Category:Security Policy Implications of Nanotechnology

Here, we describe a series of recommendations for the design of technical protection measures to be built into consumer nanofactories to control the kinds of products they can fabricate.

CRN's Possible Technical Restrictions document serves as a good starting point for developing technical protection measures.

There are several distinct motivations for restricting the output of a nanofactory.

• Security enforcement
• Intellectual Property enforcement
• Regional production restrictions

TPM for security and for intellectual property enforcement (and other goals) should be separate, so that circumventions of one TPM do not circumvent the others. Intellectual property pirates should not need to compromise the security protection measures in order to get their "free ride". Otherwise, the much larger community of IP pirates will be forced to become terrorists, as well. While this distinction might sound favorable the IP advocates, a compartmentalized design would be overall safer. Like Trusted Computing, Trusted Manufacturing WILL be cracked, and it is critical that the security design have an equal, if not greater, focus on mitigating the damage circumventions can cause as it does on preventing circumvention.

The Trusted Computing Group publishes technical specifications that are being implemented by computer hardware manufacturers to enable applications a that require a level of trust between interoperating parties with regard to the computing environment. Without hardware support, these applications would not be possible. It is conceivable to implement a similar system within a nanofactory, whereby only approved designs (or classes of designs) can be produced by a consumer nanofactory. Such designs would be cryptographically signed by an appropriate authority (or a sufficient number of recognized authorities - see Distributed Design Authority, below)

With any centralized authority, there is the posibility of corruption. Requiring that consumer nanofacotry designs be signed by just a single key creates a single point of failure, both technically, and politically. Corrupt officials may be persuaded, coerced, or duped into approving a dangerous design. A dedicated and well-resourced attacker may also compromise a single key, leaving an entire line of factories with the ability to create any product with the counterfeit signature.

Some jurisdictions may also prefer to impose additional restrictions on consumer nanofactories, over and above security and intellectual property enforcement. Each region would need to create and administer their own certification authorities.

Recent work on distributed reputation systems, such as Credence, shows promise that it may be possible to establish lawful certification authorities on various regional scales of legal jusridiction by implementing the democratic process directly into the nanofactory's design.

(describe how a system like this could work)

(StumbleUpon, Amazon - similar reputation techniques, but centralized)

Is it possible to create a spoof-proof geolocation system? If so, nanofactories could identify which jurisdictions they were operating within, and adjust their restrictions accordingly.

Among the most frightening threats of nanotechnology is the ability to microscopic machines capable of committing crimes that allow their perpetrators an increased anonymity, insuring that they will never be caught and brought to account for their actions. In order to counter this trend, forensics must be able to keep up. To counter increased anonymity, we require increased accountability.

One way to implement such accountability is to infuse every block of the product with a cryptographically signed (and possibly encrypted) tag indicating details of its fabrication that would be relevant to a criminal investigation - date, time, registered owner, fabrication location, etc.

This may even include the complete design specifications of the device itself, so that the entire product could be identified and reconstructed should any part of it be destroyed (This would be handy for recycler/fabricator hybrids to "fix" broken products, as well - see below). Having each tiny bock of a product stamped with its complete design spec resembles the way each portion of a hologram, when broken in pieces, can still project the entire image recorded on it, albeit at a lesser intensity. Thus the term "holographic product signature".

When it's just as cheap to make computers as it is to make garbage, even the most valuable and useful things tend to become garbage. When your PC breaks, it's easier to throw it out and fab a new one than the try to fix it. For this reason, it is going to be essential that a companion technology be available that can break down and recycle materials from nanufactured products. Otherwise, our output of garbage is going to explode along with our ability to manufacture products.

The security problem with a universal destructor is that criminals like to destroy physical evidence of their crimes. Making the ultimate paper shredder ubiquitous makes this practice that much easier.

One way to combat this problem is to require recyclers to publish their activity logs to appropriate authorities (or to everyone), possibly including types, quantities, and configurations of materials disposed of. If holographic product signatures are implemented, these might be scanned, recgnized, and published by the recyclers as well.

This is not a technical design consideration, but worthy of mention.

Circumventing the technical protection measures on nanofactories (as well as misuse of recyclers) would require a certain level of privacy. While efforts have been described to make the operation of nanofactories a published event through the use of Internet connections, the most obvious step to make a nanofactory's operation public record is to actually require that the fabs themselves be installed in public spaces, and monitored with video and audio surveillance (andsousveillance) in the same way stores are today. Safeguards against removing the machines from the surveillance zone would be straightforward, given super-strong materials. Circumventing the surveillance mechanisms could be made difficult with redundant surveillance (multiple, cheap cameras throughout the zone), making a sophisticated information attack necessary to substitute "spoofed" video feeds, as well (simply disabling the surveillance is easily detectable).

The idea is to turn fabs into buildings, so as to make stealing one for study a trivially detectable and absurd endeavor.

Since fabs would be as easy to replace as they would be to repair, there is no need to maintain or repair a failing fab. Thus, there would be no need to service it. This would eliminate the possiblity of an attacker posing as an "authorized fab technician". Furthermore, fabrication units could be so well removed from users, underground, or buried within the structure itself, that all the machinery accessible to humans amounts to nothing more than a delivery mechanism. Products could be stored automatically in lockers that would only be opened for the person who ordered the product.

(This kind of disposability would benefit things like voting machines, as well).

When production becomes a public act rather than a private one, it becomes accountable.

This is a modification on the nanofactory security scheme described by Tom Craver in an essay for the CRN policy task force, entitled Safer Molecular Manufacturing Through Nanoblocks.

Nanoblocks are pre-fabricted, sophisticated blocks of atoms (molecules, I guess) that are larger than 100 nm in scale, at least. Some are computers, some motors, some structural, etc. Each can be tagged by type, and even by (semi)uniqueID, for forensic purposes. these are sold in various packs through existing physical delivery infrastructure - in markets, corner stores, shipped cross country, etc. Think razor blades, where the fabs themselves are razors.

nanoblocks are manipulable only by special tooltips. One kind of tip is required to assemble blocks, while another is required to disassemble them. For a lot of applications, "nanoscale", or even 100 nm scale, isn't necessary - even sub-millimeter scale would be sufficient. with such blocks, most products would be more like microtech - even the smallest devices would be visible (albeit barely) to the naked eye. It would still be enormously useful.

L1: assemblers and recyclers begin as L2 products for general public use, assembling an array of L1 blocks that do not include assembly or disassembly tips, prohibiting the manufacture of L1 products that can recursively assemble or disassemble any other product. Recyclers of L1 products remain L2 products, but are publically available in controlled forms to prevent fabrication of malicious free-range disassembly devices (see below).

After an initial trial period of limited L1, assembly tip nanoblocks can be released, allowing for recursive fab, but not for fab of free-range disassemblers.

Note that the initial assemblers (which are themselves L2 products which assemble L1 products) must be fabbed or recycled by L2 facilities. after the assembler tip L1 blocks are released, the second-generation assemblers will be L1 products that assemble L1 products (including recursive assembly of other L1/L1 fabs)

L2: assemblers and disassemblers are only usable by civil authorities in restricted high-security facilities. they work at the atomically precise level, able to assemble and disassemble any product. products include: recycle bins that can disassemble L1 products (only), for distribution to the public; free-ranging nanobots that can disassemble L1 products (only), for use only in warranted circumstances, or when carting away loose, lost L1 blocks (cleanup);

The best part: no damn annoying DRM, and no accompanying dangerously false sense of security.

Does this stop foreign crash programs creating their own atomically-precise fabs or defabs? no. What does? What it does do is keep the really dangerous (ie, really small) applications out of the hands of civilians, including, most importantly, small terrorist groups and well-meaning klutzes. the vast majority of beneficial apps are covered at the macroscale, while withholding most of the dangerous applications to civil authorities. Because civilians will be appeased by the available products, the motivation for civilians to crack the system will be reduced.

Note: having separate assembly and disassembly keys takes care of grey goo on two fronts: first, nanoblocks do not occur in nature. goobots might make a mess out of your can of raw blocks, then go hunting for your neighbors, etc, but reasonable precautions on storage of raw blocks can keep pesky goobots out of it.

second, disassembly tips are only available on L2 products, which can't be disassembled by L1 products, so no L1 products can disassemble existing products, as they would require if they were to attempt to recycle existing L1 nanoblock products in the wild to use to reproduce themselves.

So yeah, there are a number of capabilities you have to keep locked up with civic authorities; but there is a lot you can release.