Threat modelling color printer serial numbers

| Comments (3) | TrackBacks (5) |
Ed Felten's done some thinking about the various ways one could implement serial number embedding in color printouts and the privacy implications of the various techniques:
Do they use encryption, and if so, how? Even if we can find the dots and read out the digital bits they represent, we may not be able to tell what information those bits are encoding. They might be putting the model and serial number onto the page in such a way that we can learn to read them. Or perhaps they are encrypting the information so that we can't read out the identifying information but we can at least recognize whether two pages were printed on the same printer. Or perhaps they encrypt the information so that we can't tell anything without having some secret key.

If there is a secret key, who knows it? The key might be disclosed to the government so that they can extract the model and serial number from a page at will. (And if the U.S. government has the key, which other governments do?) Or the key might be known only to the printer vendor, so that the government needs the vendor's help to decode the dots. If they use public-key cryptography, then the decoding key might be known only to the government and not to the printer vendor.

Do they try to track who buys each printer? If they can extract the serial number, they might want to know who has that printer. They could try to track the passage of each individual printer through the supply chain, to get an idea of who might have bought it. They might also build a database of information gleaned through service calls and warranty registrations.

I don't have any detailed information about how this is implemented, but my intuition is that it's going to be something simple that doesn't do much to protect your privacy. Why? Because the system was almost certainly designed by the printer manufacturers at the request of the government (ours and those of other countries) and kept secret from us. With those incentives, we should expect that:

  1. It will provide the government with the maximal amount of forensic capabilities.
  2. It won't do anything complicated to protect our privacy, because that's not the core competency of printer manufacturers.

Given that, I'd be very surprised if the only capability offered was to be able to match a printout to a printer if the printer was in your possession, for two reasons. First, it's probably in general a lot harder to track down counterfeiters than it is to prosecute them. Second, it's likely already possible to link a given printer to a given printout due to slight imperfections in the printing process.

I'd be somewhat surprised if encryption were used, but if it is it's likely to be something like a symmetric key held by the manufacturer. This is relatively efficient, both in computational complexity and ciphertext size, and doesn't require too much heavy thinking.

5 TrackBacks

Listed below are links to blogs that reference this entry: Threat modelling color printer serial numbers.

TrackBack URL for this entry:

Certainly it is wrong to be cruel to animals and the destruction of a whole species can be a great evil. The capacity for feelings of pleasure and pain and for the form of life of which animals are ca Read More

tattoo flash from tattoo flash on August 6, 2005 12:07 AM

tattoo flash Read More

Debt Reduction from Debt Reduction on October 1, 2005 12:58 PM

A good starting point for your debt management plan would be to determine the amount of all of your credit cards and outstanding installment loans balances. Read More

work at home from work at home on October 5, 2005 3:23 AM

Our site is for anyone wanting to work at home and anyone already working at home. You will find lots to get you started, help you find work at home and avoid scams. Read More

adjustable-air-bed from adjustable-air-bed on February 20, 2006 5:40 AM

TITLE: adjustable-air-bed URL: IP: BLOG NAME: adjustable-air-bed DATE: 02/20/2006 05:40:23 AM Read More


From the article Felten linked to:

According to Pagano, counterfeiting cases are brought to the Secret
Service, which checks the documents, determines the brand and serial number of
the printer, and contacts the company. Some, like Xerox, have a customer
database, and they share the information with the government.

I suspect they've made no effort in the direction of privacy whatsoever if the
government doesn't need cooperation from the manufacturer unless they want
customer records.

Depending on the size of the channel they are using, it might actually be impossible to do secure public-key cryptography.

It's interesting to think about what the interactions between the privacy requirements of an ideal system and the actual technical requirements of that system.

(Interesting, because likely useless.)

Those of us in the color management business are wondering how this is going to screw up printer profiling. Just because the eye can't see it doesn't mean the spectrophotometer can't. Nothing quite like having too much yellow.

Leave a comment