Wednesday, October 12, 2011

Secret code could kill you

Karen Sandler knows the importance of open source software. That's why, when she was told she needed an implantable defibrillator to save her life in 2009, she immediately thought to ask 'what software runs on it and can I examine the code?"  You might think that would be a no-brainer. Why would companies prevent people who are going to put something that might kill them in their bodies, from seeing the software that controls those devices? But that's exactly the situation Sandler found herself in when she began calling defibrillator manufacturers and asking them to 'show her the code'.

The situation is not uncommon at all. No implantable medical device (IMD) manufacturers anywhere in the world make the code that runs their devices available for public view. They cite a number of reasons for that behavior from 'trade secrets' to 'liability' but it all ends up the same: you have to trust that a device that could kill you was programmed perfectly.

Of course, we know that no software is perfect and there are no perfect programmers. In fact, IMD's have killed people in the past by doing things like delivering excessive shocks to people who were not in need of them or not delivering shocks or other functions when they were.  The Software Freedom Law Center (Sandlers ex employer) even has a report about the issue and how big of a problem proprietary software on IMD's really poses.

The bottom line is this: if you are to put something in your body, do you have a right to know everything about it? Is it reasonable for manufacturers to put your life up for grabs with their flippant 'trust us, we've tested it' mentality or should you expect, and demand, more? Karen Sandler believes she knows the answers to those questions and, by the end of this video, I believe you will to.

No comments: