September 23, 2018

Identification Codes on Printer Output

A Xerox engineer says that color printers from Xerox and other companies print faint information in the background of printed-out pages, to identify the model and serial number of the printer that printed the pages. According to a story, the information is represented as a set of very small yellow dots. (We already knew that some printers did this. The article tells us more about how it’s done.)

We have a Xerox color printer here (a Phaser 860). We tried printing out a page and looking for the dots, but we couldn’t find them, even with the aid of a magnifying glass and blue LED light. If anybody can find the dots on their output, please let me know.

There are still several unanswered questions about this scheme:

Do they use encryption, and if so, how? Even if we can find the dots and read out the digital bits they represent, we may not be able to tell what information those bits are encoding. They might be putting the model and serial number onto the page in such a way that we can learn to read them. Or perhaps they are encrypting the information so that we can’t read out the identifying information but we can at least recognize whether two pages were printed on the same printer. Or perhaps they encrypt the information so that we can’t tell anything without having some secret key.

If there is a secret key, who knows it? The key might be disclosed to the government so that they can extract the model and serial number from a page at will. (And if the U.S. government has the key, which other governments do?) Or the key might be known only to the printer vendor, so that the government needs the vendor’s help to decode the dots. If they use public-key cryptography, then the decoding key might be known only to the government and not to the printer vendor.

Do they try to track who buys each printer? If they can extract the serial number, they might want to know who has that printer. They could try to track the passage of each individual printer through the supply chain, to get an idea of who might have bought it. They might also build a database of information gleaned through service calls and warranty registrations.

What we know already is enough to make privacy advocates itchy. It’s probably possible to design a system that raises fewer privacy issues, while still allowing certain limited use of printer-specific marks as courtroom evidence. For example, one could build a system so that somebody who has physical possession of a printer, and physical possession of a printed page, and access to a special crypto key, can tell whether or not that page was printed by that printer, but can’t learn anything else.

Comments

  1. Some printer ID scheme may work for prosecuting crimes. However, I would guess that printer ID schemes are not likely to be effective against organized crime and terrorism, where we should assume some level of sophistication (e.g., a concerted effort to avoid ID printers).

  2. Identification Codes on Printer Output

    Ed Felten has an insightful analysis of Identification Codes on Printer Output over at Freedom To Tinker….

  3. Printer Fingerprint

    One of the most useful techniques for criminal investigation involving shooting is to compare the gun “fingerprint.” Each gun apparently leaves a unique pattern on the bullet so it is easy to verify whether a bullet came from a particular gun.

  4. How sure are we that this isn’t just for thwarting counterfeiting. Seems to me that if I wanted to laserprint an untraceable image, I should be sure that it is filled with a random yellow background. That yellow would not be helpful for counterfeiting, but it would (perhaps) make it much more difficult to track a document back to a particular printer.

    A sophisticated counterfeiter could also add a few more imperceptible yellow dots that would not harm the appearance of the fake money, but would complicate attempts to trace it back. Perhaps that is already the case, and that is why we are hearing about this trick — it has ceased to be useful for any but the stupidest counterfeiters, and publicizing the trick will now deter the stupid guys from wasting everyone’s time with laser-printed “money”.

  5. Chris Walsh says:

    1. Steal printer
    2. Illegally copy stuff the Feds care about
    3. Sell or destroy printer
    4. Profit!

    I guess this could incriminate counterfeiters, but I would expect the more sophisticated bad guys to regularly dispose of their traceable hardware, in much the same way I hear bad guys do now with cell phones.

  6. as the poster above, david chase, I have some doubt on the usability – the dots had to be outside the printable area – otherwise they will be overruled with the printout – one or two additional dots, eg. from a raster will break the representation. if they are, in the case of money, flyers, cards etc, they will be cut off. the size mentioned in the linked article, one millimeter, seems very large too, hardly unnoticeable.

  7. Many colour copiers/printers from Xerox, Canon, etc are leased in such a way you pay a monthly fee plus a per-page charge in exchange for maintenance and ink for the printer. In these cases the printer supplier will know the current owner and physical location of the printer.

    Furthermore, many of these larger colour copier/printer machines can be configured to require people to key in an ID and PIN before making a copy or printing a document. If a company is using these authentication features on the printer and the ID is included in the dot pattern you might be able to identify who was responsible for a particular print job.

    When I talked to a Canon representative, he was quite open about this feature as a way to catch counterfeiters. The way he described it was that the copier would detect certain watermarks used in currency, and if it detected them it would distort the resulting copy. Alternatively you could turn on a “map mode” that would not distort the image but add a watermark the page to identify which printer it came from.

    I don’t think I ever saw the “map mode” option in the printer driver settings or in the menus when we got the printer. Also, I never checked for any watermarks on normal colour copies.

  8. Note to self: photocopy the ransom note on a monochrome printer before mailing it…

  9. If the technology exists and it works, then it makes no sense at all to broadcast the fact to the world in general if one is interested in capturing counterfeiters, pornographers, drug dealers, terrorists, and whoever is the n-th horseman of the apocolypse these days. Consider, for example, the lengths the government went to keep their keylogger from public view (details not allowed in open court, etc).

    If the technolgy exists and it works, but there are trivial work-arounds (cf. above suggestions), or it basically _doesn’t work_, or, if the technology doesn’t exist (basically the same situation) then a little FUD may be in order to keep small-time, amateur operations who are easily frightened from dabbling, while giving everyone else warm, fuzzy, feelings about the supposed authenticity of the paper money in their wallets.

  10. David Locke says:

    The information doesn’t have to be printed as character data. It could be printed out as variations in dot pitch, or gray scale values scattered around the page.

    Guns are tacked and correlated to bullets fired before the gun is sold. Firing pins now associate shells with guns.

    Typewriters were characterized.

    And, these days, data mined rules tell the police that if a loner lives in certain places, then they are serial killers.

    Data mining was used to coorelate Army transfers and promotions with disappearnces of citizens in Argentina. This forced the amnestied officers to retire from active duty rather than face procecution.

    You can wire the situation upfront or after the fact. The only problem is how long it takes to solve the case. This becomes more critical once you are trying to prevent something rather than just prosceute.

    The attempt to create key escrow was just such a matter. Anything can be decrypted after the fact, but if prevention is the goal, two weeks may be too late.

  11. Identification Codes on Printer Output

    Identification Codes on Printer Output