February 15, 2019

EFF Researchers Decode Hidden Codes in Printer Output

Researchers at the EFF have apparently confirmed that certain color printers put hidden marks in the pages they print, and they have decoded the marks for at least one printer model.

The marks from Xerox DocuColor printers are encoded in an array of very small yellow dots that appear all over the page. The dots encode the date and time when the page was printed, along with what appears to be a serial number for the printer. You can spot the dots with blue light and a 10X magnifier, and you can then decode the dots to get the date, time, and serial number.

Many other printers appear to do something similar; the EFF has a list.

The privacy implications are obvious. It’s now possible to tell when a document was printed, and when two documents were printed on the same printer. It’s also possible, given a document and a printer, to tell whether the document was printed on that printer.

Apparently, this was done at direction of the U.S. government.

The U.S. Secret Service admitted that the tracking information is part of a deal struck with selected color laser printer manufacturers, ostensibly to identify counterfeiters. However, the nature of the private information encoded in each document was not previously known.

Xerox previously admitted that it provided these tracking dots to the government, but indicated that only the Secret Service had the ability to read the code.

The assertion that only the Secret Service can read the code is false. The code is quite straightforward. For example, there is one byte for (the last two digits of) the year, one byte for the month, one byte for the day, one byte for the hour, and one byte for the minute.

Now that the code is known, it should be possible to forge the marks. For example, I could cook up an array of little yellow dots that encode any date, time, and serial number I like. Then I could add the dots to any image I like, and print out the image-plus-dots on a printer that doesn’t make the marks. The resulting printout would have genuine-looking marks that contain whatever information I chose.

This could have been prevented by using cryptography, to make marks that can only be decoded by the Secret Service, and that don’t allow anyone but the secret service to detect whether two documents came from the same printer. This would have added some complexity to the scheme, but that seems like a good tradeoff in a system that was supposed to stay secret for a while.

Comments

  1. Hmmm, nice appropriate adverts.

  2. Presumably the system is also easy to defeat simply by adding a small amount of yellow noise to every document you print. We have one of the affected printers at work, so I may investigate further tomorrow…

  3. Wow, it’s definitely frightening to know that the government was clearly involved in shady activities this time. This is reminiscent of early twentieth century FBI and CIA activities. I guess it’s good that they were trying to thwart counterfitters, supposedly, but it’s not right that it was executed so poorly that the EFF was able to expose it.

  4. This could have been prevented by using cryptography, to make marks that can only be decoded by the Secret Service, and that don’t allow anyone but the secret service to detect whether two documents came from the same printer. This would have added some complexity to the scheme, but that seems like a good tradeoff in a system that was supposed to stay secret for a while.

    I disagree. A global shared symmetric key would have been useless–the EFF would simply have reverse-engineered it from a single printer. A global public key would have added hundreds of bits to the size of the message encoded in the mark. And a unique key per printer would still require revelation of a unique printer serial number on every document–presumably the primary drawback of the entire system.

    As for the forgery problem, just getting the correct serial number for the target printer under the current system means, in practice, getting ahold of a document printed on it. And once you have that, no matter how “secure” the system is, you can always just replay the exact marks in that document. I can’t think of an application of forgery where that wouldn’t suffice.

  5. Sean Ellis says:

    “… easy to defeat simply by adding a small amount of yellow noise…”

    Assuming that the pattern of dots in the original system is regular, adding noise may not sufficiently obscure the marks. (You can filter out almost all of it by simply ignoring any pixels except where you know the marks are going to be.) It also assumes that the yellow channel is respected over the watermark. If the watermark is applied after the yellow channel, then there is no way to affect the watermark itself, and if your alignment is sufficiently precise, you should be able to ignore anything except the watermark itself.

    You could, however, print blank sheets of paper on one printer, and then feed them through again on another. Or, you could just print on yellow paper.

    “…you can always just replay the exact marks in that document.”

    If the encoding scheme relied on actual features of the document itself, then this would not suffice. Of course, finding a robust encoding of the document features is non-trivial to say the least.

  6. This is actually so well known I can’t believe this is even news, at least here in the UK. In fact laser colour photocopiers have done this for years. There was a big second hand market in fact in copiers introduced just before this ocurred.

  7. What happens if I print out a paper, scan in the print out and then print the scanned document? (Assuming a really good scanner, of course.)

    Will two distinct dates show up on the printout?

    Hmm…

  8. Going along with Dan’s comment above, the practice of forging this type of information would be all to simple once any piece of output were acquired. I am shocked that this practice is widely known overseas but no body I have sopken with here in the states had any idea about this secret tracking.

    I have gleened through a couple other articles on this subject and am seeing comments to the effect that printers up to 10 years old, upon further scruitany, appear to have the same “hidden code” characteristics.

    Amazing how good the government can keep a secret when it wants to. 🙂

  9. I disagree with Dan –
    Per-printer private-key crypto could be used.
    The printer does not need to print its ID number “in the clear” if
    the government is willing to go over say 100 million or so possibilities for the printer key and try to decode the code for all of them (it’s not hard to have a mechanism to identify when the deocding succeeded).
    Since the printer key can be itself generated by a hash of the printer ID
    and a secret key shared between govt and xerox, this may be feasible.

    Of course it may be the case that there’s room enough there to use even public-key.

  10. […] “Now that the code is known, it should be possible to forge the marks. For example, I could cook up an array of little yellow dots that encode any date, time, and serial number I like. Then I could add the dots to any image I like, and print out the image-plus-dots on a printer that doesn’t make the marks. The resulting printout would have genuine-looking marks that contain whatever information I chose.” –Freedom to Tinker […]

  11. Let’s say I want to forge a document with the desired timestamp. I can change the printer time settings and take the printout – can’t I ?

  12. Anonymous says:

    Here’s the main problem I see with trying to throw some confusing pattern onto the printed sheet. Most printers have a 1/4″ or less border around the outside edge of the sheet which supposedly the printer is incapable of printing, but if you look closely under magnification you will see the yellow dots printed fully across the sheets width.

  13. Video Converter OS X is currently the most powerful converter for mac os x users which allows you to convert video file between all popular video formats such as convert FLV to 3GP, DAT to 3GP, MOV to MPEG, AVI to MOV, WMV to MP4, H.264 video.

  14. Video Converter OS X is currently the most powerful converter for mac os x users which allows you to convert video file between all popular video formats such as convert FLV to 3GP, DAT to 3GP, MOV to MPEG, AVI to MOV, WMV to MP4, H.264 video.