Seeing yellow over color printer tracking devices
A series of encodings on printouts from color laser printers to discourage counterfeiting? At first, the idea sounds like the urban legend from a couple of decades ago that claimed you could hear Satanic messages when you play vinyl records backwards. Yet the evidence from the Electronic Frontier Foundation is that the encodings are embedded in color printers from all major manufacturers. Moreover, the issues raised by the practice have caused Free Software Foundation director Benjamin Mako Hill and other members of the Computing Culture group at the MIT Media Lab to begin the Seeing Yellow campaign to stop the practice.
The campaign takes its name from the nature of the encoding, which takes the form of yellow dots printed across the entire page of a printout. The dots are invisible to the unaided eye, but can be seen by placing an intense blue LED light behind a printout in a darkened room. Alternatively, the dots can be seen in a scanned copy of a printout with a resolution of at least 600dpi. They become even clearer when the scanned copy is opened in a graphics program like the GIMP, and only the blue channel is visible (Dialogues -> Channels). However, for the most part, the public can only guess what information is carried by the yellow dots.
In fact, except for Toshiba, whose documentation mentions an unspecified tracking device for printouts, most manufacturers do nothing to make consumers aware that their printouts can be tracked.
In addition to the inability to consent to being monitored, the situation also raises issues about privacy and the right to anonymity. Pointing out that the eighteenth century Federalist Papers, a collection of 85 letters that advocated ratification of the American Constitution, were originally published anonymously, Hill says, "It's perfectly legitimate for people to want communicate anonymously. Anonymity is absolutely essential to democracy. The [Federalist Papers] are an example of how anonymous communication can lead to some of the most important political changes."
Hill goes on to note, that, ironically, that people who have written to the campaign insisting that the innocent have nothing to worry about take good care to remain anonymous themselves. Even Hewlett-Packard employees responding to privacy concerns, he says, sign their emails not with their names, but simply with "Privacy." "It's funny," Hill says, "But people are choosing to remain anonymous while telling me that people shouldn't do that."
The immediate impetus for the campaign was a report from the Electronic Frontier Foundation that one man who contacted his printer manufacturer for information about how to turn the tracking device off soon found himself being questioned by the U.S. Secret Service. By contrast, Hill says, "We want it to be perfectly normal to complain about the lack of anonymity."
Following the dots
How long has this forensic technology been used? What information is being collected? The truth is that almost nothing is known about the practice. What is known has emerged in bits and pieces.
The first indication of the practice seems to have been an article by Wilbert de Vries in PC World published in October 2004, entitled, "Dutch track counterfeits via printer serial numbers." In the article, de Vries quotes a representative of Canon Europe as saying, "Canon works closely with the relevant national and international authorities to ensure that the opportunities for its products to be misused are minimized," and mentions the existence of the yellow dots.
A month later, PC World published a similar article by Jason Tuohey entitled "Government Uses Color Laser Printer Technology to Track Documents" that covered much the same ground, except in the United States and quoted a Xerox representative, who said that the tracking mechanism was designed for use against counterfeiters. The same article quoted Lorelei Pagano, a counterfeiting specialist with the U.S. Secret Service, who said that the mechanism was used only in criminal investigations, and pointed out that companies have never informed consumers that it was being used.
Nor is it public knowledge whether other tracking devices may be used on printers. However, a site for the Purdue Sensor and Printer Forensics project does clearly indicate that research is being done into other methods of tracking both laser and inkjet printers, as well as digital cameras and scanners. Papers on the Purdue site show that the methods being researched include unique characteristics of various devices, including dad pixels and image noise. Research is also being done into methods for hiding data in halftone documents. Whether any of these methods are or will be implemented is unknown.
The Electronics Frontier Foundation did submit a Freedom of Information request to the U.S. Secret Service in December 2005 asking for more details about the practice, but is still waiting for a reply.
Even the printer manufacturers themselves seem to know little about the practice. Hill reports that most representatives of printer manufacturers are completely unaware of it, which suggests that the decision to incorporate the technology was made at the highest levels of each company.
Not only that, but, if Hewlett-Packard is typical, even the manufacturers know little about the details. When blogger John Whelan contacted HP about the issue, he was told by a company representative that the chips used for the encoding of the yellow dots were outsourced to another company that HP employees could not read them. Whelan's contact also claimed that the devices were secure against misuse because of this secrecy.
Most of what is known comes from the investigative efforts of the Electronic Frontier Foundation. The foundation's Web site includes a list of printers whose printouts have been examined, to have the yellow dots. However, this information is tentative. As the preface to the list suggests, the dots, when found, may be the result of dithering techniques or a poorly calibrated printer. Conversely, not finding the dots does not rule out the use of other identification techniques. Still, the foundation is also encouraging supporters to do their own testing and send the results.
In addition, the foundation has managed to partly decipher the dots on a Xerox Docucolor print out. As might be expected, the arrangement of the dots includes the printer serial number in binary-coded decimal, as well as the date and time that the page was printed. Presumably, other manufacturers and possibly other Xerox printers give the same information, but since encoding is not uniform, nobody knows for sure.
Early campaign results
Launched less than ten days ago, the Seeing Yellow campaign has attracted considerable interest. The first day that the site was up, it received 15,000 hits, and, according to Hill, that number has remained steady. In addition, at the time of writing, almost 12,000 people had contacted their printer manufacturer about the issue and clicked the counter on the site keeping track of such actions.
The campaign has also motivated some people to try to return their color laser printers. Others have told resellers that they would buy the first printer that included a guarantee that it did not include such tracking devices.
So far, Hill has heard of no one who has been able to hack their printer to remove the mechanism that prints the yellow dots (which would be difficult, since none of the public know what it is). He has heard reports that some users are trying to find ways to add random dots to make the encoding useless, but, given that more than one encoding seems to be used, this effort is likely to have limited success at best.
Hill acknowledges that workarounds exist. As some of his correspondents have suggested, users could print in black and white, and only print in color when they don't care whether they are anonymous. However, Hill disagrees with the idea of settling for such workarounds for the dots.
"I think that the answer is to turn them off altogether, and that counter-measures are not enough," he says. "But the worst thing to me is that there are people who think they are anonymous when they print in color -- and they're not."
Whether the campaign will be successful in removing tracking measures from color laser printers is still anybody's guess. But for now, the campaign is clearly succeeding in its first step by making sure that people know as much about the issue as there is to know.
Bruce Byfield is a computer journalist who writes regularly for Datamation, Linux.com and Linux Journal
Bruce Byfield (nanday)
Webinar: 8 Signs You’re Beyond Cron
11am CDT, April 29th
Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.Join us!
- March 2015 Issue of Linux Journal: High-Performance Computing
- Users, Permissions and Multitenant Sites
- Not So Dynamic Updates
- April 2015 Video Preview
- Security in Three Ds: Detect, Decide and Deny
- New Products
- Flexible Access Control with Squid Proxy
- DevOps: Everything You Need to Know
- Tighten Up SSH
- Android Candy: Bluetooth Auto Connect