|
New!
Nanotech Scenario Series
Join the
conversation at
CRNtalk!
| |
Results of Our Ongoing Research
These pages, marked with
GREEN headings, are published for
comment and criticism. These
are not our final findings; some of these opinions will probably change.
LOG OF UPDATES
CRN Research: Overview of Current Findings
Technical Restrictions May Make
Nanotechnology Safer
Overview: Because unleashed
molecular nanotechnology
(MNT) is
so dangerous, the best solution appears to be careful
administration of the
technology, including some mandatory restrictions. Fortunately, the same
features that make MNT dangerous also allow the implementation of several kinds
of technological restriction that may form useful components of an overall
administration program. Products that might be adapted for unauthorized
molecular manufacturing
pose a serious threat to MNT security. Other products pose other kinds of
threats, and additional restriction will probably be desirable. Still, many
products, once approved, can be built freely—and for some classes of products,
approval can be a rapid and automated process. MNT-built functionality will be
amazingly compact: a supercomputer could fit inside a grain of sand. This allows
a human-scale product, such as a
personal nanofactory, to include dedicated security or
monitoring hardware. Massive computer power can help with several other problems, including
privacy-safe surveillance and patent reform.
|
Embedded security systems can
restrict nanofactories. |
Unrestricted molecular manufacturing would create
terrible dangers. Some restrictions will clearly
be necessary. However,
no simple solution can
work—any effective solution must be multifaceted. Technological
capabilities and restrictions deserve special attention because of the
unprecedented power and compactness of the technology. This power and
compactness is what makes MNT-built products so dangerous. However, it also
allows the design and use of very small security devices. Surveillance
and/or restrictive devices can be integrated into many MNT products,
including nanofactories. We describe here a system called Embedded Security Management (ESM)
for applying flexible controls at the most effective points. Basically,
nanofactories have to check with a central controller before building any
product. |
| There are many useful points
of control to prevent illicit products. |
There are several distinct points where the use of
nanofactories can or should be limited. Built-in technology restrictions
can help at most of these points. Products must be designed, nanofactories
must exist, designs must be distributed, products must be built, and
products must be used. The people involved are product designers,
nanofactory owners and users, product users, and one additional
group—"crackers" who would try to break the technological restrictions at
any point in the product cycle. Undesired use can be either prevented
technologically or deterred with technological assistance. The many
combinations of stages, people, and types of control provide a foundation
for flexible design of a suitable control system. This page describes the
extremes to which control can easily be taken. Some of these measures are
undesirable for a variety of reasons and will probably not be necessary in
practice to maintain security. |
| |
The primary goal is to prevent unrestricted nanofactories
from being developed. An unrestricted nanofactory can be duplicated easily,
spread widely, and/or used to build all sorts of dangerous products, thus
destabilizing economics and geopolitics and reducing individual and
institutional security. A secondary goal is to prevent dangerous products
from being produced by a restricted nanofactory. Even if unrestricted
nanofactories are prevented, there are many products such as weapons and
drugs that could be damaging to society. Also, too few checks on
nanofactory products would make it too easy to bootstrap an unrestricted
nanofactory. Finally, nanofactory restrictions can form the basis of a
commercial infrastructure, allowing designers to charge money for their
designs without fear of illicit copying, and permitting enforcement of
intellectual property laws. |
| Nanoblocks can be fabricated
separately. |
To build an MNT product, it is necessary to produce small
complex parts using molecular fabrication, and then join the parts together.
The nanofactory that we have described does both operations internally,
fabricating nanoblocks and then joining them via
convergent assembly.
However, prefabricating the nanoblocks in central factories has several
advantages. First, most of the energy required to build a product is used
for fabrication; an assembly-only nanofactory would be more suitable for
home use. Second, the mechanochemical fabricators could be kept under much
tighter security in a central location than in millions of personal nanofactories,
which simplifies the problem of thwarting illicit nanofactory bootstrapping
efforts. Of course, this approach would impose some additional limitations
on the products, but the tradeoff might well be worth it. (Thanks to
Tom Craver for suggesting this.) |
| Nanofactories can be made to
check before building each product. |
There are several ways to limit
personal nanofactories (PNs) to only
build desired products. Each approved product file could be digitally
signed by the approving body, and factories would only accept signed
designs. However, this does not allow revocation or limitation of
permission. A hardware key could be required, so the holder of a certain
key could build certain products. This is also insufficiently flexible. It
seems best to require the PN to check with a central agency for
permission before building each product. Such checking need not require
much time or overhead; if every file is digitally signed when it is first
designed, all that's needed is to check the signature against one or two
lists. If a problem were discovered with a design, the ability to produce
it could be revoked. This also allows products to be tracked to some
extent; product recalls as well as law enforcement would be facilitated by
keeping track of which factory produced which product at what time. For
products carrying some kind of risk, the person requesting the product could
also be verified. For example, some medical products might only be produced
at the request of a medical doctor or pharmacist. This type of tracking
could also form the basis for commercial transactions: a product would be
made only after a consumer had paid the owner of the design. This level of
tracking will raise significant privacy concerns. However, consumers are
already giving up their privacy to a large extent in today's software
systems, and the entertainment industry will quite possibly be successful at
getting
Digital
Rights Management accepted. Since most MNT products could be made by
anonymous users, DRM is an equivalent or greater privacy loss—and provides
far less benefit. |
| Many designs could be
approved automatically. |
Under CRN's
ESM plan, each new design would have to be
approved before it could be manufactured. Designs would be divided into
classes, each with their own approval scheme. Many useful products will be
reasonably large (and could not easily come apart and release
nanoparticles), with only small amounts of energy storage (so they could not
easily hurt someone), and no edges sharper than children's scissors (and a
few other restrictions). Such designs may be considered "probably safe",
and may be approved by an automated process. Other products may need an
approval process similar to UL listing before they can be widely produced. Still others are so dangerous, either to people or to the MNT security
infrastructure, that they would have to be carefully restricted—built and
used only under close supervision. |
| Legal jurisdictions create
some complications. |
Legal issues are difficult because of the wide variety of
laws and jurisdictions. Even the "probably safe" class includes includes
many products that would be illegal in certain jurisdictions, including some
weapons, drug paraphernalia, and sex toys. Within a jurisdiction, the
designers of such products could be tracked and punished as soon as the
product was noticed. Cross-jurisdictional transfer of designs is a more
difficult problem; a design may be perfectly legal in one place and
forbidden in another, and digital files do not respect borders—nor should
the designer be responsible for knowing, much less following, every law in
the world. As today, responsibility for owning an illegal product can rest
on the owner of the product. Knowing that each product built can be tracked
will serve as a deterrent. Image recognition software is being developed
today for a variety of purposes, including filtering pornography on the
Internet. Similar software could be used to scan designs for potential
illegality, and warn users before they built the product. Foreign designers
known to produce locally illegal products could have their designs flagged,
manually assessed, and blocked for nanofactories within the local
jurisdiction. Although these answers are not perfect, they offer a more
effective and comprehensive solution than the methods used today to prevent
importation, manufacture, and possession of illegal products. |
| Nanofactories can be made
very "smart" about detecting intrusion attempts and fingering the criminals. |
There are many incentives to "crack" nanofactory
security, creating an unrestricted factory. An unrestricted factory could
be used to produce goods without paying royalties, to produce weapons and
other tools of crime and terror, and to produce illegal goods with little
chance of being caught. It is important, then, to make nanofactories
difficult to crack and to discourage people from trying. A tabletop
personal nanofactory (PN) is large enough to contain a vast amount of security hardware. For example, a cubic millimeter can contain a million nanocomputers. A
similar amount of hardware can be built into the walls and interior of the
factory to detect either physical damage or scanning. If a cracking attempt
is detected, the factory can immediately shut itself down and destroy its
interior structure. Even high explosive could not open the factory as fast
as a self-destruct signal could be sent internally.
|
| |
For several reasons, it is useful for
PNs to
know their location and be in close contact with the central controller. This allows jurisdictional restrictions on products. It also allows some
security problems to be corrected: if someone discovers how to crack a
nanofactory, all PNs of that design can be deactivated. A
PN that lost contact with the central controller would quickly
deactivate and scramble itself. When a nanofactory detects a cracking
attempt and shuts itself down, that event would be traceable—and the last
known location would help to catch the crackers. Contact could be
maintained through a GPS-like system that tracked both the content of the
messages and the time required for their delivery. This would allow the
factory to triangulate its position, and to be fairly certain that no one
was intercepting and modifying the messages—or at least not taking a long
time to do so. Successful cracking of a PN would probably require
destruction of several nanofactories, plus time to work. Close monitoring
of PNs would almost guarantee that such an attempt could not
succeed before the police broke down the door. Finally, requiring
nanofactories to be in contact with central control would prevent the use of
PNs in large free-range self-replicating systems that might
otherwise be difficult to track and clean up. |
| |
Risky or valuable products could use a similar system to
track and report their location and usage. The advantages of built-in
product tracking are not available for very small MNT products, but very
small products are undesirable for other reasons, including litter and
possible health issues. |
| Massive nano-built computer
power can help with several problems. |
MNT fabrication can create amazing amounts of computer
power, which can be used to check designs or implement surveillance. Software under development today can analyze video and detect unexpected
events. This allows automated, or at least semi-automated, detection of
illicit research activities. Image processing software can be used to
obscure the faces and other identifying details of individuals, allowing
locations, equipment, or questionable activity to be studied in detail
without revealing people's identity—unless the activity is determined to be
criminal. Of course, such a system would have a very high potential for
abuse; it should probably not be used unless all the alternatives are
clearly worse.
|
| |
Pattern recognition software can also be used to analyze
nanoblock product designs. A design boils down to a 3D pattern of
nanoblocks, stored digitally. Design analysis can be used for several
purposes. New designs may be sorted into probably-safe and probably-risky
categories to speed up the approval process for safe products. Analysis of
weapons systems may be used to track some system capabilities without giving
away too much information about their design; thus, countries can verifiably
share some information about what they're designing and building while still
retaining some secrets. Finally, design analysis software can be a crucial
aid to patent reform. Current problems with software patents will only get
worse for systems with quadrillions of nanoblocks in almost unlimited
combinations. Nanoblock design patents could be required to include a
program that detects patent infringement. This would benefit inventors, who
would know if their design infringed an existing patent. Patent holders
could use their programs to scan for infringing products. And patent
examiners could easily determine if a patent truly represented prior art—if
the program flagged an existing design, it would not pass the novelty test. |
DEVIL'S ADVOCATE —
Submit your criticism, please!
If the factories have to check with a database every
time they make something, what happens if the database goes down, either
accidentally or due to a malicious attack? Won't this mean nobody could make
anything, not a good idea if nanofactories are producing food as well?
A disabled database would indeed mean that no one could make
anything with that system. For technical reasons, food is likely to be built
with a different device anyway. There are various options -- such as allowing
nanofactories to build stuff they've recently built without checking back --
that could minimize the effects of database downtime on critical production
without adding much security risk.
What if quantum computing cracks the encryption you're
using?
There are some kinds of encryption, like one-time pad, that
even quantum computing can't break. And
quantum encryption can be used to make
newer nanofactories secure—and then the old ones can be deactivated remotely.
Security is really hard to do right, even in simple
systems.
The security part of the nanofactory isn't affected by the
complexity of the nanofactory. It just has to say whether the factory can
build a design or not. That's sufficiently simple that we can probably do it
right the first time if we work really hard at it.
What if people running the central control get paid or
blackmailed to approve a dangerous design?
It would have to be set up so that that couldn't happen—so
that one compromised person, or even a few, would not be enough to corrupt the
system. Requiring consensus from several people on several continents seems
like a good idea for approving anything questionable.
Don't these restrictions cripple the technology and
prevent most of the benefits?
Probably not. There's a vast range of useful products in the
"mostly safe" category. For products that might harm consumers but don't risk
cracking the system, approval could be as fast as with today's processes.
This doesn't prevent people from doing an independent
MNT project.
It's not supposed to. Other administrative policies and
institutions will have to prevent that. We just don't want nanofactories to
make independent MNT projects easier than they already will be.
On 29 October 2006, a reader wrote:
I couldn't help but find scary some of the proposals on this page,
particularly the mechanisms for extensive communication between personal
nanofactories (PNs) and central controllers. I worry that there's a danger of
misinterpreting what may appear to be criminal actions. If there is to be a
rapid police response to a pattern of PNs losing contact, it seems that there
would need to be a heavy law enforcement infrastructure across the world,
wherever the operation of PNs would be supported. Can it be guaranteed that a
protocol for respecting a suspect's rights would be upheld during the process of
arresting, interrogating, and holding the person?
I do understand that the apparent scariness of a proposal is not necessarily a
reason not to implement it, but this just seems to be going too far in the
direction of a police state. As a related issue, it seems like once there are
powerful restrictive measures in place, there will be strong temptation to
forbid the production of safe items or information that simply are taboo in
mainstream society. Isn't there a risk of political efforts (possibly
representing mainstream religious views) breaching the ideal of no special
interests being considered?
Again, I guess all of this might be necessary to prevent disaster, however.
Thanks for expressing your concerns! CRN believes that the
greatest risk we face is a massive unstable arms
race. Just below that, however, is the risk of a global totalitarian
government. Unfortunately, private misuse of
nanofactories could reinforce calls for a totalitarian crackdown. On the
other hand, if a government wants a totalitarian crackdown, then they
can certainly manufacture excuses, regardless of whether actual civilians have
access to unrestricted nanofactories. So, it appears that there are
no simple solutions.
We originally wrote this page back in 2003, and now we're starting to rethink
it—not enough to retract it yet, but enough that maybe we should post
alternate suggestions. We'll work on that. In any case, this discussion
underscores the need for more urgent investigation
into how to deal with such a powerful technology.
Next Page: The Need
for International Control
Previous Page:
Administration Options
Title Page:
Overview of Current Findings
|
