FTC targets privacy concerns related to copy machines
A lawmaker raised concerns after a news report about information stored on copier hard drives
The U.S. Federal Trade Commission has begun contacting copy machine makers, resellers and office-supply stores about privacy concerns over the thousands of images that can potentially be stored on the machines' hard drives.
FTC Chairman Jon Leibowitz, in a letter to U.S. Representative Ed Markey, said the agency has been working to alert copy machine manufacturers and sellers of the privacy risks of the information that many copy machines store on their hard drives. The FTC is trying to "determine whether they are warning their customers about these risks ... and whether manufacturers and resellers are providing options for secure copying," Leibowitz wrote in a letter released Tuesday by Markey's office.
CBS News, in a report that aired April 19, said that nearly every copy machine built since 2002 stores documents copied, scanned and e-mailed by the machines on their hard drives. The report found sensitive health and law-enforcement investigation information on copy machines ready to be resold.
Markey, in an April 29 letter to the FTC, called for the agency to investigate privacy concerns related to copy machines.
"I am concerned that these hard drives represent a treasure trove for thieves, leaving unwitting consumers vulnerable to identity theft as their Social Security numbers, birth certificates, medical records, bank records and other personal information are exposed to individuals who could easily extract the data from the digital copiers' hard drive and use it for criminal purposes," Markey wrote.
Leibowitz, in response, said the FTC is working with copy machine makers and sellers to provide "appropriate educational materials" to their clients. The FTC is also reviewing its own educational materials related to privacy and computer hard drives, and it will create new information for consumers and businesses on digital copy machines, Leibowitz said.
Copy machine maker Xerox has been talking about the privacy issue for several years, said Carl Langsenkamp, the company's vice president for global public relations. Xerox has held a series of security summits about copy machine security, and most of the company's multifunction machines have several security features built in, he said.
Xerox offers customers the option of removing the hard drive on machines before they are disposed of or turned in after a lease, he said. The company also offers a free image overwrite option that destroys information stored on hard drives on most machines, he said.
"While many of our competitors either don't build these features into their products or them sell them for a fee, most of our products built in the past couple years offer these standard," Langsenkamp said. "We believe this is an industry best practice."
Xerox would also support stronger education efforts across the industry, although the company believes it offers several security features not available from other manufacturers, he said.
Markey said he's pleased that the FTC is looking into the privacy concerns further.
Most consumers are not aware of the privacy implications "when they place their tax returns, financial records and other personal information on the copier and hit the 'start' button," he said in a statement. "A picture may be worth a thousand words, but in this case, these images could cost consumers thousands of dollars if they were victims of identity theft. I look forward to continuing to work with the FTC as it proceeds with its important activities."