Your Office Copier/Printer May Present Information Security Risks
By Steve Muck - Published, March 8, 2010
The following is a recently reported compromise of personally identifiable information (PII) involving the disposal of copiers containing personal information stored on their hard drives. Incidents such as this will be reported to increase PII awareness. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.
Recently, a command disposed of numerous copiers that had reached the end of their service life. The copiers were originally leased and subsequently purchased by the government with a typical copier maintenance agreement. The command was under the impression that the copiers did not contain hard drives and therefore did not require sanitization or removal of hard drives before disposal. A few weeks after disposal, the command learned that the copiers did, in fact, contain hard drives. This particular breach did not result in a loss or compromise of PII because the machines were recovered by the government soon after disposal.
Many copiers, printers and multifunctional reproductive machines manufactured today have hard drives capable of storing documents that have been scanned, printed or faxed as digitized images. These machines are often connected to DON networks to ease workload and increase efficiency.
Reproductive office equipment manufactured in the last seven years employ hard drives that store digital images. While much of the hard drive space is used for processing, the machines in this scenario stored up to 6,000 pages of information. The information copied may include PII, classified or sensitive but unclassified information, depending on the machine. Once the hard drive memory has been exceeded, files are automatically overwritten. "Cap points" limit the number of pages stored to hard drives, and the cap limitation can vary in each make and model number.
Depending on the type of machine, information from small print jobs may be stored in random access memory (RAM) only, and the files may be overwritten with each new print request, or lost when the machine is powered off. Manufacturers of the newest reproductive office equipment may advertise that their hard drives use encryption software to safeguard data, but as of this writing, that encryption capability is not DON-approved. Approved DON encryption solutions do not encrypt reproductive equipment hard drives.
DON copiers, printers and multifunctional machines are either leased from a vendor or government-owned. In either scenario, the possibility of PII loss presents challenges when equipment is repaired or turned in for replacement. Stand-alone fax machine memory is generally nonvolatile and is lost as soon as the machine is turned off.
The DON CIO is drafting tighter policy controls regarding the turn-in and disposal of reproductive equipment. Until release of the new policy, DON personnel should comply with the following best practices.
For CLASSIFIED copiers/printers: Guidance for reproductive equipment can be found in SECNAV M-5510.36, paragraphs 7-15(2), (3), available on the Chief of Naval Operations (N09N2) Information and Personnel Security web site at http://www.navysecurity.navy.mil/info-551036.htm.
For UNCLASSIFIED copiers/printers:
Steve Muck is the DON CIO privacy team lead.
- Identify the hard drive capabilities (and security risks) of your photographic equipment and educate office personnel regarding that information.
- For government-owned equipment, hard drives should be removed and physically destroyed before disposal. Hard drives are not easily accessible, so removal will probably require a technician.
- For leased equipment, the hard drives should be reformatted to remove all data. Refer to the equipment manual or service technician for instructions on the reformatting process.
- Place a sticker or placard on the copier/printer with the following: "Warning, this government-owned copier uses a hard drive that must be physically destroyed before turn-in" or "Warning, this leased copier uses a hard drive that must be reformatted before turn-in."