I noticed this article at Lifehacker today about how much data today’s photocopiers retain. It may seem like sensationalist journalism but it’s actually quite interesting and worrisome. People are growing accustomed to the idea of securing personal data, not giving out account number via email, using passwords, that sort of thing, but one doesn’t usually think of a photocopier or printer as something that may store your document indefinitely. (Previous news stories note how old flash drives can be a vector for sensitive data leakage.)
What’s also very interesting is the aftermarket trade in all this. As others point out, articles like this are not how criminals learn of such things – I’m sure there’s outfits out there buying up old printers, copiers or just the raw drives themselves, selectively, simply to vacuum useful info from them.
Why encryption and wipe-on-completion isn’t mandated is a mystery to me. An exec suggested it’s a $500 add-on for one company’s products, but to me it should be a fundamental part of the product’s design! Is it so hard to at least write a routine that overwrites a used/deleted file? Not at all! A big, fat “factory wipe” option loudly proclaimed in the manual? A fraction of a cent’s worth of ink.
Note: encryption would be a good thing, but doing it right would add to hardware and design costs – otherwise the keys (being locally stored) are not much more secure than the data. It’s far simpler to implement wipe-after-use and wipe-nightly.
See also the CBS video of this: