Lawyer Demands Pacemaker Vendor Supply Source Code

oztiks writes "Lawyer Karen Sandler's heart condition means she needs a pacemaker to ward off sudden death. Instead of trusting that the vendor will create a flawless platform for the device to operate, Sandler has demanded to see the device's source code. Sandler's reasoning brings into question the device's reliably, stability, and oddly enough, security."

Who owns data that an implanted device collects

[davidannis]

A related story on NPR today points out that as a patient you don't have access to the data collected in and about your own body. The story focuses on one man's attempt to see his own data. He's looking for someone with technical skills to help him get at the data. Seems to me that somebody on /. should be able to help. http://www.onthemedia.org/2012/jan/20/who-owns-data-inside-your-body/ [onthemedia.org]

Re:It's not forced on her

[TheRaven64]

If you watch the talk, you'll see that there are several issues with this:

First, the software is known to be buggy. In fact, it is remotely exploitable. One group found an exploit that lets you remotely control someone's heart rate.

Secondly, because this is approved by the FDA, the manufacturer is exempt from liability for this kind of problem. The FDA does no review of the software at all, but their review of the hardware means that the manufacturer is completely immune to lawsuits if someone dies as a result of a bug in their software.

Re:It's not forced on her

[AK Marc]

If she dies because of the actions or inactions of the company, the company could be successfully sued, as they knowingly took an action that resulted in the death of a person. The car analogy is:
You are driving down the road, you see someone preparing to jump from the bridge above you. You choose to not stop and the examination reveals they were killed by the impact with your car, if you had stopped, they likely would have died from the impact with the road. You would be held liable, as your failure to stop caused the death, even if the death was imminent anyway.

Re:CTL-ALT-DEL

[Vairon]

I agree comment posters *seem* to acting very hypocritical today but it could be possible that a different set of people are objecting for a different set of reasons.

Also just to correct something which keeps being misrepresented in comments this laywer is a female. She also has an engineering degree and is a programmer. She intended to review the software herself with the help of fellow programmers.

Also people might be interested to know that she worked as a pro bono counsel for the Software Freedom Law Center from 2005 until 2011 and now works as an executive director for the GNOME foundation. She still accepts pro bono cases from the SFLC and is the SFLC treasurer.

http://www.softwarefreedom.org/about/team/ [softwarefreedom.org]
http://www.youtube.com/watch?v=5_pRH8lzaQo [youtube.com]

Re:It's not forced on her

[evil_aaronm]

I also work for an FDA regulated company - blood chemistry immuno diagnostics device - and we are certainly audited, periodically, but not to the extent that you portray. We have code check-in forms and the auditors look at traceability: can they show that the files checked in were traced back to a particular defect record or change request item, etc. And our check-in forms are simple "Who wrote this change? Who reviewed it? Who's the manager signing off on it." That's about it. No justifications, no explanation of changes - except changes due to issues found during a review - no summaries of potential impact, or anything really substantive.