1

I am trying to determine if the documents I send from my office fax machine are encrypted/secure or not.

I found this article which kind of explains the current state of fax security:

According to Ontario, Canada based Natural Data, Inc., there are over 100 million fax machines in use worldwide today. Almost all of these fax machines are unable to connect to the Internet and as a result can only send and receive faxes using the unsecured public fax line services.

But that doesn't really help me assess whether my particular fax connection is secured or not. How do I know if my fax machine is networked? Even if it is networked, how do I know if it's secure? How secure is it (AES, PGP, etc.)? Is there an unsecure/secure dichotomy in the fax protocols (T4 & T30) like you have with HTTP/HTTPS and FTP/SFTP?

Manny Rodriguez
  • 13
  • 2
  • According to the wikipedia article at https://en.wikipedia.org/wiki/T.38 T.38 fax (fax over IP) is not encrypted. The article you reference talks about physically securing the fax machine to prevent people on-site from taking faxes. Fax isn't secured from electronic interception. – Steve Sether Dec 09 '15 at 20:07

1 Answers1

3

No. The facsimile protocols T4 (Modified Huffman) and T30 (ITU-T T.82) are primarily compression algorithms there is no encryption involved.

https://en.wikipedia.org/wiki/Fax#Compression

Regarding the "Networked" component that primarily refers to newer fax machines which have wireless or Ethernet connectivity so that a group can send documents over the network to the fax. This is also very common for the multifunction (fax-printer-copier) devices.

Per the question you raised keep in mind that any given telecommunications circuit is also likely to traverse the Internet in an unencrypted state. Many of the telecommunication providers leverage a variety of third-parties to transport telecom connections. In the U.S. the phrase "dedicated connection" frequently means allocated to you the customer and does not mean that there are copper wires connecting two different locations. Given the owners of various metropolitan fiber-rings and long-haul fiber carriers your communications could easily traverse a dozen different companies networks where, potentially, it could be intercepted.

Note: Some regulatory requirements treat facsimiles as protected and not having the same requirements as data sent over the Internet. If your organization is looking to secure their faxes due to a regulatory requirement you may want to verify if the requirement states anything about their use first. That said it may also be worth considering that those regulations may themselves change in the future and not allow the use of facsimile for regulated data records.

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49