Lawyer Demands Pacemaker Vendor Supply Source Code 334
oztiks writes "Lawyer Karen Sandler's heart condition means she needs a pacemaker to ward off sudden death. Instead of trusting that the vendor will create a flawless platform for the device to operate, Sandler has demanded to see the device's source code. Sandler's reasoning brings into question the device's reliably, stability, and oddly enough, security."
Who owns data that an implanted device collects (Score:5, Interesting)
Re:It's not forced on her (Score:2, Interesting)
If you watch the talk, you'll see that there are several issues with this:
First, the software is known to be buggy. In fact, it is remotely exploitable. One group found an exploit that lets you remotely control someone's heart rate.
Secondly, because this is approved by the FDA, the manufacturer is exempt from liability for this kind of problem. The FDA does no review of the software at all, but their review of the hardware means that the manufacturer is completely immune to lawsuits if someone dies as a result of a bug in their software.
Re:It's not forced on her (Score:4, Interesting)
You are driving down the road, you see someone preparing to jump from the bridge above you. You choose to not stop and the examination reveals they were killed by the impact with your car, if you had stopped, they likely would have died from the impact with the road. You would be held liable, as your failure to stop caused the death, even if the death was imminent anyway.
Re:CTL-ALT-DEL (Score:4, Interesting)
I agree comment posters *seem* to acting very hypocritical today but it could be possible that a different set of people are objecting for a different set of reasons.
Also just to correct something which keeps being misrepresented in comments this laywer is a female. She also has an engineering degree and is a programmer. She intended to review the software herself with the help of fellow programmers.
Also people might be interested to know that she worked as a pro bono counsel for the Software Freedom Law Center from 2005 until 2011 and now works as an executive director for the GNOME foundation. She still accepts pro bono cases from the SFLC and is the SFLC treasurer.
http://www.softwarefreedom.org/about/team/ [softwarefreedom.org]
http://www.youtube.com/watch?v=5_pRH8lzaQo [youtube.com]
Re:It's not forced on her (Score:4, Interesting)
I also work for an FDA regulated company - blood chemistry immuno diagnostics device - and we are certainly audited, periodically, but not to the extent that you portray. We have code check-in forms and the auditors look at traceability: can they show that the files checked in were traced back to a particular defect record or change request item, etc. And our check-in forms are simple "Who wrote this change? Who reviewed it? Who's the manager signing off on it." That's about it. No justifications, no explanation of changes - except changes due to issues found during a review - no summaries of potential impact, or anything really substantive.