Feeds

Secret printer ID codes may breach EU privacy laws

Commissioner has a mull

Internet Security Threat Report 2014

A little-noticed system that allows printed documents to be tracked by government agents has gotten the attention of the EU Commissioner for Justice Freedom and Security, who says the technology may violate EU human rights guarantees.

The technology is baked in to many popular color laser printers and photocopiers, including those made by Brother, Canon, Xerox and HP, according to this list compiled by the Electronic Frontier Foundation. It embeds almost invisible tracking dots onto documents that uniquely identify the machine that printed them.

The enables the tracking of currency counterfeiters, but the EFF has been warning for years there's nothing that prevents government spooks from using them for broader types of surveillance. Those concerns have at last found a home with Commissioner Franco Frattini.

"To the extent that individuals may be identified through material printed or copied using certain equipment, such processing may give rise to the violation of fundamental human rights, namely the right to privacy and private life," he wrote (Microsoft Word document here) last month in response to a question about the legality of the system. "It also might violate the right to protection of personal data."

Applicable EU documents include Article 8 of the Convention of Human Rights, which provides for the protection of personal data, and Article 7 of the Fundamental Freedoms and the Charter of Fundamental Rights of the European Union, which ensures the protection of private and family life, home and communication, he said. Directive 95/46/EC of Parliament and of the Council of 24 October 1995 also apply.

Frattini stopped short of saying the practice violates any laws at either a national or Community level. That's because the inquiry, which was filed by EU Member for Finland Satu Hassi, didn't include information showing the tracking dots were being used to identify individuals.

Frattini's answer appears to bolster the EFF opinion that the technology unnecessarily opens the door to human rights abuses, throughout the world.

"If you widen this out to authoritarian regimes, this becomes a far more pernicious threat," said Danny O'Brien, the international O\outreach co-ordinator at the EFF, who worries that Chinese authorities might use it to crack down on dissidents. "If you're running off some leaflets that the Chinese government doesn't like the look of, the fact that they can trace you to a particular suburb or printer shop is a far more damaging result."

It's unclear what practical effect Frattini's words may have. While O'Brien says the EU has the power to control imports, he doesn't see much chance of a ban on printers that use the tracking technology. Nonetheless, he says the opinion could provide leverage for European officials trying to end the practice. According to the EFF, printer manufacturers added the technology at the direction of the US government, most likely the Secret Service.

"This becomes a diplomatic issue more that anything else," he said. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.