Skip to main content

'Devices based around software we can't control? It's terrifying'

Karen Sandler
Karen Sandler is the Executive Director of the Gnome Foundation
Audio player loading…

A cyborg gnome conjures up images of a garden ornament wielding a phased plasma rifle in the 40 watt range, so we're looking forward to meeting Karen Sandler, executive director of the Gnome Foundation and self-professed cyborg lawyer.

What followed was a journey through Gnome 3, security flaws in medical implants and why people shouldn't be jerks online.

Linux Format: I saw your presentation on closed source medical software from two years ago, in which you were talking about proprietary software used in medical implants. The intellectual case for free software there is unanswerable.

Karen Sandler: It was really weird to experience personally, being a lawyer at the Software Freedom Law Center; finding out that I needed this device, then finding out that it was based on proprietary software. Over the course of evaluating whether to get this device and having the magnitude of all of that sink in, I realised that it's not just my medical device; it's not just our lives that are relying on this software: it's our cars, and our voting machines, and our stock markets and now our phones in the way that we communicate with one another. We're building this infrastructure, and it's putting so much trust in the hands of individual corporations, in software that we can't review and we can't control. Terrifying.

LXF: Had you only just got the heart device when you found out that it contained this mystery software?

KS: I found out when I was 31 that I had the heart condition, and then it took me a whole year of struggling with the idea of whether I should get this device. First of all figuring out whether I needed one, getting doctors' opinions and then getting second opinions, and I kept putting it off. I took a whole year, and I finally decided I would get the device.

And then it took me a whole other year to do the research, because every time I read about the failures of these medical devices it affected me so personally. Reading about the failed insulin pumps other software failures on medical devices, people who got lethal doses of insulin… I would start working on it and then have to put the research away, and come back and start again. It took a long time because it was a very emotional issue for me.

LXF: Was that because of a bug?

KS: There were multiple reasons why the insulin pumps failed, one of which was that it was unclear which field was minutes and which was hours for the dosage time, and so people were setting minutes when they thought they were setting hours for the dosages.

I don't know whether you've read about this, but there's a guy called Barnaby Jack, who has done some really cool research in showing how vulnerable these devices are, and he has demonstrated that with an iPhone in a public place you can identify people with insulin pumps and pacemaker/defibrillators and in both cases can deliver a lethal result. I actually have an older device, because I was so freaked out about this. [Note: Barnaby recently died unexpectedly. You can read Karen's Gnome blog comment about it here].

Karen Sandler interview

LXF: It's pretty crazy that you can interfere with someone's heart by Wi-Fi.

KS: I was so freaked out about this. I kept trying to talk to doctors about it and they wouldn't listen to me, or they just didn't know how to handle the conversation with me. I had one electrophysiologist who I talked to who just hung up the phone on me.

I said that I can imagine that there are classes of people who might be attacked in this way. Think of the people who have these devices: people who have access to really fine medical care. What percentage of our politicians, or our judges, or other people in positions of power have these devices? Dick Cheney had one of these devices. It's not that hard to think about targeting, sending out a signal… so he hung up on me.