Network News

X My Profile
View More Activity

Rep. Markey calls for FTC to investigate copy machines' retention of user data

The copy machine has a better memory than most may think. And that's got Rep. Edward J. Markey concerned. the Democratic congressman from Massachusetts asked the Federal Trade Commission on Thursday to investigate the retention of documents on hard drives of digital copy machines.

He said that information can enable thieves to view sensitive information such as Social Security numbers and private medical and bank records.

CBS News reported in an investigation that just about every copy machine made since 2002 contains a digital hard drive, making the copy machine more like a computer than just a carbon copy machine. The thing is, that information goes with the machine as it may be returned or re-leased to other parties. And CBS said companies and individuals usually don't wipe those hard drives clean.

“I am very concerned that these copy machines can be a treasure trove for identity thieves, allowing criminals to easily access highly sensitive personal information,” Markey said in a release.

By Cecilia Kang  |  April 29, 2010; 10:27 AM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: State Dept. screens video views on democracy
Next: Chat with NBC's Rick Cotton on fighting online piracy


About three years ago, after our landlord returned his copier to the leasing company, we had numerous fake checks passed through our account. Apparently, a lot of neighbors experienced the same problem. It seems someone got the hard drive, with the copies of all of our rent checks, then created their own checks using our bank numbers and their name and address (probably also stolen from someone else). It was a real pain, and the landlord was no help, as the company tried to cover its own behind, denying any responsibility for data security on a leased machine.

Posted by: csrpnt | April 29, 2010 10:59 AM | Report abuse

Markey is the man.

Something needs to change here. If the companies won't fix it on their own, the government needs to step in and do it. We elect them to act in our interest, and that is what Markey is doing.

Posted by: bigbrother1 | April 29, 2010 11:16 AM | Report abuse

If Markey wanted a real "fix" for the problem,he could have checked with any of our intelligence community tecnical advisers.If you think they allow sensitive, classified info to remain on copier hard drives,I assure you they don`t.There are processes and procedures to deal with the issue.Markey needs to get his staffers to do some research in his own environment.

Posted by: bowspray | April 29, 2010 11:59 AM | Report abuse

Markey has found political gold: an easily understood populist issue that won't offend any of his rich corporate campaign contributors.

I'd be more impressed if he took on THE root cause of the identity theft problem in America: the banking and credit industry's happy willingness to extend credit to anyone who knows your name and social security number, with no further verification whatsoever. The industry could easily crack down on this, but they don't, because they make their money on "easy credit" and "instantly approved" impulse buys. The occasional instance of credit fraud (which they have successfully renamed "identity theft" in a stunning bit of responsibility-shifting: it's your problem, not theirs) is acceptable collateral damage to them.

But no congressman is going to TOUCH this, because that would jeopardize some really big campaign contributions. And, in America, if you don't have campaign money, you don't win elections.

And so we get mere publicity stunts like Markey's, while the big-money interests keep running the country into the ground.

Posted by: 12008N1 | April 29, 2010 1:39 PM | Report abuse

bowspray: You appear to not have read the article. He isn't talking about classified data (by the way procedures are nice but are not always followed, so I wouldn't bet lunch on not finding things in an audit, class or unclass) he is talking about PII, which is unclassified. Please read the article before commenting.

Posted by: copperred | April 30, 2010 2:18 AM | Report abuse

Wow! Thanks for the article. I had no idea that copy machines were keeping copies of what I copy on them. From now on I will never use a public copy machine to copy anything with personal data on it. Copy/scan/print/fax machines for home use are available for under $100 and are therefore well worth the cost for peace of mind about this potential avenue for identity theft.

Posted by: foofoofoo | April 30, 2010 7:48 AM | Report abuse

Perhaps somebody with more technical knowledge than me could explain why copier manufacturers would install these devices in the first place. I can understand that the copier might, in effect, photograph the document to be copied and then transfer the photograph to the print mechanism, the way we transfer pictures from cameras to computers. But why would there need to be a permanent record? It should be easy to have the memory empty itself after every copy, or make the memory power-dependent so it would be erased every time the copier is turned off. This just seems like a problem that should never have occurred.

Posted by: none12 | April 30, 2010 11:55 AM | Report abuse

Modern copiers do indeed take a digital photograph of the original. It's faster and cheaper to do it that way for many reasons, and it also enables efficiency in functions such as image enlargement and reduction. Another reason many modern office-scale copiers store the image is to allow emailing directly from the copier which often entails delays waiting on the receiving email server - but not delaying the next copy job from running.

Posted by: rogernebel | April 30, 2010 12:29 PM | Report abuse

Okay...I thought I was fairly savvy when it came to security, but I'd never heard of this. So my question is--how do you delete this information? I have a very nice copier at home that I had thought to donate to a local charity, but of course now I wouldn't consider it unless I could delete that data. Anyone know?

Posted by: krazykat23 | April 30, 2010 12:46 PM | Report abuse

I'd never heard of this before...Very eye-opening. It's not just the copiers we use (and I will only use my own at home that is new so should last a while), but I immediately thought of my Doctor's office and my office, where I recently copied a bunch of personal info.

Just proves EVERYTHING associated w/technology is at risk of exposure. Better go back to quill and paper.

Posted by: nojunk4me | April 30, 2010 2:08 PM | Report abuse

Deleting the information is probably going to vary by the manufacturer's design. These are not general purpose computers with nice GUIs allowing you to get to the file system. Yanking the drive and taking measures to destroy the data seems the best way. Opinions vary on what's needed to completely delete it. Forcing the manufacturers to address this issue is the long term answer.

Posted by: rogernebel | April 30, 2010 3:33 PM | Report abuse

bowspray: You appear to not have read the article. He isn't talking about classified data (by the way procedures are nice but are not always followed, so I wouldn't bet lunch on not finding things in an audit, class or unclass) he is talking about PII, which is unclassified. Please read the article before commenting.

Posted by: copperred | April 30, 2010 2:18 AM

copperred: Bowspray gave an example on how to quickly learn to deal with it rather than waste a bunch of taxpayer dollars on another needless "congressional investigation". Maybe YOU should engage your own brain before making the keystokes..........

Posted by: franklinone | April 30, 2010 9:27 PM | Report abuse

How about a few facts to dispel the hysteria, I mean it's enough to have to fix these machines on a daily basis. Now I have to hear these questions too?

First, most copiers have hard drives in them (some have more than one). They are used for multiple reasons, data storage and system software primarily.

However, most machines use encryption (ours all have a scrambler board as a standard feature). If you pulled a drive from a machine and tried to read the data, it would make no sense.

There are also disk overwrite kits available which basically erase all data immediately after use. This is an optional feature which I rarely see used (Banks are a notable exception).

This has been the case for a few years now, though older machines may have more of a risk. Still, it's not like data is stored forever. It's constantly being overwitten as new copies are scanned into the machine. Depending on the size of the drive and the space allocated for storage, this may not be very long.

So stop worrying so much. There are many worse things to fret over.

Posted by: rednuts | April 30, 2010 10:36 PM | Report abuse

And where does e-waste go? Gosh hmm... There is no place named "Away" so it has to go someplace.

Posted by: Nymous | May 1, 2010 12:01 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company