Cyborgs Unite!
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 95 | |
| Author | ||
| License | CC Attribution 4.0 International: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/32260 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
| |
| Keywords |
FrOSCon 201786 / 95
4
8
9
15
20
22
23
24
25
27
29
32
36
37
38
39
40
45
46
47
48
49
50
51
53
54
59
63
64
65
74
75
76
79
83
84
86
87
88
89
91
92
93
94
95
00:00
Roundness (object)Self-organizationBitProduct (business)Conservation lawXMLLecture/Conference
00:52
Service (economics)SoftwareMultiplication signOpen sourceSelf-organizationElement (mathematics)FreewareNormal (geometry)Condition numberBitTerm (mathematics)Lecture/ConferenceComputer animationXML
02:08
BitOffice suite1 (number)Table (information)Meeting/InterviewLecture/Conference
02:57
SoftwareOpen sourceAlgorithmFreewareProjective planeLecture/Conference
03:41
SoftwareNeuroinformatikRepresentation (politics)Data conversionRepetitionObservational studyOffice suiteUniverse (mathematics)Parameter (computer programming)Line (geometry)Physical systemHeat transferLecture/ConferenceMeeting/Interview
05:01
Observational studySoftwareStress (mechanics)Identity managementMathematicsMultiplication signSurgeryLecture/ConferenceComputer animation
06:09
CybersexInferenceSoftwareRight angleLattice (order)Observational studyPower (physics)Arithmetic meanLecture/ConferenceComputer animationMeeting/Interview
07:08
QuicksortLine (geometry)SoftwareVideo gameCodeBit rateExploit (computer security)MereologyCartesian coordinate systemSoftware bugLecture/Conference
08:18
Social classOnline helpField (computer science)Multiplication signOpen sourceMathematicsOrder (biology)BitQuicksortOpen setSoftwareReliefMeeting/Interview
09:31
Observational study1 (number)Video gamePower (physics)VotingVirtual machineInformationHacker (term)MereologyFunctional (mathematics)Lecture/Conference
10:23
Observational studyPay televisionSocial classCodeLine (geometry)EstimatorSoftware bugLecture/Conference
11:04
SoftwareFactory (trading post)Software testingStudent's t-testSound effectMultiplication signOffenes KommunikationssystemPhysical systemObservational studyFrequencyExploit (computer security)NumberSoftware bugProjective planeVulnerability (computing)Lecture/Conference
12:04
Vulnerability (computing)SoftwarePhysical systemOffenes KommunikationssystemObservational studyMultiplication signCASE <Informatik>Open sourceFreewareEvent horizonCurveDifferent (Kate Ryan album)FrequencyPotenz <Mathematik>BitLecture/Conference
12:59
FreewareOpen sourcePropositional formulaProduct (business)Sound effectRight angleSoftware developerScripting languageCorrespondence (mathematics)Multiplication signSource codeBroadcasting (networking)SoftwareInformation securityClosed setVulnerability (computing)Observational studyInternet der DingeEncryptionPasswordBuildingLecture/Conference
15:02
Functional (mathematics)Video gameSoftwareComputer animation
15:42
TheoryDirection (geometry)SoftwareQuicksortComputer configurationMeeting/InterviewXMLComputer animation
16:28
Self-organizationConservation lawProjective planeHydraulic jumpPlastikkartePattern languageSampling (statistics)Exterior algebraSoftwareMeeting/InterviewLecture/ConferenceComputer animation
17:20
Projective planeComputer programSoftwareSoftware developerGraph coloringOpen sourceArithmetic meanSynchronizationBitStatisticsInternetworkingBinary codeLecture/ConferenceXMLUMLProgram flowchart
18:00
Source codeOpen sourceGame theorySoftwareObservational studyFreewareRight angleCASE <Informatik>Process (computing)Computer programLecture/Conference
18:57
Software developerGroup actionRepresentation (politics)Projective planeConservation lawKernel (computing)ThumbnailXMLUMLProgram flowchartLecture/Conference
19:39
Goodness of fitOpen sourceProjective planeComputer fileSource codeRule of inferenceMeeting/Interview
20:19
Slide ruleSoftwareProjective planeCASE <Informatik>Open sourceFreewareLevel (video gaming)Product (business)Game controllerMathematicsProcess (computing)DiagramLecture/ConferenceXMLComputer animation
21:05
Open sourceSoftwareProcess (computing)MereologyProjective planeFreewarePhase transitionSoftware developerMathematicsEngineering drawingLecture/Conference
21:46
Normal (geometry)Category of beingLecture/Conference
22:26
Bit rateMultiplication signPropositional formulaCondition numberEvent horizonSet (mathematics)Figurate numberConfiguration spaceComputer virusAlpha (investment)Process (computing)WordProduct (business)Entire functionDisk read-and-write headWage labourLecture/Conference
24:58
AreaCASE <Informatik>SoftwareOpen sourceLine (geometry)Right angleChemical equationGame controllerLecture/Conference
25:49
Chemical equationMultiplication signSpacetimeSoftwareRight angleGame controllerBasis <Mathematik>TwitterProduct (business)Axiom of choiceDirection (geometry)Hacker (term)Source codeMereologyComputer animationLecture/Conference
28:03
Self-organizationProcess (computing)Right angleMultiplication signWord
28:53
Line (geometry)Group actionBasis <Mathematik>SpacetimeDegree (graph theory)WordMultiplication signCybersexLecture/Conference
30:19
WordPatch (Unix)InformationXMLMeeting/Interview
31:00
MereologyLine (geometry)Perpetual motionINTEGRALInternet der DingeSoftwareInformation securityCybersexLecture/ConferenceJSONXMLUML
31:42
FrequencyOffice suiteMultiplication signBookmark (World Wide Web)Product (business)Queue (abstract data type)Line (geometry)Flow separation1 (number)Execution unitSlide ruleLecture/Conference
34:23
Exploit (computer security)Software testing2 (number)Propositional formulaVulnerability (computing)MassSource codeConnected spaceInformation securityComplete metric spaceMultiplication signAxiom of choiceSpacetimeTrailFamilyInterface (computing)Moment (mathematics)Wireless LANRepresentation (politics)Functional (mathematics)Right angleOffice suiteInformationTable (information)Default (computer science)SoftwareLecture/Conference
38:04
SoftwareFreewareOpen sourceProduct (business)Group actionGame controllerSurgeryLattice (order)Self-organization
38:46
Right angleOpen sourceSoftwareFreewareSurgeryArithmetic meanMultiplication signPresentation of a groupComputer animationLecture/Conference
39:59
Open sourceContext awarenessSoftwareService (economics)Game controllerLevel (video gaming)Observational studyFreewareMultiplication signMeeting/InterviewComputer animationLecture/Conference
40:59
FreewareOpen sourceSound effectSoftwareRight angleElectronic program guideReal numberTerm (mathematics)Game controllerArithmetic meanLecture/Conference
41:47
Software industryData storage devicePortable communications deviceGame controllerLecture/Conference
42:40
Interface (computing)Office suiteParameter (computer programming)Connected spaceMultiplication signSoftwareBuildingOrder (biology)Game controllerDistancePulse (signal processing)TelecommunicationLecture/Conference
44:38
FreewareSoftwareEncryptionArithmetic meanMultiplication signPublic-key cryptographyTelecommunicationSoftware testingRight anglePoint (geometry)QuicksortOpen sourceInformation securityPasswordSource codeLecture/Conference
45:31
Internet forumQuicksortVideoconferencingRight angleCore dumpFinitismusMultiplication signBitPoint (geometry)Process (computing)Conservation lawCycle (graph theory)SoftwareMathematicsVideo gameEncryptionStrategy gameTheoryFormal languageInformation securityRepresentation (politics)Order (biology)Open sourceSource code3 (number)TuplePulse (signal processing)AuthenticationMereologyPasswordLiquidReal numberLecture/Conference
50:56
Forcing (mathematics)Flow separationSelf-organizationAxiom of choiceSoftwareKernel (computing)Copula (linguistics)Open sourceXMLComputer animationLecture/Conference
51:48
SoftwareTheoryOffice suiteOpen sourceProduct (business)Source codeFreewareGame controllerMultiplication signQuicksortLecture/Conference
52:31
Context awarenessFreewareSoftware developerOpen sourceSoftwareSelf-organizationCodeLecture/Conference
53:26
Arithmetic meanLecture/ConferenceComputer animation
Transcript: English(auto-generated)
00:07
Hi, everyone. Thank you so much. Let's just give a huge round of applause for these organizers, because this is a tremendous amount of work and an amazing conference with a million volunteers. I came by yesterday to see if I could help out, and they didn't even need any more help,
00:21
because there were so many people doing everything. So just applause to the organizers. It's so great. So just a little bit about myself. I'm the executive director of the Software Freedom Conservancy. Raise your hand if you have heard of the Software Freedom Conservancy. OK, like a quarter to an eighth of the crowd.
00:45
We'll get into that a little bit. I'll tell you a little bit more about it in a minute. I am a lawyer with an engineering background, but all of my legal work now is done pro bono, which means that I don't charge for my services. So I'm a pro bono lawyer for the Free Software Foundation
01:02
and GNOME and a few other organizations. I am super into free and open source software and have been for a really long time. And one of the reasons why that's true is because I'm a patient. I literally have a big heart.
01:20
I have a huge heart. My heart is three times the size of a normal person's heart, which is totally fine and cool. I am asymptomatic, but I'm at a very high risk of suddenly dying. The medical term is actually sudden death, which
01:43
is hilarious, I guess. So when I got diagnosed, it was a little bit of an accident. I was getting migraines, and I went to the doctor about those migraines. And I heard that I had a murmur,
02:02
so I went to a cardiologist. And it turned out that I had this heart condition, and I had no idea. But it was OK, my cardiologist told me, because I could get a defibrillator, pacemaker, which would basically be a little bit of a guardian angel and would deliver a shock if I ever went into sudden death.
02:22
And so I'm sitting there in the cardiologist's office. And what they do is, and actually I'm with my mother, because as one does, one takes one's mother to the cardiologist. So I'm sitting there with my mother in the cardiologist's office, and they have a bunch of these devices in their drawers.
02:40
The device manufacturers give them to doctors so that they have them to show patients. And they're really small. And my electrophysiologist took one out of his drawer, and he slid it across the table at me, and he looked at me expectantly, like, isn't it small? Isn't it cute? It's not that scary, right?
03:00
And of course my question to him was, what does it run? And he said, run? And I said, yes, there is software on this device. And it just so happens that I'm an engineer turned lawyer. I'm really interested in free and open source software.
03:20
I know that these devices rely on their software and their algorithms to determine when to deliver shocks and when not to. Can you tell me anything about the software? And he said, software? He had never thought about the software on these devices. He often implants more than one of these per day.
03:40
This is a really smart, great electrophysiologist. Never thought about the fact that there was software on these devices. He says, you know what, I'm just not that, you know, I'm not that into computers generally, but not to worry because you're in luck. Today in our office is the representative
04:01
from Medtronic, the medical device company that I tend to use. He's here in the office and he will have the answers to all of your questions. I'm gonna go get him. Tom, come on in. So Tom comes on in and he's the device representative and he gets this cocky stance, you know, and he says, what is your question?
04:22
And I said, I just wanted to know, what does it run? And he says, run? And we have this whole conversation again and the rep had never thought about the software that ran these devices. And all of a sudden I was sort of like, what is happening here? This is just this alternate universe I don't understand. And so Tom says, don't worry because we have a hotline
04:43
you patients can call to ask all of the questions that you might ever have about your device. So of course I dutifully call the hotline and get put on hold, get transferred around. Of course, never got the answers that I was looking for. And so I started launching a study into the safety
05:05
of medical devices, the software on medical devices. Of course, I totally put off getting my defibrillator while doing this study, as one does, because the very idea of having this device in my body,
05:21
and this is already 10 years ago, it was like really unnerving and stressful. And I wasn't sure if I was sort of ready for my identity to change. I wasn't sure if I was ready to have, you know, wires running through my arteries and screwed into my heart.
05:41
And so I started thinking about becoming like these issues about my new becoming and I was becoming a cyborg. And of course, this was a very handy way to put off the surgery that I needed to do. And eventually I wound up realizing that I couldn't put it off any longer. My chance of suddenly dying is two to 3%
06:03
per year compounding, and I was 30, so it was like a 25% chance by the time I was 40. So yeah, it was pretty stressful thinking about what to do, but I knew what kind of cyborg I didn't wanna be.
06:23
And for those of you who don't know, this is Bill Gates as a borg. And I realized that I would literally have proprietary software sewn into my body and screwed into my heart. But I also thought that being a cyborg might not be all bad, I would be unique.
06:42
And I would use my powers for good, meaning that I would carry out this research, which was really difficult, because when you start to look into the safety of the software on our critical devices, it is appalling, right? And so looking at all of these studies, I had to occasionally put the research away,
07:01
because as I started finding out all of the software recalls, all of the failures that have happened over the years, it was very personal, because it wasn't this theoretical thing. It was my own heart, it was my own device, it was my own life. And so I kept sort of leaving it and coming back to it. And what I found when I finally completed the work
07:24
and published the paper, which is called Killed by Code, which is catchy, when I published the paper, is that something that everybody here knows, which is that all software has bugs, right? The Software Engineering Institute estimates that for every 100 lines of code,
07:42
one bug is introduced, and a lot of important applications have a lot more than 100 lines of code. And of course, pacemaker defibrillators have been shown to be vulnerable. And it was so interesting, because when I first started talking about this to my cardiologists,
08:02
there had been no exploits that had been published at the time. And so I was sort of talking about this, and they were acting as if this were not a possible, like this was a far-fetched situation. I even had an electrophysiologist
08:22
hang up on me on the phone when I said, think about the class of people that have pacemaker defibrillators. It's not too far-fetched to think of somebody wanting to attack politicians. And that while these devices are broadcasting wirelessly, that they become targets.
08:42
And that electrophysiologist said, if you wanna get the device, I'll help you, but you're a lawyer, and I don't trust you. And I think that you're just trying to stir up trouble. I found a new electrophysiologist, and it's interesting to sort of see how,
09:03
as time has gone by, more critical devices have been shown to be vulnerable, and people are starting to take this a little bit more seriously. And that's a relief. And there have been a lot of, it's a relief, but it's also sad, because it means we have to see the failures in order to get any change. And so, once I started to see how critical these issues
09:22
were for free and open source, sorry, for medical devices, and how much free and open source software could help, I started looking into other fields. Once you realize how bad it is in the medical device space, it's a very short walk to cars, and from cars to voting machines, and for everything else that powers our democracy.
09:40
So, and our society. Anything that's life and society critical. So there are a bunch of studies that came out. The defibrillator ones that were early implanted, the defibrillators, into a big bag of meat. You can see in the study, they have this picture of a bag of bacon, and a defibrillator inside it, and they were able to get personal information.
10:02
The academics were able to show that you could disable the pacing functionality, and you could deliver a fatal shock. This is a picture from one of the car hacks, and what I love about it is that the car thinks
10:20
that it's going 140 miles per hour, but it also thinks that it's in park. And so, as these things, as these studies show that our devices are vulnerable, we have to really start thinking about these issues of our software.
10:41
So a premium class car has close to 100 million lines of code. If we take the Software Engineering Institute estimate of one bug introduced for every 100 lines of code, that could mean a million defects. So even if we catch the vast majority of defects, then we still have a lot of defects.
11:02
There was one study that took all of the FDA recalls and studied the recalls that were connected to software, and they found that 98% of them could have been detected with all pairs testing. So some basic software testing has historically not been done on these devices.
11:21
Now, in my studies, I also learned about the honeymoon effect. Raise your hand if you know what the honeymoon effect is. Just one person. It's not drinks on the beach, like I wish it were. But it's a study that looked at both free and open systems and also proprietary systems over time, and it didn't look at the number of bugs over time
11:44
because the number of bugs generally decreases over time in a software project, but instead looked at vulnerabilities and exploits. And what it found is that there is a period of time where there are no known vulnerabilities, generally.
12:01
And that time can be short, but it can also be very long. And they call this the honeymoon period. Because, and they posit that there are a bunch of different reasons why that might be the case. They can be social reasons or they could be technical reasons. But while we think that devices are most vulnerable when they first hit the market,
12:21
I think a lot of companies are focused on making sure that their devices are secure upon release and scramble right after release. In fact, once the vulnerable, so there's a period of time when, in fact, there are no vulnerabilities, but once a vulnerability is detected, it increases almost exponentially.
12:42
And it found that, the study found that free and open systems respond better than proprietary systems, that the learning curve is a little bit different, and of course, free and open source software has the fundamental benefit that when there is a problem, we all can do something about it.
13:01
We don't have to wait for the manufacturer to first admit that there's a problem and then create a fix, right? Free and open source software, the benefits are obvious and they help. And this stands for the proposition that we don't have to worry about our products necessarily right now. Right now, when the companies that are releasing them have great relationships with their vendors, the vendors are still in business,
13:23
but it's down the road. And products that are on the market for a long time, like my defibrillator, like a lot of cars, like a lot of the equipment that we rely on from day to day, we're gonna have to worry about these vulnerabilities down the road. And if we don't have complete and corresponding source code,
13:41
to use a quote from the GPL itself, if we don't have complete and corresponding source code and the scripts to control installation, we're gonna be completely out of luck if the manufacturer's vendor is no longer in business or doesn't have the source code or if there were not great development practices in-house at that company and there was a build guru
14:02
and nobody knows what that person did and we can't. You know, so doing this study, I went from someone who thought that open source was cool to someone who realized that software freedom is essential. And people say to me, you know, oh, you're totally misguided
14:24
because you wanna hack your own defibrillator and that doesn't make a lot of sense and you want anyone to be able to hack your defibrillator. And right now, we have the worst of both worlds. Right now, we have closed proprietary software
14:43
with no real security. So these devices, like my defibrillator, broadcast remotely, wirelessly, but they have no encryption or password protection on them. So right now, we've just got the worst. And then of course, we're building this huge
15:01
internet of things where everything is being built with wireless functionality, which then talks to everything else. And in a world where everything talks to everything else, we don't even know what our most critical life and societal software is because where everything's talking to everything else, everything can be life and society critical.
15:23
And what's astounded me about all of this is that people are being connected in ways that they have no idea that they are being connected. I mean, the fact that my electrophysiologist had no idea there was software on these devices, he hadn't thought about the fact that my device
15:41
would be broadcasting wirelessly, or that I could potentially go to conferences where someone might want to interfere with my defibrillator for a while, right? The very idea seemed like a conspiracy theory to him. And to me, this seemed incredibly real. And I think that millions of people
16:02
are in a situation where they're being prescribed devices and integrating software into their lives in ways that they don't have the tools to contemplate and they haven't thought about. So all of this sort of propelled me in the direction of being extremely passionate about software and software freedom,
16:22
because all software has bugs, but at least with software freedom, we have the option to do something about it when disasters happen. And so I started working much more in the public interest. So this is the logo from my organization called the Software Freedom Conservancy.
16:42
We're a charity based in the United States, and we've got 45 member projects. So we're like an umbrella organization. And so I'll do this and say, so who here is using a member project of conservancy? We've got Samba Wine, Inkscape, QEMU,
17:01
Corbut and Etherpatter now both, remember Git? That's my jump card. So these are basically software projects that are collectively working in the public interest to make free and open alternatives. And this is extremely important to me
17:22
because I think it's important to society. One of our projects is also Outreachy. Raise your hand if you have heard of Outreachy. Just a few people, so I'll mention it. It's a internship program for women and non-binary people internationally and within the US people of color to help make free and open source software
17:41
a little bit more inclusive. Our ratios are laughably out of sync with the general population and with software development in general. The percentage of, the stats I have are on women, so the percentage of women in all software, meaning proprietary software generally,
18:01
is like 25%, but in free and open source software, the most recent study came out as being 1%. So it's pretty extreme. And so we have this, we have about 80 internships per year, there are remote paid internships and I recommend that you look into it because software freedom democratizes technology, right?
18:22
We give everyone the tools so that any kid anywhere who is working on a game who can access the source code can play with it, can learn from it. Raise your hand if you got started with free and open source software because you were interested, or got interested in software because of a game. So like a third of the room. That was the case for me. The first program I wrote was a game.
18:42
Like, you know, it's huge. And so having, software freedom basically allows anyone who has access to the source code to be able to do what they want with it, to engage them in the process, to have access to technology, but because our communities are not particularly inclusive, we lose a lot of that democratization. It's not, we're doing something fundamentally wrong.
19:02
We're doing something wrong if we can't draw in a group of people that is representative, at least loosely on the population of software developers as a whole. And then another thing that the Software Freedom Conservancy does is that we are the home of the GPL compliance project
19:21
for Linux kernel developers. So there are a group of Linux kernel developers who have asked us to enforce the GPL for them on the Linux kernel, and we also are the home of the Debian Copyright Aggregation Project. And so when companies, getting a thumbs up here. And so when companies are not in compliance with the requirements of the GPL,
19:42
we ask them to comply very nicely. We published principles of GPL enforcement so that everyone knows where we stand with an eye towards long-term adoption, but when companies refuse, we have to be ready to file lawsuits. Because if nobody stands up for the GPL,
20:01
if nobody stands up to implement the rules, then ultimately no one will follow them. And that's what we've been seeing, is that a lot of companies will distribute violating goods because they know that no one will ask for the source code, and if they do, nothing will happen to them. And so this is one of the projects that's been very important to us.
20:21
This is a slide I nicked from the Linux Foundation. It's a slide that shows how great Linux is. It's everywhere and everything. A lot of people have started to say that free and open source software has won because it is so prevalent.
20:41
But to me, that doesn't seem to be the case. To me, free and open source software is everywhere and it's in everything, but it's at a low level. It's only for certain things. We have less freedom than ever before. We have less access to changer software, to control our software, and we have become ever more reliant on companies to provide our products for us.
21:03
Raise your hand if you have a job where you work on free and open source software as part of your job. Sorry, where you work on, where you write some, contribute to a free and open source software project
21:20
as part of your job. It's like half, maybe a little less. There's a lot of money in free and open source software and it's tempting to think that our business interests and our free and open source software interests are completely aligned and that there's nothing, you know, that we've kind of entered a new phase
21:41
of our software development and our relationships with companies. But for me, it comes back to my defibrillator. So recently, I was pregnant. When I was pregnant, I got shocked by my defibrillator because my heart was doing
22:01
what normal pregnant women's hearts do. About 25% of women who are pregnant get shocked, sorry, about 25% of, eh. A very high, I'll actually say a very high percentage of the women who have defibrillators get shocked when pregnant. But I'll explain that.
22:21
But 25% of women who are pregnant have their hearts palpitate and my heart did that and my device thought that I was in a dangerous rhythm and so I got shocked twice, unnecessarily, by my device. When I went to see my doctors about it, the solution was not to tweak the settings, the configuration on my defibrillator,
22:40
but it was instead to put me on drugs to slow my heart rate down. I had to take so many drugs to slow down my heart rate that I had a hard time walking up a flight of stairs. I didn't need these drugs. I needed them to prevent my defibrillator from giving me inappropriate treatment. I promise you that the medical device manufacturers
23:02
do not want pregnant women getting shocked. This is the last thing they want is for pregnant women to get shocked. That is a press nightmare, right? But only 4% of the people who have pacemaker defibrillators are under the age of 65. Only 4%. And fewer than half of the people who have,
23:21
of all the people who have pacemaker defibrillators are women. So the set of people who have defibrillators and are pregnant is tiny. I went to a hospital, so my hospital was in New York City which is a huge hospital. They have so many women giving birth in this hospital that they never have free beds.
23:41
When you go into the hospital, the waiting room is full of women who are in advanced stages of labor. Get these women a bed and they don't have that. There's so many women. And I went to the high-risk obstetrician in this hospital and I was sort of at the end, during the process I said to her, you should know for your future patients
24:01
who have defibrillators. And I was gonna tell her a few things that I had learned along the way. And she said, oh, I won't have, I don't have patients with defibrillators. And I said, well, you'll have more patients because you're the head of high-risk obstetrics at this huge New York hospital. And she said, oh, in my entire career, and she was quite senior in her career, my entire career I've only had one other patient
24:21
with a pacemaker defibrillator. Like this is just, it's just so rare, right? Now the medical device manufacturers don't want pregnant women to get shocked, press nightmare, but they're just not focused on the issue. There are too few women in this situation. There are too few patients who this situation matters to for them to even notice it, let alone to care. And being pregnant is a temporary condition.
24:43
So mere months after I had been unnecessarily shocked, I was no longer pregnant and the problem had gone away and I didn't need my defibrillator calibrated in any additional way, right? And this stands for the proposition that the products that we are relying on aren't necessarily designed for us, right?
25:01
Companies might not have our use cases in mind, not because of any malicious reason, but because they're simply not focused on our particular situation. And that could be our geographic area, our general population, what we're using the software for it could be just about anything. And for me, that was just this,
25:22
that's just a realization that if I had free and open source software, I could have organized all of the pregnant women with defibrillators to hire medical professionals to help work with us to modify our medical devices so that pregnant women in the future would not get unnecessarily shocked, but we do not have that ability
25:41
because we don't have any control over the technology that is in our own bodies and that we rely on. And it's a delicate balance, it's tricky, right? We need to have this commercial support of our software, we need companies to be active in this space, we need to, and at the same time,
26:02
we need to recognize that our societal needs for our software are real and that they need to be put in balance with corporate interests. And I think that we have in fact, I think we've gone too far in the other direction. So free software was in part so successful early on,
26:21
in part because of our license choice, because of our choice of using copy left and GPL software amongst other reasons. There are a lot of reasons why free software was successful early on and continues to be successful. But when we have copy left, we can demand,
26:44
we can ask for a source code of the products that we receive and we can expect to have it. We can hire whatever professionals we want, we can take control of our own technology, we can hack our own bodies if we want, which we currently can't do. I am not, not only am I not in control
27:02
of the software in my own body, not only can I not see the software in my own body, I'm not even the customer for the software in my body. It's the doctor, it's the cardiologist that chooses which defibrillator you get. I'm so far removed from control of my own defibrillator, of my own software, of everything that is keeping me going.
27:22
And I think that this is, not to make the pun of shocking, but it's just, but it's a trend that we're supporting and we're ceding control over our technology on a daily basis and my defibrillator is merely a metaphor for all the software we rely on.
27:43
And over time, it surprises me how much these issues that seemed somewhat theoretical back when I first started getting diagnosed with my heart condition, that how real that those issues have become. And so, over three million people worldwide have,
28:03
it's like 3.25 million people have pacemaker defibrillators every year and about 600,000 are implanted. I learned this interesting fact that Germany is one of the, is one of the countries that has the highest pacemaker defibrillator implantation
28:22
per capita in the world. This is just in Europe, but I think it's second to the U.S. only. And it's not just defibrillators. We are all in a process of becoming
28:41
and unbecoming cyborgs, right? We rely on, it's a little cheeky. Some people object to me calling myself a cyborg because I have a defibrillator. There's this organization called the Cyborg Foundation and they're reluctant to engage with patient groups in the insulin pump and defibrillator space
29:02
because they wanna be discussing issues around the voluntary cyborg issues. And so, we can't necessarily even anticipate the technology that we'll be adopting. Some people will say, ah, well, you know, if I wear glasses, I'm a cyborg.
29:21
And the answer is yeah. The degrees of what we do in becoming and unbecoming cyborgs on a consistent basis are flexible and fluid. And as our diagnostic technologies become cheaper, a lot of the medical devices will become more accessible to people. And as technology becomes more portable and wearable,
29:42
the lines between what makes you a cyborg and what doesn't make you a cyborg will be blurred. And I really loved giving this talk while I was pregnant because I could say, think of the children. But we must think about the children because it's naive to think that we are not working
30:00
towards a society where all of our technology is intricately woven into the fabric of our lives every minute of every day. And at the same time, we are not building infrastructure that is safe. And we are not building infrastructure that we can control. And that's problematic. Some of these issues will be also discussed tomorrow at 10.
30:21
Emma's giving a talk, she's right here, yeah. So I suggest checking out her talk too. But I say cyborgs unite because if you are not a cyborg now, you will become one soon. And if it's not you, then it's someone you know or it's your children or it's basically everybody in our future.
30:41
These are issues we need to engage in. But because it seems so far-fetched, like oh well, I would never implant a chip into my body voluntarily, why would I ever do that, right? Or it's just I have complete control over whether I wear glasses or not or when I'm consuming information.
31:01
But the line between what is a part of our body and what is not a part of our body is becoming thinner and thinner. And it's about being able to control what happens to us down the road. And if we continue to generally support the integration of proprietary software, if we continue to perpetuate an internet of things
31:21
that doesn't, somebody joked to me, somebody I heard said the S in IOT is for security. And so we must be forward thinking about these issues. I recently became a cyborg 2.0
31:41
because I got my defibrillator upgraded, I got a new one. And I was surprised because I thought, well, almost a decade has gone by, we must be in a much better situation than we were then. When I got my original defibrillator, I was so worried about a lot of these attacks that I was able to, I finally found an electrophysiologist
32:04
who understood what I was saying and he called around and found an old device that didn't yet have the radio telemetry on it. And so I got an old device and I was safe and comfortable in the knowledge that at least my device wasn't broadcasting wirelessly
32:22
and that I could go to whatever conference I wanted, go to it and not worry about it. But when it became time for my upgrade, what I discovered was that all of the devices have had the radio telemetry enabled. All of them have it and initially I was told
32:41
that all of them have it switched on by default and that you cannot have it switched off. And so the same electrophysiologist who understood what I was going through the first time and found me this old, the last sterile device in all of New York City without radio telemetry on it, he let me call all of the manufacturers along with the technician.
33:01
And so you know, I don't know if anyone who calls medical companies or medical offices, they always have separate buttons for doctor's offices that get you through the queues directly. And so they called with me and it was pretty cool because the doctor's offices are the actual customers on the devices. And so the device companies,
33:21
it's not that they don't care about their patients, I don't wanna be exaggerated, they care about their patients. But the patients are not the ones who are gonna make the decisions over whether they purchased their product or their competitor's product. But when you call with the doctor's office, especially the electrophysiologists who implant so many of these, the device manufacturers jump.
33:41
So we called, so I was able to call together and we called on speakerphone and we called every single one of the device manufacturers who market their defibrillators in the United States. And it was astounding. One of the device manufacturers had refused to talk with me on the line and asked the nurse practitioner to pick up the phone
34:02
just to ask the questions that I would have been asking. And it turned out that none of their devices could have the radio telemetry disabled. My favorite was Biotronic, which was so bad I'm gonna name them.
34:22
But Biotronic said, oh, you don't need to worry about this because our devices are hack proof. I have asked Biotronic to donate some devices to test this proposition. But they basically were saying
34:40
that because their devices had not been shown to be, they were not the subject of any of the exploits that they were hack proof. And I explained that because they were neither the first nor the second market player in the device space, that they would not be a natural first choice to demonstrate the vulnerability and that all software is vulnerable. Completely stonewalled. The representative had no interest in talking to me.
35:02
It was amazing. And eventually I gave up calling all of the major manufacturers because they all said that they had no, like I went from being someone who was demanding my source code in my own body to simply asking that my body not broadcast remotely. I didn't even bother asking if I could see the source code
35:20
because the issue of the radio telemetry was so much bigger at that moment. And then eventually my electrophysiologist remembered that there was one more small manufacturer that we could call and that manufacturer had a single device where you can disable the radio telemetry. A single, one device on the market
35:40
where you can disable the radio telemetry where you can have a non wireless defibrillator. Now having the wireless interface is helpful for a lot of people. There are these monitors that you can have on your bedside table that will monitor the data from your device and if you get in trouble it'll send information.
36:02
You don't have to go into the doctor's office quite so often because the data will get transmitted to your doctor's office automatically. But then again, those monitors were shown to be subject to mass attack. St. Jude had a vulnerability last year which they then denied. And a security firm basically,
36:22
and the firm that was publicizing, they basically made press because a financial firm short sold the stock and that got everyone's attention. And then finally they admitted there was a problem and they fixed it. Contrast that with a Johnson & Johnson vulnerability where for the first time
36:41
a medical device manufacturer stood up and said these devices are vulnerable. This is one vulnerability. There will be more. We are hiring one of the, they hired Jay Radcliffe who is one of the researchers that I've worked with in the past. And they hired him to basically address these issues
37:02
and face it head on. And this is incredibly important, showing companies that bringing transparency brings safety. It doesn't necessarily bring this press disaster is huge. What was a complete disaster for St. Jude was a huge success for Johnson & Johnson and their insulin pump versus the troops.
37:20
Anyway, slightly off track because I brought this up because for a lot of people having the monitor is very helpful, but for patients like me, I'm asymptomatic. For me, the issue is am I gonna go into sudden death or not, right? Am I gonna suddenly die and am I gonna need a shock? Is the device functioning properly at that moment and will I get my life-saving shock if it does, right?
37:44
And I don't need to have myself wirelessly monitored at all times. Many patients don't need this. We need to stop putting this, introducing wireless functionality and connectivity by default. But most importantly,
38:07
adamant and I ask you all to sort of join in talking about the ethics of technology with your employers, with everyone you know. Understanding the benefits of free and open source software
38:22
is a huge step of this. Being able to take control of our technology and fix problems when they arise and to be able to tailor to your situation or organize as a group to deal with these situations is going to become more and more important because when we have proprietary software,
38:41
when there's a problem, we're out of luck. We have to stop using the product or return it. For me, that means surgery. That means having to replace my defibrillator, right? But with free and open source software, an end can be a beginning, right? So I'm leaving plenty of time for questions.
39:01
Thank you so much. This presentation is CC licensed and the Software Freedom Conservancy is a very poorly funded charity. Anyway, so questions. Oh, thank you.
39:29
No, I'll repeat your question. So keep it a little like concise or I'll have to ask you to repeat it.
39:51
Right, we have, how do I feel about network services?
40:02
We have free and open source software in everything but less freedom than ever before. What is the importance of software freedom in this context? I have to say that I thought really deeply about the importance of software freedom as a movement recently.
40:20
As an American, in our political climate, I started wondering how important is software freedom anyway? I would be dishonest if I got up on stage and said that free and open source software is better and or safer than proprietary software. We simply can't say that, right? But free and open source software stands a chance of being better and safer over time.
40:42
Studies show that free and open source software that has the resources put into it will be better and safer. And so with free and open source software, we stand a chance. So free and open source software is a cornerstone issue. Without free and open source software, we don't have control over our technology but it's certainly not the only issue.
41:02
It's just it's such a long-term issue so it's hard to get people to understand. So after the election in the United States, we and a lot of other free software charities saw a real decline in donations.
41:20
People wrote us notes saying, I'm really sorry that I'm not gonna give to you anymore but I feel like I need to give to the ACLU or the EFF or some other issues. And all of which are incredibly important and are important right now. But with free and open source software,
41:40
this is an issue that looking at that Honeymoon effect guide that is long-term. If we don't have free and open source software, we have no control over our technology. And so if we have nobody minding the store now, we don't stand a chance later. We're allowing proprietary software companies to build the critical infrastructure
42:02
that we're relying on for everything where we don't have control, we don't have data portability. And so for me, it cannot be an isolated issue but it is a fundamental one. So the question is that when I talked about
42:41
having been unnecessarily shocked when I was pregnant, would that have been different? Would I have been able to configure my defibrillator if I had wireless turned on on my device? And the answer is no because you can still talk to my device remotely, you just need to use magnetic coupling.
43:01
So this is my current device and my old device. My current device has radio telemetry but it's disabled. My old device didn't have any radio telemetry because it was too old. But you can talk to these devices using what they call a programmer, which looks like a big mouse that they put next to your device and then through a magnetic interface,
43:21
you can communicate with the device. And this is great because in order for that to work, it has to be very close proximity. So you know who is in control of your device and who isn't, whereas with the radio telemetry, by the time you walk into the doctor's office, they can be adjusting your pulse before you even sit down.
43:43
And we tested the devices at my electrophysiologist's office and they were able to continue to see the devices until, it was a very large building, until the patient actually left the building and it was a very big building. And I live in New York City and it would be very easy
44:01
for someone to just sit right outside my house and not be noticed and potentially interfere. So having the radio telemetry would not have influenced my particular outcome because if there were a software fix that I could have used, we could have implemented using magnetic coupling.
44:21
But it simply would take too long and be too highly resourced to be able to do that. No, there was just no possible way to even consider doing, modifying the software to prevent my situation. So if you want your device to be secure, presumably you want the communication to be encrypted.
44:41
Right, if I want my device to be secure, I want the communication to be encrypted. If you do that, sort of defeat your own point of having the source code because without the key you'd be. I mean, I want real, so am I, with encryption am I sort of defeating the point? No, no, I want free and open source software
45:01
so we can test the software to see if it's functioning as we expect it to. I want to be able to perform tests on the software in my own body. I want to be able to assess, I want to QA it. But at the same time I want it to have real security. I want it to have encryption or password protection. I want to have a private key for my own defibrillator. I want the software to be free and open but I want real security.
45:21
I don't want security through obscurity which we know doesn't work. How does it feel to get shocked and how do I charge my defibrillator? It feels really weird to get shocked. It's probably the most common question people ask me when I'm sort of like,
45:41
hey, let's talk about these issues around ethical technology. And people are like, how does it feel to get shocked? It feels shocking, right? No, people feel differently about it. There are pacemaker forums where people talk to each other about this stuff and it's been really fascinating to see how different people are.
46:01
For me, some people say it feels like being kicked in the chest. A lot of people pass out and fall over. For me, two of the three times I've been shocked, all unnecessarily by the way, I have never needed treatment for my device as it turned out. But two of the three times I was walking,
46:21
carrying a cup of coffee, both times, and both of those times I kept walking except I involuntarily squeezed my coffee cup and the lid flew up and the liquid bounced out and I heard somebody yelp and that turned out to be me.
46:41
And I kept walking until I realized what happened and then I sat down and sort of shook on it. It's like a weird metallic taste for me and I could hear it. It was like, you know in a comic book when the character sees their love interest
47:01
across the street and the heart goes boing? That's how it feels for me, I think, because of the sound because the capacitor's charging. And I feel a little bit nauseous right before it happens because the defibrillator tries to pace you before it tries to shock you and when my pulse gets changed, I get nauseous. And the second question was how do I charge my defibrillator
47:20
and the answer is you don't. And this is the reason why there historically hasn't been encryption on these devices is that these devices are only as good as their battery and they can't be charged externally. So the device is only as good as the battery and so one of the reasons why we don't have real security built into these devices like password authentication is because each time that you,
47:43
every effort to implement this security would decrease the battery life which is everything for these devices. So people say that also for when the ambulance comes, if it's password protected and it can't deliver treatment, but all of that doesn't make any sense. Like you can disable these devices with a strong magnet
48:02
and if there's a life saving, if someone is coming with a life saving equipment and knowledge, disabling the device probably makes the most sense or is certainly consistent with that strategy.
48:34
Have I heard the theory that everybody's a cyborg because of the way we evolve with technology? I have heard that and what's interesting is that
48:41
the idea is that the language is technology and so in order for, even just for us communicating with each other, we are cyborgs and I think that this is an important point and I think that it's part of the reason why we need to be less fearful of what it is to become a cyborg and embrace the fact that we all are and the ways that we use technology
49:00
are so personal to us that it is, that we have to worry about these issues anyway because we're all already there. Do we have time for, has conservancy ever been contacted
49:21
by a medical device company? I have talked to representatives at medical companies and it's been really cool because they have changed. So what's happened that's so awesome is that lawyers are now getting the fact that releasing source code has some advantages for security
49:44
and I think lawyers get the fact that down the road somebody is going to say, your honor, we knew free and open source software was safer, we knew that if we allowed people to test the safety of these devices that it would provide safer equipment in the long run and why did you keep your software
50:01
proprietary with no real security? So in-house counsel are starting to understand that free and open source software is a way to mitigate risk a little bit but it's a slow process. I was contacted once about a, or we were contacted once about a medical device where there was inadequate source code
50:22
so it was a violation report. There are a lot of medical equipment, especially not implanted devices because they are very lightweight software but a lot of the hospital software has free and open source software in it and a lot of it that doesn't have free and open source software on it is deeply problematic
50:40
because hospitals have finite amounts of money and often they buy equipment that they can't renew their proprietary software licenses for so they say they don't upgrade and they keep old equipment and then all that hospital equipment has back doors in it. So not awesome. Do we have time for one more question or? One more, okay.
51:06
What is the, what can an ordinary person do to help solve the problem for software freedom? Several things. One, re-examine your license choice. Start examining, start favoring licenses
51:22
that encourage reciprocal, you know, so favor copyleft because that will provide us with the most freedom going forward. If a lot of, people sort of, people when free and open source software was new, when the Linux kernel was new, people said that GPLv2 was a non-starter. No company would ever use it.
51:40
It was poison, it was terrible. We, you know, no one would ever get comfortable with it and then the Linux kernel became so interesting and so useful that every company became familiar with it and then they said GPLv3 was no good and only GPLv2 is useful. And it's sort of the same, as long as there's useful software that companies can use, they will become comfortable with it
52:01
and I think that we've had this whole slide towards non-copyleft in the name of adoption which has then caused a lot of fragmentation and prevented us from having more software freedom in the future and practical control over a product. So I would say favor copyleft, exercise your offers for source code
52:21
even if you don't intend to do anything with it. If you get a product and you see a notice that says this has free and open source software inside, just email the address and ask for your source so they know people care. When you are negotiating your employment with your company, like if you're negotiating new employment,
52:42
ask will I be using a lot of free and open source software, will I be able to contribute, can I keep the copyrights to my own code? You don't have to necessarily insist on it but the more companies hear that developers care about keeping their own copyrights, the more it will become something that they can use to attract new talent.
53:01
And then I would say support the organizations that promote software freedom. There are a lot of them that are very small like ours and run on a shoestring and struggle to keep it going. So I'd say all of those things. And there's plenty more, like have you talked to your friends about software freedom?
53:21
Just talking about these issues and raising awareness for them is really important. Oh, and so now I have to cut off. Thank you so much, I'll be around today and tomorrow so feel free, I'd love to talk about this stuff. Thank you.