3D Printing 'Encryption' to Hide Contraband Objects Seems Really Overhyped

Tl;dr Yesterday, on Forbes.com, this article ran about using 'encryption' to hide contraband objects in 3D printer blueprints. I think this claim is designed to incite moral panic, and is also an incorrect one. Centrally, distribution channels for contraband already exist online, and this so-called 'encryption' will add no value to that ecosystem.

The central claim of the Forbes article:
If 3D printing companies and government agencies hope to police the spread of dangerous or pirated digital shapes, their task is about to get much more complicated. 
Late last month Matthew Plummer-Fernandez, the 31-year-old creative technologist for Goldsmith College’s Interaction Research Studio at the University of London, released what he’s calling ‘Disarming Corruptor,’ a piece of free software designed to distort 3D-printable blueprints such that only another user with the app and the knowledge of a certain key combination can reverse the distortion and print the object. That means any controversial file–say, a figurine based on Mickey Mouse or another copyrighted or patented shape, or the 3D-printable gun created earlier this year known as the Liberator–could be ‘encrypted’ and made available on a public repository for 3D-printing blueprints like the popular site Thingiverse without tipping off those who would try to remove the file.

On the left are the blueprints for the now-notorious "Liberator," the first 3D printable gun. (Note: it is a really crappy gun.) On the right is the 'encrypted' version of those blueprints. Using the software created by Plummer-Ferndandez, if you have the correct decryption key, you can turn the blobby thing on the right into the gun on the left. And, because the blobby thing on the right is visually meaningless, MakerBot would never ever realize it was a gun, so they would never take it down from ThingiVerse.

However, if MakerBot doesn't recognize that the thing on the right is a Liberator... then how are other users, who want to find the Liberator, going to realize this either?

They are already going to have to know, somehow, that this particular file is the Liberator. Which means they will already have to have been given this information, and, supposedly, the decryption key from a third party. Likely on an online forum of some sort. Where people can post files.

So why not just post the Liberator blueprints to that forum in the first place? There are already myriad places on the internet where people can and do post contraband material that are well beyond the reach of US corporations and law enforcement. So encrypting the file is a wholly unnecessary step.

Here's an analogy: I would never go to the iTunes store to download 35 minutes of static that becomes an episode of VEEP with a magic key. So why would I go to Thingiverse to do the same? And why would someone who knows they are selling illegal goods would want to do it in someone else's store - a store with security? No one is selling knockoff iPhones at the Apple store. And it is not like this filetype can only be posted to Thingiverse - it can be posted anywhere. So there is actually a disincentive to post known contraband to Thingiverse - even if encrypted.

Distribution channels for contraband material already exist. They are called black markets - or, in internet parlance, pirate sites. Adding this 'encryption' is a completely redundant step. When you go up to an unlabeled white van and buy a pair of speakers you aren't handed a mess of shattered plastic and a glue gun with the instructions "some assembly required." Rather, they take your money, hand you a pair of Harmon Kardons, and drive off. Similarly, try searching for your favorite show online: I bet you can find it and no encryption will be involved. Accordingly, encryption is not necessary for sharing .stl files, the filetype used for 3D meshes. There is no reason that .stl should be unique as compared with literally every other file type currently being illegally distributed.

Additionally, it is not the mission of 3D printing companies to police the actions of all of their end-users. Though they have a strong policy goal and public interest in trying to prevent the spread of contraband 3D blueprints over the internet, it is their primary legal goal not to become suppliers of infringing or illegal material themselves. If MakerBot discovers that a particular weird blob looking thing is getting downloaded with alarming regularity, or based on a user report, my suspicion is that MakerBot has the capacity to perform an investigation and remove the questionable material from Thingiverse.

This 'encryption' adds absolutely nothing novel to the ecosystem of transporting contraband across the internet. Forbes may, in fact, be right that it will be increasingly difficult for law enforcement to police the production of contraband with 3D printers in the near future. However, this 'encryption' will have probably have played no role. Rather, as 3D printers spread, so will 3D printing.


Popular posts from this blog

The Most Important Bitcoin News of the Week: SEC Statement

Why Stack Overflow Doesn’t Care About Ad Blockers – Stack Overflow Blog – A destination for all things related to development at Stack Overflow

“Huge” number of Mac apps vulnerable to hijacking, and a fix is elusive | Ars Technica