Thursday, February 15, 2007

Is your Printer spying on you, and how to decode it.

According to a report released by the American Civil Liberties Union the FBI has amassed more then 1,100 of its documents since 2001. How was this done and why? Because the government has got ways of monitoring the documents which you print out and figuring out where they were printed from, and at what time.

The way that they know this is through a series of minuscule yellow dotted codes which are printed on the page. The FBI has made a deal with a number of colour printers in order to implement the technology.

The following is taken from a sheet printed by the Xerox DocuColor 12, magnified 10x and photographed by a Digital Blue QX5 computer microscope under white light. As EFF reports the yellow dots are visible yet incredibly hard to see.

This is an image of a portion of the dot grid under 60x magnification.

This is an image of one repetition of the dot grid from the same Xerox DocuColor 12 page, magnified 10x and photographed by the QX5 microscope under illumination from a Photon blue LED flashlight. The increased contrast under blue light allows us to see the entire dot pattern clearly.

With computer graphics software we can overlay the black dots with computer generated dots in order to get an idea of the pattern (this image is not to scale)

EFF added explanatory text in order to show what the placement of the dots mean.

Following is an explanation posted by EFF as I thought they described it best.

"The topmost row and leftmost column are a parity row and column for error correction. They help verify that the forensic information has been read accurately (and, if a single dot has been read incorrectly, to identify the location of the error). The rows and columns all have odd parity: that is, every column contains an odd number of dots, and every row (except the topmost row) contains an odd number of dots. If any row or column appears to contain an even number of dots, it has been read incorrectly.

Each column is read top-to-bottom as a single byte of seven bits (omitting the first parity bit); the bytes are then read right-to-left. The columns (which we have chosen to number from left to right) have the following meanings:

  • 15: unknown (often zero; constant for each individual printer; may convey some non-user-visible fact about the printer's model or configuration)
  • 14, 13, 12, 11: printer serial number in binary-coded-decimal, two digits per byte (constant for each individual printer; see below)
  • 10: separator (typically all ones; does not appear to code information)
  • 9: unused
  • 8: year that page was printed (without century; 2005 is coded as 5)
  • 7: month that page was printed
  • 6: day that page was printed
  • 5: hour that page was printed (may be UTC time zone, or may be set inaccurately within printer)
  • 4, 3: unused
  • 2: minute that page was printed
  • 1: row parity bit (set to guarantee an odd number of dots present per row)

The printer serial number is a decimal number of six or eight digits; these digits are coded two at a time in columns 14, 13, 12, and 11 (or possibly just 13, 12, and 11); for instance, the serial number 00654321 would be coded with column values 00, 65, 43, and 21."

EFF has also published a program which will decode what it says, so be sure to check it out.

Thanks EFF!

No comments: