1
00:00:09,000 --> 00:00:11,045
How is that, can you hear me?

2
00:00:11,045 --> 00:00:13,953
Can I ask for everybody on the end

3
00:00:13,953 --> 00:00:17,014
who has a seat next to them to move a little bit in

4
00:00:17,014 --> 00:00:19,988
so that latecomers have a place to sit?

5
00:00:19,988 --> 00:00:21,979
Just move in one seat.

6
00:00:21,979 --> 00:00:25,373
As a latecomer often myself, it's a huge gift

7
00:00:25,373 --> 00:00:28,208
if you walk in and there's a place to sit.

8
00:00:34,030 --> 00:00:35,158
But not too much,

9
00:00:35,158 --> 00:00:38,040
because I think they've shut the side doors too, so…

10
00:00:38,040 --> 00:00:40,000
You're good, you're good.

11
00:00:41,040 --> 00:00:42,070
OK.

12
00:00:43,020 --> 00:00:45,481
I am really, really happy to be here.

13
00:00:47,010 --> 00:00:51,000
My talk is entitled Freedom in my heart and everywhere.

14
00:00:52,020 --> 00:00:54,879
As just said, I've been involved

15
00:00:54,879 --> 00:00:57,000
in the Free and Open Source community for a while

16
00:00:57,000 --> 00:01:00,000
I am the executive director of the GNOME Foundation

17
00:01:00,000 --> 00:01:02,020
and we'll get to some of that a little bit later

18
00:01:02,020 --> 00:01:03,692
which is really cool.

19
00:01:03,692 --> 00:01:08,205
And I, for a long time, was a lawyer at the Software Freedom Law Center.

20
00:01:09,000 --> 00:01:11,020
Resulting in eventually becoming general council.

21
00:01:11,020 --> 00:01:13,631
So I had this really lucky opportunity

22
00:01:13,631 --> 00:01:15,577
to get to know a lot of folks

23
00:01:15,577 --> 00:01:16,969
in the Free and Open Source software community

24
00:01:16,969 --> 00:01:18,508
by helping them with all of the crap

25
00:01:18,508 --> 00:01:20,046
that they didn't want to deal with.

26
00:01:20,046 --> 00:01:21,403
Really really fun!

27
00:01:21,403 --> 00:01:24,527
I've been a Free and Open Source enthusiast,

28
00:01:24,527 --> 00:01:26,388
I'd say, since the nineties

29
00:01:26,758 --> 00:01:30,169
And I am also a patient

30
00:01:31,050 --> 00:01:34,000
I have a really, really big heart

31
00:01:34,785 --> 00:01:36,710
I actually have a huge heart.

32
00:01:36,710 --> 00:01:38,388
So you think I work for non-profit

33
00:01:38,388 --> 00:01:41,049
but I actually an enlarged heart

34
00:01:41,049 --> 00:01:45,000
I have a condition called hypertrophic cardiomyopathy.

35
00:01:45,000 --> 00:01:46,931
I always get a little bit nervous when I talk about that

36
00:01:46,931 --> 00:01:48,000
because that sort of say

37
00:01:48,000 --> 00:01:50,100
my heart is a little broken.

38
00:01:50,100 --> 00:01:53,000
But it means that I have…

39
00:01:53,000 --> 00:01:57,000
it's not actual. My heart is very thick

40
00:01:57,000 --> 00:02:00,154
and that means that it has a hard time beating.

41
00:02:00,154 --> 00:02:01,169
It's a little bit stiff.

42
00:02:01,169 --> 00:02:03,115
And it's actually pretty fine.

43
00:02:03,115 --> 00:02:05,062
I don't have any symptoms yet.

44
00:02:05,062 --> 00:02:10,000
I just have a very high risk of suddenly dying.

45
00:02:11,000 --> 00:02:13,462
The term is actually sudden death.

46
00:02:13,462 --> 00:02:17,123
That's what the doctors tell you when you have HCM

47
00:02:17,123 --> 00:02:21,000
and you need to enter in this life-long treatment.

48
00:02:21,000 --> 00:02:24,000
They say you have a high risk of sudden death.

49
00:02:24,000 --> 00:02:26,023
Which is really terrifying as a patient.

50
00:02:26,023 --> 00:02:31,000
I have about a two to three chances per year of suddenly dying

51
00:02:31,000 --> 00:02:36,000
and that compounds, so I've found out about this at age 31

52
00:02:36,000 --> 00:02:42,000
and over the next decade it was sort of 20 to 30% risk of sudden death.

53
00:02:43,246 --> 00:02:48,146
Really, really, just a scary thing to hear…

54
00:02:48,146 --> 00:02:50,769
but there is a solution right now!

55
00:02:50,769 --> 00:02:53,041
which is to get a defibrillator.

56
00:02:53,041 --> 00:02:58,020
And what a defibrillator does is it's in your body

57
00:02:58,030 --> 00:03:01,000
I actually did get one, it's right here.

58
00:03:01,000 --> 00:03:02,223
It looks really huge there,

59
00:03:02,223 --> 00:03:04,000
but it's about like this big

60
00:03:04,000 --> 00:03:06,038
and it's right here.

61
00:03:06,592 --> 00:03:07,817
It has wires that

62
00:03:07,817 --> 00:03:09,765
sneak through my blood vessels

63
00:03:09,765 --> 00:03:11,000
and scour into my heart

64
00:03:11,000 --> 00:03:14,077
and it basically constantly monitors me

65
00:03:14,077 --> 00:03:15,469
and it's like having people

66
00:03:15,469 --> 00:03:16,862
following you around with paddles

67
00:03:16,862 --> 00:03:20,000
and if I go into a sudden death,

68
00:03:20,000 --> 00:03:23,000
it will shock me, and I'll be great!

69
00:03:23,000 --> 00:03:27,231
And I won't die! it's very exciting!

70
00:03:28,030 --> 00:03:32,000
So, all that is pretty well and good.

71
00:03:32,000 --> 00:03:37,010
The electro-physiologist that I saw when I told this

72
00:03:37,010 --> 00:03:39,245
has a bunch of these in his desk drawer,

73
00:03:39,245 --> 00:03:42,250
just so he can pass it to every patient

74
00:03:42,250 --> 00:03:45,363
because I think when you see how little this device is,

75
00:03:45,363 --> 00:03:47,508
it doesn't feel so scary.

76
00:03:47,508 --> 00:03:49,085
He pushed it over the desk at me,

77
00:03:49,085 --> 00:03:50,938
I was sitting here with my mother. I pick it up…

78
00:03:50,938 --> 00:03:52,506
He's like: "Pick it up, see how light it is!"

79
00:03:52,506 --> 00:03:55,588
So I pick it up and I say "Cool, what does it run?"

80
00:03:55,588 --> 00:03:58,000
<i>Laughs</i>

81
00:03:58,000 --> 00:04:05,831
<i>applause</i>

82
00:04:05,831 --> 00:04:08,077
To which I got a blank look.

83
00:04:08,825 --> 00:04:11,000
My mother gave my a blank look.

84
00:04:11,738 --> 00:04:14,200
Surgeon said "What are you talking about?"

85
00:04:14,200 --> 00:04:16,692
and I said "Well obviously, "

86
00:04:16,692 --> 00:04:20,000
"this piece of equipment is only as good as its software"

87
00:04:20,000 --> 00:04:22,050
I mean, it relies on its software to know

88
00:04:22,050 --> 00:04:24,040
when it is that I'm going to have a sudden death

89
00:04:24,040 --> 00:04:26,381
whether it is that I run across the street

90
00:04:26,381 --> 00:04:27,307
when I shouldn't have

91
00:04:27,307 --> 00:04:29,000
or I decided to run a marathon

92
00:04:29,040 --> 00:04:31,020
or for no reason at all.

93
00:04:31,952 --> 00:04:34,295
I'm totally relying on this software to know

94
00:04:34,295 --> 00:04:36,555
when is the appropriate time to give me a shock

95
00:04:36,555 --> 00:04:37,393
and when it's not.

96
00:04:37,393 --> 00:04:41,010
When I need pacing, maybe, or when I don't.

97
00:04:41,010 --> 00:04:45,080
And the electro-physiologist, of course had no answer at all.

98
00:04:45,080 --> 00:04:48,000
He said "nobody ever asked me this."

99
00:04:48,000 --> 00:04:50,020
"I never thought about the software on this device."

100
00:04:50,020 --> 00:04:53,718
"Hang on, there is a representative from Medtronic"

101
00:04:53,718 --> 00:04:55,938
"here in our office today."

102
00:04:55,938 --> 00:04:59,050
"I will get to him, because he is the manufacturer"

103
00:04:59,050 --> 00:05:02,000
"and surely they have thought about this."

104
00:05:02,000 --> 00:05:05,050
So, in walks this representative

105
00:05:05,050 --> 00:05:07,000
and I sort of explain

106
00:05:07,000 --> 00:05:09,070
"I'm a lawyer at the Software Freedom Law Center"

107
00:05:09,070 --> 00:05:12,000
"I care about the software on my device"

108
00:05:12,000 --> 00:05:13,000
"I just want to know: "

109
00:05:13,000 --> 00:05:14,080
"how does it works? what does it run?"

110
00:05:14,080 --> 00:05:16,000
"Can you tell me?"

111
00:05:16,000 --> 00:05:19,000
And he said "Nobody's ever asked me that before".

112
00:05:19,677 --> 00:05:22,995
So, we had this really interesting conversation and he said:

113
00:05:23,000 --> 00:05:25,040
"I see that this is a very serious issue"

114
00:05:25,040 --> 00:05:27,000
"Here is my number."

115
00:05:27,275 --> 00:05:29,196
"Call me and I'll put you through"

116
00:05:29,196 --> 00:05:30,947
"to people to talk about this."

117
00:05:33,030 --> 00:05:38,050
Bolded by this, I called him at Medtronic

118
00:05:38,050 --> 00:05:40,050
and he gave me the tech line

119
00:05:40,050 --> 00:05:42,040
and so I kept leaving messages…

120
00:05:42,040 --> 00:05:45,030
eventually, I kept being bounced around.

121
00:05:45,030 --> 00:05:48,010
Nobody would talk to me about this.

122
00:05:48,010 --> 00:05:53,027
I called the other two major medical device manufacturers:

123
00:05:53,030 --> 00:05:55,000
Boston Scientific and St. Jude

124
00:05:55,000 --> 00:05:57,992
and neither of them could give me a real answer either.

125
00:05:58,000 --> 00:06:00,010
Eventually, I started calling and saying

126
00:06:00,010 --> 00:06:02,000
"Look if someone would let me look at the software,"

127
00:06:02,000 --> 00:06:06,000
"I'll sign an NDA", You know, really against my principles

128
00:06:06,000 --> 00:06:10,040
Because, I'm a non-profit activist in the technology world

129
00:06:10,040 --> 00:06:13,040
I don't want to sign any NDA which would prevent me

130
00:06:13,040 --> 00:06:15,013
from sharing what I find with somebody else.

131
00:06:15,013 --> 00:06:15,742
But I though:

132
00:06:15,742 --> 00:06:18,455
"At least, I'll be able to see the source code"

133
00:06:18,455 --> 00:06:21,060
"and I'll feel comfortable about what's put in my body"

134
00:06:21,783 --> 00:06:27,000
But, unfortunately, I was brushed off. I was told no.

135
00:06:27,000 --> 00:06:31,040
I talked with some people at Medtronic that were sympathetic

136
00:06:31,040 --> 00:06:33,972
I had access to good doctors

137
00:06:33,972 --> 00:06:37,010
People said: "Oh, you know, we're Medtronic"

138
00:06:37,010 --> 00:06:39,030
We care deeply about making sure

139
00:06:39,030 --> 00:06:41,992
that there are no bugs in the software that we put on these devices.

140
00:06:42,000 --> 00:06:46,000
Obviously, we wouldn't release it if we didn't think it was safe.

141
00:06:46,000 --> 00:06:47,000
All these things

142
00:06:47,000 --> 00:06:49,000
You must trust us.

143
00:06:49,000 --> 00:06:52,708
Doctor say, the Food and Drugs Administration,

144
00:06:52,708 --> 00:06:54,035
the FDA in the United States,

145
00:06:54,035 --> 00:06:55,285
approves these devices

146
00:06:55,285 --> 00:06:58,846
So clearly, you're over reacting.

147
00:06:58,846 --> 00:07:03,070
And when I was talking to that same electro-physiologist on the phone

148
00:07:03,070 --> 00:07:05,871
and said I'm really troubled by this, because

149
00:07:05,871 --> 00:07:09,030
I think about all the people that have these devices.

150
00:07:09,030 --> 00:07:11,000
Some of them are quite powerful

151
00:07:11,000 --> 00:07:13,000
Dick Cheney had one at the time.

152
00:07:13,000 --> 00:07:15,874
He has a more impressive device now,

153
00:07:15,874 --> 00:07:18,354
that continually circulate his blood

154
00:07:18,354 --> 00:07:20,646
so he has no pulse.

155
00:07:20,646 --> 00:07:25,169
It's a fascinating, fascinating device, yeah!

156
00:07:28,000 --> 00:07:30,000
There are a lot of prominent people that…

157
00:07:30,000 --> 00:07:32,525
the demographic that get this devices

158
00:07:32,525 --> 00:07:35,373
are often in some powerful positions

159
00:07:35,373 --> 00:07:38,010
So you can easily imagine a situation where

160
00:07:38,010 --> 00:07:40,080
someone would be wanting to shut down these devices.

161
00:07:40,080 --> 00:07:40,080
And the electro-physiologist that I spoked to on the phone
someone would be wanting to shut down these devices.

162
00:07:40,080 --> 00:07:43,629
And the electro-physiologist that I spoked to on the phone

163
00:07:43,629 --> 00:07:46,010
got so upset, he got so upset…

164
00:07:46,010 --> 00:07:48,000
that he hang up on me.

165
00:07:48,030 --> 00:07:52,000
He said "I think you're up to something"

166
00:07:52,000 --> 00:07:53,192
"I don't understand"

167
00:07:53,192 --> 00:07:55,000
"I don't know why you're so upset about this."

168
00:07:55,000 --> 00:07:57,000
"If you want to get a device, I'll help you"

169
00:07:57,000 --> 00:08:02,020
"But I think, I just don't, I think you're… you're…"

170
00:08:02,020 --> 00:08:03,000
Hang up.

171
00:08:03,000 --> 00:08:05,010
and I think it was really scary

172
00:08:05,010 --> 00:08:07,070
because he told me at the beginning of talking to him

173
00:08:07,070 --> 00:08:10,000
that he installed these devices all the time

174
00:08:10,000 --> 00:08:13,020
He installs sometime several devices a day.

175
00:08:13,020 --> 00:08:16,491
So the idea that he could be

176
00:08:16,491 --> 00:08:17,732
not even asking questions

177
00:08:17,732 --> 00:08:19,542
about the software that runs on these devices

178
00:08:19,542 --> 00:08:21,000
was pretty terrifying to him.

179
00:08:21,000 --> 00:08:23,000
So I put the whole thing off.

180
00:08:23,000 --> 00:08:24,297
And I just said, you know,

181
00:08:24,297 --> 00:08:25,465
I can't think about this.

182
00:08:25,465 --> 00:08:26,846
It's so terrifying.

183
00:08:26,846 --> 00:08:27,841
Am I really going to get

184
00:08:27,841 --> 00:08:29,158
proprietary software in my body?

185
00:08:29,158 --> 00:08:30,020
I don't know

186
00:08:30,020 --> 00:08:34,000
Plus the whole "mortality thing"

187
00:08:34,000 --> 00:08:36,000
and getting a piece of equipment

188
00:08:36,000 --> 00:08:38,000
sewn into your body.

189
00:08:38,000 --> 00:08:40,000
It's really a lot to deal with

190
00:08:40,000 --> 00:08:41,050
So I kept putting it off

191
00:08:41,050 --> 00:08:43,030
and eventually I couldn't anymore

192
00:08:43,030 --> 00:08:48,000
because friends and family kept asking me about it

193
00:08:48,000 --> 00:08:52,000
and saying "We're so worried about you"

194
00:08:52,000 --> 00:08:53,649
"We know that you can die at anytime"

195
00:08:53,649 --> 00:08:56,647
My mother, you know, off course don't have a land line

196
00:08:56,647 --> 00:08:59,055
and I don't have a great mobile reception in my apartment

197
00:08:59,055 --> 00:09:01,070
and my mother, if I didn't called her back within a hour

198
00:09:01,070 --> 00:09:02,998
would start calling all my friends

199
00:09:02,998 --> 00:09:04,853
saying "Have you speak to Karen today?"

200
00:09:04,853 --> 00:09:06,046
"Do you know if she's OK?"

201
00:09:06,046 --> 00:09:08,908
I went to brunch with a friend, and she asked me

202
00:09:08,908 --> 00:09:10,716
how this process was going.

203
00:09:10,716 --> 00:09:14,000
And I said "Well nobody from medical companies are calling me back,"

204
00:09:14,000 --> 00:09:16,060
"and you know, I'm sure I'll work it out."

205
00:09:16,060 --> 00:09:18,070
And she just burst into tears and she said

206
00:09:18,070 --> 00:09:22,020
"You know, you could die. Today."

207
00:09:22,020 --> 00:09:25,020
"and I just can't deal with that"

208
00:09:25,020 --> 00:09:26,040
"If you don't take care of this,"

209
00:09:26,040 --> 00:09:27,850
"I don't know if I can be friend with you"

210
00:09:27,850 --> 00:09:30,165
"because this is a serious thing"

211
00:09:30,165 --> 00:09:31,404
"and you're ignoring it for…"

212
00:09:31,404 --> 00:09:34,000
what she considered to be an esoteric issue.

213
00:09:34,000 --> 00:09:38,000
I really understood that and I really didn't have a choice

214
00:09:38,000 --> 00:09:40,000
So I got a device

215
00:09:40,000 --> 00:09:41,666
I got it implanted

216
00:09:41,666 --> 00:09:44,218
and it took sometime to…

217
00:09:51,080 --> 00:09:54,398
It took some time to recover from the surgery

218
00:09:54,398 --> 00:09:59,409
and also to really think about

219
00:09:59,409 --> 00:10:01,189
my own situation in a more abstract way

220
00:10:01,189 --> 00:10:02,154
to do some research.

221
00:10:02,154 --> 00:10:03,542
But I swore that if I got the device

222
00:10:03,542 --> 00:10:06,362
I would do some research and I would write a paper

223
00:10:06,362 --> 00:10:10,230
and I would talk about the issues that came up

224
00:10:10,230 --> 00:10:12,030
that the medical profession

225
00:10:12,030 --> 00:10:15,020
or at least the medical professionals that I dealt with

226
00:10:15,020 --> 00:10:17,020
had no answer for.

227
00:10:17,020 --> 00:10:22,000
So, the things that I found out when I wrote my paper were

228
00:10:22,000 --> 00:10:25,389
things that would surprise you and things that would not surprise you.

229
00:10:26,020 --> 00:10:27,404
Software has bugs.

230
00:10:27,404 --> 00:10:29,588
I really wanted a picture of the crickets

231
00:10:29,588 --> 00:10:31,738
that were in my room last night

232
00:10:31,738 --> 00:10:33,030
that fellow keynoters…

233
00:10:33,030 --> 00:10:34,060
*they are cockroaches*

234
00:10:34,070 --> 00:10:36,000
They are cockroaches?

235
00:10:36,000 --> 00:10:38,000
These are cockroaches.

236
00:10:38,000 --> 00:10:40,000
*So where are they?*

237
00:10:40,000 --> 00:10:43,000
But Paul and Jake got them out of my room.

238
00:10:43,000 --> 00:10:45,000
So that was really exciting.

239
00:10:45,000 --> 00:10:47,010
We were joking that I was going to talk about real bugs

240
00:10:47,010 --> 00:10:48,040
instead of software bugs.

241
00:10:48,040 --> 00:10:51,010
But, so, software has bugs.

242
00:10:51,010 --> 00:10:57,000
And medical devices as like as Matthew Garrett said

243
00:10:57,010 --> 00:10:58,030
will have bugs

244
00:10:58,030 --> 00:11:01,010
because the software engineering institute estimates that

245
00:11:01,010 --> 00:11:04,010
there is about one defect for every one hundred lines of code.

246
00:11:04,010 --> 00:11:08,330
So even if a majority of the bugs are caught in testing,

247
00:11:08,440 --> 00:11:11,018
even if three quarters of the bugs are caught in testing,

248
00:11:11,018 --> 00:11:13,000
that's still a lot of bugs.

249
00:11:13,000 --> 00:11:19,000
There's a study that I read that looked at

250
00:11:19,583 --> 00:11:24,000
recalls of devices that were published by the FDA.

251
00:11:25,455 --> 00:11:30,430
Basically, the study looked at all of the recalls

252
00:11:30,440 --> 00:11:34,200
and determined which ones they can tell were from software failures

253
00:11:34,200 --> 00:11:35,750
and then they evaluated those

254
00:11:35,760 --> 00:11:39,160
and the ones that they could tell enough

255
00:11:39,170 --> 00:11:41,610
about what the problem was from the software

256
00:11:41,610 --> 00:11:44,710
ninety-eight percent of them would have been detected

257
00:11:44,710 --> 00:11:47,000
with simple all-pairs testing.

258
00:11:47,650 --> 00:11:51,490
So, basic testing that you would expect

259
00:11:51,490 --> 00:11:54,920
for any kind of technical piece of equipment.

260
00:11:54,920 --> 00:11:59,280
So yes, the FDA has some review over these devices

261
00:11:59,290 --> 00:12:03,620
but if the companies aren't doing basic testing

262
00:12:03,630 --> 00:12:05,370
what are we doing?

263
00:12:05,380 --> 00:12:08,000
So, software has bugs.

264
00:12:08,000 --> 00:12:10,000
We know this, here in this room.

265
00:12:10,000 --> 00:12:13,000
Another thing that most of us here know is

266
00:12:13,000 --> 00:12:15,500
that security through obscurity doesn't work.

267
00:12:15,705 --> 00:12:19,170
And this is something that seems very counter intuitive

268
00:12:19,170 --> 00:12:21,640
for the folks that are not in this room.

269
00:12:21,650 --> 00:12:26,770
Every person who I started to about this in the medical profession said:

270
00:12:26,770 --> 00:12:28,160
"But I don't understand:"

271
00:12:28,160 --> 00:12:31,040
"Why would you want people to be able to see the software?"

272
00:12:31,050 --> 00:12:33,450
"If people can see the source code,"

273
00:12:33,450 --> 00:12:36,450
"it will be that much easier to break into it."

274
00:12:36,450 --> 00:12:39,440
But as we all know, that's not quite true.

275
00:12:39,460 --> 00:12:41,960
And in fact, by publishing the source code,

276
00:12:41,970 --> 00:12:44,000
everybody can see it, it will be a lot safer.

277
00:12:44,000 --> 00:12:46,380
But this is a major point that actually

278
00:12:46,400 --> 00:12:49,000
I address in my paper Killed By Code

279
00:12:49,000 --> 00:12:53,120
which go systematically through a lot of the research

280
00:12:53,130 --> 00:12:57,000
that shows how security professionals agree with that assertion.

281
00:12:57,200 --> 00:13:02,680
So, what we have is actually the worst of both worlds.

282
00:13:02,680 --> 00:13:07,110
We have closed code, so it doesn't have the safety

283
00:13:07,110 --> 00:13:09,010
of having a lot of people reviewing it.

284
00:13:09,102 --> 00:13:12,480
But we also have no security on these devices.

285
00:13:12,490 --> 00:13:15,000
A lot of these devices are broadcasting wirelessly.

286
00:13:15,000 --> 00:13:16,590
That's the standard right now.

287
00:13:16,620 --> 00:13:20,740
When I found out about that, I was totally freaked out.

288
00:13:20,760 --> 00:13:23,235
What do you mean,

289
00:13:23,235 --> 00:13:26,084
my heart device is going to be continuously broadcasting?

290
00:13:28,040 --> 00:13:30,240
Thinking the conferences that I go to,

291
00:13:30,250 --> 00:13:31,260
the people I hang out with,

292
00:13:31,260 --> 00:13:31,280
I don't want my information being broadcasted.
the people I hang out with,

293
00:13:31,280 --> 00:13:35,000
I don't want my information being broadcasted.

294
00:13:35,000 --> 00:13:37,829
So this is one of the things I brought up with

295
00:13:37,829 --> 00:13:39,230
the different doctors that I spoke to.

296
00:13:39,250 --> 00:13:41,530
I actually, as you might imagine,

297
00:13:41,550 --> 00:13:44,610
I got rid of that electro-physiologist that hang up on me.

298
00:13:44,630 --> 00:13:47,070
And I went from cardiologist to cardiologist

299
00:13:47,070 --> 00:13:50,170
to find someone who really understood these problems

300
00:13:50,170 --> 00:13:52,730
or at least why I was so worried about them.

301
00:13:52,740 --> 00:13:56,000
And I finally found a great cardiologist

302
00:13:56,000 --> 00:13:57,860
and a great electro-physiologist.

303
00:13:57,880 --> 00:14:02,940
Who said "I have never thought about this issue"

304
00:14:02,950 --> 00:14:05,560
"but I understand why it could be a problem."

305
00:14:05,570 --> 00:14:08,820
"You need this device. You can't wait another day."

306
00:14:08,820 --> 00:14:11,410
"But I'm going to work with you and see ways"

307
00:14:11,410 --> 00:14:14,470
"that we can at least address some of the things that you're worried about."

308
00:14:14,480 --> 00:14:19,000
So, one of the things that my electro-physiologist did

309
00:14:19,000 --> 00:14:22,000
was that he called around from hospital to hospital

310
00:14:22,000 --> 00:14:24,510
until he found an old device.

311
00:14:24,510 --> 00:14:28,900
So he said that I've got a simple heart condition.

312
00:14:28,930 --> 00:14:31,220
All that I need to do is to have a device that's going to

313
00:14:31,220 --> 00:14:33,900
be monitoring for a dangerous rhythm

314
00:14:33,900 --> 00:14:36,400
and if I get a dangerous rhythm, it will shock me.

315
00:14:36,410 --> 00:14:40,190
It's a much more simple algorithm than what the newer devices do.

316
00:14:40,190 --> 00:14:42,000
So a lot of the newer devices have this

317
00:14:42,000 --> 00:14:45,010
complex pacing algorithm for people who have a wide variety of problems.

318
00:14:45,010 --> 00:14:47,710
You'd understand why the medical companies do this.

319
00:14:47,750 --> 00:14:52,220
They do it because these devices are very difficult to make.

320
00:14:52,220 --> 00:14:53,790
They're precision manufacturers.

321
00:14:53,820 --> 00:14:57,300
And if they can get these devices that work for a broader range of cases

322
00:14:57,300 --> 00:14:59,000
then that's all the better.

323
00:14:59,000 --> 00:15:01,590
And then you never know what kind of additional complications

324
00:15:01,600 --> 00:15:03,465
that people are going to be developing.

325
00:15:03,465 --> 00:15:05,620
So, I don't have any symptoms now

326
00:15:05,620 --> 00:15:07,000
but I might develop them

327
00:15:07,000 --> 00:15:08,770
and it's great to have the pacing technology.

328
00:15:08,790 --> 00:15:11,170
But my electro-physiologist, my cardiologist said

329
00:15:11,318 --> 00:15:15,838
"Great, I now that you have a simple need here"

330
00:15:15,838 --> 00:15:17,610
"so why don't I find you an old device?"

331
00:15:17,620 --> 00:15:19,360
So I actually have an older device

332
00:15:19,360 --> 00:15:21,750
that communicate using magnetic coupling

333
00:15:21,750 --> 00:15:24,259
and not through wireless technology

334
00:15:24,259 --> 00:15:28,970
but my father has a wireless enabled pacemaker

335
00:15:28,980 --> 00:15:31,600
and when he walks into a room in the technician's office

336
00:15:31,630 --> 00:15:32,910
they just change his pulse.

337
00:15:33,128 --> 00:15:36,480
So, before he even sits down

338
00:15:36,490 --> 00:15:38,350
they know so much about him

339
00:15:38,350 --> 00:15:40,770
and they have the ability to really affect him.

340
00:15:40,858 --> 00:15:42,330
It's incredible.

341
00:15:43,590 --> 00:15:47,220
But as you can see at the last point on this slide

342
00:15:47,220 --> 00:15:48,720
these devices have been hacked.

343
00:15:48,740 --> 00:15:51,800
A university think-tank…

344
00:15:51,820 --> 00:15:55,460
actually a think-tank of a couple of universities worked together

345
00:15:55,460 --> 00:15:59,540
and showed that using just commercially available equipment

346
00:15:59,550 --> 00:16:02,010
you can hack into these devices and take control of them.

347
00:16:02,351 --> 00:16:05,920
They were able to not only deliver shocks,

348
00:16:06,010 --> 00:16:07,150
which is terrifying.

349
00:16:07,150 --> 00:16:07,170
I once had my device shock me in error
which is terrifying.

350
00:16:07,170 --> 00:16:09,200
I once had my device shock me in error

351
00:16:09,200 --> 00:16:12,600
and I can tell you it's like being kicked in the chest.

352
00:16:12,950 --> 00:16:16,820
You are basically out of commission

353
00:16:16,830 --> 00:16:17,830
at least for a few minutes

354
00:16:17,840 --> 00:16:20,180
I had to sit down and it was so exhausting

355
00:16:20,190 --> 00:16:23,000
just the surprise of it and the worry

356
00:16:23,000 --> 00:16:25,310
that I went to sleep for a few hours afterwards.

357
00:16:25,310 --> 00:16:29,190
It's pretty enduring.

358
00:16:29,190 --> 00:16:32,200
So not only that.

359
00:16:32,290 --> 00:16:33,650
They were able to deliver the shock,

360
00:16:33,670 --> 00:16:38,000
but they were also able to stop the delivering treatment.

361
00:16:38,000 --> 00:16:40,840
If the device was pacing, they could stop the pacing

362
00:16:40,840 --> 00:16:42,980
and a lot of people require their pacing

363
00:16:42,980 --> 00:16:42,990
in order to just live.
and a lot of people require their pacing

364
00:16:42,990 --> 00:16:44,290
in order to just live.

365
00:16:44,760 --> 00:16:46,460
A lot of people can't walk up a flight of stairs.

366
00:16:46,470 --> 00:16:49,227
My father is of these, if his pacing is disrupted.

367
00:16:49,520 --> 00:16:53,910
They were also able to get key information off

368
00:16:53,910 --> 00:16:54,780
of these devices.

369
00:16:54,780 --> 00:16:59,538
Like medical ID numbers, doctor's names,

370
00:17:00,412 --> 00:17:04,630
serial numbers… a lot of personal information that's broadcasting

371
00:17:04,640 --> 00:17:07,950
and there's no encryption of any kind on these devices.

372
00:17:07,960 --> 00:17:10,060
It's pretty scary.

373
00:17:10,070 --> 00:17:12,540
They were also able to put these devices into test mode.

374
00:17:12,720 --> 00:17:14,600
And what that does is it slowly runs on the battery

375
00:17:14,600 --> 00:17:16,980
Err… runs down the battery at a much faster rate

376
00:17:17,000 --> 00:17:20,000
than in normal circumstances

377
00:17:20,000 --> 00:17:22,410
and these devices are only as good as their batteries.

378
00:17:22,770 --> 00:17:25,378
So if my battery runs out on my device

379
00:17:25,805 --> 00:17:28,000
I need a new device, which means surgery.

380
00:17:28,000 --> 00:17:30,158
So, these devices have be hacked.

381
00:17:30,158 --> 00:17:33,077
It was after I was diagnosed that that happened

382
00:17:33,077 --> 00:17:36,138
but then I called up the doctor and said: "See?!"

383
00:17:36,138 --> 00:17:43,000
<i>Clapping</i>

384
00:17:43,000 --> 00:17:45,860
So the doctor really relies on the fact that

385
00:17:45,870 --> 00:17:47,850
these devices are approved by the FDA

386
00:17:47,850 --> 00:17:50,946
in the United States, and similar regulatory bodies elsewhere.

387
00:17:51,808 --> 00:17:55,966
So, as a good lawyer, I went and researched the FDA

388
00:17:55,966 --> 00:17:57,790
mechanism for approval of software

389
00:17:57,810 --> 00:18:00,082
And what I found, is that the FDA

390
00:18:00,082 --> 00:18:02,860
doesn't even typically review the source code on these devices

391
00:18:02,860 --> 00:18:06,280
Unless there is something obviously wrong with the software

392
00:18:06,280 --> 00:18:08,995
they generally don't even ask to see it

393
00:18:11,645 --> 00:18:14,860
There isn't actually a clear set of requirements for the software even

394
00:18:14,950 --> 00:18:19,350
and there are reasons for all these decisions of the FDA

395
00:18:19,360 --> 00:18:23,700
but we think the FDA is doing a lot more than it turns out that they are.

396
00:18:23,710 --> 00:18:26,175
The fact that they don't have a clear set of requirements

397
00:18:26,175 --> 00:18:28,171
is connected to the fact that

398
00:18:28,171 --> 00:18:31,790
they say that the companies that design these devices

399
00:18:31,930 --> 00:18:33,640
because they are so specialty

400
00:18:33,640 --> 00:18:36,460
and because they are so particular to each manufacturer

401
00:18:36,470 --> 00:18:40,000
There are probably tests that are specific to those devices

402
00:18:40,010 --> 00:18:43,460
and the people who know these devices best are the manufacturer

403
00:18:43,583 --> 00:18:46,769
and therefore they are the ones that need to design what the tests are.

404
00:18:46,769 --> 00:18:47,983
And there is some back and forth

405
00:18:47,983 --> 00:18:49,610
about whether they've done the right tests or not,

406
00:18:49,610 --> 00:18:51,607
but the truth of matter is that at the end of the day,

407
00:18:51,607 --> 00:18:54,400
there's nobody at the FDA that even sees the source code.

408
00:18:54,615 --> 00:18:56,850
Because they are not requesting the source code

409
00:18:56,950 --> 00:18:59,400
they don't even have a repository of it.

410
00:18:59,648 --> 00:19:03,850
So if there is catastrophic failure at Medtronic for example

411
00:19:04,010 --> 00:19:07,320
I don't know that there is a canonical repository

412
00:19:07,330 --> 00:19:09,220
for the software that I would have access to

413
00:19:09,250 --> 00:19:13,310
and without being able to update the software on my device

414
00:19:13,320 --> 00:19:15,340
I may get surgery to get a new one.

415
00:19:15,500 --> 00:19:18,440
So, if there is a problem

416
00:19:18,550 --> 00:19:26,129
my doctor, or truthfully some programming-savvy doctor

417
00:19:26,129 --> 00:19:29,470
I can find or would be able to work with

418
00:19:29,510 --> 00:19:33,230
to write a patch for my device, should there be a bug

419
00:19:33,260 --> 00:19:34,320
or should we find it out

420
00:19:35,920 --> 00:19:38,950
I actually spoke on a panel, with a guy

421
00:19:38,960 --> 00:19:40,650
in cyber-security at the FDA

422
00:19:40,650 --> 00:19:42,260
and I was really, really nervous

423
00:19:42,270 --> 00:19:44,670
because I did as much as I could as a lawyer

424
00:19:44,670 --> 00:19:46,370
I did all the research I could about the FDA

425
00:19:46,370 --> 00:19:49,920
but I was not sure if this was actually

426
00:19:49,920 --> 00:19:52,260
the case in practice so I put up the slide and I said

427
00:19:52,270 --> 00:19:55,937
John, tell me if I am wrong, but this is what I think it is.

428
00:19:55,937 --> 00:19:57,788
This is the way I think it is!

429
00:19:57,788 --> 00:20:00,490
And I followed with a slide about Free and Open Source Software

430
00:20:00,490 --> 00:20:02,930
and why is it so much better, and so much safer

431
00:20:02,950 --> 00:20:06,160
and as soon as he came up to speak he said:

432
00:20:06,233 --> 00:20:10,610
"Everybody thinks that the FDA should do this, the FDA should do that"

433
00:20:10,620 --> 00:20:12,840
"but we just don't have the resources"

434
00:20:13,013 --> 00:20:16,470
"and that is not what the FDA is set up to do"

435
00:20:16,470 --> 00:20:18,230
and he paused, and looked at me

436
00:20:18,230 --> 00:20:19,954
and just as I was about to… you know.

437
00:20:19,954 --> 00:20:22,953
And he said: "But you are saying something different"

438
00:20:22,953 --> 00:20:27,000
"You are saying, we let everybody else review the source code"

439
00:20:27,005 --> 00:20:29,141
"That is something very interesting!"

440
00:20:36,246 --> 00:20:42,220
So, making sure that our devices have software published

441
00:20:42,220 --> 00:20:43,320
means that anyone can review it

442
00:20:43,340 --> 00:20:47,000
My dad, who has that pacemaker is also an engineer

443
00:20:47,000 --> 00:20:48,800
and a fortunate programmer.

444
00:20:48,800 --> 00:20:50,260
He probably would have looked over it.

445
00:20:50,290 --> 00:20:52,451
Many of us know people with pacemaker.

446
00:20:52,451 --> 00:20:54,610
we would scour that code, for sure!

447
00:20:57,680 --> 00:20:59,330
One other thing that I found out

448
00:20:59,330 --> 00:21:00,680
which is a little bit weird

449
00:21:00,920 --> 00:21:04,020
is that because these devices in the United States

450
00:21:04,020 --> 00:21:07,050
are approved by a federal agency

451
00:21:07,560 --> 00:21:11,009
patients are preempted from suing under State True Law.

452
00:21:11,009 --> 00:21:13,790
So there is a whole avenue of remedy that patients

453
00:21:13,800 --> 00:21:16,808
normally get, which the medical manufacturers

454
00:21:16,808 --> 00:21:17,936
don't even have to worry about.

455
00:21:17,936 --> 00:21:20,810
So now, I mean, I am not saying that the medical device companies

456
00:21:20,810 --> 00:21:23,170
don't care if their patients die, obviously they do.

457
00:21:23,190 --> 00:21:27,940
But there is a whole part of legal remedies that aren't even available

458
00:21:30,460 --> 00:21:33,140
Really amazing, this research, and I have all of this set out

459
00:21:33,140 --> 00:21:35,128
in this paper I wrote that is available on

460
00:21:35,128 --> 00:21:37,548
the Software Freedom Law Center's website.

461
00:21:38,030 --> 00:21:43,123
All this results in the fact that I don't have freedom in my own body.

462
00:21:43,427 --> 00:21:47,440
I am not allowed to review the software that is implanted in it.

463
00:21:47,572 --> 00:21:50,500
It's literally connected in and screwed into my heart

464
00:21:50,500 --> 00:21:51,740
and I can't take a look at it.

465
00:21:51,928 --> 00:21:53,992
it's unbelievable to me.

466
00:21:55,392 --> 00:21:58,760
My mind is blown at the fact that the situation happened to me

467
00:21:58,770 --> 00:22:00,810
It is a little bit freakish that I was a lawyer

468
00:22:00,810 --> 00:22:01,950
at the Software Freedom Law Center

469
00:22:01,960 --> 00:22:04,640
and I happened to have this weird heart condition, I admit.

470
00:22:04,660 --> 00:22:08,030
but still just mind-blowing.

471
00:22:08,163 --> 00:22:09,940
I didn't even had a choice.

472
00:22:10,113 --> 00:22:13,636
The choice was either, you're extremely likely to die,

473
00:22:13,636 --> 00:22:15,670
or you can get this device in your body

474
00:22:15,880 --> 00:22:20,030
I hope that nobody in this room has to face that choice, but it was

475
00:22:20,040 --> 00:22:22,110
really, really scary.

476
00:22:23,522 --> 00:22:25,627
And then I started thinking about it,

477
00:22:25,872 --> 00:22:29,330
and you know, it's not just the heart devices.

478
00:22:29,656 --> 00:22:33,185
It's anything that our lives in our society rely on.

479
00:22:33,835 --> 00:22:38,750
And as I thought about it, I realized that this actually touches on

480
00:22:38,770 --> 00:22:43,428
a lot more areas of our lives than I thought it was.

481
00:22:46,750 --> 00:22:48,770
For example, cars.

482
00:22:51,476 --> 00:22:57,870
Like the university think tank that worked on those medical devices

483
00:22:57,870 --> 00:23:02,070
and I would say, if you have time in our board, you should totally read that study.

484
00:23:02,080 --> 00:23:08,000
It's fascinating, they implanted that device into a bag of bacon or meat of some kind

485
00:23:08,000 --> 00:23:12,000
to stimulate it and they show all the equipment that you can find anywhere

486
00:23:12,745 --> 00:23:15,350
that they used to hack into it.

487
00:23:15,821 --> 00:23:18,870
But the same process as done with cars.

488
00:23:19,090 --> 00:23:23,040
And a different think tank showed that they were able

489
00:23:23,060 --> 00:23:25,880
to hack into two different brands,

490
00:23:25,910 --> 00:23:28,000
two different manufacturer cars.

491
00:23:29,940 --> 00:23:33,650
So the IEEE says that a premium class car

492
00:23:33,680 --> 00:23:35,510
has close to 100 million lines of code.

493
00:23:35,580 --> 00:23:39,610
So if we think back to what the Software Engineering Institute said

494
00:23:39,630 --> 00:23:42,390
about one bug for every 100 lines of code

495
00:23:42,390 --> 00:23:46,250
that's a lot of bugs, just in your car.

496
00:23:49,570 --> 00:23:51,640
And what this think tank was able to do,

497
00:23:51,640 --> 00:23:53,950
was all the things you might expect.

498
00:23:53,960 --> 00:23:57,610
They are able to cause the car to accelerate, to brake.

499
00:23:57,880 --> 00:24:02,645
They were able to control each wheel of a car individually.

500
00:24:02,852 --> 00:24:05,662
And my favorite part, just for kicks,

501
00:24:05,662 --> 00:24:08,455
I don't know if you can see, but

502
00:24:08,455 --> 00:24:11,249
they're able to put a message on the dash

503
00:24:11,490 --> 00:24:15,000
and so, they said pwnd and there is a little

504
00:24:15,000 --> 00:24:19,020
x-eyed emoticon there.

505
00:24:19,692 --> 00:24:23,093
The idea that they are able to take control over

506
00:24:23,093 --> 00:24:25,255
two different brands of premium class cars

507
00:24:25,255 --> 00:24:28,508
is really amazing to me.

508
00:24:30,510 --> 00:24:34,700
Voting machines is another area that is super critical

509
00:24:34,700 --> 00:24:36,180
and we've actually been talking about.

510
00:24:36,200 --> 00:24:38,389
A lot of security experts have been talking about.

511
00:24:38,389 --> 00:24:40,520
the problems with their voting machines.

512
00:24:40,520 --> 00:24:45,070
In the United States, we rely on Diebold

513
00:24:45,070 --> 00:24:49,000
and a lot of private manufacturers.

514
00:24:51,600 --> 00:24:54,190
We have had problems with calibration.

515
00:24:54,200 --> 00:24:58,040
I don't know if you've seen, but there is this hilarious cartoons

516
00:24:58,060 --> 00:25:00,628
of people trying to vote for the right candidate

517
00:25:00,628 --> 00:25:03,240
and the name of the candidate they want to vote for

518
00:25:03,270 --> 00:25:06,560
moving around the screen, you sort of trying to poke after it

519
00:25:06,570 --> 00:25:08,470
and eventually, whatever you wanted to do it says:

520
00:25:08,480 --> 00:25:12,920
"You wanted to vote for the opposite candidate, right? right?"

521
00:25:13,020 --> 00:25:16,260
And it's very difficult to know because we sometimes

522
00:25:16,290 --> 00:25:18,390
don't have a verification of paper receipt

523
00:25:18,420 --> 00:25:21,790
we don't even know that our vote was counted properly

524
00:25:21,800 --> 00:25:25,020
and we were able to vote candidate in the end.

525
00:25:26,238 --> 00:25:29,800
Really weird, as this is the basis of our society

526
00:25:29,820 --> 00:25:32,094
and the backbone of our democracy.

527
00:25:33,308 --> 00:25:35,020
I love what they did in Brazil.

528
00:25:35,210 --> 00:25:38,408
I don't know if you guys heard about this, but Brazil said:

529
00:25:38,408 --> 00:25:42,846
"We know that software has vulnerabilities and software has bugs."

530
00:25:42,846 --> 00:25:46,027
"So we're gonna invite teams of hackers to come in,"

531
00:25:46,027 --> 00:25:47,948
"we're gonna give you the source code"

532
00:25:47,948 --> 00:25:49,985
"and we're gonna give a prize"

533
00:25:49,990 --> 00:25:52,414
"to anybody who find a way to…"

534
00:25:52,414 --> 00:25:55,000
"who finds a vulnerability to get into the system"

535
00:25:55,000 --> 00:25:59,959
All those teams, two of them were able to find bugs.

536
00:25:59,959 --> 00:26:03,550
They say that neither of them would have affected

537
00:26:03,570 --> 00:26:08,600
an election, but they were able to fix those bugs.

538
00:26:08,792 --> 00:26:10,930
And those hackers got a prize.

539
00:26:10,930 --> 00:26:12,960
Democracy is safer.

540
00:26:12,970 --> 00:26:14,970
Security through obscurity doesn't work.

541
00:26:14,970 --> 00:26:17,330
I don't know when we're going to figure this out,

542
00:26:17,340 --> 00:26:20,790
but Brazil has got it done. So it's possible.

543
00:26:21,700 --> 00:26:24,250
Our financial institutions, yeah, it's exciting!

544
00:26:24,270 --> 00:26:27,430
Financial institutions are an other area we've seen recently

545
00:26:27,430 --> 00:26:31,910
how bad it can be when our trusted institutions fail.

546
00:26:32,330 --> 00:26:35,555
A lot of these institutions are running software

547
00:26:35,555 --> 00:26:37,464
and our stock markets

548
00:26:37,464 --> 00:26:39,250
and the operations of our banks.

549
00:26:39,250 --> 00:26:43,010
These are all things that are critical

550
00:26:43,010 --> 00:26:45,944
to just the way we live our lives.

551
00:26:45,944 --> 00:26:50,078
It's more of a societal thing but we've already seen

552
00:26:50,078 --> 00:26:51,966
that there are vulnerabilities there.

553
00:26:52,440 --> 00:26:57,240
So, all this to say, it sounds heavy-handed

554
00:26:57,250 --> 00:27:01,040
but my medical device can be controlled!

555
00:27:01,488 --> 00:27:04,010
Our cars can be controlled and interfered with

556
00:27:04,014 --> 00:27:06,420
and our financial institutions can be compromised.

557
00:27:07,850 --> 00:27:13,260
I think we can all agree that our society and life-critical software must be safe.

558
00:27:13,810 --> 00:27:16,250
But we're in a really interesting time right now.

559
00:27:16,498 --> 00:27:22,150
Because how do we know what software that we use is life and society-critical?

560
00:27:22,720 --> 00:27:25,224
The way that we use computers has totally changed

561
00:27:25,224 --> 00:27:27,520
very very rapidly and very recently.

562
00:27:29,160 --> 00:27:33,330
I've been astounded how people of all ages have started using computers

563
00:27:33,350 --> 00:27:35,510
in a way that they never have before.

564
00:27:36,400 --> 00:27:40,530
It's no longer specific tech-savvy people that are computing.

565
00:27:40,530 --> 00:27:44,620
It's everybody, it's our grandparents, it's everyone.

566
00:27:44,621 --> 00:27:47,290
And we're using our software for everything,

567
00:27:48,160 --> 00:27:52,000
it's become how we do everything

568
00:27:52,159 --> 00:27:54,017
How we communicate with each other.

569
00:27:54,345 --> 00:27:56,620
How we talk on the phone

570
00:27:56,798 --> 00:28:00,170
How we write, how we create art

571
00:28:00,310 --> 00:28:04,000
How we handle our educational institutions

572
00:28:04,010 --> 00:28:05,620
and how we manage our lives

573
00:28:06,300 --> 00:28:08,080
We're building this infrastructure

574
00:28:08,110 --> 00:28:10,823
and we're not really even thinking about it

575
00:28:11,862 --> 00:28:15,876
A lot of people are using their phones to monitor things like their

576
00:28:16,715 --> 00:28:19,290
exercise schedules and their diet

577
00:28:20,042 --> 00:28:24,280
it's very convenient because you're keeping track of what you've eaten

578
00:28:24,300 --> 00:28:27,380
as you go, or what you do

579
00:28:27,420 --> 00:28:32,920
Some phone have pedometers, functionality built-in

580
00:28:33,140 --> 00:28:35,506
and that's kind of basic and fundamental

581
00:28:35,506 --> 00:28:38,710
but there is already software for the iPhone

582
00:28:39,160 --> 00:28:42,050
that can talk to an implanted insulin pump

583
00:28:42,670 --> 00:28:48,300
and compare your exercise and your diet information

584
00:28:48,300 --> 00:28:51,792
with your blood sugar levels on your insulin pump

585
00:28:52,105 --> 00:28:56,065
So now, suddenly, we're back to were I was with my medical device.

586
00:28:56,065 --> 00:28:59,191
You got an iPhone that you're relying on for your life.

587
00:28:59,450 --> 00:29:03,997
So, we're building all this infrastructure,

588
00:29:03,997 --> 00:29:05,795
and we're willing to think about it

589
00:29:06,720 --> 00:29:08,850
which is why the desktop is so important

590
00:29:09,030 --> 00:29:11,700
This is where sort of all this all fits in to

591
00:29:11,820 --> 00:29:15,570
my personal story and why I left the Freedom Software Law Center

592
00:29:15,580 --> 00:29:18,000
which I loved and felt like the luckiest lawyer in the world

593
00:29:18,030 --> 00:29:21,200
for being able to work there and been to the Gnome Foundation

594
00:29:21,220 --> 00:29:22,795
which I also left.

595
00:29:24,390 --> 00:29:27,570
And I say the desktop in quotes because I am talking about

596
00:29:27,570 --> 00:29:29,580
these ways that we interact with our computing

597
00:29:29,590 --> 00:29:32,030
in the ways that we manage our lives through software

598
00:29:33,145 --> 00:29:36,235
We've reached the point where software must be usable by everyone.

599
00:29:36,235 --> 00:29:38,620
I think everybody here

600
00:29:38,630 --> 00:29:42,520
probably knows an older person, who as of a few years ago

601
00:29:42,520 --> 00:29:44,728
probably never did anything with their computer.

602
00:29:44,728 --> 00:29:46,901
My mother was one of these people.

603
00:29:47,512 --> 00:29:51,150
I remember when I was a kid I kept saying

604
00:29:51,160 --> 00:29:53,200
"but mom look at these cool games!"

605
00:29:53,242 --> 00:29:54,310
"Not interested"

606
00:29:54,340 --> 00:29:57,010
And I remember when I was in college and I said:

607
00:29:57,030 --> 00:30:00,170
"Mom if we could talk by email, it could be so much better!"

608
00:30:00,340 --> 00:30:01,190
Nothing…

609
00:30:01,370 --> 00:30:04,060
I remember in Law School, I was saying

610
00:30:04,080 --> 00:30:07,100
"Mom I can do all this great research using my computer,"

611
00:30:07,110 --> 00:30:09,300
"I don't have to sit all day in a library, it's awesome"

612
00:30:09,300 --> 00:30:10,000
Nothing…

613
00:30:10,990 --> 00:30:15,450
Later I tried to say "mom I'm going to organize my travel using the computer!"

614
00:30:15,610 --> 00:30:18,100
Suddenly, she was slightly interested

615
00:30:18,350 --> 00:30:22,680
and now, with everything that has come to pass

616
00:30:22,690 --> 00:30:24,624
she can't do anything without her computer now

617
00:30:24,624 --> 00:30:26,386
Now, her computer has become…

618
00:30:26,540 --> 00:30:30,349
The first thing that she does, she emails and text to her friends

619
00:30:30,349 --> 00:30:33,910
she does her travels, she manages her finances

620
00:30:33,920 --> 00:30:36,120
it's spectacular to me because

621
00:30:36,150 --> 00:30:38,735
I didn't use my father because he was an engineer

622
00:30:39,090 --> 00:30:41,900
but my mother was really a bit of a technophobe

623
00:30:41,930 --> 00:30:44,250
And now she loves Apple

624
00:30:44,470 --> 00:30:45,540
LOVES APPLE

625
00:30:45,560 --> 00:30:48,310
She can use her computer to do… She doesn't have to think about it

626
00:30:48,320 --> 00:30:52,457
It's great, and it's very frustrating to me

627
00:30:54,250 --> 00:30:57,660
But I'm excited for her because she now can use a computer

628
00:30:57,660 --> 00:31:00,150
and it's something she owns now

629
00:31:00,160 --> 00:31:03,950
She doesn't ask me a question, well she does…

630
00:31:03,980 --> 00:31:08,000
But she doesn't think that there is any reason why

631
00:31:08,000 --> 00:31:11,761
these devices are not targeted at her

632
00:31:11,761 --> 00:31:17,578
and she is very much a representative of the majority of our society.

633
00:31:17,578 --> 00:31:20,810
And these are people, only a few years ago, would not have been

634
00:31:20,810 --> 00:31:23,900
that able to do very much with their computer.

635
00:31:24,945 --> 00:31:28,848
We need to appeal to these people because they are the ones

636
00:31:28,848 --> 00:31:31,292
that are making choices like supporting iPhone

637
00:31:31,292 --> 00:31:33,990
to put in their exercise and diet regimes to talk

638
00:31:34,000 --> 00:31:34,820
to their insulin pumps.

639
00:31:34,830 --> 00:31:39,039
These are the kind of things that we need to really worry about.

640
00:31:39,039 --> 00:31:45,030
because if we can't make our software easy to use by everybody,

641
00:31:45,350 --> 00:31:47,063
no one is gonna want to use it.

642
00:31:47,292 --> 00:31:50,565
And we have an opportunity now

643
00:31:50,565 --> 00:31:52,442
a window that is slowly closing

644
00:31:52,619 --> 00:31:54,870
because we're making choices now

645
00:31:54,870 --> 00:31:56,691
that we're gonna have to live with for a long time.

646
00:31:56,691 --> 00:31:58,500
We're building habits, we're building expectations

647
00:31:58,689 --> 00:32:02,797
and we're establishing the metrics in our society for what is

648
00:32:02,797 --> 00:32:04,771
acceptable software and what isn't.

649
00:32:07,931 --> 00:32:10,580
I'm not gonna read these to you, you guys are here,

650
00:32:10,590 --> 00:32:14,570
at LinuxConfAU, you know all the awesome reasons

651
00:32:14,590 --> 00:32:16,710
why you should use Free and Open Source software

652
00:32:16,730 --> 00:32:18,630
You're here for all those reasons

653
00:32:18,660 --> 00:32:20,450
including that it's just really fun.

654
00:32:20,570 --> 00:32:22,450
We've been having a great time here,

655
00:32:22,460 --> 00:32:24,240
and learning about all sorts of really cool things

656
00:32:24,600 --> 00:32:26,130
but the underscore of all that

657
00:32:26,310 --> 00:32:29,575
and where all these reasons can come from is from Freedom

658
00:32:31,930 --> 00:32:34,570
Free and Open Source software is not just good business

659
00:32:34,600 --> 00:32:36,340
it's also the right thing to do

660
00:32:36,581 --> 00:32:40,770
So when we talk about our heart devices, we talk about our voting machines

661
00:32:40,790 --> 00:32:42,820
and then we talk about the way we live our lives

662
00:32:42,850 --> 00:32:45,000
and the infrastructure of how we talk to one another.

663
00:32:45,112 --> 00:32:49,083
We see that Free and Open Source software is just

664
00:32:49,083 --> 00:32:50,830
the right thing to do for our society

665
00:32:50,903 --> 00:32:52,778
and in order to bring that to other people

666
00:32:52,860 --> 00:32:56,772
we need to make sure, it's easy and clear for them to use

667
00:32:56,920 --> 00:33:00,800
These are some screenshots from the Gnome 3 release which

668
00:33:01,130 --> 00:33:02,920
Most of who I would say are probably familiar

669
00:33:02,920 --> 00:33:05,150
with already and are forming your own opinions about whether

670
00:33:05,160 --> 00:33:07,010
you… <i>laughs</i>

671
00:33:07,010 --> 00:33:09,780
Gnome 3 is something that you want to use or not

672
00:33:09,780 --> 00:33:13,000
and I think that no mater what perspective you come from

673
00:33:13,010 --> 00:33:15,520
I think that you can see that the Gnome 3 rewrite is done

674
00:33:15,540 --> 00:33:18,970
to address these issues, it's to make our software

675
00:33:18,990 --> 00:33:20,620
sleek and usable by everybody.

676
00:33:21,420 --> 00:33:23,415
I joined Gnome after the Gnome 3 release

677
00:33:23,415 --> 00:33:25,410
and it was the Gnome 3 release

678
00:33:25,410 --> 00:33:28,065
that made me realize that I had to go work for Gnome

679
00:33:28,095 --> 00:33:30,090
because this is our future.

680
00:33:30,100 --> 00:33:34,000
We need to cross the bridge, we need to be able to provide software

681
00:33:34,000 --> 00:33:38,000
to people who otherwise wouldn't be able to use it.

682
00:33:38,000 --> 00:33:41,000
We need to make sure our desktop are accessible by everyone

683
00:33:41,000 --> 00:33:44,060
because we are not going to be able to build

684
00:33:44,110 --> 00:33:46,370
the right infrastructure for a whole society

685
00:33:46,390 --> 00:33:48,665
if we don't bring these people on board too.

686
00:33:50,370 --> 00:33:52,280
This is a second screenshot.

687
00:33:52,310 --> 00:33:55,210
It happens to be Marina from the Gnome community

688
00:33:55,230 --> 00:34:00,890
and she's the head of the Gnome outreach program for women

689
00:34:01,000 --> 00:34:04,738
which is an awesome program and is a kind

690
00:34:04,738 --> 00:34:06,260
of thing that you can do in a non-profit.

691
00:34:06,260 --> 00:34:06,280
But what you may not have seen is that

692
00:34:06,280 --> 00:34:08,180
But what you may not have seen is that

693
00:34:08,200 --> 00:34:11,670
we launched, very recently, an extension website.

694
00:34:11,670 --> 00:34:13,510
extensions.gnome.org

695
00:34:13,540 --> 00:34:16,262
where third-parties can upload

696
00:34:16,966 --> 00:34:21,230
extensions for the Gnome Shell and it's a simple point-and-click

697
00:34:21,240 --> 00:34:22,940
for Gnome 3.2

698
00:34:23,330 --> 00:34:25,840
So you can install all those customizations

699
00:34:25,980 --> 00:34:29,070
and we're trying to build the ways

700
00:34:29,070 --> 00:34:32,130
that Gnome 3 is going to develop over time

701
00:34:32,140 --> 00:34:37,780
So, even though we have a single Gnome Shell vision,

702
00:34:37,780 --> 00:34:40,450
with what I think are great choices,

703
00:34:40,450 --> 00:34:44,966
if you disagree with them, there is a way to implement changes.

704
00:34:47,712 --> 00:34:51,000
Gnome, I think, and I think many agree.

705
00:34:51,000 --> 00:34:51,010
I've actually had a lot of people looking at my computer

706
00:34:51,010 --> 00:34:54,250
I've actually had a lot of people looking at my computer

707
00:34:54,280 --> 00:34:55,100
over my shoulder and say

708
00:34:55,110 --> 00:34:57,800
"Oh my God what is that, that's so great!"

709
00:34:57,810 --> 00:35:00,840
"It's not a Mac, but it looks so good"

710
00:35:01,190 --> 00:35:02,780
"What's the story with that?"

711
00:35:02,790 --> 00:35:06,730
So it's beautiful, but it's a lot more than beautiful

712
00:35:06,760 --> 00:35:08,220
It's non-profit driven

713
00:35:08,527 --> 00:35:11,040
And in the Free and Open Source software space

714
00:35:11,050 --> 00:35:15,113
we have a lot of different ways that we develop our software together.

715
00:35:15,113 --> 00:35:20,797
Some of our projects are more on the Android

716
00:35:20,797 --> 00:35:24,833
or Unity side of things

717
00:35:24,833 --> 00:35:27,878
where they're mostly controlled by a single company

718
00:35:27,878 --> 00:35:32,049
and there are communities that build up around that

719
00:35:32,049 --> 00:35:34,834
but at the end of the day, the ultimate control

720
00:35:34,834 --> 00:35:36,540
of the project is by a single company.

721
00:35:36,804 --> 00:35:40,610
And then we have projects like Gnome that are non-profit focused

722
00:35:40,862 --> 00:35:43,440
and this actually touches on some other stuff that Bruce

723
00:35:43,440 --> 00:35:44,930
was mentioning in his keynote.

724
00:35:46,150 --> 00:35:49,550
What you get for non-profit development, or having a non-profit

725
00:35:49,560 --> 00:35:54,025
that unifies the development in the community is a lot.

726
00:35:54,025 --> 00:35:56,982
And one of the main things that you get is to keep other trust

727
00:35:57,110 --> 00:36:00,030
So the Gnome community for example,

728
00:36:01,130 --> 00:36:03,540
the Foundation is composed of members

729
00:36:03,570 --> 00:36:06,190
there is over 300 members and it varies depending

730
00:36:06,190 --> 00:36:08,680
on where people are and renewing their membership.

731
00:36:08,690 --> 00:36:11,770
But in order to become a member, you have to be a contributor

732
00:36:11,790 --> 00:36:14,050
to Gnome and it's only available to individuals

733
00:36:14,300 --> 00:36:16,760
and if you're a contributor to Gnome

734
00:36:17,140 --> 00:36:19,760
you can become a member, which allows you to vote for

735
00:36:19,780 --> 00:36:23,610
the Board of Directors which influences the direction of the project

736
00:36:23,620 --> 00:36:26,421
help spread infrastructure to support development

737
00:36:26,421 --> 00:36:28,240
and decides to hire people like me.

738
00:36:28,500 --> 00:36:33,180
So who are out there advocating for the ideology of Free and Open Source software

739
00:36:33,280 --> 00:36:36,830
and helping to organize this kind of effort

740
00:36:37,080 --> 00:36:39,612
So if you imagine the situation now,

741
00:36:39,612 --> 00:36:44,630
the Gnome community does not require copyright assignment

742
00:36:44,850 --> 00:36:51,000
but if a non-profit community like the Gnome community were to require,

743
00:36:51,000 --> 00:36:53,130
or were to accept copyright assignment,

744
00:36:53,170 --> 00:36:55,315
those copyrights were to be held by a Foundation

745
00:36:55,315 --> 00:36:59,850
that had an oversight by the contributors

746
00:36:59,870 --> 00:37:01,640
by everyone who has a stake in the community,

747
00:37:01,640 --> 00:37:02,840
by everybody who invest in it.

748
00:37:02,920 --> 00:37:07,070
There is a certain assurance to knowing that the control

749
00:37:07,100 --> 00:37:09,720
of a community is in a non-profit that is

750
00:37:09,730 --> 00:37:15,000
focused on what the contributors want, diversely,

751
00:37:15,000 --> 00:37:16,268
over companies.

752
00:37:18,840 --> 00:37:20,870
I want to stress that I'm not saying

753
00:37:20,870 --> 00:37:24,860
that companies don't have a very important place

754
00:37:24,860 --> 00:37:26,370
in Free and Open Source Software of course.

755
00:37:26,500 --> 00:37:31,070
Companies must be able to develop products

756
00:37:31,080 --> 00:37:34,450
in the Free and Open Source community but we need to

757
00:37:34,450 --> 00:37:37,990
encourage these non-profit structures which are focused on the ideology

758
00:37:38,020 --> 00:37:40,740
and work with companies to help them accomplish their goals.

759
00:37:40,760 --> 00:37:45,650
But under the rubric of non-profits the way that we have in the Gnome community

760
00:37:45,670 --> 00:37:47,620
We have a lot of companies that are involved in Gnome,

761
00:37:47,760 --> 00:37:49,160
on any Advisory Boards,

762
00:37:49,170 --> 00:37:50,630
and are just good participants

763
00:37:52,040 --> 00:37:56,100
but the overall mission of the Gnome Foundation and the community

764
00:37:56,560 --> 00:37:59,410
is the public good.

765
00:37:59,420 --> 00:38:02,790
We are a public charity, so we are focused on the public good

766
00:38:02,810 --> 00:38:04,520
not on our profit.

767
00:38:05,790 --> 00:38:08,800
We care about our profit but for participants in our community

768
00:38:08,940 --> 00:38:10,670
but what it means at the end of the day

769
00:38:10,670 --> 00:38:13,990
is that we want to make the World a better place.

770
00:38:14,210 --> 00:38:16,980
Sounds a little bit hokey

771
00:38:17,110 --> 00:38:19,280
but let's be honest, that where a lot of this

772
00:38:19,310 --> 00:38:21,000
Free and Open Source software came from originally

773
00:38:21,000 --> 00:38:24,000
ideologically that's why we have such great and cool software

774
00:38:24,000 --> 00:38:26,668
We have to start thinking about making the World a better place.

775
00:38:27,650 --> 00:38:30,900
So we, at Gnome, recently launched an accessibility campaign

776
00:38:30,980 --> 00:38:33,300
We want to make 2012 the year of accessibility

777
00:38:33,330 --> 00:38:34,852
This is a perfect example

778
00:38:34,852 --> 00:38:37,840
Yeah, it's really cool work, it's super important.

779
00:38:37,840 --> 00:38:40,998
*crowd clapping*

780
00:38:40,998 --> 00:38:43,410
So this is exactly the kind of thing that a company

781
00:38:43,410 --> 00:38:45,333
might not be able to afford to do

782
00:38:45,640 --> 00:38:50,000
because it's not necessarily in the interest

783
00:38:50,000 --> 00:38:55,000
in increasing the bottom line to work on specific accessibility initiatives

784
00:38:55,000 --> 00:38:56,530
for smaller populations of people.

785
00:38:56,598 --> 00:38:58,669
But we at Gnome understand that this is

786
00:38:58,669 --> 00:39:02,280
incredibly important because a desktop that's not usable by everybody

787
00:39:02,300 --> 00:39:05,031
is one that fails our mission.

788
00:39:05,193 --> 00:39:09,460
So this guy is Robert Cole, he is super awesome

789
00:39:09,480 --> 00:39:11,000
That's a picture of him in his family,

790
00:39:11,150 --> 00:39:14,000
he was kind enough to come forward and let us use

791
00:39:14,000 --> 00:39:17,720
his testimony for accessibility campaign

792
00:39:17,920 --> 00:39:20,230
He was born with a vision defect

793
00:39:20,250 --> 00:39:22,220
So he has no vision in one eye,

794
00:39:22,220 --> 00:39:24,632
and very limited vision in the other eye

795
00:39:25,080 --> 00:39:31,540
He was relying on some proprietary assistive technologies

796
00:39:31,540 --> 00:39:34,240
at one point that were really working for him

797
00:39:34,250 --> 00:39:37,650
he got a grant from his local government in order to

798
00:39:37,650 --> 00:39:41,560
get those technologies and they were assisting him to work.

799
00:39:41,750 --> 00:39:45,290
But then when his system upgraded, he applied for more funding

800
00:39:45,290 --> 00:39:47,980
to get the upgrade of his assistive technologies and he was denied

801
00:39:48,000 --> 00:39:48,960
additional funding.

802
00:39:49,517 --> 00:39:51,185
And he was just out of luck.

803
00:39:52,166 --> 00:39:55,340
Fortunately, Gnome has been a very accessible desktop

804
00:39:55,340 --> 00:39:57,170
and he was able to use Gnome technologies,

805
00:39:57,180 --> 00:40:01,370
and through that he became a very active member of the Gnome community

806
00:40:01,400 --> 00:40:03,420
but with Free and Open Source software technology

807
00:40:03,420 --> 00:40:05,660
whatever we develop is going to be out there,

808
00:40:05,680 --> 00:40:08,350
it's going to be available, you don't have to rely on

809
00:40:08,350 --> 00:40:10,677
expensive proprietary upgrades to know that

810
00:40:10,677 --> 00:40:12,720
you're going to continue to be able to use your software,

811
00:40:12,730 --> 00:40:14,476
should your overall system upgrade.

812
00:40:14,476 --> 00:40:21,223
So making sure that this kind of work is done in a Free and Open Source software environment

813
00:40:21,223 --> 00:40:23,160
is extremely important so we just launched

814
00:40:23,190 --> 00:40:25,910
this accessibility campaign if you donate to Gnome

815
00:40:25,980 --> 00:40:28,670
while this campaign is going on we pledged to use the money

816
00:40:28,690 --> 00:40:30,892
to help develop assistive technologies.

817
00:40:33,450 --> 00:40:36,740
So all this to say: let's choose freedom!

818
00:40:36,750 --> 00:40:42,232
We can choose freedom, we in this room are a very special group of people.

819
00:40:42,232 --> 00:40:47,910
While I'm focusing on what our users are doing and how we must bring our users all…

820
00:40:47,920 --> 00:40:49,736
and I say the broad of users,

821
00:40:49,736 --> 00:40:51,552
we have to think big, we have to think giant!

822
00:40:51,570 --> 00:40:57,010
While we need to do things that bring our user base in,

823
00:40:57,010 --> 00:41:00,280
people in this room are making choices everyday

824
00:41:00,300 --> 00:41:03,720
I can't tell how many iPhones I have seen at this conference

825
00:41:03,720 --> 00:41:05,700
how many Macs I have seen in this conference.

826
00:41:05,730 --> 00:41:07,900
You know we have the technology, it's good.

827
00:41:07,940 --> 00:41:13,000
I don't really tweak my desktop very much anymore at all

828
00:41:13,280 --> 00:41:16,790
I've switched over to Gnome-shell and it's so sleek

829
00:41:16,790 --> 00:41:19,960
and great and I barely use the command line

830
00:41:19,960 --> 00:41:23,990
for things that are connected to my computing environment

831
00:41:24,000 --> 00:41:27,160
and only then when I really feel I can't

832
00:41:27,170 --> 00:41:29,890
It's not for everybody, but we need to choose

833
00:41:29,890 --> 00:41:32,530
free an open platform, we need to develop on them

834
00:41:32,710 --> 00:41:34,460
because it's the only way we're gonna create

835
00:41:34,470 --> 00:41:37,870
these safer and better societies

836
00:41:37,900 --> 00:41:40,090
It's the only way we're going to create a World

837
00:41:40,110 --> 00:41:44,030
where we know that our software can be reviewed

838
00:41:44,060 --> 00:41:45,480
and that it will have integrity

839
00:41:46,790 --> 00:41:52,840
We need to build our communities in the non-profit space

840
00:41:53,110 --> 00:41:56,000
Because we need to create those really good degrees of trust

841
00:41:56,410 --> 00:41:59,438
We need to bring our ideology back into Free software.

842
00:42:00,184 --> 00:42:03,132
Going a little bit out there, I'd say:

843
00:42:03,132 --> 00:42:05,264
It's not about terminology, it's about ideology.

844
00:42:05,464 --> 00:42:06,545
We really need to think about

845
00:42:06,545 --> 00:42:08,809
making the World a better place because we can,

846
00:42:08,809 --> 00:42:09,920
and we should.

847
00:42:10,520 --> 00:42:15,520
I have this picture from the original Apple campaign.

848
00:42:15,622 --> 00:42:21,340
Because it really strikes me that this woman

849
00:42:21,360 --> 00:42:24,680
coming and taking her hammer and,

850
00:42:24,710 --> 00:42:29,330
flinging it against the establishment and the machine

851
00:42:29,400 --> 00:42:31,610
for individuality and our freedom,

852
00:42:31,800 --> 00:42:33,380
and it really speaks to me now.

853
00:42:34,710 --> 00:42:36,860
Let's choose Free and Open Source software

854
00:42:36,860 --> 00:42:39,470
for ourselves, and for our society.

855
00:42:42,090 --> 00:42:45,500
So the Gnome Foundation is a charitable organization.

856
00:42:45,540 --> 00:42:47,150
We accept donations.

857
00:42:47,150 --> 00:42:53,260
And my talk is freely licensed so feel free to quote it

858
00:42:53,460 --> 00:42:55,620
and republish it.

859
00:42:56,860 --> 00:42:58,400
Does anybody have any questions?

860
00:42:59,910 --> 00:43:15,160
*crowd clapping*

861
00:43:16,008 --> 00:43:17,215
Good day.

862
00:43:18,554 --> 00:43:23,660
I guess I personally see it as a really positive future

863
00:43:23,660 --> 00:43:28,070
because I think there is never going to be a year of

864
00:43:28,080 --> 00:43:30,550
the leading desktop where everyone suddenly converts

865
00:43:30,560 --> 00:43:32,480
but it would just be this gradual process.

866
00:43:32,480 --> 00:43:35,495
in the same way that most of us have come to Linux

867
00:43:35,495 --> 00:43:39,098
after some other proprietary process

868
00:43:40,310 --> 00:43:45,282
I'm wondering how you see us engaging with not

869
00:43:45,282 --> 00:43:48,461
the entirety of society, cause that's way to difficult

870
00:43:48,461 --> 00:43:51,763
but what's the next age of the people

871
00:43:51,763 --> 00:43:54,653
that we can engage with and that can then convert

872
00:43:54,653 --> 00:43:57,040
their friends and their parents and so forth?

873
00:43:57,353 --> 00:44:00,050
I also think that the next wave is that we need to get

874
00:44:00,070 --> 00:44:01,450
into schools as much as possible

875
00:44:01,710 --> 00:44:04,500
I think there are a lot of great initiatives to bring

876
00:44:04,500 --> 00:44:07,352
our various free distros into schools

877
00:44:07,352 --> 00:44:10,415
what really strikes me is that, in the United States in particular,

878
00:44:10,415 --> 00:44:15,027
there are a number of non-profits that are set up as technology charities

879
00:44:15,027 --> 00:44:20,172
and what they do is they bring Microsoft licenses and other proprietary licenses

880
00:44:20,172 --> 00:44:23,405
to underprivileged communities and to schools.

881
00:44:23,405 --> 00:44:25,263
They get tax breaks for doing that

882
00:44:25,263 --> 00:44:28,569
What they're actually doing is creating a dependency

883
00:44:28,569 --> 00:44:32,299
on proprietary software and it's a very clever,

884
00:44:32,299 --> 00:44:34,183
very very clever technique

885
00:44:34,183 --> 00:44:38,619
because we're training people to use certain kind of software.

886
00:44:38,619 --> 00:44:39,936
We need to do the same thing.

887
00:44:40,192 --> 00:44:41,863
I know there are a lot of great initiatives already.

888
00:44:41,863 --> 00:44:43,990
Gnome has a number of initiatives that would do this.

889
00:44:44,140 --> 00:44:47,565
And I'd say everybody get involved in your community

890
00:44:47,565 --> 00:44:50,170
and start bringing our software into schools.

891
00:44:50,170 --> 00:44:51,381
I think that a first step.

892
00:44:51,381 --> 00:44:54,520
I think the next step is writing really cool

893
00:44:54,580 --> 00:44:57,850
applications for our Free and Open platforms

894
00:44:57,990 --> 00:45:00,383
If we've got the next cool thing,

895
00:45:00,383 --> 00:45:02,000
then people would want to use it.

896
00:45:02,000 --> 00:45:04,215
There are lots of different steps. I think you're right.

897
00:45:04,215 --> 00:45:07,594
There is no easy answer to make

898
00:45:07,594 --> 00:45:10,289
this the year of the GNU/Linux desktop

899
00:45:10,289 --> 00:45:12,894
it just doesn't happen as easily as that

900
00:45:12,894 --> 00:45:14,572
but there are things that we can do in the schools,

901
00:45:14,572 --> 00:45:16,659
It's, I think, the first place we should start.

902
00:45:18,640 --> 00:45:19,580
Thanks you.

903
00:45:19,800 --> 00:45:21,660
Two things if I could. One is,

904
00:45:22,750 --> 00:45:24,950
for us in Australia and other countries,

905
00:45:24,950 --> 00:45:28,135
if the FDA has approved it, is that it?

906
00:45:28,135 --> 00:45:32,633
Is that accepted here without us having our own standards and rules

907
00:45:32,633 --> 00:45:34,449
setting the software, any of that?

908
00:45:34,465 --> 00:45:36,958
So I haven't actually looked into Australia.

909
00:45:36,958 --> 00:45:37,566
I should have.

910
00:45:37,566 --> 00:45:39,502
I actually thought this morning that I really needed

911
00:45:39,502 --> 00:45:41,163
to check the situation in Australia.

912
00:45:41,163 --> 00:45:46,260
But I know that in any UK and other countries there are comparable bodies

913
00:45:46,310 --> 00:45:47,510
the ones that I've looked in so far

914
00:45:47,530 --> 00:45:49,250
also don't review the source code.

915
00:45:49,270 --> 00:45:50,930
So they have similar review processes.

916
00:45:50,950 --> 00:45:54,660
The FDA only applies in the United States

917
00:45:54,670 --> 00:45:57,390
So each region has its own approval process.

918
00:45:57,400 --> 00:45:59,840
But from what I've discovered, so far in the regions

919
00:45:59,840 --> 00:46:01,560
that I have looked at, they are similar.

920
00:46:02,550 --> 00:46:05,246
The other thing is that there are other areas

921
00:46:05,246 --> 00:46:07,383
where software is extremely important

922
00:46:07,383 --> 00:46:09,278
that you've mentioned during your talk

923
00:46:09,278 --> 00:46:11,616
like avionics and gambling machines, and so on.

924
00:46:11,616 --> 00:46:14,650
And in some places in the World there are

925
00:46:14,740 --> 00:46:17,570
different rules, there is review of code and that

926
00:46:17,570 --> 00:46:18,440
sort of things.

927
00:46:19,140 --> 00:46:22,990
Two things out of that. One is it seems a shame

928
00:46:23,040 --> 00:46:27,180
that there aren't general government standards for

929
00:46:27,200 --> 00:46:31,000
software where it matters. Have you got any thoughts

930
00:46:31,000 --> 00:46:32,630
on how we could make that happen?

931
00:46:32,990 --> 00:46:34,625
We have to become real advocates

932
00:46:34,625 --> 00:46:38,450
and what does really strike me is that

933
00:46:38,460 --> 00:46:41,364
proprietary software companies have such an amazing lobby.

934
00:46:41,364 --> 00:46:43,090
They have so much money that they can pour in

935
00:46:43,090 --> 00:46:45,890
to making sure that the government is deeply

936
00:46:45,890 --> 00:46:47,840
concerned about their innovative edge.

937
00:46:48,000 --> 00:46:52,260
For their products that

938
00:46:52,260 --> 00:46:52,280
they keep they proprietary incentives
For their products that

939
00:46:52,280 --> 00:46:54,430
they keep they proprietary incentives

940
00:46:54,440 --> 00:46:56,380
Medical devices is a really good example

941
00:46:56,400 --> 00:46:57,830
of how that breaks down.

942
00:46:58,000 --> 00:47:01,231
When you think about the business case

943
00:47:01,231 --> 00:47:04,010
of medical devices, you sort of search and see:

944
00:47:04,030 --> 00:47:06,046
OK, well I'm not buying my heart…

945
00:47:06,046 --> 00:47:07,907
I'm not choosing the brand of my heart device

946
00:47:07,907 --> 00:47:10,290
because it has the best software on it.

947
00:47:10,330 --> 00:47:14,385
I'm choosing Medtronic because they have a good track record.

948
00:47:14,385 --> 00:47:18,224
Because they are a precision manufacturer of really detailed equipment

949
00:47:18,224 --> 00:47:19,850
and they have been for a long time.

950
00:47:19,960 --> 00:47:21,870
If they published their software,

951
00:47:21,870 --> 00:47:24,432
even if they've published their hardware specs,

952
00:47:24,432 --> 00:47:31,302
it's not like Nokia is going to go and start producing medical devices.

953
00:47:31,302 --> 00:47:33,650
And if they did, it would take some time

954
00:47:33,670 --> 00:47:35,439
to get doctors comfortable that the fact

955
00:47:35,439 --> 00:47:36,408
that they will be relying on them.

956
00:47:36,408 --> 00:47:37,504
They're going to get support.

957
00:47:37,504 --> 00:47:42,586
There's this whole issue of the fact that

958
00:47:42,586 --> 00:47:44,641
these proprietary software companies have

959
00:47:44,641 --> 00:47:46,489
a really strong lobbying force.

960
00:47:46,489 --> 00:47:49,374
The only response I got from Medtronic so far

961
00:47:49,374 --> 00:47:52,168
is saying: "Our business case relies on"

962
00:47:52,168 --> 00:47:53,950
"keeping ourselves for proprietary"

963
00:47:54,960 --> 00:47:57,192
In the United States there were a bunch of

964
00:47:57,192 --> 00:47:59,955
Breathalyzer cases, with drunk drivers.

965
00:48:03,540 --> 00:48:05,240
There is a driver who said:

966
00:48:05,240 --> 00:48:09,700
"If you're gonna convict me on the fact that"

967
00:48:09,700 --> 00:48:11,877
"this Breathalyzer said my blood alcohol level was very high,"

968
00:48:11,877 --> 00:48:13,537
"I want to be able to see the source code"

969
00:48:13,537 --> 00:48:16,000
"in order to determine whether or not"

970
00:48:16,000 --> 00:48:18,570
"that was accurately drived"

971
00:48:20,190 --> 00:48:21,954
The company fought it and said

972
00:48:21,954 --> 00:48:23,719
"this is our proprietary technology"

973
00:48:23,719 --> 00:48:24,265
"blablabla".

974
00:48:24,265 --> 00:48:25,950
Eventually the Court said you must produce

975
00:48:25,950 --> 00:48:28,450
the software, the source code and

976
00:48:28,470 --> 00:48:30,790
what the Court found through their experts was

977
00:48:30,810 --> 00:48:32,659
that the results couldn't be relied on.

978
00:48:34,800 --> 00:48:37,029
Amazing stuff, and this happens in a lot of different jurisdictions.

979
00:48:37,029 --> 00:48:38,657
In the United States, some jurisdictions say

980
00:48:38,657 --> 00:48:41,393
you must produce the code, others say no.

981
00:48:41,393 --> 00:48:43,280
But I think at the end of the day

982
00:48:43,300 --> 00:48:46,257
we need to keep it in our dialog, keep asking these questions

983
00:48:46,257 --> 00:48:50,476
throughout our different areas from

984
00:48:50,476 --> 00:48:53,140
breathalysers to medical devices.

985
00:48:53,360 --> 00:48:57,990
And being a really vocal community

986
00:48:58,000 --> 00:48:59,790
about these issues is going to help.

987
00:49:00,020 --> 00:49:02,863
We also need to organize from a lobbying perspective as well,

988
00:49:02,863 --> 00:49:05,194
because there is just so much funding on the other side.

989
00:49:06,820 --> 00:49:08,270
There was a question back there.

990
00:49:09,090 --> 00:49:10,360
Oh, you've got the mic, OK

991
00:49:10,660 --> 00:49:13,332
So first of all, I think that your talk was totally awesome

992
00:49:13,332 --> 00:49:16,697
and thanks for expressing basically the core

993
00:49:16,697 --> 00:49:18,875
of the Free software ideology which is that

994
00:49:18,875 --> 00:49:20,419
Free software is about freedom including

995
00:49:20,419 --> 00:49:22,280
the freedom to know how you're kept alive.

996
00:49:22,450 --> 00:49:25,950
Which I think is really important, so thanks for doing that!

997
00:49:26,220 --> 00:49:32,000
<i>clapping</i>

998
00:49:33,690 --> 00:49:36,000
As far as the remote car exploit stuff, that's

999
00:49:36,000 --> 00:49:38,510
actually from Alexei, Karl and Franzi in the lab

1000
00:49:38,520 --> 00:49:39,930
at UW where I work.

1001
00:49:39,960 --> 00:49:42,695
And those exploits were done remotely

1002
00:49:43,092 --> 00:49:46,410
through the telematics units in the cars so just

1003
00:49:46,420 --> 00:49:49,400
like cardiac-implants people can crash you car remotely.

1004
00:49:50,241 --> 00:49:52,413
It's like through a telephone.

1005
00:49:52,639 --> 00:49:57,330
Actually, I meant to get that into a little bit more detail,

1006
00:49:57,330 --> 00:50:00,580
but yes the control of the cars were remote but

1007
00:50:00,580 --> 00:50:03,981
I also want to mention that the HP printer exploit

1008
00:50:03,987 --> 00:50:07,399
that happened recently, where

1009
00:50:09,735 --> 00:50:13,200
over the Internet, folks were able to take control of

1010
00:50:13,220 --> 00:50:16,220
HP printers which not only were able to do all

1011
00:50:16,220 --> 00:50:18,440
kind of terrible things like being able to know what

1012
00:50:18,440 --> 00:50:20,910
you are printing including monitoring to see if you

1013
00:50:20,930 --> 00:50:23,160
are printing text documents and so determining

1014
00:50:23,190 --> 00:50:25,710
what information was included in particular boxes

1015
00:50:25,730 --> 00:50:29,230
but they were also able to set printers on fire.

1016
00:50:29,990 --> 00:50:33,000
<i>laughs</i>

1017
00:50:34,108 --> 00:50:35,890
They weren't? They were!

1018
00:50:35,900 --> 00:50:38,818
"There was a guy at the CCC that had a printer set on fire this year"

1019
00:50:38,818 --> 00:50:39,795
"Yeah!"

1020
00:50:39,795 --> 00:50:51,000
<i>mumbling</i>

1021
00:50:51,000 --> 00:50:54,000
"You should either talk into the microphone or ask a question"

1022
00:50:54,000 --> 00:50:55,270
The question I was gonna ask you is

1023
00:50:55,410 --> 00:50:57,170
You're talking about accessibility

1024
00:50:57,370 --> 00:50:59,400
and one of the things I've noticed is that

1025
00:50:59,400 --> 00:51:01,108
people that are blind are totally fucked

1026
00:51:01,108 --> 00:51:02,631
when it comes to using computers

1027
00:51:02,631 --> 00:51:04,183
and if you want to get a Braille terminal

1028
00:51:04,183 --> 00:51:07,089
it can cost somewhere like 6 or 8 thousand Euros to get them.

1029
00:51:07,089 --> 00:51:10,250
And there is one group in the UK that are looking at

1030
00:51:10,250 --> 00:51:12,370
building affordable ones, I think coming in

1031
00:51:12,400 --> 00:51:13,840
somewhere at a thousand dollars.

1032
00:51:14,230 --> 00:51:16,317
But I wonder what Gnome can do to make it

1033
00:51:16,317 --> 00:51:18,640
so that computers are really accessible in terms of

1034
00:51:18,720 --> 00:51:21,400
alternate methods of interfacing with computers

1035
00:51:21,410 --> 00:51:24,240
especially for people who are blind or unable to see

1036
00:51:24,550 --> 00:51:26,330
and I wonder if you can talk a bit about

1037
00:51:26,330 --> 00:51:29,000
Braille terminals and maybe making them accessible and so on.

1038
00:51:30,820 --> 00:51:33,000
I was gonna say this actually as a separate talk.

1039
00:51:33,000 --> 00:51:36,060
There was a talk on accessibility at this conference,

1040
00:51:36,160 --> 00:51:38,920
but I don't want to get into too much detail

1041
00:51:38,920 --> 00:51:44,810
about the particular initiatives, but with Gnome 2

1042
00:51:44,810 --> 00:51:47,650
there are a lot of assistive technologies for

1043
00:51:47,650 --> 00:51:49,630
vision or magnification.

1044
00:51:49,640 --> 00:51:55,000
Other types of software that are very helpful but…

1045
00:51:55,700 --> 00:51:58,850
and actually Gnome won several awards for

1046
00:51:58,860 --> 00:52:01,098
the accessibility of their desktop.

1047
00:52:01,098 --> 00:52:04,618
But while we rewrote Gnome 3,

1048
00:52:04,618 --> 00:52:08,159
we actually broke a lot of our assistive technologies,

1049
00:52:08,159 --> 00:52:11,468
as part of the necessity of starting all over again

1050
00:52:11,468 --> 00:52:12,310
and starting new.

1051
00:52:12,650 --> 00:52:15,974
So actually our campaign is much more basic than that.

1052
00:52:15,974 --> 00:52:18,169
I'd like for us to get there over time.

1053
00:52:18,169 --> 00:52:20,486
But we have some great software

1054
00:52:20,486 --> 00:52:22,547
but it needs help just to get working.

1055
00:52:22,547 --> 00:52:24,670
So the accessibility campaign

1056
00:52:24,680 --> 00:52:26,738
that we're running now is really fundamental

1057
00:52:26,738 --> 00:52:30,940
If we get a huge level of support from it,

1058
00:52:30,940 --> 00:52:33,180
we can hire developers to work on the stuff and

1059
00:52:33,180 --> 00:52:35,755
start exploring some of those particular initiatives.

1060
00:52:35,755 --> 00:52:39,975
But it's sort of like, now the accessibility

1061
00:52:39,975 --> 00:52:43,172
team at Gnome, at our annual general meeting

1062
00:52:43,172 --> 00:52:45,063
I asked them to give a little presentation

1063
00:52:45,063 --> 00:52:47,961
of where we stand, and the first slide was

1064
00:52:47,961 --> 00:52:49,676
a set of stairs.

1065
00:52:50,740 --> 00:52:53,255
So right now, we have a lot of work to do.

1066
00:52:53,255 --> 00:52:56,474
We need to bring our new system back to

1067
00:52:56,474 --> 00:52:58,182
where we were with Gnome 2,

1068
00:52:58,182 --> 00:52:59,777
and then we need to go beyond.

1069
00:52:59,777 --> 00:53:01,916
We're much further now, with Gnome 3

1070
00:53:01,916 --> 00:53:03,642
than where we were when we launched Gnome 2

1071
00:53:03,642 --> 00:53:05,572
and Gnome 2 went really far

1072
00:53:05,572 --> 00:53:07,750
but we really have along way to go.

1073
00:53:08,520 --> 00:53:11,000
So there was a question for someone right over there

1074
00:53:11,000 --> 00:53:14,588
who had put his hand up, and I'll be really fast.

1075
00:53:14,588 --> 00:53:16,345
If we can have one more question,

1076
00:53:16,345 --> 00:53:18,117
we'll have to wrap it up after that.

1077
00:53:22,000 --> 00:53:23,000
Thank you.

1078
00:53:23,649 --> 00:53:30,020
I am concerned that should your implant fail,

1079
00:53:30,760 --> 00:53:34,160
and you collapsed to the floor, I don't know what to do.

1080
00:53:34,180 --> 00:53:37,110
Is it just CPR or is this something else I should do?

1081
00:53:37,140 --> 00:53:38,890
That's a great question.

1082
00:53:38,890 --> 00:53:41,550
Everybody should be trained in CPR,

1083
00:53:41,600 --> 00:53:44,910
and I've became aware of this and hassle

1084
00:53:44,930 --> 00:53:47,500
the people close to me to get trained in CPR

1085
00:53:47,510 --> 00:53:49,400
when I found I had this heart condition.

1086
00:53:49,410 --> 00:53:50,762
So if somebody collapse in the front of you,

1087
00:53:50,762 --> 00:53:53,205
you should commence CPR,

1088
00:53:53,205 --> 00:53:57,630
you should check their life signs and follow that procedure.

1089
00:53:57,640 --> 00:54:00,392
For me, if I've collapsed now my device

1090
00:54:00,392 --> 00:54:03,796
will most likely shock me and if it doesn't,

1091
00:54:03,796 --> 00:54:05,146
if somebody performs CPR,

1092
00:54:05,146 --> 00:54:08,785
hopefully we can keep my blood circulating until help comes

1093
00:54:08,785 --> 00:54:12,523
and I can be shocked with an external defibrillator.

1094
00:54:12,523 --> 00:54:15,642
The truth is, it often takes so long

1095
00:54:15,642 --> 00:54:17,269
to get an external defibrillator

1096
00:54:17,269 --> 00:54:18,610
and to get people's heart starting again

1097
00:54:18,610 --> 00:54:21,263
that there is often some brain damage by the time that happens.

1098
00:54:21,263 --> 00:54:22,895
So that's part of the reasons.

1099
00:54:24,000 --> 00:54:25,000
There is one in the lobby.

1100
00:54:26,050 --> 00:54:28,090
And it's funny because when I walk by those

1101
00:54:28,100 --> 00:54:29,570
now I think: "Those are for suckers!"

1102
00:54:29,570 --> 00:54:30,850
I've got my own!

1103
00:54:30,860 --> 00:54:35,000
<i>clapping</i>

1104
00:54:35,000 --> 00:54:38,957
So, all this to say I am really glad

1105
00:54:38,957 --> 00:54:41,033
that I have this piece of technology,

1106
00:54:41,033 --> 00:54:42,726
and I'm glad that I can rely on it.

1107
00:54:42,726 --> 00:54:44,595
I just think it can be better and safer.

1108
00:54:44,820 --> 00:54:45,710
Thanks you.

1109
00:54:45,730 --> 00:54:47,110
Unfortunately, we're running out of time,

1110
00:54:47,130 --> 00:54:49,000
but a huge round of applause for Karen.