Canon Creates Keyword-Based DRM For Copy Machines?

from the can't-copy-this dept

In an attempt by Canon to help plug the analog hole when it comes to physically copying documents, apparently its new scanner/copier machine has a feature, named Uniflow 5, which will use some optical character recognition (OCR) tech to stop you from copying/scanning anything with specific keywords:
The latest version of Uniflow has a keyword-based security system. Once configured by an administrator, the system can prevent a user from attempting to print, scan, copy or fax a document containing a prohibited keyword, such as a client name or project codename.

The server will email the administrator a PDF copy of the document in question if a user attempts to do so.

The system can optionally inform the user by email that their attempt has been blocked, but without identifying the keyword in question, maintaining the security of the system.
You can certainly see why some paranoid organizations might like this, but it seems like just another form of DRM which will likely only serve to piss off legitimate users.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Josh, Oct 13th, 2010 @ 8:35am

    A scary thought

    I saw this same article on BoingBoing and the author suggested a scary use for this technology. If the company didn't realize what they were using or forgot about the technology, a spy, industrial or other, could set the software to look for those keywords and then email them the PDF instead of the IT department of the company. Pretty scary thought as to what could be stolen this way. Just goes to show that DRM is not the answer.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      rsk@gsp.org, Oct 13th, 2010 @ 9:35am

      Re: A scary thought

      Why bother (looking for the keywords, that is)? Why not just send them all?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 13th, 2010 @ 6:03pm

        Re: Re: A scary thought

        Watch out for that keyword "the". Make sure all documents containing this critical word are sent.

        ... ah, the joy of unintended consequences.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    fogbugzd (profile), Oct 13th, 2010 @ 8:37am

    unintended consequences

    I can see the law of unintended consequences kicking in the first week these things get delivered. I was going to say the first day, but I assume that there will be pointy hair bosses who first try to program the copiers themselves, make a mess of it, and then have to find some intern to do it for them.

    There are plenty of point-haired bosses out there who are going to think this is the greatest invention since sliced bread. The good news is that when they try to come up with words to block, they will mainly think of words that they use all the time, and so they will be most likely to inconvenience themselves.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ima Fish (profile), Oct 13th, 2010 @ 8:38am

    "You can certainly see why some paranoid organizations might like this..."

    I can see plenty of organizations liking this, but I can also see them turning the feature off because the boss' email account was flooded with PDFs.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 8:56am

    "The server will email the administrator a PDF copy of the document in question if a user attempts to do so."

    I just love that part, it will send the documents that nobody should be copying to an administrator or someone posing as one that is priceless LoL

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 8:57am

    Oh, forgot the other copier that no one noticed recently, it is called cellphone.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 9:07am

    I think Mike makes keywords for copy machines based on DRM

    But all I do is look at the headers.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Steve R. (profile), Oct 13th, 2010 @ 9:20am

    Another Challange for the Innovative Hacker

    I assume that the devices would be "open" to the internet/LAN. Imagine the consequences of a hack that defines simple words, such as "the", as a protected keyword word.

    Not only that, what about the administrative overhead of maintaining a list of authorized/prohibited words. The first group to get aggravated would probably be the lawyers photocopying their infringement letters and lawsuits.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike42 (profile), Oct 13th, 2010 @ 11:17am

      Re: Another Challange for the Innovative Hacker

      I worked at an investment firm for 5 years, which has since been aquired by a firm which was aquired by a firm. In my first year, I noticed that none of the printer configuration webservers (almost all business printers can be configured via browser) were secured in any way. I could take any printer off line, or set it to an IP which would conflict with a production server, anytime I wished. I informed the security and IT staff, and left it for them to handle.

      When I left the firm 4 years later I checked, and sure enough, no passwords or alternate ports on the webserver. Printers were under their radar.

      Did I mention that this was a paranoid investment firm?

      Now give someone the ability to automatically have PDF's sent to them when certain keywords (SSN, CC#) are present, and put it in the same environment. Unless these things have a hardware switch to turn this feature off, they are creating a Microsoft-style security hole which is guaranteed to allow massive breaches in corporate security.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    hmm, Oct 13th, 2010 @ 9:22am

    no one ever heard of......

    tippex (correction fluid)...hell even a marker at a pinch!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 9:23am

    As an engineer, this is just too much of a fun puzzle/game waiting to happen.

    "What? my document didn't print...I wonder if it was the word 'requirement'
    ...[runs and prints out a document with just the word 'requirement']
    ...no, that printed. Maybe it was the reference to the 'flux capacitor' [runs and prints out paper with just the word 'flux capacitor']
    No, that printed as well...
    Ah! maybe it was..."

    I love it when they try to make my work day more interesting.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    e100, Oct 13th, 2010 @ 9:24am

    One word foils this scheme

    So how does it maintain security when I scan one page with just the word it is blocking?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 9:24am

    However, in these cases, the legitimate users are the bosses who lease these machines. These copiers are not of the home use variety, though eventually, the technology may end up there.

    The "Legitimate user" aka the Boss is the person setting the controls. That is his right. This is NOT similar to DRM, because DRM is set by the manufacturer/distributor.
    This is no different then the a homeowner adding an extra lock to his house. He can give away the keys, leave that lock unlocked, or keep the key for himself. The house or lock manufacturer is not restricting what keys or locks you can use.

    Also, if you were not aware, copiers and printers already have "DRM" built in. Color printers actually print microscopic codes into all graphic documents, and will not print money.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Gwiz, Oct 13th, 2010 @ 10:11am

      Re:

      "Color printers actually print microscopic codes into all graphic documents"

      I think the microscopic codes are mainly on laser printers. EFF has an article about this.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 13th, 2010 @ 11:59am

      Re:

      I think your last paragraph can be taken out of context. The sentence "Color printers actually print microscopic codes into all graphic documents, and will not print money." The microscopic codes are there to identify the printer's hardware which was introduced because people were trying to print money. The microscopic code is only on laser printers (that I am aware of), and the only purpose it serves, is to tie a print, back to the printer (assuming you have physical access to the printer to verify the code).

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 13th, 2010 @ 1:17pm

        Re: Re:

        Correct. It is two different issues.
        However, in most large firms, the copiers ARE the laserprinters, scanners, etc. These are the machines most likely to have this "DRM" technology installed, at the moment.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    Hulser (profile), Oct 13th, 2010 @ 9:28am

    DRM?

    Wait, why is this being called DRM? Maybe someone would try to use it to micromanage the simple activity of making a copy, but I don't think this qualifies as DRM. I think the reality is actually much simpler.

    From the linked article...

    "the system can prevent a user from attempting to print, scan, copy or fax a document containing a prohibited keyword, such as a client name or project codename."

    There are some environments, such as law firms or other highly regulated industries, where I think this would be quite handy. If you don't want some temp making a copy of a document with your client's name on it because this is against your company policy, then buy this printer. It makes sense to me.

    To qualify as DRM, the copier would have to somehow prevent any copyrighted material from being copied. This just isn't practical given the way this copier works. (What, you'd have a monster list of every trademarked phrase in the world or copyrighted passages?) I'm no fan of DRM, but I don't think this qualifies as DRM.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 13th, 2010 @ 10:05am

      Re: DRM?

      what if a watermark, visible only to the photcopier, was added by publishers to the pages of their books? Granted, it's extreme and probably not cost effective, but it could be done and would be a step in the direction of DRM for a non-digital good.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Hulser (profile), Oct 13th, 2010 @ 10:20am

        Re: Re: DRM?

        what if a watermark, visible only to the photcopier, was added by publishers to the pages of their books?

        In that case, it would be DRM. But that's not what this copier does, so I believe it's innacurate to label it as DRM.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Yuliy Pisetsky, Oct 13th, 2010 @ 11:07am

        Re: Re: DRM?

        what if a watermark, visible only to the photcopier, was added by publishers to the pages of their books? Granted, it's extreme and probably not cost effective, but it could be done and would be a step in the direction of DRM for a non-digital good.


        Then it would be just like what already exists for currency. Just google for "EURion Constellation" or "Adobe Counterfeit Detection System"

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        fogbugzd (profile), Oct 13th, 2010 @ 12:18pm

        Re: Re: DRM?

        Being extreme and not cost effective would not be a barrier. There are few examples of existing DRM that are cost effective. Most are not as effective as the rights holder hoped, so the vender of the DRM convinces them that a stronger and more extreme version will work. In the end all DRM systems tend to become extreme and expensive.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Hulser (profile), Oct 13th, 2010 @ 12:42pm

          Re: Re: Re: DRM?

          There are few examples of existing DRM that are cost effective.

          Agreed. However this doesn't relate to whether the Canon copier referenced in the linked article implements DRM. It doesn't. It's a simple keyword match. To implement a true DRM system in a copy machine, even one that was connected to the Internet, would be very cost-ineffective, even compared to other forms of DRM.

           

          reply to this | link to this | view in chronology ]

    •  
      icon
      Wesha (profile), Oct 13th, 2010 @ 11:35am

      Re: DRM?

      > Wait, why is this being called DRM?

      Because it's Digitial, and it Manages Restrictions?

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Hulser (profile), Oct 13th, 2010 @ 11:57am

        Re: Re: DRM?

        Because it's Digitial, and it Manages Restrictions?

        DRM = Digital Rights Management. Canon isn't saying that its printer can be configured to detect a document which contains material to which a third-party has a copyright or any other IP right. They're simply saying that it can detect a specified keyword.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Jesse, Oct 13th, 2010 @ 9:28am

    Kill the whistleblowers!

    Take a hi-res picture of the document? Or you could use a high-res handheld scanner. Not sure what this going to accomplish.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 9:31am

    I read somewhere that simple 1337-speak can defeat this system, but I'm guessing that is because of the dictionary they used to determine the "forbidden" words didn't include 1337 words.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Eugene (profile), Oct 13th, 2010 @ 10:51am

      Re:

      Well, whether it defeats the system appears to be entirely dependent on how clever the supervisor or tech guy is at a given company. Since it sounds like this system is defined by the administrator, not by canon.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Beta (profile), Oct 13th, 2010 @ 9:31am

    siɥʇ uɐɔs noʎ uɐɔ

    Wouldn't it be funny if the administrator were one of those nitwits who has his secretary print his email for him to read?

    Seriously, I thought this was dumb until I got to this part:

    A determined user who has guessed the prohibited keyword could get around it by simply substituting numbers or other characters for letters, such as z00 instead of zoo, representatives for Canon conceded.

    Whoa! It can distinguish 0 from o and O? In any font, presumably by context? Never mind the printer, I want that OCR technology!

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Greg G, Oct 13th, 2010 @ 10:59am

      Re: ¿siɥʇ uɐɔs noʎ uɐɔ

      I also want that OCR tech. Any OCR that can distinguish "o" from "O" from "0" or "l" from "1" no matter what font is used rules and would save a lot of editing time.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 9:54am

    This is really bad for getting work done.

    So they want to set up a system where the employees aren't allowed to make copies of documents that contain certain keywords, but don't want to tell the employees what they keywords are? I would think that it's a little bit silly to create a situation where employees get in trouble but they aren't allowed to know before hand what might get them in trouble.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Hulser (profile), Oct 13th, 2010 @ 10:16am

      Re: This is really bad for getting work done.

      I would think that it's a little bit silly to create a situation where employees get in trouble but they aren't allowed to know before hand what might get them in trouble.

      Well, first off, there's nothing saying that a person would be "in trouble". Contrary to Mike's post, this technology is not DRM, so it's not illegal to copy a document with a specified keyword. It'd be up to the company how to handle attempts to copy keywords. Secondly, the point of is that if you have a sensitive list of keywords that you don't want copied, you wouldn't want to broadcast that list to all employees because you'd be defeating the purpose of having the information be controlled in the first place. For example, if you're running a legal office, you don't want the public copier in front of the conference room to be used to copy documents with any of your client names on it. You don't want to send out an e-mail to every person in the company, down to the interns, with your client list. Now, that would be a "bit silly".

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    J. Crawford (profile), Oct 13th, 2010 @ 9:56am

    DRM?

    I don't see why this is being called DRM. it has nothing to do with protecting copyright and everything to do with protecting corporate secrets.

    This kind of system is already in use in some high security installations, generally by marking secure documents with a distinctive symbol that document management systems recognize. Photocopyers, particularly modern units that fax and scan to email, are a big way that secrets can make it out of a corporation accidentally. This technology isn't supposed to stop anyone that's intentionally trying to sneak documents out, it's to stop the real user that makes a mistake (doesn't realize a document is sensitive, takes the wrong paper to send, hits the wrong button on the machine...). It's just a simple system to make users with a document that is potentially sensitive stop and think before emailing it to the bank/aunt ellis/nigerians. When this sort of system is implemented it requires oversight to work effectively, because there will be many false positives. It's just the cost of the added security. No doubt the PDFs sent to a monitor will be used more often to make it easier to put through an authorized false positive (email the PDF instead of having to scan the doc again) than to find someone to punish.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 10:12am

    Sounds a bit like the 'eurion' on currency

    http://en.wikipedia.org/wiki/EURion_constellation :

    "The EURion constellation is a pattern of symbols found on a number of banknote designs worldwide since about 1996. It is added to help software detect the presence of a banknote in a digital image. Such software can then block the user from reproducing banknotes to prevent counterfeiting using colour photocopiers."

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 10:23am

    Fun game: Find the offending words (or an offending document) and make a million photocopies. Then, take picture of the system admins horrified face when he checks his (spam cluttered) email inbox.

    Man, this opens up yet another path for spamming people (even if it just inside the same company) :p

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 11:06am

    Nevermind paranoid organizations...

    You can certainly see why some paranoid organizations might like this...

    How about paranoid governments?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 11:14am

    Iran and China want those copiers right now.

    Can you imagine going to jail because your copy machine rat you out :)

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Wesha (profile), Oct 13th, 2010 @ 11:32am

    But will that OCR work...

    ... if you turn the page upside down?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Danny (profile), Oct 13th, 2010 @ 12:09pm

    law firms are going to love this

    "...but it seems like just another form of DRM which will likely only serve to piss off legitimate users."

    If anyone suspends a legitimate activity, they are going to have a hell of a time copying a memo instructing people to RESUME it, should the company block RESUME in order to limit job seekers from using the copy technology.

    I've actually had email rejected from a corporate server for using "resume" (first meaning above) in an email to an employee inside the firm.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Howard, Oct 13th, 2010 @ 4:27pm

    So I guess this must serve some need somewhere, I just can't imagine what that may be.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Joe Blogs, Oct 14th, 2010 @ 6:35am

    Haters gonna hate, get their knickers in a twist.

    We have a policy of not disclosing customer's or supplier's names when we mail documents. I can see how the haters are going to hate this, however i can see this technology as being quite useful for catching mistakes within my organisation.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    BBT, Oct 14th, 2010 @ 10:30am

    There are going to be some clbuttic misclbuttifications of this system as items that should pbutt through the filter just fine get caught.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Spaceman Spiff (profile), Oct 14th, 2010 @ 11:08am

    Where does it stop?

    Next, DRM in our cameras so that we cannot photograph copyrighted works, buildings, billboards, whatever? I've been a Canon camera fan for a long time, but I think my next D-SLR will be a Nikon.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Gene Cavanaugh, Oct 14th, 2010 @ 6:20pm

    Canon and keywords

    Excuse me? First we can't see any reason one would blame, say, an ISP for enabling some sort of , but now we blame Canon for enabling (not causing, enabling!) some sort of ?
    Why wouldn't the pissed-off user blame the company that entered the keywords, rather than Canon, who only enabled the feature?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Harry, Oct 18th, 2010 @ 3:45am

    Useful OCR tool

    It's not until recently when I find it is possible to do character recognition online, for example with the site Free OCR. This site helped me to work today to convert an image file tif files readable by most word processing text.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    BBT, Apr 11th, 2011 @ 2:40am

    There are going to be some clbuttic misclbuttifications of this system as items that should pbutt through the filter just fine get caught.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Where does it stop?, Apr 11th, 2011 @ 2:46am

    Go to Canon homepage if you'd like to know more.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This