When you use a colour laser printer, or photocopier, the printer will often automatically add a number of microscopic yellow dots to the resulting printout that will normally be invisible to the naked eye. These are often 1/10 mm wide and the whole pattern of dots often only covers a few centimetres of space. These dots are often repeated at various positions across the page so that at least one block can be easily read.
What do these dots represent?
These dots are encoded and will often give you:
- The date and time the printout was taken (based on the printer clock)
- The Printer serial number.
It is conceivable that more information could be encoded.
If you think this is a conspiracy theory, then please see an example I extracted from a page I printed on a laser printer below:
The above was taken from a printout from a laser printer, scanned at 1200dpi and then the brightness decreased and contrast increased. I then zoomed in several factors on a white unprinted area.
There are better ways of detecting these dots, for example using blue/ultraviolet light and better image processing software than I had at my disposal. However the above proves the point.
I have looked for the equivalent dots produced by inkjet printers. I have examined a document printed on my own inkjet printer in the same way as I did for the laser print examined above and found nothing like the yellow dots found in the laser printed example. That doesn’t mean there isn’t other steganographic information in the printout that I could not easily detect. However, this article does suggest that these dots are added by Inkjet printers as well.
How can these printer dots be used?
In the mid 1980’s, Xerox pioneered an encoding mechanism using coloured dots, or which they were granted U.S. Patent No 5515451. These were initially used to easily detect bank notes that were forged using the companies printers and photocopiers. The use of this technique was not widely circulated. Since then the technology has been adopted by just about every printer/photocopier manufacturer.
In October 2004, consumers first heard of the hidden feature, when it was used by Dutch authorities to track down counterfeiters who had used a Canon colour laser printer. The Electronic Frontier Foundation found out about these dots in 2005 and over several examples managed to decode a lot of the information provided by these dots. For their explanation please see see their info page here.
There have been several cases reported in the press where confidential and secret government documents have been leaked to the press. These documents, when forensically examined, provided information that allowed the originator of the document to be identified.
Inspecting the printer identification dots and knowing the serial number of the printer and the date/time it was printed, it should just be a matter of inspecting the printing logs from the print server to determine who printed the document at that time on that printer. Some enterprise print servers also retain an image of the printed material, making the job of identification even easier. It is conceivable that these dots could also encode the job number or some unique identifier when combined with other information to uniquely identify who printed the document.
What else can be used to identify the originators of printouts?
Back in the days when typewriters were used, each machine would have its own minor typing defects that could be matched to an example produced by that typewriter. For example, due to wear a certain letter could be placed slightly out of alignment that could be used forensically to determine the typewriter used to type the document. Similar defects can be introduced on other mechanical printers of the time.
This technique is also used on electronically printed material by automatically introducing unnoticeable defects into the printed material. This could be used to encode additional information using steganography .
Steganography is a way of encrypting data in plain sight, normally in pictures or text. It is possible to encode whole chapters of books into a single JPEG file by changing a number of pixels in a very subtle way. Using a Steganographic decoder, it is possible to recover the hidden data. It should be noted that Steganography is also a cyber security attack vector we will be blogging about in the future.
In order to identify people within a company who are leaking information, specially crafted documents can be produced (for example using specific phasing, typos) that will only be distributed to a single person. If that document ever got disclosed to the press, it would just be a matter of matching who was given the document to detect who leaked it.
If the information is limited to dates/times of the printout and the serial number of the printer, then there isn’t much to worry about – unless you are disclosing confidential documents to the press, in which case you need to be very concerned. However, this is just another way of tracking people which you should be aware of from a privacy stand point.
You cannot turn this off as this is hard coded into the printers software.
If you print a document to PDF then these tracking dots are not added at this point. They are added when you print the document. However, I am not saying that the action of printing to PDF won’t add other hidden meta-data to the PDF that will allow it to be tracked (take a look at the Document Properties by right-clicking on the document in Adobe Acrobat DC and I expect there are programmatic methods of adding custom properties). Other document standards (e.g. Microsoft Office documents) will also allow meta-data to be added (e.g. security classifications, originator information).
Document meta data will be the subject of a future blog, so please look out for this once we have fully researched it.