Every copy or print job actually stored on copier's hard drive
WILLMAR -- The digital copy machine that routinely prints and reproduces your documents may pose a privacy risk if you don't take proper steps at trade-in or disposal time.
Just about every copy machine made in the last decade contains a hard drive, and even if you don't use the hard drive to save copy or print jobs, every copy or print job is actually stored on the drive. The risk is that private data and vital private information could inadvertently become public.
The possibility of pulling documents that contain private information off of a copier's hard drive was investigated by CBS News in an April 19 report. CBS News was able to obtain medical records, police records and Social Security numbers off hard drives from copiers ready to be resold using software that is readily available on the Internet.
As a result of the investigation, the U.S. Federal Trade Commission has begun notifying copy machine makers, resellers and office-supply stores about privacy concerns over the thousands of images that can potentially be stored on the machines' hard drives.
Customers who lease copy machines may not be aware of the privacy risk posed by improper copier disposal, according to Russ Bennett, president of Bennett Office Technologies of Willmar.
"I would guess most are not,'' says Bennett. "That's why we've taken it upon ourselves for our customers to try to get that data off their hard drives.''
Bennett said the big change in copier technology occurred when copiers went from analog to digital. They formerly reflected the image onto a drum which, with toner, would lay the image on the paper.
"When they began to digitize them and turn everything into a zero and a one, that's when they learned they could use memory and memory was never big enough,'' said Bennett. "Then they started using hard drives to place the data on.''
Another wrinkle comes into play with the addition of networked copiers. Since copiers were set up to output from electronic images, the next addition was to allow for copiers to operate as printers. Rather than coming up with a separate path for print jobs, manufacturers just used the same path, meaning a job is downloaded from the computer to the hard drive, and then printed out as the copier becomes available.
So if you copy or print from a copier, there's a good chance that the document is accessible to people who can get their hands on the copier's hard drive.
Bennett says his company works with customers in placing photocopying machines in their businesses.
"Because the technology in the copy machines is changing so quickly, most businesses don't want to invest in a copy machine. They want to just lease it, turn it back in after three or four years, and get a new one,'' Bennett said.
Unlike most other dealers, Bennett doesn't use a third-party lease company. But there's an occasional customer that will acquire a machine from Bennett and use a third-party lease company that Bennett is not even aware of to get rid of the machine.
"What happens and can happen is those third-party lease companies then contract with a fourth party that liquidates (the copiers) for them. They ship it back to the lease company and then they get sold. That's where some of these security breaches have occurred is that the customer doesn't know that there's information on their hard drive,'' Bennett explained.
Most copiers go overseas. The machines are packed into containers and shipped into third world countries. Some the eastern bloc countries are good at using data that shouldn't be leaked, said Bennett.
There are two methods to solve the problem, says Kyle Diederich, Bennett's director of information technologies.
The first method is to drive one or more holes through the hard drive with a drill bit.
The second method is to use a disk erasing software such as Killdisk to erase the hard drive to Department of Defense standards. Diederich said Bennett uses Killdisk on the hard drive in copy machines that will either be resold or maybe sent back to the leasing company.
"We do a Department of Defense level format on the hard drives, and that usually entails overriding the hard drive seven times with random data to ensure that all of the magnetic information on that hard drive can never be read by any kind of utilities,'' said Diederich.
Bennett agrees that much information could fall into the wrong hands if precautions aren't taken.
"It's very important for customers to be aware of that,'' he said.