The privacy problem with photocopiers, and what to do about it

There's a new threat to your privacy, and it's as close as the office copier down the hall or the copy shop down the street from your house. (Fortunately, copying at home likely isn't a problem.)

The Federal Trade Commission last week launched an inquiry into the privacy issues posed by today's commercial copier machines, which retain digital files of the material they copy on an internal hard drive. As a recent report by CBS News (below) demonstrated, that data—possibly tens of thousands of pages of it—very often remains on the machine when it is sold, and would be alarmingly easy for identity thieves to retrieve. After buying three used copiers, the CBS crew unearthed the likes of pay stubs, complete with names and social security numbers, from a copier that was once at a health insurance company and lists of domestic violence complaints from a unit that had been used by a police force.

The FTC, in a letter to Rep. Ed Markey [PDF], says it is now reaching out to businesses with copiers to "ensure they are aware of the privacy risks" of copiers, and that they're "providing education and guidance on the topic." The agency is also asking copier manufacturers and resellers whether they are providing "options for secure copying."

Our recommendations:

Make all copiers securely self-erase files. This threat results from copier manufacturers erring by designing copiers to retain the data they copy. The image of a copied page is needed only temporarily—so users can order additional copies of it without rescanning—and should be automatically erased by the machine when the next copying job is initiated. Dean Gallea, our lead computer tester here at Consumer Reports, emphasizes that the process needs to involve complete and secure erasure that wipes all traces of files from the hard drive. Still, he describes the necessary programming for such auto-erasure as "trivial and minimal" for manufacturers to implement.

Indeed, some copiers are already designed this way. But as an industry spokesman admits in the CBS video, they're less popular because they cost more—an additional $500 in the case of Sharp copiers, the spokesman says—than regular models. The FTC needs to ensure that all copiers are designed to automatically erase the last file scanned whenever a new copying job is initiated.

Post warnings of the security risk of non-erasing copiers. Since it's highly unlikely that all such copiers will soon be replaced, copiers that do not provide the security of erasure should be identified, and the risks of using them be identified.

Safeguards are needed when older copiers change hands. Industry and regulators must ensure that hard drives of non-erasing copiers are wiped clean before the copiers change hands. That's easily done, by requiring the use of erasing software like that we recommend you use before you sell or recycle an old computer. Such programs digitally scrub the hard drive to remove the lingering traces of deleted files. An example is Eraser, a free program.

Copy sensitive documents at home. The copiers that are built into all-in-one printers hold copied data in a buffer, and only long enough to print it once. They offer the best option if you're leery about copying sensitive data on a commercial machine, especially if and until the copying industry widely distributes more secure machines and better guidelines to protect copied data.

Our Ratings of all-in-one printers, available to subscribers, includes models that produced very good copies in our tests—a quality level that's more than adequate for most documents. Some such units cost as little as $80, and might even save you money in the long run, since their copies cost about a nickel per page (not including paper costs). That's about half what a copy shop typically charges.

—Paul Reynolds