Cyborgs Unite!

Video in TIB AV-Portal: Cyborgs Unite!

Formal Metadata

Cyborgs Unite!
Title of Series
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
When Karen discovered at a young age that she had a life threatening heart condition, the last thing she expected was to have to worry about software. Now, with a heart device implanted in her body, she has come to understand not only how vulnerable medical devices are but how we are making critical choices about software that will have huge societal impact. Karen will talk about the hacks which show how essential free and open source software is and will discuss her professional and personal view of the issues both as a patient and as a cyborg lawyer. Karen will also touch on potential avenues for accountability, transparency, and access to remedies as we hurtle towards an Internet of Things built on proprietary source code that prevents us from knowing exactly how these vital devices work, what data they are collecting and to what ends, what their vulnerabilities might be, and the extent to which their closed, proprietary nature keeps us from developing societal mechanisms and review processes to keep us safe.
Keywords Keynote

Related Material

Video is cited by the following resource
Computer animation Self-organization Conservation law Bit Product (business)
Service (economics) Computer animation Software Open source Meeting/Interview Term (mathematics) Multiplication sign Self-organization Normal (geometry) Freeware Element (mathematics)
Computer animation Bit Office suite Condition number
Algorithm Computer animation Software Open source Meeting/Interview Projective plane Table (information) Freeware
Software Meeting/Interview Universe (mathematics) Representation (politics) Office suite Heat transfer Line (geometry) Parameter (computer programming) Data conversion Computer Physical system
Mathematics Computer animation Observational study Meeting/Interview Stress (mechanics) Identity management
Cybersex Inference Computer animation Software Meeting/Interview Multiplication sign Surgery
Observational study Bit rate Software Code Video game Right angle Lattice (order) Quicksort
Computer animation Meeting/Interview Code Line (geometry) Cartesian coordinate system Mereology Exploit (computer security) Software bug Social class
Mathematics Computer animation Open source Multiplication sign Order (biology) Online help Bit Field (computer science)
Functional (mathematics) Voting Observational study Information Hacker (term) Virtual machine Mereology
Estimator Computer animation Observational study Code Line (geometry)
Observational study Multiplication sign Projective plane Student's t-test Offenes Kommunikationssystem Number Software bug Frequency Computer animation Software Factory (trading post) Software testing Physical system Vulnerability (computing)
Curve Observational study Open source Multiplication sign Sound effect Propositional formula Offenes Kommunikationssystem Event horizon Product (business) Frequency Software Personal digital assistant Different (Kate Ryan album) Freeware Physical system Vulnerability (computing)
Scripting language Functional (mathematics) Open source Observational study Software developer Correspondence (mathematics) Multiplication sign Source code Product (business) Broadcasting (networking) Computer animation Software Encryption Video game Right angle Internet der Dinge Information security Vulnerability (computing)
Computer animation Software Meeting/Interview Theory
Computer animation Software Meeting/Interview Computer configuration Direction (geometry) Projective plane Self-organization Conservation law
Computer program Projective plane Binary code Sampling (statistics) Bit Graph coloring Arithmetic mean Exterior algebra Computer animation Software Synchronization Internetworking Pattern language
Process (computing) Open source Software Observational study Personal digital assistant Source code Right angle Game theory Freeware
Group action Kernel (computing) Computer animation Software developer Projective plane Representation (politics) Conservation law
Slide rule Goodness of fit Computer animation Computer file Software Source code Projective plane Rule of inference
Game controller Mathematics Process (computing) Computer animation Open source Software Personal digital assistant Projective plane Energy level Freeware Mereology Product (business)
Mathematics Computer animation Open source Meeting/Interview Phase transition Normal (geometry) Freeware
Computer virus Multiplication sign Set (mathematics) Propositional formula Event horizon Category of being Word Process (computing) Bit rate Meeting/Interview Configuration space Figurate number Alpha (investment) Condition number
Area Game controller Software Open source Meeting/Interview Personal digital assistant Right angle Line (geometry)
Axiom of choice Game controller Software Hacker (term) Multiplication sign Direction (geometry) Source code Right angle Basis <Mathematik> Spacetime Product (business) Twitter
Word Process (computing) Computer animation Multiplication sign Self-organization Right angle
Degree (graph theory) Cybersex Word Group action Computer animation Multiplication sign Basis <Mathematik> Line (geometry) Spacetime
Word Computer animation Information Software Perpetual motion INTEGRAL Patch (Unix) Line (geometry) Internet der Dinge Mereology
Cybersex Frequency Slide rule Computer animation Multiplication sign Execution unit Line (geometry) Office suite Information security Flow separation Bookmark (World Wide Web) Product (business)
Axiom of choice Trail Functional (mathematics) Information Multiplication sign Interface (computing) Source code Moment (mathematics) Mass Complete metric space Exploit (computer security) Representation (politics) Software testing Right angle Office suite Table (information) Wireless LAN Family Information security Spacetime Vulnerability (computing)
Game controller Group action Arithmetic mean Computer animation Open source Software Right angle Freeware Surgery Product (business)
Presentation of a group Multiplication sign
Context awareness Game controller Service (economics) Open source Software Observational study Meeting/Interview Multiplication sign Freeware
Arithmetic mean Game controller Open source Software Meeting/Interview Term (mathematics) Electronic program guide Data storage device Sound effect Right angle Software industry Portable communications device
Building Game controller Software Multiplication sign Interface (computing) Order (biology) Parameter (computer programming) Office suite Distance
Point (geometry) Open source Multiplication sign Public-key cryptography Arithmetic mean Software Telecommunication Encryption Software testing Right angle Quicksort Freeware Information security
Point (geometry) Finitismus Open source Multiplication sign Source code Theory Formal language Mathematics Strategy game Core dump Videoconferencing Encryption Conservation law Representation (politics) Information security 3 (number) Bit Process (computing) Software Order (biology) Video game Right angle Quicksort Cycle (graph theory) Tuple
Axiom of choice Copula (linguistics) Kernel (computing) Computer animation Forcing (mathematics) Self-organization Flow separation
Game controller Context awareness Open source Code Multiplication sign Software developer Source code Theory Product (business) Software Self-organization Office suite Freeware
Arithmetic mean Computer animation Meeting/Interview
hi everyone thank you so much less if it makes you drown of applause for these organizers because this is a
tremendous amount of work and i'm leaving conference with a million volunteers I came by yesterday to see if I can help out and maybe even you any my house because there were so many people doing everything that is deposited the organizers so few few to bit about myself I'm the executive director of the suffer Freedom Conservancy raise your hand if you have heard of the suffer freedom in the in the I did not underline the a quarter to even the product will get into that will tell you a little more about it it in a minute I am a lawyer and with an engineering background
but all of my little work now is 7 pro-bono which means that I don't charge for my services and so I'm
pro-bono a lawyer for a the free supper Foundation is an element of the other organizations and I am super into a free and open source software have been for a really long time and then at 1 of the reasons why that's true is because I'm at patient I literally have a big heart and I have assumed heart my heart is 3
times the size of a normal person's heart on which is totally fine people
I am asymptomatic but I'm at a very high risk of suddenly died the medical term is actually sudden death and the which i is hilarious I guess I and I I so I had this I when I got diagnosed it
was kind of a of a little bit of an accident I was getting migraines and I went to the doctor I about those migraines and I heard that I had a murmur so I went for cardiologists and it turned out that I had his heart condition and I had no no idea but it was OK and my
cardiologist told me because I could get a defibrillator the and pacemaker wastes would basically you know be a little bit of a green
Angel and we deliver a shock if I ever went into sudden death Johnson sitting there in the cardiologist office and here but what they do is an
answer with my mother because as 1 doesn't it's 1 mother to the current knowledge and so I'm sitting there with my mother the current knowledge about and they have a bunch of these devices in their draws bit like the
uh device manufacturers give them to doctors so that they have them to show patience and you know they're really small and I have my electrophysiologists to play out of his during he slid across the table at me and he looked at me expectantly like is in its small is
its use that but it's not that scary right and so I and 1st my question to him was what is the right and and he said run and
I said yes there is somewhere on this device and I just so happens that I been engineered from where I'm really interested in free open source software I know that these devices rely on sovereign algorithms determine when to deliver shocks and when not to you can you tell me anything about the software and he said software software he had never thought about the software and these devices he also in plants more than 1 of these projects this is a really smart operate
electrophysiologists never thought about the fact that they were software and these devices yeah this sense do I'm just not that you know I'm not that into computers generally but not to worry because you're in luck today
in our office is the the representative from men strike the medical device company that I attention he's here in the office and she will have the answers to all the questions and parameter that town the tolerance on in the news that survives representative and you get this kind stands you know the system what what is the question and I said I just want to know what is around and he says and now we have a whole conversation again and the rats can never thought about the software and these devices and all this and I wasn't what what is happening here this is just this alternate universe we don't understand and sometimes don't worry because we have a hot line you could patients and call the kind of questions that you might never have about your device so course I dutifully call the hotline and get on hold a transfer around course never got the answer is that I was looking for and so I I I I started out
and I started launching a and a study into the safety of medical devices the suffer on medical devices and of course IT full Italy put off getting my defibrillator while doing this study as 1 does have because the
very idea of having this device in my body and this is already 10 years ago it was like really underwriting and stressful and I wasn't sure if I was sort of ready for the yeah my identity change I wasn't sure if I was ready to have
you know wires running through my arteries and screwed into my heart when I and so I there's thinking
about are becoming like these issues about my new becoming and this is telling us that work course this is a very handy way to put up a surgery that I needed to do that I would eventually I wonder about that a realizing that I couldn't put it off any longer I my chances suddenly dying is 2 3 per cent per year compounding so I and I was 30 so it was like a 25 per cent chance of by the time I was 40
so I yeah it was found that it was it was pretty stressful and thinking about about what to do but I I I knew what kind of cyber I didn't want
the infer those of you don't know this is this is Bill Gates as a word on and I realize that I that I would literally have proprietary software sewn into my body screwed into my heart and but I also thought that being
assigned work might not be all that I would be unique and I would use my powers for for the meeting that I would I would carry out this research and which was really difficult because you start to look into the safety of the sovereign portable devices it is appalling right and so looking at all of the studies I take a joint put the at the research away because as i started finding out all of the the suffer recalled all the failures that happens on over the years it it was
very personal because with this theoretical thing it was my own heart it was my own device is my own life and so icaps sort of the leading anything back to it and I want what I what I found when I find when I finally completed the work and published the paper which is killed by code than to syntactic but that I was 1 of cosmic rays that something that everybody here knows which is that all software has but rate the and the Software Engineering Institute estimates that for every 100 lines of
code 1 bug is introduced and and a lot of important applications have a lot more than 100 lines of code and and I and of course the the pacemaker to fervor leaders have been shown to be vulnerable in so interesting because when I 1st started talking about this to my cardiologists I there had been no exploits that had been part that had been published at the time and so I was started talking about this and they were they were acting as if this were not possible and like this was a far fetched situation I even had
the I even had a similar physiologist hang up on me on the phone when I said think about the the class of people that have pacemaker defibrillator is it's
not too far fetched to think of somebody wanting to attack politicians or and you know and and that while these devices are broadcasting wirelessly that they become targets and am am I like that physiologist said if you wanna get get about the help you but your lawyer and I don't trust you and I think that you're just
trying to stir up trouble I found a new electrophysiologists on and I n and it it's interesting to certain see how as time has gone by more critical devices have been shown to be vulnerable and people are starting to take us a little bit more seriously and and that's a really there been a lot of Italy but it's also sad because it means we have to see the failures in order to get any change and so from that once I started to see how critical these issues were for free open source as verb medical is and how much free open-source offered could help I I started looking into other fields once you realize how bad it is in the medical device is a very
short walk 2 cars and from cars to have voting machines and for everything else that power is a democracy so i in our society anything that's like in society critical so they're bunch to studies that came out but the defibrillator when there were early implanted defibrillators into like a big bag of meat that you can see in this study they have this like a picture of a bag of bacon new
and a defibrillator inside it and they were able to get personal information on their academics variable to show that you could I disabled the at the casing functionality and you can deliver and you could deliver as a fatal shocks are this is a picture from 1 of the the car hacks and what I love about it is that it the hard thinks that it's going 140 mph but it also thinks that it's in part
only and so on and so and these things as these studies show that and that that our devices are vulnerable and we have to release thinking about these are these issues of of the of our suffer so appealing classifier
has close to a hundred million lines of code if we take the Software Engineering Institute estimate of 1 in 100 and uh of what the 1 bug introduce for every 100 lines of code that could be a million defects so even if we catch the vast majority of defects then and you know we still have a lot of defects there is 1 study that all of the
FDA and recalls and study the recalls that were connected to software and they found that 90 per cent of them could have been detected with all pairs testing so some basic suffer testing has historically not been done on these devices yeah now in my cities I also learned about honeymoon factories if you know what honey with effective I just have 1
person but it's a it's not doing some of each like I wish it were but it's a study that looked at and both thing open systems and also proprietary systems over time
and it didn't look at the number of but and over time because the number of bugs generally decreases over time in the and suffer project but instead looked at vulnerabilities and flights and what is found is that there is a period of time where there are no known abilities generally and that time it can be short but it can also
be very long and I call this the heian period because any positive that there are a bunch of different reasons why that might be the case and they can be social reasons or they could be technical reasons but while we think that devices are most vulnerable when they 1st hit the market I think a lot of companies are focused on making sure that the devices are secure upon release and scramble right after release and in fact once the donor so where's creative time when in fact there are no vulnerabilities but once a vulnerabilities detected in increases almost exponentially how many founded the study found that free open systems respond better than criteria systems that are as the learning curve is a little bit different and and in the event that that of course free open source software has the has this the fundamental benefit that when there is a problem we all can do
something about it we don't have to wait for the manufacturer to 1st two-facedness that there's a problem and then create effects race redevances offer benefits there are obvious and and help and this seems to the proposition that we don't have to worry about our products necessarily right now
right now when the companies that are leasing that have relationships with their vendors the vendors are still in business however I you know it but it's down the road and products that are on the market for a long time like my defibrillator like a lot harder is like a lot of the equipment that we rely on from day to day where I have to worry about these vulnerabilities that down the road and if we don't have the complete and corresponding source code to use a quote from the GPL itself we don't have complete and corresponding source code and scripts to control inflation were really completely out of what to if the manufacturers vendor is no longer in business or doesn't have the source code or if there were not great and development practices in house at the company and there was a bill grew and nobody knows what that person did and we can you know and so and so during this study I went from someone who thought that open source it was cool to someone you realize that software freedom is essential yeah and people say to me you know all here in only you know you're you're you're totally misguided because I knew what I had you are happy with your own defibrillator and that's you know that doesn't involve sense of and and you want anyone to be able to have defibrillator and right now we have the worst of both worlds right now we have a closed proprietary software was no real security so these devices like my defibrillator and broadcast remotely wirelessly but they have no encryption a passive protection the right now were were were were just that though the workers and and then of course we've got this were building this huge Internet of Things where
everything is here and everything is being built with wireless functionality which then talks to everything else and in a world where everything talks everything else we don't even know what are the most critical letters societal suffered because where everything's talking to everything else everything in the life of society article I was astounded me about all
this is that people are being connected in ways that they have no idea that they're being connected and that fact that money electric intelligence had no idea there were software and devices he hadn't thought about the fact that my advice would be broadcasting wirelessly
war that I could potentially go to conferences were someone might want to interfere with my defibrillator for long very often that the very idea that seemed like a conspiracy theory to and to me this seems incredibly real and I I think said I I that yeah millions of people are in a situation where they're being prescribed at devices and integrating suffering to the alliance in ways that they don't have the tools to contemplate and they haven't thought about it so all this
assertive have propelled me in the direction of being extremely passionate about software and suffer freedom because yeah also for has but that at least with suffer freedom we have the option to
do something about it when disasters happen and so on and so I have started
working much more in the public interest so this is the this is the
logo from my organization copper suffer Freedom Conservancy where a charity based in the United States and we've got a 45 member project so that were like an umbrella organization of and so I'll do this and say so how who here is using a member project of Conservancy we've
got sample whining Inkscape Julian you core booties her pattern of boasts set them again as the that's that's
a chunk months if think of as so I am these are basically several projects that decided there there are collectively working in the public interest to make a free and open alternatives and this is extremely important
important to me because I think it's important to society 1 of our project is also RET reason and if
you have heard about the and just a few people also of internet it's an internship program program for women and on binary people internationally within the US people of color and to help make freedom as suffer a little bit more inclusive are ratios are laughably out of sync with the general population and with us suffer development in general the percentage of added this sets I have run women's this set the percentage of women in all software meaning proprietary suffer generally is like
25 % but in free and open source software the most recent study came out as being 1 per cent so it's a it's a it's pretty extreme and and so we have this about 80 internships for years remote patented jets and I recommend that you look into it because suffer freedom democratizes technology right we give everyone the tools so that any kid anywhere who is working on a game you can access the source code can play with we can learn from that raise their hand if you got started with a free open source software because you're
interested or interested in software because of game so I think about 3rd room and I was the case for me at the 1st Primera was a game like that you know it's huge and so having a having at the suffer freedom basically allows anyone with access to the source source code to be able to do it they want that to engage them in the process to have access to technology but because the communities are not particularly inclusive we lose
a lot about democratization that that we're doing something fundamentally wrong with doing something wrong if we can't we can draw on a group of people that is representative at least loosely on the population of sulfur
developers as a whole so and another thing that and that that suffering Conservancy does is that we are in the home of the of the GPL compliance project for experiment
over so and there are a group of Linux kernel developers with access to enforce the GPL for them on the Linux kernel and we also are the home of the dead in copyright aggregation project and and so when companies getting some up here in and so when I when companies are not in compliance with
the requirements of the GPL we we ask them to comply but very nicely and we published principles of uh GPL enforcement so that everyone knows or a stand and with an eye toward long-term adoption but when companies refuse we have to be ready to file lawsuits because if nobody stands out for GPL activities stands up to implement the rules that ultimately no 1 will follow them and that's what we're we've been seeing is a lot of companies will I will distribute violating goods because they know that no 1 last for the source code and if they do nothing will happen to them and so on but this is 1 of the
project that's been very important to us this is a slide and it from the Linux Foundation and it's a slide that shows how great Linux's it's everywhere and everything and we have a lot of that people have started to say that have freed open-source software has 1 because it is not so prevalent but I'm but to me it
doesn't seem to be the case To me free open source software is everywhere in everything but at a low level it's only for certain
things and we have less freedom than ever before we have less access to changes offer to controller software and you become ever more reliant on companies to have to provide our products for us raise your hands if you have a
job where you work on free and open source software as part of your job right well I'm sorry if
were on like right some contribute to a free open source software projects and as part of a job it's like analysts and it's there's there's a there's a there's a lot of money in freeing
open-source software and and it's tempting to think that our business interests and the free open-source offer interests are completely aligned and then there's nothing you
know that that we've kind of entered a new phase of our of our suffered voluntarily changes with companies but
but but for me it comes back to my similar so recently and I was pregnant when I was pregnant I got shocked by my defibrillators
because my heart was doing what normal pregnant women's hearts to about 25 per cent of women who are pregnant get shot but sorry about 25 per cent of you and
there is actually a very high percentage of the women who have defibrillators this shocked when pregnant but I didn't fill claim had of it have that is 25 per cent of women who are pregnant have every property and my heart did that and my device thought that
I was in a dangerous world and so I've got shot twice unnecessarily by my device when I went to see my doctor is about it the solution was not to tweak the and the settings the configuration of mind there were later but it was instead to put beyond drugs to slow my heart rate down I had to take so many drugs to slow down my heart rate that I had a hard time walking up a flight of stairs I need is that I needed and to prevent my defibrillator from giving me inappropriate treatment I promise you that the medical device manufacturers do not want pregnant women getting shot this will laugh women want is for pregnant women to get shot that is oppressed nightmare a but only 4 per cent of the people of this figure defibrillators are under the age of 65 only 4 per cent and fewer than half other people who have at all the people who have this figure defibrillators around so this set of people who are How several years and pregnant is tiny I want to hospital so by hospital within your city which is a huge hospital they have so many women giving birth in the hospital they never have free beds when you go into the hospital there's like the winner was full of women or a hundred events it is that we were looking to get these women bad and they don't have to so many words and I went to the high-risk obstetrician in this hospital and and I was sort of at the at the at the end you during the process I said to her you know you should know alpha your future patients who have defibrillators I was going to tell you a few things that I've learned along the way and he said 0 I I will have but that I don't have patience for emotion and so we'll have more patient because you're ahead of virus obstetrics at this huge your possibilities so in my entire career and she was quite senior her career my entire career I only had 1 other patients with a pacemaker defibrillator but this is just is just so rare right now the mental the best manufacturers don't want pregnant women to get shocked pressed nightmare but they're just not focused on the issue there are too few women in this situation the too few patients who will this situation matters to for them to even notice that little onto character and being pregnant is a temporary condition so the mere months after I had been unnecessarily sort there was no longer pregnant and the probably got away and I didn't need my defibrillator calibrated in any additional at rate and this stands for the proposition that the concepts that we're relying on aren't necessarily designed for
us right companies might not have our use cases in mind and not because of any malicious reason but because they're simply not focus on on our particular situation and that could be are geographic area are general population what using this software for it could be just about anything and for me that was this this is just a a realization that if I have great open
source software I don't worry lines all of pregnant women with related to higher medical professional to help us work with us to modify our medical devices so that when men in the future would not get unnecessarily shot but we do not have that ability because we don't have any control over the technology that is in our bodies and how we're alive and it's a delicate balance right it's a it's it's
tricky right we need to have this commercial supportive of our software really companies the active space we we need to have you at the same time we need to recognize that our societal needs for our software are real and that they need to be put in balance with corporate interest and I think that that that we
have in fact I think we've gone too far the other side the other direction so free software was successful early on in part because of our our license choice because of our our choice of using copy laughter and free you know and and and GPL software and amongst other reasons there there a lot of reasons why have free software was that was accessible early on and continues to be successful but but when we have copy last weekend demand we can we can we can ask for a source code of the product that we received and we can expect that we can hire whatever professionals we want we can take control of our own technology we hacker embodies the 1 which we currently can't do I am not not only not only am I not in control the software in my own body not only can I not see the software my own body I'm in the customer further software my body it's the doctor at the cardiologist that chooses which defibrillators again I'm so far removed from control of my own differ my own software of everything that is and that is keeping me going and I think that that this is an not to make the kind of shocking but it's just that but it it's it's a territory it's a trend that we're supporting and we're ceding control over our technology on a daily basis and my defibrillator is nearly a metaphor for all the stock or rely on and over time if I surprises me how much these issues that seems is that it seemed somewhat theoretical back when I 1st started getting diagnosed by her condition and that how how real that those issues have become too so over 3 million people worldwide have and it's
like 3 . 2 5 million people have physical defibrillators and every year and about 600 thousand are implanted and learn this interesting fact that Germany is 1 of the have is 1 of the countries that has the highest I. pacemaker defibrillator implantation of per capita in the world and this is just a neuron time but but I think it's 2nd to the US only of and it's not just defibrillators we
we are all in the process of becoming an unbecoming side right we rely on title cheeky some people object to me calling myself sigh word because I have I have a defibrillator and there's this organization called the the sideboard Foundation and
add the they they're reluctant to engage with with teaching groups in the insulin pump and the space because I In because they want they wanna be discussing issues around the voluntary sigh by it she's and and and so we cannot necessarily even anticipate the technology that will be adopting some people will say I will you know the word of our glasses on a sideboard and the answer is yes you know like the degrees of what we do to be you be coming in and becoming cyborgs on a consistent basis our our flexible and influence and as our diagnostic technologies become cheaper a lot of medical and devices will become more accessible to people and as technology becomes more portable and wearable the lines between what it sees cyber what doesn't make you a sigh work will be blocked the and and I really loved giving this talk while I was pregnant because I can't think of the children had a method that we must we must think about the children because it's it's naive to think that we are not working for a society where all of our technology is intricately woven into the fabric of our lives every minute of every day and at the same time we not building infrastructure that is saying we're not building infrastructure that we can control and and that's public some of these issues will be also discussed tomorrow at
10 AM m is giving a talk genes yes so I I suggests an I suggest something at her talk to you and this is Sarah tonight because if you are not a cyborg now you will become a once you would and it's not you mentioned you know it's it's only you know and the words are
children learn words it's it's it's it's basically everybody in the future these are issues we need to that we need to engage in but because it seems so far patch but all
well I would never implanted into my body voluntarily why would I ever did I or it's a sad complete control over whether i where you know glasses are not a rather when I'm not consuming information but
the line between what is a part of our body what is not part of our body is i is is becoming thinner and thinner out and it is about it's
about being able to control what happens to us down the road and if we continue to generally support and the integration of proprietary software if we continue to perpetuate Internet of things that doesn't
I somebody jumped I heard said I had the S and I had to is for security of the the and and so on and so we
must be forward thinking about about these issues and I recently became
a cyber 2 . L and because I got
my defibrillator a period I got a new 1 and I I I was surprised because I thought well in almost a decade has done by we must be a much
better situation than we were then when I got my original defibrillator I was so worried about these attacks that I am I was able to buy I finally found electrophysiologists you understood what I was saying and he called around and found a way that found an old device that didn't yet have the radio telemetry on and so I got an old device and I was safe and comfortable in the knowledge that at least my device was broadcasting wirelessly and I could go to whatever conference I wanted you and not worry about it but when it came time for my upgrade what I discovered was that all the devices have higher and the radiotelemetry enabled all of them have it and and and add initially I was told that all of them have it switched on by default and that you cannot have it switched off and so the same electrophysiologists you understood what I was going through the 1st time and found me this old bull last Cyril the device in all of New York City and without radiotelemetry but he let me call the manufacturers along with the technicians and so you know any kind of you know many 1 unit who calls medical companies are medical officers they always have a separate buttons for doctors offices that the 2 of the cheese and directly and so they they called with me so is it was pretty cool because the doctors offices are the actual customers on the devices and so the device companies assert that they don't care about the reasons and really exaggerated here about the patient but the patients are not once a and make the decisions over whether they purchased their product over the competitors product but would you call the doctor's office especially the electrophysiologists in so many of these the device manufacturers jumped so so we call so I was able to call together and they will be called on speaker phone and we call every single 1 of the device manufacturers to market their defibrillators in the United States and it was astounding I 1 of the device manufacturers had refuse to talk with me on a line and asked the nurse practitioner to pick up the phone just ask the questions that I would have been asking around and it turned out that none of those devices that could have really optometry disabled and my favorite was by assigning which was so bad I mean in the last few slides or tried said
all you need to worry about this because are divided the hack proved that the I asked about trying to donate some devices test this proposition of by I but they basically were saying that because the devices had not been shown to be bolder there were not the subject of any the exploits that they were proven explained that because they were neither the 1st nor
the 2nd market player in this is the space that they would not be a natural 1st choice to demonstrate the vulnerability and also offers vulnerable completely stonewalled that in the back and the representative had no interest in talking to me with amazing of and eventually I gave up calling all the major manufacturers because they also that they had no like I went from being someone who is demanding my source code in my own body to simply asking that my body not broadcast remotely I I don't even bother asking if I could see the source code because the issue of the rich climate was so much bigger at that moment and and and then eventually mileage of his eldest remember that there is 1 more small manufacturer that we could call and that manufacture had a single device where you can disable the radio telemetry a single 1 device on the market where you can disable the telemetry we have a non wireless defibrillator no having the room like having a wireless interface is helpful for a lot of people there are these monitors that you can have on your bedside table that will monitor your the the data from your device and if you get in trouble send information down to go to the doctor's office quite so often because the data will be transmitted to your prior your doctor's office automatically but then again those monitors were shown to be subject to mass attack Saint you had a vulnerability last year which they then denied and and and security firm basically at the end of the firm that that was publicize it is a great idea may press because their their financial firms short sold the stock and that got everyone's attention and finally they admitted there was a problem and they fixed it contrast that with a Johnson & Johnson of vulnerability where for the 1st time medicalized manufacturer stood up and said these devices are vulnerable and this is 1 vulnerability there will be more we're hiring 1 of the a higher J. Ratliff was 1 of the uh the the the researchers that I work with in the past and so I and the behind him to basically address these issues and of these they said on and this is incredibly important showing companies that bringing transparency bring safety doesn't necessarily bring this press after is huge what was a complete disaster for St. was a huge success for Johnson Johnson and their insulin conferences of verbs it was slightly off track because the eyebrows brothers up because for a lot of people having the monitor is very helpful but for patients like me asymptomatic for me the issue is am I gonna go into sudden death right like a minus suddenly dynamiting shock is the device function properly at that moment in will I get my life-saving shock if I it right and I've and I and I don't need to have myself wirelessly monitored at all times many patients don't need this we need to stop putting that had could introducing wireless functionality and connectivity by fault but have but most importantly I
and Adam and then I ask you all to certain joining in talking about the ethics of technology with your employers with everyone you know like the understanding the benefits of free and open source software is the stuff of like being able to take control of our technology and and fix problems when they arise and to be able to tailor to your situation or organizes a group to deal with this situation is going to become more and more important because when we have proprietary software when there's a problem were out of luck we have to stop using a product return for me that
means surgery that means having to to replace my defibrillator right but with free and open source software and and can be a beginning right the so and reading
plenty of time for questions thank you so much and this and this presentation is that the the life and and and suffer Freedom Conservancy is in the and it's a very poorly monetary and doing so questions to the few
thank no I'll repeat your question so today a little light on concessional have to ask you repeat to the the the
what and that was to the the that we have we how I feel about ad
network services as we have free and open source software and everything but less freedom never before because the and all what is the importance of suffer freedom in this context and this is what I thought really deeply about the importance
of suffer freedom as a movement recently on as an American and our political climate I had I I
started wondering you know how when suffer from anywhere I would be dishonest if I
got up and St. instead that free open source software is better at word and or safer than proprietary software we simply can't say that rate but free suffer stand a chance of being better and safer of time studies show that free open source software that has the resources put into it will be better in the and and so I with free open source software we stand a chance so free software is a cornerstone issue you without free open source software we don't have control over our technology but it's
certainly not the only issue and it's it's it's it's not a long term issues so it's hard to get people understand the mean and so after the and the election in the United States and we analyze other and free suffer charities some will decline in donations and and our our people wrote us note saying I'm really sorry that I'm not going to give you any more but I feel like I need to give to the east so you were the idea that for her and some other issues and all of which are incredibly important and unimportant right now but by with free and open source software this is an issue that is looking at their honeymoon effect guide that is long term so if we don't have free open-source suffer we have no control
over technology and so on if we have nobody minding the store now we don't stand a chance later we're have we're allowing proprietary software companies to build the critical infrastructure that were relying on for everything where we don't actually on down for portability and so on and so for me it it so it
cannot be an isolated issue but it is a fundamental 1 the the
and and on the and that the the the and not so the question is that I
when I talked about having my and as having been unnecessarily shocked when I was pregnant with that have been different what I've been able to configure my deferral later if I had the wireless connectivity on my my wireless turned on my device the answer is no because you can still talk to my device remotely you just need to use magnetic coupling so this is my my current device in my although it's like a device has has radiotelemetry but it is able to my and my older less than having radiotelemetry because it was so but what you you can't just you can talk to these devices using what they call a parameter which looks like a big announced that they put it next year device and and through a magnetic interface you can communicate with the device and this is great because in order for that to work it has to be very close proximity so you know who is who is in control of your device in whereas with the radio telemetry and by the time you walk into the doctor's office they can be adjusting upon but before you even sit down and then I and we tested the devices at my that might elect a physiologist office and they were able to continue to see the devices had until it's it was a very large building until the patient actually left the building was a very thing and I live in New York City I and the very easy for someone to just sit right outside my have my house and then nothing of this and potentially interfere so highly radiotelemetry would not have an influence my particular outcome of because if there were a software fix that I could've used we could have implemented using magnetic coupling I but that there there will be this simply would take too long in the 2 highly resources and to be able to do that it would there was just no no possible way to even consider doing that modifying the software to prevent my situation the
the right if I want my domestic secure I want my ad that I want a communication in cryptic is that you if you know what you think is the mean I want really to a major major it with encryption my sort of defeating the purpose the point no now I want free open source software so we can test the software to to see if it's functioning as we expected to I wanna be able to perform tests on the software my own body I wanna be able to assess and I want to make but at the same time I want to have real security 110 encryption are passive protection I wanna have a private key for my interference-limited later
this I want the software to be free open but I want real security and I want to treat obscurity which we notice a work that was so how does it feel to get shot
and the how I charge might be related videos really weird get shot it from the most common question people ask me when I'm was sort of like to think about issues around the core technology and people I can't feel the just and use something right is there I I people's deal differently about the pacemaker where people talk to each other about about has 7 is really fascinating to me the have
different people are for me if I Simple say feels like being kicked in the chest a lot of people and I pass out and over on for me when I boot but that also the 2 of the 3 times I've been shocked all unnecessarily by the way I have never needed to from the the turned out of that 2 of the 3 times I was walking and carry a coffee both times and and both of those times and I kept walking except I like I I involuntarily squeeze my coffee cup the we flew up and liquid bounced out and I heard somebody yells and it turned out to be the and I kept walking and so I realized what happened and I sat down and sort of a ship and I cycle we're metallic taste in for me and I and I I hear it was like you know when a comic book when they see when they like that the character sees a love interest across the street and the heart goes and that's how it feels for me I think is the sound the capacitor charging them and I feel a little bit like not just right before happens that the really interesting piece you before it tries to shock you when when my positive change and the 2nd question was how I charge my defibrillator and the answer is you don't and this is the reason why the historical hasn't been encryption on these devices is that these devices are only as good as the battery in a can be charged externally so the device is only as good as the battery and so 1 of the reasons why we don't have real security built into these devices like experimentation is because I had is because each time that you III and every effort to implement this theory would decrease the battery life which is everything for these devices so that people say they also for and you know when I when the ambulance comes if it's passive protected in a cantilever team and all that doesn't any sense like you can disable these devices with a strong magnet and I you know if there's a life-saving isolatedly is coming with a life lifesaving equipment and knowledge you don't disabling the device polymyxin of sensor is certainly consistent with that with that strategy and what the use the of the the the and have I heard the theory that every everybody's as I work because we have about technology I have heard that and what's interesting is that the ideas that language technology and so in order for adjusting even just for that communicating with each other we are sigh works and I think that this is an important point and I think that added it's quite a reason why we need to be less fearful of the idea of like what is to become a sigh working embrace the fact that we all are and the way that we use technology or so personal to us that you know that is that it is it will get it that that we have to worry about these anyway because we're already there to have time for what this the and as Conservancy everything contacted by a medical device company to be you it has to be I have talked to the 2 representatives of medical companies and and it's been really are cool because they have changed so what happened so also is that lawyers are now getting the fact that releasing source code has some advantages for security and I think lawyers that the fact that down the road somebody's gonna say Your Honor we feel free and open source software was safer we knew that if we allow people to test the safety of these devices that would provide safer and safer equipment to the long run and why did you keep yourself or proprietary with no real security you know like I so so in-house counsel starting to understand that free open-source offers a way to mitigate risk a little bit but it out but it's a slope a slow process but I was contacted once about it or we were contacted 1 about a and a medical device where there is inadequate source code and so is a violation reported them there are a lot of medical treatment especially not implanted devices because they're very lightly topic but by a lot of the hospital non-software has from that has had has references suffering a lot it doesn't have redevances suffering is equally problematic because hospitals have finite amount of money and often they buy equipment that they can renew their proprietary software licenses for so they say they don't operate in a tuple to prevent analyst possible equipment has got so not of the temporal more question 1 more
cheap and
what is the what is the what can an organ within an ordinary person do to help solve the problem for suffer for a force offer freedom on several things 1 reads salmon your license choice start examining start favoring of licenses that current reciprocal you know
so favor copula because that will provide us with the most freedom going forward if a lot of people started people I when that Winfrey happens sufferers new when least kernel is
you people said that GPL the 2 was a non-starter no company would ever use it it was poison it was terrible we would you know know whatever a comfortable with internal external became so interesting and so useful that every company became familiar
with it and then they said you feel the theory was no bed Italy's you feel the 2 is small and and and it's sort of same it is long as there is a useful software that companies can use and they will become comfortable with that and I think that we have this whole and slide toward and non-copy left in the name of adoption which is then am because a lot of fragmentation and prevented us from having more suffer freedom fusion practical control over time and so I would say favor copy laughter and exercise your office for source code even if you don't tend to do anything with that you get a product and you see a notice that says this has free open source software inside just e-mail me address and ask for your 1st so they
know people care and that when you are on negotiating here on employment with your company like with serious eating employment asked while using a lot of free open source software will be able to contribute I can I keep the copyright to my own code and you don't have to necessarily insist on it but the more companies here that developers care about the other 2 being on copyrights the war will become something that they can use to attracting talent and and then I would say support the organizations that have that promotes offer free and there are a lot of them so that are very small like ours and run on a shoestring and I struggle to keep it going time so that they like all those things and there's there's plenty more like you know had had had you talk to your friends about suffer freedom continues just talking about about these issues and raising awareness for them is really important 0 and
semantic think he's anatomy around tomorrow so the feel mean and what to do about them few