Karen Sandler: full interview
Karen Sandler: full interview
Andrew Gregory and Graham Morrison talk to Karen Sandler, Executive Director of the Gnome Foundation, and hear some rather more compelling arguments for software freedom than clever acronyms and numbering systems that start at 0 rather than 1.
A cyborg gnome conjures up images of a garden ornament wielding a phased plasma rifle in the 40-watt range rather than a tiny fishing rod, so we were looking forward to meeting Karen Sandler, executive director of the Gnome Foundation and a self-professed cyborg lawyer. What followed was a journey through Gnome 3, security flaws in medical implants and why people shouldn’t be jerks on the internet.
Linux Format: I saw your presentation on closed source medical software from two years ago, in which you were talking about proprietary software used in medical implants. The intellectual case for free software there is unanswerable.
Karen Sandler: It was really weird to experience personally, being a lawyer at the Software Freedom Law Center; finding out that I needed this device, then finding out that it was based on proprietary software. Over the course of evaluating whether to get this device and having the magnitude of all of that sink in, I realised that it’s not just my medical device; it’s not just our lives that are relying on this software: it’s our cars, and our voting machines, and our stock markets and now our phones in the way that we communicate with one another. We’re building all this infrastructure, and it’s putting so much trust in the hands of individual corporations, in software that we can’t review and we can’t control. Terrifying.
LXF: Had you only just got the heart device when you found out that it contained this mystery software?
KS: I found out when I was 31 that I had the heart condition, and then it took me a whole year of struggling with the idea of whether I should get this device. First of all figuring out whether I needed one, getting doctors’ opinions and then getting second opinions, and I kept putting it off.
It wasn’t until my closest people started freaking out that I realised I actually needed to get the device. I went for lunch with a friend and she asked, “how’s it going with the whole pacemaker/defibrilator thing?” and I was like [adopts breezy tone] “Ah you know, I’ll figure it out. It’s proprietary software, am I really going to get that thing?” And then she started crying and told me, ”this isn’t some esoteric issue, this is your life.” Every time it took me a few hours to call my mother back she would worry that I was dead.
All the people close to me were so worried, and rightfully so, but because it was me I just couldn’t see it. Until I would run for the subway when I’m not supposed to do bursts of activity, and think “Is this the moment when I’m going to go into sudden death?” So anyway, I took too long, I took a whole year, and I finally decided I would get the device.
And then it took me a whole other year to do the research, because every time I read about the failures of these medical devices it affected me so personally. Reading about the failed insulin pumps other software failures on medical devices, people who got lethal doses of insulin… I would start working on it and then have to put the research away, and come back the next week and start again. It took a long time because it was a very emotional issue for me.
LXF: Was that because of the way the software was designed, or because of a bug?
KS: There were multiple reasons why the insulin pumps failed, one of which was that it was unclear which field was minutes and which was hours for the dosage time, and so people were setting minutes when they thought they were setting hours for the dosages. I don’t know whether you’ve read about this, but there‘s a guy called Barnaby Jack, who has done some really cool research in showing how vulnerable these devices are, and he can demonstrate that with an iPhone in a public place you can identify people with insulin pumps and pacemaker/defibrillators and in both cases can deliver a lethal result. I actually have an older device, because I was so freaked out about this.
[Note: Barnaby recently died unexpectedly. You can read Karen’s blog here http://blogs.gnome.org/gnomg/2013 /07/26/a-sad-piece-of-news-about-barnaby-jack]
I was so freaked out about this. I kept trying to talk to doctors about it and they wouldn’t listen to me, or they just didn’t know how to handle the conversation with me. I had one electrophysiologist who I talked to who just hung up the phone on me.I said that I can imagine that there are classes of people who might be attacked in this way. Think of the people who have these devices: people who have access to really fine medical care. What percentage of our politicians, or our judges, or other people in positions of power have these devices? Dick Cheney had one of these devices. It’s not that hard to think about targeting, sending out a signal… so he hung up on me.
I finally found another doctor who understood the issue. And he said: “OK, I really understand. It terrifies me what you’re talking about and I know why the other guy just hung up on you.” Because he implants several a day and the idea that there might be a problem with any of these devices is just horrifying. We rely on the FDA and we rely on the medical device companies to make sure that these devices are safe. If you’re telling us that we can’t rely on these things then I can’t do anything about that right now. You need this device. What I can do is that I can call around the other hospitals and see if they have any older devices that are still sterile. So that’s what I did. I got one of the older devices. You can talk to it with magnetic coupling. It doesn’t have the wireless component. It’s starting to run out of battery though, so I’m going to have to get it replaced. I’m going to have to confront it again, because there aren’t any of the older devices left, so I’m going to have to get a newer one, and they still haven’t fixed this problem.
LXF: How do you stay disconnected and objective when it’s something that affects you so profoundly? Making the right decisions or trying to understand the problems with real objectivity.
KS: It’s really hard. This is the thing that I was saying before about having to do the research, then walk away and come back. A statistic came out recently that 25% of all medical device recalls in the last few years have been due to software failure. When you read these statistics it becomes very personal: “What is the state of my own device?”
It’s very difficult. Every time I have given my talk on medical devices, especially to large groups of people, I hate telling people that I have a problem. I don’t like telling people that I have a heart condition.
If you watch my talks closely that at the moment when I make the joke that I have a big heart that I have a heart condition, you can see that I’m a slightly choked up, every time. But at the same time, I have a story that people can understand, so I feel like I have a responsibility to talk about it, to get people to understand this issue. Sometimes things affect me in ways that I wouldn’t expect. I start talking about the statistics of this stuff and somebody asks a very simple question and all of a sudden I’m a wreck again. But then also the anger sustains you: when you read about how little is being done in the area and how much control the medical device companies have, you realise that there’s an imperative to get people to understand that this issue matters, and be angry that this issue has been glossed over. Finally, just a couple of months ago, the FDA has announced that these devices may be vulnerable. And all they recommend is that that manufacturers “take appropriate steps”. There’s no suggestion that publishing software could make it safer.
LXF: Have you made any progress on the medical devices?
KS: Only in raising awareness of the issue, which has I think been very helpful. I don’t know if it’s really because of me, but some of the jokes I have made have made it into other areas. Like, a joke that I had made in my early talks about this was also made on The Big Bang Theory. It probably wasn’t me exactly, but I think just me talking about it in tech circles, you know, it captures the imagination. It’s been a plot point in CIS and it’s been a plot point in Homeland, the TV Show.
I’m not so full of myself that I would take credit for these things, but describing the situation and talking about it I think makes people think about it in that way. There’s been progress in popular culture and understanding that these devices can be problematic. There’s been progress with the FDA in that they have announced now that there could be problems, but there’s been very little discussion about the software transparency component to this, and very few efforts to curb the medical device companies. The most believable reason I’ve heard for not requiring medical device companies to publish their source code is that it will probably expose them to patent liability.
Nobody, or very few people, would be interested in buying one particular medical device over another because of the software; you just want to algorithm to work for the use case. You want it it to be reliable, but none of the doctors are going to endorse, say, a Medtronic device on the strength of the awesome developers they’ve just hired. The software is not really the issue. If they publish it freely I don’t think it would have any impact on their business; their business is in precision manufacturing, having great support for doctors.
Even though I point at and criticise them, I have a Medtronic device because my doctors told me that Medtronic is one of the first companies to say when there’s a problem internally, and they’ve been around for a long time. If a new company were to go into medical device manufacturing, patients and doctors would be unlikely to try them until they had a serious track record. It’s one of the perfect business cases for the caring of software. Everyone would win. The only reasonable explanation for the resistance is that it would expose them to patent liability because other device manufacturers and other businesses would see what software they were using. And that’s inexcusable.
LXF: They certainly wouldn’t lose out on licencing fees; I can’t imagine that one manufacturer would develop software to be used in another’s pacemakers, for example.
KS: It’s a perfect example of where a proprietary business case makes no sense.
LXF: But I think it also sounds like a perfect example of fear, uncertainty and doubt about open source software, that people allow to flourish in business software, for example. Releasing their software and realising that there are these critical problems in the source code that could be taken advantage of.
KS: But these vulnerabilities exist in proprietary software too. This is why I’m so glad that Barnaby Jack and Kevin Fu do their work where they demonstrate that these devices where they’re not publishing the code are totally maliciously hackable. Security through obscurity doesn’t work.
LXF: It’s that kind of threshold, the problem that people have, with proprietary thinking.
KS: That’s why I started to write an academic paper on this issue, rather than treating it as a personal issue, was that I collected all the evidence showing that free and open source software is safer and better over time, and then posting it, I and other people at SFLC started posting on on patient forums, and we were attacked for being so insensitive and trying to fearmonger on those forums because “we don’t know what it’s like to have a device” and then’s when I realised that I needed to talk about my own experience.
Because I really do know what it’s like. Because it terrifies me. And I am so glad that I do have this device. Every time I end up running for the subway or for the bus, or being late for a flight and carry my luggage up onto a plane, I am so grateful that if I’m in trouble the device is going to most likely shock me. I have a great sense of security, and it’s a quality of life issue for me in that way and my family, to know that I have this layer of protection. But at the same time we should absolutely talk about how these devices can be better. If we’ve just implanted all these devices that could be taken control of… I’m at a high risk of sudden death. It’s just at 2–3% per year compounding. But if someone had it in for me, delivering a lethal shock, that’s a whole other danger that I’ve just given myself by implanting this device. I don’t think that anyone is out to do that to me, but at the same time, society as a whole, we have to worry about these issues.
LXF: People most likely to be able to do that would be device manufacturers, who would have the most to lose from your demise.
KS: That’s not true, because researchers like Kevin Fu and his team and like Barnaby Jack have demonstrated that anybody could do that. They just reverse-engineer it. They didn’t release all the information, for safety, but they released enough to understand what they did. I really loved reading Kevin Fu’s paper, because to simulate the device in a human body they took a big bag of meat, like a bag of bacon and put the device of the middle of it. It’s actually quite an entertaining paper. Truthfully, a software issue that’s more likely to get me is that if my device just doesn’t fire when it should. I would have liked to be able to review the code; that’s what I was originally asking for. If this software is going to be literally sewn into my body and screwed into my heart I should at least be able to take a look at it. I even offered to sign a non-disclosure agreement, but none of the companies were biting.
LXF: It seems silly to continue with this interview. Everything else is going to seem banal in comparison with having potentially buggy software implanted in your vital organs.
KS: OK, so we’ll bridge to desktop environments from this: I was at a Usenix conference right after I gave that talk, a Usenix healthcare conference where I was asked to be on a panel with a gentleman who is in cyber security at the FDA. That was really fascinating because he hadn’t actually thought about a lot of these issues at the time, though I’m surehe has since then.
That was amazing because one of the talks I heard at the conference was a woman who was showing an app that she’d made for her iPhone where the phone could talk to her insulin pump. She had a fitness program on the iPhone where she could keep track of everything she ate and all of her exercise. The iPhone could talk to her insulin pump and monitor her blood sugar levels, and basically tell her how she was doing with the exercise and her eating with respect to her blood sugar levels, And first I was like “that’s kind of cool” but then I realised: “Oh wow. Her iPhone is talking to her insulin pump!” We’re relying on Apple for our health! To talk to our medical devices? When did that happen? We’re using our phones for everything. It’s really not a phone any more, it’s a little computer that monitors your communication with everyone. I gave a talk last month and a big group group of people and I asked how many people were using Skype. Half of them raised their hands. The other half didn’t raise they’re hands because they knew why I was asking. Because if you use Skype, you’re trusting Microsoft with your phone calls. We’re creating these single points of contact and trusting a lot of companies that don’t necessarily have a great track record in terms of privacy, or defending your rights.
We’re building crazy amounts of infrastructure, and we’re doing it by entrusting all this stuff to these companies.
LXF: There’s the Microsoft guy over there [we all turn and wave at the Microsoft guy who is having a chat with someone on the other side of the room. He waves back]
KS: In a previous world we would have had a lot of government oversight and we would have had real infrastructure that was publicly motivated. And at the same time we have all of this public infrastructure for free and open source software and we’re not putting the focus on it that we need to. What’s happening is that our free and open source software solutions are lagging because we don’t have public buy-in into them. If we could get that buy-in then our solutions would be every bit as good if not better. And they would have the great public infrastructure that we need in order to be sure that we have safe environments.
I’m a mom now. I have a 10-month-old, and it really petrifies me so much when I think about the world we’re building for our kids. We’re making choices now that are going to be hard to go back on. We’re building standards and we’re building reliance on different kinds of software, and people don’t even think about it. Software is just a tool right? Like a hammer? No-one would think about the ethics or morality of a hammer. But it’s just not the case with software. If software isn’t reviewable then we’re in trouble.
What if there’s catastrophic failure at Medtronic? The FDA is not reviewing this software; they don’t even ask for a copy of it. There’s no public repository for it. So we’re building all this infrastructure and it’s terrifying. We need to build on free and open platforms, and that’s why I moved to Gnome. Because now we use our computers for everything, and therefore they have to be usable, by everyone. If we keep making solutions that are not easy for everyone to use, we’ll never get adoption. And if they’re not built by an independent, non-profit driven structure, we’re just making bad choices as a society. When I first saw Gnome 3, I thought: this is the answer we are looking for. It’s sleek, it’s pretty , it is easy to use and it is different from anything that free software has done before.
Two years later it still feels the same way. I love showing off Gnome. when I use it on aeroplanes people go “what is that? That looks so cool!” I think it uses the best of the PC and the Mac paradigms, so people can come in from both sides, and it’s very easy for me to transition from society-critical software to the desktop, because Gnome is an ideological approach to computing and making sure that everyone has access to it. In a free software non-profit world we can care about accessibility; we can care about things like bringing in more voices; we can care about all the privacy issues; we can care about things that may not be in the bottom-line interests of particular companies, because we’re free software and non-profit.
LXF: That was one of my favourite things that you said in your talk just now, that as a non-profit organisation your only responsibility is to make the world better. Fair enough, you need the money to be able to do that…
KS: Fundraising is really tough. It’s hard to explain the value of it, and this is where what you guys do is really important, because you can choose what to write about, and it’s so hard for me as one person to explain why people should care.
LXF: Does it bother you that a lot of people are not too impressed by Gnome 3?
KS: You know, I think people have strong opinions about it, and people have been slowly coming to it. Gnome 3 was already well underway by the time I became executive director. And by the time I took the job Linus Torvalds had already said his negative comments about Gnome 3, and there was a storm of negative press. There’s something – I think it’s press in general, but I think it’s even more so in the tech press – negative press gets picked up so hard, and there was sort of this feeding frenzy (no one really covered when Linus started using Gnome 3 again, for example). When you couple that with the fact that Gnome was so different from the working habits that most people had, so there was a change that needed to come with Gnome 3, as soon as that was put against the backdrop of “people don’t like it” so many people were unwilling to give it a try. And so it was really slow going at the beginning, but I think more and more people have come back to Gnome, given it a chance and found it to be this great environment. It’s just so pretty looking to start with, and it’s so easy to use, so people who want to give it a try wind up being quite enthusiastic about it.
But then, you know, as soon as there’s another, somebody frustrated with something, there’s a lot of bad press again. I’m not pointing any fingers, but because there’s been a lot of fragmentation in the area it’s actually made things a lot worse, because it’s made, I think, people who maybe would have been formerly partners fan the flames a little bit. And I think that’s really sad, and I think that we should find all opportunities to work together to advance the GNU/Linux desktop together. Gnome is very well known and differentiated by the fact that we actively dive into the stack and try to fix problems from the bottom-up. It’s one of the things that Gnome is really well known for and one thing that I’m really proud of about our community. That’s why there’s a great Wayland track at this year’s GUADEC (the Gnome Users and Developers European Conference). SystemD, PulseAudio, all sorts of great stuff that has come out of our community because of that philosophy, and this philosophy in particular is something that we should try to highlight and work together so that we have less duplication across the stack. We as a whole are such a tiny tiny percentage of the market, and when we can’t give a clear answer to someone about what they should use or where they should start, you have 10 different projects going off in different directions, it’s tough.
I only care that free and open source software wins at the end of the day. I’m with Gnome because I think it’s awesome. I think it’s The One, but if another free software solution wins at the end of the day I don’t mind so much; I just think we need to figure out what that is and all work together.
The Gnome community is an amazing community of exceptional people. GUADEC is one of the funnest conferences that I’ve ever been to and I thought that before I was executive director. It’s pretty great, and you know, I think that the distributions that have stuck with Gnome as their default are very successful. I really expect it to grow.
Obviously there are a lot of changes in computing overall, so who knows where things will go. But there are new partners coming in to the Gnome space. Tizen PC is working with Gnome and there are a few other things I can’t talk about yet, but there might be some reveals at GUADEC or after, I’m not sure. There’s exciting stuff going on, because GTK is a very useful toolkit and because Gnome 3 is really a great interface, set of tools to work with.
Two years after starting as executive director and starting with this terrible climate of negativity towards Gnome, I’m happy that at this point we stay as a foundation completely focused on what’s right. We’re building the desktop that we think is the desktop of the future, and building computing that we think is going to provide the tools to bridge different media. So you know, I think we’ll continue to work that way. Where else could an outreach programme for women be started? And that works not just for Gnome, we’re doing it for everyone. We look for the problems, and then we try to make them better. And that’s true across the board. When you think about what distro to use, or what project to contribute to, think about joining an independent one, one that’s run with a non-profit in mind. And see all of the good things that can come out of it.