I want to know what code works in my body
Marie Moe is a cyborg operating on closed software that she cannot trust. She wants to change this situation.
At the age of 33, Marie Moe [Marie Moe] learned that her heart could let her down at any moment. She worked as a computer security specialist in Norway. Marie discovered that she has a fairly common heart disease that interrupts the normal pulse and she needs to install a heart stimulator. Surgical intervention was quick and without complications. Within a few weeks, she was able to withstand a trip to London to attend courses on ethical hacking.
')
She felt good until she began climbing the stairs of Covent Garden, one of the deepest stations of the London subway. Suddenly something happened to her heart. “It seemed to me that I was dying,” she says. - It was a terrible feeling. I could not breathe and did not understand what was happening. ” In Norway, only a few months later, cardiologists found out what happened: the pulse rate limits in the stimulator were set incorrectly, and when it overstrained, the safe mode started, sharply dropping the rate of contraction of the heart muscle from 160 to 80 beats per minute.
Why did this happen and why did they figure it out so long? She is not sure, but she got access to her own medical records and saw notes there indicating that the programmer used to set up the stimulator either had the interface not working properly or there were errors in the program.
She continued to understand the situation, found instructions for her stimulator on the Internet and learned that her device has the ability to remotely observe parameters. From the point of view of a computer security specialist, wireless communication was another method of malicious influence on a device.
Then she bought a programmer for heart stimulators via the Internet and, together with other hackers, found out that it can be used to update the code on her implant. But she did not crack her own device - basically she was worried about the fact that she trusted her heartbeat to someone else’s code, which can be updated even without her knowledge. “I want to know which code works for my body,” she says. “If someone wants to change it, I want to be able to make an informed decision.”
Now, when there is no problem with the device program, its heart is full of energy; she even ran a half marathon last year. Mo says that her plans are definitely not going to scare people away from installing heart stimulants. But she wants to change the code handling for such devices. It is now closed, and there is no easy way for security experts to test and examine it. “Medical devices are black boxes,” she says. “You can’t look into them, there’s no transparency, we don’t know how they work.”
Boston lawyer and open source advocates Karen Sandler had a similar story. She has a common hereditary defect called “ hypertrophic cardiomyopathy ” and her heart may not work properly, producing an arrhythmia that can lead to an accident. She wears an implantable cardioverter (ICD defibrillator), which, unlike a heart stimulator, turns on only if it is needed to be removed from the arrhythmia with an electric shock. Recently, he mistakenly turned on twice, and once at the moment when she was pregnant. Pregnancy can affect changes in the rhythm of the heart, and the device interpreted them as a threat. Like Moe, Sandler wants to be able to study the code that controls her device, look for bugs in the program and vulnerable to hacking, but cannot. “I don’t have access to the sources, so I can’t do anything about it,” she says. In her opinion, this is an obvious example of a problem that often arises in modern life: closed software is necessary for daily survival and still it is often closed by copyright laws from public scrutiny and discussion.
In fact, access to the code or encrypted data may violate the rights of the manufacturer, according to the Digital Millennium Copyright Act, also known as the Napster Act. In 2014, a computer law course at the Stanford Internet Center and Society addressed the case of Sandler and three other data dissidents: Hugo Campos , raising public movement to gain access to data collected by his ICD, security consultant Jay Radcliffe, engaged in insulin pump vulnerabilities and engineer Ben West who suffers from type I diabetes, who was able to independently figure out the work of his glucose monitoring device and implant his insulin pump for improved Ia own treatment. His story with fanfare touched the masses of ordinary people from the DIY movement, whose children have diabetes.
In October, the group achieved the introduction of a temporary exemption into the DMCA law. Their projects and the like can potentially change the whole picture, says Andy Sellars from computer law courses that led the petition. Recall what researchers at the University of West Virginia were able to do with Volkswagen: “One person here can make big changes.”
Among the DMCA's fours, Campos one is not an engineer - he just wanted to get access to the information collected by his ICD in order to understand what could lead to the appearance of heart irregularities. Like Sandler, he has hypertrophic cardiomyopathy and wants to conduct a comprehensive analysis in order to find a connection between his activities (sleep, drinking coffee, dancing) and attacks of arrhythmia so that he can avoid them. His ICD constantly monitors the work of the heart and sends information wirelessly to the manufacturer, Medtronic. But when he asked the company for access to this information, the answer was no. Campos supposedly has to ask his doctor - but which doctor will have time to do such an analysis?
Instead, he went through training courses for cardiology engineers, bought himself the same device for interviewing a stimulant that they use and he figured out everything himself. To his disappointment, it turned out that whiskey became one of the factors causing the attacks, after which he tied it up with its use.
In the process, Campos turned into an activist who advocates simplifying access to any data for all who need it. “You get data from my pacemaker, for which I paid, which is implanted in my body, from the most intimate version of technology that you can imagine - and I am denied access to it? It shocked me to the depths of my soul, ”he says. “This is completely wrong.”
At the age of 33, Marie Moe [Marie Moe] learned that her heart could let her down at any moment. She worked as a computer security specialist in Norway. Marie discovered that she has a fairly common heart disease that interrupts the normal pulse and she needs to install a heart stimulator. Surgical intervention was quick and without complications. Within a few weeks, she was able to withstand a trip to London to attend courses on ethical hacking.
')
She felt good until she began climbing the stairs of Covent Garden, one of the deepest stations of the London subway. Suddenly something happened to her heart. “It seemed to me that I was dying,” she says. - It was a terrible feeling. I could not breathe and did not understand what was happening. ” In Norway, only a few months later, cardiologists found out what happened: the pulse rate limits in the stimulator were set incorrectly, and when it overstrained, the safe mode started, sharply dropping the rate of contraction of the heart muscle from 160 to 80 beats per minute.
Why did this happen and why did they figure it out so long? She is not sure, but she got access to her own medical records and saw notes there indicating that the programmer used to set up the stimulator either had the interface not working properly or there were errors in the program.
She continued to understand the situation, found instructions for her stimulator on the Internet and learned that her device has the ability to remotely observe parameters. From the point of view of a computer security specialist, wireless communication was another method of malicious influence on a device.
Then she bought a programmer for heart stimulators via the Internet and, together with other hackers, found out that it can be used to update the code on her implant. But she did not crack her own device - basically she was worried about the fact that she trusted her heartbeat to someone else’s code, which can be updated even without her knowledge. “I want to know which code works for my body,” she says. “If someone wants to change it, I want to be able to make an informed decision.”
Now, when there is no problem with the device program, its heart is full of energy; she even ran a half marathon last year. Mo says that her plans are definitely not going to scare people away from installing heart stimulants. But she wants to change the code handling for such devices. It is now closed, and there is no easy way for security experts to test and examine it. “Medical devices are black boxes,” she says. “You can’t look into them, there’s no transparency, we don’t know how they work.”
Boston lawyer and open source advocates Karen Sandler had a similar story. She has a common hereditary defect called “ hypertrophic cardiomyopathy ” and her heart may not work properly, producing an arrhythmia that can lead to an accident. She wears an implantable cardioverter (ICD defibrillator), which, unlike a heart stimulator, turns on only if it is needed to be removed from the arrhythmia with an electric shock. Recently, he mistakenly turned on twice, and once at the moment when she was pregnant. Pregnancy can affect changes in the rhythm of the heart, and the device interpreted them as a threat. Like Moe, Sandler wants to be able to study the code that controls her device, look for bugs in the program and vulnerable to hacking, but cannot. “I don’t have access to the sources, so I can’t do anything about it,” she says. In her opinion, this is an obvious example of a problem that often arises in modern life: closed software is necessary for daily survival and still it is often closed by copyright laws from public scrutiny and discussion.
In fact, access to the code or encrypted data may violate the rights of the manufacturer, according to the Digital Millennium Copyright Act, also known as the Napster Act. In 2014, a computer law course at the Stanford Internet Center and Society addressed the case of Sandler and three other data dissidents: Hugo Campos , raising public movement to gain access to data collected by his ICD, security consultant Jay Radcliffe, engaged in insulin pump vulnerabilities and engineer Ben West who suffers from type I diabetes, who was able to independently figure out the work of his glucose monitoring device and implant his insulin pump for improved Ia own treatment. His story with fanfare touched the masses of ordinary people from the DIY movement, whose children have diabetes.
In October, the group achieved the introduction of a temporary exemption into the DMCA law. Their projects and the like can potentially change the whole picture, says Andy Sellars from computer law courses that led the petition. Recall what researchers at the University of West Virginia were able to do with Volkswagen: “One person here can make big changes.”
Among the DMCA's fours, Campos one is not an engineer - he just wanted to get access to the information collected by his ICD in order to understand what could lead to the appearance of heart irregularities. Like Sandler, he has hypertrophic cardiomyopathy and wants to conduct a comprehensive analysis in order to find a connection between his activities (sleep, drinking coffee, dancing) and attacks of arrhythmia so that he can avoid them. His ICD constantly monitors the work of the heart and sends information wirelessly to the manufacturer, Medtronic. But when he asked the company for access to this information, the answer was no. Campos supposedly has to ask his doctor - but which doctor will have time to do such an analysis?
Instead, he went through training courses for cardiology engineers, bought himself the same device for interviewing a stimulant that they use and he figured out everything himself. To his disappointment, it turned out that whiskey became one of the factors causing the attacks, after which he tied it up with its use.
In the process, Campos turned into an activist who advocates simplifying access to any data for all who need it. “You get data from my pacemaker, for which I paid, which is implanted in my body, from the most intimate version of technology that you can imagine - and I am denied access to it? It shocked me to the depths of my soul, ”he says. “This is completely wrong.”
Source: https://habr.com/ru/post/396939/
All Articles