Everyone involved with software and services should watch this remarkable investigative report by CBS News and think about what it teaches us.
Nearly every digital copier built since 2002 contains a hard drive storing an image of every document copied, scanned, or emailed by the machine. Because of this, the report shows, an office staple has turned into a digital time-bomb packed with highly-personal or sensitive data. To quote the narrator, “If you're in the identity theft business it seems this would be a pot of gold.”
In the video, the investigators purchase some used machines and then John Juntunen of Digital Copier Security shows them what is still stored on them when they are resold. As he says, “The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms… would be very valuable.” He's been trying to warn people about the potential risk, but “Nobody wants to step up and say, ‘we see the problem, and we need to solve it.'”
The results obtained by the investigators in their random sample are stunning, turning up:
- detailed domestic violence complaints;
- a list of wanted sex offenders;
- a list of targets in a major drug raid;
- design plans for a building near Ground Zero in Manhattan;
- 95 pages of pay stubs with names, addresses and social security numbers;
- $40,000 in copied checks; and
- 300 pages of individual medical records including everything from drug prescriptions, to blood test results, to a cancer diagnosis.
Why are these records sitting around on the hard disk in the first place? Why aren't they deleted once the copy has been completed or within some minimal time? If they are kept for audit purposes, why aren't they encrypted for the auditor?
Is this “rainy-day data collection?” Gee, we have a hard disk, why don't we keep the scans around – they might come in useful sometime.
It becomes clear that addressing privacy and security threats was never a concern in designing these machines – which are actually computer systems. This was an example of “privacy chernoble by design”. Of course I'm speaking not only about individual privacy, but that of the organizations using the machines as well. The report makes it obvious that digital copiers, or anything else that collects or remembers information, must be designed based on the Law of Minimal Disclosure.
This story also casts an interesting light on what the French are calling “le droit à l'oubli” – the right to have things forgotten. Most discussions I've seen call for this principle to be applied on the Internet. But as the digital world collides with the molecular one, we will see the need to build information lifetimes into all digital systems, including smart systems in our environment. The current and very serious problems with copiers should be seen as profoundly instructive in this regard.
[Thanks to Francis Shanahan for heads up]