Marcos Marado wrote:
I recently read about a woman who has a pacemaker. It had a software bug,
which frightened her. She knows /of/ it but she doesn't know it, since she
doesn't have access to the software running on her own body. Furthermore,
she found out that there is a functionality in it to accept OTA updates,
which she cannot control. Scary. And this is not science fiction, this is a
real case, current technology.
I'm not sure what story you're referring to, but Karen Sandler (a lawyer
working with Software Freedom Conservancy, co-host of the "Free as Freedom"
Oggcast at http://faif.us/ ) tells a similar story: she wears a
pacemaker/defibrillator[1] due to her enlarged heart which is 3 times the
size of a normal heart. Her enlarged heart puts her at risk of suddenly
dying (2-3% annually compounding risk), thus she wears (inside her body,
screwed into her heart) a $75,000 Medtronic device. She recently had a
child and found a bug in her device's software during her pregnancy --
pregnant women's hearts sometimes race and thus triggered the device to
deliver a shock to her because her device's software was programmed to
deliver a shock if the user's heartbeat goes outside an acceptable range.
This variable heartrate is completely normal for pregnant women, but the
device is typically only installed in patients who are well past their
childbearing years (as Sandler's doctor told her when she reported this
erroneous shock).
When Sandler was first getting this device she tried to get the complete
source code for the device, even being willing to sign a non-disclosure
agreement for this source code (look up her name and see/hear any of her
early talks about her heart to hear the full story on this). But the
proprietor would not give her the source code. So, like anyone with any
proprietary software, she is denied permission to fix this problem and has
to hope the proprietor cares enough about her unusual case to address this
bug. If the proprietor goes out of business, she's simply out of luck
possibly undergoing another surgery just to change the device sold by
developers who care about software freedom or her case.
In a previous talk, Sandler explained that she purposefully did not pick a
pacemaker/defibrillator device that could accept updates or be read
wirelessly because she could see how she is not well-served by a device
programming changing ad-hoc by unknown people, or people reading her
device's data remotely. She requested an older model which can only be
reprogrammed and read where the reader device is physically in close
proximity to her heart. Presumably she would make sure only trusted people
get this close and thus that would help preserve her life and her privacy.
But all of the newer devices work wirelessly over greater ranges of
separation between the device and the reader. This means when she needs a
new device (the batteries only last for so long, she will need a new device
if she lives to around 80 years as many women do), she might not be able to
get the older relatively more privacy-preserving and safer device she prefers.
This understanding of the power of proprietary software versus what society
needs to operate properly -- software freedom -- converted her from
"thinking open source was cool" to understanding that "software freedom is
absolutely essential to our lives, to our society, and to our overall
framework": "For me, this got me extremely passionate about software
freedom. Where I previously thought that open source was cool, I have now
come along to the view that software freedom is absolutely essential to our
lives, to our society, and to our overall framework. And that has put me
solidly in the free software space. [...]" (around 5m45s into [1]).
Anyone riding in or being alive near a modern car is in a more similar
situation to Sandler than they think: when you're in or around any car you
depend on that car to protect your life. Modern cars use proprietary
software to govern emissions (hello VW fraudsters!), vet who is allowed to
get in and drive the car via remote locking, and control how the car
operates while in use. We're seeing how insecure this code is as people
provide the public service of breaking into the car (not to steal the car
or rob what's in the car) demonstrate the insecurity of that software. We
now understand that car designers don't prevent the software that could
create distracting & unsafe environments in cars (thus leading a driver to
spend time fiddling with environmental controls instead of driving) and
this could create a lethal problem for some innocent passerby when a
vehicle in motion hits and kills them. Autonomous vehicles look even worse
-- untrustworthy developers purposefully using proprietary software to
control where the vehicle goes and how fast, and deal with sudden
unpredictable changes on the road make me think autonomous vehicles are
horribly unwise[2]. Then