Just something to be aware of

Summary: Tips for potential EPO whistleblowers, who we invite to send leaks; they use Office equipment and sometimes rely on making copies of internal documents

Whistleblowers of the EPO can take proactive/preventive measures to protect themselves.

One thing many people are not aware of is surveillance in scanners and printers. Reality Winner, an NSA-related whistleblower, made an error earlier this year. She sent a printed document, not knowing that pale yellow dots are embedded in every printout, containing information about the identity/location of printers. I had read about this years beforehand; it's not information which is widely publicised and trying to decipher the encoding of the dots is still a subject which is shrouded in mystery.

We have a rough (but gradually-improved) idea about equipment at the EPO and how it is used (e.g. by the management and its secret police, the IU). According to the metadata we have seen before, an input file generated by insiders says how long ago it was created (e.g. months ago, weeks ago, which can help work out who was there and when) on some device with particular specifications, e.g. "Xerox Color C60". That's just something to bear in mind. We have various means/methods for removing such data. "C60" sounds like the big iron models which would typically be used at the EPO^*, so a correspondent should beware. Don't upload such material to 'public' spaces like Google or Amazon.

The EPO does not always use the same printer/scanner model. In some cases, the document is tagged with a name or userid; if not, it may have been scanned elsewhere. "Nowadays a badge is required to access the scanning options," a source told us, "and you can only send the output to your own E-mail address."

Regarding colour, we don't know whether colour printing trickled down to the 'basic' staff. In the older days, it used to be reserved for the "management" floors. So, herein clues may lie. It's something to be aware of. And unless we have additional knowledge as to the origin of documents, or several independent copies, in our opinion we should avoid posting the original documents in full/altogether. Sometimes we convert to HTML for these/similar reasons. Sometimes we intentionally distort screenshots (not content), in essence passing them through filters.

In conclusion, do not trust EPO equipment. If something gets scanned, don't pass it online (certainly not through the Office network). ⬆ ____ ^* We suppose that a better endowed copy shop in Munich or The Hague might have such equipment as well.