I’ve been thinking about 3D print cloud security.
In recent years many of the 3D printer manufacturers have lit up cloud systems to help customers manage their 3D printers. The main benefit is that operators no longer have to physically go to the printer to launch jobs, as they can instead trigger activity from the cloud service remotely.
Many operations are possible, including monitoring, fleet management, material libraries, usage statistics, etc. Cloud systems are incredibly powerful and in some cases are very easy to use.
They usually offer a wide range of services and benefits, as that’s a way for the manufacturer to attract and retain customers. Give them a good experience, and they will tend to stay.
But there is a dark side.
Some organizations are concerned about the cloud services provided by Chinese 3D printer manufacturers. They feel there is a risk that their proprietary data and information sent through the cloud might be harvested by the Chinese government. They fear their designs might be copied or somehow exposed.
Certain organizations are correct to do so: they may be government or military organizations that absolutely cannot expose their data to anyone. Some private companies working with them may also fall under the same regulations.
But how, exactly does this all work? Is the Chinese government literally scooping up all the data that goes into these cloud services?
Some data is encrypted by certain services, so that may offer some level of protection.
In reality the Chinese government is not running these 3D printer companies. They are private manufacturing companies with their own management. However, they do fall under their country’s laws and regulations, which may allow data inspection.
This means that it is possible that the Chinese government might issue a request for data from a private Chinese company, and they would have to respond. It’s likely they would be prevented by law from notifying affected users.
This is the scenario that some 3D printer operators fear.
But hold on a moment. The same scenario also exists in other countries. In the US, for example, it is possible for legal authorities to request data from US companies. This happens all the time in criminal investigations, and possibly other matters. In some cases private companies are allowed to publicly state statistics about such requests, but not always.
Google, for example, sometimes mentions that they processed X number of government requests for information. We don’t know what the requests were, who they were about, or what data was transferred. It’s all secret. Much like the Chinese scenario. You just know that something happened, and it might have even happened to you. But you wouldn’t know for sure.
Other countries have similar data rules.
The bottom line here is that if you are using ANY of these cloud services, the government of the country in which the service is based can often legally request data. It’s not so much a “China question”, but more of a “who do you want to see your data” question. For 3D printer operators not located in the US or China, this is a very real question.
If you really don’t want anyone looking at your data, the only practical alternative is to operate your own cloud. Unfortunately, this is usually challenging and you lose some (or many) of the benefits of the full cloud system.
And even if you do operate your own cloud system, it is still possible for your local government to show up one day and request the data. You’re no different than a private company operating in that country.
