I don't really keep up with the various Linux conferences that happen now and then, but I certainly follow various free software planets, which generally filter the good stuff out for me anyway.  Something that slowly made it through my filters recently was Karen Sandler's keynote address at the Australian Linux Conference, where she, unsurprisingly, talked about the importance of FOSS software.  The part that was surprising, though, and really hit home for me, was when she started talking about her internal defibrillator.

Apparently, Karen has an abnormally large heart, in the physical sense.  She is at risk of suffering what her doctors called "sudden death," which means she could simply die with no warning.  Luckily for her, there is a great treatment in the form of the internal defibrillator - a small device that can be wired directly into her heart that will issue a shock to restart her it if she suddenly, well, dies.

I'm going to take this moment to urge you to go watch the video, it's a bit long, but listening to her talk about her own heart is going to do more for you than I can manage.

For those of you not watching the video, there are two scary parts.  First - when she talks about being at risk of sudden death.  The second is the sequence building from her cardiologist not knowing much about the device he was offering to implant to the point where he hangs up on her in frustration.  His frustration came from her desire to see the code running on the device he wanted to put in her, the company's unwillingness to show her the code, and his lack of understanding about why that's important.  If you're wondering why this sort of thing is important at all, it's because this machine is wired to her heart.

What we put into our bodies...

When we go out to dinner somewhere, we expect to be told what's in our food if we ask, we expect to know what's in the drugs we take, so why shouldn't we expect access to what's in the devices implanted in our bodies?

Let me phrase it another way.  A company makes an electric heart that you need because yours was stabbed like Jean-Luc Picard was in Star Trek.  You get it and want to know what makes you tick, and they tell you that your heart is their intellectual property and you're not allowed to know how it works. Furthermore, you're not allowed to modify it, open it up, or see its source code.  There's a well-known bug in it?  There's a firmware update?  You might not get it if it doesn't make money for the company.  You want to install it yourself?  That might be illegal depending on the time of year and what phase the moon is in.

When Karen told her story, her concerns were that she couldn't check the logic of her device, herself, nor could she have a friend or consumer-advocacy group do it.  Four years ago, when I started writing this, that was where the story ended.

Things that come out of our bodies

A few weeks ago, I came across this article, which I thought might be a bout Karen, again.  I opened it, hoping to read more about her and, hopefully, what progress she had made.  Instead, I learned about a brave, new person taking up this baton, because the same problems were still around.  It turned out that, on top of Karen's original concerns, people were now taking data from Marie Moe's device and refusing to give her access to it.

At first, as I read that they were collecting the data, I hoped it was available to her.  Wouldn't that be cool?  I could make graphs of my heart rate, if I had that data.  But they seemed to think that the data was theirs.  Her doctor seemed to be too busy to help her get at it either, which isn't surprising.  To me, this feels like going into the doctor to get the results of your blood work and being told, "I can't show you the numbers, but your cholesterol is fine.  The company owns your iron levels, but you aren't anemic."

There's an old maxim that is often forgotten or ignored that you don't own anything you can't take apart.  Warranties are nice, but when farmers can't repair their own tractors you start to see why user serviceable parts, even skilled- or trained-user serviceable parts are important.  In a world where any data that's collected is often sold and firmware updates come twice a year and stop as soon as the new model comes out.  People with implants are at an ever greater risk of losing control of their body parts RoboCop-style.  Malfunctions happen, and a thriving, open community is a great way of keeping the process more transparent and hopeful for everyone.  I would hate to have a malfunctioning defibrilator in my chest and have nowhere to turn, once the company tells me it's outside warranty or the like.