A cyborg's journey

Karen Sandler has been giving conference talks about free software and open medical devices for the better part of a decade at this point. LWN briefly covered a 2010 LinuxCon talk and a 2012 linux.conf.au (LCA) talk; her talk at LCA 2012 was her first full-length keynote, she said. In this year's edition, she reviewed her history (including her love for LCA based in part on that 2012 visit) and gave an update on the status of the source code for the device she has implanted on her heart.

Sandler is the executive director of the Software Freedom Conservancy (SFC); she is also a lawyer, but "I do all of my legal work for good now", she said with a chuckle. She does pro bono work for FSF and the GNOME Foundation, for example. She asked how many in the audience had attended LCA 2012 in Ballarat, which turned out to be around one-third (interestingly, the number of first-time attendees was nearly the same).

Ballarat

In the 2012 keynote, she said that she literally has a big heart—three times the size of a normal person's heart. She was diagnosed with this when she was 31 and it meant that she had a 2-3% chance per year of just suddenly dying from a heart malfunction. That led her to get a pacemaker/defibrillator implanted in her heart; it is there to shock her heart if it ever goes into a dangerous rhythm.

When she was preparing to have the device implanted, though, she started asking questions of her doctor about the software that ran on the device. That was something of a culture clash since the doctor had implanted thousands of these devices and no one had ever asked about the software. She was nervous about becoming a cyborg and definitely was not comfortable with having proprietary software in her body.

That event changed the course of her career, Sandler said, because it led her to research software and to realize that free software, over time, has a chance to fix the bugs that all software has. She spoke about all of that in her Ballarat keynote, but she was incredibly nervous because she was not used to talking about her medical problems in front of so many people. However the LCA community "was so supportive"; she believes that particular talk "made my career". To this day she calculates the dates of other major life events by using that keynote as the epoch.

That talk helped people understand why she is passionate about free software; it also helped them grasp why software freedom is important. Without free software, we won't have control over our critical technology. Her story causes the audience to feel vulnerable, which makes it easy to extend the idea beyond medical devices to, say, cars. It is a way to get the message across in a way that most people can relate to; she likes to think of it as "a great printer story".

Since she gave that talk, people would come up and ask her whether she had ever been able to get the source code for her device. The second most popular question was about how it felt to be shocked, she said with a grin. She had asked everyone she could think of for their help in getting the source code and was willing to sign a non-disclosure agreement (NDA) with the device maker, but it didn't go anywhere. She felt helpless and frustrated when people asked about it.

Cyborg

So she channeled her energy elsewhere, into SFC and trying to "create an environment where software freedom can flourish". Her defibrillator is just one example of why it is important. She calls herself a "cyborg" in a "somewhat cheeky way", but we are all in the process of becoming cyborgs or at least knowing others who are. The definition of "cyborg" is "incorporating technology into your body", which covers a lot of ground. The line is rather blurry and could potentially incorporate things like language (a kind of technology) or devices as prosaic as glasses.

SFC is a charity that provides an organizational home for 46 different free and open-source software projects. She specifically pointed to Homebrew, which is under the SFC umbrella, to the many Mac-using attendees. "It is a starting point and next year you will be using GNU/Linux", she said to applause. Beyond that, SFC oversees the Outreachy diversity program that provides internships for people from groups that are traditionally under-represented in the tech world. SFC also represents a coalition of Linux kernel developers to enforce the GPL; it does the same service for its member projects.

Meanwhile, though: "Hey, did you ever get the source code to that thing in your heart?", she said, returning to the theme (and part of the title) of her talk. After failing to get the source code, she started networking with members of the security and medical device communities. She participated in getting a DMCA exemption so that researchers could study and report on security problems in medical devices. Before that exemption, it was potentially a criminal act (in the US at least) to test the safety of your own device. And, as she said in Ballarat, these devices are the worst of both worlds: they have software that no one can review and they are doing wireless communication with little or no security. The DMCA exemption was a concrete result from her efforts, which was gratifying.

At the same time, however, there were more and more published vulnerabilities against medical devices. When she first started advocating for free software on these devices (or at least to be able to review the code under an NDA), "people looked at me like I had two heads". One electro-physiologist called her a "conspiracy theorist" for saying that these kinds of devices had vulnerabilities. She made the mistake of pointing out that many of those who have these devices are older politicians and that, if someone wanted to do a mass attack on them, she (and others) might be collateral damage. The doctor said he would help, but thought there was something wrong with her. She is now on electro-physiologist number five, she said with a chuckle.

But once these vulnerabilities became more public and the medical device makers started taking security a bit more seriously, it was easier to talk with doctors and others about the problem. She mentioned several high-profile vulnerabilities like the flaws reported by investment firm Muddy Waters in St. Jude Medical cardiac implants; Muddy Waters drew attention to the problems by short-selling St. Jude stock. By way of contrast, Johnson & Johnson alerted its customers to a vulnerability in its insulin pumps; the company hired one of the security researchers she has worked with to fix those vulnerabilities and get those fixes out to users.

Another set of vulnerabilities came from Barnaby Jack, who is famous for "jackpotting" ATM machines; his flair for presentation helped popularize pacemaker and defibrillator vulnerabilities to the point they started ending up as part of the plots of television shows. Once that happened, she said, it brought the problem to the attention of more people and "lit up the pacemaker forums".

She had written an academic paper on the subject in 2010, but did not mention that she was someone who had an implanted device. When she posted it anonymously to the pacemaker forums, people there claimed that the authors were just trying to scare people who had these devices, since they didn't know what it was like to have to rely on them. She adamantly did not want people to know that she had a medical condition, but she started to realize that she would need to start personalizing the problem, which eventually led to the talk in Ballarat. In addition, Jack emailed her to say that he had seen one of her talks, which caused him to focus on medical devices—an outcome that helped further raise awareness.

After the vulnerabilities made it onto TV, it was much easier to talk to representatives of the medical device makers, for example. Even lawyers were now paying attention, so the in-house counsel for these manufacturers were much more willing to talk with her. It became clear that things had changed and that the device makers were rethinking their risks; in part, they were worried that a judge would see studies showing that free and open-source software is better and safer, which might affect judgments and the like.

Life

She thought she had everything figured out, that things were moving in the right direction, and that she was basically done. She felt like her story was not going to change, she just needed to repeat it; her relationship with her medical device was not going to change. But, then, "life happened"; she got pregnant and at one point was anxious (about the future of free software, actually, she said sheepishly). That led to her getting shocked by her defibrillator—twice. She went to the emergency room and the doctors were completely "freaked out". It turns out that doctors do not want a pregnant woman to get shocked even once.

That made for a great time to advocate for software freedom, Sandler said with a laugh. She talked to around 40 doctors that night about software freedom. It is normal for pregnant women to have heart palpitations that would trigger the device—25% do—but the subset of pregnant women that have a defibrillator is tiny. Most are implanted in those over 65 and less than half are for women. In the tests of her device, 18% of the subjects were women and none were pregnant. That makes sense, but her needs were not met.

Medical professionals did not want her getting shocked and neither did the device makers. They would like to fix the problem, but it stems from a temporary condition that is relatively hard to test for. In her case, her doctors gave her drugs to slow her heart down—to the point she could barely walk up a flight of stairs—in order to stop her device from shocking her.

She started to wonder about other things in her life that may not have been anticipated by her device maker. There is no ill will involved, she said; if the device maker could have incorporated her pregnancy parameters into the device, it would have, but pregnancy just wasn't on their radar. What other factors play into the functioning of our software that may not be anticipated by its makers? Maybe the user is not in the geographic area that was planned for, not speaking a language that is supported, or is not in the anticipated age range. She could have this device for 15 years or more and she was not filled with confidence that changes over that time are properly being handled since she was inappropriately shocked simply for being pregnant.

There is a question about who we want to be the gatekeepers for our software. She wants to have a say in that. For example, she would like to be able to gather pregnant women who have a defibrillator and put them together with a medical professional to study and perhaps modify the algorithm in the device. She wants that option; with proprietary software, she doesn't have it.

Rules

There is a balancing act, though. With free and open-source software, we have constructed a vibrant ecosystem where there is give and take with the commercial actors in that space. We can't succeed in our goals without corporate involvement. The early licensing regimes that we established, though, set clear boundaries between community and companies. It allowed us to set rules for the ways that companies could participate but still give the community some control.

There are many different licensing regimes and they work in different situations; there is no "one licensing approach fits all". But with copyleft, we set the rules in a particular way. If we do not get the complete source and the installation scripts, what can we do when things go wrong?

This idea of setting ground rules for company involvement is something that we have lost sight of, she said. We got so excited when companies got involved with free software; we got jobs (three-quarters of the audience has a job where free software is a critical part of it). But we have more ability to set the rules than we think we do. For example, developers can ask prospective employers to hold their own copyrights in their contributions to free-software projects; it may not be something to hold out for, but even just asking will help companies get the message that talented technologists care about it.

It is important to remember that short-term corporate interests are not always aligned with long-term community interests, or those of society. As technologists, we have special knowledge that companies need to build their products. That gives us leverage to talk to management about the long term. Most people want to be a good person, she said, so if you explain it in those terms, a lot of managers and lawyers will do the right thing.

With companies, or anyone really, if you give an inch, they will take a mile, Sandler said. When we give more control to companies in our communities, they take it. It is "very hard to walk it back", so if you are starting a new project or initiative, and are looking at the governance structure, offer a little bit less. Companies will work within established structures but it is hard to take back power that has been ceded.

Beeping

Recently Sandler started beeping at 1:10pm every day. It was the battery in her defibrillator, which was supposed to last a lot longer but had run down due to the shocks it administered. That meant it needed to be replaced.

She went to her doctor with a bunch of demands: a data dump from the old device, the device itself for her to play with, and for the new device to have its wireless communications disabled. Her old device did not have wireless, but her doctor said that was not possible with the new devices.

Suddenly she was worried that she would have to change her career. She has gotten threats because of her work with the Outreachy diversity program, so the idea that the device attached to her heart would be broadcasting wirelessly with no security "was just too much". She started to cry in the doctor's office and tried to explain the risk from a wireless-enabled defibrillator; it would mean that she had to change her entire life, she said.

The doctor agreed that it should be possible to disable the wireless piece of the device and suggested that they call each of the manufacturers. She spent lots of time with the nurse-practitioner calling them; most said "no", one said "yes" and then "no", and one would not talk on the speaker phone so they required the nurse-practitioner to relay all of the information. One manufacturer, BIOTRONIK, said that it did not have the ability to disable the wireless, but that she should not worry since its devices were "hack proof" because they had never been shown to be vulnerable. She suggested the company donate a few devices to be tested, but "they said 'no'".

Just as she was getting ready to leave the office, the doctor remembered a European company. That company turns out to have one device where wireless can be disabled. Communication with that device is done through magnetic coupling, which requires touch-distance. So she initially went in with "guns blazing" to get the source code for her device, but ended up simply asking that she did not broadcast to the world.

Sandler started to run a bit short of time for her talk (at least partly due to a few technical glitches along the way) so she picked up her pace a bit. She reiterated that LCA has been an important part of her story, her career, and her ability to advocate for software freedom. It is difficult to do that advocacy; either people do not understand software freedom or they are looking for an angle to monetize it. The idea that it is worth spending your time on the non-profit side is something that people are skeptical of, Sandler said. We cannot completely avoid proprietary software, but we can make our choices thoughtfully and try to find free alternatives. If we can consume more free software, it will mean that we are more likely to have alternatives to proprietary software that the non-technologists among us will be able to use.

LCA is a "magical conference" that helps her remember that there are people out there who care. In Hobart, Tasmania at LCA 2017, she and her SFC colleague Bradley Kuhn agreed that when they got low during the year, they would just say "LCA 2017" to each other to remember the conference and pick up their spirits. It is important to have a place where the important issues can be discussed, even if they are not agreed upon, and in venues that are not completely dominated by corporate interests. Unlike most conferences these days, LCA is that kind of place.

Returning to the theme, "hey, did you ever get ...", she said that she has more hope these days. She is dealing with a small European company that is trying to make inroads into the US market, so she has some leverage. She is a bit famous with some people regarding this topic, she knows medical device researchers, and she has more information than she ever did before. People often ask what she would do if she could go back in time and, besides getting Bitcoin, she would tell herself that she could actually make some change in this area. "This is the future we are building for ourselves", she said, our "future cyborg selves". Free and open-source software gives us an ability to make it a future that we want to have.

A YouTube video of the keynote is available.

[I would like to thank LWN's travel sponsor, the Linux Foundation, for travel assistance to Sydney for LCA.]