Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Biotech Medicine Programming

Lawyer Demands Pacemaker Vendor Supply Source Code 334

oztiks writes "Lawyer Karen Sandler's heart condition means she needs a pacemaker to ward off sudden death. Instead of trusting that the vendor will create a flawless platform for the device to operate, Sandler has demanded to see the device's source code. Sandler's reasoning brings into question the device's reliably, stability, and oddly enough, security."
This discussion has been archived. No new comments can be posted.

Lawyer Demands Pacemaker Vendor Supply Source Code

Comments Filter:
  • by whoda ( 569082 ) on Saturday January 21, 2012 @09:40AM (#38773740) Homepage

    She could just let her heart regulate itself naturally.

    • Mod up hilarious

      • Not so hilarious, just quite interesting. And consider the implications.

        We're not talking about a computer or a car. We're talking about a potentially life saving tool. Or, rather, not having it being life threatening. Not getting it is pretty much not really an option. But does that imply that someone has the right to force the manufacturer to open up their source code?

        • by Anonymous Coward on Saturday January 21, 2012 @11:22AM (#38774362)

          If the pacemaker vendor doesn't want to make the source code available its perfectly within its right to refuse to supply the pacemaker. Lawyer can go look for someone else to acquiesce to her ridiculous demand, assuming she doesn't die waiting for someone to give in, but any delay is entirely of her own creation.

          • Re: (Score:2, Interesting)

            by TheRaven64 ( 641858 )

            If you watch the talk, you'll see that there are several issues with this:

            First, the software is known to be buggy. In fact, it is remotely exploitable. One group found an exploit that lets you remotely control someone's heart rate.

            Secondly, because this is approved by the FDA, the manufacturer is exempt from liability for this kind of problem. The FDA does no review of the software at all, but their review of the hardware means that the manufacturer is completely immune to lawsuits if someone dies a

            • by Anonymous Coward on Saturday January 21, 2012 @12:33PM (#38774920)

              Secondly, because this is approved by the FDA, the manufacturer is exempt from liability for this kind of problem.

              Untrue. Just because a product is FDA approved does not absolve a manufacturer from liability. This is not only true for medical devices, but pharmaceuticals as well.

              The FDA does no review of the software at all, but their review of the hardware means that the manufacturer is completely immune to lawsuits if someone dies as a result of a bug in their software.

              Once again, untrue. As a Software Quality Engineer for a major medical device manufacturer, I can tell you the FDA does review software and has regulations and guidance surrounding software development. In recent years the scrutiny of software based device has increased so much, that companies are having a difficult understanding exactly what the FDA excepts.

              Japan does not review software for devices, only hardware. However in order to get your product into the country it must be FDA approved.

              • by pimpsoftcom ( 877143 ) on Saturday January 21, 2012 @02:17PM (#38775676) Journal
                Mod Parent Up. I am currently a software developer with an FDA regulated product, and we have to sign a form explaining what we did when we check in. Yes, a hand written form, showing and explaining what was changed, how it was changed, and its impact on the product. Not just your normal check-in comments; this is a multiple page form/essay that what we checked in is what we said we checked in. Every time. The FDA has STRICT rules about software quality and security due to what in the FDA regulated software industry is known as "negative impact events".. basically anything that hurts the patient or has the ability to risk the patients health, even if they just have a worry (as stress can create physiological pain, etc). In this case, the security exploit by itself would be so negative that it can get a product pulled and the company selling it fined into oblivion. If anything the company that build this software is trying to cover its ass, and will fight as much as it can to not release the source code.. or risk death by FDA audit. And yes they exist; all FDA projects get audited sometimes, but when it happens its a massive company wide effort not to piss off the auditors or show them things they donty ask for explicitly as they are usually only raping with no lube.. it can get MUCH worse.
                • by evil_aaronm ( 671521 ) on Saturday January 21, 2012 @08:22PM (#38777799)

                  I also work for an FDA regulated company - blood chemistry immuno diagnostics device - and we are certainly audited, periodically, but not to the extent that you portray. We have code check-in forms and the auditors look at traceability: can they show that the files checked in were traced back to a particular defect record or change request item, etc. And our check-in forms are simple "Who wrote this change? Who reviewed it? Who's the manager signing off on it." That's about it. No justifications, no explanation of changes - except changes due to issues found during a review - no summaries of potential impact, or anything really substantive.

              • Re: (Score:3, Informative)

                by tengu1sd ( 797240 )

                The FDA does no review of the software at all, but their review of the hardware means that the manufacturer is completely immune to lawsuits if someone dies as a result of a bug in their software.

                Once again, untrue. As a Software Quality Engineer for a major medical device manufacturer, I can tell you the FDA does review software and has regulations and guidance surrounding software development. In recent years the scrutiny of software based device has increased so much, that companies are having a diffi

            • by SeaFox ( 739806 )

              1) Does she have the device already, or is she still evaluating products? If she hasn't already had the device implanted the parent's point still applies. As a business they don't have to give her anything, and as a consumer she is within her rights to take her business elsewhere.

              2) If the software is already "known" to be buggy, and remotely exploitable why would you want to consider this device maker to start with? she should already be looking for someone else. And furthermore why wouldn't the FDA have a

        • by repvik ( 96666 ) on Saturday January 21, 2012 @11:45AM (#38774498)

          But does that imply that someone has the right to force the manufacturer to open up their source code?

          Does she require the code to be "opened up"? AFAICT, she wants to check the code, nothing more.

          If I was the manufacturer of the device, she'd sign an NDA and get the code. Worst case, she spreads the code and gets sued. Best case, she improves the reliability or security of the code.

          I don't really see any problem here.

          • Best case, she improves the reliability or security of the code.

            What makes you think anything she can do will improve the security of the code?
            How many times have we seen software makers just sit on bugs for months or years before someone publicly shames them into fixing it, usually by releasing exploit code??

            Someone just released a pile of metasploit plugins for SCADA systems.
            http://www.wired.com/threatlevel/2012/01/scada-exploits/ [wired.com]

            Wightman and Peterson said they wanted to avoid the kind of situation that Beresford ran into last year when Siemens issued statements to customers downplaying the vulnerabilities he'd found and then swooped in at the last minute before his scheduled presentation to persuade him to cancel it until the company had more time to prepare patches.

            "I didn't want a vendor to jump out in front of the announcement with a PR campaign to convince customers that it wasn't an issue they should be concerned with," Wightman said.

            Peterson added that "a large percentage of the vulnerabilities" the researchers found were basic vulnerabilities that were already known to the vendors, and that the vendors had simply "chosen to live with" them rather than do anything to fix them..

            What good would it do to inspect the code under and NDA?

          • But does that imply that someone has the right to force the manufacturer to open up their source code?

            Does she require the code to be "opened up"? AFAICT, she wants to check the code, nothing more.

            If I was the manufacturer of the device, she'd sign an NDA and get the code. Worst case, she spreads the code and gets sued. Best case, she improves the reliability or security of the code.

            I don't really see any problem here.

            The problem is in the perception. If she finds "areas to improve" in the code, what does the manufacturer say to the tens (perhaps hundreds) of thousands of implantees with the code that "could be improved?" Swapping out the device before it's normal end of life is an additional surgery, which carries a slight but non-zero chance of death.

          • by cdrguru ( 88047 )

            Two things here come immediately to mind. Let's assume that whatever is running in this system is non-trivial. If it was 1000 lines of code it could be validated the way they used to validate the Shuttle programming - mathematically. So it is probably 30,000 lines of code or more.

            First thing is how would anyone "look" at that volume of code without spending months going through it and learn anything from it? What sort of interrupt-driven race conditions can exist and how would you even begin to understa

          • by tftp ( 111690 )

            If I was the manufacturer of the device, she'd sign an NDA and get the code.

            If I were the manufacturer, I'd tell her that the code can be reviewed inside of my SCIF [wikipedia.org], under supervision of one of my employees. If she pays for the costs incurred she can come and read the code all day long, every day. Of course nothing material leaves the SCIF, and she may not take notes.

    • by trout007 ( 975317 ) on Saturday January 21, 2012 @10:35AM (#38774056)

      I thought they had their hearts removed when they passed the bar at the same place that performs MBA lobotomies.

    • The same could be said about the telephone, broadband, & oil industries. They're not forced on you. You could just do without them. And unlike her situation, it won't kill you. Also, if I were her, I'd be more concerned about the hardware than the software.
    • by superwiz ( 655733 ) on Saturday January 21, 2012 @12:57PM (#38775136) Journal

      Usually, I wouldn't see how this is different from Coke not telling you what's in their secret recipe is. Ie, trade secrets are trade secrets. But if you listen to the interview, she makes, what I see, a compelling point: these devices have WiFi connections.

      So they can be potentially controlled by a 3rd party after the fact of installing them in the recipients. Certainly, there are some people who don't understand the full implications of a medical device having a WiFi connection. So no one can claim that a layman would have an informed consent unless independent experts have reviewed the code.

  • ...and incidentally every time one of their products flies over my house to land at the DC area airport I live close to.

    Yet I don't demand to audit their code.

    • by rtfa-troll ( 1340807 ) on Saturday January 21, 2012 @09:54AM (#38773836)

      Yet I don't demand to audit their code.

      Well, if you don't demand that somebody audits their code you are pretty stupid. Unaudited code and code which is proprietary and never shared with outside bodies (this doesn't have to mean the public; just at least someone external) just doesn't have a place in any critical parts of our infrastructure. It is as irresponsible as it would be if Boeing didn't have to hand over the mechanical specifications of their planes, which of course they do. However, If you had read the article you would have seen this quote:

      Regulatory authorities don't see or review the software either.

      She simply has to trust that the vendor is telling the truth and doing things right.

      I think you will find that aircraft software, whilst it isn't open source and available to everyone, gets a bit more review than that.

      Apart from that, the plane code isn't part of you and is, as a passenger, something you just visit for a short time. I think people have a right to understand fully, to the level of their own ability, things that are made part of their body.

      • Well, if you don't demand that somebody audits their code (for airplanes/airlines) you are pretty stupid.

        Agreed in principle that it's desirable/vital to get that job done. But it's not so easy to achieve in practice, and I think it's not just stupidity (on the part of consumers/customers) that blocks it.

        Some years ago I was a regular flier with a certain airline, and then they flew a couple of my work colleagues into the ground [ :( ]. The circumstances brought their operating procedures into question --

      • by electroniceric ( 468976 ) on Saturday January 21, 2012 @03:37PM (#38776135)

        In the 90s, the FDA realized that even if it could see the could, there was no way it could realistically audit code for all the devices it is required to review annually. So they switch from attempting to verify devices directly to insisting that devices be design and developed under a very high quality engineering paradigm.

        So instead of looking at code trying to find problems, what they do is demand artifacts of a very disciplined design development and test process, reasoning that if people are in fact actually writing out test cases, doing internal code reviews with documented changes arising from them, maintaining requirements traceability matrices linking each line of code to a user requirement and then a lower level system requirement, then that process will result in better code than the FDA could accomplish by their own audit or that of a 3rd party. So the woman should be asking to see the details of the company's FDA submission, presumably under NDA from the company.

        Now, whether the FDA is employing Design Control in a strict enough way is definitely a fair question - in particular the 510k (predicate device) submission process has left a lot of loopholes (due to its risk class, a pacemaker does not go through 510k, it goes through the more demanding PMA process). But to suggest that she or someone she hires will just be able to wade through the code to decide if she thinks it's high quality seems to me more like grandstanding than anything else.

    • Nevertheless an important issue is addressed here.
      Software comes with the usual THIS SOFTWARE IS PROVIDED "AS IS" disclaimer. Of course, when it comes to safety / security / health ... one may want to get more than a disclaimer. But there are also (and still) devices where the poor programming (especially in the algorithms / intuitiveness departments) appears to be annoying for the user, while the device cannot be upgraded / updated (washing machines, pocket translaters, microwave, hi-fi...).
    • Any safety-critical system in a commercial aircraft is subject to FAA approval. This requires things like multiple independent teams working on implementing the same specification, formal methods employed during the development, and so on. I'm not sure if the FAA audits the code, but I'm pretty sure that they can require a third-party audit. In addition, if a software bug causes an aircraft to crash, the customers' families will sue the airliner and the airliner will sue boeing.

      Now, compare that with

    • ...and incidentally every time one of their products flies over my house to land at the DC area airport I live close to.

      Yet I don't demand to audit their code.

      There is also a pilot and co-pilot in command of the aircraft. Most of the time they're sober enough to recover any software glitches before a crash, and they're usually awake during takeoffs and landings.

  • by Anonymous Coward on Saturday January 21, 2012 @09:43AM (#38773768)

    This sort of demand is why lawyers are disliked. The life science industry has to follow the FDA directive to perform a source code review. It is very unlikely that the source code in these devices have any remaining bugs due to the length of time that these devices have been used.
    In addition to the source code for the software running the device, which is most likely to be extremely robust given the long time that these devices have been in use (+25 years), she might as well ask for the manufacturing process details for the battery, the casing, the electronic components, and the design of the microprocessor.
    This is pointless since any qualified experts on the code are likely to be working for the device manufacturer.

    • And what if the bug is that it stops working on march 3rd 2012?

      • by hoggoth ( 414195 )

        Then just delay releasing the source code until March 4th. Problem solved.

      • Why the heck would someone put a real time clock into a pacemaker?

        That's the stupid question I've been asked time and again in 1999. But will $device work in 2k? With $device being something that has no chance in hell to have a RTC.

        • The point I was making was "I've tested it for 25 years" is not a proof in any way that it's bug free. It being the 3rd of march 2012 was simply an example of a condition that's never been tested in those 25 years... Others might include sun storms, unseasonable warmth, a certain bacteria in the patient, ........

          • oops... wrong mod


        • Why the heck would someone put a real time clock into a pacemaker?

          Obviously so you can correlate a patients symptoms and or activity with the monitoring built into the pacemaker/defibrillator. These devices aren't just simple, dumb pacemakers anymore, and havent been for many years. My father has had one of these devices for nearly a decade now, and several times has been worried about what he thought were jolts from the defib. (They turned ot to be not a jolt from the defib thankfully). These devices ha

        • by Lumpy ( 12016 )

          I loved those questions. My answer was always , "No it will fail dangerously, you had better give it to me so I can dispose of it safely"

          I had in my office 3 toasters and other assorted silly things all tagged with the big red "NOT Y2K SAFE" sticker on them.

        • My heart rate is controlled by a pacemaker at this moment. I do not have access to the specifications, so I cannot determine directly whether it contains a real-time clock. But the behavior seems to require one. The pacemaker stores records of its behavior and its sensor readings, and transmits them whenever its short-range radio can reach a satellite/cellular interface. It is extremely likely that a real-time clock in the pacemaker is used to time-stamp the data that are transmitted at unpredictable times
    • by NatasRevol ( 731260 ) on Saturday January 21, 2012 @09:54AM (#38773828) Journal

      Did you just seriously say that there are no more software bugs in their code?

      You're the reason lawyers exist.

    • I wish that I had some mod points today so that I could mod this as funny. Now that I think about it, I seem to remember that David Parness, years ago, proved that it is not possible to guarantee that code is bug free, but perhaps I am misremembering something.

    • by Stormthirst ( 66538 ) on Saturday January 21, 2012 @10:03AM (#38773880)

      No - lawyers are disliked because they charge absorbent fees for sitting in an office and talking, or standing in a court and talking. They make nothing, and have the moral values of a squashed tomato*

      You're assuming that the device she's due to have fitted is exactly the same design and construction as the ones they used 25 years ago. This is obviously false. For example, the original pacemakers paced the heart all the time, and as a result had a very limited battery life. Pacemakers these days are far more intelligent, and sense when a regulating beat is needed.

      Having said that, your point about the qualified experts still holds.

      * I'm probably going to get sued now by some lawyer representing squashed tomatoes for defamation of character.

      • Re: (Score:3, Funny)

        by Anonymous Coward

        I assume you meant to say "exorbitant" although you could say that lawyers excel in absorbing their clients' money.

    • by Anonymous Coward on Saturday January 21, 2012 @10:20AM (#38773974)

      There are many assumptions here that should be questioned.

      Source code reviews are highly imperfect ways to ensure stable and accurate software, and good ones are extremely hard on the developers involved. Techniques like test driven development and paired programming offer a much better solution at lower cost.

      New medical devices are released all the time and they have new code operating them, even if that general type of device has been in use for decades. New models with new or modified code have new bugs.

      Perhaps owners of electronic devices that have caught fire or misbehaved in other physical ways have learned to start inquiring about manufacturing, mean time between failure and other manufacturing and quality issues.

      I have worked in the medical software industry for thirty years as a developer, and was at one time an employee of Medtronic. I have a Medtronic pacemaker/defibrillator embedded in my chest which can be remotely accessed and controlled. I am professionally qualified to study and understand my device's software, development and testing methodology, and security issues - but Medtronic declined to share with me their source code when asked. The technical manuals for my devices which appear to provide all necessary information for hacking my pacemaker/defibrillator are available online.

      I think that more can and should be done with oversight of medical device manufacturers and their software than the FDA currently requires, but this is true of all mission critical software like military and aerospace systems as well. The problem is neither uppity lawyers nor uncaring medical device manufacturers but instead the way we build software. Anyone with personal experience in the software industry who relies on a programmable medical device but who is not concerned over the accuracy and stability of the software running it is not thinking clearly.

    • wow (Score:5, Informative)

      by unity100 ( 970058 ) on Saturday January 21, 2012 @10:21AM (#38773980) Homepage Journal

      It is very unlikely that the source code in these devices have any remaining bugs due to the length of time that these devices have been used

      hahahahaahaha ahaahah.

      you spoke like someone who has zero experience in software development.

    • So because it's difficult, we should just trust the manufacturers ?

      She is not saying that all pacemakers should be open sourced btw , she just wants to be sure the device is safe.
      You need an external party that reviews the device and software thoroughly ( which is not happening for the software currently ).

      That's the only way to insure that it's safe ( you cannot just trust the company on this, there are too many lives at stake ).

      • You need an external party that reviews the device and software thoroughly ( which is not happening for the software currently ).

        So who, that is competent to conduct such a review, is willing to do so? Reading the code for one such device pretty much precludes ever being able to write code for similar devices, at least for a considerable period of time. The case law was settled back in a variety of reverse-engineering cases: anyone who has ever seen the source code for the software in question is hopeless

  • CTL-ALT-DEL (Score:5, Insightful)

    by ColdWetDog ( 752185 ) on Saturday January 21, 2012 @09:44AM (#38773770) Homepage

    Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits. Does Mr. Lawyer want Medtronics to go over the schematics with him? Explain the physics?

    Sometimes you just have to settle down and let things go. Yes, regulatory agencies should review operations of medical devices closely. No, they don't need to peek inside.

    I don't even think the FAA looks at the code for the flight control computers on airliners. They test the planes (or actually they watch the manufacturer test the planes) but they don't get every part off the aircraft and look at it under a microsope.

    • Re:CTL-ALT-DEL (Score:5, Insightful)

      by CAPSLOCK2000 ( 27149 ) on Saturday January 21, 2012 @09:59AM (#38773860) Homepage

      Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits.

      Experst are for hire.

      I'm not an architect. The blueprints of my house are useless to me, but I can hire an architect to read them for me. That architect can than tell me if the house I'm living in is well designed or not. He won't be able to tell if the building-materials are of sufficient quality, but if the design is not sound the materials used don't even matter.

      I'm dissappointed in Slashdot. One would expect that over here people would see the value of having access to the source of the software that keeps you alive.

      • by Idbar ( 1034346 )
        I agree with you there is value. But two me, there are two ways for an inventor to keep its leading edge: patents and trade secrets. Do you sincerely prefer patents and litigation or the freedom to reverse engineering the product? I hadn't seen anyone asking for the ingredients of coca cola because they "consume" their product, they're perfectly free of not doing so.
      • There are very few Slashdot posters who distinguish freedom from skill, appreciate freedom for its own sake, and acknowledge that real life requires us all to depend on each other as you apparently do. I see many more posters who post arguments based on myths of pulling oneself up by one's bootstraps, not being entitled to anything one isn't forced to need, and not seeing force outside of a loaded weapon aimed at someone.

    • Re:CTL-ALT-DEL (Score:4, Insightful)

      by rtfa-troll ( 1340807 ) on Saturday January 21, 2012 @10:02AM (#38773876)

      No, they don't need to peek inside.

      Think about how much cheaper for everybody it would have been to have one small government testing lab verifying medical implants that it is going to be having to replace all of the breast implants in France / UK etc. etc. Think how much compulsory insurance [telegraph.co.uk] is going to cost.

      This is typical of the corporate welfare attitude that small people have to pay for the mistakes of big companies but no big company has to pay for anything.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Before I started reading the comments, I knew it would skew heavily against the lawyer because, well... he's a lawyer. No other reason.

      You dweebs here on /. get your panties in a bunch about *any* product for which source code is kept private. Operating systems, video card drivers, voting machines, etc.

      But oh, god forbid a lawyer advocates for his client, WHOSE LIFE DEPENDS ON THIS FRIGGIN' DEVICE, and you go all 4chan on him.

      No, the lawyer is NOT going to review the code. He's going to get a pacemaker soft

      • When having to side with closed source or lawyers, the choice is quite easy. Hell, when choosing sides between lawyers and mass murderers it is.

      • Re:CTL-ALT-DEL (Score:4, Interesting)

        by Vairon ( 17314 ) on Saturday January 21, 2012 @05:00PM (#38776701)

        I agree comment posters *seem* to acting very hypocritical today but it could be possible that a different set of people are objecting for a different set of reasons.

        Also just to correct something which keeps being misrepresented in comments this laywer is a female. She also has an engineering degree and is a programmer. She intended to review the software herself with the help of fellow programmers.

        Also people might be interested to know that she worked as a pro bono counsel for the Software Freedom Law Center from 2005 until 2011 and now works as an executive director for the GNOME foundation. She still accepts pro bono cases from the SFLC and is the SFLC treasurer.

        http://www.softwarefreedom.org/about/team/ [softwarefreedom.org]
        http://www.youtube.com/watch?v=5_pRH8lzaQo [youtube.com]

    • by Teancum ( 67324 )

      With statements like you've made in this post, you would be surprised what the FAA does require when they issue a flight worthiness certificate. No, the inspectors from the FAA don't review every line of code nor do they demand x-rays and microscopic details of all critical parts, but manufacturers to keep track of much of that information and have it stored away "just in case" there is an accident investigation board held on that aircraft that is being made. This is even more true when somebody sell a ve

    • Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits.

      Perhaps she wants to make her own backup pacemaker using the Arduino she's just bought from Sparkfun.

  • by davidannis ( 939047 ) on Saturday January 21, 2012 @09:46AM (#38773784) Homepage
    A related story on NPR today points out that as a patient you don't have access to the data collected in and about your own body. The story focuses on one man's attempt to see his own data. He's looking for someone with technical skills to help him get at the data. Seems to me that somebody on /. should be able to help. http://www.onthemedia.org/2012/jan/20/who-owns-data-inside-your-body/ [onthemedia.org]
  • Many (all?) pacemakers can be read and its settings altered via a datalink.

    Ignoring malice, who's to guarantee that a shoplifting detector gate doesn't interfere with your pacemaker?

    Even devices that were intented to be secure fail miserabely, so if it's your life, are you gonna trust the manufacturer?

    • And, as she said in the talk:
      • The device sends data unencrypted (isn't that a HIPA violation?).
      • The device accepts external commands without authentication (WTF?).
      • An attacker can relatively easily cause cardiac arrest in someone implanted with one of these.
      • FDA approval means that the manufacturer is not liable for any of the above.
  • by jbeaupre ( 752124 ) on Saturday January 21, 2012 @09:57AM (#38773848)

    It's called software validation and it's a pain in the ass. It's such a pain for medical devices that everyone avoids it unless absolutely needed. Which is why medicine is 10 years behind when it comes to electronics.

    For a "quick" overview, here's a start: http://www.fda.gov/RegulatoryInformation/Guidances/ucm126954.htm [fda.gov]

  • thump (Score:5, Funny)

    by Anonymous Coward on Saturday January 21, 2012 @09:58AM (#38773852)

    10 thump
    20 thump
    30 sleep 1s
    40 go to 10

  • by Nidi62 ( 1525137 ) on Saturday January 21, 2012 @10:16AM (#38773952)

    How do we know the software works as advertised? How do we know it's secure?

    Well, let's see, what is the failure rate of pacemakers? A quick Google search brought this result (http://www.post-gazette.com/pg/06116/685028-114.stm):

    In one study, Dr. Maisel and FDA researchers analyzed reports that pacemaker and ICD manufacturers were required to submit to the federal agency between 1990 and 2002. During that period, more than 17,000 malfunctions resulted in removal and replacement with a new device, researchers found. Battery, capacitor or electrical problems accounted for half the failures. Thirty deaths were attributable to pacemaker malfunction and 31 deaths to malfunctions in ICDs. The annual replacement rate for pacemaker malfunctions decreased during the study period, from 9 per 1,000 implants in 1993 to 1.4 in 2002. But the ICD replacement rate, after decreasing from 38.6 in 1993 to 7.9 in 1996, increased in the latter half of the study, peaking in 2001 at 36.4.

    So, there is a failure rate of 1.4 per 1000 in 2002, and half of those were related to hardware issues. Only 30 people ended up dying. This article (http://circ.ahajournals.org/content/105/18/2136.full) claims 3,000,000 people worldwide with pacemakers in 2002, with 600,000 implanted yearly. That means in 2002 .001% of people with pacemakers died. Assuming hardware failure accounted for half of that, then the chances of being killed by a software defect in a pacemaker is extremely small. So, I'd say it's safe to assume that the hardware "works as advertised".

    • Perhaps instead you should read the paper that this woman wrote. It lists statistics for the number of pacemaker recalls for software defects, and some of the reasons - pretty scary how poor quality the software is, as many of them would have been caught by even basic testing.

      I admit that the fact that it's possible to remotely stop Dick Cheney's heart using simple off-the-shelf hardware seems like it might be a useful feature...

  • Numerous questions:

    - Do you suppose the patient actually has someone who can do the audit?

    - Is it realistic to audit the code without understanding the hardware interface? Probably not, so...

    - Are they also going to demand hardware documentation? Free support?

    Really, the source code along is not going to buy them much. I wonder what's really going on here?

  • by SgtChaireBourne ( 457691 ) on Saturday January 21, 2012 @10:29AM (#38774020) Homepage

    If you read the article or ones on the same topic from last year [tuxradar.com], you'll find that the reason she is making the request is that not even the FDA has audited the code. It's just there.

    Other embedded hardware has been found to be easily crackable and able to deliver fatal doses of medication [theregister.co.uk]. Someone has to audit the code, since the FDA is not doing it, Karen is making an issue of it. In these cases, there is no excuse for the code not being 100% open. People's lives hang in the balance.

    • by green1 ( 322787 )

      I must say I was shocked when I found out that the settings on these things can be modified wirelessly. While it's very convenient for the hospital to be able to make changes without surgery, it's also more than a bit worrysome from a security standpoint...

  • As a mechanical engineer I feel a little insulted. Why does the lawyer want the software code but not all of the design documents?

  • by loufoque ( 1400831 ) on Saturday January 21, 2012 @10:33AM (#38774044)

    It she weren't a lawyer, we wouldn't even be speaking about it.

    It's funny how lawyers seem to have extra rights in our society. They can make demands, we cannot.

    • Nonono, lawyers can't make those demands, they just make them, feeling entitled to making them.

    • It she weren't a lawyer, we wouldn't even be speaking about it.

      Is she weren't no lawyer, she wouldn't be able to afford one to litigate for her . . . or maybe she is litigating for herself . . .

  • by Vellmont ( 569020 ) on Saturday January 21, 2012 @10:42AM (#38774100) Homepage

    The summary is pretty bad, but one of the more salient points is that modern pacemaker/debrillators have Wi-Fi in them. Yes, WiFi. According the the recording, someone at defcon has already managed to hack into an insulin pump equipped with WiFi and been abe to manipulate the delivery rate (which could kill the patient). So the security concerns aren't completely unwarranted.

    Demanding the source code is a bit silly. How many people are really going to be able to review the source code for a pacemaker/debriliator? Very very few. Even if they do, there's a hell of a lot more to a pacemaer/debrillator than the software, so why is it just the software that's her concern?

    A more sane approach would be demanding the software follow basic security rules like not allowing the wi-fi connection to ever change anything in the medical device. (It's supposed to be a reporting mechanism so the doctor can follow the progress of the patient). I can't believe she has anylegal grounds to demand source code, so this is a fight for the minds of the public rather than a legal one. Demanding source code is a bit silly since most of the public doesn't even understand that there is such a thing as source code. The public is by now very aware of security problems and hackers, so ensuring that the wi-fi is read-only would be an easier battle to win.

    • by oztiks ( 921504 )

      But the argument can be made for a lot of things, recently Russia hacked a US UAV and was able to land it. Does that mean passengers of commercial airliners can request code audits on the planes because they transmitt RF? Or home wifi's, does that mean buying a wireless modem gives you code access ....

      Closed source intellectual property should be given some protection.

      Maybe my opinion on this is one sided because I sell property code that I've written to customers knowing that if having source access denied

  • I saw her talk (Score:5, Informative)

    by Anonymous Coward on Saturday January 21, 2012 @02:43PM (#38775735)

    Last year at OSCON. Sadly the line was too long for me to shake her hand and say thanks for starting this.

    There's a few points I'd like to add, many already covered.

    1) She's qualified to do this. Not to review the software. But she has plenty of good colleagues for that.

    She's a director of GNOME (I know, I know...), former GC of the SFLC, an attorney... and ... from listening to her talk, she either genuinely gets software -- or someone that did wrote her whole speech for her.

    2) This is a real, not a hypothetical problem.

    People commenting without RTFA need to understand--These devices are 802.11 enabled. Remote exploits /have/ been demonstrated.

    This is not a wholly uncommon situation -- one of my coworkers has a daughter with a computerized glucose pump that has also had remote compromise demonstrated.

    And even a trivial interest in breathatlizers reveals there has been...myriad incidences of these devices not just being a total failure of design, but having rollover and similar bugs in their implementations.

    3) People may be correct that it would be hard to get people to understand the code. That is wholly irrelevant and a false front of an argument. I don't care what your medical experience is in your industry or company. What your experience with regulators or lawsuits are. There's companies that commit fraud, lie, cheat, steal. They exist. This is indisputable. There's places where MBA's and biologists that can barely write a hello world by themselves compose pointer arithmetic, hit compile, hit test, and go home at the end of the day. I've worked at places like that on applications that could kill if they failed. It is why I do not as of two years ago.

    I presently work with a woman that could not compose a CSV in a basic ETL from another filetype without help. She has the language being used using on her resume. Her workflow involved copy/paste off of the internet, and then changing one line at a time, saving it as file.### and trying to run it. If it didn't crash, she'd examine the output and try to put in what she thought would fix it. If it did, she'd try to find the error. When I offered a hand, she was currently at over her 500th revision.

    So let me be damend clear -- even an unqualified person can do a basic code review just by running a fucking linter on it and looking at the warnings. Because if it generates one or a million -- that says something about the quality right there.

    Why? Because unless you're in a business whose core business *IS* software, my personal experience is that 80% plus of the developers have never heard of one, and 95% don't know how to use it if they have. And that is why my code has less bugs than my colleagues.

    Now -- even if my experiences are anecdotal, and "invalid" -- I've just proven the existence of the problem.

    This is her life we're talking about. Her life entrusted to a piece of cybernetics that has had a demonstrated remote exploit.

    Please /., have a little bit of humanity for once. This isn't about corporate profits, NDAs, lawsuits. This is about someone asking to read something to make an informed choice about their continued existence.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...