Embedded security systems can restrict nanofactories. Unrestricted molecular manufacturing would create terrible dangers. Some restrictions will clearly be necessary. However, no simple solution can work—any effective solution must be multifaceted. Technological capabilities and restrictions deserve special attention because of the unprecedented power and compactness of the technology. This power and compactness is what makes MNT-built products so dangerous. However, it also allows the design and use of very small security devices. Surveillance and/or restrictive devices can be integrated into many MNT products, including nanofactories. We describe here a system called Embedded Security Management (ESM) for applying flexible controls at the most effective points. Basically, nanofactories have to check with a central controller before building any product.

There are many useful points of control to prevent illicit products. There are several distinct points where the use of nanofactories can or should be limited. Built-in technology restrictions can help at most of these points. Products must be designed, nanofactories must exist, designs must be distributed, products must be built, and products must be used. The people involved are product designers, nanofactory owners and users, product users, and one additional group—"crackers" who would try to break the technological restrictions at any point in the product cycle. Undesired use can be either prevented technologically or deterred with technological assistance. The many combinations of stages, people, and types of control provide a foundation for flexible design of a suitable control system. This page describes the extremes to which control can easily be taken. Some of these measures are undesirable for a variety of reasons and will probably not be necessary in practice to maintain security.

The primary goal is to prevent unrestricted nanofactories from being developed. An unrestricted nanofactory can be duplicated easily, spread widely, and/or used to build all sorts of dangerous products, thus destabilizing economics and geopolitics and reducing individual and institutional security. A secondary goal is to prevent dangerous products from being produced by a restricted nanofactory. Even if unrestricted nanofactories are prevented, there are many products such as weapons and drugs that could be damaging to society. Also, too few checks on nanofactory products would make it too easy to bootstrap an unrestricted nanofactory. Finally, nanofactory restrictions can form the basis of a commercial infrastructure, allowing designers to charge money for their designs without fear of illicit copying, and permitting enforcement of intellectual property laws.

Nanoblocks can be fabricated separately. To build an MNT product, it is necessary to produce small complex parts using molecular fabrication, and then join the parts together. The nanofactory that we have described does both operations internally, fabricating nanoblocks and then joining them via convergent assembly. However, prefabricating the nanoblocks in central factories has several advantages. First, most of the energy required to build a product is used for fabrication; an assembly-only nanofactory would be more suitable for home use. Second, the mechanochemical fabricators could be kept under much tighter security in a central location than in millions of personal nanofactories, which simplifies the problem of thwarting illicit nanofactory bootstrapping efforts. Of course, this approach would impose some additional limitations on the products, but the tradeoff might well be worth it. (Thanks to Tom Craver for suggesting this.)

Nanofactories can be made to check before building each product. There are several ways to limit personal nanofactories (PNs) to only build desired products. Each approved product file could be digitally signed by the approving body, and factories would only accept signed designs. However, this does not allow revocation or limitation of permission. A hardware key could be required, so the holder of a certain key could build certain products. This is also insufficiently flexible. It seems best to require the PN to check with a central agency for permission before building each product. Such checking need not require much time or overhead; if every file is digitally signed when it is first designed, all that's needed is to check the signature against one or two lists. If a problem were discovered with a design, the ability to produce it could be revoked. This also allows products to be tracked to some extent; product recalls as well as law enforcement would be facilitated by keeping track of which factory produced which product at what time. For products carrying some kind of risk, the person requesting the product could also be verified. For example, some medical products might only be produced at the request of a medical doctor or pharmacist. This type of tracking could also form the basis for commercial transactions: a product would be made only after a consumer had paid the owner of the design. This level of tracking will raise significant privacy concerns. However, consumers are already giving up their privacy to a large extent in today's software systems, and the entertainment industry will quite possibly be successful at getting Digital Rights Management accepted. Since most MNT products could be made by anonymous users, DRM is an equivalent or greater privacy loss—and provides far less benefit.

Many designs could be approved automatically. Under CRN's ESM plan, each new design would have to be approved before it could be manufactured. Designs would be divided into classes, each with their own approval scheme. Many useful products will be reasonably large (and could not easily come apart and release nanoparticles), with only small amounts of energy storage (so they could not easily hurt someone), and no edges sharper than children's scissors (and a few other restrictions). Such designs may be considered "probably safe", and may be approved by an automated process. Other products may need an approval process similar to UL listing before they can be widely produced. Still others are so dangerous, either to people or to the MNT security infrastructure, that they would have to be carefully restricted—built and used only under close supervision.

Legal jurisdictions create some complications. Legal issues are difficult because of the wide variety of laws and jurisdictions. Even the "probably safe" class includes includes many products that would be illegal in certain jurisdictions, including some weapons, drug paraphernalia, and sex toys. Within a jurisdiction, the designers of such products could be tracked and punished as soon as the product was noticed. Cross-jurisdictional transfer of designs is a more difficult problem; a design may be perfectly legal in one place and forbidden in another, and digital files do not respect borders—nor should the designer be responsible for knowing, much less following, every law in the world. As today, responsibility for owning an illegal product can rest on the owner of the product. Knowing that each product built can be tracked will serve as a deterrent. Image recognition software is being developed today for a variety of purposes, including filtering pornography on the Internet. Similar software could be used to scan designs for potential illegality, and warn users before they built the product. Foreign designers known to produce locally illegal products could have their designs flagged, manually assessed, and blocked for nanofactories within the local jurisdiction. Although these answers are not perfect, they offer a more effective and comprehensive solution than the methods used today to prevent importation, manufacture, and possession of illegal products.

Nanofactories can be made very "smart" about detecting intrusion attempts and fingering the criminals. There are many incentives to "crack" nanofactory security, creating an unrestricted factory. An unrestricted factory could be used to produce goods without paying royalties, to produce weapons and other tools of crime and terror, and to produce illegal goods with little chance of being caught. It is important, then, to make nanofactories difficult to crack and to discourage people from trying. A tabletop personal nanofactory (PN) is large enough to contain a vast amount of security hardware. For example, a cubic millimeter can contain a million nanocomputers. A similar amount of hardware can be built into the walls and interior of the factory to detect either physical damage or scanning. If a cracking attempt is detected, the factory can immediately shut itself down and destroy its interior structure. Even high explosive could not open the factory as fast as a self-destruct signal could be sent internally.

For several reasons, it is useful for PNs to know their location and be in close contact with the central controller. This allows jurisdictional restrictions on products. It also allows some security problems to be corrected: if someone discovers how to crack a nanofactory, all PNs of that design can be deactivated. A PN that lost contact with the central controller would quickly deactivate and scramble itself. When a nanofactory detects a cracking attempt and shuts itself down, that event would be traceable—and the last known location would help to catch the crackers. Contact could be maintained through a GPS-like system that tracked both the content of the messages and the time required for their delivery. This would allow the factory to triangulate its position, and to be fairly certain that no one was intercepting and modifying the messages—or at least not taking a long time to do so. Successful cracking of a PN would probably require destruction of several nanofactories, plus time to work. Close monitoring of PNs would almost guarantee that such an attempt could not succeed before the police broke down the door. Finally, requiring nanofactories to be in contact with central control would prevent the use of PNs in large free-range self-replicating systems that might otherwise be difficult to track and clean up.

Risky or valuable products could use a similar system to track and report their location and usage. The advantages of built-in product tracking are not available for very small MNT products, but very small products are undesirable for other reasons, including litter and possible health issues.

Massive nano-built computer power can help with several problems. MNT fabrication can create amazing amounts of computer power, which can be used to check designs or implement surveillance. Software under development today can analyze video and detect unexpected events. This allows automated, or at least semi-automated, detection of illicit research activities. Image processing software can be used to obscure the faces and other identifying details of individuals, allowing locations, equipment, or questionable activity to be studied in detail without revealing people's identity—unless the activity is determined to be criminal. Of course, such a system would have a very high potential for abuse; it should probably not be used unless all the alternatives are clearly worse.