroyed. After the vendor initially failed to respond to three written requests to provide the verification, county staff pushed the issue and insisted on a face-to-face meeting. Turns out the devices were already in the process of being destroyed, and the company promised the county a certification of destruction by serial number upon completion.

The company is one of the biggest and most reputable in the business so I am reasonably confident they will follow through. But their initial lack of responsiveness caused a scare. We would have no way of knowing which of our 100,000 patient records had ever been printed, so we were bracing for the prospect (and financial and PR consequences) of notifying every one of them.

 

This is old news, but worthy to repeat. Any device with mass storage is a security/privacy risk

 

and your porn still exists until the sectors are overwritten

 

and when you copy your license and charge cards like they tel you to do, the copier service company comes in and cleans the hard disc for you and sells your info.

 

As a Xerox network technician, I know that all Xerox copiers can be ordered with automatic and manual hard drive wiping. (required for many federal government customers)
"Image Overwrite Protection Option This feature electronically “shreds” data stored on the machine’s hard disk during routine printing, scanning, copying or faxing. Electronic removal of data can be performed automatically after every job or on request. Data is overwritten using a 3-Pass algorithm specified in U.S. Department of Defense Directive 5200.28-M."

You can also order disk encryption, so it is less readable if your HD falls into enemy hands. "Simple Disk Encryption: The hard disk has been partitioned and encrypted to support secure data storage for the scan-to-mailbox and store print/reprint features."

http://www.office.xerox.com/latest/W7XFS-03U.PDF

If you did not get this on an existing Xerox, claim that the OS is corrupt in your last week of service, a tech will come reformat the drive and reinstall the OS.

Why a hard drive?
Faxes you send will be on the drive in case the line is busy, received faxes will be on the drive in case you run out of paper.
Copy and Print jobs will be on the drive in case you run out of paper and to simplify collating.
You can save copy and print jobs, so you can get more copies without an original. (think frequently used blank forms)
You can "Scan to email, file, mailbox, folder, and more." More hard disk use.
The desire to not wait at the copier promotes hard disk use. "True multitasking with the power to copy, print, scan, or fax while other jobs are running." Can't you just tell some are stored to disk?

Ordering more RAM when you purchase, will allow the embedded unix in the copier to use the hard drive less. Some pure Xerox copiers need no disk, they are all RAM based, but Faxing, Printing, Scanning all guaranty a Hard drive at Xerox.

Many Xerox Printers also have hard drives as options.
http://www.office.xerox.com/printers/co ... -enus.html
The DX models have hard drives, and the "Productivity Kit- Phaser 8560" is just a really expensive, formatted and software loaded, hard drive.

(While I only know Xerox, I assume other vendors are the same)

 

Problem with disk "encryption" is that the key has to be stored
in the copier somewhere. Either in nvram or on the disk itself.
Or do they just xor all the files against "dead chicken" and
call it encryption because it no longer looks like an excel sheet
full of SSNs?
.
_H*

 

I recall when all photocopies were referred to as "Xerox's".
Im just happy to hear that Xerox still makes photocopiers.
Probably imported I imagine.

 

Encryption is the 'easy' level of security, Image Overwrite is the 'complete' level. I expect that the encryption is some unix standard, as that is the OS in a Xerox copier. You encrypt saved print jobs and scans, then Image Overwrite once you are done with them. (I am used to saved Jobs being blank forms, you print off some more when you run low. Scans are more likely to be 'secret')

 

There are three 'major' lines.
Phaser devices are designed by what was previously the Tektronix Printer division, in Beaverton, Oregon.

Tektronix - Wikipedia, the free encyclopedia

Fuji Xerox is a joint venture with Fuji Film in Japan. Many color copiers Xerox sells are made by Fuji Xerox.

[ame="http://en.wikipedia.org/wiki/Fuji_Xerox"]Fuji Xerox - Wikipedia, the free encyclopedia[/ame]

Xerox copiers are designed in Rochester, New York.

[ame="http://en.wikipedia.org/wiki/Xerox"]Xerox - Wikipedia, the free encyclopedia[/ame]

The Phasers have a wildly different User Interface, there are more subtle differences between the Fuji Xerox and Xerox User Interfaces, they have drifted apart over the years. All of them may have hard drives, although they are usually optional in the Phasers and standard in the copiers.

 

ummm, gee??? am i lost??

i work for a company that handles proprietary company and customer info on a daily basis. and i would assume that i, like any other person who handles electronic data is working only after agreeing to a pretty hard line security policy. is this not correct?

who here, does not have a NDA (non disclosure agreement)? that is required to access and perform their job function? rare today is a job that does not require secured access to a computer data base of one type or another. cash is dead, credit is king, etc so even Walmart employees have this. (probably a poor example, so how about MacDonalds??...ah maybe examples are not needed!!)

every 6 months, i sign this 6 page agreement detailing what i can and cannot do at work. we take these classes on protecting intellectual and customer property on a regular basis, how to fight phishing, pre-texting, etc.

it may be termed differently (i also work for a subsidiary of Xerox) patient confidentiality, etc... but aren't we all privy to information that could be abused if we were so inclined to do so?

 

Well, of COURSE it does!

Anyway, the best porn is Old Porn.

Yep, you bet they do

The only way to ensure any level of True Privacy is to keep the machine in a Secure location. Otherwise, all bets are off

That is the problem right there. Just look for the key, like peeking under the doormat to a house, and finding the key to the house

A device designed to be secure and remain secure, such as the current generation BlackBerry, implements security in a different manner.

Assuming the user takes advantage of the security, which is 256 AES and meets DISA STIG requirements for "confidential" data - but not for "secret" data - one cannot even use RF profiling to capture the key

What I cannot understand is that RIM can build into a mobile device a level of security good enough to pass the DISA STIG checklist, but a copier company (With the resultant profit margins) cannot

Does that makes sense to you?

Some of us also have a Security Clearance to perform our job

I would NOT expect the end user to understand the technical requirements to ensure that data remains reasonably secure. That process should be completely transparent to the end user

Part of my job duties is to ensure that technical requirements are meant. That means both non-destructive and destructive testing, an expensive process.

The biggest problem I experience is the average salesperson attempting to bulls*** me as to how "secure" their product is, and I can quickly and easily prove how insecure it is.

I'm not complaining. I can bill out enormous amounts per hour to do this sort of testing. It's kind of entertaining to watch some of the spiel they come up with

 

From my point of view, this entire scare is not about "the copier company did not offer security" it is about "your pointy haired boss turned down that option to save a dime a month and now you have to clean up after him". Xerox has offered all this since 2003.

Image Overwrite Immediate does exactly that, at a slight slow down per copy/print/scan/fax job. Or the copier administrator can set a slack time of day to Image Overwrite Manual.

I can install a Xerox copier to be secure, it is just so much less usable than the normal set up it breaks my heart. I am not a Xerox employee, I am a self employeed contracter to a independent dealer who carries Xerox copiers. I am under no NDA and can and do point out Xerox faults. Security is not really one of them except indirectly.

At one time, Fax memory was main memory, (so a 50,000 page fax was possible) and you could administer the fax defaults over the web. Someone in the DoD became concerned that you might be able to log in on the fax line and sneak into the network. (this has never been proven true, it was just a disturbing idea) Today, faxing is WAY less integrated than it was into the other features, so that there is no chance that 'breaking in' via the fax line can ever get you to the network. Paranoia won over usability, and I miss it.

 

There is merit to this statement. In our case, it was likely a matter of one person's pointy-headed (or -haired, if you prefer ) boss not talking to another's. I don't know the full background, but I suspect our general services and purchasing departments either didn't consult with our IT department or got insufficient guidance from it before the previous contract was signed.

And then after this came to a head, I found out that the previous company had offered to remove and give to the county all the hard drives ... for nothing. The county (or more accurately, either general services or purchasing) -- indeed trying to save a dime -- turned down the offer, thinking, "OK, what's the cost of disposing of a couple hundred hard drives?" In retrospect, the peace of mind of assuring proper and complete destruction would have made it worth it. They now know that.

 

Follow the link in the OP and view the CBS report. The problem is not that copier company's personnel may have access to sensitive data (that was addressed in our contract). It's that the company let hard drives with sensitive data out of its control and into the second-hand marketplace.

 

In my line of work, I don't have to explain to any supervisor or department head the importance of "security." They GET it, hence various publications from DISA and NIST

But it is amusing to catch some glorified Sales Personnel try to bulls*** us on security

 

The agencies I contract for, have VERY strict policies regarding retention of such data. End users are forbidden from making changes, and settings are routinely verified

 

i wonder how many nice person/coochie pics they get off the copier hard drive

 

what security policy that are in effect makes no difference if the personal are unable or unwilling to follow them. we have major violations of both information sharing and security mis-steps all the time but if it werent for that, hackers would not exist would they?