I was surprised a few years ago to find that a similar thing was already happening for big company email servers. My small company was working a joint proposal with a division of a big company. Every time the teammate at BigCo sent me his copy of the Word document containing the proposal, it would mysteriously disappear en route through his Exchange server.
Once he removed the "Confidential Property of BigCo" footer from the document it went through just fine. He was hitherto unaware that such a restriction existed.
It was a violation of his company's policy that he send a document with that footer outside of his network. It was also a violation of policy for him to remove that footer from a proposal for which his company would be the prime contractor. There's a lesson in there somewhere about centralized automatic enforcement of policy.
Happened in the UK parliament - their email system was quietly deleting emails about child pornography, from the committee debating the rules for censorship of child pornography.
Better yet: Canon provides capability for low tier support technicians to obtain copies of sensitive documents.
"The server will email the administrator a PDF copy of the document in question if a user attempts to do so."
Seriously, WTF? Aren't they just replacing one security leak with another? Why would you want a printer technician to get a complete copy of a blocked document? A simple, nondescript notification/log entry should suffice.
Essentially, this is a form of secret, artificial intelligence that frustrates your plans. As such, I predict epic fails.
You know, like when the publication has a rule that all references to "the queen" should be changed to "Queen Elizabeth." Then they publish an article on bees, which states "Queen Elizabeth can lay thousands of eggs at a time..."
Similar crap will happen. Some keyword will silently block the copying or printing of an innocent but important document and cause hilarity and/or a major problem. "We lost the contract! We couldn't fax in the proposal by the deadline because it wouldn't print!"
Having worked at a law firm and in the legal department of a large Wall Street bank, I don't think this is as huge of a freedom issue than you'd think. I don't expect this to get used outside that environment.
It will be yet another feature that no one uses. As long as there is a big button with the word copy on it the machine will often be unpacked, plugged in and never touched again.
This is an interesting way to plug an "analog hole" in secure environments (or, more accurately, environments where information security is desired). It reminds me of stories of financial institutions filling the USB ports on desktop computers with epoxy.
Here's my question....It seems that the confidential information with the highest value is small and qualitative. "Company X is considering the purchase of Company Y." Obviously, the value of that information for insider trading is huge. But, if I've read that memo in the law firm's office, I don't need to make a photocopy to profit.
Perhaps the next tier down is where such hole plugging makes sense: A customer list is valuable, but I couldn't remember 10K names and email addresses, so I'd have to make a copy (digital or analog). One headhunter at a local office of a national firm told me that their client/resume system was Citrix-hosed and had copy/paste disabled to make it harder for employees to harvest data before leaving. Of course, access was logged at the record-level as well.
What about cases where a needle might be found in a haystack? Copy all 10TB of a law firm's documents, take them home, and look for deals which might happen in the future. In either the digital (thumbdrive) or analog (copymachine) cases, it seems easy to figure out retrospectively that a breech occurred -- Look, Bob copied 5K documents and then quit!. However, the horse is already out of the stable at that point. Perhaps the preventative nature of this copy machine technology is what makes it attractive?
Restaurant POS systems have all sorts of rules in place to prevent employee fraud. One scheme involves a server's friend making a purchase and leaving a HUGE tip on a credit card. The server gets his paycheck, and then the friend disputes the charge. To prevent this, POS systems can be configured to require a manager's approval for a tip larger than X%. I wonder if similar schemes could be employed to force collusion in data theft. Let's say that any user could print 100 pages without manager (or even peer?) approval, but someone else would have to vouch for the legitimacy of the request after that point? I wonder what percentage of breeches that would prevent. The same could be done with accessing documents from a law firm's document management system -- You can see N documents not related to your own clients before somebody else has get involved.
I think the assumption here is that you'd know about the copy on your mail server, that is also hopefully locked down. After all, free access on the mail server is probably much worse than a single PDF.
Once he removed the "Confidential Property of BigCo" footer from the document it went through just fine. He was hitherto unaware that such a restriction existed.
It was a violation of his company's policy that he send a document with that footer outside of his network. It was also a violation of policy for him to remove that footer from a proposal for which his company would be the prime contractor. There's a lesson in there somewhere about centralized automatic enforcement of policy.