Canon Creates Keyword-Based DRM For Copy Machines?
from the can't-copy-this dept
In an attempt by Canon to help plug the analog hole when it comes to physically copying documents, apparently its new scanner/copier machine has a feature, named Uniflow 5, which will use some optical character recognition (OCR) tech to stop you from copying/scanning anything with specific keywords:
The latest version of Uniflow has a keyword-based security system. Once configured by an administrator, the system can prevent a user from attempting to print, scan, copy or fax a document containing a prohibited keyword, such as a client name or project codename.
The server will email the administrator a PDF copy of the document in question if a user attempts to do so.
The system can optionally inform the user by email that their attempt has been blocked, but without identifying the keyword in question, maintaining the security of the system.
You can certainly see why some paranoid organizations might like this, but it seems like just another form of DRM which will likely only serve to piss off legitimate users.
Filed Under: copy machine, drm
Companies: canon
Comments on “Canon Creates Keyword-Based DRM For Copy Machines?”
A scary thought
I saw this same article on BoingBoing and the author suggested a scary use for this technology. If the company didn’t realize what they were using or forgot about the technology, a spy, industrial or other, could set the software to look for those keywords and then email them the PDF instead of the IT department of the company. Pretty scary thought as to what could be stolen this way. Just goes to show that DRM is not the answer.
Re: A scary thought
Why bother (looking for the keywords, that is)? Why not just send them all?
Re: Re: A scary thought
Watch out for that keyword “the“. Make sure all documents containing this critical word are sent.
… ah, the joy of unintended consequences.
unintended consequences
I can see the law of unintended consequences kicking in the first week these things get delivered. I was going to say the first day, but I assume that there will be pointy hair bosses who first try to program the copiers themselves, make a mess of it, and then have to find some intern to do it for them.
There are plenty of point-haired bosses out there who are going to think this is the greatest invention since sliced bread. The good news is that when they try to come up with words to block, they will mainly think of words that they use all the time, and so they will be most likely to inconvenience themselves.
“You can certainly see why some paranoid organizations might like this…“
I can see plenty of organizations liking this, but I can also see them turning the feature off because the boss’ email account was flooded with PDFs.
“The server will email the administrator a PDF copy of the document in question if a user attempts to do so.”
I just love that part, it will send the documents that nobody should be copying to an administrator or someone posing as one that is priceless LoL
Oh, forgot the other copier that no one noticed recently, it is called cellphone.
I think Mike makes keywords for copy machines based on DRM
But all I do is look at the headers.
Re: I think Mike makes keywords for copy machines based on DRM
Was that English?
Re: Re: I think Mike makes keywords for copy machines based on DRM
Yes. Otherwise it would read something like this:
“你是一个傻瓜”
Another Challange for the Innovative Hacker
I assume that the devices would be “open” to the internet/LAN. Imagine the consequences of a hack that defines simple words, such as “the”, as a protected keyword word.
Not only that, what about the administrative overhead of maintaining a list of authorized/prohibited words. The first group to get aggravated would probably be the lawyers photocopying their infringement letters and lawsuits.
Re: Another Challange for the Innovative Hacker
I worked at an investment firm for 5 years, which has since been aquired by a firm which was aquired by a firm. In my first year, I noticed that none of the printer configuration webservers (almost all business printers can be configured via browser) were secured in any way. I could take any printer off line, or set it to an IP which would conflict with a production server, anytime I wished. I informed the security and IT staff, and left it for them to handle.
When I left the firm 4 years later I checked, and sure enough, no passwords or alternate ports on the webserver. Printers were under their radar.
Did I mention that this was a paranoid investment firm?
Now give someone the ability to automatically have PDF’s sent to them when certain keywords (SSN, CC#) are present, and put it in the same environment. Unless these things have a hardware switch to turn this feature off, they are creating a Microsoft-style security hole which is guaranteed to allow massive breaches in corporate security.
no one ever heard of......
tippex (correction fluid)…hell even a marker at a pinch!
As an engineer, this is just too much of a fun puzzle/game waiting to happen.
“What? my document didn’t print…I wonder if it was the word ‘requirement’
…[runs and prints out a document with just the word ‘requirement’]
…no, that printed. Maybe it was the reference to the ‘flux capacitor’ [runs and prints out paper with just the word ‘flux capacitor’]
No, that printed as well…
Ah! maybe it was…”
I love it when they try to make my work day more interesting.
Re: Re:
If you’re an engineer, you might be interested in going from O(n) to O(log(n)).
Re: Re: Re:
Haha. Cut the paper in half?
Re: Re: Re: Re:
Well, copy half your document into a new document, try to print…
One word foils this scheme
So how does it maintain security when I scan one page with just the word it is blocking?
However, in these cases, the legitimate users are the bosses who lease these machines. These copiers are not of the home use variety, though eventually, the technology may end up there.
The “Legitimate user” aka the Boss is the person setting the controls. That is his right. This is NOT similar to DRM, because DRM is set by the manufacturer/distributor.
This is no different then the a homeowner adding an extra lock to his house. He can give away the keys, leave that lock unlocked, or keep the key for himself. The house or lock manufacturer is not restricting what keys or locks you can use.
Also, if you were not aware, copiers and printers already have “DRM” built in. Color printers actually print microscopic codes into all graphic documents, and will not print money.
Re: Re:
“Color printers actually print microscopic codes into all graphic documents”
I think the microscopic codes are mainly on laser printers. EFF has an article about this.
Re: Re:
I think your last paragraph can be taken out of context. The sentence “Color printers actually print microscopic codes into all graphic documents, and will not print money.” The microscopic codes are there to identify the printer’s hardware which was introduced because people were trying to print money. The microscopic code is only on laser printers (that I am aware of), and the only purpose it serves, is to tie a print, back to the printer (assuming you have physical access to the printer to verify the code).
Re: Re: Re:
Correct. It is two different issues.
However, in most large firms, the copiers ARE the laserprinters, scanners, etc. These are the machines most likely to have this “DRM” technology installed, at the moment.
DRM?
Wait, why is this being called DRM? Maybe someone would try to use it to micromanage the simple activity of making a copy, but I don’t think this qualifies as DRM. I think the reality is actually much simpler.
From the linked article…
“the system can prevent a user from attempting to print, scan, copy or fax a document containing a prohibited keyword, such as a client name or project codename.”
There are some environments, such as law firms or other highly regulated industries, where I think this would be quite handy. If you don’t want some temp making a copy of a document with your client’s name on it because this is against your company policy, then buy this printer. It makes sense to me.
To qualify as DRM, the copier would have to somehow prevent any copyrighted material from being copied. This just isn’t practical given the way this copier works. (What, you’d have a monster list of every trademarked phrase in the world or copyrighted passages?) I’m no fan of DRM, but I don’t think this qualifies as DRM.
Re: DRM?
what if a watermark, visible only to the photcopier, was added by publishers to the pages of their books? Granted, it’s extreme and probably not cost effective, but it could be done and would be a step in the direction of DRM for a non-digital good.
Re: Re: DRM?
what if a watermark, visible only to the photcopier, was added by publishers to the pages of their books?
In that case, it would be DRM. But that’s not what this copier does, so I believe it’s innacurate to label it as DRM.
Re: Re: DRM?
Then it would be just like what already exists for currency. Just google for “EURion Constellation” or “Adobe Counterfeit Detection System”
Re: Re: DRM?
Being extreme and not cost effective would not be a barrier. There are few examples of existing DRM that are cost effective. Most are not as effective as the rights holder hoped, so the vender of the DRM convinces them that a stronger and more extreme version will work. In the end all DRM systems tend to become extreme and expensive.
Re: Re: Re: DRM?
There are few examples of existing DRM that are cost effective.
Agreed. However this doesn’t relate to whether the Canon copier referenced in the linked article implements DRM. It doesn’t. It’s a simple keyword match. To implement a true DRM system in a copy machine, even one that was connected to the Internet, would be very cost-ineffective, even compared to other forms of DRM.
Re: DRM?
> Wait, why is this being called DRM?
Because it’s Digitial, and it Manages Restrictions?
Re: Re: DRM?
Because it’s Digitial, and it Manages Restrictions?
DRM = Digital Rights Management. Canon isn’t saying that its printer can be configured to detect a document which contains material to which a third-party has a copyright or any other IP right. They’re simply saying that it can detect a specified keyword.
Kill the whistleblowers!
Take a hi-res picture of the document? Or you could use a high-res handheld scanner. Not sure what this going to accomplish.
I read somewhere that simple 1337-speak can defeat this system, but I’m guessing that is because of the dictionary they used to determine the “forbidden” words didn’t include 1337 words.
Re: Re:
Well, whether it defeats the system appears to be entirely dependent on how clever the supervisor or tech guy is at a given company. Since it sounds like this system is defined by the administrator, not by canon.
?siɥʇ uɐɔs noʎ uɐɔ
Wouldn’t it be funny if the administrator were one of those nitwits who has his secretary print his email for him to read?
Seriously, I thought this was dumb until I got to this part:
A determined user who has guessed the prohibited keyword could get around it by simply substituting numbers or other characters for letters, such as z00 instead of zoo, representatives for Canon conceded.
Whoa! It can distinguish 0 from o and O? In any font, presumably by context? Never mind the printer, I want that OCR technology!
Re: ¿siɥʇ uɐɔs noʎ uɐɔ
I also want that OCR tech. Any OCR that can distinguish “o” from “O” from “0” or “l” from “1” no matter what font is used rules and would save a lot of editing time.
This is really bad for getting work done.
So they want to set up a system where the employees aren’t allowed to make copies of documents that contain certain keywords, but don’t want to tell the employees what they keywords are? I would think that it’s a little bit silly to create a situation where employees get in trouble but they aren’t allowed to know before hand what might get them in trouble.
Re: This is really bad for getting work done.
I would think that it’s a little bit silly to create a situation where employees get in trouble but they aren’t allowed to know before hand what might get them in trouble.
Well, first off, there’s nothing saying that a person would be “in trouble”. Contrary to Mike’s post, this technology is not DRM, so it’s not illegal to copy a document with a specified keyword. It’d be up to the company how to handle attempts to copy keywords. Secondly, the point of is that if you have a sensitive list of keywords that you don’t want copied, you wouldn’t want to broadcast that list to all employees because you’d be defeating the purpose of having the information be controlled in the first place. For example, if you’re running a legal office, you don’t want the public copier in front of the conference room to be used to copy documents with any of your client names on it. You don’t want to send out an e-mail to every person in the company, down to the interns, with your client list. Now, that would be a “bit silly”.
DRM?
I don’t see why this is being called DRM. it has nothing to do with protecting copyright and everything to do with protecting corporate secrets.
This kind of system is already in use in some high security installations, generally by marking secure documents with a distinctive symbol that document management systems recognize. Photocopyers, particularly modern units that fax and scan to email, are a big way that secrets can make it out of a corporation accidentally. This technology isn’t supposed to stop anyone that’s intentionally trying to sneak documents out, it’s to stop the real user that makes a mistake (doesn’t realize a document is sensitive, takes the wrong paper to send, hits the wrong button on the machine…). It’s just a simple system to make users with a document that is potentially sensitive stop and think before emailing it to the bank/aunt ellis/nigerians. When this sort of system is implemented it requires oversight to work effectively, because there will be many false positives. It’s just the cost of the added security. No doubt the PDFs sent to a monitor will be used more often to make it easier to put through an authorized false positive (email the PDF instead of having to scan the doc again) than to find someone to punish.
Sounds a bit like the 'eurion' on currency
http://en.wikipedia.org/wiki/EURion_constellation :
“The EURion constellation is a pattern of symbols found on a number of banknote designs worldwide since about 1996. It is added to help software detect the presence of a banknote in a digital image. Such software can then block the user from reproducing banknotes to prevent counterfeiting using colour photocopiers.”
Fun game: Find the offending words (or an offending document) and make a million photocopies. Then, take picture of the system admins horrified face when he checks his (spam cluttered) email inbox.
Man, this opens up yet another path for spamming people (even if it just inside the same company) :p
Nevermind paranoid organizations...
You can certainly see why some paranoid organizations might like this…
How about paranoid governments?
Iran and China want those copiers right now.
Can you imagine going to jail because your copy machine rat you out 🙂
But will that OCR work...
… if you turn the page upside down?
Re: But will that OCR work...
Was this a serious question??? Please tell me it’s your dry sense of humor.
law firms are going to love this
“…but it seems like just another form of DRM which will likely only serve to piss off legitimate users.”
If anyone suspends a legitimate activity, they are going to have a hell of a time copying a memo instructing people to RESUME it, should the company block RESUME in order to limit job seekers from using the copy technology.
I’ve actually had email rejected from a corporate server for using “resume” (first meaning above) in an email to an employee inside the firm.
So I guess this must serve some need somewhere, I just can’t imagine what that may be.
Haters gonna hate, get their knickers in a twist.
We have a policy of not disclosing customer’s or supplier’s names when we mail documents. I can see how the haters are going to hate this, however i can see this technology as being quite useful for catching mistakes within my organisation.
There are going to be some clbuttic misclbuttifications of this system as items that should pbutt through the filter just fine get caught.
Where does it stop?
Next, DRM in our cameras so that we cannot photograph copyrighted works, buildings, billboards, whatever? I’ve been a Canon camera fan for a long time, but I think my next D-SLR will be a Nikon.
Canon and keywords
Excuse me? First we can’t see any reason one would blame, say, an ISP for enabling some sort of , but now we blame Canon for enabling (not causing, enabling!) some sort of ?
Why wouldn’t the pissed-off user blame the company that entered the keywords, rather than Canon, who only enabled the feature?
Useful OCR tool
It’s not until recently when I find it is possible to do character recognition online, for example with the site Free OCR. This site helped me to work today to convert an image file tif files readable by most word processing text.
There are going to be some clbuttic misclbuttifications of this system as items that should pbutt through the filter just fine get caught.
Go to Canon homepage if you’d like to know more.