Feeds

Secret printer ID codes may breach EU privacy laws

Commissioner has a mull

High performance access to file storage

A little-noticed system that allows printed documents to be tracked by government agents has gotten the attention of the EU Commissioner for Justice Freedom and Security, who says the technology may violate EU human rights guarantees.

The technology is baked in to many popular color laser printers and photocopiers, including those made by Brother, Canon, Xerox and HP, according to this list compiled by the Electronic Frontier Foundation. It embeds almost invisible tracking dots onto documents that uniquely identify the machine that printed them.

The enables the tracking of currency counterfeiters, but the EFF has been warning for years there's nothing that prevents government spooks from using them for broader types of surveillance. Those concerns have at last found a home with Commissioner Franco Frattini.

"To the extent that individuals may be identified through material printed or copied using certain equipment, such processing may give rise to the violation of fundamental human rights, namely the right to privacy and private life," he wrote (Microsoft Word document here) last month in response to a question about the legality of the system. "It also might violate the right to protection of personal data."

Applicable EU documents include Article 8 of the Convention of Human Rights, which provides for the protection of personal data, and Article 7 of the Fundamental Freedoms and the Charter of Fundamental Rights of the European Union, which ensures the protection of private and family life, home and communication, he said. Directive 95/46/EC of Parliament and of the Council of 24 October 1995 also apply.

Frattini stopped short of saying the practice violates any laws at either a national or Community level. That's because the inquiry, which was filed by EU Member for Finland Satu Hassi, didn't include information showing the tracking dots were being used to identify individuals.

Frattini's answer appears to bolster the EFF opinion that the technology unnecessarily opens the door to human rights abuses, throughout the world.

"If you widen this out to authoritarian regimes, this becomes a far more pernicious threat," said Danny O'Brien, the international O\outreach co-ordinator at the EFF, who worries that Chinese authorities might use it to crack down on dissidents. "If you're running off some leaflets that the Chinese government doesn't like the look of, the fact that they can trace you to a particular suburb or printer shop is a far more damaging result."

It's unclear what practical effect Frattini's words may have. While O'Brien says the EU has the power to control imports, he doesn't see much chance of a ban on printers that use the tracking technology. Nonetheless, he says the opinion could provide leverage for European officials trying to end the practice. According to the EFF, printer manufacturers added the technology at the direction of the US government, most likely the Secret Service.

"This becomes a diplomatic issue more that anything else," he said. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.