The Threats of Dangerous Information

Digital Do It Yourself (DiDIY) techniques allow people, not necessarily specialised in the art, to reproduce complex objects with relative ease and low cost. DigitalDIY brings together the physical and the digital realm such as in 3D printers and scanners or networks of sensors and actuators (the "Internet of Things", IoT). This provides tremendous benefits for society at large in various ways:

Dangerous information

In this article we deal with 3D printed guns and bioweapons made by amateurs with digital DIY techniques. People perceive these as a threat and as the production of these dangerous artefacts is based on digital fabrication techniques, we speak of dangerous information.

Famous cases are the first 3D printed hand gun called the Liberator. It can be downloaded from the Internet and printed on a low cost 3D printer. Apart from the risk of blowing in your hands it can be used one time only. A more sophisticated gun that can be CNC milled is the GhostGunner¹. For an amount of about 1200 US$ one can buy a CNC machine that mills the holes in a unregistered gun part (available on the market) so accurately that amateurs are said to be able to produce their own semi-automatic weapon. An organisation called Defense Distributed² runs this project and distributes the CNC machines.

Here we are not dealing with the information on how one can make a bomb or gun. The big, big deal with DiDIY manufacturing of physical objects, be they chairs, bioweapons, machine guns, drones... is that, unlike DiDIY and sharing of immaterial objects, from C compilers to hip-hop songs, DiDIY-made physical objects can directly, concretely cause physical harm to humans (including unintended harm: a faulty file manager cannot break your skull, a faulty drone or kitchen cabinet falling on your head can).

We can distinguish four categories of production of uses of potentially dangerous information:

1. the «mere» production and distribution/sharing of digital files containing the design of physical objects and necessary code and data;

2. the actual fabrication of these objects using the digital information;

3. the intentional usage of digitally fabricated object to engage in unlawful activity; (including objects that are NOT weapons at all! Good examples may be «innocuous» drones used for burglary³, the Arduino-based Lock Breaker⁴ or, even better, construction-industry power-tools self-made or modified, in ways impossible without DiDIY, just to break into a bank vault);

4. the unintentional damage to oneself or other people or their possessions by using DiDIY-made (unregulated) objects.

An analysis – brief for this blog post, but where needed we'll be glad to go deeper – leads us to the following observations:

• Point 1 is the equivalent of the production and sharing/distribution of software, music, ebooks. In part this is covered by Public Licenses (digital commons), in part it is done under fair use policies and in part it is simply inevitable, it is happening. About this, we can observe that the first phase of the War on Filesharing, summarised below, has not resulted either in the destruction of the copyright based industries nor has the level of filesharing been reduced.

• Point 2: for the actual fabrication physical materials are needed. There are possibilities to use this for imposing control mechanisms.

• Point 3: existing legislation applies on what is unlawful activity (such as shooting a person in most circumstances and in most jurisdictions), which will remain just as valid, regardless of the ways in which the «tools» used to break the law were produced, and by whom. Gun control laws can however be easily circumvented by self-made guns. One may ask though whether that hasn't been happening before with guns bought on black markets.

• Point 4: unintentional damage is most likely the most frequent problem as anyone can become a producer, drones fall out of the sky, vehicles may break (as they didn't undergo the same quality assurance processes as the traditionally produced industrial versions) etc. This is possibly the area where most efforts are needed for regulatory reform.

Lessons from history

To put these threats into perspective let us briefly review some of the legal battles that relate to this.

On gun control, ITAR and PGP – The Cryptowars

Previous battles against «dangerous information» include the case against Philip Zimmermann, creator of the first encryption tool implementing public key cryptography: PGP - that stands for Pretty Good Privacy. When Zimmermann published the code in 1991 he was soon accused of violating the International Traffic in Arms Regulations (ITAR). However Zimmermann denied having any part in it export overseas. In 1996 the US government dropped the case, but another cryptographer – Dan Bernstein – sued the State Department arguing that ITAR was an unconstitutional violation of the First Ammendment (protecting free speech). The Electronic Frontier Foundation (EFF) helped Dan with the case: «After four years and one regulatory change, the Ninth Circuit Court of Appeals ruled that software source code was speech protected by the First Amendment and that the government's regulations preventing its publication were unconstitutional.»⁵

Cody Wilson of Defense Distributed is following the same free speech argument. However several lawyers doubt whether that will be as effective as Zimmermann's and Bernstein's cases.

The War on Filesharing – Part I

When by the end of the last millenium Internet adoption went mainstream in Western countries, Napster became the software application of choice to share all kinds of files between peers.

As music, video and proprietary software were heavily exchanged, the respective industries fought to take it down. That was easy enough given that Napster was a central service and the owner of it could be quickly attacked. The next generation of filesharing relied on distributed services, enabling peers to exchange files without a central server. You may remember Kazaa and Grokster. They were taken down as well.

The development of BitTorrent meant a complete new chapter in the War on Filesharing, as this time the sharing logic relies on a protocol, the BitTorrent protocol. A tracker website/service provides the bittorrent file which when dowloaded to a computer establishes the p2p network: all peers with that bittorrent file (together called a «swarm») share the original file in tiny portions until the entire file is distributed. The more people join, the quicker the distribution works, generally. In this scenario the point of legal attack by the copyright industry has been the tracker websites, such as The PirateBay (TPB).

After years of legal battles against TPB, finally in December 2014 the tracker was apparently shut down for good. However a few days later a site called ISOHunt published a copy of the entire TPB database under a free license, encouraging anyone to put up copies of the server. This challenge hasn't been followed however by many. That said, it doesn't seem to be a lasting strategy from the industry to keep people from filesharing. Many ways to find torrents exist, such as applications that have built-in services for discovery of torrents, like Tribler⁶. And BitTorrent isn't the only swarming method either. Newer, more resilient swarming applications for filesharing are under development, specifically designed to circumvent the weaknesses in BitTorrent's reliance on tracker websites.

Conclusions

This is a really challenging area of marking the path towards meaningful regulation of technology such as the ones enabling DiDIY. Therefore we can only provide some initial conclusions in this post and promise that we will continue to dive deeper into its various parts.

Vincent Mueller recently brought up the question whether Digital DIY will be the end of gun control⁷ and refers to an article of his hand dated 2006, on «dangerous information⁸». In this post we have tried to distinguish the various dangers. And while agreeing that gun control is a desirable feature for a peaceful society, we can't envision yet a desirable and workable regulation that can control «dangerous information» related to Digital DIY.

There is the question whether the dangers of intentional harm done with DiDIY-ed weapons are larger than the unintentional ones. The unintentional harms and damages require seriously different regulations, not directly related with gun control.

There are also the lessons we can draw from the cryptowars and the war on filesharing as we have lived them during the last two decades. All in all, for the moment we have no definite conclusions, just some observations and comments, to bring as contribution to future debate:

• as long as the Internet remains open and free as we know it, there is little effect to be expected from traditional control measures in terms of gun control. Filesharing is not being stopped (as history tells us);

• more in general, it is clear now to a growing number of people that our world is changing, that central control that was so common in the industrial age is much less enforceable, in practice, in a network society where people can directly share knowledge and files according to their needs and interests;

• if this is the case, it may be more effective to focus on is how to address the challenges in other ways, possibly through voluntary registration or the control of physical resources and raw materials that are needed to produce dangerous goods.

We encourage people to let us know of constructive proposals and add to this debate.