Lawyer Demands Pacemaker Vendor Supply Source Code 334
oztiks writes "Lawyer Karen Sandler's heart condition means she needs a pacemaker to ward off sudden death. Instead of trusting that the vendor will create a flawless platform for the device to operate, Sandler has demanded to see the device's source code. Sandler's reasoning brings into question the device's reliably, stability, and oddly enough, security."
It's not forced on her (Score:5, Funny)
She could just let her heart regulate itself naturally.
Re: (Score:2)
Mod up hilarious
Re: (Score:2)
Not so hilarious, just quite interesting. And consider the implications.
We're not talking about a computer or a car. We're talking about a potentially life saving tool. Or, rather, not having it being life threatening. Not getting it is pretty much not really an option. But does that imply that someone has the right to force the manufacturer to open up their source code?
Re:It's not forced on her (Score:5, Insightful)
If the pacemaker vendor doesn't want to make the source code available its perfectly within its right to refuse to supply the pacemaker. Lawyer can go look for someone else to acquiesce to her ridiculous demand, assuming she doesn't die waiting for someone to give in, but any delay is entirely of her own creation.
Re: (Score:2, Interesting)
If you watch the talk, you'll see that there are several issues with this:
First, the software is known to be buggy. In fact, it is remotely exploitable. One group found an exploit that lets you remotely control someone's heart rate.
Secondly, because this is approved by the FDA, the manufacturer is exempt from liability for this kind of problem. The FDA does no review of the software at all, but their review of the hardware means that the manufacturer is completely immune to lawsuits if someone dies a
Re:It's not forced on her (Score:5, Informative)
Secondly, because this is approved by the FDA, the manufacturer is exempt from liability for this kind of problem.
Untrue. Just because a product is FDA approved does not absolve a manufacturer from liability. This is not only true for medical devices, but pharmaceuticals as well.
The FDA does no review of the software at all, but their review of the hardware means that the manufacturer is completely immune to lawsuits if someone dies as a result of a bug in their software.
Once again, untrue. As a Software Quality Engineer for a major medical device manufacturer, I can tell you the FDA does review software and has regulations and guidance surrounding software development. In recent years the scrutiny of software based device has increased so much, that companies are having a difficult understanding exactly what the FDA excepts.
Japan does not review software for devices, only hardware. However in order to get your product into the country it must be FDA approved.
Re:It's not forced on her (Score:5, Informative)
Re:It's not forced on her (Score:4, Interesting)
I also work for an FDA regulated company - blood chemistry immuno diagnostics device - and we are certainly audited, periodically, but not to the extent that you portray. We have code check-in forms and the auditors look at traceability: can they show that the files checked in were traced back to a particular defect record or change request item, etc. And our check-in forms are simple "Who wrote this change? Who reviewed it? Who's the manager signing off on it." That's about it. No justifications, no explanation of changes - except changes due to issues found during a review - no summaries of potential impact, or anything really substantive.
Re: (Score:3, Informative)
The FDA does no review of the software at all, but their review of the hardware means that the manufacturer is completely immune to lawsuits if someone dies as a result of a bug in their software.
Once again, untrue. As a Software Quality Engineer for a major medical device manufacturer, I can tell you the FDA does review software and has regulations and guidance surrounding software development. In recent years the scrutiny of software based device has increased so much, that companies are having a diffi
Re: (Score:3)
1) Does she have the device already, or is she still evaluating products? If she hasn't already had the device implanted the parent's point still applies. As a business they don't have to give her anything, and as a consumer she is within her rights to take her business elsewhere.
2) If the software is already "known" to be buggy, and remotely exploitable why would you want to consider this device maker to start with? she should already be looking for someone else. And furthermore why wouldn't the FDA have a
Re: (Score:3)
Re: (Score:3)
Lawyer, liar, it's all the same to me.
Re:It's not forced on her (Score:5, Informative)
Jesus Christ on a bike, I know this is a US site but you are all being just a teensy bit US-centric here. I'm pretty sure that, what with the article appearing on a .com.au site, she's Australian. And therefore different rules may apply
Re: (Score:3)
Re:It's not forced on her (Score:5, Insightful)
Does she require the code to be "opened up"? AFAICT, she wants to check the code, nothing more.
If I was the manufacturer of the device, she'd sign an NDA and get the code. Worst case, she spreads the code and gets sued. Best case, she improves the reliability or security of the code.
I don't really see any problem here.
Re: (Score:3)
Best case, she improves the reliability or security of the code.
What makes you think anything she can do will improve the security of the code?
How many times have we seen software makers just sit on bugs for months or years before someone publicly shames them into fixing it, usually by releasing exploit code??
Someone just released a pile of metasploit plugins for SCADA systems.
http://www.wired.com/threatlevel/2012/01/scada-exploits/ [wired.com]
Wightman and Peterson said they wanted to avoid the kind of situation that Beresford ran into last year when Siemens issued statements to customers downplaying the vulnerabilities he'd found and then swooped in at the last minute before his scheduled presentation to persuade him to cancel it until the company had more time to prepare patches.
"I didn't want a vendor to jump out in front of the announcement with a PR campaign to convince customers that it wasn't an issue they should be concerned with," Wightman said.
Peterson added that "a large percentage of the vulnerabilities" the researchers found were basic vulnerabilities that were already known to the vendors, and that the vendors had simply "chosen to live with" them rather than do anything to fix them..
What good would it do to inspect the code under and NDA?
Re: (Score:3)
Does she require the code to be "opened up"? AFAICT, she wants to check the code, nothing more.
If I was the manufacturer of the device, she'd sign an NDA and get the code. Worst case, she spreads the code and gets sued. Best case, she improves the reliability or security of the code.
I don't really see any problem here.
The problem is in the perception. If she finds "areas to improve" in the code, what does the manufacturer say to the tens (perhaps hundreds) of thousands of implantees with the code that "could be improved?" Swapping out the device before it's normal end of life is an additional surgery, which carries a slight but non-zero chance of death.
Re: (Score:3)
Two things here come immediately to mind. Let's assume that whatever is running in this system is non-trivial. If it was 1000 lines of code it could be validated the way they used to validate the Shuttle programming - mathematically. So it is probably 30,000 lines of code or more.
First thing is how would anyone "look" at that volume of code without spending months going through it and learn anything from it? What sort of interrupt-driven race conditions can exist and how would you even begin to understa
Re: (Score:3)
If I was the manufacturer of the device, she'd sign an NDA and get the code.
If I were the manufacturer, I'd tell her that the code can be reviewed inside of my SCIF [wikipedia.org], under supervision of one of my employees. If she pays for the costs incurred she can come and read the code all day long, every day. Of course nothing material leaves the SCIF, and she may not take notes.
Re:It's not forced on her (Score:4, Interesting)
You are driving down the road, you see someone preparing to jump from the bridge above you. You choose to not stop and the examination reveals they were killed by the impact with your car, if you had stopped, they likely would have died from the impact with the road. You would be held liable, as your failure to stop caused the death, even if the death was imminent anyway.
Re:It's not forced on her (Score:4, Insightful)
So in your world, if some idiot holds a gun to your own head and demands all my money his heirs can sue me when I tell him: 'wait a second while I get the money' then come back with a gun of my own (after all he are armed) and a video camera and tell him 'fuck off! you're going to be on Rotten.com!'
Even if the video includes me telling the idiot to 'fuck off' I'm legally free and clear.
Your analogy is just simply wrong. If someone jumps onto the freeway in front of you, you are not liable. Their heirs will pay to fix your car. No reasonable person would expect him/her to jump. Should I lock up my brakes every time someone is walking on the sidewalk of an overpass?
It's not surprising a lawyer has a defective heart (Score:5, Funny)
I thought they had their hearts removed when they passed the bar at the same place that performs MBA lobotomies.
Re:It's not surprising a lawyer has a defective he (Score:4, Insightful)
Re:It's not surprising a lawyer has a defective he (Score:4, Insightful)
The MBA lobotomy is a very precise operation, they only remove the parts of the brain that remember to pay taxes and how to truthfully report corp. earnings.
You forgot empathy.
Re:It's not surprising a lawyer has a defective he (Score:5, Funny)
The MBA lobotomy is a very precise operation, they only remove the parts of the brain that remember to pay taxes and how to truthfully report corp. earnings.
You forgot empathy.
If you had measurable empathy in the first place, they wouldn't have let you in.
Re: (Score:3)
Of course! Curse this properly formed brain of mine.
Re: (Score:2)
Re:It's not forced on her (Score:5, Insightful)
Usually, I wouldn't see how this is different from Coke not telling you what's in their secret recipe is. Ie, trade secrets are trade secrets. But if you listen to the interview, she makes, what I see, a compelling point: these devices have WiFi connections.
So they can be potentially controlled by a 3rd party after the fact of installing them in the recipients. Certainly, there are some people who don't understand the full implications of a medical device having a WiFi connection. So no one can claim that a layman would have an informed consent unless independent experts have reviewed the code.
Re:It's not forced on her (Score:5, Funny)
Tinfoil vest.
Re:It's not forced on her (Score:4, Informative)
No they don't. A lot of it is hidden under "natural flavours". We know they use a flavouring agent from the Coca leaf, for instance, but that doesn't appear in the ingredients list. Exactly what colouring agent they're using also doesn't appear.
I trust my life to Boeing every time I fly (Score:2, Insightful)
...and incidentally every time one of their products flies over my house to land at the DC area airport I live close to.
Yet I don't demand to audit their code.
Re:I trust my life to Boeing every time I fly (Score:5, Insightful)
Yet I don't demand to audit their code.
Well, if you don't demand that somebody audits their code you are pretty stupid. Unaudited code and code which is proprietary and never shared with outside bodies (this doesn't have to mean the public; just at least someone external) just doesn't have a place in any critical parts of our infrastructure. It is as irresponsible as it would be if Boeing didn't have to hand over the mechanical specifications of their planes, which of course they do. However, If you had read the article you would have seen this quote:
I think you will find that aircraft software, whilst it isn't open source and available to everyone, gets a bit more review than that.
Apart from that, the plane code isn't part of you and is, as a passenger, something you just visit for a short time. I think people have a right to understand fully, to the level of their own ability, things that are made part of their body.
not so easy to get scrutiny of flying procedures (Score:2)
Well, if you don't demand that somebody audits their code (for airplanes/airlines) you are pretty stupid.
Agreed in principle that it's desirable/vital to get that job done. But it's not so easy to achieve in practice, and I think it's not just stupidity (on the part of consumers/customers) that blocks it.
Some years ago I was a regular flier with a certain airline, and then they flew a couple of my work colleagues into the ground [ :( ]. The circumstances brought their operating procedures into question --
Re:I trust my life to Boeing every time I fly (Score:5, Informative)
In the 90s, the FDA realized that even if it could see the could, there was no way it could realistically audit code for all the devices it is required to review annually. So they switch from attempting to verify devices directly to insisting that devices be design and developed under a very high quality engineering paradigm.
So instead of looking at code trying to find problems, what they do is demand artifacts of a very disciplined design development and test process, reasoning that if people are in fact actually writing out test cases, doing internal code reviews with documented changes arising from them, maintaining requirements traceability matrices linking each line of code to a user requirement and then a lower level system requirement, then that process will result in better code than the FDA could accomplish by their own audit or that of a 3rd party. So the woman should be asking to see the details of the company's FDA submission, presumably under NDA from the company.
Now, whether the FDA is employing Design Control in a strict enough way is definitely a fair question - in particular the 510k (predicate device) submission process has left a lot of loopholes (due to its risk class, a pacemaker does not go through 510k, it goes through the more demanding PMA process). But to suggest that she or someone she hires will just be able to wade through the code to decide if she thinks it's high quality seems to me more like grandstanding than anything else.
Re: (Score:2)
Well, in fact I do ask about details concerning certain dishes, especially whether milk is involved in preparation. I admit to not asking the whole source code, but I am asking about an aspect which deeply and, should I ingest it, violently concerns me.
And that’s just about something that passes through my body.
Re: (Score:3)
Actually, people do that sort of thing *all the time*.
I have a coworker who can't have wheat or dairy, and it takes a lot of questioning for her to get a meal at a restaurant. My mom is allergic to soy (including soybean oil), and since soy pops up in the darndest places that means it also takes a lot of questioning for her to get a meal at a restaurant. No, they don't audit the cooks, but they do demand information about what they're about to put in their body, up to a point required to ensure their own he
Re: (Score:3)
Actually, people do that sort of thing *all the time*.
They do... and restaurants often say "we can't be sure, so you'll have to eat elsewhere" because they can't be bothered with it. So by your analogy (which I like) there is a risk that pacemaker manufacturers will do the same.
Re: (Score:2)
Ok then, do you demand the recipes of dishes that you order out in restaurants? And if they do provide them, do you then audit the cooks to make sure the recipe was followed exactly?
I do ask if they use MSG. And if the waitress doesn't know what MSG is, I go to the back and ask the chef myself rather than explain it to her and let her ask. Because I _will_ find out later if I don't.
Re: (Score:2)
Software comes with the usual THIS SOFTWARE IS PROVIDED "AS IS" disclaimer. Of course, when it comes to safety / security / health
Re: (Score:2)
Any safety-critical system in a commercial aircraft is subject to FAA approval. This requires things like multiple independent teams working on implementing the same specification, formal methods employed during the development, and so on. I'm not sure if the FAA audits the code, but I'm pretty sure that they can require a third-party audit. In addition, if a software bug causes an aircraft to crash, the customers' families will sue the airliner and the airliner will sue boeing.
Now, compare that with
Re: (Score:3)
...and incidentally every time one of their products flies over my house to land at the DC area airport I live close to.
Yet I don't demand to audit their code.
There is also a pilot and co-pilot in command of the aircraft. Most of the time they're sober enough to recover any software glitches before a crash, and they're usually awake during takeoffs and landings.
Re:I trust my life to Boeing every time I fly (Score:5, Insightful)
GP lives in their flight path. Around here it's difficult to impossible to find a place to live where a rather large plane doesn't fly overhead on a regular basis.
Re: (Score:2)
I've been to Charleston. Those are their top people working on it. Top people.
Plus, that's part of the lower cost of labor which is why Boeing moved there. Gotta take the good with the bad.
first, we kill all of the lawyers (Score:3, Insightful)
This sort of demand is why lawyers are disliked. The life science industry has to follow the FDA directive to perform a source code review. It is very unlikely that the source code in these devices have any remaining bugs due to the length of time that these devices have been used.
In addition to the source code for the software running the device, which is most likely to be extremely robust given the long time that these devices have been in use (+25 years), she might as well ask for the manufacturing process details for the battery, the casing, the electronic components, and the design of the microprocessor.
This is pointless since any qualified experts on the code are likely to be working for the device manufacturer.
Re: (Score:2)
And what if the bug is that it stops working on march 3rd 2012?
Re: (Score:2)
Then just delay releasing the source code until March 4th. Problem solved.
Re: (Score:3)
Why the heck would someone put a real time clock into a pacemaker?
That's the stupid question I've been asked time and again in 1999. But will $device work in 2k? With $device being something that has no chance in hell to have a RTC.
Re: (Score:3)
The point I was making was "I've tested it for 25 years" is not a proof in any way that it's bug free. It being the 3rd of march 2012 was simply an example of a condition that's never been tested in those 25 years... Others might include sun storms, unseasonable warmth, a certain bacteria in the patient, ........
Re: (Score:2)
oops... wrong mod
Re: (Score:3)
Sure you can make sure your tests have 100% code coverage, but that doesn't mean you've proved your program correct. Example, here's an (incorrect) program to print "Hello World" iff argv[1] exists and begins with 'a':
int main (int argc, char ** argv)
{
if (argv[1][0] == 'a')
{
printf("Hello World");
}
return 0;
}
I test it with two inputs... "apple", and "cat", I achieve 100% code coverage, but the program is still erroneous,
Re: (Score:3)
That's branch coverage, what you also want is input domain partitioning.
Re: (Score:2)
Why the heck would someone put a real time clock into a pacemaker?
Obviously so you can correlate a patients symptoms and or activity with the monitoring built into the pacemaker/defibrillator. These devices aren't just simple, dumb pacemakers anymore, and havent been for many years. My father has had one of these devices for nearly a decade now, and several times has been worried about what he thought were jolts from the defib. (They turned ot to be not a jolt from the defib thankfully). These devices ha
Re: (Score:3)
I loved those questions. My answer was always , "No it will fail dangerously, you had better give it to me so I can dispose of it safely"
I had in my office 3 toasters and other assorted silly things all tagged with the big red "NOT Y2K SAFE" sticker on them.
My pacemaker appears to have a real-time clock (Score:3)
Re: (Score:3)
You seem to insist with this idea that somehow logging is totally separated and not part of the "operation" when most likely it is. You can probably design a "desktop" system where no matter what you do with the logger you can't affect the system logging (for example put it on another network, another power grid, put some kind of one-way firewall and log over UDP). But here you have very tight constraints and I'm positive that any logging is done using the same CPU, RAM, flash, power supply as what you call
Re:first, we kill all of the lawyers (Score:5, Funny)
Did you just seriously say that there are no more software bugs in their code?
You're the reason lawyers exist.
Re: (Score:2)
I wish that I had some mod points today so that I could mod this as funny. Now that I think about it, I seem to remember that David Parness, years ago, proved that it is not possible to guarantee that code is bug free, but perhaps I am misremembering something.
Re:first, we kill all of the lawyers (Score:4, Informative)
No - lawyers are disliked because they charge absorbent fees for sitting in an office and talking, or standing in a court and talking. They make nothing, and have the moral values of a squashed tomato*
You're assuming that the device she's due to have fitted is exactly the same design and construction as the ones they used 25 years ago. This is obviously false. For example, the original pacemakers paced the heart all the time, and as a result had a very limited battery life. Pacemakers these days are far more intelligent, and sense when a regulating beat is needed.
Having said that, your point about the qualified experts still holds.
* I'm probably going to get sued now by some lawyer representing squashed tomatoes for defamation of character.
Re: (Score:3, Funny)
I assume you meant to say "exorbitant" although you could say that lawyers excel in absorbing their clients' money.
Re:first, we kill all of the lawyers (Score:5, Insightful)
There are many assumptions here that should be questioned.
Source code reviews are highly imperfect ways to ensure stable and accurate software, and good ones are extremely hard on the developers involved. Techniques like test driven development and paired programming offer a much better solution at lower cost.
New medical devices are released all the time and they have new code operating them, even if that general type of device has been in use for decades. New models with new or modified code have new bugs.
Perhaps owners of electronic devices that have caught fire or misbehaved in other physical ways have learned to start inquiring about manufacturing, mean time between failure and other manufacturing and quality issues.
I have worked in the medical software industry for thirty years as a developer, and was at one time an employee of Medtronic. I have a Medtronic pacemaker/defibrillator embedded in my chest which can be remotely accessed and controlled. I am professionally qualified to study and understand my device's software, development and testing methodology, and security issues - but Medtronic declined to share with me their source code when asked. The technical manuals for my devices which appear to provide all necessary information for hacking my pacemaker/defibrillator are available online.
I think that more can and should be done with oversight of medical device manufacturers and their software than the FDA currently requires, but this is true of all mission critical software like military and aerospace systems as well. The problem is neither uppity lawyers nor uncaring medical device manufacturers but instead the way we build software. Anyone with personal experience in the software industry who relies on a programmable medical device but who is not concerned over the accuracy and stability of the software running it is not thinking clearly.
wow (Score:5, Informative)
It is very unlikely that the source code in these devices have any remaining bugs due to the length of time that these devices have been used
hahahahaahaha ahaahah.
you spoke like someone who has zero experience in software development.
Re: (Score:2)
So because it's difficult, we should just trust the manufacturers ?
She is not saying that all pacemakers should be open sourced btw , she just wants to be sure the device is safe.
You need an external party that reviews the device and software thoroughly ( which is not happening for the software currently ).
That's the only way to insure that it's safe ( you cannot just trust the company on this, there are too many lives at stake ).
Re: (Score:2)
So who, that is competent to conduct such a review, is willing to do so? Reading the code for one such device pretty much precludes ever being able to write code for similar devices, at least for a considerable period of time. The case law was settled back in a variety of reverse-engineering cases: anyone who has ever seen the source code for the software in question is hopeless
CTL-ALT-DEL (Score:5, Insightful)
Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits. Does Mr. Lawyer want Medtronics to go over the schematics with him? Explain the physics?
Sometimes you just have to settle down and let things go. Yes, regulatory agencies should review operations of medical devices closely. No, they don't need to peek inside.
I don't even think the FAA looks at the code for the flight control computers on airliners. They test the planes (or actually they watch the manufacturer test the planes) but they don't get every part off the aircraft and look at it under a microsope.
Re:CTL-ALT-DEL (Score:5, Insightful)
Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits.
Experst are for hire.
I'm not an architect. The blueprints of my house are useless to me, but I can hire an architect to read them for me. That architect can than tell me if the house I'm living in is well designed or not. He won't be able to tell if the building-materials are of sufficient quality, but if the design is not sound the materials used don't even matter.
I'm dissappointed in Slashdot. One would expect that over here people would see the value of having access to the source of the software that keeps you alive.
Re: (Score:2)
Mutual dependencies often go unrecognized here (Score:2)
There are very few Slashdot posters who distinguish freedom from skill, appreciate freedom for its own sake, and acknowledge that real life requires us all to depend on each other as you apparently do. I see many more posters who post arguments based on myths of pulling oneself up by one's bootstraps, not being entitled to anything one isn't forced to need, and not seeing force outside of a loaded weapon aimed at someone.
Re:CTL-ALT-DEL (Score:4, Insightful)
No, they don't need to peek inside.
Think about how much cheaper for everybody it would have been to have one small government testing lab verifying medical implants that it is going to be having to replace all of the breast implants in France / UK etc. etc. Think how much compulsory insurance [telegraph.co.uk] is going to cost.
This is typical of the corporate welfare attitude that small people have to pay for the mistakes of big companies but no big company has to pay for anything.
Re: (Score:2, Insightful)
Before I started reading the comments, I knew it would skew heavily against the lawyer because, well... he's a lawyer. No other reason.
You dweebs here on /. get your panties in a bunch about *any* product for which source code is kept private. Operating systems, video card drivers, voting machines, etc.
But oh, god forbid a lawyer advocates for his client, WHOSE LIFE DEPENDS ON THIS FRIGGIN' DEVICE, and you go all 4chan on him.
No, the lawyer is NOT going to review the code. He's going to get a pacemaker soft
Re: (Score:3)
When having to side with closed source or lawyers, the choice is quite easy. Hell, when choosing sides between lawyers and mass murderers it is.
Re:CTL-ALT-DEL (Score:4, Interesting)
I agree comment posters *seem* to acting very hypocritical today but it could be possible that a different set of people are objecting for a different set of reasons.
Also just to correct something which keeps being misrepresented in comments this laywer is a female. She also has an engineering degree and is a programmer. She intended to review the software herself with the help of fellow programmers.
Also people might be interested to know that she worked as a pro bono counsel for the Software Freedom Law Center from 2005 until 2011 and now works as an executive director for the GNOME foundation. She still accepts pro bono cases from the SFLC and is the SFLC treasurer.
http://www.softwarefreedom.org/about/team/ [softwarefreedom.org]
http://www.youtube.com/watch?v=5_pRH8lzaQo [youtube.com]
Re: (Score:3)
With statements like you've made in this post, you would be surprised what the FAA does require when they issue a flight worthiness certificate. No, the inspectors from the FAA don't review every line of code nor do they demand x-rays and microscopic details of all critical parts, but manufacturers to keep track of much of that information and have it stored away "just in case" there is an accident investigation board held on that aircraft that is being made. This is even more true when somebody sell a ve
Re: (Score:2)
Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits.
Perhaps she wants to make her own backup pacemaker using the Arduino she's just bought from Sparkfun.
Re: (Score:2)
If they don't peek inside the software, how will they know how safe it is ?
If someone comes to check the electric wiring in your house, would you accept it if they only looked at the outside ?
I have seen enough software to know that just because 'experts' created them , it doesn't mean i'd trust my life with it.
I would certainly not go with the latest and greatest device for my heart. It should be as rigorously tested as a Debian stable release.
Who owns data that an implanted device collects (Score:5, Interesting)
makes sense (Score:2)
Many (all?) pacemakers can be read and its settings altered via a datalink.
Ignoring malice, who's to guarantee that a shoplifting detector gate doesn't interfere with your pacemaker?
Even devices that were intented to be secure fail miserabely, so if it's your life, are you gonna trust the manufacturer?
Re: (Score:3)
FDA requirements (21 CFR 820) (Score:5, Informative)
It's called software validation and it's a pain in the ass. It's such a pain for medical devices that everyone avoids it unless absolutely needed. Which is why medicine is 10 years behind when it comes to electronics.
For a "quick" overview, here's a start: http://www.fda.gov/RegulatoryInformation/Guidances/ucm126954.htm [fda.gov]
thump (Score:5, Funny)
10 thump
20 thump
30 sleep 1s
40 go to 10
Re: (Score:2)
BUT WHAT ABOUT THE COMPILER'S BUGS!!!!
(laugh, it's funny and full of filter letters)
Answering questions from TFA (Score:5, Insightful)
How do we know the software works as advertised? How do we know it's secure?
Well, let's see, what is the failure rate of pacemakers? A quick Google search brought this result (http://www.post-gazette.com/pg/06116/685028-114.stm):
In one study, Dr. Maisel and FDA researchers analyzed reports that pacemaker and ICD manufacturers were required to submit to the federal agency between 1990 and 2002. During that period, more than 17,000 malfunctions resulted in removal and replacement with a new device, researchers found. Battery, capacitor or electrical problems accounted for half the failures. Thirty deaths were attributable to pacemaker malfunction and 31 deaths to malfunctions in ICDs. The annual replacement rate for pacemaker malfunctions decreased during the study period, from 9 per 1,000 implants in 1993 to 1.4 in 2002. But the ICD replacement rate, after decreasing from 38.6 in 1993 to 7.9 in 1996, increased in the latter half of the study, peaking in 2001 at 36.4.
So, there is a failure rate of 1.4 per 1000 in 2002, and half of those were related to hardware issues. Only 30 people ended up dying. This article (http://circ.ahajournals.org/content/105/18/2136.full) claims 3,000,000 people worldwide with pacemakers in 2002, with 600,000 implanted yearly. That means in 2002 .001% of people with pacemakers died. Assuming hardware failure accounted for half of that, then the chances of being killed by a software defect in a pacemaker is extremely small. So, I'd say it's safe to assume that the hardware "works as advertised".
Re: (Score:3)
Perhaps instead you should read the paper that this woman wrote. It lists statistics for the number of pacemaker recalls for software defects, and some of the reasons - pretty scary how poor quality the software is, as many of them would have been caught by even basic testing.
I admit that the fact that it's possible to remotely stop Dick Cheney's heart using simple off-the-shelf hardware seems like it might be a useful feature...
Who will do the audit, and how? (Score:2)
Numerous questions:
- Do you suppose the patient actually has someone who can do the audit?
- Is it realistic to audit the code without understanding the hardware interface? Probably not, so...
- Are they also going to demand hardware documentation? Free support?
Really, the source code along is not going to buy them much. I wonder what's really going on here?
Re: (Score:2)
You do realize that there are experts that you can hire, right. I'm not personally an expert in motorcycle crashes, but if I ever have one and need to sue, I'm going to hire an expert that knows a hell of a lot more than I do about that.
Re: (Score:3)
http://www.youtube.com/watch?v=nFZGpES-St8 [youtube.com] OSCON 2011
http://www.youtube.com/watch?v=5_pRH8lzaQo [youtube.com] Freedom: From my heart to the desktop
http://www.youtube.com/watch?v=GcWlD2Y6HNM [youtube.com] OSCON 2010 Free Software on Medical Devices: Unchain My Heart
Karen Sandler, the lawyer this article is about is also a programmer and has an engineering degree. She works for the GNOME foundation and before that the Software Freedom Law Center...I think she can find a few people who are also programmers to help her as well.
Not even the FDA has audited the code yet (Score:5, Insightful)
If you read the article or ones on the same topic from last year [tuxradar.com], you'll find that the reason she is making the request is that not even the FDA has audited the code. It's just there.
Other embedded hardware has been found to be easily crackable and able to deliver fatal doses of medication [theregister.co.uk]. Someone has to audit the code, since the FDA is not doing it, Karen is making an issue of it. In these cases, there is no excuse for the code not being 100% open. People's lives hang in the balance.
Re: (Score:3)
I must say I was shocked when I found out that the settings on these things can be modified wirelessly. While it's very convenient for the hospital to be able to make changes without surgery, it's also more than a bit worrysome from a security standpoint...
Why just software? (Score:2)
As a mechanical engineer I feel a little insulted. Why does the lawyer want the software code but not all of the design documents?
Special lawyer rights (Score:5, Insightful)
It she weren't a lawyer, we wouldn't even be speaking about it.
It's funny how lawyers seem to have extra rights in our society. They can make demands, we cannot.
Re: (Score:2)
Nonono, lawyers can't make those demands, they just make them, feeling entitled to making them.
Re: (Score:2)
It she weren't a lawyer, we wouldn't even be speaking about it.
Is she weren't no lawyer, she wouldn't be able to afford one to litigate for her . . . or maybe she is litigating for herself . . .
Modern pacemakers have WiFi built in. (Score:5, Informative)
The summary is pretty bad, but one of the more salient points is that modern pacemaker/debrillators have Wi-Fi in them. Yes, WiFi. According the the recording, someone at defcon has already managed to hack into an insulin pump equipped with WiFi and been abe to manipulate the delivery rate (which could kill the patient). So the security concerns aren't completely unwarranted.
Demanding the source code is a bit silly. How many people are really going to be able to review the source code for a pacemaker/debriliator? Very very few. Even if they do, there's a hell of a lot more to a pacemaer/debrillator than the software, so why is it just the software that's her concern?
A more sane approach would be demanding the software follow basic security rules like not allowing the wi-fi connection to ever change anything in the medical device. (It's supposed to be a reporting mechanism so the doctor can follow the progress of the patient). I can't believe she has anylegal grounds to demand source code, so this is a fight for the minds of the public rather than a legal one. Demanding source code is a bit silly since most of the public doesn't even understand that there is such a thing as source code. The public is by now very aware of security problems and hackers, so ensuring that the wi-fi is read-only would be an easier battle to win.
Re: (Score:2)
But the argument can be made for a lot of things, recently Russia hacked a US UAV and was able to land it. Does that mean passengers of commercial airliners can request code audits on the planes because they transmitt RF? Or home wifi's, does that mean buying a wireless modem gives you code access ....
Closed source intellectual property should be given some protection.
Maybe my opinion on this is one sided because I sell property code that I've written to customers knowing that if having source access denied
Re: (Score:2)
Someone made a white paper saying "OMG the pump uses RF Signals! Someone could do something with that!"
It's a little bit more than that. The lawyer was wrong about the wi-fi, it's a proprietary protocol. But from the abstract the hack was quite a bit more than writing a white paper and mentioning the device uses RF. I found the abstract from Defcon, which reveals some more details:
Re: (Score:2)
No, I'm saying they should use a mode of communication that requires you to be within a few inches of the patients chest, like say the magnetic communication that's been used in pacemaker/defibs for many, many years. If someone puts a weird device up to your chest to hack into your pacemaker/defib, you're going to notice it.
Doing this via wi-fi from tens of feet away is idiotic and negligent. (I have no idea if this is possible, but I hope to god not).
I saw her talk (Score:5, Informative)
Last year at OSCON. Sadly the line was too long for me to shake her hand and say thanks for starting this.
There's a few points I'd like to add, many already covered.
1) She's qualified to do this. Not to review the software. But she has plenty of good colleagues for that.
She's a director of GNOME (I know, I know...), former GC of the SFLC, an attorney... and ... from listening to her talk, she either genuinely gets software -- or someone that did wrote her whole speech for her.
2) This is a real, not a hypothetical problem.
People commenting without RTFA need to understand--These devices are 802.11 enabled. Remote exploits /have/ been demonstrated.
This is not a wholly uncommon situation -- one of my coworkers has a daughter with a computerized glucose pump that has also had remote compromise demonstrated.
And even a trivial interest in breathatlizers reveals there has been...myriad incidences of these devices not just being a total failure of design, but having rollover and similar bugs in their implementations.
3) People may be correct that it would be hard to get people to understand the code. That is wholly irrelevant and a false front of an argument. I don't care what your medical experience is in your industry or company. What your experience with regulators or lawsuits are. There's companies that commit fraud, lie, cheat, steal. They exist. This is indisputable. There's places where MBA's and biologists that can barely write a hello world by themselves compose pointer arithmetic, hit compile, hit test, and go home at the end of the day. I've worked at places like that on applications that could kill if they failed. It is why I do not as of two years ago.
I presently work with a woman that could not compose a CSV in a basic ETL from another filetype without help. She has the language being used using on her resume. Her workflow involved copy/paste off of the internet, and then changing one line at a time, saving it as file.### and trying to run it. If it didn't crash, she'd examine the output and try to put in what she thought would fix it. If it did, she'd try to find the error. When I offered a hand, she was currently at over her 500th revision.
So let me be damend clear -- even an unqualified person can do a basic code review just by running a fucking linter on it and looking at the warnings. Because if it generates one or a million -- that says something about the quality right there.
Why? Because unless you're in a business whose core business *IS* software, my personal experience is that 80% plus of the developers have never heard of one, and 95% don't know how to use it if they have. And that is why my code has less bugs than my colleagues.
Now -- even if my experiences are anecdotal, and "invalid" -- I've just proven the existence of the problem.
This is her life we're talking about. Her life entrusted to a piece of cybernetics that has had a demonstrated remote exploit.
Please /., have a little bit of humanity for once. This isn't about corporate profits, NDAs, lawsuits. This is about someone asking to read something to make an informed choice about their continued existence.
Re: (Score:2)
It seems a worthwhile subject for study. Problem is testing...
Re: (Score:3)
You're in luck, I know a lawyer who wants one.
Re: (Score:2)
That solves the ethical issues, but raises its own problems of ambivalence.
Re: (Score:3)
That's really rude. The lawyer this store is about, Karen Sandler, worked pro bono for the Software Freedom Law Center helping to protect people's software freedoms. Which would normally be considered a very good and moral thing around here, would it not? She currently works for the GNOME foundation.