[Printers] Re: printer-tracking--countermeasures?

[Michael Sleator]

It all depends on what you are trying to accomplish.  In the extreme
case you are not just trying to fool some simple scanning algorithm.
You are trying to outfox an entire team of very intelligent, very
experienced, very dedicated, and extremely well equipped forensic
scientists.

Consider the idea of pre-printing masking dots.  In the lab they can hit
the toner with everything from infra-red to x-rays and neutrons to see
how it absorbs, scatters, and fluoresces.  They can perform chemical
analysis with entire libraries of reagents, and mass spectrometers.
Even NMR might yield some interesting data.  Using all of this technology,
anything that allows them to differentiate in the slightest way between
your masking dots and the tagging dots will allow them to extract their
signal.

There will undoubtedly be slight differences from batch to batch of toner.
Even from the same batch, there may be detectable effects of differential
aging in different environments.  There may be aging effects (such as
oxidation or evaporation) once the toner is laid down that would allow
them, within some time period, to differentiate between dots that were
laid down by the the same machine with the same toner cartridge a day
or two apart.

So I wouldn't hold out much hope for the pre-printed paper approch.
But disregarding all of that and looking only at the imaging problem,
it's still not as simple as it might at first seem.  Although the idea
of an overlay is interesting, consider what the masking dots must look
like.

Simply sprinkling dots randomly about the page is unlikely to work,
because there is so much redundancy in the tag pattern.  In order to
obscure the tag in this way, I think you would have to put in so many dots
that the resulting document would be unacceptable.  Look at it this way:
if you put in just enough dots to corrupt each tag cell, but each cell
is corrupted in a slightly different way, then by taking the aggregate
of all of the cells, the original tag pattern can still be recovered.
(In communications terms, you have simply degraded the Signal-to-Noise
ratio by some amount, but probably not so much as to prevent error-free
recovery of the signal.)

You did propose that the dots would have to have the correct spacing,
but that may not be possible to achieve.  In order to corrupt each copy
of the tag in such a way that the redundancy is defeated, I think you
have to place your masking dots very precisely.  The dots are sparse, but
their relative positions are known with very good accuracy.  This means
that the scanning algorithm can employ a very sharp spatial filter.
In other words, if your dots don't fall precisely on the expected grid
points they will be trivially ignored.  You could put in an entire
conflicting tagging pattern, which might cause some momentary confusion,
but a quick revision of the scanning algorithm should just yield two
complete sets of data, and it probably wouldn't be hard to tell which
was the real one and which the decoy.  It seems to me that the accuracy
and repeatability of the positioning of a transparent overlay would not
be good enough for this approach to work.

There's also the question of how you would know if you had succeeded in
masking the tagging.  You could commit an appropriate crime and see if
you got caught, but there are a few problems with that approach.  If you
did succeed, the Secret Service is hardly likely to issue a statement
to the press saying that they failed to catch a criminal because the
criminal successfully foiled their forensic tagging, so you still might
not know if that was actually why you got away with it.

I think the best countermeasure is simply to avoid machines that have
forensic tagging.  If you are printing anonymous documents, do it in
black and white.  (Forensic tagging of B&W printers is an interesting
topic in its own right, but I won't launch into that here.)  If you
really must use color, pick a clean machine, or cover your trail in
some other fashion (a good idea anyway, since who knows how clean any
machine really is, and as I alluded to at the start of this diatribe,
good forensic science can get a lot of information even without such
heavyhanded tactics as cooked print engines.)

Michael Sleator
sleat at sleator.com


>I'm surprised to have seen no discussion of this, 
>even if it would have to be model-specific.
>
>How about producing a transparency with 
>massive numbers of dots of the correct color & spacing?
>It could be used directly over flatbed documents, 
>or used to create a stack of pre-dotted paper to be 
>loaded into the sheet-feeder.
>
>Have any of the investigators tried this?  If not, why not?