Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Lawyer Demands Pacemaker Vendor Supply Source Code

Soulskill posted more than 2 years ago | from the write-your-own-plugins dept.

Biotech 334

oztiks writes "Lawyer Karen Sandler's heart condition means she needs a pacemaker to ward off sudden death. Instead of trusting that the vendor will create a flawless platform for the device to operate, Sandler has demanded to see the device's source code. Sandler's reasoning brings into question the device's reliably, stability, and oddly enough, security."

cancel ×

334 comments

Sorry! There are no comments related to the filter you selected.

It's not forced on her (5, Funny)

whoda (569082) | more than 2 years ago | (#38773740)

She could just let her heart regulate itself naturally.

Re:It's not forced on her (1)

Stormthirst (66538) | more than 2 years ago | (#38773846)

Mod up hilarious

Re:It's not forced on her (1)

Opportunist (166417) | more than 2 years ago | (#38774122)

Not so hilarious, just quite interesting. And consider the implications.

We're not talking about a computer or a car. We're talking about a potentially life saving tool. Or, rather, not having it being life threatening. Not getting it is pretty much not really an option. But does that imply that someone has the right to force the manufacturer to open up their source code?

Re:It's not forced on her (0)

Anonymous Coward | more than 2 years ago | (#38774272)

> Not getting it is pretty much not really an option

What?!? She could still chose the option to NOT get the implant. Consequences may be obvious, but the choice remains.

Re:It's not forced on her (1)

Anonymous Coward | more than 2 years ago | (#38774350)

When I hold a gun to your head and tell you that you must give me all your money or I shoot you, you can still choose the option NOT to give me any money.

Consequences may be obvious, but the choice remains.

Re:It's not forced on her (1)

Anonymous Coward | more than 2 years ago | (#38774404)

Your analogy is flawed: in your analogy, the gun-holder is the one who has initiated the life-or-death decision. In the real world, life itself, karma, FSM, God, or whoever you decide, is the one that created the death scenario. The pacemaker creator is the one that offers up the life scenario. Also, you can have the pacemaker and NOT have access to the source code and still live.

She is the one trying to do the forcing here, holding a legal metaphorical gun to the metaphorical head of the pacemaker manufacturer, demanding source code (money & metaphorical) or a legal battle (money & a slow, agonizing, metaphorical death).

Re:It's not forced on her (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38774362)

If the pacemaker vendor doesn't want to make the source code available its perfectly within its right to refuse to supply the pacemaker. Lawyer can go look for someone else to acquiesce to her ridiculous demand, assuming she doesn't die waiting for someone to give in, but any delay is entirely of her own creation.

It's not surprising a lawyer has a defective heart (5, Funny)

trout007 (975317) | more than 2 years ago | (#38774056)

I thought they had their hearts removed when they passed the bar at the same place that performs MBA lobotomies.

Re:It's not surprising a lawyer has a defective he (4, Insightful)

NevergoldMel (1210176) | more than 2 years ago | (#38774116)

The MBA lobotomy is a very precise operation, they only remove the parts of the brain that remember to pay taxes and how to truthfully report corp. earnings.

Re:It's not surprising a lawyer has a defective he (3, Insightful)

newcastlejon (1483695) | more than 2 years ago | (#38774296)

The MBA lobotomy is a very precise operation, they only remove the parts of the brain that remember to pay taxes and how to truthfully report corp. earnings.

You forgot empathy.

Re:It's not forced on her (1)

AmberBlackCat (829689) | more than 2 years ago | (#38774142)

The same could be said about the telephone, broadband, & oil industries. They're not forced on you. You could just do without them. And unlike her situation, it won't kill you. Also, if I were her, I'd be more concerned about the hardware than the software.

Broken image link (1)

Anonymous Coward | more than 2 years ago | (#38773750)

TFA has a broken link of her image. Just goes to show that errors creep up in the damndest of places.

I trust my life to Boeing every time I fly (1, Insightful)

gatkinso (15975) | more than 2 years ago | (#38773766)

...and incidentally every time one of their products flies over my house to land at the DC area airport I live close to.

Yet I don't demand to audit their code.

Re:I trust my life to Boeing every time I fly (5, Insightful)

rtfa-troll (1340807) | more than 2 years ago | (#38773836)

Yet I don't demand to audit their code.

Well, if you don't demand that somebody audits their code you are pretty stupid. Unaudited code and code which is proprietary and never shared with outside bodies (this doesn't have to mean the public; just at least someone external) just doesn't have a place in any critical parts of our infrastructure. It is as irresponsible as it would be if Boeing didn't have to hand over the mechanical specifications of their planes, which of course they do. However, If you had read the article you would have seen this quote:

Regulatory authorities don't see or review the software either.

She simply has to trust that the vendor is telling the truth and doing things right.

I think you will find that aircraft software, whilst it isn't open source and available to everyone, gets a bit more review than that.

Apart from that, the plane code isn't part of you and is, as a passenger, something you just visit for a short time. I think people have a right to understand fully, to the level of their own ability, things that are made part of their body.

Re:I trust my life to Boeing every time I fly (-1)

Anonymous Coward | more than 2 years ago | (#38774084)

I think people have a right to understand fully, to the level of their own ability, things that are made part of their body.

Ok then, do you demand the recipes of dishes that you order out in restaurants? And if they do provide them, do you then audit the cooks to make sure the recipe was followed exactly?

Yeah I didn't think so. I just utterly and completely demolished your fantasy where everything should be open source and therefore they provide more security.

Re:I trust my life to Boeing every time I fly (1)

cp.tar (871488) | more than 2 years ago | (#38774108)

Well, in fact I do ask about details concerning certain dishes, especially whether milk is involved in preparation. I admit to not asking the whole source code, but I am asking about an aspect which deeply and, should I ingest it, violently concerns me.

And that’s just about something that passes through my body.

Re:I trust my life to Boeing every time I fly (2)

JobyOne (1578377) | more than 2 years ago | (#38774172)

Actually, people do that sort of thing *all the time*.

I have a coworker who can't have wheat or dairy, and it takes a lot of questioning for her to get a meal at a restaurant. My mom is allergic to soy (including soybean oil), and since soy pops up in the darndest places that means it also takes a lot of questioning for her to get a meal at a restaurant. No, they don't audit the cooks, but they do demand information about what they're about to put in their body, up to a point required to ensure their own health to the best of their own knowledge and abilities.

What were you saying about fantasies? I think you have a few.

Re:I trust my life to Boeing every time I fly (1)

dotancohen (1015143) | more than 2 years ago | (#38774306)

Ok then, do you demand the recipes of dishes that you order out in restaurants? And if they do provide them, do you then audit the cooks to make sure the recipe was followed exactly?

I do ask if they use MSG. And if the waitress doesn't know what MSG is, I go to the back and ask the chef myself rather than explain it to her and let her ask. Because I _will_ find out later if I don't.

Re:I trust my life to Boeing every time I fly (1)

Apothem (1921856) | more than 2 years ago | (#38774218)

Apart from that, the plane code isn't part of you and is, as a passenger, something you just visit for a short time. I think people have a right to understand fully, to the level of their own ability, things that are made part of their body.

This right here just about sums it up. Honestly, you seriously wouldnt at least consider questioning what the hell is being put inside you at least a little bit? It just ever so happens that this guy just wanted to make sure things were up to spec.

Re:I trust my life to Boeing every time I fly (0)

Anonymous Coward | more than 2 years ago | (#38774294)

All products work, all products have bugs too. An audit of the source code is justified.

However, I wonder when someone personally wants to see the source code--what is the motive? Is it really just to see how it works to make sure there are no problems? Or is it--force a company to open the source, now that the source is opened it gets released to the public, now others can develop similar products from the company's R&D without having to invest that much time and money of their own? Exactly what makes them more qualified to review the source code than who the company hired to do the code reviews?

So yes, I am quite biased against anyone calling for a company to open up closed source. So I tend to think it's more towards the second--force a company to open the source, now that the source is opened it eventually gets released to the public, now others can develop similar products from the company's R&D without having to invest that much time and money of their own. I'm not saying it is definitely that way in this case--but I am saying that when I do read or hear of a request or demand to open up otherwise closed source code, that is what I personally believe, even moreso if the person hires a lawyer or is a lawyer.

Also, a person can understand fully, to the level of their own ability, what a thing that is part of their body is doing--without seeing the source code line by line.

Finally, they can choose a different vendor, but they too may keep the source code closed.

not so easy to get scrutiny of flying procedures (1)

waterbear (190559) | more than 2 years ago | (#38774308)

Well, if you don't demand that somebody audits their code (for airplanes/airlines) you are pretty stupid.

Agreed in principle that it's desirable/vital to get that job done. But it's not so easy to achieve in practice, and I think it's not just stupidity (on the part of consumers/customers) that blocks it.

Some years ago I was a regular flier with a certain airline, and then they flew a couple of my work colleagues into the ground [ :( ]. The circumstances brought their operating procedures into question -- human code, if you will. I quizzed them about the relevant points. They told me to get lost. If it wasn't in the official accident report (which turned out to be a whitewash, btw) then I would not be permitted to know it.

Needless to say, I never flew with them again, but that's not much good, the other lines might misbehave in a similar way.

I suspect that maybe there is not as much external scrutiny of these things as some of the posters in this thread optimistically believe or expect.

-wb-

Re:I trust my life to Boeing every time I fly (1)

Anonymous Coward | more than 2 years ago | (#38773840)

Your continued existence is not dependent on flying Boeing aircraft.

Re:I trust my life to Boeing every time I fly (-1)

Anonymous Coward | more than 2 years ago | (#38773896)

Your continued existence is not dependent on flying Boeing aircraft.

However if it crashes (with him in or alternately lands on him.)..his existence very well may be discontinued. Are you that fucking stupid? People die when planes crash. Or are you one of those retarded 9/11 deniers too.

Re:I trust my life to Boeing every time I fly (1)

Anonymous Coward | more than 2 years ago | (#38773856)

...because you have a choice whether or not to fly and ultimately if you don't, you'll still live. Also, there are regulatory authorities controlling how planes are built and inspected.

This person *must* have that device or she will die, but no 3rd party is looking at it for quality.

I make analogies too when I don't fully understand a subject.

But I usually keep my mouth shut when that's the case.

Re:I trust my life to Boeing every time I fly (4, Insightful)

hedwards (940851) | more than 2 years ago | (#38773986)

GP lives in their flight path. Around here it's difficult to impossible to find a place to live where a rather large plane doesn't fly overhead on a regular basis.

Re:I trust my life to Boeing every time I fly (1)

Anonymous Coward | more than 2 years ago | (#38773898)

Yeah, 'cause having an Airplane fly over your house is the same as it being cramed up your ass....

Re:I trust my life to Boeing every time I fly (0)

Anonymous Coward | more than 2 years ago | (#38773914)

So, you're saying you're a prole?

Re:I trust my life to Boeing every time I fly (1)

hcs_$reboot (1536101) | more than 2 years ago | (#38773956)

Nevertheless an important issue is addressed here.
Software comes with the usual THIS SOFTWARE IS PROVIDED "AS IS" disclaimer. Of course, when it comes to safety / security / health ... one may want to get more than a disclaimer. But there are also (and still) devices where the poor programming (especially in the algorithms / intuitiveness departments) appears to be annoying for the user, while the device cannot be upgraded / updated (washing machines, pocket translaters, microwave, hi-fi...).

Re:I trust my life to Boeing every time I fly (-1)

Anonymous Coward | more than 2 years ago | (#38773982)

Posting AC from Boeing's 787 plant in Charleston, SC.

The operators who build these planes are like McDonald's rejects. Idiots everywhere.

Re:I trust my life to Boeing every time I fly (1)

NatasRevol (731260) | more than 2 years ago | (#38774000)

I've been to Charleston. Those are their top people working on it. Top people.

Plus, that's part of the lower cost of labor which is why Boeing moved there. Gotta take the good with the bad.

Re:I trust my life to Boeing every time I fly (0)

Anonymous Coward | more than 2 years ago | (#38774052)

Those are their top people working on it. Top people.

Hey, that's sexual discrimination! The bottoms should get a chance to work on it, too!

Re:I trust my life to Boeing every time I fly (0)

Anonymous Coward | more than 2 years ago | (#38774064)

Society is like McDonald's rejects. Idiots everywhere.

FTFY

Re:I trust my life to Boeing every time I fly (0)

Anonymous Coward | more than 2 years ago | (#38774016)

So your argument is, that you are a sheep, and so others should be too?

Not a very good point.

Re:I trust my life to Boeing every time I fly (1)

NevergoldMel (1210176) | more than 2 years ago | (#38774176)

The FAA is all over it. There are specifications for the thread tape used on the wiring conduits. Different conduits are required to use difference types and brands of thread tape. The flashlight batteries have to have a certificate of airworthiness in every case. The paint pens for touching up the exterior paint have a 90 day shelf life. The flip-down trays on the back of the seat are inspected by the same people that inspect the engine components. The FAA also requires that the "stores" where the airlines keep the parts are always manned. Mechanics are not allowed in the "stores".

first, we kill all of the lawyers (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38773768)

This sort of demand is why lawyers are disliked. The life science industry has to follow the FDA directive to perform a source code review. It is very unlikely that the source code in these devices have any remaining bugs due to the length of time that these devices have been used.
In addition to the source code for the software running the device, which is most likely to be extremely robust given the long time that these devices have been in use (+25 years), she might as well ask for the manufacturing process details for the battery, the casing, the electronic components, and the design of the microprocessor.
This is pointless since any qualified experts on the code are likely to be working for the device manufacturer.

Re:first, we kill all of the lawyers (1)

beelsebob (529313) | more than 2 years ago | (#38773822)

And what if the bug is that it stops working on march 3rd 2012?

Re:first, we kill all of the lawyers (1)

hoggoth (414195) | more than 2 years ago | (#38774080)

Then just delay releasing the source code until March 4th. Problem solved.

Re:first, we kill all of the lawyers (2)

Opportunist (166417) | more than 2 years ago | (#38774146)

Why the heck would someone put a real time clock into a pacemaker?

That's the stupid question I've been asked time and again in 1999. But will $device work in 2k? With $device being something that has no chance in hell to have a RTC.

Re:first, we kill all of the lawyers (2)

beelsebob (529313) | more than 2 years ago | (#38774160)

The point I was making was "I've tested it for 25 years" is not a proof in any way that it's bug free. It being the 3rd of march 2012 was simply an example of a condition that's never been tested in those 25 years... Others might include sun storms, unseasonable warmth, a certain bacteria in the patient, ........

Re:first, we kill all of the lawyers (1)

sonamchauhan (587356) | more than 2 years ago | (#38774276)

oops... wrong mod

Re:first, we kill all of the lawyers (5, Funny)

NatasRevol (731260) | more than 2 years ago | (#38773828)

Did you just seriously say that there are no more software bugs in their code?

You're the reason lawyers exist.

Re:first, we kill all of the lawyers (1)

mrsquid0 (1335303) | more than 2 years ago | (#38773874)

I wish that I had some mod points today so that I could mod this as funny. Now that I think about it, I seem to remember that David Parness, years ago, proved that it is not possible to guarantee that code is bug free, but perhaps I am misremembering something.

Re:first, we kill all of the lawyers (3, Informative)

Stormthirst (66538) | more than 2 years ago | (#38773880)

No - lawyers are disliked because they charge absorbent fees for sitting in an office and talking, or standing in a court and talking. They make nothing, and have the moral values of a squashed tomato*

You're assuming that the device she's due to have fitted is exactly the same design and construction as the ones they used 25 years ago. This is obviously false. For example, the original pacemakers paced the heart all the time, and as a result had a very limited battery life. Pacemakers these days are far more intelligent, and sense when a regulating beat is needed.

Having said that, your point about the qualified experts still holds.

* I'm probably going to get sued now by some lawyer representing squashed tomatoes for defamation of character.

Re:first, we kill all of the lawyers (3, Funny)

Anonymous Coward | more than 2 years ago | (#38774038)

I assume you meant to say "exorbitant" although you could say that lawyers excel in absorbing their clients' money.

Re:first, we kill all of the lawyers (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38773974)

There are many assumptions here that should be questioned.

Source code reviews are highly imperfect ways to ensure stable and accurate software, and good ones are extremely hard on the developers involved. Techniques like test driven development and paired programming offer a much better solution at lower cost.

New medical devices are released all the time and they have new code operating them, even if that general type of device has been in use for decades. New models with new or modified code have new bugs.

Perhaps owners of electronic devices that have caught fire or misbehaved in other physical ways have learned to start inquiring about manufacturing, mean time between failure and other manufacturing and quality issues.

I have worked in the medical software industry for thirty years as a developer, and was at one time an employee of Medtronic. I have a Medtronic pacemaker/defibrillator embedded in my chest which can be remotely accessed and controlled. I am professionally qualified to study and understand my device's software, development and testing methodology, and security issues - but Medtronic declined to share with me their source code when asked. The technical manuals for my devices which appear to provide all necessary information for hacking my pacemaker/defibrillator are available online.

I think that more can and should be done with oversight of medical device manufacturers and their software than the FDA currently requires, but this is true of all mission critical software like military and aerospace systems as well. The problem is neither uppity lawyers nor uncaring medical device manufacturers but instead the way we build software. Anyone with personal experience in the software industry who relies on a programmable medical device but who is not concerned over the accuracy and stability of the software running it is not thinking clearly.

wow (4, Informative)

unity100 (970058) | more than 2 years ago | (#38773980)

It is very unlikely that the source code in these devices have any remaining bugs due to the length of time that these devices have been used

hahahahaahaha ahaahah.

you spoke like someone who has zero experience in software development.

Re:first, we kill all of the lawyers (1)

kdemetter (965669) | more than 2 years ago | (#38774034)

So because it's difficult, we should just trust the manufacturers ?

She is not saying that all pacemakers should be open sourced btw , she just wants to be sure the device is safe.
You need an external party that reviews the device and software thoroughly ( which is not happening for the software currently ).

That's the only way to insure that it's safe ( you cannot just trust the company on this, there are too many lives at stake ).

Re:first, we kill all of the lawyers (1)

michael_cain (66650) | more than 2 years ago | (#38774244)

You need an external party that reviews the device and software thoroughly ( which is not happening for the software currently ).

So who, that is competent to conduct such a review, is willing to do so? Reading the code for one such device pretty much precludes ever being able to write code for similar devices, at least for a considerable period of time. The case law was settled back in a variety of reverse-engineering cases: anyone who has ever seen the source code for the software in question is hopelessly tainted, and is not allowed to write (or even, in some cases, read) the code going into the reverse-engineered device. How many people are there competent to review the code for an embedded medical device who are also willing to give up writing code for such devices?

Re:first, we kill all of the lawyers (0)

Anonymous Coward | more than 2 years ago | (#38774110)

No, this is the law/legal system doing what it is supposed to be doing. Protecting our asses from the stupidity and mistakes of others. Audits are essential to ensure that things work the way manufacturers claim they do; this goes for hardware, so why should it be any different for software?

Re:first, we kill all of the lawyers (0)

Anonymous Coward | more than 2 years ago | (#38774134)

It is very unlikely that the source code in these devices have any remaining bugs due to the length of time that these devices have been used.

You don't know the nature of software very well, do you? Even if this software has a very small number of lines of code (which may be the case for a pacemaker), even if it's been subjected to Mars-lander-level scrutiny, even if it's been in use for a long time, there are almost sure to be bugs. The only question is how often (and under what circumstances) they will trigger – and whether they will seriously harm or kill the patient.

Re:first, we kill all of the lawyers (1)

Anonymous Coward | more than 2 years ago | (#38774204)

I suggest you do some reading. You can start here:

http://www.ncbi.nlm.nih.gov/pubmed/11497532

The conclusion: "Pacemaker and ICD recalls and safety alerts occur frequently, affect many patients, and appear to be increasing in number and rate. With the growing number of device implants and expanding indications for device therapy, the number of patients affected by device advisories will likely continue to increase."

There are more hardware recalls than software related, but they are far from free from software defects.

CTL-ALT-DEL (4, Insightful)

ColdWetDog (752185) | more than 2 years ago | (#38773770)

Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits. Does Mr. Lawyer want Medtronics to go over the schematics with him? Explain the physics?

Sometimes you just have to settle down and let things go. Yes, regulatory agencies should review operations of medical devices closely. No, they don't need to peek inside.

I don't even think the FAA looks at the code for the flight control computers on airliners. They test the planes (or actually they watch the manufacturer test the planes) but they don't get every part off the aircraft and look at it under a microsope.

Re:CTL-ALT-DEL (0)

Anonymous Coward | more than 2 years ago | (#38773802)

Mrs. Lawyer.

But otherwise yeah

Re:CTL-ALT-DEL (-1)

Anonymous Coward | more than 2 years ago | (#38773870)

Mrs. Lawyer.

But otherwise yeah

That's Ms. Cyborg-Lawyer, you insensitive clod.

But otherwise, yeah, yeah.

Re:CTL-ALT-DEL (1)

kdemetter (965669) | more than 2 years ago | (#38774212)

If they don't peek inside the software, how will they know how safe it is ?
If someone comes to check the electric wiring in your house, would you accept it if they only looked at the outside ?

I have seen enough software to know that just because 'experts' created them , it doesn't mean i'd trust my life with it.
I would certainly not go with the latest and greatest device for my heart. It should be as rigorously tested as a Debian stable release.

Re:CTL-ALT-DEL (5, Insightful)

CAPSLOCK2000 (27149) | more than 2 years ago | (#38773860)

Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits.

Experst are for hire.

I'm not an architect. The blueprints of my house are useless to me, but I can hire an architect to read them for me. That architect can than tell me if the house I'm living in is well designed or not. He won't be able to tell if the building-materials are of sufficient quality, but if the design is not sound the materials used don't even matter.

I'm dissappointed in Slashdot. One would expect that over here people would see the value of having access to the source of the software that keeps you alive.

Re:CTL-ALT-DEL (1)

Idbar (1034346) | more than 2 years ago | (#38774202)

I agree with you there is value. But two me, there are two ways for an inventor to keep its leading edge: patents and trade secrets. Do you sincerely prefer patents and litigation or the freedom to reverse engineering the product? I hadn't seen anyone asking for the ingredients of coca cola because they "consume" their product, they're perfectly free of not doing so.

Re:CTL-ALT-DEL (3, Insightful)

rtfa-troll (1340807) | more than 2 years ago | (#38773876)

No, they don't need to peek inside.

Think about how much cheaper for everybody it would have been to have one small government testing lab verifying medical implants that it is going to be having to replace all of the breast implants in France / UK etc. etc. Think how much compulsory insurance [telegraph.co.uk] is going to cost.

This is typical of the corporate welfare attitude that small people have to pay for the mistakes of big companies but no big company has to pay for anything.

Re:CTL-ALT-DEL (0)

Anonymous Coward | more than 2 years ago | (#38773924)

I know a guy who worked for Garmin. The FAA doesn't look at the code, as far as I know, they just insist that every code path is thoroughly tested (through unit testing). This requires interesting things like code injection and such when you need to break those things that should never break (idiot checks and sanity checks and stuff).

Presumably they do integration testing as well.

Re:CTL-ALT-DEL (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38773932)

Before I started reading the comments, I knew it would skew heavily against the lawyer because, well... he's a lawyer. No other reason.

You dweebs here on /. get your panties in a bunch about *any* product for which source code is kept private. Operating systems, video card drivers, voting machines, etc.

But oh, god forbid a lawyer advocates for his client, WHOSE LIFE DEPENDS ON THIS FRIGGIN' DEVICE, and you go all 4chan on him.

No, the lawyer is NOT going to review the code. He's going to get a pacemaker software nerd to do that for him. That's assuming not all the pacemaker software nerds are posting this bullshit about him on /.

Really, the measure of your character is whether you stick to your stated beliefs (code should be available for review), even when the people trying to exercise those beliefs don't belong to your clique.

Idiots.

Re:CTL-ALT-DEL (2)

Opportunist (166417) | more than 2 years ago | (#38774162)

When having to side with closed source or lawyers, the choice is quite easy. Hell, when choosing sides between lawyers and mass murderers it is.

Re:CTL-ALT-DEL (0)

Anonymous Coward | more than 2 years ago | (#38773984)

Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits. Does Mr. Lawyer want Medtronics to go over the schematics with him? Explain the physics?

Casual Sexism at play. Pay attention, "Mr Lawyer's" name is Karen.

Re:CTL-ALT-DEL (0)

Anonymous Coward | more than 2 years ago | (#38773990)

They actually do. Avionics must be certified by the FAA just like everything else that goes into a plane. So yes the airline industry is heavily regulated.

The source code is going to tell you a lot, and there have been instances in the past where unregulated medical devices have killed people. Google Therac-25.

Also, SHE will probably pay a expert to go over the code with her.

Re:CTL-ALT-DEL (2)

Teancum (67324) | more than 2 years ago | (#38774024)

With statements like you've made in this post, you would be surprised what the FAA does require when they issue a flight worthiness certificate. No, the inspectors from the FAA don't review every line of code nor do they demand x-rays and microscopic details of all critical parts, but manufacturers to keep track of much of that information and have it stored away "just in case" there is an accident investigation board held on that aircraft that is being made. This is even more true when somebody sell a vehicle to the U.S. government.... where the paperwork for most vehicles weighs more than the vehicle being delivered.

No, I'm not kidding here either. There are warehouses larger than most aircraft hangers (including more than a few former aircraft hangers themselves) that hold boxes and pallets of this paperwork. Some of it has been put into microfilm or digitized.... but that seems to just increase the stack of paperwork even more. When the proverbial stuff hits the fan, all of that is examined including every single line of code used in the flight control computers as well.

The situation is analogous here, where if somebody dies from a pacemaker or life-saving device, that all of that will come out into the open. That somebody is being preemptive and expecting this ahead of time is the only difference. Good engineers document everything they do. Lousy engineers sort of pretend to document everything..... but the worst thing you can do is to sit in a deposition and have to explain to a room full of lawyers why you didn't make the documentation when a major screw up happens. I've seen it happen, and it isn't pretty.

Re:CTL-ALT-DEL (0)

Anonymous Coward | more than 2 years ago | (#38774042)

The FAA are extremely thorough when reviewing source code and process used to develop that source code. Many of us will review source code before running something on our computers, it's perfectly reasonable to want to review the code that is keeping you alive from hearbeat to heartbeat. I think I might even shop for an open source pacemaker if it exists.

Re:CTL-ALT-DEL (0)

Anonymous Coward | more than 2 years ago | (#38774082)

The source code will tell you a lot. Are you even a software engineer? I see code frequently that I can't understand to some degree or other on first, second, or third reading but it tells me right away about the people who wrote it. I wouldn't want to depend on the unaudited work of people who do the following:
* Variable names / comments that contain obsenities or clear typos
* Comments that spell out the author didn't actually know how something works / why something was happening / what a certain value indicates
** Bonus: comments that spell out that a component supplies ambiguous and possibly conflicting values, and the client code must "guess" or "assume worst-case"
* Exception swallowing / unchecked error flag clearing (as was done in the Breathalyzer code)
* TODOs in final product
* Inappropriate monolithic methods / inappropriate inlining
* Undocumented / unnamed non-obvious constants
* Copy-paste-partially-edited code
* Questionable switch case fall-through
* Super-complicated / overly-complicated / inconsistent inversion conditionals
* Inappropriate cunning-or-crazy (hard to tell sometimes) code, e.g. coincidentally-works-right code and side effects
* Noob mistakes
* Extra code, either very similar to or very different from actually-used code

Part of a trustworthy device is it was made by trustworthy people under trustworthy conditions.

[[(the FAA) don't get every part off the aircraft and look at it under a microsope.]]
They often do when it crashes and kills everyone on board. Literally, every part off/of the aircraft, and literally a microscope.

Re:CTL-ALT-DEL (0)

Anonymous Coward | more than 2 years ago | (#38774120)

> I don't even think the FAA looks at the code for the flight control computers on airliners.

I worked on software for two new airplane projects at Boeing. I know from first hand experience that the FAA does not look at the source code.

Re:CTL-ALT-DEL (1)

Dark$ide (732508) | more than 2 years ago | (#38774280)

Oh, come on. The source code is not going to tell you a whole lot, it would be only comprehensible to experts and it says nothing about the little hardware bits.

Perhaps she wants to make her own backup pacemaker using the Arduino she's just bought from Sparkfun.

Who owns data that an implanted device collects (5, Interesting)

davidannis (939047) | more than 2 years ago | (#38773784)

A related story on NPR today points out that as a patient you don't have access to the data collected in and about your own body. The story focuses on one man's attempt to see his own data. He's looking for someone with technical skills to help him get at the data. Seems to me that somebody on /. should be able to help. http://www.onthemedia.org/2012/jan/20/who-owns-data-inside-your-body/ [onthemedia.org]

Re:Who owns data that an implanted device collects (1)

howardd21 (1001567) | more than 2 years ago | (#38773976)

Thanks for sharing; should be modded up as interesting.

makes sense (1)

burne (686114) | more than 2 years ago | (#38773800)

Many (all?) pacemakers can be read and its settings altered via a datalink.

Ignoring malice, who's to guarantee that a shoplifting detector gate doesn't interfere with your pacemaker?

Even devices that were intented to be secure fail miserabely, so if it's your life, are you gonna trust the manufacturer?

Open source pacemker anyone? (1)

dietdew7 (1171613) | more than 2 years ago | (#38773804)

Who is with me on this? We could model it after the Arduino project.

Re:Open source pacemker anyone? (1)

drinkypoo (153816) | more than 2 years ago | (#38774014)

It seems a worthwhile subject for study. Problem is testing...

Re:Open source pacemker anyone? (2)

Opportunist (166417) | more than 2 years ago | (#38774180)

You're in luck, I know a lawyer who wants one.

Re:Open source pacemker anyone? (1)

drinkypoo (153816) | more than 2 years ago | (#38774326)

That solves the ethical issues, but raises its own problems of ambivalence.

FDA requirements (21 CFR 820) (5, Informative)

jbeaupre (752124) | more than 2 years ago | (#38773848)

It's called software validation and it's a pain in the ass. It's such a pain for medical devices that everyone avoids it unless absolutely needed. Which is why medicine is 10 years behind when it comes to electronics.

For a "quick" overview, here's a start: http://www.fda.gov/RegulatoryInformation/Guidances/ucm126954.htm [fda.gov]

thump (5, Funny)

Anonymous Coward | more than 2 years ago | (#38773852)

10 thump
20 thump
30 sleep 1s
40 go to 10

Re:thump (1)

NatasRevol (731260) | more than 2 years ago | (#38773918)

BUT WHAT ABOUT THE COMPILER'S BUGS!!!!

(laugh, it's funny and full of filter letters)

Yeah so.. take your time... (1)

ieatcookies (1490517) | more than 2 years ago | (#38773890)

I smirked just a little when I thought: wouldn't it be funny if her heart kicked it while she was "analyzing" the source code... I'm no lawyer (in fact I'm a software engineer) but I'd be getting that thing in my body pretty quickly if I needed it to survive.

Stallman and the EFF jumping in 3... 2... 1... (1)

Anonymous Coward | more than 2 years ago | (#38773916)

Don't blow it by making a pass at this poor woman, Richard.

Answering questions from TFA (4, Insightful)

Nidi62 (1525137) | more than 2 years ago | (#38773952)

How do we know the software works as advertised? How do we know it's secure?

Well, let's see, what is the failure rate of pacemakers? A quick Google search brought this result (http://www.post-gazette.com/pg/06116/685028-114.stm):

In one study, Dr. Maisel and FDA researchers analyzed reports that pacemaker and ICD manufacturers were required to submit to the federal agency between 1990 and 2002. During that period, more than 17,000 malfunctions resulted in removal and replacement with a new device, researchers found. Battery, capacitor or electrical problems accounted for half the failures. Thirty deaths were attributable to pacemaker malfunction and 31 deaths to malfunctions in ICDs. The annual replacement rate for pacemaker malfunctions decreased during the study period, from 9 per 1,000 implants in 1993 to 1.4 in 2002. But the ICD replacement rate, after decreasing from 38.6 in 1993 to 7.9 in 1996, increased in the latter half of the study, peaking in 2001 at 36.4.

So, there is a failure rate of 1.4 per 1000 in 2002, and half of those were related to hardware issues. Only 30 people ended up dying. This article (http://circ.ahajournals.org/content/105/18/2136.full) claims 3,000,000 people worldwide with pacemakers in 2002, with 600,000 implanted yearly. That means in 2002 .001% of people with pacemakers died. Assuming hardware failure accounted for half of that, then the chances of being killed by a software defect in a pacemaker is extremely small. So, I'd say it's safe to assume that the hardware "works as advertised".

Who will do the audit, and how? (1)

bradley13 (1118935) | more than 2 years ago | (#38773964)

Numerous questions:

- Do you suppose the patient actually has someone who can do the audit?

- Is it realistic to audit the code without understanding the hardware interface? Probably not, so...

- Are they also going to demand hardware documentation? Free support?

Really, the source code along is not going to buy them much. I wonder what's really going on here?

Re:Who will do the audit, and how? (1)

hedwards (940851) | more than 2 years ago | (#38774010)

You do realize that there are experts that you can hire, right. I'm not personally an expert in motorcycle crashes, but if I ever have one and need to sue, I'm going to hire an expert that knows a hell of a lot more than I do about that.

How about no? (0)

Anonymous Coward | more than 2 years ago | (#38773972)

No is the answer, no one forces her to use the product. If there is alternative, then use the alternative. Invent one, get a group of geeks to support you and invent one for you. It is her choice, sudden death and her family can sue the pacemaker company for millions (lawyer specialty, right?) or just die of natural cause of heart failure.

Don't argue that there is no alternative, because only handful of vendors produce it. She always has the alternative choice, die as her defect progress. I know it is a horrible burden with a time bomb strap in your chest (believe me, I knew, I had one strapped to my head) If not, come to term, you don't always know and able to control everything. I don't see her demand the entire life span history of her food. If her client demand her to produce her secret dairy before hiring her?

Yes, this make people hate lawyers, and I hate lawyers, particularly the one in congress, senate and white house. Those are the worse kinds.

Fair enough (0)

Anonymous Coward | more than 2 years ago | (#38773998)

The buyer is entitled to know exactly what he/she is buying.

Conversely, any buyer is entitled to try the product and/or returning it for a refund if found unsatisfactory. And this should include software, movies and songs.

After all, we're serious about protecting them by combating piracy (and everything remotely resembling it), then why shouldn't we be serious about protecting the customer as well?

Not even the FDA has audited the code yet (5, Insightful)

SgtChaireBourne (457691) | more than 2 years ago | (#38774020)

If you read the article or ones on the same topic from last year [tuxradar.com] , you'll find that the reason she is making the request is that not even the FDA has audited the code. It's just there.

Other embedded hardware has been found to be easily crackable and able to deliver fatal doses of medication [theregister.co.uk] . Someone has to audit the code, since the FDA is not doing it, Karen is making an issue of it. In these cases, there is no excuse for the code not being 100% open. People's lives hang in the balance.

Re:Not even the FDA has audited the code yet (2)

green1 (322787) | more than 2 years ago | (#38774228)

I must say I was shocked when I found out that the settings on these things can be modified wirelessly. While it's very convenient for the hospital to be able to make changes without surgery, it's also more than a bit worrysome from a security standpoint...

Why just software? (1)

trout007 (975317) | more than 2 years ago | (#38774036)

As a mechanical engineer I feel a little insulted. Why does the lawyer want the software code but not all of the design documents?

Special lawyer rights (4, Insightful)

loufoque (1400831) | more than 2 years ago | (#38774044)

It she weren't a lawyer, we wouldn't even be speaking about it.

It's funny how lawyers seem to have extra rights in our society. They can make demands, we cannot.

Re:Special lawyer rights (1)

Opportunist (166417) | more than 2 years ago | (#38774186)

Nonono, lawyers can't make those demands, they just make them, feeling entitled to making them.

Re:Special lawyer rights (1)

PolygamousRanchKid (1290638) | more than 2 years ago | (#38774358)

It she weren't a lawyer, we wouldn't even be speaking about it.

Is she weren't no lawyer, she wouldn't be able to afford one to litigate for her . . . or maybe she is litigating for herself . . .

Re:Special lawyer rights (0)

Anonymous Coward | more than 2 years ago | (#38774384)

Perhaps it never crossed your mind that you have the same rights as lawyers.
It is just easier and cheaper for them to ask in a way that demands an answer.

Modern pacemakers have WiFi built in. (5, Informative)

Vellmont (569020) | more than 2 years ago | (#38774100)

The summary is pretty bad, but one of the more salient points is that modern pacemaker/debrillators have Wi-Fi in them. Yes, WiFi. According the the recording, someone at defcon has already managed to hack into an insulin pump equipped with WiFi and been abe to manipulate the delivery rate (which could kill the patient). So the security concerns aren't completely unwarranted.

Demanding the source code is a bit silly. How many people are really going to be able to review the source code for a pacemaker/debriliator? Very very few. Even if they do, there's a hell of a lot more to a pacemaer/debrillator than the software, so why is it just the software that's her concern?

A more sane approach would be demanding the software follow basic security rules like not allowing the wi-fi connection to ever change anything in the medical device. (It's supposed to be a reporting mechanism so the doctor can follow the progress of the patient). I can't believe she has anylegal grounds to demand source code, so this is a fight for the minds of the public rather than a legal one. Demanding source code is a bit silly since most of the public doesn't even understand that there is such a thing as source code. The public is by now very aware of security problems and hackers, so ensuring that the wi-fi is read-only would be an easier battle to win.

Re:Modern pacemakers have WiFi built in. (0)

Anonymous Coward | more than 2 years ago | (#38774278)

According the the recording, someone at defcon has already managed to hack into an insulin pump equipped with WiFi and been abe to manipulate the delivery rate (which could kill the patient). So the security concerns aren't completely unwarranted.

This is false and was vastly overblown by media all over the internet.(unless it's a different story and you have a source). Someone made a white paper saying "OMG the pump uses RF Signals! Someone could do something with that!"

Re:Modern pacemakers have WiFi built in. (1)

Vellmont (569020) | more than 2 years ago | (#38774346)


Someone made a white paper saying "OMG the pump uses RF Signals! Someone could do something with that!"

It's a little bit more than that. The lawyer was wrong about the wi-fi, it's a proprietary protocol. But from the abstract the hack was quite a bit more than writing a white paper and mentioning the device uses RF. I found the abstract from Defcon, which reveals some more details:

Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System

As a diabetic, I have two devices attached to me at all times; an insulin pump and a continuous glucose monitor. This combination of devices turns me into a Human SCADA system; in fact, much of the hardware used in these devices are also used in Industrial SCADA equipment. I was inspired to attempt to hack these medical devices after a presentation on hardware hacking at DEF CON in 2009. Both of the systems have proprietary wireless communication methods.

Could their communication methods be reverse engineered? Could a device be created to perform injection attacks? Manipulation of a diabetic's insulin, directly or indirectly, could result in significant health risks and even death. My weapons in the battle: Arduino, Ham Radios, Bus Pirate, Oscilloscope, Soldering Iron, and a hacker's intuition.

After investing months of spare time and an immense amount of caffeine, I have not accomplished my mission. The journey, however, has been an immeasurable learning experience - from propriety protocols to hardware interfacing-and I will focus on the ups and downs of this project, including the technical issues, the lessons learned, and information discovered, in this presentation "Breaking the Human SCADA System."

Re:Modern pacemakers have WiFi built in. (0)

Anonymous Coward | more than 2 years ago | (#38774282)

Former Vice-President Dick Cheney has an implantable defibrillator in his chest. I don't know if it's wi-fi capable, but you can sure as hell bet the software of the device was reviewed by someone in the government. If I were to need one, I'd want the model Cheney has.

Re:Modern pacemakers have WiFi built in. (1)

mkremer (66885) | more than 2 years ago | (#38774398)

So you are saying if the doctor needs to make a adjustment to the operation of the device based on the data downloaded from it they should need to preform surgery instead of using the wireless interface?

Re:Modern pacemakers have WiFi built in. (1)

oztiks (921504) | more than 2 years ago | (#38774400)

But the argument can be made for a lot of things, recently Russia hacked a US UAV and was able to land it. Does that mean passengers of commercial airliners can request code audits on the planes because they transmitt RF? Or home wifi's, does that mean buying a wireless modem gives you code access ....

Closed source intellectual property should be given some protection.

Maybe my opinion on this is one sided because I sell property code that I've written to customers knowing that if having source access denied me money for over 5 - 7 years or development, research and my own personal sacrifices.

I believe open source has it's place, it belongs to the academics and people who have the time to do things purely for passion and the love.

As for pacemakers the software can bug out, the little pump or whatever, motor or any of the little bits within the device could fail. What this person should do is invest in knowing fall over processes, choose a product that hosts a DR approach (keeping in line with the software spirit of things).

All this screams to me is the arrogance of one person thinking they are better than the professionals at their jobs. She would have to be some down right prodigy to be able to see into the code and make such insightful judgements and then what pose them as valid?

Secure? (0)

Anonymous Coward | more than 2 years ago | (#38774298)

Really? Last time I saw anything on a pacemaker, it had no communications interface. That's as secure from intrusion as you can get. You want to stop someone from tinkering with it physically, don't let them cut your chest open.

Sigh... (1)

Anonymous Coward | more than 2 years ago | (#38774354)

As someone who works in the industry, this is all very silly. If you look at the complication rates and failure mechanisms published by the companies, you'll see that software bugs are not what this woman should worry about. The weak link the system is the wire that connects the device to the heart (the lead). They tend to dislodge from their intended location, and fatigue due to the heart's beating (400 million cycles in ten years). In fact, she's should audit the hospital's sterile procedures. She's more likely to get an infection at the implant site. It's like this: you might want want to audit your iphone's OS before you buy it, but you're more likely to break your phone by dropping it on the ground.

Even if she wants to hire an expert to review the code, good luck. Each of the three major companies has unique algorithms anyway. You'd have to find a retired or disgruntled former engineer that worked at the company in question. No one else is going to understand whether the device's auto-capture algorithm has been implemented in a reasonable way.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?