Numerous brands of color laser printers leave coded metadata in barely perceptible yellow dots that can be used to trace a printed document to its source, a feature originally intended as a deterrent to counterfeiting currency with laser printers.
While a majority of laser printers are designed to produce this secret metadata, it is unclear exactly how many printing companies and models employ the technology.
On 5 June 2017, a federal contractor named Reality Winner was charged with “removing classified material from a government facility and mailing it to a news outlet”. That material — National Security Agency documents describing the extent and nature of Russian hacking into the United States’ 2016 presidential election — was published by The Intercept about an hour before Winner was arrested.
Later reporting revealed that visually imperceptible yellow dots added to the document when it was printed may have provided investigators with all the information they needed to locate the person responsible for its leaking: the date and time it was printed, and the serial number of the exact printer on which it was printed.
A widely-shared post on a blog called Errata Security demonstrated this process using the actual file published by The Intercept:
Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named “Reality Winner” was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn’t the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in.
The problem is that most new printers print nearly invisibly [sic] yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.
Speaking about the version of this technology employed by his company, senior Xerox research fellow Peter Crean told PC World in 2004 that the dots are nearly impossible to see under normal light without magnification, but can be seen under blue LED light or through modifications on a computer:
Peter Crean, a senior research fellow at Xerox, says his company’s laser printers, copiers and multifunction workstations, such as its WorkCentre Pro series, put the “serial number of each machine coded in little yellow dots” in every printout. The millimeter-sized dots appear about every inch on a page, nestled within the printed words and margins.
The dots’ minuscule size, covering less than one-thousandth of the page, along with their color combination of yellow on white, makes them invisible to the naked eye, Crean says. One way to determine if your color laser is applying this tracking process is to shine a blue LED light — say, from a keychain laser flashlight — on your page and use a magnifier.
While much of the information around federal use of printer tracking dots remains undisclosed, we know that the concept has its origins in preventing the creation of counterfeit currency with laser printers. We also know that at least some printer companies have worked alongside the governments of multiple nations to install software and hardware to defeat these efforts since the 1980s, as discussed in a 2008 article in USA Today:
The technology began as laser printers were first produced in the mid-1980s and governments and banks feared an explosion of counterfeiting, Xerox spokesman Bill McKee says, “In many cases, it is a requirement to do business internationally that the printers are equipped with this technology,” McKee says.
A 2004 statement released by the The Central Bank Counterfeit Deterrence Group, “a working group of 27 central banks and note printing authorities”, announced for the first time the creation of a collaborative agreement with private software and hardware makers to prevent counterfeit currency production, indicating that participation in the program was voluntary:
Several leading personal computer hardware and software manufacturers have voluntarily adopted the system in recognition of the harm that counterfeit currency can cause their customers and the general public. The technology does not have the capacity to track the use of a personal computer or digital imaging tool and consumers will not notice any difference in the performance or effectiveness of products equipped with this technology.
This disclosure created controversy, especially in social libertarian circles, over fears that this secret information violated an individual’s right to privacy. In response to some of these fears, Secret Service agent and director of the Central Bank Counterfeit Deterrence Group Lorelei Pagano assuaged doubts by saying:
The Secret Service is the only U.S. body that has the ability to decode the information.
That may or may not have been true in 2004 when the existence of these coded printer dots was publicly announced, but it was definitely not completely true in 2008 when USA Today printed the assertion.
That’s because in October 2005, Internet civil rights group the Electronic Frontier Foundation cracked the tracking dot code employed by Xerox, Canon, Hewlett-Packard, Epson and Brother (among others). EFF actually created a open source program that anyone can use to break the code, which is described in basic terms here:
The [Xerox] DocuColor series prints a rectangular grid of 15 by 8 minuscule yellow dots on every color page. The same grid is printed repeatedly over the entire page, but the repetitions of the grid are offset slightly from one another so that each grid is separated from the others. The grid is printed parallel to the edges of the page, and the offset of the grid from the edges of the page seems to vary. These dots encode up to 14 7-bit bytes of tracking information, plus row and column parity for error correction. Typically, about four of these bytes were unused (depending on printer model), giving 10 bytes of useful data.
EFF’s investigations have revealed an extensive list of printers that produce the same hidden coded metadata. Based on documents they have received through Freedom of Information Act requests, EFF believes that it is possible that all lasers have this, or similar, technology:
Documents we’ve begun to receive in response to our FOIA requests suggest that the government may have convinced all printer manufacturers to put some kind of tracking mechanism in every color laser printer.
The fear, as articulated by EFF researcher Seth Schoen in a 2008 interview, was that this technology has the potential to be used against political figures, whistleblowers, and people doing nothing illegal whatsoever. “There’s nothing about this technology that limits its application to counterfeit investigations,” he told USA Today at that time.
Those fears may have been realized in the arrest of Reality Winner. While the official story provided by the Department of Justice makes no mention of tracking dots, that account does state that the conclusion was based on figuring out when and where the leaked file was printed. Errata Security noted in their blog post that all of the information they needed to make that conclusion was contained in those barely perceptible yellow dots:
The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.
In response to the news of Winner’s arrest, The Intercept stated:
While the FBI’s allegations against Winner have been made public through the release of an affidavit and search warrant, which were unsealed at the government’s request, it is important to keep in mind that these documents contain unproven assertions and speculation designed to serve the government’s agenda and as such warrant skepticism. Winner faces allegations that have not been proven. The same is true of the FBI’s claims about how it came to arrest Winner.
In a 6 June 2017 statement, the Electronic Frontier Foundation acknowledged the possibility that Winner’s arrest could have stemmed from printer dots, but also stated that definitive proof that they were used in this case has not been made public:
This technology is one way that governments secretly pressured industry to change products to undermine privacy and anonymous speech when the law did not require it. This should make us all wonder how else the government is working in secret to undermine privacy and speech. We should insist that companies be transparent about how government requests have affected the design of the products we use, since those designs can have profound implications.