T 5.31 Unauthorised reading of incoming fax transmissions

When using fax machines, there is the risk of incoming fax transmissions being read by unauthorised persons if the devices are installed in freely accessible areas. Moreover, unauthorised persons may gain knowledge of the content of confidential fax transmissions in the event of improper distribution within the organisation.

When using fax servers, reading incoming and outgoing fax transmissions may be possible if the access rights on the fax server have not been assigned carefully.

Furthermore, fax servers have so-called address books. The address books facilitate the sending of faxes, since the users must only select the respective recipient and do not have to enter the recipient's fax number for every fax. If an address book contains an incorrect fax number for recipient, the fax will be sent to the wrong recipient when using this entry. Frequently, address books provide the option of consolidating several addressees to form a group. The user who wants to send a fax to the members of such a group must only specify the group and not every single member of the group as recipient. If such a group contains unauthorised addressees, these may gain knowledge of all fax transmissions sent using this group definition. The improper assignment may be caused by negligence or due to a targeted manipulation.

Fax transmissions received on a fax server must be distributed to the recipients. This may either be performed by printing the incoming fax transmissions and manually forwarding these to the recipients or by the fax server automatically distributing the fax transmissions over the network.

Unauthorised persons may gain knowledge of the incoming fax transmissions during manual distribution if the printer used for printing the faxes has been installed in a generally accessible area or in the event of improper distribution within the organisation.

For automatic forwarding of fax transmissions, the fax server requires an assignment table specifying which user and/or which user group incoming fax transmissions, e.g. coming from a certain sender or sent using a certain fax number, are to be forwarded to. If an unauthorised person is included in such an assignment table - be it due to negligence or targeted manipulation - he/she will receive fax transmissions not intended for him/her.