Feeds

You want to put 3D gun designs on the web? You'll need a 2D printer

Psst! Meet me in the Rotterdam nuke-material bazaar

Top three mobile application threats

Comment Much fun has been had over the Liberator, the 3D printed plastic gun.

Our editor - a man who knows about such things - here at El Reg has pronounced it a piece of crap. Innumerable people have declared that it's either the end of civilisation as we know it or proof perfect that the Commie statists will never win. My own interest, decidedly odd I admit, has been in the matter of export licences for printed guns. It turns out that you would need to use an ordinary printer, as well as a 3D one, if you wanted to get around the legal restrictions which led to the Liberator designs disappearing from the developer's website.

One of my colleagues over at Forbes has been writing about the Liberator (indeed, he's the source for nearly everyone else's coverage) and this piece is, from my point of view, wonderful:

On Thursday, Defense Distributed founder Cody Wilson received a letter from the State Department Office of Defense Trade Controls Compliance demanding that he take down the online blueprints for the 3D-printable “Liberator” handgun that his group released Monday, along with nine other 3D-printable firearms components hosted on the group’s website Defcad.org. The government says it wants to review the files for compliance with arms export control laws known as the International Traffic in Arms Regulations, or ITAR. By uploading the weapons files to the Internet and allowing them to be downloaded abroad, the letter implies Wilson’s high-tech gun group may have violated those export controls.

What makes it so interesting to me is that I've wandered down these alleyways of export controls, arms licences and the like several times. And the truth is that even if Wilson goes off and gets an export licence for this gun design he's almost certainly not going to leave it up there for foreigners to grab hold of. Because one of the terms of such an export licence is that you agree to be personally (yes, personally, not corporately) responsible for what people do with it.

To an acceptable level of accuracy there are three levels of such licences: Commerce, State and bleedin' hard to get.

I got a Commerce licence once for some hafnium oxide: I wanted to take some US material to Russia, there to turn it into hafnium carbide which would then be used as the interior layer on a US scramjet/hyperjet engine. Getting this licence involved phoning up a nice lady in the Department of Commerce and 30 days later shipping the material. The reason for the licence requirement is that we’re talking about a possibly nuclear material (in detail, a low zirconium level will mean it is nuclear purity, 2 per cent or so that it isn't) and they really want to check that it isn't nuclear purity. Almost, it's a licence to show that you don't need a higher grade of licence.

I've also had State licences. These take several months to get: one set of them was for radiation-hardened chips to go into Russian space stuff. The Russians could no longer make these, they had to come from the US. Such chips to go into ISS components were fine: such chips going into Russian spy satellites would not be. Thus a licence is required, they check where they are going, that where you say they are going actually does what you say and so on.

Then there's the bleedin' 'ard to get ones. Again, I’ve gone for several of those over the years and they involve men with three letters after their name poking around in your private life. One was to ship a - at the time - top end Sparcstation out to a Russian military helicopter factory. Another was a uranium shipping licence. These are so hard to get that when we wanted to ship some nuclear grade zirconium around we just didn't bother. Just indicated to the seller that we'd pick it up in Rotterdam if he'd like to get it there no questions asked. Entirely legal for us by the letter of the law.

But there's one very important point about all of these licences. You, the person signing off on the application, are taking personal responsibility for the material going to the place and for the use that you have claimed. It doesn't matter if someone screws you over and lies, the truck is hijacked, the government changes its mind: you're responsible. So if those rad-hard chips had gone into spy satellites I might just about be getting out of jail now, a decade or more being a likely sentence.

This does actually happen too. One poor bloke at a US zirconium producer spent three years inside. He was simply the middle manager who applied for the export licence for some Zr powder. This can be, indeed is, used to make the ignition triggers for car airbags (Zr powder goes bang if you shock it). It's also used as the secondary trigger in a number of types of ammunition. The company shipped some off to a company in Chile on this car airbag licence and the material was later found in cluster bombs being used by Saddam. Would you like to come this way please Sir? Yes, we understand that you didn't know and had nothing to do with it but this is your name and signature, isn't it? Three years seems fair doesn't it?

And it's this point that is going to cause problems with the distribution of that Liberator (or other such) designs. Yes, such designs are considered to be controlled items. Yes, they do fall under one of those licence classes (usually, State). And yes, whoever gets that export licence is then responsible for what people do with the design. If AQ decides to download the design and manage to hijack a plane or two then the guy who signed the licence application is aiding and abetting terrorism.

Sure, the designs are all over the torrents. Stable doors and bolted horses and all that. But Wilson can't distribute the design overseas (he can do what the hell he likes inside the US) without the licence and to get the licence he's got to take that responsibility.

Which isn't, obviously, going to happen even if the licence were to appear.

There is one way around all of this, though. Yes, software to design guns is controlled - as was software to encrypt things, once upon a time. Like, for example, Pretty Good Privacy (PGP). However, the same information printed out as a book is not covered by such licence restrictions. That's a First Amendment issue, a free speech one. So:

The heart of the issue is the US Export Regulations, which classifies cryptographic software as munitions(!). Thus you need a license in order to export PGP from the USA. However, the Export Regulations only covers software in electronic form (e.g. on disks, or via the Internet). PGP 5.0i, on the other hand, was compiled from source code that was printed in a book (well, actually 12 books - over 6000 pages!) The books were exported from the USA in accordance with the US Export Regulations, and the pages were then scanned and OCRed to make the source available in electronic form.

They've now changed the rules on encryption software: but not as yet on gun designs. So, if one really wants to distribute these designs what one needs to do is export them as paper documents, then reconstitute them as software. Then it's entirely legal to whack them up on the internet - and you've probably find it easier to distribute to customers in the US from outside it as well.

It is indeed all a bit weird: but never underestimate the ability of the law to be several decades behind what it is that people are actually doing. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Feast your PUNY eyes on highest resolution phone display EVER
Too much pixel dust for your strained eyeballs to handle
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Report: Apple seeking to raise iPhone 6 price by a HUNDRED BUCKS
'Well, that 5c experiment didn't go so well – let's try the other direction'
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
NORKS' own smartmobe pegged as Chinese landfill Android
Fake kit in the hermit kingdom? That's just Kim Jong-un-believable!
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.