Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Biotech Medicine

FSF Warns About the Perils of Medical Devices with Un-Free Software (fsf.org) 58

"Software that controls your body should always respect your freedom," warns the program manager of the Free Software Foundation: In July, users of the proprietary software app LibreLink, who live in the UK and use Apple devices, found that the app they depend on to monitor their blood sugar was not working anymore after the developer Abbott pushed an update for the app... Despite what its name may suggest, there is nothing libre about the LibreLink app. It's proprietary software, which means users must depend on the company to keep it running and to distribute it. With free software, [a user] would have had the freedom to run, copy, distribute, study, change, and improve the software himself, or he could have leaned on a community of developers and users to share and fix the software, and the old version of the software would have been available to revert the update...

Two months later, with Apple's update to iOS 17, users of the FreeStyle LibreLink and Libre 2 apps had reason again to fear that the software they rely on wouldn't work after updating their iPhones. This time, users all over the world were affected. In September, Abbott warned Apple users: "As part of the upcoming iOS 17 release, Apple is introducing StandBy Mode and Assistive Access Mode ... this release may impact your experience with the FreeStyle Libre 2 app, the FreeStyle LibreLink app, or the FreeStyle LibreLinkUp app. We recommend that you disable automatic operating system updates on the smartphone using the mentioned apps." This warning was made because StandBy Mode would sometimes prohibit time-sensitive notifications such as glucose alarms, and the Assistive Access Mode would impact sensor activation and alarm setting modification in the app...

And a scenario where a company abandons service or updates to its users is not merely theoretical. This is the bitter reality faced by users of eye implants produced by Second Sight Medical Products since the company decided to abandon the technology in 2020 when facing the prospect of bankruptcy. [">According to IEEE Spectrum], Terry Byland, whose sight has been dependent on the first-generation Argus implant since 2004, says of his experience, "As long as nothing goes wrong, I'm fine. But if something does go wrong with it, well, I'm screwed. Because there's no way of getting it fixed." That's what also happened to Barbara Campbell, whose retinal implant suddenly stopped working when she was on a subway...

It's up to us advocates of free software to inform the people around us of the issues with proprietary software in medical aids. Let's encourage our friends, parents, and grandparents to ask their doctor about the software in their medical devices and to choose and insist upon free software over proprietary software.

This discussion has been archived. No new comments can be posted.

FSF Warns About the Perils of Medical Devices with Un-Free Software

Comments Filter:
  • by 93 Escort Wagon ( 326346 ) on Saturday November 04, 2023 @01:42PM (#63979852)

    However it doesn't guarantee anyone will actually do so. There are plenty of moribund FOSS-licensed projects out there.

    But at least the possibility exists (although I'd recommend being very, very careful with software for one's eye implants).

    • by sjames ( 1099 ) on Saturday November 04, 2023 @02:55PM (#63979992) Homepage Journal

      In the case of LibreLink and similar, it also means that the previous version doesn't get disappeared from the world the instant the new and non-functional version is foisted on an unsuspecting public. You don't even need to know how to code to take advantage of that saving feature.

      That same capability also limits a company's ability to hold formerly free features for ransom in a future release.

      Picking up the ball and continuing the development independently of the OEM is just the last resort, but the possibility is there if it comes to it.

      • One could also step through the app with a debugger and/or collect meaningful dumps when things do go wrong. Proprietary apps do everything they can to avoid giving end users anything meaningful when crashes happen, while there's no incentive to do that with FOSS.
      • That same capability also limits a company's ability to hold formerly free features for ransom in a future release.

        That peculiar type of enshittification isn't very likely to happens specifically in this category of devices, they are single use only: every fortnight the patient need to throw away the spent sensors and implant a new one.
        So Abott is earning shit tons of money from the throw-away hardware anyway, a few extra bucks are litteraly not worth the effort to develop paid-for feature in the app.

        But it also means that they *alaready* earn tuck-loads of money from a device cheaply mass produced in Asia: with all tha

  • LibreLink (Score:4, Insightful)

    by gavron ( 1300111 ) on Saturday November 04, 2023 @01:55PM (#63979868)

    LibreLink's latest sensor and app, LibreLink 3 on Android ***REQUIRES*** notification permissions and alarms or it won't run. Worse yet, its alerts are at the HIGHEST VOLUME the device can emit, even for something as simple as "paired new sensor." If you disable the permission, the app won't run until re-enabled.

    On Android 13 and up, the app hibernates when not in use, so no alerts about anything one might actually care about.

    If it was Open-Source it would have been fixed a year ago. Abbott, however, shows zero desire to fix it. It does the bare minimum so they can keep selling sensors to the 537,000,000 diabetics of the world at a bimonthly expense, rather than research better solutions to diabetes. One in ten adults have it, but the profit in "regulating" the symptoms far outweighs the profit of a one-time cure.

    • Re:LibreLink (Score:5, Informative)

      by Sad Loser ( 625938 ) * on Saturday November 04, 2023 @03:24PM (#63980056)

      I work for a company that makes medical devices (ISO13485) and this situation is more complex that it first appears.

      re the software update - this is usually a result of Apple moving the goalposts and is a constant pain for medical device companies that use smartphones as a platform for medical device software. Google does the same but is less aggressive.
      The problem is that Apple is driven by the people who want to sell more Candy Crush Saga, not people who want the stability of a long term stable platform to build applications against.

      The problem with the notifications is that is medico-legally indefensible not to have the notifications on maximum noise. If someone's blood sugar drops below 4 then they may become drowsy and less aware of alerts.

      • The problem with the notifications is that is medico-legally indefensible not to have the notifications on maximum noise. If someone's blood sugar drops below 4 then they may become drowsy and less aware of alerts.

        FreeStyle 1 didn't even have alarms (it didn't have any personnal-area network radio like Bluetooth to begin with, only very low-power "touch to connect" NFC to flash-read the graphs).
        Tons of other monitoring solution (even old-school finger pricks) have no alarms and rely on the patient detecting signs and checking blood sugar on the spot.

        In theory FreeStyle 2 could have left alarms an optionnal "convenience" feature (That was actually the case on older versions of the software).

        Lots of competitors have co

    • Re:LibreLink (Score:4, Insightful)

      by thegarbz ( 1787294 ) on Saturday November 04, 2023 @04:43PM (#63980230)

      Aside from the hibernation issue which has a specific workaround, none of what you said is bad, in fact it is all the fundamental purpose of the app's being. A blood sugar monitor that runs with the OS silently blocking it's alerts, or turning the volume of the alerts off is are fucking useless app.

      If it was Open-Source it would have been fixed a year ago.

      So like all open source it provides users so many different options to fuck the functionality? But unlike say CD burning software with 100 different options the outcome could result in a trip to the hospital rather than a thrown away CD.

      One in ten adults have it, but the profit in "regulating" the symptoms far outweighs the profit of a one-time cure.

      Ahhh yes the only thing that prevents breakthrough cures of medical diseases is money. Gotchya. Not that what you're talking about is actually difficult having been the subject of decades of research, it's just some silly profit motive to keep you sick. I don't care about this. I'm still angry the FBI bombed the world trade centre to cover up the moon landing being fake.

      • Sensors (Score:3, Insightful)

        by DrYak ( 748999 )

        Aside from the hibernation issue which has a specific workaround, none of what you said is bad, in fact it is all the fundamental purpose of the app's being. A blood sugar monitor that runs with the OS silently blocking it's alerts, or turning the volume of the alerts off is are fucking useless app.

        The primary purpose of a continuous glucose monitor (CGM) is to provide a real time graph of the blood level of glucose over time. That's what the word "continuous" and "monitor" mean in this success.

        That the device can establish a medical diagnostic on its own is really a tacked-on feature.
        In practice, it's not very precise with tons of false positives (alarm going off unwarranted) or false negatives (device not detecting an actual low properly).

        (There are physico-chemical and physiological reasons why it'

  • by GFS666 ( 6452674 ) on Saturday November 04, 2023 @01:57PM (#63979870)

    Look, I'm a huge proponent of having software be open. But this is one area were it would be a bad idea. We already know that there is a huge amount of software people who just arrogantly KNOW that they are the greatest thing to software engineering since sliced bread and who would just LOVE to screw with the software of those medical devices because THEY can do better than the last person. So, like Linux, there would be 100 variations of the program that you may depend upon for your life with no controls on it what so ever.

    The FSF of course uses edge cases (as related to in the article) to justify their position. And there should laws in place to handle medical edge cases so that people have resources. But have every medical device software program open so that everyone (and not just people who are qualified) can mess with it and put potentially life ending errors in it without any medically qualified testing? No, bad idea.

    • Re: (Score:2, Insightful)

      by rot16 ( 4603585 )

      The very same arrogant know-it-all developers sometimes also write the closed source version of the software.
      Some people with medical issues can also program. I am pretty sure that I'd at least try to understand the code for medical devices, if available.

    • by sjames ( 1099 )

      That's very easy to manage. Just download from the official site and get the source from the official upstream repo, not some random dude's blog. Problem solved.

  • by Anonymous Coward

    Sorry, this is one area where proprietary software has to hold true. The software used in all these devices, along with insulin pumps, cpap machines, etc. is regulated by the FDA - and for good reason. There is a minimum set of safety requirements for the functioning of the code. An errant comma, or > when it should have been >= just won't do. I'm not saying that FOSS developers cannot code at the level that the rigors of life-safety require, but I would not want to be reliant on FOSS development

    • by Anonymous Coward
      Quality control of code is orthogonal to whether or not it is open source.
    • Open Source projects can still go through the same approval process. As long as the project is managed competently, there is no more risk of an errant comma screwing things up than there is in closed source software. The key, as always, is in the project manager, and proprietarty software has just as many poor project managers as closed source.

      What both yourself and the post above you get wring is that you think of open source as more like a wikipedia page, where changes get made, go live, then get rolled b

    • by sjames ( 1099 )

      The first full feedback loop for diabetes management was an open source effort involving reverse engineering protocols for the sensor and the pump. The hackers were also users. The industry is still trying and failing to find their ass with both hands in that area.

      Nobody forced anyone to use anything. Your argument devolves to "No, no, children mustn't touch!" being said to adults. Your wife is free to continue exactly as she has been, nobody's going to break in and re-flash her pump while you sleep.

      • Your wife is free to continue exactly as she has been, nobody's going to break in and re-flash her pump while you sleep.

        Eh, I dunno. I might.

  • Iâ(TM)ve got a medical implant fully below the skin in my skull to restore hearing (cochlear Osia 2) and itâ(TM)s powered by induction from an external audio processor. There is an app that can allow the fine tuning or streaming of audio. There is no way Iâ(TM)d trust any medical implant or anything associated with it to someone who had no qualifications or controls in terms of making sure that absolutely this will work and will not cause me harm. It is not a perfect app and it could be bett
    • A company that manufactures a medical device that runs software could easily make the software open-source. (The software is of little use without the device, so there's no lost revenue.) That does not compel you to use any version of said software other than official builds distributed by the manufacturer.

      As stated, the advantage of making it open source is that if the manufacturer goes out of business or otherwise stops supporting the device, you at least have a recourse. You might not want to take adva

      • Software for medical devices requires behaviour far more controlled than regular software. It falls under the control of the FDA (or whatever equivalent you have locally). It's not a casual thing to update or modify it, and professional licenses rely on them performing.

        An edge case might be made for it to be released if the firm goes out of business, but for the same reason that we don't let people meddle in these spaces in other ways (you're not allowed to make your own prescription meds or distribute them

        • I never said that home hobbyists would necessarily be modifying and distributing the software. But another medical company could pick up support for the device if the software were open-source.

          That aside, it's not clear to me what the law actually is. Certainly, medical device manufacturers are regulated by the FDA, but, if a patient actually had access to the source code and the know-how, does the law prohibit them from modifying their own device?

          • I had a look at the FDA regulations on reporting modifications to medical devices. It doesn't look like patients have to report them, but almost anyone who modifies them for use by others (with limited exceptions for practitioners who modify them for patients in their own practices) do seem to have to notify the FDA. For Class III medical devices (those that sustain life, are implanted, or may cause unreasonable injury), such modifications are subject to pre-release review by the FDA. Modifications are also

            • That undermines open-source philosophy by making sharing of modified code illegal

              That's Free Software philosophy. The reason Free Software was invented was that Open Source didn't address that point.

          • It would be a business decision to pass on the IP to another firm. I'd be sceptical that the FDA would permit you to readily hack your own medical device. Too much risk.

    • by sjames ( 1099 )

      And absolutely nobody is trying to force the Free Software solution on you. No matter how many Free Software projects spring up around this, you will remain free to stick with what you have or get official updates from the manufacturer as you wish.

      But wouldn't it be nice to know that the mere existence of Free Software helps protect you from a future scheme to make you rent your hearing, even if you choose not to use it?

      • The FDA doesn't regulate a business not being a jerk. Having the good sense not to turn the users (and the medical staff who tend to steer people towards or away particular options) against your brand is a great motive to not be a jerk if you want to remain in business. The biggest issue isn't with when software that is peripheral to a devices operation stops working - it is when or if a manufacturer stops supporting the hardware. My device would continue to work without the app. It would lose a bit of func

        • by sjames ( 1099 )

          And again, nobody is trying to take any of that away from you. The existance of a Free Software alternative doesn't have any effect on you if you don't want it to.

          • The FDA is likely of the view that anything that controls or interacts with a regulated medical device requires the same or similar levels of control as the original device. If this was released in being open source, it would likely only be permitted to be used with a regulated device if the software was controlled to the same level as required before. you 'might' get another medical device manufacturer to take this on, but i'd really doubt it.

            • by sjames ( 1099 )

              Not really. The FDA has the authority to prevent the sale or marketing for any medical purpose, but if an end user chooses to modify their device, the FDA has no authority or legitimate interest in it. Also, the FDA has no authority over software from other countries.

              OpenAPS.

  • You know, the technical enhancement of the human body is a staple of cyberpunk stories and games, but nobody ever bothered to consider that the maker of that hard- and software would retain the right to disable it if you fail to pay your fees.

    Or that some government requires you to register it and allow them to disable your superhuman powers if they feel like you might want to use it for whatever they consider "nefarious reasons".

    Maybe that's why those Ono-Sendai cyberdecks are so prohibitively expensive co

    • My knowledge is limited to what I have heard and experienced with the cochlear company. When you get a medical implant from these fits itâ(TM)s designed to last until you die. And newer external processors which can get changed are always made backwards compatible with the first generation of their hardware. I get the cynicism about some companies having trailing subscription or government interference but at least in some parts of the implant world thatâ(TM)s not the norm.
      • Not yet.

        So far, implants also are not an enhancement to natural body parts but rather, at best, substitutes. But let's extrapolate from what we already see in the competitive athletics world of running where running prostheses are already superior to natural limbs and allow athletes to run faster than normal legs would. How about ears implants that can hear ultra- and infrasound or even decode HF signals or eyes with infrared vision or a zoom ability?

        Of course, we're decades out for the technology, hell, we

        • any evidence of a real world kill switch in a medical implantable? I'd be curious if this is a real thing, as I'm not sure how that would be medically defensible in the approvals process for the device. I get that consumer appliances have plenty of built in obsolesence, but i'd like to know if this has actually happened in the medical field.

          • Like I said, not yet.

            But so far, medical devices are, at best, replacements. Not enhancements. We're not talking about something where you'd actually throw away a working part for an artificial replacement because it would improve the functionality. As said, we're far away from the world of Cyberpunk where people can easily replace eyes that work better than the real deal, with infrared and zoom, with flashbang protection and the ability to see through smoke. We don't have limbs that allow you to crush a pe

          • by larwe ( 858929 )

            any evidence of a real world kill switch in a medical implantable?

            Is there any need for an explicit kill switch function? So that an evil government operative can dramatically point a Government Implant Disable-O-Tron at you and press the Kill-O-Zap button? Why would such a thing need to be built in explicitly? Electronic implants are not infinitely robust and can be disabled without needing to dig them out of your body. For a dumb example, overloading an inductive charger to burn it out - the device can't be recharged any more, so once the battery expires, it's gone. Or

  • It doesn't really matter if the source to an app is available when you have no way to load it onto your iphone, and/or when the phone OS itself takes functionality away that it depends on.

    /Plus the liability issue -- can you /really/ trust that the public fork of a medical device software doesn't introduce a bug that could potentially endanger your life? At least with an "official" app there is a company with liability insurance to sue when it farks up.
  • in the medical field this is like pissing in the wind. My favorite statistic is that 80% of all healthcare facilities of any kind in Florida are owned by one company. Most states aren't as bad, but are usually hovering around 50-60% with the rest being a duopoly.

    You don't have any choices when you don't have anti-trust enforcement. Change how you vote or it'll only get worse. Every time you see a politician your first question needs to be: "Is this guy's policies gonna help me or hurt someone else?".
  • and Abbott is so big that they get to bypass app store rules / get an free pass as the automated test system can't test apps that need hardware.

  • by jvp ( 27996 ) on Saturday November 04, 2023 @03:13PM (#63980032)

    I love the quote too:

    "Software that controls your body should always respect your freedom". Then they lay into Abbott about the Libre. Hm. I've got a Libre3 stuck to the back of my arm right now. It doesn't control anything regarding my body at all. Not a thing. It's a passive blood glucose monitoring device that isn't 100% accurate; all it does is report results to my iPhone on a regular basis. It's a monitoring aide, not something that controls insulin (or carbohydrate) intake. Both of those fall to the idiot wearing the sensor.

    Dear FSF: stop trying to make news where there is none, please? You're rapidly outliving your usefulness. Love, a long time free software user.

    • So to be clear, you're not making decisions about your body based on the sensor? Then why are you wearing it, you just like poking holes in yourself?

      • by jvp ( 27996 )

        So to be clear, you're not making decisions about your body based on the sensor? Then why are you wearing it, you just like poking holes in yourself?

        To give me an idea if I need to test myself during off-meal times. Typically I test myself right before I eat so that I know how much insulin to tell the pump to give me. But if something goes out of whack with my schedule and I don't realize it (by feeling), the sensor will possibly show that on my iPhone. At no point do I dose (because I'm too high) or eat (because I'm too low) without poking my finger. No other diabetic should be doing that, either, because these sensors are NOT as accurate as finger

  • Sounds like another RMS purity tantrum again. Yeah, let me know how that turns out.
  • I have seen similar issue on the android side. Abbott is very slow to update. if you want a flagship phone on latest OS the app may not work. Support basicly is worthless they say not certified and will not talk with you.. I suspect a lot of the lag is related to the medical approvals needed in the various countries, but they need to be staffed to support the agile flow of the devices they want to use.
  • This was touched on a year and a half ago, with similar conclusions. Slashdot article: Their Bionic Eyes Are Now Obsolete And Unsupported [slashdot.org]

  • Reminded me of the Therac-25 software problem back in the mid-80s, which killed several people, permanently disabled several others. Hardware in a medical radation treatment machine had been replaced with faulty software (written by an unidentified idiot), which allowed patients to be hit with dosages 100 times too large. It took two years after the first incident before the FDA had the 11 faulty machines in North America taken out of service.

    https://en.wikipedia.org/wiki/... [wikipedia.org]

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...