Center for

Responsible

Nanotechnology
 

 


WWW CRN ONLY
 




New!
 

Nanotech Scenario Series



Donate Now






 

 Join the  conversation at CRNtalk!

 

Results of Our Ongoing Research

These pages, marked with GREEN headings, are published for comment and criticism. These are not our final findings; some of these opinions will probably change.   LOG OF UPDATES 

CRN Research: Overview of Current Findings

bullet Timeline for Molecular Manufacturing   
bulletProducts of Molecular Manufacturing
bulletBenefits of Molecular Manufacturing
bulletDangers of Molecular Manufacturing  
bulletNo Simple Solutions
bulletAdministration Options
bullet Possible Technical Restrictions   YOU ARE HERE
bulletThe Need for International Control
bulletThe Need for Immediate Action
bulletA Solution that Balances Many Interests
bulletThe Need for Early Development   
bulletThe Need for International Development
bulletThirty Essential Nanotechnology Studies

Technical Restrictions May Make Nanotechnology Safer

Overview:  Because unleashed molecular nanotechnology (MNT) is so dangerous, the best solution appears to be careful administration of the technology, including some mandatory restrictions. Fortunately, the same features that make MNT dangerous also allow the implementation of several kinds of technological restriction that may form useful components of an overall administration program. Products that might be adapted for unauthorized molecular manufacturing pose a serious threat to MNT security. Other products pose other kinds of threats, and additional restriction will probably be desirable. Still, many products, once approved, can be built freely—and for some classes of products, approval can be a rapid and automated process. MNT-built functionality will be amazingly compact: a supercomputer could fit inside a grain of sand. This allows a human-scale product, such as a personal nanofactory, to include dedicated security or monitoring hardware. Massive computer power can help with several other problems, including privacy-safe surveillance and patent reform.

Embedded security systems can restrict nanofactories. Unrestricted molecular manufacturing would create terrible dangers. Some restrictions will clearly be necessary. However, no simple solution can work—any effective solution must be multifaceted. Technological capabilities and restrictions deserve special attention because of the unprecedented power and compactness of the technology. This power and compactness is what makes MNT-built products so dangerous. However, it also allows the design and use of very small security devices. Surveillance and/or restrictive devices can be integrated into many MNT products, including nanofactories. We describe here a system called Embedded Security Management (ESM) for applying flexible controls at the most effective points. Basically, nanofactories have to check with a central controller before building any product.
There are many useful points of control to prevent illicit products. There are several distinct points where the use of nanofactories can or should be limited. Built-in technology restrictions can help at most of these points. Products must be designed, nanofactories must exist, designs must be distributed, products must be built, and products must be used. The people involved are product designers, nanofactory owners and users, product users, and one additional group—"crackers" who would try to break the technological restrictions at any point in the product cycle. Undesired use can be either prevented technologically or deterred with technological assistance. The many combinations of stages, people, and types of control provide a foundation for flexible design of a suitable control system. This page describes the extremes to which control can easily be taken. Some of these measures are undesirable for a variety of reasons and will probably not be necessary in practice to maintain security.
  The primary goal is to prevent unrestricted nanofactories from being developed. An unrestricted nanofactory can be duplicated easily, spread widely, and/or used to build all sorts of dangerous products, thus destabilizing economics and geopolitics and reducing individual and institutional security. A secondary goal is to prevent dangerous products from being produced by a restricted nanofactory. Even if unrestricted nanofactories are prevented, there are many products such as weapons and drugs that could be damaging to society. Also, too few checks on nanofactory products would make it too easy to bootstrap an unrestricted nanofactory. Finally, nanofactory restrictions can form the basis of a commercial infrastructure, allowing designers to charge money for their designs without fear of illicit copying, and permitting enforcement of intellectual property laws.
Nanoblocks can be fabricated separately. To build an MNT product, it is necessary to produce small complex parts using molecular fabrication, and then join the parts together. The nanofactory that we have described does both operations internally, fabricating nanoblocks and then joining them via convergent assembly. However, prefabricating the nanoblocks in central factories has several advantages. First, most of the energy required to build a product is used for fabrication; an assembly-only nanofactory would be more suitable for home use. Second, the mechanochemical fabricators could be kept under much tighter security in a central location than in millions of personal nanofactories, which simplifies the problem of thwarting illicit nanofactory bootstrapping efforts. Of course, this approach would impose some additional limitations on the products, but the tradeoff might well be worth it. (Thanks to Tom Craver for suggesting this.)
Nanofactories can be made to check before building each product. There are several ways to limit personal nanofactories (PNs) to only build desired products. Each approved product file could be digitally signed by the approving body, and factories would only accept signed designs. However, this does not allow revocation or limitation of permission. A hardware key could be required, so the holder of a certain key could build certain products. This is also insufficiently flexible. It seems best to require the PN to check with a central agency for permission before building each product. Such checking need not require much time or overhead; if every file is digitally signed when it is first designed, all that's needed is to check the signature against one or two lists. If a problem were discovered with a design, the ability to produce it could be revoked. This also allows products to be tracked to some extent; product recalls as well as law enforcement would be facilitated by keeping track of which factory produced which product at what time. For products carrying some kind of risk, the person requesting the product could also be verified. For example, some medical products might only be produced at the request of a medical doctor or pharmacist. This type of tracking could also form the basis for commercial transactions: a product would be made only after a consumer had paid the owner of the design. This level of tracking will raise significant privacy concerns. However, consumers are already giving up their privacy to a large extent in today's software systems, and the entertainment industry will quite possibly be successful at getting Digital Rights Management accepted. Since most MNT products could be made by anonymous users, DRM is an equivalent or greater privacy loss—and provides far less benefit. 
Many designs could be approved automatically. Under CRN's ESM plan, each new design would have to be approved before it could be manufactured. Designs would be divided into classes, each with their own approval scheme. Many useful products will be reasonably large (and could not easily come apart and release nanoparticles), with only small amounts of energy storage (so they could not easily hurt someone), and no edges sharper than children's scissors (and a few other restrictions). Such designs may be considered "probably safe", and may be approved by an automated process. Other products may need an approval process similar to UL listing before they can be widely produced. Still others are so dangerous, either to people or to the MNT security infrastructure, that they would have to be carefully restricted—built and used only under close supervision.
Legal jurisdictions create some complications. Legal issues are difficult because of the wide variety of laws and jurisdictions. Even the "probably safe" class includes includes many products that would be illegal in certain jurisdictions, including some weapons, drug paraphernalia, and sex toys. Within a jurisdiction, the designers of such products could be tracked and punished as soon as the product was noticed. Cross-jurisdictional transfer of designs is a more difficult problem; a design may be perfectly legal in one place and forbidden in another, and digital files do not respect borders—nor should the designer be responsible for knowing, much less following, every law in the world. As today, responsibility for owning an illegal product can rest on the owner of the product. Knowing that each product built can be tracked will serve as a deterrent. Image recognition software is being developed today for a variety of purposes, including filtering pornography on the Internet. Similar software could be used to scan designs for potential illegality, and warn users before they built the product. Foreign designers known to produce locally illegal products could have their designs flagged, manually assessed, and blocked for nanofactories within the local jurisdiction. Although these answers are not perfect, they offer a more effective and comprehensive solution than the methods used today to prevent importation, manufacture, and possession of illegal products.
Nanofactories can be made very "smart" about detecting intrusion attempts and fingering the criminals. There are many incentives to "crack" nanofactory security, creating an unrestricted factory. An unrestricted factory could be used to produce goods without paying royalties, to produce weapons and other tools of crime and terror, and to produce illegal goods with little chance of being caught. It is important, then, to make nanofactories difficult to crack and to discourage people from trying. A tabletop personal nanofactory (PN) is large enough to contain a vast amount of security hardware. For example, a cubic millimeter can contain a million nanocomputers. A similar amount of hardware can be built into the walls and interior of the factory to detect either physical damage or scanning. If a cracking attempt is detected, the factory can immediately shut itself down and destroy its interior structure. Even high explosive could not open the factory as fast as a self-destruct signal could be sent internally.
  For several reasons, it is useful for PNs to know their location and be in close contact with the central controller. This allows jurisdictional restrictions on products. It also allows some security problems to be corrected: if someone discovers how to crack a nanofactory, all PNs of that design can be deactivated. A PN that lost contact with the central controller would quickly deactivate and scramble itself. When a nanofactory detects a cracking attempt and shuts itself down, that event would be traceable—and the last known location would help to catch the crackers. Contact could be maintained through a GPS-like system that tracked both the content of the messages and the time required for their delivery. This would allow the factory to triangulate its position, and to be fairly certain that no one was intercepting and modifying the messages—or at least not taking a long time to do so. Successful cracking of a PN would probably require destruction of several nanofactories, plus time to work. Close monitoring of PNs would almost guarantee that such an attempt could not succeed before the police broke down the door. Finally, requiring nanofactories to be in contact with central control would prevent the use of PNs in large free-range self-replicating systems that might otherwise be difficult to track and clean up.
  Risky or valuable products could use a similar system to track and report their location and usage. The advantages of built-in product tracking are not available for very small MNT products, but very small products are undesirable for other reasons, including litter and possible health issues.  
Massive nano-built computer power can help with several problems. MNT fabrication can create amazing amounts of computer power, which can be used to check designs or implement surveillance. Software under development today can analyze video and detect unexpected events. This allows automated, or at least semi-automated, detection of illicit research activities. Image processing software can be used to obscure the faces and other identifying details of individuals, allowing locations, equipment, or questionable activity to be studied in detail without revealing people's identity—unless the activity is determined to be criminal. Of course, such a system would have a very high potential for abuse; it should probably not be used unless all the alternatives are clearly worse.
  Pattern recognition software can also be used to analyze nanoblock product designs. A design boils down to a 3D pattern of nanoblocks, stored digitally. Design analysis can be used for several purposes. New designs may be sorted into probably-safe and probably-risky categories to speed up the approval process for safe products. Analysis of weapons systems may be used to track some system capabilities without giving away too much information about their design; thus, countries can verifiably share some information about what they're designing and building while still retaining some secrets. Finally, design analysis software can be a crucial aid to patent reform. Current problems with software patents will only get worse for systems with quadrillions of nanoblocks in almost unlimited combinations. Nanoblock design patents could be required to include a program that detects patent infringement. This would benefit inventors, who would know if their design infringed an existing patent. Patent holders could use their programs to scan for infringing products. And patent examiners could easily determine if a patent truly represented prior art—if the program flagged an existing design, it would not pass the novelty test.


DEVIL'S ADVOCATE —
Submit your criticism, please!

If the factories have to check with a database every time they make something, what happens if the database goes down, either accidentally or due to a malicious attack? Won't this mean nobody could make anything, not a good idea if nanofactories are producing food as well?

A disabled database would indeed mean that no one could make anything with that system. For technical reasons, food is likely to be built with a different device anyway. There are various options -- such as allowing nanofactories to build stuff they've recently built without checking back -- that could minimize the effects of database downtime on critical production without adding much security risk.

What if quantum computing cracks the encryption you're using?

There are some kinds of encryption, like one-time pad, that even quantum computing can't break. And quantum encryption can be used to make newer nanofactories secure—and then the old ones can be deactivated remotely.

Security is really hard to do right, even in simple systems.

The security part of the nanofactory isn't affected by the complexity of the nanofactory. It just has to say whether the factory can build a design or not. That's sufficiently simple that we can probably do it right the first time if we work really hard at it.

What if people running the central control get paid or blackmailed to approve a dangerous design?

It would have to be set up so that that couldn't happen—so that one compromised person, or even a few, would not be enough to corrupt the system. Requiring consensus from several people on several continents seems like a good idea for approving anything questionable.

Don't these restrictions cripple the technology and prevent most of the benefits?

Probably not. There's a vast range of useful products in the "mostly safe" category. For products that might harm consumers but don't risk cracking the system, approval could be as fast as with today's processes.

This doesn't prevent people from doing an independent MNT project.

It's not supposed to. Other administrative policies and institutions will have to prevent that. We just don't want nanofactories to make independent MNT projects easier than they already will be.

On 29 October 2006, a reader wrote: I couldn't help but find scary some of the proposals on this page, particularly the mechanisms for extensive communication between personal nanofactories (PNs) and central controllers. I worry that there's a danger of misinterpreting what may appear to be criminal actions. If there is to be a rapid police response to a pattern of PNs losing contact, it seems that there would need to be a heavy law enforcement infrastructure across the world, wherever the operation of PNs would be supported. Can it be guaranteed that a protocol for respecting a suspect's rights would be upheld during the process of arresting, interrogating, and holding the person?

I do understand that the apparent scariness of a proposal is not necessarily a reason not to implement it, but this just seems to be going too far in the direction of a police state. As a related issue, it seems like once there are powerful restrictive measures in place, there will be strong temptation to forbid the production of safe items or information that simply are taboo in mainstream society. Isn't there a risk of political efforts (possibly representing mainstream religious views) breaching the ideal of no special interests being considered?

Again, I guess all of this might be necessary to prevent disaster, however.

Thanks for expressing your concerns! CRN believes that the greatest risk we face is a massive unstable arms race. Just below that, however, is the risk of a global totalitarian government. Unfortunately, private misuse of nanofactories could reinforce calls for a totalitarian crackdown. On the other hand, if a government wants a totalitarian crackdown, then they can certainly manufacture excuses, regardless of whether actual civilians have access to unrestricted nanofactories. So, it appears that there are no simple solutions.

We originally wrote this page back in 2003, and now we're starting to rethink it—not enough to retract it yet, but enough that maybe we should post alternate suggestions. We'll work on that. In any case, this discussion underscores the need for more urgent investigation into how to deal with such a powerful technology.
 

Next Page: The Need for International Control

Previous Page: Administration Options

Title Page: Overview of Current Findings
 

             
CRN is a non-profit research and advocacy organization, completely dependent on small grants and individual contributions.

             

Copyright © 2002-2008 Center for Responsible Nanotechnology TM        CRN is an affiliate of World Care®, an international, non-profit, 501(c)(3) organization.