Home > NewsRelease > Printers and Copiers Left Out the FBI’s Search of Trump’s Mar-A-Lago
Printers and Copiers Left Out the FBI’s Search of Trump’s Mar-A-Lago
Steven Burgess -- Computer Forensics Expert Steven Burgess -- Computer Forensics Expert
For Immediate Release:
Dateline: San Luis Obispo, CA
Monday, September 5, 2022


Printers and Copiers Left Out of the FBI’s Search of Trump’s Mar-A-Lago

copyright, 2022, Steve Burgess

We’ve only recently learned the content of the search warrant that the FBI used to search the premises of former president Donald Trump’s Mar-A-Lago resort and residence. It seems they overlooked some potential information.

Printers have data storage

It’s not commonly known but many printers, copiers, and multifunction devices that combine the functions of printer, scanner, and fax contain internal storage. Some have hard drives and some have solid state memory. Your computer sends a whole print job (or several) to the printer so that the computer’s bandwidth doesn’t get choked by waiting for the printer and computer to talk back and forth. It could be hundreds of pages. It includes dates, times, and titles. It often contains email addresses and even complete documents.

These devices can hold a couple hundred thousand pages of documents. Yes, I said 200,000 pages.

Two Hundred Thousand

In a networked environment, such as at many offices, hotels, or resorts such as Mar-A-Lago, several computers send such print jobs to the same printer. So the printer needs a lot of storage and computing power to feed and print those jobs in the right order.

Some printers delete the data when the printer is turned off – but who turns off their printer? And even so, as a long-time digital forensic expert, this author can tell you that deleted data is not destroyed data. Especially with hard drives, that data can persist for years, until some other process overwrites it.

People Leave Data Behind on Their Printers and Copiers

There’s a well-known case where a CBS investigation showed that a reseller of used printers found tens of thousands of documents on four printers they’d purchased in one day. The documents found included architectural plans for a building to be raised on Ground Zero, copies of checks and check stubs, 300 pages of personal medical records from a health plan’s machine, and much more sensitive information.

This same investigation noted that used and decommissioned printers go to numerous other countries for resale. As if these documents weren’t dangerous enough when left in American hands…

But surely, an ex-president would have adequate hired expertise and security so as not to have such data laying around on its devices. Maybe not.

Mar-A-Lago has Been Lacking in Security

There have been numerous incidents where foreign nationals, some posing with fake identities, have walked right past the resort’s security. In one case, a Chinese national was allowed onto the grounds carrying four cell phones, two passports, and a flash drive infected with malicious malware. She said she was heading for the pool. Fortunately, she was eventually caught, hopefully before making use of the many devices at her disposal.

A large percentage of printers don’t need physical connections, such as Ethernet cables, but rather have wi-fi access to the local network.

Fishing boat

Poliphilo, CC0, via Wikimedia Commons

A few years ago, during an investigation of digital security by ProPublica and Gizmodo, they parked a motorboat 800 feet away from Mar-A-Lago’s back lawn and quickly detected three wif-fi networks with weak encryption. They said they could have hacked the networks in five minutes – but they didn’t.

So, why is the above problematic?

The aforementioned flash drive could have been inserted into a computer or printer at the club to disrupt, corrupt, or steal data. After all, Iran’s nuclear program was disrupted by Stuxnet, which was loaded from a flash drive that had been left lying around Iran’s Natanz nuclear research facility.

Network access by a bad actor might also steal data from devices or networks at Mar-A-Lago.

Now to the FBI’s search of the resort’s residence.

The seven-page search warrant partially relied on The Espionage Act, 18 U.S. Code § 793 – Gathering, transmitting or losing defense information, which deals with the possession or copying of documents and materials related to national security, particularly information that could be used to harm the U.S. or benefit a foreign country…

While the search warrant specifies “All physical documents and records constitutes evidence…” and containers thereof, it goes on to talk about what seems to specifically be paper documents.

The digital data we’ve been talking about are likely to contain documents and of course, in doing so, are containers themselves. But digital evidence is not mentioned in the warrant, at least insofar as the news reports we have seen thus far, and as far as the actual text of the search warrant states.  Documents found in FBI search

It has been reported – and shown in photographs – that the FBI found dozens of empty folders with markings indicating that they had held classified and top-secret documents.

Why would those folders have been empty? Well, of course, because the documents that they had previously held had been removed.

And why would the documents have been removed from the folders? One reasonable inference is that they had been removed to be copied, and not put back.

The FBI found dozens of documents categorized as stolen by the very act of taking them from the White House. There were many  classified documents among them and clearly, not all of them have been returned. A further search might reveal that some of them had been copied and/or stored digitally.

Isn’t this something that ought to have been contained in the search warrant?

In the many cases where your author has been retained as an expert, law enforcement typically grabs everything that would seem to store data – computers, hard drives, flash drives, cameras, SD cards and more. They may triage some or all of these devices on-site so as to take only the ones that contain suspect data. But I don’t recall ever having seen a property list of seized devices that includes printers or copiers.

Maybe it’s time for these devices to be included in the average seizure of suspect equipment. But when it comes to national secrets and the compromise of our intelligence agents, domestic and overseas, it would seem to be essential.

TIP: If you sell your printer or copier, make sure you find the manufacturer’s instructions on how to wipe the data it contains. The same holds true if you recycle it, or even if you toss it in the trash. (Be aware that there are many electronic recycling centers that can keep this potentially toxic trash out of the landfill.)

Contact Steve Burgess: steve@burgessforensics.com
(866) 345-3345 ; (805) 349-7676

Pickup Short URL to Share
News Media Interview Contact
Name: Steven Burgess
Title: President
Group: Burgess Consulting
Dateline: San Luis Obispo, CA United States
Direct Phone: 866-345-3345
Cell Phone: 805-349-7676
Jump To Steven Burgess -- Computer Forensics Expert Jump To Steven Burgess -- Computer Forensics Expert
Contact Click to Contact