Proplets: Devices for Controlling Property

Nick Szabo



Civilization has highly evolved practices for determining whether certain actions are allowable or not, or who should prevail in a dispute, namely law. Such a body of knowledge cannot be reinvented from scratch, so instead e-commerce security should draw heavily on it—building property rights, contract and tort law into technology at a very basic level. Proplets define the basic security architecture for local evidence gathering, enforcement, and negotiation of such laws.

Proplets do not rely on central planning, AI, or a single trusted third party for any function. Central planning is not able to account for the distributed and diverse knowledge and preferences of different people. A "trusted third party" is a nice-sounding synonym for a wide-open security hole that a designer chooses to overlook. Proplet design places strong emphasis on eliminating such exposures.

The key is building in, at the most basic level of technology, code (in both the legal and software sense) that allows a widely distributed people, each person having his own unique information, circumstances, and preferences, to cooperate within well known, mutually agreeable, and strongly enforced constraints. With these constraints the risks and benefits of technology are balanced, weapons are monitored and securely restricted in their use to only very narrow, specific, lawful conditions, and for every person there is more profit from peace than from destruction.

The goal of proplet design is to control physical objects with digital protocols. Proplets protect its structure and function from non-owners, and observe the environment for phenomena impinging on a region, on matter, or on its owner. A proplet is an electromechanical device (e.g. a MEMS device) with the following core abilities:

  • It knows who owns it
  • It knows where it is in space and time
  • It can communicate securely with nearby proplets, over a public network, and with its owner
  • It contains a computer, called the ownership module, that is a secure extension of the owner's trusted computing base
  • The ownership module securely exercises control over a machine via entanglement (explained below), or over nearby inanimate matter via sensors, effectors, public registration, and law.
  • It can securely recognize nearby proplets owned by the same owner

A proplet may optionally also have the following abilities:

  • It can cooperate with nearby proplets, especially those owned by the same owner or under contract with the owner. This can include the manufacture of larger structures and machinery.
  • Guest computation modules—extensions of the trusted computing base of a non-owner of the proplet for purposes of rapid protocol communications. The guest can store proprietary data and programs on the proplet in his guest modules where they are inaccessible to the owner, except through services designed by the guest. The guest modules also can locally execute smart contracts with the owner.
  • Deed modules—these operate the smart contracts, or deeds, created by previous owners to bind future owners.

No computational module can be read or controlled by physical tampering—it will shut down, erase itself, or even self-destruct depending on the severity of tampering. Computational modules are "transparent" to their publically registered controller and opaque to other entities.

Only protocols that are simple and composable with provable security govern the communications between the security kernel (private key operations), control box, sandbox, and other components of a computation modules. Similarly for communications between modules and between proplets.

How does a proplet find out who owns it, or a guest module who controls it? There are two basic ways:

  • It looks up the public key of its current owner or guest in a public title registry, and follows instructions signed with the corresponding private key, or
  • It follows instructions signed by the private key held by home proplets. Home proplets live on or inside the owner or guest. Transfer of remote proplets (or guest modules) occur with the transfer of the home proplets that govern the remotes.

A proplet's guest modules are publicly listed and transferred independently of each other and of the proplet's ownership module.

With the home proplet alternative, biometric control of the home proplets may replace public ownership records.

Proplets control electronics directly from ownership or guest modules. Proplets control machinery via entanglement. Entanglement can take at least two forms:

  • Firing sequences, without which the machinery cannot work. (Digitally timed high performance automobile engines and nuclear explosives are two contemporary examples).
  • Direct nanomechanical linkages.

Entanglment designs have in common that they make it too expensive for the attacker to steal the electronics or machinery by severing it from the controlling proplet.

Tort

Deeds, in the context of replicated property titles and proplets, are smart contracts executed by a deed module. The current owner may add new deeds agreed to (but not remove old ones) by drafting signing and signing such a smart contract with other current property owners. The deed binds both properties (perhaps to different terms, depending on what the two current owners have negotiatied). The deed modules can be audited at any time by the contemporary owners of other proplets bound to the deeds. Founders of competing property title registries define master deeds, or tort laws, to govern disputes within registry properties. They also define tort law for disputes between their properties and properties defined by other registires, by coming to agreements with those registry founders. Founders also create the initial allocations.

Founders are often the manufacturers of proplets. They build in a particular registry as authoratative for their proplets as well as designing an accompanying tort law.

For example, the founder of registry of fixtures in a spatial region can sign an agreement with a movable property (chattel) registry, governing the behavior of chattel moving through space and interacting with fixtures. The manufacturers of chattel and fixtures program their proplets to respect the appropriate registries and constrain their sensors and effectors to follow the tort law that has been agreed to.

Conclusion

Proplets combine our most highly evolved practices for cooperation on a large scale with a technology architecture suitable for advances well into the future, even well into posthuman civilization. Proplets provide a much sounder footing for solving the problems of high technology cooperation including problems such as privacy, weapons of mass destruction, and other abuses of the power of advanced technology.

References

"Computer Security as the Future of Law", Mark Miller
"Formalizing and Securing Relationships on Public Networks", Nick Szabo
"Secure Property Titles", Nick Szabo

Acknowledgements

My thanks to Gregory Burch, J.D. for his helpful questions.


Please send your comments to nszabo (at) law (dot) gwu (dot) edu