What's on Your Copier?
You might not think that a warehouse full of discarded copiers would pose a threat. But a recent investigation by CBS News proved otherwise when they reported on four digital copy machines with hard drives full of personally identifiable information, purchased second hand at a New Jersey warehouse holding around 6,000 copiers.
According to the CBS News story, "Almost every one of them holds a secret. Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine. In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data."
What could that mean for you?
At Brown, multi-functional digital devices (with all-in-one print/fax/copy/scan functions) are managed through Graphic Services' Office Equipment Program, which manages sales, service and maintenance programs for departments and university affiliates. The equipment must meet the guidelines stipulated in the document Security Standard: Multi-Function Network Devices, assuring that any data stored on a device's hard drive "must not be able to be read by any other device, or it must be encrypted in 3DES."
Digital copiers not covered by the program or off-site are another issue. Proper protection will depend upon the make of the copier (e.g., is encryption standard?) or if the owner has purchased additional security protection along with the copier.
What is standard will vary with the manufacturer. For example, Toshiba's Device Security statement spells out their solutions. HP's Hard Drive Data Security page explains that "There is no feature or setting in HP printers and MFPs to automatically retain standard print and scan jobs permanently on the hard drive." According to Xerox, the company "has recognized this problem for over 10 years and has built effective security controls into our devices to address the issue. Features such as Image Overwrite and Disk Encryption are available as free standard features in most of Xerox multifunction products."
Bottom line: Before purchasing a digital copier not part of the Office Equipment Program, contact the Information Security group first to see if it poses a security risk. And when using a commercial copier, fax machine or printer, it's best to check with the copy shop before running off copies of confidential documents such as leases, bank statements or tax returns.
Problems with this page? Write to secureit@brown.edu