Canon Creates Keyword-Based DRM For Copy Machines?

from the can't-copy-this dept

In an attempt by Canon to help plug the analog hole when it comes to physically copying documents, apparently its new scanner/copier machine has a feature, named Uniflow 5, which will use some optical character recognition (OCR) tech to stop you from copying/scanning anything with specific keywords:

The latest version of Uniflow has a keyword-based security system. Once configured by an administrator, the system can prevent a user from attempting to print, scan, copy or fax a document containing a prohibited keyword, such as a client name or project codename.

The server will email the administrator a PDF copy of the document in question if a user attempts to do so.

The system can optionally inform the user by email that their attempt has been blocked, but without identifying the keyword in question, maintaining the security of the system.

You can certainly see why some paranoid organizations might like this, but it seems like just another form of DRM which will likely only serve to piss off legitimate users.

Filed Under: ,
Companies: canon

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Canon Creates Keyword-Based DRM For Copy Machines?”

Subscribe: RSS Leave a comment
Josh (profile) says:

A scary thought

I saw this same article on BoingBoing and the author suggested a scary use for this technology. If the company didn’t realize what they were using or forgot about the technology, a spy, industrial or other, could set the software to look for those keywords and then email them the PDF instead of the IT department of the company. Pretty scary thought as to what could be stolen this way. Just goes to show that DRM is not the answer.

fogbugzd (profile) says:

unintended consequences

I can see the law of unintended consequences kicking in the first week these things get delivered. I was going to say the first day, but I assume that there will be pointy hair bosses who first try to program the copiers themselves, make a mess of it, and then have to find some intern to do it for them.

There are plenty of point-haired bosses out there who are going to think this is the greatest invention since sliced bread. The good news is that when they try to come up with words to block, they will mainly think of words that they use all the time, and so they will be most likely to inconvenience themselves.

Steve R. (profile) says:

Another Challange for the Innovative Hacker

I assume that the devices would be “open” to the internet/LAN. Imagine the consequences of a hack that defines simple words, such as “the”, as a protected keyword word.

Not only that, what about the administrative overhead of maintaining a list of authorized/prohibited words. The first group to get aggravated would probably be the lawyers photocopying their infringement letters and lawsuits.

Mike42 (profile) says:

Re: Another Challange for the Innovative Hacker

I worked at an investment firm for 5 years, which has since been aquired by a firm which was aquired by a firm. In my first year, I noticed that none of the printer configuration webservers (almost all business printers can be configured via browser) were secured in any way. I could take any printer off line, or set it to an IP which would conflict with a production server, anytime I wished. I informed the security and IT staff, and left it for them to handle.

When I left the firm 4 years later I checked, and sure enough, no passwords or alternate ports on the webserver. Printers were under their radar.

Did I mention that this was a paranoid investment firm?

Now give someone the ability to automatically have PDF’s sent to them when certain keywords (SSN, CC#) are present, and put it in the same environment. Unless these things have a hardware switch to turn this feature off, they are creating a Microsoft-style security hole which is guaranteed to allow massive breaches in corporate security.

Anonymous Coward says:

As an engineer, this is just too much of a fun puzzle/game waiting to happen.

“What? my document didn’t print…I wonder if it was the word ‘requirement’
…[runs and prints out a document with just the word ‘requirement’]
…no, that printed. Maybe it was the reference to the ‘flux capacitor’ [runs and prints out paper with just the word ‘flux capacitor’]
No, that printed as well…
Ah! maybe it was…”

I love it when they try to make my work day more interesting.

Anonymous Coward says:

However, in these cases, the legitimate users are the bosses who lease these machines. These copiers are not of the home use variety, though eventually, the technology may end up there.

The “Legitimate user” aka the Boss is the person setting the controls. That is his right. This is NOT similar to DRM, because DRM is set by the manufacturer/distributor.
This is no different then the a homeowner adding an extra lock to his house. He can give away the keys, leave that lock unlocked, or keep the key for himself. The house or lock manufacturer is not restricting what keys or locks you can use.

Also, if you were not aware, copiers and printers already have “DRM” built in. Color printers actually print microscopic codes into all graphic documents, and will not print money.

Anonymous Coward says:

Re: Re:

I think your last paragraph can be taken out of context. The sentence “Color printers actually print microscopic codes into all graphic documents, and will not print money.” The microscopic codes are there to identify the printer’s hardware which was introduced because people were trying to print money. The microscopic code is only on laser printers (that I am aware of), and the only purpose it serves, is to tie a print, back to the printer (assuming you have physical access to the printer to verify the code).

Hulser (profile) says:


Wait, why is this being called DRM? Maybe someone would try to use it to micromanage the simple activity of making a copy, but I don’t think this qualifies as DRM. I think the reality is actually much simpler.

From the linked article…

“the system can prevent a user from attempting to print, scan, copy or fax a document containing a prohibited keyword, such as a client name or project codename.”

There are some environments, such as law firms or other highly regulated industries, where I think this would be quite handy. If you don’t want some temp making a copy of a document with your client’s name on it because this is against your company policy, then buy this printer. It makes sense to me.

To qualify as DRM, the copier would have to somehow prevent any copyrighted material from being copied. This just isn’t practical given the way this copier works. (What, you’d have a monster list of every trademarked phrase in the world or copyrighted passages?) I’m no fan of DRM, but I don’t think this qualifies as DRM.

Yuliy Pisetsky says:

Re: Re: DRM?

what if a watermark, visible only to the photcopier, was added by publishers to the pages of their books? Granted, it’s extreme and probably not cost effective, but it could be done and would be a step in the direction of DRM for a non-digital good.

Then it would be just like what already exists for currency. Just google for “EURion Constellation” or “Adobe Counterfeit Detection System”

fogbugzd (profile) says:

Re: Re: DRM?

Being extreme and not cost effective would not be a barrier. There are few examples of existing DRM that are cost effective. Most are not as effective as the rights holder hoped, so the vender of the DRM convinces them that a stronger and more extreme version will work. In the end all DRM systems tend to become extreme and expensive.

Hulser (profile) says:

Re: Re: Re: DRM?

There are few examples of existing DRM that are cost effective.

Agreed. However this doesn’t relate to whether the Canon copier referenced in the linked article implements DRM. It doesn’t. It’s a simple keyword match. To implement a true DRM system in a copy machine, even one that was connected to the Internet, would be very cost-ineffective, even compared to other forms of DRM.

Beta (profile) says:

?siɥʇ uɐɔs noʎ uɐɔ

Wouldn’t it be funny if the administrator were one of those nitwits who has his secretary print his email for him to read?

Seriously, I thought this was dumb until I got to this part:

A determined user who has guessed the prohibited keyword could get around it by simply substituting numbers or other characters for letters, such as z00 instead of zoo, representatives for Canon conceded.

Whoa! It can distinguish 0 from o and O? In any font, presumably by context? Never mind the printer, I want that OCR technology!

Anonymous Coward says:

This is really bad for getting work done.

So they want to set up a system where the employees aren’t allowed to make copies of documents that contain certain keywords, but don’t want to tell the employees what they keywords are? I would think that it’s a little bit silly to create a situation where employees get in trouble but they aren’t allowed to know before hand what might get them in trouble.

Hulser (profile) says:

Re: This is really bad for getting work done.

I would think that it’s a little bit silly to create a situation where employees get in trouble but they aren’t allowed to know before hand what might get them in trouble.

Well, first off, there’s nothing saying that a person would be “in trouble”. Contrary to Mike’s post, this technology is not DRM, so it’s not illegal to copy a document with a specified keyword. It’d be up to the company how to handle attempts to copy keywords. Secondly, the point of is that if you have a sensitive list of keywords that you don’t want copied, you wouldn’t want to broadcast that list to all employees because you’d be defeating the purpose of having the information be controlled in the first place. For example, if you’re running a legal office, you don’t want the public copier in front of the conference room to be used to copy documents with any of your client names on it. You don’t want to send out an e-mail to every person in the company, down to the interns, with your client list. Now, that would be a “bit silly”.

J. Crawford (profile) says:


I don’t see why this is being called DRM. it has nothing to do with protecting copyright and everything to do with protecting corporate secrets.

This kind of system is already in use in some high security installations, generally by marking secure documents with a distinctive symbol that document management systems recognize. Photocopyers, particularly modern units that fax and scan to email, are a big way that secrets can make it out of a corporation accidentally. This technology isn’t supposed to stop anyone that’s intentionally trying to sneak documents out, it’s to stop the real user that makes a mistake (doesn’t realize a document is sensitive, takes the wrong paper to send, hits the wrong button on the machine…). It’s just a simple system to make users with a document that is potentially sensitive stop and think before emailing it to the bank/aunt ellis/nigerians. When this sort of system is implemented it requires oversight to work effectively, because there will be many false positives. It’s just the cost of the added security. No doubt the PDFs sent to a monitor will be used more often to make it easier to put through an authorized false positive (email the PDF instead of having to scan the doc again) than to find someone to punish.

Anonymous Coward says:

Sounds a bit like the 'eurion' on currency :

“The EURion constellation is a pattern of symbols found on a number of banknote designs worldwide since about 1996. It is added to help software detect the presence of a banknote in a digital image. Such software can then block the user from reproducing banknotes to prevent counterfeiting using colour photocopiers.”

Danny (profile) says:

law firms are going to love this

“…but it seems like just another form of DRM which will likely only serve to piss off legitimate users.”

If anyone suspends a legitimate activity, they are going to have a hell of a time copying a memo instructing people to RESUME it, should the company block RESUME in order to limit job seekers from using the copy technology.

I’ve actually had email rejected from a corporate server for using “resume” (first meaning above) in an email to an employee inside the firm.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...