This post originally appeared on the Shapeways blog.  Although I didn’t explicitly frame it as such there, this is probably the closest thing to a distillation of a bunch of thinking about 3D printing and policy that I did in my first six months on the job.  The content policy section was the result of a lot of reflection about how to draw lines on a service like ours, and the product liability section is a small public example of some long conversations I had with our product liability counsel Patrick Comerford.  It also kicked off a reorganization of all of our policies to guarantee that it would be easy to find all of the previous versions of policies after they were changed, a process that my colleague Allessandra McGinnis was way, way too accommodating of me during.  Anyway…

Today we’re excited to roll out a batch of updates to our policies.  These updates should make Shapeways work better for you, and bring your experience at Shapeways more into line with your expectations of Shapeways.  This post has detailed information about the changes.  As a reminder, you can always find links to archived versions of policies on that policy’s page.

For those of you looking for a quick summary of the changes, here it is:

-          We’ve revised our content policy.  The result is increased transparency around what we will and will not print, opening up a number of new possibilities for models.

-          We’ve updated our privacy policy.  It now has an even stronger commitment to protecting your privacy, especially in the face of requests for your information by third parties and governments.

-          We’ve clarified our terms and conditions.  It should now be easier for you to understand who is responsible for what if a model causes harm to others.

-          We’ve created special terms and conditions for our public API.  They are designed to establish a common set of expectations about how the public APIs work.

Want more details?  Keep reading.  As a reminder, this post is designed to explain the changes that we are making today.  It is the policies themselves, not these summaries and explanations in this post, that form the basis of our agreement with you.

Content Policy Update

The focus of our updated content policy is to bring additional clarity to our content rules.  To that end, we have broken the policy into two sections – one for weapons and one for obscenity – and given each section a list of do’s and don’ts.  These do’s and don’ts are intended to allow designers to get a more clear understanding of what types of models will result in heightened scrutiny or rejection.

Weapons

The updated weapons policy should give designers added flexibility for their creations.  We continue to prohibit guns, parts that modify the functionality of guns, realistic replicas that could be easily confused with guns, and switchblades, throwing stars, and brass knuckles.  These restrictions are largely grounded in laws that restrict the manufacture, sale, and possession of these items.

At the same time, we will be much more accommodating of cosplay accessories, most knives and swords, and gun accessories that are not tied to core functionality – things like mounts and grips.  This should make it much easier for stores such as BrainExploder to offer camera mounts and Ammnra to offer cosplay accessories without worrying about being flagged for content policy violation.

Obscenity

In addition to weapons rules, we’re clarifying how we handle models we consider obscene.  We will continue to prohibit models that embrace sexual violence, hate speech, or that are designed to denigrate living beings.

However, we do recognize that obscenity can be a tricky line to patrol.  Therefore, we are committing ourselves to be responsive to designers who believe that we are missing critical context for a design that we reject for obscenity reasons.  That is not a guarantee that we will change our decision with additional context, but it does mean that we will seriously consider context that we may have missed.

Implementation

In addition to more consistent rules, we’re also rolling out a more consistent internal process to enforce those rules.  All models will be checked for content at the same time they are checked for printability.  Models flagged for potential content violations at this stage will be sent to the Trust and Safety team for review.  In most cases, the Trust and Safety team will make a decision about the model.  If the model is rejected, the designer will be notified of that decision.  If the Trust and Safety team is not sure, they have the option to elevate the question to the legal department, which has final say.  This structure is designed to review models as quickly and consistently as possible so that models that comply with our rules can get printed and designers of models that do not comply with our rules can find out in a timely manner.

You can compare the new policy to the previous policy, which has been archived here.

Privacy Policy Update

The biggest change to our privacy policy is the addition of clear language about how we handle request for your information from government representatives and other third parties.

We take our obligations to secure the information you entrust to us seriously.  We also take our legal obligations to comply with governments and courts seriously.  In light of these obligations, we are adopting a policy that formally requires sufficient legal process before we disclose records about our users to governments and third parties.  Generally speaking, that means that governments and third parties will need to have a subpoena, warrant, or court order in order to access your information without your permission.  Those documents must have enough information to minimize the likelihood of accidental disclosure of information from unrelated accounts.

In the case of law enforcement and other governmental requests, our policy in most cases is to provide notice to a user if she is the target of a governmental request for information.  If such notice is temporarily prohibited by law, it is our policy to alert the users once that prohibition has been lifted.

This general policy does not apply to emergency situations, or to a handful of other third parties who we may share your information with as a normal course of business (our shipping partners or vendors, for example) described in our privacy policy.

In addition to this significant change, the update includes a handful of smaller edits and clarifications.  These include clarifying what types of emails related to our service you may receive from us, a reminder that your data may cross international borders, and how our data retention policy works.

You can compare the new policy to the previous one, which has been archived here.

Terms and Conditions Update

This is an incremental update to our Terms and Conditions, focusing specifically on the language regarding product liability.  This relatively small update is designed to clarify how liability works with 3D printed models here on Shapeways.  In addition to the liability portion of the update, we clarify that except in cases of fraud or policy violation we will give you a full cash refund if we cancel your order.

This rest of this part of the post is designed to help give some background information about how we are thinking about product liability and explain the changes themselves.  As a reminder, you can find all of the old versions of our Terms and Conditions here, along with links to the blog posts that announced and explained the changes.

Liability and Responsibility

This update focuses on events that we wish never happen – models failing and hurting someone.  While it is tempting to cross our fingers and hope that everything that is uploaded and printed will always work perfectly, the responsible thing to do is to face the possibility of error head on.  That’s a big part of the role of our Terms and Conditions generally, and for the sections having to do with warranties, disclaimers, and indemnification specifically.

The nature of what we do here at Shapeways upends some of the assumptions built into the traditional thinking about product liability.  Instead of large companies relying on deep, longstanding relationships to design, manufacture, ship, and sell products, Shapeways allows people working on their own to design objects and connect with buyers directly all over the world.

While this comparatively distributed and informal structure creates a lot of advantages, it also uncovers some challenges.   One of those challenges is that in most cases we here at Shapeways do not really know what we are printing.  That means that we don’t evaluate designs before printing them to make sure they are fit for purpose – in many cases we don’t know what “fit for purpose” would even mean. Similarly, after the objects are printed we don’t test them to make sure they will function as expected because we don’t necessarily know how you expect them to function.  This does not mean that we ignore red flags or do not respond to concerns.  It does mean that we cannot guarantee that a model will be well designed for any specific application.  That’s why we rely on the designer’s word that the designs make sense for their intended purpose.

Nonetheless, there are things that we can guarantee. We can promise that the models will be 3D printed correctly on properly calibrated printers operated by responsible operators.  We can also promise that the models will be packaged and shipped correctly.  That promise means that it is our responsibility if something fails because it was printed incorrectly.  However, it does not mean that it is our responsibility if a properly printed – but incorrectly designed – model fails.

Revised Language

That’s the distinction that the revisions to the Terms and Conditions are designed to highlight.  We have always required designers to certify that their models do not violate anyone else’s intellectual property or applicable laws because the designer is best positioned to know that information.  To that list of designer responsibilities, our update adds things like relevant design and safety standards.

Similarly, we ask designers to stand behind the design specifications of their model because they are best positioned to know if the design is adequate for its intended purpose.  That is also why designers are responsible for the selection of materials.  Designers know which materials are and are not appropriate for a given model, so it is their responsibility to only print (or offer to print) the model in appropriate materials.

Finally, we make explicit what was already implicit in our indemnification section – namely that designers have an obligation to indemnify us in the face of a personal injury or product liability lawsuit flowing from their design.   Again, this is because the designer is in the best position to anticipate – and address – problems related to design defects.

Exploring Together

As I noted earlier, Shapeways raises some novel legal questions about how product liability can work in the context of 3D printing.  In updating our Terms and Conditions language, we are hoping to make it as clear as possible where we understand different responsibilities to lie.  That being said, “novel legal questions” often also mean that the answer evolves over time.  We’re all exploring the implications of 3D printing together, and it is entirely possible that this section of our Terms and Conditions evolves over time.  If and when that happens, we’ll do our best to explain our thinking to you as we go.

New API Terms and Conditions

Still with me?  The final update is not an update at all, but rather an addition.  As many of you know, we have a fantastic public API.  The new API Terms and Conditions are designed to make sure that everyone making use of the API knows how it works and what to expect.  The API Terms and Conditions build on top of our existing site-wide Terms and Conditions.  One of the advantages of that is that the API Terms and Conditions can be brief and a bit more approachably written.  They clarify that we are granting API users a license, that we strive for but don’t guarantee 100% uptime, and how to handle applications that might push an especially large volume of traffic through the API.

Questions, Concerns, Comments?

And that’s the end of the update on the updates.  As I stated at the top of this post, our goal with these updates is to make sure that our rules make it as easy as possible for you to understand how Shapeways works, and to make sure that Shapeways works the way that you expect it to.  If you have questions, concerns, or comments about these changes, let us know.  You can raise them in the comments below, in our forums, or to me directly via twitter @MWeinberg2D or email at mweinberg@shapeways.com.

This post originally appeared on the Shapeways blog.

Earlier this month I was lucky enough to present at the 2015 Creative Commons Global Summit on a question that I’ve been chewing on for the past few months: what is the proper way to give attribution to a designer of a 3D printed object?

First, some quick background.  Creative Commons is the organization behind the Creative Commons (CC) licenses and logos.  CC licenses give creators a way to contribute their copyright protected creations to the public, while at the same time conditioning that contribution on some straightforward terms. For example, CC BY-NCmeans that anyone can use the work in a noncommercial manner without additional permission from the creator as long as they give the original creator attribution (“CC” is Creative Commons, “BY” is attribution required, and “NC” is non-commercial use).  CC BY-SA means that anyone can use the work as long as they give the original creator attribution (“BY”) and license any content the builds upon the work under the same  license (“SA” or share alike).  Credit is important to the CC ecosystem, which means understanding how to give credit is an important part of using CC licensed objects correctly.

The question of how to comply with these terms is important because not complying with a CC term means that you are infringing on the original creator’s copyright (for the purposes of this blog post, I’m ignoring the wealth of 3D printable models that are not protectable by copyright. If you are interested in exploring that line, this whitepaper may be a helpful place to start.)

For the original works that CC was primarily designed for, this attribution requirement was fairly straightforward (here’s the CC-maintained best practices for doing just that).  If you use a CC-licensed image in a blog post, put a credit below the image or at the end of the post.  If you use a CC-licensed song as the soundtrack to your video, add the credit at the end.  In most of the digital world, there is often plenty of space for attribution metadata.

As is often the case, this relatively straightforward system gets a bit more complicated when it comes into the world of 3D printing.  As long as we stay digital, adding attribution to a 3D file can be simple.  Once that digital file becomes physical, attribution can get a lot harder.

In some cases, that attribution takes care of itself because it is built into the model itself.

In the case of this model, the designer’s name is embedded in the bottom of the shoe.

Although even this is an imperfect solution.  If someone decides to remix the model – something that is allowed under the license – and not take the feet in the process, that attribution disappears.

Most models don’t even start with attribution embedded in them.  Thingiverse provides a solution in the form of a credit tag:

The credit tag can work in some situations, especially when you are displaying models in more formal settings like a gallery or trade show.  However, there are still plenty of times when a tag just doesn’t make sense.

Take, for example, jewelry.  When this designer CC licensed these earrings:

Or this designer CC licensed this bracelet:

Did they intend for the person who downloaded and printed the model to hang an extra tag off of them for attribution? Probably not. But what’s the alternative? Is it enough to tell people who ask where the pieces came from?  I don’t know that anyone is sure.

The existence of this question is actually a testament to the success of Creative Commons, and to the way that the 3D design community has embraced CC licenses.  CC has become so second nature to so many people that they don’t even feel the need to walk through each of the elements and spend time considering what they will mean in practice for a specific model.  I’m guilty of the same thing myself.

I released this coin with the logo of Public Knowledge under a CC BY license.  What kind of attribution was I imagining?  I have no idea.

So what is the best way to do attribution for 3D printed models?  I do not have an answer to this question.  It is fantastic that so many people have embraced CC licenses for 3D printable objects.  Now it is time to start building a common set of expectations and best practices.  There is no right or wrong answer.  It would just be helpful to have an answer so people who want to comply with the wishes of a designer know what is expected of them.

That doesn’t start with me. That starts with you.  If you create 3D printable models and license them under CC-BY, what do you expect?  What does that BY mean to you?  Let me know in the comments or on twitter@MWeinberg2D.

Just a note that this is an immediate reaction to news that broke this morning, and my interpretation may evolve over time.  If it does I’ll provide a link here.

Today the Library of Congress released its rules for unlocking 3D printers in order to allow operators to use 3D printing materials that are not approved by the printer manufacturers.  The decision is, to put it mildly, a mess.  It is as if, at the end of the long marathon that was the rulemaking process, the Librarian of Congress decided to slap on iceskates for the last 100 yards. The predictable result was that it fell, broke both legs, and vomited all over itself.  Did it manage to fall across the finish line on the way down?  That’s hard to say.

The Original Argument

Deep background on this proceeding can be found here, here, here, and here.  The short version is that this proceeding was intended to get official blessing for an activity that shouldn’t be illegal anyway: using whatever material you want in your 3D printer without violating copyright law.  (It is reasonable for you to pause now to ask the question: what does copyright law have to do with the material I use in my 3D printer?)The Librarian of Congress ended up granting this blessing, but in a way that highlights the problem with how the Librarian of Congress and the Copyright Office see themselves and this proceeding.  Oh, and they included caveats to the blessing that call the entire thing into question.

To review, the original petition consisted of two main arguments.  First, that circumventing digital locks that prevent people from using their own material in their 3D printer does not violate copyright law. Second, even though doing so does not violate copyright law, the Librarian of Congress and the Copyright Office should formally grant an exemption allowing people to do so, in order to be totally clear that people are free to use their own material in their own 3D printers (for various reasons that I won’t get into here there was a cloud of legal uncertainty around this point).

Not surprisingly, the objections to this proposal from the 3D printer manufacturer Stratasys (who also owns Makerbot) had nothing to do with copyright law.  Instead, they were focused exclusively on a parade of horribles where airplanes fall out of the sky and medical implants kill people because counterfeit material was used in a 3D printer to manufacture a critical part.  Needless to say, these are not the types of harm that copyright law was originally intended to address.

The Decision Today

Today’s decision does a few things right.  First, the Librarian of Congress and Copyright Office state that circumventing a digital lock in order to use your own material in a 3D printer is “likely noninfringing as a matter of fair use or under section 117.”  The Librarian of Congress and Copyright Office do not have the power to determine what is and is not fair use or to formally bless something as violating or not violating copyright law.  However, it is nice to see them stand behind the idea that the activity covered does not violate copyright law.

Additionally, the Librarian of Congress and Copyright Office actually grant the exception.  That is great news.  As a high level matter, both the Librarian and the Copyright Office are endorsing the idea that using your own material in a 3D printer does not violate copyright law.  

But then they add some caveats to the exemption. And the caveats get weird.

Developing the Caveats

During the hearing and in follow up questions, the Copyright Office struggled with the parade of horribles from Stratasys (although the rules ultimately come from the Librarian of Congress, the Copyright Office holds the hearings on the exemptions).  This struggle was hard for the Copyright Office because, well, they are the Copyright Office.  They have no expertise about medical device safety or keeping airplanes from falling out of the sky.

One way to address this lack of expertise would be to recognize that part of the reason that the Copyright Office knows nothing about medical and airline safety is because those are not copyright issues.  Instead of trying to deal with those issues through copyright law, the Copyright Office could rely on the federal agencies tasked with regulating those areas to find a way to protect the public that is completely independent of copyright law. Such regulation is, in fact, possible.

Instead, the Copyright Office devoted part of the hearing to exploring these issues.  This part of the hearing was essentially a waste of time because both the people asking the questions (the Copyright Office) and the people answering the questions (myself included) know nothing about the regulatory systems in place to protect public safety in relation to manufactured objects.

After the hearing, the Copyright Office tried to address these concerns again by proposing a distinction between “commercial” printers and “personal” printers in follow up questions.  Both proponents and opponents of the exemption essentially rejected this distinction as nonsensical and tried to steer the Copyright Office away from it.

Undaunted, the Copyright Office appears to have decided to press on.

The Caveats

The general exemption is limited by caveats designed, in the words of the ruling “to address regulatory and safety issues.”  I want to pause here to emphasize again that there is no reason to think that the Librarian of Congress or Copyright Office has any special expertise on issues of regulatory or safety issues, and that it is a stark reminder of how copyright has spread to every aspect of our lives that they would even consider these far flung issues in a copyright proceeding.

That aside, the exemption grant is limited by the following language:

“The exemption shall not extend to any computer program on a 3D printer that produces goods or materials for use in commerce the physical production of which is subject to legal or regulatory oversight…”

It is here where the Librarian of Congress and Copyright Office fall of their ice skates, break both legs, and vomit all over themselves.

What Does This Mean?

This caveat is a disaster for at least two reasons.  First, “goods or materials … subject to legal or regulatory oversight” is pretty close to being the equivalent of “everything.”  At a minimum, tort laws such as product liability oversee just about every object out in the world, and tort laws are certainly a type of legal oversight.  In addition, there are an almost uncountable number of object-specific regulatory regimes that could oversee any given object.   The “use in commerce” element arguably narrows the scope of that a bit, but “use in commerce” can also be interpreted fairly broadly.  Very little additional information is given in today’s rule to help interpret these terms.

This is exacerbated by the second reason.  As constructed, the exemption applies to the printer, not the use.  By stating that “the exemption shall not extend to any computer program on a 3D printer that produces goods…” it focuses on the possible use of the printer, not the possible specific use.  Read strictly, even if you wanted to only produce that magical good that was not intended to be used in commerce and was not subject to legal or regulatory oversight, you couldn’t unless you had a printer that could only produce those goods. As soon as you had a printer capable of printing objects that could be used in commerce and subject to legal oversight – that’s every printer – you fall outside of the scope of the exemption. (edit: I originally included an extra “to” before “extend” in the quote above and mistyped “on a 3D printer” as “or 3D printer.” I don’t believe that these typos change the analysis, although they do highlight how quickly I was typing this morning.) 

By trying to draw a distinction that both sides of the debate cautioned against, the Librarian of Congress and Copyright Office have created a situation where the caveats devour the entire rule.

Going Forward

To recap, on the plus side the Librarian of Congress and the Copyright Office recognized that using your own material in a 3D printer is not copyright infringement.  They also formally granted an exemption from the rules that would make breaking the digital lock on a 3D printer in order to use your own material illegal.

On the minus side, in an attempt to address a suite of concerns they know little to nothing about, they undermined that exemption by creating a carve out that includes every 3D printer I can imagine.

The real take away is that when copyright gets into areas that no one originally intended things start to break.  It is unreasonable to expect one legal doctrine to be able to regulate all possible harms in all possible arenas.  Hopefully this can serve as a strong example as to what happens when you start to see copyright everywhere.

update: Just to be clear, this entire undertaking is only relevant if your printer does a check to verify that your filament came from an approved source before printing.  If your printer doesn’t do that - and certainly many personal printers don’t - then this proceeding has no impact on you.  Use whatever filament you want.

This post originally appeared on the Shapeways blog.

Today Shapeways is proud to join with our colleagues at Etsy, Foursquare, Kickstarter, and Meetup in urging the White House to begin exploring the possibility of an online safe harbor for trademarks.  We believe that a statutory safe harbor for trademark use online would increase the free flow of information online and empower individuals to push back against abusive uses of trademark.  If you read these last two sentences as “words words words” but are still curious what those words mean, let me take a moment to explain what we are talking about.

The United States has what is known as a safe harbor for websites that allow other people to post content to them (that includes all of the sites mentioned above, and a huge number of sites in the world).  As a general rule, users – not websites – are liable when a user posts things that infringe on the copyright of others.  Without this protection websites would have to individually screen every single post, model, photo, and comment for a copyright conflict before posting them.  In practice, that would mean that there would be a lot fewer sites that allow others to post content online.

One of the conditions of this safe harbor protection is that when a website operator is informed by a rightsholder that something uploaded to the site is infringing, that website operator takes down the allegedly infringing content.  Because this process is governed by a law called the  Digital Millennium Copyright Act (shortened as the DMCA), these kinds of takedown requests are sometimes known as “DMCA takedowns.”  (This epic tale of Eulice and Abbas explains how we handle these types of requests at Shapeways.)

One important feature of this safe harbor system is that, in addition to giving rightsholders the ability to request content be taken down from a website, it also gives the original uploader the ability to request that the content go back up. This ability to push back against takedown requests provides a critical check against abuse of the takedown process.

The safe harbors are critical to the ability of users to push back against abusive takedown requests.  Since the website is protected from liability, a user does not need to convince the website that it is worth it for the website to go to court in order to challenge a takedown.  Instead, the website can get out of a user’s way and let the user challenge the takedown request if the user decides that it is worth challenging.

Similar safe harbor systems exist for things like accusations of defamation.  By pulling the website out of the equation, it is up to users to decide if a conflict is worth pursuing.  Even if a website doesn’t want to risk its entire business on a dispute, the person who stands accused is empowered to fight for rights she feels are important.  On balance, this makes the internet a richer place.

Currently, these types of formal statutory safe harbor protections do not exist for  trademark disputes.  The result is that there are many fewer checks on trademark owners who might want to exceed their rights and suppress a user.  In practice, a user who wants to challenge an accusation of trademark infringement and have their content re-posted must convince the website that re-posting the content is worth going to court over.  Not surprisingly, that can be a hard argument to make.

The filing today is designed to highlight this problem for policymakers.  It is the first step in what will inevitably be a long process towards finding a solution that works for trademark holders and users.  We’ll keep you updated as it evolves.  In the meantime, if you have any questions or comments we’d love to see them below.

This post originally appeared on the Shapeways blog.

This is the fifth post in a series about different types of rights that could be involved with models and files here at Shapeways.  Today we’re talking about what happens to rights in models after the model is sold.

Most of the posts in this series are about the rights of creators and about how those rights give creators control over their creations.  This post is something of the inverse.  It focuses on the rights of people who acquire those creations.  Specifically, it focuses on what happens to a creation after it is sold.

At its most basic, the concept of copyright “first sale” is that when you sell something to someone else, that something is theirs.  Your decision to sell the object means that you are giving up your ability to control that object.  Without first sale there would be no such thing as used record stores or libraries, yard sales would be a lot smaller, and eBay may never have gotten off the ground.

The Object is Not the Copyright, the Copyright is Not the Object

In thinking about first sale it is important to keep in mind the difference between the copyright for the object and the object itself.  This distinction is easy to understand once you have concrete examples. If you buy a copy of a book like Neal Stephenson’s The Diamond Age, you own that copy of the book.  You can do whatever you want with that book – you can lend it to a friend, sell it at a yardsale, or cut it up and turn it into a collage.

You do not, however, own the copyright in Neal Stephenson’s The Diamond Age.  Without owning the copyright to the underlying book, you cannot make a bunch of copies of The Diamond Age and start selling them, or turn The Diamond Age into a musical, or sell a the German translation of The Diamond Age you created.

Fundamentally, the difference between these two sets of rights is the difference between owning a copy of something protected by copyright and owning the copyright itself.  Owning a copy of something gives you the ability to control that copy, but not over the work itself.

First Sale Applies to 3D Printed Objects Too

The same applies for copyrightable objects sold here on Shapeways.  If you sell a model on Shapeways, the buyer of the model owns it.  That buyer can paint it however she likes, give it to her cat, or resell it without getting permission.  However, that buyer cannot create copies of the object without first getting your permission simply because she purchased a single copy from you.

There are some potential exceptions to this. If I buy something from you and then try and resell it as my own work I may be engaging in fraud.  And in some cases happening in some places, mislabeling a model’s title or creator could run afoul of what are known as moral rights.  These are rights related to copyright designed to allow creators to assert their association with a work.

All that being said, in most cases there is nothing illegal about someone purchasing 3D printed models and reselling them somewhere else.

What Should I Do if I Discover Someone Reselling My Stuff?

Assuming you were paid for the models, the reseller probably is not breaking the law.  They are, however, giving you some potentially useful information about your models.  If the reseller is successful, that means that there is a significant market for you work.  That’s a good thing.

It also means that you may be under-pricing or under-marketing your models.  If a reseller can make money by buying your models at retail and reselling them somewhere else, that may mean that you are leaving money on the table with your retail price.  If a reseller has found a profitable market for your models that you didn’t realize existed, maybe it is time to explore that market yourself.  Of course, it may be easier to let the reseller pay you for your model and then explore that market themselves.  Remember that every customer that pays the reseller is also a customer that is paying you for the original model.

Two Caveats and One Place for Additional Reading

Caveat number one: none of this applies if the reseller (or anyone else for that matter) is making unauthorized reproductions of your copyright-protected model.  First sale does not protect someone making such copies, even if they are basing them off a legitimate copy they purchased from you.  You did not sell your copyright in the object when you sold the object itself, and first sale will not prevent you from asserting your rights.  If you discover someone making unauthorized copies of your models, it may be time to reach out to them and/or talk to a lawyer.

Caveat number two: if you are worried about fraud (such as someone passing your models off as their own) you should reach out to the platform hosting the fraudulent models for sale. Their terms and conditions almost certainly prohibit fraud (ours here at Shapeways certainly do).  If someone is committing fraud on their site they will want to know.

One place for additional reading: like many copyright concepts, the first sale doctrine was developed before the internet and digital goods.  Figuring out what first sale means in the context of digital goods can be complicated.  Sherwin Siy over at Public Knowledge has put together an interesting look at how we could make digital first sale work better.