Software that your life depends on should be required to respect the four software freedoms (run, study, copy, modify). If the four freedoms don't apply in the context of your own bodily autonomy, where else could they be more important?
(Consider the inverse: Parts of your own body are not your property but are merely licensed to you, and the license can be modified or withdrawn at the pleasure of the licensor)
Legislation might be required.
(edit: this would not be without precedent. Copyright and Patents are very limited when it comes to life essentials in general, such as recipes for food or designs for clothing.)
2 cents :
But then there should be a contract between the user who gains the ability to read/modify the software, discharging the software company in case the user causes a bug resulting in a health problem or even worse.
Or something like that I suppose.
> If the four freedoms don't apply in the context of your own bodily autonomy, where else could they be more important?
I’ve got bad news unfortunately. Bodily autonomy has never really been all that free in practice for the last few thousand years at least. We’re making some progress at least.
The rules are different for parents. It's almost universally agreed that (at least once born) a child's needs are more important than parents' freedom.
> (Consider the inverse: Parts of your own body are not your property but are merely licensed to you, and the license can be modified or withdrawn at the pleasure of the licensor)
This has been pretty much a cyberpunk trope since Neuromancer. Nice job making the dystopia reality, capitalism.
I have an ICD (implanted cardioverter-defibrillator) to save my life if my heart stops.
I was also given a proprietary box that sits at home, reads data from it and sends it to my cardiologist over a cellular network, on demand. As part of periodic remote checkups I'm supposed to sit next to it, press the button, which causes it to read data and send any abnormal heart rhythms it detected (via cellular network), whether it treated it (via a shock, in which case I would have known anyway) or whether the abnormal rhythm resolved itself with no treatment (in which case it's worth it that they check out what it picked up). I have to do this about 2-4 times a year.
Every time I hit the button I'm charged $200. Even if there are ZERO events. 90%+ of the time there are zero events.
There is NO interface provided to me where I can read the data directly. There is no way for me to read the device on my own, see zero events, and inform my cardiologist that there are no events and that there is nothing new to diagnose.
I hate this medical system. The device is great for saving my life but I want access to read its data without being charged.
No, if it was illegal he'd have access to his data. I'm not saying medical equipment should be illegal.
And to be clear, I wasn't saying he should have refused treatment. I was saying I wish more programmers would refuse to help develop exploitative software like this.
It might not have even been the programmers of the device that chose to do this. It was very likely some manager somewhere who saw the dollar signs when they realized they could collect rent.
If you had a good doctor that liked da Vinci robotic surgery, versus another one that did raven II would that factor more than the reputation of the doctor? Programmers who make life saving software are good in my opinion, even if the company they work for wants to make money.
I think we should strive for the best features, and also be grateful for "fascist trailblazers". Shockley was known to be an awful boss but our transistors started there and we are better off for it. Body warming methods were created by Nazi scientists experimenting unethically. These are the 2nd step, at least the profiteers show it's doable and the drive for profit made it in the first place.
I would argue that the discoveries would have happened anyway sooner or later even without unethical assholes. And for every example of a step of progress accelerated by them there is an example of a step of progress held back by them.
We do not need the monsters to make progress. Don't try to justify their inexcusable actions in some myopic utilitarian way.
Stanford Healthcare charges me for "general classification" just for a nurse to open up their computer and see that there are zero events.
Boston Scientific, the device maker, does not have an interface for patients, they only send data to hospitals directly.
I'm not currently willing to switch to a different ICD because Boston Scientific's ICD has successfully saved my life 3/3 times in out-of-hospital situations and 2/2 times during in-hospital testing where they induced ventricular vibrillation in controlled testing and I'd rather not risk trying something different. Insurance wouldn't pay for an extra surgery deemed unnecessary, anyway.
I could switch healthcare providers, but I'm not sure if the others in my area are better at cardiology.
> Stanford Healthcare charges me for "general classification" just for a nurse to open up their computer and see that there are zero events.
Okay so having access to the data wouldn't change a thing, surely you'd be charged even more if you wanted to talk directly to the cardiologist to do a report yourself, as you said?
> inform my cardiologist that there are no events and that there is nothing new to diagnose
Quality of life critical software should be ensured by FDA certification. Homebrew modifications of that software, even in the name of “freedom”, risks the patient’s life and health and should be illegal if uncertified.
In EU (and probably elsewhere), there are strict rules for the stability of power wheelchair. One such rule is "On a incline of x% (x chosen by the manufacturer), pushing for max speed from stop should not lift the front wheels"
To achieve that, the max acceleration must be quite low (software controlled), and the whole experience is sluggish, like trying to steer a car by pulling on rubber bands attached to the wheel.
From the moment I found a way to overcome this, I never went back. I know that I can hurt myself if I do something stupid, but I prefer this hypothetical risk instead of cursing 100 times a day because I cannot move how I want. It has been 10 years and I never got hurt.
I understand that such "high" risk device cannot be sold, but forbidding someone to change this is like inflicting a second handicap on him.
I suppose we all have, or should have, the right to try stupid things. Sometimes experience and competence are more important than 100% safety. Your comment made me realize how limiting it would be to be physically incapable of taking even the smallest risk.
That is a very poor regulation. Why enforce wheel lift? What matters is that the chair doesn't tip over - that the center of gravity remains in the center of the four wheels.
> Homebrew modifications of that software, even in the name of “freedom”, risks the patient’s life and health and should be illegal if uncertified.
The official modifications of that software — in the name of "profit" — are currently risking the patient’s life and health, and therefore should also be illegal by your logic.
Surely you must also support effective (ie harsh/deterrent) prosecution and punishment for these crimes as well, correct?
I think this is the key part of the comment - yes, uncertified changes by anyone could feasibly be illegal. The FDA or similar should probably do code reviews.
What if you fix a bug in your own pacemaker? Would it be ok to:
a) Fine you?
b) Jail you?
c) Force you to revert the change? (plausibly leading to death in an extreme case)
[edit: I do agree that there's a chance that making a 'fix' to your own pacemaker might also make it worse. In which case, who do we trust more? The person on the ground with a stake in the matter (however misinformed), or $government_official with no stake in the matter (however well informed).
I don't think that scenario is particularly tricky. If you modify someone else's pacemaker, it's a tricky question, even with their consent. If you modify your own, absolutely nothing should stand in your way beyond a nice big notice saying "danger of death,on your head be it". That is, you should have the same freedom to screw with your own personal medical devices that you have to climb out of your own fourth floor window.
People have a right, albeit not enshrined in law, to do stupid things that might kill them - at least as long as they don't then ask someone else to save them.
> This is a huge straw man/whataboutism that contributes nothing to the discussion.
It's a countervailing concern, not a strawman.
> bad software modifications... should be punished wherever they arise
Corporations are currently unpunished (per TFA) when they alter software in a way that risks patient safety, and they have already caused documented harm to patients. This is a shocking failure of federal oversight, but the captured FDA will (by design) never fix it. Oops.
In light of the real harm caused by this neverending policy failure, the Library of Congress is morally and ethically obligated to permit fair use exemption. Individuals and homebrew communities must be unshackled to protect patients from the real (not hypothetical!), documented, and widespread harm caused by corporate-sponsored attacks on US medical infrastructure.
No, that's not an exaggeration.
Given the current anti-patient landscape, the protections of open source far outweigh any risk.
In some (western) countries, your body is your personal private property, and you have the freedom and ultimate authority over how to use and abuse it, or anything on or in it. (you are still advised to treat your most precious property wisely, obviously)
In other (western) countries/subcommunities people feel that obligations to your community are stronger.
People from these different cultures can get into some pretty hefty discussions when it comes to things like abortion, drugs, euthansia, or -here- implants.
So like suicide, drugs and other and other cases where we are denied dominion over ourselves for our own good? IE. Your life and body are not yours, they belong to society and you only get limited access.
I disagree, I think if you walk into a pharmacy and ask for something dangerous without a prescription they shouldn't be obligated to give it to you. It's the same with medical equipment that keeps you alive.
If you want to risk your life you can do it but no one should be compelled to help you.
No one should be compelled. I mean it more in a negative manner, that it has an obligation to not stop people from helping. If someone wanted to offer a nitrogen tank, valve, tube and an easily head fitting bag for sale to people who want to commit suicide in a painless and ensured manner they be able to sell that (and people would). But in fact you cannot, and that is wrong.
Your position is not universal, and in fact strongly opposed by many. I believe that I have the absolute right to edit or terminate my own existence, either on purpose or accidentally. To the extent that anyone can own a person, people own themselves exclusively.
1. Compared to the average person in the FDA's population of people who are in charge of evaluating the medical devices, the average person in the population of people who would make fixes and helpful modifications might have more expertise in determining the quality of the device's normal software.
2. It's not as if the people who depend on the medical devices have to take the word of the community of people who will mod the devices over the word of the FDA.
The software is clearly not the primary product. While there might need to be a carve out or a specific licensing scheme developed to protect them from liability in the case of modified software, I doubt these companies would experience serious financial setbacks if they made their software free and open.
And don't tell me that SaaS is an integral part of the business model for medical device companies. There's no world in which they can't figure out how to turn a profit without charging a monthly fee to use your tens of thousands of dollars eyeball.
> The software is clearly not the primary product.
Sure, in this case. But that means that the rule we're considering actually needs a big asterisk next to it, something like "when the software in question isn't the primary product." That sounds like a thorny regulatory question, and any answer to that question other than "I know it when I see it" probably has big loopholes. This might be unnecessary nitpicking on my part if we're just shooting the breeze about companies we don't like, but if we're actually interested in writing laws, this is a common failure mode. Maybe _the_ common failure mode.
On the other hand, "so you would prefer it not be developed" is a less-than-entirely-charitable way of making this point. Of course @mbakke would _not_ prefer that, and it might avoid an unnecessary round of back-and-forth to make a reasonable guess about what they would prefer and work from there :)
100% agree for "read only" software, like scanning, diagnostics, etc.
Control software is much more involved topic, let me illustrate it with a scenario: one family member is non-techy but has an insulin pump, another family member is techy and likes to hack around, they made a change to the insulin pump software to "improve it", but by accident the change triggered insulin overdose at night during sleep and family member died. We have rules and regulations not just to have rules and regulations, we have rules and regulations because they are written in blood.
While advocating for ability to freely modifying any life dependant control software is a noble goal, in my opinion it's the wrong end to approach it, instead it would be more constructive if we as computer science industry figure out ways how to make software such as we don't kill people, how to "certify" it in self service fashion (validation passed == no-one will die), etc, it's no trivial and it feels this particular part of our industry is not as developed/main stream as compared to something like civil engineering. If we have easy ways to ensure that modifying software will not lead to death then it will be easier to change the legislation to enforce this freedom.
In your scenario, there's protection at a societal level: manslaughter/homicide law.
Obviously their intent, the jurisdiction, their training/knowledge, and what sort of changes they attempted would matter in terms of how they were charged, prosecuted, etc.
If the device manufacturer updates software and injures or kills someone, they're liable on a criminal and/or civil level.
Before anyone starts rambling about how "they'll just calculate out their liability vs cost of proper software engineering blah blah"...in a civil lawsuit, at least in the US, the punitive portion of damages is for the express purpose of penalizing the defendant for shitty behavior, beyond actual damages, to discourage them and others from doing such a thing again.
McDonalds was slammed hard in the infamous coffee-scald case with a huge punitive portion. Before suing, the victim asked merely for medical expenses - nothing for the (enormous) pain and suffering from her genital burns. McDonalds told her to fuck off.
The jury was (to put it mildly) enraged on a number of counts: McD's knew their coffee was served well above industry standard temperatures, knew they'd injured people, and refused a reasonable request for damages.
Given that, having medical software be FLOSS certainly seems like it's a necessary step. Whether that alone is also sufficient is something that might warrant further debate.
Eg. in the opposing quadrant: maybe the insulin pump has a bug, but the new fix doesn't get certified in time and now the family member dies while their kin stands by whilst wringing their hands. This bears balancing.
I think -partially- this would fall under a patient's right[1] to choose an alternative treatment option, when presented with the pros and cons. A patient should be allowed to take considered risks.
I agree with it being the wrong way to go about it- I think the article fails to recognize that relying on the software being free isn't a solid enough certification of the software being appropriately safe to control a person's health. There has to be some other safeguard put in place- I'm not sure if it's legislation, but allowing a software update to break an app used by the elderly is unacceptable.
Updating the software should be done by qualified medical software engineers. Just like you wouldn't let a random untrained family member do surgery on you or prescribe you any drug. The free software aspect would still benefit the community, and people won't be on the fate of 1 company. If the company stops supporting the software, you could go to a medical software service company that has in-house experts on helping users with deprecated medical devices. That would at least be possible with free software, not with proprietary.
A lot of this does make sense, and I think there's still ought to be more in the messaging. The medical data as well needs to be analogously free, or rather, wholly private to the individual. No organization should be the arbiters of our medical information.
But the sad news is, we carry around with us portable surveillance circlets which have the ability to access our medical conditions. We give it information voluntarily, and through occasional advertorials, this practice is becoming more normalized and accepted. I'm not convinced that the convenience outweighs the trouble this is going to bring.
It allows patients to pull their complete medical history from their various healthcare institutions, and store it locally without having to worry about some corporation monetizing and data-mining their health record
God forbid I ever need to rely on software to live. But if I do you can guarantee I won't have anything connected to the internet that I need a smartphone to use!
If I'm ever going to find myself at a point where my body needs software to survive, then you bet that I'm going to hire someone to liberate it for me.
If I can't find anyone willing to take the risk, I'd take a shot in reverse engineering the thing myself.
I realise that's not a normal or even reasonable response to the predicament, but I'll never have kids and I've never been very attached to my life anyway.
I think you mean software controlling medical devices, but you do rely on software to live when you drive, ride a plane, cross the street (crosswalk lights), when the train with poisonous whatever rolls through town, etc.
>Two months later, with Apple's update to iOS 17, users of the FreeStyle LibreLink and Libre 2 apps had reason again to fear that the software they rely on wouldn't work after updating their iPhones
Apple is well known to operate with a near total disregard for the stability of third party software. I wouldn't go so far as saying that anyone who puts Apple in their tech stack for something safety critical and then blithely upgrades gets what they deserve when it breaks, but it's a damn fool thing to do, especially if they've already personally run into problems as a result before.
I think the FSF's argument over medical software is quite sound, but this point was a little pouty for my liking.
The whole world doesn't revolve around the FSF's definitions of free/open/libre, and LibreLink is related to the FreeStyle Libre devices, that aim (marketing) at
being something "so you can get back to the things that matter most".
Abott is sketchy w their Freestyle Libre blood sugar sensors. They only allow them to pair w a single device. This summer I had their external device die and I had to get a third party app to read the data from the still functioning sensor. I refuse to use their official app as it can't be silenced. Dexcom was worse both their app and the external reader had an insane fixed "sensor will expire in 6 hours", no way to mute, adjust, this thing was going off at whatever hour of the night it wanted. I lived fine being insulin dependent for 40 years, and the ease and extra data like an overnight graph are all great. Making noise can and should be default, but I should be able to silence it and I'd click an absolution of liability, these things have to fit into life not the other way around.
To get my UBI payments in CBDC, I was required to have a chip inserted in my hand. Little did I know that this chip also was scanned and read every time I stepped into a vehicle and from beacons all over town. How can I get this out and still get my money to live?
I don't understand what freedom stands for anymore. I don't trust the FSF after they started grandstanding on topics that made no sense.
Apple making an update that breaks apps isn't the fault of the app developers, or the app. The measures they suggested are completely useless if nobody wants to update or make a gpl 3 or even a horrible gpl 2 app. Suppose they do, they're supposed to pay the apple fee every year and "sell" it for free?
I'm not sure what the article wants besides bad press for companies that went bankrupt?
You know you can still sell a piece of software even if it is open source? Especially on iOS, you can't get software onto your phone unless it is published on the app store so just like you said, whoever is paying that publishing fee is going to charge users to install the app.
Or you don't even have to sell the software at all. If I had a piece of software that I needed to live, if it was OSS at least I could pay a dev to maintain it so I don't die...
(Consider the inverse: Parts of your own body are not your property but are merely licensed to you, and the license can be modified or withdrawn at the pleasure of the licensor)
Legislation might be required.
(edit: this would not be without precedent. Copyright and Patents are very limited when it comes to life essentials in general, such as recipes for food or designs for clothing.)