Missing Link

So it’s been a while (again), but I’ve been busy with the followup of the launch of Bouncepad 2.0. Late last week, I read about Seeing Yellow, a website that talks about “printer dots” and calls on people to contact the manufacturer of their printers (color laser printers only) to inquire as to how to disable them.

The vast majority of you are probably asking what, exactly, printer dots are and why they should be disabled. Printer Dots are a technology employed in most color laser printers that allows law enforcement to track a particular document to the printer that printed it, and potentially the user of that printer that printed it. The image at the top is an example of what printer dots look like up close. As you will see below, I’ve gotten confirmation that a.) they exist and b.) are used primarily by law enforcement (read: secret service) to fight against counterfeit currency. That’s a noble cause, but a widespread misuse of technology to achieve the goal. There are, in fact, no safeguards in place to limit law enforcement access to this information – it’s rife with potential for abuse!

So, because of this, and because I occasionally print from an HP laser printer that does include these dots, I decided to email HP’s privacy division to inquire as to whether or not I could disable the dot system, and to find out more about the program. Below is my initial email and the response I received this morning:

Original Message:

I’d like to ask briefly about the forensic tracking codes in your
lasterjet line of printers. I’m an advocate of the sanctity of privacy
for the peoples of the United States, and as such would like to know if
there’s a way to disable such codes from being printed. The
specific printer is a 3600DN, which I use occasionally.

Is there currently a way to disable these codes from being printed?
Why are they in there to begin with? If there’s no way to do it ON
the printer, is there a software update available that will allow it to
be shut off?

Thanks in advance!

-John

and the response:

Greetings John,

Regarding your message shown below:

Color laser printers from HP are of such high quality that they can
easily be used to counterfeit currency. Many countries have laws that
prohibit the manufacture of devices capable of counterfeiting currency.
In cooperation with law enforcement agencies HP color laser printers
print a pattern of yellow dots that are not visible under normal
conditions. These yellow dots can identify the printer that generated
the page. The technology to create the pattern and the algorithm to
print the pattern were not developed by HP. The details of this
technology and the ability to decode the pattern are kept confidential
and are not available to HP. The company that controls this technology
will only reveal the meaning of a pattern to law enforcement agencies
that have the proper legal authorization. Therefore HP does not know
how to disable this functionality.

Regards,
Bob D

HP World Wide Imaging and Printing Group Privacy Manager

I did modify that slightly, to only make the first initial of Bob’s last name available. I thought it was a fairly straightforward reply, potentially being honest or potentially avoiding the hot seat by blaming it all on law enforcement and this mystery company that controls the technology. I decided, however, to take it another step further and inquire more directly about the mystery company, and any safeguards that may be in place to protect people from abuse and misuse of the technology. Below is that exchange, which took place today:

Bob,

Thanks for your honesty in your reply. I suspected the
forensic
codes were linked to counterfeit currency. Are there any
safeguards with this program / these codes that protect ordinary
citizens from privacy violations? Since HP doesn’t know much about
the technology, can you tell me what company, exactly, controls this
technology? Perhaps they can answer my questions more completely
than you would be able to. For instance under what circumstances do
they give information to federal and local law enforcement?

Again, thanks for your honesty in answering my inquiry, I appreciate
it.

-John

The response, which I got a few minutes ago, did cause me to laugh out loud (or, LOL to you internet addicts out there):

The safeguards that are in place are the fact that the formula to decode
the dots is held by one company and only law enforcement is given
access. Details of how this is accomplished is kept confidential so it
doesn’t tip off the bad guys.

I’m not sure which company developed the technology.

Sorry I can’t tell you more. If they told me they’d have to kill me.

Regards,
Bob

Well, I didn’t really get my question answered. I have a sneaking suspicion that I will never know what mystery company controls the technology, or as a citizen be able to read their privacy policy and the rules and regulations that govern who gets access to information about the codes and who doesn’t, and under what circumstances. I can understand the need for secrecy in some instances, but are we really supposed to allow for potential privacy violations with no method for the general public to exercise oversight? The supposed safeguards are that only one company controls things, and only law enforcement is allowed to access it – something that at some point in history might have made me feel at least moderately safe but now only makes me wonder. With all the stories hitting the news outlets lately discussing how the FBI had illegally abused the Patriot Act in their investigations, it’s becoming pretty obvious that our federal law enforcement agencies are, much like the current executive branch, taking liberties with their actions and trying to get away with doing whatever they want. That doesn’t exactly reassure me about this printer dot stuff..

To those of you who would say “if you have nothing to hide then you have nothing to fear”, I don’t have anything to hide but that doesn’t mean I don’t reserve the right to hide everything and expect that the government (and it’s law enforcement arm) respect my wishes for privacy.

[edit:   One of the guys from Seeing Yellow mentioned to me that he thinks the guy from HP is full of crap,  and on a suggestion I decided to continue the email correspondence with Bob to try and get more answers out of him.   I will post my results here when I get them.    Thanks go to Mako for the thoughts and comments. ]

[tags] HP, SeeingYellow, EFF, Printer Dots, Laser Printers [/tags]

Over the weekend I wrote a post about Travis Corcoran of SmartFlix and his encounter with an over the top lawyer who didn’t appear to have any clue about the law.    I have taken that post offline, however, due to reports from his family that he’s not well right now.    I wish him and his family well,  and hope he gets the help he needs.

It’s incredibly rare that I will retract a post.  In this case,   I felt my post to be rather tasteless given the new information.   When I first read the posts at tjic.com,  they proved to be incredibly hilarious in the context presented.   The context has changed significantly, however,  which necessitated a review of my post, and ultimately led me to removing it.

[tags] Travis Corcoran,  Smartflix,  Robert Tortelot[/tags]

I read recently a small story about a 15 year old high school student, Cody Webb, who was jailed for 12 days after the school identified him as having called in a bomb threat on the school. The only problem is, they mis-identified him because they forgot about the whole daylight savings time thing – he had actually called in one hour PRIOR to the bomb threat.

When he claimed he was innocent, the Principal – Kathy Carlton – replied “Well, why should we believe you? You’re a criminal. Criminals lie all the time.”

So, because “Criminals lie all the time”, this student was denied due process and wrongly jailed. Instead of listening and even attempting to verify what he was saying, Kathy decided to flip out and act on bad information without apparently double checking her information.

One of the commentors on the original posting, P1, had a good point:

The treatment of Cody reflected the result, and the intent of the Patriot act 1 & 2. Cody was deemed a terrorist and as a result, his rights were suspended. Is what happened to Him, what’s happened to others, whats going to happen to countless more, the absolute disrespect, humiliation, and utter disregard of Constitution O.K.? This is the Security we have been given in exchange for Liberty?

Here is the patriot act itself.
http://www.epic.org/privacy/terrorism/hr3162.html
(I sent this post to the principle too..)

Now, I can understand that educational institutions have to take the security of their student body very seriously. The Virginia Tech incident yesterday highlights that for everyone. However, if they are going to have a student arrested because they believe he perpetrated a crime like this, they had better damn well have good quality evidence that it was that student.

I did my fair share of “bad” things in high school, and got caught for a lot of them. One incident in particular comes to mind that reminds me of this situation, with the exception that it was handled properly by the school. I had sent an inflamitory email to all of the students and teachers in the school (the school provided us with email accounts) from another students email address. He’d left himself logged in and I wanted to “teach him a lesson”. I then logged him out of the computer, and logged myself in to a different computer (I wasn’t going to be stupid and log myself into the same machine – I knew they’d instantly trace it back to me). Regardless of that safeguard, it wasn’t more than a few hours before I was called into the principals office to be questioned about the incident. I, being young and stupid, denied any involvement. They told me they KNEW it was me, and I kept denying. They had no real proof that it was me, though, just circumstantial evidence. They called in my friends and tried to get positive evidence that I had done it. My friends, even though they also knew I had done it, all denied any knowledge. Because of this, the school was never able to officially pin it on me, and I’ll give them credit – they never punished me for it. They knew I had done it, but when they could find no “smoking gun”, as such they didn’t punish me.

Did I deserve punishment? Yes, I did. I got what was coming to me, though, as a few weeks later I was shipped off to St. John’s Northwestern Military Academy in Wisconsin. Gotta love Karma…

feel free to email Kathy and let her know your thoughts – k.charlton@hempfieldarea.k12.pa.us

[tags] Individual Rights,  Cody Webb [/tags]

Surprise, surprise…. I just read a story (also reported on slashdot) that a federal judge struck down COPA (child online protection act), citing that parents can protect their children from online content through the use of available software filters and content blockers. Honestly, this news gives me a small sliver of hope for our country.

So, what was COPA all about, and why am I glad it was struck down? COPA is a law that “makes it a crime for commercial Web site operators to let children access ‘harmful’ material.” While probably noble in it’s intent, it was also incredibly restrictive on what comercial website operators could do, and controls they had to put in place. This, in turn, restricted the ability for legitimate adults to view this same content. At the same time, it also was abusing legislation in order to keep parents from having to do their jobs by monitoring what their children are doing. In essence, it was the US Government being the babysitters of Americas youth.

From the article:

In the ruling, the judge said parents can protect their children through software filters and other less restrictive means that do not limit the rights of others to free speech.

“Perhaps we do the minors of this country harm if First Amendment protections, which they will with age inherit fully, are chipped away in the name of their protection,” wrote Senior U.S. District Judge Lowell Reed Jr., who presided over a four-week trial last fall.

The law was bad for a few reasons. The first I stated above, it’s the government doing the job of the parents. The second, which I also mentioned in passing above, is that it strips away rights of adults by forcing them to jump through hoops to view content that they have every legal right to view. While some may not find pornography acceptable, others do and every adult has the right to view it should they so choose. We can’t hinder their right to view it because we find it inappropriate. This law, however, affected other sites beyond just pornography. Sites dedicated to sex education, as well as some news outlets (salon.com anyone) were affected.

The bottom line is that finally a federal judge has expressed some common sense: this law is stupid, we’re the government, not babysitters. Let the parents do their job because ultimately, the protection of their children from “bad” content is their responsibility and nobody elses.

[tags] COPA,  Judge Lowell Reed Jr. , freedom prevails [/tags]

I read an article on slashdot over the weekend (can you see a trend here, I read slashdot a lot, it’s interesting) that talks about a Colorado woman who is suing archive.org for spidering her website. She’s sueing Archive.org for civil theft, breach of contract and a few other charges. The Judge in the case dismissed all but the breach of contract charge. This seems pretty stupid, given that the “contract” she is suing for breach of was never expressly communicated to the organization spidering her content. Further, to view her site you have to click that you agree to the terms of the contract before you even have any option of VIEWING the contract. I’m pretty sure that’s not legally binding (though any lawyers who may end up reading this, your comments are welcome).

Before I go much further, let me explain what Archive.org is for those of you who are unaware. Archive.org is a (IMO Great) website that periodically crawls websites and archives them. You can go there and look through their “Way back machine” to see what your site looked like at various times it was crawled over the years. This is great, to be honest, as an interested party can very easily see the evolution of a website. For instance, they started archiving my site in 2004 with this version. You can click here to see a listing of all of the cached versions of my site. Now, while this process IS automated, and generally is done without your knowledge or prior express consent, there ARE technologies that are out there to prevent this for those who don’t want it to happen. Let’s talk about those now.

In general, there are two ways to prevent archive.org from spidering your website. Ask them to exclude your site or post a robots.txt file that has the commands to tell the robot not to spider your site (which actually allows you to do the same to googlebot, msn crawler, and yahoo’s crawler too). With a 2 second search on their site, it was very easy to find detailed instructions POSTED on archive.org’s site on how to prevent being archived. Those are available here.

So, given this knowledge, it would appear as though the woman either a.) does not know a damn thing about the Internet and web domains (and spider management) or b.) is out to extort people by not using all of the technologies available to her to prevent the actions she is seeking reparations for. As you can see by the screenshot (click it to see a larger version so you can actually READ it) she’s asking for $5000 per printed PAGE of her site, which is just plain ridiculous. I’m sorry lady, but I’ve seen your site and the layout is atrocious – and I have a hard time believing your content to be worth $5000 per PAGE. Moreover, I find your tactics to be rather juvenile. If you don’t want people to spider your site, use the technologies available to you to prevent it. Posting a notice (that has typos!) saying they are entering into a contract by copying the content is stupid – spiders have no way of knowing or understanding contracts, nor was there any adequate notification of the terms existence (or, for that matter, a chance to review said terms).

People like this really annoy me – it’s just plain silly when people sue for shit like this.

And in case anyone cares to note, it’s entirely possible that she will attack me for my site, since I have a picture of her “contract” terms on here. No, I did not pay $5000 to take the screenshot, nor do I particularly feel compelled to.

[tags] lawsuit,  stupidity on the internet,  invalid contract [/tags]