Snopes: Do Color Printers Leave Tracking Dots? ‘Mostly True’

The popular fact-checking Web site Snopes today posted an article stating that it’s “Mostly True” that color office laser printers print dots on output that indicate the document’s source.

According to Snopes:

“Household printers leave hidden yellow dots that provide identifying information about the printer and the date and time the document was printed.

RATING
MOSTLY TRUE
WHAT’S TRUE

Numerous brands of color laser printers leave coded metadata in barely perceptible yellow dots that can be used to trace a printed document to its source, a feature originally intended as a deterrent to counterfeiting currency with laser printers.”

Snopes notes that it’s unclear which printers – which are said to be limited to color laser printers – feature this, but notes that back in 2004, PC World interviewed a Xerox researcher, Peter Crean, who said:

“… his company’s laser printers, copiers and multifunction workstations, such as its WorkCentre Pro series, put the ‘serial number of each machine coded in little yellow dots’ in every printout. The millimeter-sized dots appear about every inch on a page, nestled within the printed words and margins.

It’s a trail back to you, like a license plate,’ said Crean.”

The printed dots are so tiny that they can’t be seen with the naked eye, but one way to identify them is to shine a blue LED light on them and/or view them under a microscope.

The issue first came to light in June 2017, at which time in our story, How a Xerox DocuColor Printer Led to an NSA Contractor’s Arrest, we reported on Errata Security’s report that U.S. National Security Agency (NSA) contractor, Reality Leigh Winner, was arrested on charges of allegedly leaking NSA intelligence to The Intercept, with the intelligence detailing alleged Russian cyber-attacks directed at U.S. election officials and electronic voting-equipment company VR Systems.

The U.S. Justice Department’s arrest warrant request stated that the classified information printed out was tracked to Winner, one of six people who printed the report, and the only one who had e-mail contact with The Intercept. The printed report – which was scanned and then published by The Intercept – is said to have contained tracking information used to identify and arrest Winner.

By identifying when the print job was printed and the serial number of the printer with which it was printed, the U.S. government was said to be able to trace the print job back to Winner. The printer log would likely indicate the user and/or the IP address of the user’s PC that printed at that particular time to that particular printer.

The government’s warrant stated: “The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting (document). WINNER was one of these six individuals. A further audit of the six individuals’ desk computers revealed that WINNER had e-mail contact with the News Outlet.”

The tracking technology is said to have been first developed to deter currency counterfeiting.

Despite the allegations against Winner, there’s never been 100-percent definitive proof that the tracking dots were used to identify Winner – the warrant simply states: “six individuals printed this reporting (document). WINNER was one of these six individuals. ” That’s likely why Snopes says the story is “Mostly True.”

For its part, the Electronic Frontier Foundation (EFF) says that color laser printers sold by Canon, HP, Konica Minolta, Xerox, and others print tracking dots (see the complete list here), after having examined output under a blue LED and or microscope. It also says that the absence of dots doesn’t preclude the use of forensic watermarking.

The EFF also states:

“Some of the documents that we previously received through FOIA (Freedom of Information Act) suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable. Although we still don’t know if this is correct, or how subsequent generations of forensic tracking technologies might work, it is probably safest to assume that all modern color laser printers do include some form of tracking information that associates documents with the printer’s serial number.”

As for the NSA contractor Reality Winner, The Intercept reported this month that she is being held on bail, and has not yet been tried.

More Resources

June 2017: How a Xerox DocuColor Printer Led to an NSA Contractor’s Arrest

Advertisements
%d bloggers like this: