PDF417 and your privacy Written by GLHeX To give an overview - Portable Data File 417 (PDF417) technology is a 2D error-correcting bar code developed in 1991 by Ynjiun Wang of Symbol Technologies. PDF417's can independently store data as apposed to conventional bar codes which need to be referenced to a database of information. The PDF417 structure has a width of up to 34 columns and a maximum width of 90 rows in height. A total of 928 combined data and error correction codes may reside in a single symbol. So there is a limit to what a single symbol can hold. Though that doesn't mean the data cannot be stored across several symbols. Macro PDF's can be created to span data across nearly 900,000 symbols. In terms of 2D bar codes, it has 4 bars/spaces and is 17 modules wide - hence the 417. Data capacity varies by data type. 1108 Bytes, 1850 ASCII characters or 2710 numeric digits per symbol. There are 8 levels of error correction. Eight being the highest or most data secure relating to error correction. The error correction level (or security level) directly impacts the size of the symbol. The higher the error correction relates to how severe the symbol can be damaged without losing the data stored. These bar codes are great for quickly retrieving data because they do not need to be "carefully scanned". They can be scanned just as fast up side down, diagonally, vertically and so on - with no risk of errors as a result. A PDF417's ability to store data does not stop at plain text. They can also be used to store pictures, fingerprints, signatures, voice data, binary and more. Pending you have the correct equipment/software to decode it's structure. There are plenty of 2D bar codes in use today. Some of the more common types would be Aztec Code, Codeblock F, Code 1, CP Code, Data Matrix, MaxiCode and SuperCode. Although you may not recall ever hearing them by name, you are sure to have encountered them at some point. Symbol boasts a rather impressive customer base including, but not limited to; Air France, Associated Grocers, Blockbuster Entertainment, Boeing, Costco Wholesale, CVS Pharmacy, Eckerd Drugs, Federal Express, Ford Motor Company, General Motors, Marks & Spencer, MGM, Mobil Oil, Target Stores, Toys R Us and the US Postal Service. While most of these customers will use the PDF417 bar code for shipping and manifest purposes, they can also store information about you. Most notably to the relevance of this article would be the US Postal Service and FedEx. What is not listed above would be state motor vehicle departments. If you happen to live in one of the lucky states with 2D bar codes printed on your drivers license - you see them every time you use your ID. Some state inspection stickers as well as military and government stickers displayed on your vehicles windshield clearly show a 2D PDF417 with your personal information encoded into the stacked blocks of data. It's not to say that these companies and organizations are putting your privacy directly at risk. Some knowledge of the PDF417 format and a reader are needed to pull your information from the bar code. But is security through obscurity enough? Definitely not. In a quote from the Symbol Technologies web site it says: "The Secure, Low Cost, High Capacity, ID Technology" This is rather misleading because the information stored in a PDF417 is not encrypted by the PDF417 encoding process. Rather the PDF417's ability to error check and recover scratched or smudged bar codes is what's secure. As well as the fact that they are rather hard to duplicate. Simply said, the information is secure from corruption not curiosity. It's easy to understand when you show your ID at a bar or any other establishment which might scan this bar code already has the coded information directly in front of them. This information would be on the front of the ID itself; name, sex, birth date, address, etc. But with the use of the PDF417 this information can easily be stored for later use/review. However that's the risk you take when allowing someone to scan your ID. You are giving your information to them, you are clearly identifying yourself. However, your car parked in your work parking lot should not be subject to the same forfeit of information through the inspection sticker on your windshield. A fairly decent digital camera is enough to capture your personal PDF417 so it can be decoded for anyone to see. This would be name, address, etc. It isn't safe to assume that a very expensive piece of specialized hardware be used to decode this information and that only reputable, morally driven companies have access to PDF417 scanners. There are plenty of free software packages available to decode the PDF417 format. As a matter of fact, even if this were the case there are 2D scanners available for under $100 and can be purchased by anyone willing to spend the money. It would be a shame to say that millions of people everyday are having their personal information stolen through PDF417's. In fact, it would probably be very untrue. However it is important to know that just as leaving a key under a rock, it is no more secure to flaunt your personal data around through an obscure looking bar code. Ways to protect the information stored on these bar codes would be to shred or severely smudge old inspection stickers before discarding them. Perhaps also covering half of the bar code when affixing your new inspection sticker. (Though obviously you should yield to your state laws if doing this.) Be aware of who you hand your ID to and what they plan on doing with it, there is a clear difference between confirming identity and stealing it. As these bar codes become used more and more you'll start to see them on monthly bills and invoices, bank statements, even social security cards and documents. Since we can't shred such important valid identification, it is important to know that the PDF417 on any personal form, sticker or ID is just as sensitive as the information displayed in clear text. You would not believe the overwhelming generosity I received when simply asking people to take photos and even photocopies of their ID and registration PDF417 symbols for me. What's unbelievable is that I was not denied in any instance of asking for these images. So hopefully this sheds some light into data storage in bar codes and clearly communicates the reason why they are used and why they should be treated as sensitive data unless proven otherwise.