An article called: “Government Uses Color Laser Printer Technology to Track Documents” was published in PCWorld magazine in 2004 when color printers were still unique. According to the report, the color printers insert coded patterns in printed documents. The patterns enclosed the printer’s serial number, and the date and time the documents were printed. The patterns comprised of dots, less than a millimeter in diameter and a light shade of yellow that can not be detected with a naked eye when positioned on a white background. The report was one of its kind on a silent practice that had been functional for 20 years.

The debate of the hidden dots again sparked when The Intercept published a confidential report by the US National Security Agency (NSA) on June 5. The report had hidden dots embedded in it. Soon after the report was published, the Department of Justice (DOJ) said that the Federal Bureau of Investigation (FBI) had detained an alleged leaker. Reality Leigh Winner, the 25-year-old NSA contractor, was accused “with removing classified material from a government facility and mailing it to a news outlet.”

The DOJ published an affirmation document in which an FBI agent briefed on how Winner had been traced. The agent said that the scanned copy of the report, provided by The Intercept to the government to ensure its legitimacy, seemed to be folded and creased, hinting that they had been printed and then hand-carried from a secured space.

Soon there was a buzz among researchers who claimed that the tracking dots embedded in the document led the NSA to Winner. However, the affidavit claims otherwise: an internal government check revealed that only six people had printed out the classified documents. Winner was one of the six people, and she had also communicated with the news outlet via e-mail from her work computer. There was probably no need for an analysis of the dots as suggested by several misleading news reports. However, it has again brought into limelight the long-standing privacy concerns.

The researchers after examining the dots in the top-secret document concluded that it came from a printer, model number 54, with a serial number of 29535218, and that it was produced at 6:20 a.m., on May 9, 2017, according to the printer’s internal clock. In a situation where a leaker had covered his or her tracks more carefully, or where the leaked documents had been reproduced by more than six people or perhaps printed on a non-government printer, the dots certainly could be a significant player.

The history of the embedded codes can be traced back to more than 30 years, yet the technology has been kept hidden for so long.

Peter Crean, a senior research fellow at Xerox in 2004, provided the information for the article in PCWorld at that time. Crean, in his first public interview about the practice to Quartz, since talking to the magazine 13 years ago, revealed that Xerox had not done enough to share information about the dot’s presence.

Crean added that the buyers were not informed about it even if they asked. Similarly, the salespersons were also told that if asked, they could tell the buyers, the printers had security features.

He said that initially when color printers were introduced, the governments were concerned the printers would be used for all kinds of forgery, especially forging money. It was then that Japan introduced printer steganography, the yellow dot technology as a security measure.

Since 1962, Fuji, has been in a joint-venture partnership with Xerox, was the first to implement the codes in printers. Fuji-Xerox has been entrusted to manufacture most of Xerox’s printing and copying devices for several decades. In the mid-1980s, the company started programming color printers to insert the dots in the middle of several counterfeiting issues in Japan.

“They put it on early, and we went along with it,” Crean said, “because the machines came with it.”

The practice became a norm as some countries would have denied importing the products without a guarantee that it would be possible to trace the owners if printers were used to counterfeit money. Though the US has not forced printer manufacturers to include the tracking codes through any law or regulation, Crean told that if Xerox had not implemented steganography in its early printers, the US would have stopped their import from Japan.

For additional safety, apart from yellow-dot technology, Xerox introduced another feature at the same time that made color copiers to shut down if they spotted steganography in documents hinting they were the currency. The US Central Intelligence Agency approached Xerox in 1994 to incorporate the use of the same technology to end the unlawful copying of classified documents. Crean wasn’t sure if the agency had used any of his suggestions, but he gave some ideas in a brainstorming meeting with two agents that year. However, the machines were used to detect currency at least through the mid-2000s.

Xeron set up a PR campaign dedicated to the technology and science behind some of its inventions like steganography when Crean spoke to PCWorld in 2004. The company had asked Crean to highpoint the tech as a fantastic security feature the company’s printers included and to discuss the science behind it. Previously, Crean had spoken publicly about the codes a few times, but nothing much had resulted from it. The company expected the techie readers of PCWorld to be amused with the obscure feature. The PR people set it up for him, told Crean. The company’s PR person was sitting across the desk from him, nodding at everything he said while giving the interview.

The article created a stir among the privacy advocates who believed that such a practice was a violation of American’s constitutional rights. However, the report referred to a Secret Service counterfeiting specialist who told that any information gained from these documents is only obtained at the time of a criminal case, but the privacy activists pointed out there were no regulations or rules to hold the government to that.

The Electronic Frontier Foundation (EFF) addressed the issue in a blog post, highlighting the possible exploitations of this marketing technology. It said that any individual using printers to make political leaflets, arrange legal protest activities or even discuss private personal topics or medical conditions could be detected by the government without any legal process, judicial oversight or notice to the person being spied. Salespeople at Xerox were asked at this point to mention all queries about the dots to Xerox headquarters, Crean told.

Seth Schoen, a security researcher at the EFF, started observing the dots soon after the article was printed, in an attempt to read the encoded patterns. The company even asked the public to submit models of their own printed documents which assisted them to compare and contrast differences and similarities between patterns on many printer models. Schoen said that the researchers also went to several Kinko’s locations and printed their own samples, which is an excellent method to get DocuColor samples, mentioning the Xerox model they were researching. He also said that scanners, microscopes and blue-light flashlights were used to observe the documents.

Finally, a volunteer working with the EFF discovered that the dots symbolized a binary code, Schoen said. It provided them to decode the logic behind them and to read the code inserted in any document using yellow-dot steganography. The company distributed the results of its work, together with an interactive tool to decipher the dots. The researchers also revealed a list of all the models they found that implant the same pattern of dots, however Schoen told in a phone interview that it should be presumed that every color printer implants tracking information in one way or other. He cited information the EFF obtained in 2005 via a Freedom of Information Act request to the US government.

The EFF mentioned in its website that the documents it received through FOIA hinted that almost all the significant makers of color laser printers signed a secret agreement with governments to guarantee that the print outs from those devices are forensically traceable. Fuji-Xerox pioneered embedding tracking codes, and then the practice became universal.

Other companies started with different methods of that scheme that were more complex and harder to interpret. For instance, Canon twists theirs around in a spiral, but everybody had their own way of putting small digit set all over the print. Xerox, HP, Canon, and the NSA refused to comment on the issue.

While the code behind the yellow-dot patterns was interpreted, there is probably another steganography in use that has yet to be revealed. However, Schoen said that several manufacturers have switched over to a second generation of the technology and that area is still untouched!!