3D Printing: IP Vulnerability and Information Technology
John has been a counselor and litigator in the Washington, D.C. office of the Finnegan IP law firm (one of the large IP firms in the world) for over 30 years. John founded Finnegan’s 3D Printing Working Group and advises clients about how 3D printing may affect their businesses. John frequently speaks and writes on 3D printing and has been recognized as a thought leader in this space. He is the author of the book, 3D Printing Will Rock the World, which won a Silver Award from the Nonfiction Authors Association (available on Amazon in paper or Kindle).
To date, controlling 3D printers and the digital blueprints for 3D printing has not received much attention. Certainly this is an IP issue, but perhaps more importantly it is an IT issue. Whether digital blueprints are stored inside a company’s servers or in the cloud, IP protection may depend on IT protection. Companies need to start assessing the IT risks related to 3D printing and take steps to secure their machines and digital blueprints.
“Unlike real jewels, a company’s digital blueprints cannot be protected by safely locking them away”
According to Pam Baker, author of Data Divination: Big Data Strategies, 3D printers are “poised to create havoc when it comes to protecting intellectual property, and the fallout will land squarely at the feet of IT professionals.” Once a company loses control of a digital blueprint, it may be gone forever, along with its IP. Such losses may have devastating effects on the company. Although legal recourse may be the last line of defense against such losses, IT is the first.
Why IT Controls are Needed
The Gartner market research firm predicts that by “2018, 3D printing will result in the loss of at least $100 billion per year in intellectual property globally.” These losses will have several causes, all of which have IT implications.
Desktop 3D printers provide an invaluable advantage for expediting product design and development. Designers can instantly iterate with the click of a button. Desktop 3D printers are multiplying like rabbits in many companies, but they are often purchased with discretionary budgets. A company’s management may have no idea how many 3D printers it owns, who is using them, what they are being used for, how or where the digital blueprints are being stored.
For both desktop and production machines, anyone can print almost anything, without management knowing about it. IT can and should play a role in identifying and controlling the company’s 3D printers.
IT’s role does not end with controlling machines. A company’s product and part designs are its crown jewels. Because more designs have moved from the analog to the digital world, they are becoming as easy to share as music downloaded from the Internet. Like digital music files, 3D printable digital blueprints may be shared illegally by company insiders or hacked by outsiders. IT departments will become increasingly responsible for assuring that digital blueprints are safe and secure from bad actors.
Not all 3D printing-related IP losses will be caused due to man made disasters.. Companies will sometimes accidentally lose control of digital blueprints. Because far less labor is required to 3D print a part than to make it with traditional methods. 3D printing facilities are expected to become increasingly regional and distributed all over the world. However, regional and distributed manufacturing result in digital blueprints being more widely dispersed than in a traditional manufacturing environment. Employees may also disperse digital blueprints by downloading them to potentially unsecure desktops, laptops, or mobile devices. Further, employees may share digital blueprints electronically with other employees, or with contractors or customers. Digital blueprints are also often loaded onto USB drives or memory cards for loading into 3D printers for printing. Such dispersion of a company’s crown jewels means greater risks of losing control of them. IT needs to know where the crown jewels are at all times, and to make sure they remain in the company’s control.
But unlike real jewels, a company’s digital blueprints cannot be protected by safely locking them away. They must be available for use by research, design, and production personnel. So controlling use is the key, whether the blueprints are stored on company servers or in the cloud.
A company’s digital blueprints will become more important, and more vulnerable, as the company shifts from inventorying parts to 3D printing them on demand or farming out the printing. As Pam Baker observed, “Shipping [digital blueprints] to 3D printers, or making the files downloadable from websites, is the logical progression in product distribution. It negates the costs involved in warehousing stockpiles of products and shipping them to customers.” One way to control such blueprints is to keep them internal to the company, which is partly the role of IT. But 3D printing may also lead companies to have parts printed by independent fabricators or to share digital blueprints with customers, to allow them to 3D print their own parts. Without proper IT controls, sharing with one fabricator or customer could unintentionally morph into sharing with the world, with disastrous consequences for the blueprint owner.
Assuming such sharing is done securely and the 3D printing is done according to company specs, the company may stand behind fabricator-printed or customer-printed parts. Mass customization is also a great strength of 3D printing. The company may also stand behind parts whose designs are customized by customers, as long as proper controls are in place. Some of those relate to manufacturing. Others relate to controlling data, which is an IT function.
It may also become more difficult to secure digital blueprints within the supply chain and companies who believe they will never give their suppliers or customers digital blueprints may be living in a fool’s paradise. For example, companies may prefer that their customers 3D print parts from official digital blueprints, rather than scanning parts and 3D printing their own parts from the scans.
To secure both desktop and production 3D printers and the data they convert into physical objects, companies need to adopt strict physical and digital controls. Such controls need to protect the crown jewels and detect risks. They must identify the data and control who has access to it and how it can be used and transmitted. They should monitor and log such uses and maintain an audit trail.
File integrity must also be controlled. Companies need to be able to know if their digital blueprints have been modified internally, or by fabricators or customers. They need to be able to determine which blueprint is the master, the original, or the genuine file. If the company stands behind customized parts 3D printed by fabricators or customers, the integrity of such parts will partly be the responsibility of the blueprint supplier’s IT solution.
The digital blueprint may be only part of the data that needs to be controlled. Data related to making designs watertight and error free, slicing the design, and the GCode that instructs the printer how to print may be part of the company’s secret sauce, and should all be controlled.
Any IT solution for 3D printers and data needs to protect company IP while providing research, design, and production personnel with frictionless access to 3D printers, digital blueprints, and related data.
Companies need to protect their IP with a solid IT strategy for securing and controlling 3D printers, digital blueprints, and related data. Such a strategy should strike a balance between IT controls and making the machines and data available to the people who use them to design, develop, and manufacture products.