AMENDMENT Global Open Source Quality Assurance of Emergency Supplies
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 542 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/61415 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 2023360 / 542
2
5
10
14
15
16
22
24
27
29
31
36
43
48
56
63
74
78
83
87
89
95
96
99
104
106
107
117
119
121
122
125
126
128
130
132
134
135
136
141
143
146
148
152
155
157
159
161
165
166
168
170
173
176
180
181
185
191
194
196
197
198
199
206
207
209
210
211
212
216
219
220
227
228
229
231
232
233
236
250
252
256
258
260
263
264
267
271
273
275
276
278
282
286
292
293
298
299
300
302
312
316
321
322
324
339
341
342
343
344
351
352
354
355
356
357
359
369
370
372
373
376
378
379
380
382
383
387
390
394
395
401
405
406
410
411
413
415
416
421
426
430
437
438
440
441
443
444
445
446
448
449
450
451
458
464
468
472
475
476
479
481
493
494
498
499
502
509
513
516
517
520
522
524
525
531
534
535
537
538
541
00:00
TwitterOpen sourceSystem programmingProjective planeBitDifferent (Kate Ryan album)Computer animationLecture/Conference
00:22
Open sourceTwitterSystem programmingSpacetimeAddress spaceSoftware testingSoftwareComputer hardwareRevision controlFundamental theorem of algebraMathematical analysisVideo trackingCryptographySimilarity (geometry)WebsiteInformationProduct (business)Entire functionUniform resource locatorComputer virusUsabilityOpen sourceCuboidDesign by contractChainObject (grammar)QuicksortMereologyCASE <Informatik>CryptographySoftware testingGoodness of fitTunisMultilaterationLetterpress printingSelf-organizationSoftwareProduct (business)System programmingSpacetimeFormal verificationCodeNumberTrailComputer hardwareStandard deviationProcedural programmingMobile appRegulator geneResultantDifferent (Kate Ryan album)Key (cryptography)Multiplication signPeripheralKnowledge organizationMetropolitan area networkRight angleInformationComputer clusterArithmetic meanData structureVideo gameSystem callPublic key certificateSampling (statistics)Computer animation
07:16
Product (business)InformationEntire functionUniform resource locatorComputer virusSoftware testingPurchasingServer (computing)FreewareVertex (graph theory)Point (geometry)Web browserDatabaseCryptographyOpen sourceGoogolSoftwareVideo trackingEmailSystem programmingPublic key certificatePublic-key cryptographyObject (grammar)System programmingComputer programDatabaseCuboidProgrammer (hardware)Confidence intervalMultiplication signKey (cryptography)TrailAuditory maskingOpen setProjective planeWebsiteHeat transferTelecommunicationCategory of beingSoftware testingInformationNumberInformation securityQuicksortRight angleNormal (geometry)Vector potentialEncryptionImplementationOpen sourceProduct (business)Point (geometry)Order (biology)Internet service providerFitness functionMetropolitan area networkPeripheralComputer programmingFreewareForm (programming)CryptographyView (database)Computer animation
14:11
TwitterMetropolitan area networkGoodness of fitLecture/Conference
14:43
Open sourceTwitterSystem programmingCASE <Informatik>DatabaseInformationWave packetCuboidComputer animation
15:16
Open sourceTwitterSystem programmingInformationCASE <Informatik>Object (grammar)Key (cryptography)Row (database)System programmingCuboidGoodness of fitComputer animation
16:37
TwitterDatabaseKey (cryptography)Object (grammar)CuboidChemical equationDigital photographySystem programmingInformation securityInternetworkingLecture/ConferenceMeeting/Interview
17:46
Program flowchart
Transcript: English(auto-generated)
00:06
So, happily, my talk is going to build a little bit on the talk that you just saw, the difference being that I'm making proposals and they actually built things, so it's a little different. My name is Robert Reed, I am the founder of Public Invention, but what I'm presenting
00:21
today is not a public invention project. This is co-work with two other people, Victoria Jaqua and Christina Cole of Open Source Medical Supplies. Open Source Medical Supplies and Public Invention are both U.S. 501c3 organizations. So what I'd like to talk about is global open source quality assurance of emergency
00:41
supplies, and we call this GOSQUAS, or the Global Open Source Quality Assurance System, and I'm making a proposal today for this. Now, open source manufacture has rapidly responded in a number of important cases to things that have happened, like open source software responded to contract tracing in the previous talk.
01:06
In particular, 3D printers can represent sort of an army for good that can immediately do things to help in a man-made or a natural disaster. In particular, we're working with some people to make tourniquets for the crisis in Ukraine
01:22
right now, and of course, if you saw my other talk, we've also made human ventilation products and other things. But when you do this, you have this fundamental problem, you have a widely distributed supply chain of people attempting to make useful products, but how do you trust them?
01:43
And the trust can be broken down into two issues. How do you trust that the design itself is useful? And then even if the design is a good design, how do you trust that the manufacturer is in fact a good manufacturer? Because of course, we all know, for example, 3D printing requires tuning and so forth.
02:02
Well, if you imagine using a tourniquet, which is a simple physical device but can easily be mismanufactured, especially if it's 3D printed, you're using it in a life-saving situation where you're trying to stop bleeding. If it breaks, you have a real serious problem.
02:21
And so even though a tourniquet only costs $20 and it's a relatively simple device, ensuring the quality of that is very important. It's almost better not to have a tourniquet than to have a faulty tourniquet. Now, I am a humanitarian engineer, and I consider humanitarian engineering the space that
02:42
I work in. Most of the people who worked for this that I know of were not making money from it. They didn't have a financial incentive to try to sell products to address these things. But nonetheless, engineers have a psychological problem, right? Nobody wants their baby to be called ugly.
03:00
And so all of us wanted to be heroes, and we wanted to save the world and save lives. And for that reason, engineers cannot be trusted to evaluate their own work, okay? But of course, this is a problem that the open source software community has dealt with already, and I'll deal with that. So in October of 2022, just four or five months ago, many non-governmental organizations
03:25
in the humanitarian engineering space got together for three hours, and we had really a surprisingly unanimous agreement that we needed quality assurance for rapidly manufactured open source devices. And we needed an alliance of NGOs to try to address this.
03:44
And so Christine and Victoria and I formed a new informal organization we haven't incorporated that we call GOSCOS, or the Global Open Source Quality Assurance System. So the open source software movement knows how to do testing, okay?
04:00
Of course, it's easier to test software than to test hardware devices. With software, you normally have automated tests that anyone is empowered to run. You download the Git repository, you run the test, and you have an independent verification of the quality of the code. So in a sense, what we want to do for hardware devices is what's already been done
04:23
for software devices or software systems. So fundamentally to this for hardware devices is to show the data. So you want a test procedure that's sort of a named standard test procedure. And then you want to record a test result. You want to say what was done, when was it done, how was it done, and who did it?
04:43
And you may have obviously an analysis of either you pass the test or you fail, and if you fail, in what way do you fail? And finally, you want a discoverable publication of those tests for the particular device. Now, there are examples of testing organizations like Underwriters Laboratory
05:01
and ASTM and other things. Often what happens is an industry begins its own testing procedures, and then later they become adopted into governmental regulation. So it's actually the case that many industries are sort of self-policing, and then they become part of a governmental structure later.
05:20
So what we propose is asset provenance tracking. As the fundamental way that we can improve the quality of rapidly manufactured devices. So when I say provenance, what I mean is the history of the device, in the same way that an art object has a provenance, right?
05:40
Who owned it, what happened to it, where was it physically throughout time? Now, this is a way to fight counterfeiting, which is a serious problem for medical devices, particularly in low and middle income countries, but even in other situations. It's also a way to organize documentation on behalf of makers.
06:03
So it's not necessarily that you're doing anything that couldn't be done some other way, but you could be relieving the burden of the makers themselves from having to do all of the documentation and distributing the documentation across a number of parties. So this would allow third party quality assurance testing,
06:23
relatively simple to implement, can use minimal well understood cryptography. I'm going to talk about that in a minute. Now, of course, people will say, well, there exists asset tracking systems. There is an open source app asset tracking system called Snipeit. It's possible that this should be a fork of Snipeit.
06:42
There are some ways in which it's different. What I is proposing is different than Snipeit. I don't have time in this talk to discuss that issue. But this is what we would like to produce. So you can imagine a box of tourniquets having a GOSQUAS seal printed on it.
07:00
Literally, a sticker is put on it. And the person who manufactures the tourniquets gets a unique key for this box of tourniquets, which either they generate or we generate for them. We describe the product, which is actually more important than you might think. And then we can give certain certifications if they have actually occurred for the object
07:24
so that anyone who holds the box in their hands can get some useful information about what's in the box. But more importantly, every box will have a key that you can use to look up in a public open access online database stuff about the particular object.
07:44
Now, it's kind of easy to understand how this would work. Imagine that it's made in Prague. It gets a private key. Someone else in Prague does a third-party test on it. That goes into the database. It's then purchased by a middleman in Egypt. The person in Egypt transfers it to Tanzania.
08:01
In Tanzania, someone verifies that it's in inventory. And a potential buyer in Kigoma then looks at the key, takes the box in their hand, points their phone at it, and says, this claims to be a box of masks or tourniquets or electronics or whatever.
08:21
And they look up in the website the complete history of the device. Now, just as we use for intellectual property and other art objects, if you can see the complete history of the device, it's very difficult to fake that. Not impossible, but it's quite, quite difficult to fake a chronologically accurate history
08:43
for a device. And so, in this way, it provides great confidence to the person in Kigoma that this product is what it says it is. Thank you, sir. Okay, now, I assume most of the people in this room are computer programmers. And they can probably have already imagined how this would be implemented.
09:03
From a programmatic point of view, it's very simple. You just have a database, you assign keys, you use one-way encryption. Much easier than the sort of public key encryption and the other kinds of things that are necessary today in the cryptocurrency world. You just do a simple one-way encryption of the key so that you allow a public access
09:28
where anyone can write into the database. Okay, now, there are a number of things that you would think are security flaws in this.
09:42
We don't have time in this talk to go over them, but I hold that the following principle is simple enough and good enough. It's not perfect, but it's good enough to build a workable system. If you have the device in your hand, you have a right to see the provenance. Now, there are ways in which that differs from our norm today.
10:03
For example, in the United States, if I have a box of something in my hand, I do not have a legal right to see where it physically was located before I got it. And if I have a box in my hand, I do not have a right to see the provenance in the future. Nonetheless, seeing those things is not particularly harmful.
10:23
You can imagine that being a right, and it wouldn't really hurt anything if that were true. And so, I consider this to be a great simplifying assumption. If you have the physical device, you have the right to see the provenance. And that simplifies an enormous number of things.
10:42
Now, what you're not allowed to do is, even though the database is, in a sense, public, you're not allowed to scrape it and see the history of all of the devices which are in the database. But you won't be able to do that unless you have the keys, because it's encrypted. Therefore, the database can be made a public database.
11:04
This is very, very simple, but I claim it's going to be good enough for us to really provide quality insurance. So, if you imagine this system existing, and you have a GOSQUAS seal that can be put on objects, you can ask, well, does it apply to medical devices, or does it apply to non-medical devices?
11:23
Does it interact with the CE stamp used in Europe to authorize medical devices, or with the US FDA? And the answer is, it can overlap all of those in a complicated way. It really doesn't require the approval of a government. It can be a completely open provenance tracking system, which is used or not used as people see fit in a voluntary way.
11:50
Now, the idea of open source devices are a threat to monopolies, but they're not a threat to large firms. There's no reason large firms could not use open source designs and use the same provenance tracking system
12:06
that we are suggesting here in order to give buyers confidence in their system. Today, very large firms have their own internal provenance tracking systems. They have asset tracking systems that they use for their own inventory purposes,
12:24
but they do not expose those and make them public to people and would consider them a trade secret. But there's no reason why they don't use an open source provenance tracking to add confidence to their products.
12:41
So, I claim that there's no reason anyone ought to particularly oppose this system. Now, we have started writing technical papers about this. These are very much in a draft form. They're not super great, but they're publicly available and we invite comment on them.
13:00
We are actively trying to build this system. And so, today in this very small room, I'd like to publicly launch the free global asset provenance tracking idea. Okay, I would like to be the technical lead of the new open source project system to build a website to provide this technology, but I can't do it completely by myself.
13:25
For one thing, I run public invention, which is a non-profit, takes up a lot of my time. So, I'd like to call for volunteers, both computer programmers and non-computer programmers who can handle business and communications and other things that we need to make this a reality.
13:42
There's going to be a lot of work convincing people to voluntarily use this system until it becomes respected enough that people start to demand it. Thank you. So, that ends my talk. Thank you. And I'm happy to take questions.
14:02
If anybody has a question, I'll repeat it into the microphone. Yes, sir.
14:27
So, the question is if you notice that something was previously touched. Yes, five steps.
14:41
The guy in Tanzania noticed that something is wrong. What happens? Well, so there's no guarantee that the entries in the database are completely accurate. But, it is the case that you can make an entry saying, it looks to me as if the device was tampered with.
15:03
Now, the people downstream of the provenance can decide what to do with that information or not. They can ignore it or they can say, well, so and so says the box was tampered with. I'm going to begin a legal proceeding with someone earlier in the provenance train or I'm going to ignore it or I'm going to believe that that was entered for some nefarious
15:28
purpose to sabotage my system. Or, I will use it to repair the device and inspect it and make sure that it's good. It's already the case that the US FDA requires market surveillance of objects for the purpose
15:44
of doing recalls as well as for other safety purposes. So, in a sense, the fact that you have that potential information is a positive thing about the provenance tracking, not a negative thing.
16:02
Yes, sir. Yes, the question is can anybody add information to the record for a device?
16:20
And the answer is yes, if you have the key. Okay, so a bad actor can't pollute the entire database. But if I broke into your warehouse and took a photocopy of a box, I could create a record for that. So, anyone can claim that they have this device if they have the key for the device
16:43
and they can make a false claim about it or an accurate claim. But just as with art objects and other kinds of things, I think false claims will be relatively easy to sort out in the system. And so, the great simplicity of this is that it's a completely open database that
17:02
doesn't require any security beyond maintaining the individual keys. And if a key for an individual object is corrupted, like for example, suppose I took a photo of your box and published it on the internet. Well, bad actors could likely disrupt the provenance of that box, but they could not
17:24
disrupt the provenance of the rest of your inventory. So, I claim this is the correct balance between simplicity and security and we don't have to go overboard on it. Okay, thank you very much.