By Brian Clark Howard
More from The Daily Green News blogDid you know that most office photocopiers are built to save digital images of documents? It's true.
When CBS News recently purchased some used photocopiers that were destined for new customers, their computer technician was able to easily retrieve thousands of pages of sensitive documents from their hard drives: perfect images of personal medical records, pay stubs, and tax forms -- even the blueprint of a building near Ground Zero and reports of sex and drug crimes from the Buffalo, N.Y., police department. There were home addresses, social security numbers, and medical histories aplenty.
The data isn't particularly easy to view and sort, but a thief who knows what he's looking for can download free software from the Internet that can be used to mine this treasure trove of personal data.
Still, before you run screaming from your nearest Kinko's, there are a few things you should know.
"It's a real issue, and it's something we've been talking about for a long time," Larry Kovnat, manager of product security for imaging company Xerox, told The Daily Green. "There have been a lot of inquiries and plans put in place to institutionalize the use of encryption and data overwrite on copiers, to protect the data," Kovnat added. Encryption encodes the data so only someone who has the "key" can make sense of it, and overwrite erases each previous scan.
Kovnat explained that some manufacturers offer image overwrite as an optional extra (according to the CBS story, the vendor charges $500 for that). "We offer it standard because we think the issue is important," said Kovnat. "We want people to use the features, and they don't slow down the devices."
Still, each office's machine administrator needs to know to turn the security settings on, and to make sure care is taken when the device is no longer needed. "Before you drop off that used machine to a lessor or for a charitable write-off, make sure that you have totally erased the hard disk or removed and destroyed it," cautions Peter Fannon, the vice president of technology policy for Panasonic.
Fannon adds that Panasonic has built-in security features into all their imaging products since 2005, and that the company works to educate authorized dealers to tell users to enable them. According to Fannon, the products ship with such security features as image overwrite, encryption, hard disk lock (which prevents the drive from being used in any other device), and security passwords that prevent making unauthorized changes. However, the default setting of these features is off, so they have to be activated by the user.
"Fax machines also have large image memories that can store a significant amount of data. To eliminate concerns about that, we have the option Panasonic Image Memory Eraser Function, which erases all fax data after each transmission, including where it is being sent, the sending number, and all data," Fannon adds. As for older copiers, Fannon said they sometimes came with a combination of physical locks and password protection.
Neither expert was aware of a single proven case in which sensitive information was taken off a copy machine and used maliciously. Still, both recommend that consumers take precautions. As it stands, the Federal Trade Commission is currently evaluating the way manufacturers present their security procedures.
Before copying anything sensitive, Kovnat says one should ask the administrator how the machine is set up. "Ask, does it have a disk? Is encryption enabled? Is image overwrite enabled? If you can't get a good answer, I wouldn't take the risk," explained Kovnat.
"These are sophisticated machines; don't think of them as 'just a copier,'" he added. "You wouldn't use a laptop without thinking about security or updating software."
[ 10 Ways to Green Your Office ]
Recycling electronics still makes sense
It's important to point out that legitimate security concerns should not prevent people from properly recycling old copiers and other electronic equipment.
These devices contain valuable metals and toxic components that contribute to our growing glut of e-waste -- only about 12% of which is recycled.
Just as with recycling computers and cell phones, the key is to make sure any data is completely erased or overwritten with junk data (use the device's deletion program, for instance, or reformat the hard drive).
If you are not comfortable doing that, find an IT professional to help you. Most manufacturers also now offer authorized recycling drop-off locations (find recyclers with the "get local info" search on The Daily Green homepage).
In the case of Panasonic, there are more than 650 locations around the country. "Our contractors are required to destroy or clean the data, without having access to it," said Fannon, who adds that all consumer products are broken down and recycled domestically. "In the case of commercial devices, they could conceivably be exported or resold, but before any of that happens, our contracts require, and our auditing confirms, the data is cleaned."
More from The Daily Green:
