"Freedom In My Heart And Everywhere" Keynote by Karen Sandler

Edit subtitles

0:09 - 0:11

How is that, can you hear me?
0:11 - 0:14

Can I ask for everybody on the end
0:14 - 0:17

who has a seat next to them to move a little bit in
0:17 - 0:20

so that latecomers have a place to sit?
0:20 - 0:22

Just move in one seat.
0:22 - 0:25

As a latecomer often myself, it's a huge gift
0:25 - 0:28

if you walk in and there's a place to sit.
0:34 - 0:35

But not too much,
0:35 - 0:38

because I think they've shut the side doors too, so…
0:38 - 0:40

You're good, you're good.
0:41 - 0:42

OK.
0:43 - 0:45

I am really, really happy to be here.
0:47 - 0:51

My talk is entitled Freedom in my heart and everywhere.
0:52 - 0:55

As just said, I've been involved
0:55 - 0:57

in the Free and Open Source community for a while
0:57 - 1:00

I am the executive director of the GNOME Foundation
1:00 - 1:02

and we'll get to some of that a little bit later
1:02 - 1:04

which is really cool.
1:04 - 1:08

And I, for a long time, was a lawyer at the Software Freedom Law Center.
1:09 - 1:11

Resulting in eventually becoming general council.
1:11 - 1:14

So I had this really lucky opportunity
1:14 - 1:16

to get to know a lot of folks
1:16 - 1:17

in the Free and Open Source software community
1:17 - 1:19

by helping them with all of the crap
1:19 - 1:20

that they didn't want to deal with.
1:20 - 1:21

Really really fun!
1:21 - 1:25

I've been a Free and Open Source enthusiast,
1:25 - 1:26

I'd say, since the nineties
1:27 - 1:30

And I am also a patient
1:31 - 1:34

I have a really, really big heart
1:35 - 1:37

I actually have a huge heart.
1:37 - 1:38

So you think I work for non-profit
1:38 - 1:41

but I actually an enlarged heart
1:41 - 1:45

I have a condition called hypertrophic cardiomyopathy.
1:45 - 1:47

I always get a little bit nervous when I talk about that
1:47 - 1:48

because that sort of say
1:48 - 1:50

my heart is a little broken.
1:50 - 1:53

But it means that I have…
1:53 - 1:57

it's not actual. My heart is very thick
1:57 - 2:00

and that means that it has a hard time beating.
2:00 - 2:01

It's a little bit stiff.
2:01 - 2:03

And it's actually pretty fine.
2:03 - 2:05

I don't have any symptoms yet.
2:05 - 2:10

I just have a very high risk of suddenly dying.
2:11 - 2:13

The term is actually sudden death.
2:13 - 2:17

That's what the doctors tell you when you have HCM
2:17 - 2:21

and you need to enter in this life-long treatment.
2:21 - 2:24

They say you have a high risk of sudden death.
2:24 - 2:26

Which is really terrifying as a patient.
2:26 - 2:31

I have about a two to three chances per year of suddenly dying
2:31 - 2:36

and that compounds, so I've found out about this at age 31
2:36 - 2:42

and over the next decade it was sort of 20 to 30% risk of sudden death.
2:43 - 2:48

Really, really, just a scary thing to hear…
2:48 - 2:51

but there is a solution right now!
2:51 - 2:53

which is to get a defibrillator.
2:53 - 2:58

And what a defibrillator does is it's in your body
2:58 - 3:01

I actually did get one, it's right here.
3:01 - 3:02

It looks really huge there,
3:02 - 3:04

but it's about like this big
3:04 - 3:06

and it's right here.
3:07 - 3:08

It has wires that
3:08 - 3:10

sneak through my blood vessels
3:10 - 3:11

and scour into my heart
3:11 - 3:14

and it basically constantly monitors me
3:14 - 3:15

and it's like having people
3:15 - 3:17

following you around with paddles
3:17 - 3:20

and if I go into a sudden death,
3:20 - 3:23

it will shock me, and I'll be great!
3:23 - 3:27

And I won't die! it's very exciting!
3:28 - 3:32

So, all that is pretty well and good.
3:32 - 3:37

The electro-physiologist that I saw when I told this
3:37 - 3:39

has a bunch of these in his desk drawer,
3:39 - 3:42

just so he can pass it to every patient
3:42 - 3:45

because I think when you see how little this device is,
3:45 - 3:48

it doesn't feel so scary.
3:48 - 3:49

He pushed it over the desk at me,
3:49 - 3:51

I was sitting here with my mother. I pick it up…
3:51 - 3:53

He's like: "Pick it up, see how light it is!"
3:53 - 3:56

So I pick it up and I say "Cool, what does it run?"
3:56 - 3:58

Laughs
3:58 - 4:06

applause
4:06 - 4:08

To which I got a blank look.
4:09 - 4:11

My mother gave my a blank look.
4:12 - 4:14

Surgeon said "What are you talking about?"
4:14 - 4:17

and I said "Well obviously, "
4:17 - 4:20

"this piece of equipment is only as good as its software"
4:20 - 4:22

I mean, it relies on its software to know
4:22 - 4:24

when it is that I'm going to have a sudden death
4:24 - 4:26

whether it is that I run across the street
4:26 - 4:27

when I shouldn't have
4:27 - 4:29

or I decided to run a marathon
4:29 - 4:31

or for no reason at all.
4:32 - 4:34

I'm totally relying on this software to know
4:34 - 4:37

when is the appropriate time to give me a shock
4:37 - 4:37

and when it's not.
4:37 - 4:41

When I need pacing, maybe, or when I don't.
4:41 - 4:45

And the electro-physiologist, of course had no answer at all.
4:45 - 4:48

He said "nobody ever asked me this."
4:48 - 4:50

"I never thought about the software on this device."
4:50 - 4:54

"Hang on, there is a representative from Medtronic"
4:54 - 4:56

"here in our office today."
4:56 - 4:59

"I will get to him, because he is the manufacturer"
4:59 - 5:02

"and surely they have thought about this."
5:02 - 5:05

So, in walks this representative
5:05 - 5:07

and I sort of explain
5:07 - 5:09

"I'm a lawyer at the Software Freedom Law Center"
5:09 - 5:12

"I care about the software on my device"
5:12 - 5:13

"I just want to know: "
5:13 - 5:14

"how does it works? what does it run?"
5:14 - 5:16

"Can you tell me?"
5:16 - 5:19

And he said "Nobody's ever asked me that before".
5:20 - 5:23

So, we had this really interesting conversation and he said:
5:23 - 5:25

"I see that this is a very serious issue"
5:25 - 5:27

"Here is my number."
5:27 - 5:29

"Call me and I'll put you through"
5:29 - 5:31

"to people to talk about this."
5:33 - 5:38

Bolded by this, I called him at Medtronic
5:38 - 5:40

and he gave me the tech line
5:40 - 5:42

and so I kept leaving messages…
5:42 - 5:45

eventually, I kept being bounced around.
5:45 - 5:48

Nobody would talk to me about this.
5:48 - 5:53

I called the other two major medical device manufacturers:
5:53 - 5:55

Boston Scientific and St. Jude
5:55 - 5:58

and neither of them could give me a real answer either.
5:58 - 6:00

Eventually, I started calling and saying
6:00 - 6:02

"Look if someone would let me look at the software,"
6:02 - 6:06

"I'll sign an NDA", You know, really against my principles
6:06 - 6:10

Because, I'm a non-profit activist in the technology world
6:10 - 6:13

I don't want to sign any NDA which would prevent me
6:13 - 6:15

from sharing what I find with somebody else.
6:15 - 6:16

But I though:
6:16 - 6:18

"At least, I'll be able to see the source code"
6:18 - 6:21

"and I'll feel comfortable about what's put in my body"
6:22 - 6:27

But, unfortunately, I was brushed off. I was told no.
6:27 - 6:31

I talked with some people at Medtronic that were sympathetic
6:31 - 6:34

I had access to good doctors
6:34 - 6:37

People said: "Oh, you know, we're Medtronic"
6:37 - 6:39

We care deeply about making sure
6:39 - 6:42

that there are no bugs in the software that we put on these devices.
6:42 - 6:46

Obviously, we wouldn't release it if we didn't think it was safe.
6:46 - 6:47

All these things
6:47 - 6:49

You must trust us.
6:49 - 6:53

Doctor say, the Food and Drugs Administration,
6:53 - 6:54

the FDA in the United States,
6:54 - 6:55

approves these devices
6:55 - 6:59

So clearly, you're over reacting.
6:59 - 7:03

And when I was talking to that same electro-physiologist on the phone
7:03 - 7:06

and said I'm really troubled by this, because
7:06 - 7:09

I think about all the people that have these devices.
7:09 - 7:11

Some of them are quite powerful
7:11 - 7:13

Dick Cheney had one at the time.
7:13 - 7:16

He has a more impressive device now,
7:16 - 7:18

that continually circulate his blood
7:18 - 7:21

so he has no pulse.
7:21 - 7:25

It's a fascinating, fascinating device, yeah!
7:28 - 7:30

There are a lot of prominent people that…
7:30 - 7:33

the demographic that get this devices
7:33 - 7:35

are often in some powerful positions
7:35 - 7:38

So you can easily imagine a situation where
7:38 - 7:40

someone would be wanting to shut down these devices.
7:40 - 7:40

And the electro-physiologist that I spoked to on the phone
someone would be wanting to shut down these devices.
7:40 - 7:44

And the electro-physiologist that I spoked to on the phone
7:44 - 7:46

got so upset, he got so upset…
7:46 - 7:48

that he hang up on me.
7:48 - 7:52

He said "I think you're up to something"
7:52 - 7:53

"I don't understand"
7:53 - 7:55

"I don't know why you're so upset about this."
7:55 - 7:57

"If you want to get a device, I'll help you"
7:57 - 8:02

"But I think, I just don't, I think you're… you're…"
8:02 - 8:03

Hang up.
8:03 - 8:05

and I think it was really scary
8:05 - 8:07

because he told me at the beginning of talking to him
8:07 - 8:10

that he installed these devices all the time
8:10 - 8:13

He installs sometime several devices a day.
8:13 - 8:16

So the idea that he could be
8:16 - 8:18

not even asking questions
8:18 - 8:20

about the software that runs on these devices
8:20 - 8:21

was pretty terrifying to him.
8:21 - 8:23

So I put the whole thing off.
8:23 - 8:24

And I just said, you know,
8:24 - 8:25

I can't think about this.
8:25 - 8:27

It's so terrifying.
8:27 - 8:28

Am I really going to get
8:28 - 8:29

proprietary software in my body?
8:29 - 8:30

I don't know
8:30 - 8:34

Plus the whole "mortality thing"
8:34 - 8:36

and getting a piece of equipment
8:36 - 8:38

sewn into your body.
8:38 - 8:40

It's really a lot to deal with
8:40 - 8:41

So I kept putting it off
8:41 - 8:43

and eventually I couldn't anymore
8:43 - 8:48

because friends and family kept asking me about it
8:48 - 8:52

and saying "We're so worried about you"
8:52 - 8:54

"We know that you can die at anytime"
8:54 - 8:57

My mother, you know, off course don't have a land line
8:57 - 8:59

and I don't have a great mobile reception in my apartment
8:59 - 9:01

and my mother, if I didn't called her back within a hour
9:01 - 9:03

would start calling all my friends
9:03 - 9:05

saying "Have you speak to Karen today?"
9:05 - 9:06

"Do you know if she's OK?"
9:06 - 9:09

I went to brunch with a friend, and she asked me
9:09 - 9:11

how this process was going.
9:11 - 9:14

And I said "Well nobody from medical companies are calling me back,"
9:14 - 9:16

"and you know, I'm sure I'll work it out."
9:16 - 9:18

And she just burst into tears and she said
9:18 - 9:22

"You know, you could die. Today."
9:22 - 9:25

"and I just can't deal with that"
9:25 - 9:26

"If you don't take care of this,"
9:26 - 9:28

"I don't know if I can be friend with you"
9:28 - 9:30

"because this is a serious thing"
9:30 - 9:31

"and you're ignoring it for…"
9:31 - 9:34

what she considered to be an esoteric issue.
9:34 - 9:38

I really understood that and I really didn't have a choice
9:38 - 9:40

So I got a device
9:40 - 9:42

I got it implanted
9:42 - 9:44

and it took sometime to…
9:51 - 9:54

It took some time to recover from the surgery
9:54 - 9:59

and also to really think about
9:59 - 10:01

my own situation in a more abstract way
10:01 - 10:02

to do some research.
10:02 - 10:04

But I swore that if I got the device
10:04 - 10:06

I would do some research and I would write a paper
10:06 - 10:10

and I would talk about the issues that came up
10:10 - 10:12

that the medical profession
10:12 - 10:15

or at least the medical professionals that I dealt with
10:15 - 10:17

had no answer for.
10:17 - 10:22

So, the things that I found out when I wrote my paper were
10:22 - 10:25

things that would surprise you and things that would not surprise you.
10:26 - 10:27

Software has bugs.
10:27 - 10:30

I really wanted a picture of the crickets
10:30 - 10:32

that were in my room last night
10:32 - 10:33

that fellow keynoters…
10:33 - 10:34

*they are cockroaches*
10:34 - 10:36

They are cockroaches?
10:36 - 10:38

These are cockroaches.
10:38 - 10:40

*So where are they?*
10:40 - 10:43

But Paul and Jake got them out of my room.
10:43 - 10:45

So that was really exciting.
10:45 - 10:47

We were joking that I was going to talk about real bugs
10:47 - 10:48

instead of software bugs.
10:48 - 10:51

But, so, software has bugs.
10:51 - 10:57

And medical devices as like as Matthew Garrett said
10:57 - 10:58

will have bugs
10:58 - 11:01

because the software engineering institute estimates that
11:01 - 11:04

there is about one defect for every one hundred lines of code.
11:04 - 11:08

So even if a majority of the bugs are caught in testing,
11:08 - 11:11

even if three quarters of the bugs are caught in testing,
11:11 - 11:13

that's still a lot of bugs.
11:13 - 11:19

There's a study that I read that looked at
11:20 - 11:24

recalls of devices that were published by the FDA.
11:25 - 11:30

Basically, the study looked at all of the recalls
11:30 - 11:34

and determined which ones they can tell were from software failures
11:34 - 11:36

and then they evaluated those
11:36 - 11:39

and the ones that they could tell enough
11:39 - 11:42

about what the problem was from the software
11:42 - 11:45

ninety-eight percent of them would have been detected
11:45 - 11:47

with simple all-pairs testing.
11:48 - 11:51

So, basic testing that you would expect
11:51 - 11:55

for any kind of technical piece of equipment.
11:55 - 11:59

So yes, the FDA has some review over these devices
11:59 - 12:04

but if the companies aren't doing basic testing
12:04 - 12:05

what are we doing?
12:05 - 12:08

So, software has bugs.
12:08 - 12:10

We know this, here in this room.
12:10 - 12:13

Another thing that most of us here know is
12:13 - 12:16

that security through obscurity doesn't work.
12:16 - 12:19

And this is something that seems very counter intuitive
12:19 - 12:22

for the folks that are not in this room.
12:22 - 12:27

Every person who I started to about this in the medical profession said:
12:27 - 12:28

"But I don't understand:"
12:28 - 12:31

"Why would you want people to be able to see the software?"
12:31 - 12:33

"If people can see the source code,"
12:33 - 12:36

"it will be that much easier to break into it."
12:36 - 12:39

But as we all know, that's not quite true.
12:39 - 12:42

And in fact, by publishing the source code,
12:42 - 12:44

everybody can see it, it will be a lot safer.
12:44 - 12:46

But this is a major point that actually
12:46 - 12:49

I address in my paper Killed By Code
12:49 - 12:53

which go systematically through a lot of the research
12:53 - 12:57

that shows how security professionals agree with that assertion.
12:57 - 13:03

So, what we have is actually the worst of both worlds.
13:03 - 13:07

We have closed code, so it doesn't have the safety
13:07 - 13:09

of having a lot of people reviewing it.
13:09 - 13:12

But we also have no security on these devices.
13:12 - 13:15

A lot of these devices are broadcasting wirelessly.
13:15 - 13:17

That's the standard right now.
13:17 - 13:21

When I found out about that, I was totally freaked out.
13:21 - 13:23

What do you mean,
13:23 - 13:26

my heart device is going to be continuously broadcasting?
13:28 - 13:30

Thinking the conferences that I go to,
13:30 - 13:31

the people I hang out with,
13:31 - 13:31

I don't want my information being broadcasted.
the people I hang out with,
13:31 - 13:35

I don't want my information being broadcasted.
13:35 - 13:38

So this is one of the things I brought up with
13:38 - 13:39

the different doctors that I spoke to.
13:39 - 13:42

I actually, as you might imagine,
13:42 - 13:45

I got rid of that electro-physiologist that hang up on me.
13:45 - 13:47

And I went from cardiologist to cardiologist
13:47 - 13:50

to find someone who really understood these problems
13:50 - 13:53

or at least why I was so worried about them.
13:53 - 13:56

And I finally found a great cardiologist
13:56 - 13:58

and a great electro-physiologist.
13:58 - 14:03

Who said "I have never thought about this issue"
14:03 - 14:06

"but I understand why it could be a problem."
14:06 - 14:09

"You need this device. You can't wait another day."
14:09 - 14:11

"But I'm going to work with you and see ways"
14:11 - 14:14

"that we can at least address some of the things that you're worried about."
14:14 - 14:19

So, one of the things that my electro-physiologist did
14:19 - 14:22

was that he called around from hospital to hospital
14:22 - 14:25

until he found an old device.
14:25 - 14:29

So he said that I've got a simple heart condition.
14:29 - 14:31

All that I need to do is to have a device that's going to
14:31 - 14:34

be monitoring for a dangerous rhythm
14:34 - 14:36

and if I get a dangerous rhythm, it will shock me.
14:36 - 14:40

It's a much more simple algorithm than what the newer devices do.
14:40 - 14:42

So a lot of the newer devices have this
14:42 - 14:45

complex pacing algorithm for people who have a wide variety of problems.
14:45 - 14:48

You'd understand why the medical companies do this.
14:48 - 14:52

They do it because these devices are very difficult to make.
14:52 - 14:54

They're precision manufacturers.
14:54 - 14:57

And if they can get these devices that work for a broader range of cases
14:57 - 14:59

then that's all the better.
14:59 - 15:02

And then you never know what kind of additional complications
15:02 - 15:03

that people are going to be developing.
15:03 - 15:06

So, I don't have any symptoms now
15:06 - 15:07

but I might develop them
15:07 - 15:09

and it's great to have the pacing technology.
15:09 - 15:11

But my electro-physiologist, my cardiologist said
15:11 - 15:16

"Great, I now that you have a simple need here"
15:16 - 15:18

"so why don't I find you an old device?"
15:18 - 15:19

So I actually have an older device
15:19 - 15:22

that communicate using magnetic coupling
15:22 - 15:24

and not through wireless technology
15:24 - 15:29

but my father has a wireless enabled pacemaker
15:29 - 15:32

and when he walks into a room in the technician's office
15:32 - 15:33

they just change his pulse.
15:33 - 15:36

So, before he even sits down
15:36 - 15:38

they know so much about him
15:38 - 15:41

and they have the ability to really affect him.
15:41 - 15:42

It's incredible.
15:44 - 15:47

But as you can see at the last point on this slide
15:47 - 15:49

these devices have been hacked.
15:49 - 15:52

A university think-tank…
15:52 - 15:55

actually a think-tank of a couple of universities worked together
15:55 - 16:00

and showed that using just commercially available equipment
16:00 - 16:02

you can hack into these devices and take control of them.
16:02 - 16:06

They were able to not only deliver shocks,
16:06 - 16:07

which is terrifying.
16:07 - 16:07

I once had my device shock me in error
which is terrifying.
16:07 - 16:09

I once had my device shock me in error
16:09 - 16:13

and I can tell you it's like being kicked in the chest.
16:13 - 16:17

You are basically out of commission
16:17 - 16:18

at least for a few minutes
16:18 - 16:20

I had to sit down and it was so exhausting
16:20 - 16:23

just the surprise of it and the worry
16:23 - 16:25

that I went to sleep for a few hours afterwards.
16:25 - 16:29

It's pretty enduring.
16:29 - 16:32

So not only that.
16:32 - 16:34

They were able to deliver the shock,
16:34 - 16:38

but they were also able to stop the delivering treatment.
16:38 - 16:41

If the device was pacing, they could stop the pacing
16:41 - 16:43

and a lot of people require their pacing
16:43 - 16:43

in order to just live.
and a lot of people require their pacing
16:43 - 16:44

in order to just live.
16:45 - 16:46

A lot of people can't walk up a flight of stairs.
16:46 - 16:49

My father is of these, if his pacing is disrupted.
16:50 - 16:54

They were also able to get key information off
16:54 - 16:55

of these devices.
16:55 - 17:00

Like medical ID numbers, doctor's names,
17:00 - 17:05

serial numbers… a lot of personal information that's broadcasting
17:05 - 17:08

and there's no encryption of any kind on these devices.
17:08 - 17:10

It's pretty scary.
17:10 - 17:13

They were also able to put these devices into test mode.
17:13 - 17:15

And what that does is it slowly runs on the battery
17:15 - 17:17

Err… runs down the battery at a much faster rate
17:17 - 17:20

than in normal circumstances
17:20 - 17:22

and these devices are only as good as their batteries.
17:23 - 17:25

So if my battery runs out on my device
17:26 - 17:28

I need a new device, which means surgery.
17:28 - 17:30

So, these devices have be hacked.
17:30 - 17:33

It was after I was diagnosed that that happened
17:33 - 17:36

but then I called up the doctor and said: "See?!"
17:36 - 17:43

Clapping
17:43 - 17:46

So the doctor really relies on the fact that
17:46 - 17:48

these devices are approved by the FDA
17:48 - 17:51

in the United States, and similar regulatory bodies elsewhere.
17:52 - 17:56

So, as a good lawyer, I went and researched the FDA
17:56 - 17:58

mechanism for approval of software
17:58 - 18:00

And what I found, is that the FDA
18:00 - 18:03

doesn't even typically review the source code on these devices
18:03 - 18:06

Unless there is something obviously wrong with the software
18:06 - 18:09

they generally don't even ask to see it
18:12 - 18:15

There isn't actually a clear set of requirements for the software even
18:15 - 18:19

and there are reasons for all these decisions of the FDA
18:19 - 18:24

but we think the FDA is doing a lot more than it turns out that they are.
18:24 - 18:26

The fact that they don't have a clear set of requirements
18:26 - 18:28

is connected to the fact that
18:28 - 18:32

they say that the companies that design these devices
18:32 - 18:34

because they are so specialty
18:34 - 18:36

and because they are so particular to each manufacturer
18:36 - 18:40

There are probably tests that are specific to those devices
18:40 - 18:43

and the people who know these devices best are the manufacturer
18:44 - 18:47

and therefore they are the ones that need to design what the tests are.
18:47 - 18:48

And there is some back and forth
18:48 - 18:50

about whether they've done the right tests or not,
18:50 - 18:52

but the truth of matter is that at the end of the day,
18:52 - 18:54

there's nobody at the FDA that even sees the source code.
18:55 - 18:57

Because they are not requesting the source code
18:57 - 18:59

they don't even have a repository of it.
19:00 - 19:04

So if there is catastrophic failure at Medtronic for example
19:04 - 19:07

I don't know that there is a canonical repository
19:07 - 19:09

for the software that I would have access to
19:09 - 19:13

and without being able to update the software on my device
19:13 - 19:15

I may get surgery to get a new one.
19:16 - 19:18

So, if there is a problem
19:19 - 19:26

my doctor, or truthfully some programming-savvy doctor
19:26 - 19:29

I can find or would be able to work with
19:30 - 19:33

to write a patch for my device, should there be a bug
19:33 - 19:34

or should we find it out
19:36 - 19:39

I actually spoke on a panel, with a guy
19:39 - 19:41

in cyber-security at the FDA
19:41 - 19:42

and I was really, really nervous
19:42 - 19:45

because I did as much as I could as a lawyer
19:45 - 19:46

I did all the research I could about the FDA
19:46 - 19:50

but I was not sure if this was actually
19:50 - 19:52

the case in practice so I put up the slide and I said
19:52 - 19:56

John, tell me if I am wrong, but this is what I think it is.
19:56 - 19:58

This is the way I think it is!
19:58 - 20:00

And I followed with a slide about Free and Open Source Software
20:00 - 20:03

and why is it so much better, and so much safer
20:03 - 20:06

and as soon as he came up to speak he said:
20:06 - 20:11

"Everybody thinks that the FDA should do this, the FDA should do that"
20:11 - 20:13

"but we just don't have the resources"
20:13 - 20:16

"and that is not what the FDA is set up to do"
20:16 - 20:18

and he paused, and looked at me
20:18 - 20:20

and just as I was about to… you know.
20:20 - 20:23

And he said: "But you are saying something different"
20:23 - 20:27

"You are saying, we let everybody else review the source code"
20:27 - 20:29

"That is something very interesting!"
20:36 - 20:42

So, making sure that our devices have software published
20:42 - 20:43

means that anyone can review it
20:43 - 20:47

My dad, who has that pacemaker is also an engineer
20:47 - 20:49

and a fortunate programmer.
20:49 - 20:50

He probably would have looked over it.
20:50 - 20:52

Many of us know people with pacemaker.
20:52 - 20:55

we would scour that code, for sure!
20:58 - 20:59

One other thing that I found out
20:59 - 21:01

which is a little bit weird
21:01 - 21:04

is that because these devices in the United States
21:04 - 21:07

are approved by a federal agency
21:08 - 21:11

patients are preempted from suing under State True Law.
21:11 - 21:14

So there is a whole avenue of remedy that patients
21:14 - 21:17

normally get, which the medical manufacturers
21:17 - 21:18

don't even have to worry about.
21:18 - 21:21

So now, I mean, I am not saying that the medical device companies
21:21 - 21:23

don't care if their patients die, obviously they do.
21:23 - 21:28

But there is a whole part of legal remedies that aren't even available
21:30 - 21:33

Really amazing, this research, and I have all of this set out
21:33 - 21:35

in this paper I wrote that is available on
21:35 - 21:38

the Software Freedom Law Center's website.
21:38 - 21:43

All this results in the fact that I don't have freedom in my own body.
21:43 - 21:47

I am not allowed to review the software that is implanted in it.
21:48 - 21:50

It's literally connected in and screwed into my heart
21:50 - 21:52

and I can't take a look at it.
21:52 - 21:54

it's unbelievable to me.
21:55 - 21:59

My mind is blown at the fact that the situation happened to me
21:59 - 22:01

It is a little bit freakish that I was a lawyer
22:01 - 22:02

at the Software Freedom Law Center
22:02 - 22:05

and I happened to have this weird heart condition, I admit.
22:05 - 22:08

but still just mind-blowing.
22:08 - 22:10

I didn't even had a choice.
22:10 - 22:14

The choice was either, you're extremely likely to die,
22:14 - 22:16

or you can get this device in your body
22:16 - 22:20

I hope that nobody in this room has to face that choice, but it was
22:20 - 22:22

really, really scary.
22:24 - 22:26

And then I started thinking about it,
22:26 - 22:29

and you know, it's not just the heart devices.
22:30 - 22:33

It's anything that our lives in our society rely on.
22:34 - 22:39

And as I thought about it, I realized that this actually touches on
22:39 - 22:43

a lot more areas of our lives than I thought it was.
22:47 - 22:49

For example, cars.
22:51 - 22:58

Like the university think tank that worked on those medical devices
22:58 - 23:02

and I would say, if you have time in our board, you should totally read that study.
23:02 - 23:08

It's fascinating, they implanted that device into a bag of bacon or meat of some kind
23:08 - 23:12

to stimulate it and they show all the equipment that you can find anywhere
23:13 - 23:15

that they used to hack into it.
23:16 - 23:19

But the same process as done with cars.
23:19 - 23:23

And a different think tank showed that they were able
23:23 - 23:26

to hack into two different brands,
23:26 - 23:28

two different manufacturer cars.
23:30 - 23:34

So the IEEE says that a premium class car
23:34 - 23:36

has close to 100 million lines of code.
23:36 - 23:40

So if we think back to what the Software Engineering Institute said
23:40 - 23:42

about one bug for every 100 lines of code
23:42 - 23:46

that's a lot of bugs, just in your car.
23:50 - 23:52

And what this think tank was able to do,
23:52 - 23:54

was all the things you might expect.
23:54 - 23:58

They are able to cause the car to accelerate, to brake.
23:58 - 24:03

They were able to control each wheel of a car individually.
24:03 - 24:06

And my favorite part, just for kicks,
24:06 - 24:08

I don't know if you can see, but
24:08 - 24:11

they're able to put a message on the dash
24:11 - 24:15

and so, they said pwnd and there is a little
24:15 - 24:19

x-eyed emoticon there.
24:20 - 24:23

The idea that they are able to take control over
24:23 - 24:25

two different brands of premium class cars
24:25 - 24:29

is really amazing to me.
24:31 - 24:35

Voting machines is another area that is super critical
24:35 - 24:36

and we've actually been talking about.
24:36 - 24:38

A lot of security experts have been talking about.
24:38 - 24:41

the problems with their voting machines.
24:41 - 24:45

In the United States, we rely on Diebold
24:45 - 24:49

and a lot of private manufacturers.
24:52 - 24:54

We have had problems with calibration.
24:54 - 24:58

I don't know if you've seen, but there is this hilarious cartoons
24:58 - 25:01

of people trying to vote for the right candidate
25:01 - 25:03

and the name of the candidate they want to vote for
25:03 - 25:07

moving around the screen, you sort of trying to poke after it
25:07 - 25:08

and eventually, whatever you wanted to do it says:
25:08 - 25:13

"You wanted to vote for the opposite candidate, right? right?"
25:13 - 25:16

And it's very difficult to know because we sometimes
25:16 - 25:18

don't have a verification of paper receipt
25:18 - 25:22

we don't even know that our vote was counted properly
25:22 - 25:25

and we were able to vote candidate in the end.
25:26 - 25:30

Really weird, as this is the basis of our society
25:30 - 25:32

and the backbone of our democracy.
25:33 - 25:35

I love what they did in Brazil.
25:35 - 25:38

I don't know if you guys heard about this, but Brazil said:
25:38 - 25:43

"We know that software has vulnerabilities and software has bugs."
25:43 - 25:46

"So we're gonna invite teams of hackers to come in,"
25:46 - 25:48

"we're gonna give you the source code"
25:48 - 25:50

"and we're gonna give a prize"
25:50 - 25:52

"to anybody who find a way to…"
25:52 - 25:55

"who finds a vulnerability to get into the system"
25:55 - 26:00

All those teams, two of them were able to find bugs.
26:00 - 26:04

They say that neither of them would have affected
26:04 - 26:09

an election, but they were able to fix those bugs.
26:09 - 26:11

And those hackers got a prize.
26:11 - 26:13

Democracy is safer.
26:13 - 26:15

Security through obscurity doesn't work.
26:15 - 26:17

I don't know when we're going to figure this out,
26:17 - 26:21

but Brazil has got it done. So it's possible.
26:22 - 26:24

Our financial institutions, yeah, it's exciting!
26:24 - 26:27

Financial institutions are an other area we've seen recently
26:27 - 26:32

how bad it can be when our trusted institutions fail.
26:32 - 26:36

A lot of these institutions are running software
26:36 - 26:37

and our stock markets
26:37 - 26:39

and the operations of our banks.
26:39 - 26:43

These are all things that are critical
26:43 - 26:46

to just the way we live our lives.
26:46 - 26:50

It's more of a societal thing but we've already seen
26:50 - 26:52

that there are vulnerabilities there.
26:52 - 26:57

So, all this to say, it sounds heavy-handed
26:57 - 27:01

but my medical device can be controlled!
27:01 - 27:04

Our cars can be controlled and interfered with
27:04 - 27:06

and our financial institutions can be compromised.
27:08 - 27:13

I think we can all agree that our society and life-critical software must be safe.
27:14 - 27:16

But we're in a really interesting time right now.
27:16 - 27:22

Because how do we know what software that we use is life and society-critical?
27:23 - 27:25

The way that we use computers has totally changed
27:25 - 27:28

very very rapidly and very recently.
27:29 - 27:33

I've been astounded how people of all ages have started using computers
27:33 - 27:36

in a way that they never have before.
27:36 - 27:41

It's no longer specific tech-savvy people that are computing.
27:41 - 27:45

It's everybody, it's our grandparents, it's everyone.
27:45 - 27:47

And we're using our software for everything,
27:48 - 27:52

it's become how we do everything
27:52 - 27:54

How we communicate with each other.
27:54 - 27:57

How we talk on the phone
27:57 - 28:00

How we write, how we create art
28:00 - 28:04

How we handle our educational institutions
28:04 - 28:06

and how we manage our lives
28:06 - 28:08

We're building this infrastructure
28:08 - 28:11

and we're not really even thinking about it
28:12 - 28:16

A lot of people are using their phones to monitor things like their
28:17 - 28:19

exercise schedules and their diet
28:20 - 28:24

it's very convenient because you're keeping track of what you've eaten
28:24 - 28:27

as you go, or what you do
28:27 - 28:33

Some phone have pedometers, functionality built-in
28:33 - 28:36

and that's kind of basic and fundamental
28:36 - 28:39

but there is already software for the iPhone
28:39 - 28:42

that can talk to an implanted insulin pump
28:43 - 28:48

and compare your exercise and your diet information
28:48 - 28:52

with your blood sugar levels on your insulin pump
28:52 - 28:56

So now, suddenly, we're back to were I was with my medical device.
28:56 - 28:59

You got an iPhone that you're relying on for your life.
28:59 - 29:04

So, we're building all this infrastructure,
29:04 - 29:06

and we're willing to think about it
29:07 - 29:09

which is why the desktop is so important
29:09 - 29:12

This is where sort of all this all fits in to
29:12 - 29:16

my personal story and why I left the Freedom Software Law Center
29:16 - 29:18

which I loved and felt like the luckiest lawyer in the world
29:18 - 29:21

for being able to work there and been to the Gnome Foundation
29:21 - 29:23

which I also left.
29:24 - 29:28

And I say the desktop in quotes because I am talking about
29:28 - 29:30

these ways that we interact with our computing
29:30 - 29:32

in the ways that we manage our lives through software
29:33 - 29:36

We've reached the point where software must be usable by everyone.
29:36 - 29:39

I think everybody here
29:39 - 29:43

probably knows an older person, who as of a few years ago
29:43 - 29:45

probably never did anything with their computer.
29:45 - 29:47

My mother was one of these people.
29:48 - 29:51

I remember when I was a kid I kept saying
29:51 - 29:53

"but mom look at these cool games!"
29:53 - 29:54

"Not interested"
29:54 - 29:57

And I remember when I was in college and I said:
29:57 - 30:00

"Mom if we could talk by email, it could be so much better!"
30:00 - 30:01

Nothing…
30:01 - 30:04

I remember in Law School, I was saying
30:04 - 30:07

"Mom I can do all this great research using my computer,"
30:07 - 30:09

"I don't have to sit all day in a library, it's awesome"
30:09 - 30:10

Nothing…
30:11 - 30:15

Later I tried to say "mom I'm going to organize my travel using the computer!"
30:16 - 30:18

Suddenly, she was slightly interested
30:18 - 30:23

and now, with everything that has come to pass
30:23 - 30:25

she can't do anything without her computer now
30:25 - 30:26

Now, her computer has become…
30:27 - 30:30

The first thing that she does, she emails and text to her friends
30:30 - 30:34

she does her travels, she manages her finances
30:34 - 30:36

it's spectacular to me because
30:36 - 30:39

I didn't use my father because he was an engineer
30:39 - 30:42

but my mother was really a bit of a technophobe
30:42 - 30:44

And now she loves Apple
30:44 - 30:46

LOVES APPLE
30:46 - 30:48

She can use her computer to do… She doesn't have to think about it
30:48 - 30:52

It's great, and it's very frustrating to me
30:54 - 30:58

But I'm excited for her because she now can use a computer
30:58 - 31:00

and it's something she owns now
31:00 - 31:04

She doesn't ask me a question, well she does…
31:04 - 31:08

But she doesn't think that there is any reason why
31:08 - 31:12

these devices are not targeted at her
31:12 - 31:18

and she is very much a representative of the majority of our society.
31:18 - 31:21

And these are people, only a few years ago, would not have been
31:21 - 31:24

that able to do very much with their computer.
31:25 - 31:29

We need to appeal to these people because they are the ones
31:29 - 31:31

that are making choices like supporting iPhone
31:31 - 31:34

to put in their exercise and diet regimes to talk
31:34 - 31:35

to their insulin pumps.
31:35 - 31:39

These are the kind of things that we need to really worry about.
31:39 - 31:45

because if we can't make our software easy to use by everybody,
31:45 - 31:47

no one is gonna want to use it.
31:47 - 31:51

And we have an opportunity now
31:51 - 31:52

a window that is slowly closing
31:53 - 31:55

because we're making choices now
31:55 - 31:57

that we're gonna have to live with for a long time.
31:57 - 31:58

We're building habits, we're building expectations
31:59 - 32:03

and we're establishing the metrics in our society for what is
32:03 - 32:05

acceptable software and what isn't.
32:08 - 32:11

I'm not gonna read these to you, you guys are here,
32:11 - 32:15

at LinuxConfAU, you know all the awesome reasons
32:15 - 32:17

why you should use Free and Open Source software
32:17 - 32:19

You're here for all those reasons
32:19 - 32:20

including that it's just really fun.
32:21 - 32:22

We've been having a great time here,
32:22 - 32:24

and learning about all sorts of really cool things
32:25 - 32:26

but the underscore of all that
32:26 - 32:30

and where all these reasons can come from is from Freedom
32:32 - 32:35

Free and Open Source software is not just good business
32:35 - 32:36

it's also the right thing to do
32:37 - 32:41

So when we talk about our heart devices, we talk about our voting machines
32:41 - 32:43

and then we talk about the way we live our lives
32:43 - 32:45

and the infrastructure of how we talk to one another.
32:45 - 32:49

We see that Free and Open Source software is just
32:49 - 32:51

the right thing to do for our society
32:51 - 32:53

and in order to bring that to other people
32:53 - 32:57

we need to make sure, it's easy and clear for them to use
32:57 - 33:01

These are some screenshots from the Gnome 3 release which
33:01 - 33:03

Most of who I would say are probably familiar
33:03 - 33:05

with already and are forming your own opinions about whether
33:05 - 33:07

you… laughs
33:07 - 33:10

Gnome 3 is something that you want to use or not
33:10 - 33:13

and I think that no mater what perspective you come from
33:13 - 33:16

I think that you can see that the Gnome 3 rewrite is done
33:16 - 33:19

to address these issues, it's to make our software
33:19 - 33:21

sleek and usable by everybody.
33:21 - 33:23

I joined Gnome after the Gnome 3 release
33:23 - 33:25

and it was the Gnome 3 release
33:25 - 33:28

that made me realize that I had to go work for Gnome
33:28 - 33:30

because this is our future.
33:30 - 33:34

We need to cross the bridge, we need to be able to provide software
33:34 - 33:38

to people who otherwise wouldn't be able to use it.
33:38 - 33:41

We need to make sure our desktop are accessible by everyone
33:41 - 33:44

because we are not going to be able to build
33:44 - 33:46

the right infrastructure for a whole society
33:46 - 33:49

if we don't bring these people on board too.
33:50 - 33:52

This is a second screenshot.
33:52 - 33:55

It happens to be Marina from the Gnome community
33:55 - 34:01

and she's the head of the Gnome outreach program for women
34:01 - 34:05

which is an awesome program and is a kind
34:05 - 34:06

of thing that you can do in a non-profit.
34:06 - 34:06

But what you may not have seen is that
34:06 - 34:08

But what you may not have seen is that
34:08 - 34:12

we launched, very recently, an extension website.
34:12 - 34:14

extensions.gnome.org
34:14 - 34:16

where third-parties can upload
34:17 - 34:21

extensions for the Gnome Shell and it's a simple point-and-click
34:21 - 34:23

for Gnome 3.2
34:23 - 34:26

So you can install all those customizations
34:26 - 34:29

and we're trying to build the ways
34:29 - 34:32

that Gnome 3 is going to develop over time
34:32 - 34:38

So, even though we have a single Gnome Shell vision,
34:38 - 34:40

with what I think are great choices,
34:40 - 34:45

if you disagree with them, there is a way to implement changes.
34:48 - 34:51

Gnome, I think, and I think many agree.
34:51 - 34:51

I've actually had a lot of people looking at my computer
34:51 - 34:54

I've actually had a lot of people looking at my computer
34:54 - 34:55

over my shoulder and say
34:55 - 34:58

"Oh my God what is that, that's so great!"
34:58 - 35:01

"It's not a Mac, but it looks so good"
35:01 - 35:03

"What's the story with that?"
35:03 - 35:07

So it's beautiful, but it's a lot more than beautiful
35:07 - 35:08

It's non-profit driven
35:09 - 35:11

And in the Free and Open Source software space
35:11 - 35:15

we have a lot of different ways that we develop our software together.
35:15 - 35:21

Some of our projects are more on the Android
35:21 - 35:25

or Unity side of things
35:25 - 35:28

where they're mostly controlled by a single company
35:28 - 35:32

and there are communities that build up around that
35:32 - 35:35

but at the end of the day, the ultimate control
35:35 - 35:37

of the project is by a single company.
35:37 - 35:41

And then we have projects like Gnome that are non-profit focused
35:41 - 35:43

and this actually touches on some other stuff that Bruce
35:43 - 35:45

was mentioning in his keynote.
35:46 - 35:50

What you get for non-profit development, or having a non-profit
35:50 - 35:54

that unifies the development in the community is a lot.
35:54 - 35:57

And one of the main things that you get is to keep other trust
35:57 - 36:00

So the Gnome community for example,
36:01 - 36:04

the Foundation is composed of members
36:04 - 36:06

there is over 300 members and it varies depending
36:06 - 36:09

on where people are and renewing their membership.
36:09 - 36:12

But in order to become a member, you have to be a contributor
36:12 - 36:14

to Gnome and it's only available to individuals
36:14 - 36:17

and if you're a contributor to Gnome
36:17 - 36:20

you can become a member, which allows you to vote for
36:20 - 36:24

the Board of Directors which influences the direction of the project
36:24 - 36:26

help spread infrastructure to support development
36:26 - 36:28

and decides to hire people like me.
36:28 - 36:33

So who are out there advocating for the ideology of Free and Open Source software
36:33 - 36:37

and helping to organize this kind of effort
36:37 - 36:40

So if you imagine the situation now,
36:40 - 36:45

the Gnome community does not require copyright assignment
36:45 - 36:51

but if a non-profit community like the Gnome community were to require,
36:51 - 36:53

or were to accept copyright assignment,
36:53 - 36:55

those copyrights were to be held by a Foundation
36:55 - 37:00

that had an oversight by the contributors
37:00 - 37:02

by everyone who has a stake in the community,
37:02 - 37:03

by everybody who invest in it.
37:03 - 37:07

There is a certain assurance to knowing that the control
37:07 - 37:10

of a community is in a non-profit that is
37:10 - 37:15

focused on what the contributors want, diversely,
37:15 - 37:16

over companies.
37:19 - 37:21

I want to stress that I'm not saying
37:21 - 37:25

that companies don't have a very important place
37:25 - 37:26

in Free and Open Source Software of course.
37:26 - 37:31

Companies must be able to develop products
37:31 - 37:34

in the Free and Open Source community but we need to
37:34 - 37:38

encourage these non-profit structures which are focused on the ideology
37:38 - 37:41

and work with companies to help them accomplish their goals.
37:41 - 37:46

But under the rubric of non-profits the way that we have in the Gnome community
37:46 - 37:48

We have a lot of companies that are involved in Gnome,
37:48 - 37:49

on any Advisory Boards,
37:49 - 37:51

and are just good participants
37:52 - 37:56

but the overall mission of the Gnome Foundation and the community
37:57 - 37:59

is the public good.
37:59 - 38:03

We are a public charity, so we are focused on the public good
38:03 - 38:05

not on our profit.
38:06 - 38:09

We care about our profit but for participants in our community
38:09 - 38:11

but what it means at the end of the day
38:11 - 38:14

is that we want to make the World a better place.
38:14 - 38:17

Sounds a little bit hokey
38:17 - 38:19

but let's be honest, that where a lot of this
38:19 - 38:21

Free and Open Source software came from originally
38:21 - 38:24

ideologically that's why we have such great and cool software
38:24 - 38:27

We have to start thinking about making the World a better place.
38:28 - 38:31

So we, at Gnome, recently launched an accessibility campaign
38:31 - 38:33

We want to make 2012 the year of accessibility
38:33 - 38:35

This is a perfect example
38:35 - 38:38

Yeah, it's really cool work, it's super important.
38:38 - 38:41

*crowd clapping*
38:41 - 38:43

So this is exactly the kind of thing that a company
38:43 - 38:45

might not be able to afford to do
38:46 - 38:50

because it's not necessarily in the interest
38:50 - 38:55

in increasing the bottom line to work on specific accessibility initiatives
38:55 - 38:57

for smaller populations of people.
38:57 - 38:59

But we at Gnome understand that this is
38:59 - 39:02

incredibly important because a desktop that's not usable by everybody
39:02 - 39:05

is one that fails our mission.
39:05 - 39:09

So this guy is Robert Cole, he is super awesome
39:09 - 39:11

That's a picture of him in his family,
39:11 - 39:14

he was kind enough to come forward and let us use
39:14 - 39:18

his testimony for accessibility campaign
39:18 - 39:20

He was born with a vision defect
39:20 - 39:22

So he has no vision in one eye,
39:22 - 39:25

and very limited vision in the other eye
39:25 - 39:32

He was relying on some proprietary assistive technologies
39:32 - 39:34

at one point that were really working for him
39:34 - 39:38

he got a grant from his local government in order to
39:38 - 39:42

get those technologies and they were assisting him to work.
39:42 - 39:45

But then when his system upgraded, he applied for more funding
39:45 - 39:48

to get the upgrade of his assistive technologies and he was denied
39:48 - 39:49

additional funding.
39:50 - 39:51

And he was just out of luck.
39:52 - 39:55

Fortunately, Gnome has been a very accessible desktop
39:55 - 39:57

and he was able to use Gnome technologies,
39:57 - 40:01

and through that he became a very active member of the Gnome community
40:01 - 40:03

but with Free and Open Source software technology
40:03 - 40:06

whatever we develop is going to be out there,
40:06 - 40:08

it's going to be available, you don't have to rely on
40:08 - 40:11

expensive proprietary upgrades to know that
40:11 - 40:13

you're going to continue to be able to use your software,
40:13 - 40:14

should your overall system upgrade.
40:14 - 40:21

So making sure that this kind of work is done in a Free and Open Source software environment
40:21 - 40:23

is extremely important so we just launched
40:23 - 40:26

this accessibility campaign if you donate to Gnome
40:26 - 40:29

while this campaign is going on we pledged to use the money
40:29 - 40:31

to help develop assistive technologies.
40:33 - 40:37

So all this to say: let's choose freedom!
40:37 - 40:42

We can choose freedom, we in this room are a very special group of people.
40:42 - 40:48

While I'm focusing on what our users are doing and how we must bring our users all…
40:48 - 40:50

and I say the broad of users,
40:50 - 40:52

we have to think big, we have to think giant!
40:52 - 40:57

While we need to do things that bring our user base in,
40:57 - 41:00

people in this room are making choices everyday
41:00 - 41:04

I can't tell how many iPhones I have seen at this conference
41:04 - 41:06

how many Macs I have seen in this conference.
41:06 - 41:08

You know we have the technology, it's good.
41:08 - 41:13

I don't really tweak my desktop very much anymore at all
41:13 - 41:17

I've switched over to Gnome-shell and it's so sleek
41:17 - 41:20

and great and I barely use the command line
41:20 - 41:24

for things that are connected to my computing environment
41:24 - 41:27

and only then when I really feel I can't
41:27 - 41:30

It's not for everybody, but we need to choose
41:30 - 41:33

free an open platform, we need to develop on them
41:33 - 41:34

because it's the only way we're gonna create
41:34 - 41:38

these safer and better societies
41:38 - 41:40

It's the only way we're going to create a World
41:40 - 41:44

where we know that our software can be reviewed
41:44 - 41:45

and that it will have integrity
41:47 - 41:53

We need to build our communities in the non-profit space
41:53 - 41:56

Because we need to create those really good degrees of trust
41:56 - 41:59

We need to bring our ideology back into Free software.
42:00 - 42:03

Going a little bit out there, I'd say:
42:03 - 42:05

It's not about terminology, it's about ideology.
42:05 - 42:07

We really need to think about
42:07 - 42:09

making the World a better place because we can,
42:09 - 42:10

and we should.
42:11 - 42:16

I have this picture from the original Apple campaign.
42:16 - 42:21

Because it really strikes me that this woman
42:21 - 42:25

coming and taking her hammer and,
42:25 - 42:29

flinging it against the establishment and the machine
42:29 - 42:32

for individuality and our freedom,
42:32 - 42:33

and it really speaks to me now.
42:35 - 42:37

Let's choose Free and Open Source software
42:37 - 42:39

for ourselves, and for our society.
42:42 - 42:46

So the Gnome Foundation is a charitable organization.
42:46 - 42:47

We accept donations.
42:47 - 42:53

And my talk is freely licensed so feel free to quote it
42:53 - 42:56

and republish it.
42:57 - 42:58

Does anybody have any questions?
43:00 - 43:15

*crowd clapping*
43:16 - 43:17

Good day.
43:19 - 43:24

I guess I personally see it as a really positive future
43:24 - 43:28

because I think there is never going to be a year of
43:28 - 43:31

the leading desktop where everyone suddenly converts
43:31 - 43:32

but it would just be this gradual process.
43:32 - 43:35

in the same way that most of us have come to Linux
43:35 - 43:39

after some other proprietary process
43:40 - 43:45

I'm wondering how you see us engaging with not
43:45 - 43:48

the entirety of society, cause that's way to difficult
43:48 - 43:52

but what's the next age of the people
43:52 - 43:55

that we can engage with and that can then convert
43:55 - 43:57

their friends and their parents and so forth?
43:57 - 44:00

I also think that the next wave is that we need to get
44:00 - 44:01

into schools as much as possible
44:02 - 44:04

I think there are a lot of great initiatives to bring
44:04 - 44:07

our various free distros into schools
44:07 - 44:10

what really strikes me is that, in the United States in particular,
44:10 - 44:15

there are a number of non-profits that are set up as technology charities
44:15 - 44:20

and what they do is they bring Microsoft licenses and other proprietary licenses
44:20 - 44:23

to underprivileged communities and to schools.
44:23 - 44:25

They get tax breaks for doing that
44:25 - 44:29

What they're actually doing is creating a dependency
44:29 - 44:32

on proprietary software and it's a very clever,
44:32 - 44:34

very very clever technique
44:34 - 44:39

because we're training people to use certain kind of software.
44:39 - 44:40

We need to do the same thing.
44:40 - 44:42

I know there are a lot of great initiatives already.
44:42 - 44:44

Gnome has a number of initiatives that would do this.
44:44 - 44:48

And I'd say everybody get involved in your community
44:48 - 44:50

and start bringing our software into schools.
44:50 - 44:51

I think that a first step.
44:51 - 44:55

I think the next step is writing really cool
44:55 - 44:58

applications for our Free and Open platforms
44:58 - 45:00

If we've got the next cool thing,
45:00 - 45:02

then people would want to use it.
45:02 - 45:04

There are lots of different steps. I think you're right.
45:04 - 45:08

There is no easy answer to make
45:08 - 45:10

this the year of the GNU/Linux desktop
45:10 - 45:13

it just doesn't happen as easily as that
45:13 - 45:15

but there are things that we can do in the schools,
45:15 - 45:17

It's, I think, the first place we should start.
45:19 - 45:20

Thanks you.
45:20 - 45:22

Two things if I could. One is,
45:23 - 45:25

for us in Australia and other countries,
45:25 - 45:28

if the FDA has approved it, is that it?
45:28 - 45:33

Is that accepted here without us having our own standards and rules
45:33 - 45:34

setting the software, any of that?
45:34 - 45:37

So I haven't actually looked into Australia.
45:37 - 45:38

I should have.
45:38 - 45:40

I actually thought this morning that I really needed
45:40 - 45:41

to check the situation in Australia.
45:41 - 45:46

But I know that in any UK and other countries there are comparable bodies
45:46 - 45:48

the ones that I've looked in so far
45:48 - 45:49

also don't review the source code.
45:49 - 45:51

So they have similar review processes.
45:51 - 45:55

The FDA only applies in the United States
45:55 - 45:57

So each region has its own approval process.
45:57 - 46:00

But from what I've discovered, so far in the regions
46:00 - 46:02

that I have looked at, they are similar.
46:03 - 46:05

The other thing is that there are other areas
46:05 - 46:07

where software is extremely important
46:07 - 46:09

that you've mentioned during your talk
46:09 - 46:12

like avionics and gambling machines, and so on.
46:12 - 46:15

And in some places in the World there are
46:15 - 46:18

different rules, there is review of code and that
46:18 - 46:18

sort of things.
46:19 - 46:23

Two things out of that. One is it seems a shame
46:23 - 46:27

that there aren't general government standards for
46:27 - 46:31

software where it matters. Have you got any thoughts
46:31 - 46:33

on how we could make that happen?
46:33 - 46:35

We have to become real advocates
46:35 - 46:38

and what does really strike me is that
46:38 - 46:41

proprietary software companies have such an amazing lobby.
46:41 - 46:43

They have so much money that they can pour in
46:43 - 46:46

to making sure that the government is deeply
46:46 - 46:48

concerned about their innovative edge.
46:48 - 46:52

For their products that
46:52 - 46:52

they keep they proprietary incentives
For their products that
46:52 - 46:54

they keep they proprietary incentives
46:54 - 46:56

Medical devices is a really good example
46:56 - 46:58

of how that breaks down.
46:58 - 47:01

When you think about the business case
47:01 - 47:04

of medical devices, you sort of search and see:
47:04 - 47:06

OK, well I'm not buying my heart…
47:06 - 47:08

I'm not choosing the brand of my heart device
47:08 - 47:10

because it has the best software on it.
47:10 - 47:14

I'm choosing Medtronic because they have a good track record.
47:14 - 47:18

Because they are a precision manufacturer of really detailed equipment
47:18 - 47:20

and they have been for a long time.
47:20 - 47:22

If they published their software,
47:22 - 47:24

even if they've published their hardware specs,
47:24 - 47:31

it's not like Nokia is going to go and start producing medical devices.
47:31 - 47:34

And if they did, it would take some time
47:34 - 47:35

to get doctors comfortable that the fact
47:35 - 47:36

that they will be relying on them.
47:36 - 47:38

They're going to get support.
47:38 - 47:43

There's this whole issue of the fact that
47:43 - 47:45

these proprietary software companies have
47:45 - 47:46

a really strong lobbying force.
47:46 - 47:49

The only response I got from Medtronic so far
47:49 - 47:52

is saying: "Our business case relies on"
47:52 - 47:54

"keeping ourselves for proprietary"
47:55 - 47:57

In the United States there were a bunch of
47:57 - 48:00

Breathalyzer cases, with drunk drivers.
48:04 - 48:05

There is a driver who said:
48:05 - 48:10

"If you're gonna convict me on the fact that"
48:10 - 48:12

"this Breathalyzer said my blood alcohol level was very high,"
48:12 - 48:14

"I want to be able to see the source code"
48:14 - 48:16

"in order to determine whether or not"
48:16 - 48:19

"that was accurately drived"
48:20 - 48:22

The company fought it and said
48:22 - 48:24

"this is our proprietary technology"
48:24 - 48:24

"blablabla".
48:24 - 48:26

Eventually the Court said you must produce
48:26 - 48:28

the software, the source code and
48:28 - 48:31

what the Court found through their experts was
48:31 - 48:33

that the results couldn't be relied on.
48:35 - 48:37

Amazing stuff, and this happens in a lot of different jurisdictions.
48:37 - 48:39

In the United States, some jurisdictions say
48:39 - 48:41

you must produce the code, others say no.
48:41 - 48:43

But I think at the end of the day
48:43 - 48:46

we need to keep it in our dialog, keep asking these questions
48:46 - 48:50

throughout our different areas from
48:50 - 48:53

breathalysers to medical devices.
48:53 - 48:58

And being a really vocal community
48:58 - 49:00

about these issues is going to help.
49:00 - 49:03

We also need to organize from a lobbying perspective as well,
49:03 - 49:05

because there is just so much funding on the other side.
49:07 - 49:08

There was a question back there.
49:09 - 49:10

Oh, you've got the mic, OK
49:11 - 49:13

So first of all, I think that your talk was totally awesome
49:13 - 49:17

and thanks for expressing basically the core
49:17 - 49:19

of the Free software ideology which is that
49:19 - 49:20

Free software is about freedom including
49:20 - 49:22

the freedom to know how you're kept alive.
49:22 - 49:26

Which I think is really important, so thanks for doing that!
49:26 - 49:32

clapping
49:34 - 49:36

As far as the remote car exploit stuff, that's
49:36 - 49:39

actually from Alexei, Karl and Franzi in the lab
49:39 - 49:40

at UW where I work.
49:40 - 49:43

And those exploits were done remotely
49:43 - 49:46

through the telematics units in the cars so just
49:46 - 49:49

like cardiac-implants people can crash you car remotely.
49:50 - 49:52

It's like through a telephone.
49:53 - 49:57

Actually, I meant to get that into a little bit more detail,
49:57 - 50:01

but yes the control of the cars were remote but
50:01 - 50:04

I also want to mention that the HP printer exploit
50:04 - 50:07

that happened recently, where
50:10 - 50:13

over the Internet, folks were able to take control of
50:13 - 50:16

HP printers which not only were able to do all
50:16 - 50:18

kind of terrible things like being able to know what
50:18 - 50:21

you are printing including monitoring to see if you
50:21 - 50:23

are printing text documents and so determining
50:23 - 50:26

what information was included in particular boxes
50:26 - 50:29

but they were also able to set printers on fire.
50:30 - 50:33

laughs
50:34 - 50:36

They weren't? They were!
50:36 - 50:39

"There was a guy at the CCC that had a printer set on fire this year"
50:39 - 50:40

"Yeah!"
50:40 - 50:51

mumbling
50:51 - 50:54

"You should either talk into the microphone or ask a question"
50:54 - 50:55

The question I was gonna ask you is
50:55 - 50:57

You're talking about accessibility
50:57 - 50:59

and one of the things I've noticed is that
50:59 - 51:01

people that are blind are totally fucked
51:01 - 51:03

when it comes to using computers
51:03 - 51:04

and if you want to get a Braille terminal
51:04 - 51:07

it can cost somewhere like 6 or 8 thousand Euros to get them.
51:07 - 51:10

And there is one group in the UK that are looking at
51:10 - 51:12

building affordable ones, I think coming in
51:12 - 51:14

somewhere at a thousand dollars.
51:14 - 51:16

But I wonder what Gnome can do to make it
51:16 - 51:19

so that computers are really accessible in terms of
51:19 - 51:21

alternate methods of interfacing with computers
51:21 - 51:24

especially for people who are blind or unable to see
51:25 - 51:26

and I wonder if you can talk a bit about
51:26 - 51:29

Braille terminals and maybe making them accessible and so on.
51:31 - 51:33

I was gonna say this actually as a separate talk.
51:33 - 51:36

There was a talk on accessibility at this conference,
51:36 - 51:39

but I don't want to get into too much detail
51:39 - 51:45

about the particular initiatives, but with Gnome 2
51:45 - 51:48

there are a lot of assistive technologies for
51:48 - 51:50

vision or magnification.
51:50 - 51:55

Other types of software that are very helpful but…
51:56 - 51:59

and actually Gnome won several awards for
51:59 - 52:01

the accessibility of their desktop.
52:01 - 52:05

But while we rewrote Gnome 3,
52:05 - 52:08

we actually broke a lot of our assistive technologies,
52:08 - 52:11

as part of the necessity of starting all over again
52:11 - 52:12

and starting new.
52:13 - 52:16

So actually our campaign is much more basic than that.
52:16 - 52:18

I'd like for us to get there over time.
52:18 - 52:20

But we have some great software
52:20 - 52:23

but it needs help just to get working.
52:23 - 52:25

So the accessibility campaign
52:25 - 52:27

that we're running now is really fundamental
52:27 - 52:31

If we get a huge level of support from it,
52:31 - 52:33

we can hire developers to work on the stuff and
52:33 - 52:36

start exploring some of those particular initiatives.
52:36 - 52:40

But it's sort of like, now the accessibility
52:40 - 52:43

team at Gnome, at our annual general meeting
52:43 - 52:45

I asked them to give a little presentation
52:45 - 52:48

of where we stand, and the first slide was
52:48 - 52:50

a set of stairs.
52:51 - 52:53

So right now, we have a lot of work to do.
52:53 - 52:56

We need to bring our new system back to
52:56 - 52:58

where we were with Gnome 2,
52:58 - 53:00

and then we need to go beyond.
53:00 - 53:02

We're much further now, with Gnome 3
53:02 - 53:04

than where we were when we launched Gnome 2
53:04 - 53:06

and Gnome 2 went really far
53:06 - 53:08

but we really have along way to go.
53:09 - 53:11

So there was a question for someone right over there
53:11 - 53:15

who had put his hand up, and I'll be really fast.
53:15 - 53:16

If we can have one more question,
53:16 - 53:18

we'll have to wrap it up after that.
53:22 - 53:23

Thank you.
53:24 - 53:30

I am concerned that should your implant fail,
53:31 - 53:34

and you collapsed to the floor, I don't know what to do.
53:34 - 53:37

Is it just CPR or is this something else I should do?
53:37 - 53:39

That's a great question.
53:39 - 53:42

Everybody should be trained in CPR,
53:42 - 53:45

and I've became aware of this and hassle
53:45 - 53:48

the people close to me to get trained in CPR
53:48 - 53:49

when I found I had this heart condition.
53:49 - 53:51

So if somebody collapse in the front of you,
53:51 - 53:53

you should commence CPR,
53:53 - 53:58

you should check their life signs and follow that procedure.
53:58 - 54:00

For me, if I've collapsed now my device
54:00 - 54:04

will most likely shock me and if it doesn't,
54:04 - 54:05

if somebody performs CPR,
54:05 - 54:09

hopefully we can keep my blood circulating until help comes
54:09 - 54:13

and I can be shocked with an external defibrillator.
54:13 - 54:16

The truth is, it often takes so long
54:16 - 54:17

to get an external defibrillator
54:17 - 54:19

and to get people's heart starting again
54:19 - 54:21

that there is often some brain damage by the time that happens.
54:21 - 54:23

So that's part of the reasons.
54:24 - 54:25

There is one in the lobby.
54:26 - 54:28

And it's funny because when I walk by those
54:28 - 54:30

now I think: "Those are for suckers!"
54:30 - 54:31

I've got my own!
54:31 - 54:35

clapping
54:35 - 54:39

So, all this to say I am really glad
54:39 - 54:41

that I have this piece of technology,
54:41 - 54:43

and I'm glad that I can rely on it.
54:43 - 54:45

I just think it can be better and safer.
54:45 - 54:46

Thanks you.
54:46 - 54:47

Unfortunately, we're running out of time,
54:47 - 54:49

but a huge round of applause for Karen.

Title:: "Freedom In My Heart And Everywhere" Keynote by Karen Sandler
Description:: Karen Sandler's keynote about Free and Open Source Software and the need for their use in the medical field, as well as in other key sectors of our society, including personal use.

Karen M. Sandler was at the time the Executive Director of the GNOME Foundation and prior to taking up this position had been General Counsel of the Software Freedom Law Center (SFLC). Karen continues to do pro bono legal work with SFLC and Question Copyright and serves as an officer of both the Software Freedom Conservancy and SFLC. Before joining SFLC, Karen worked as an associate in the corporate departments of Gibson, Dunn & Crutcher LLP in New York and Clifford Chance in New York and London. Karen received her law degree from Columbia Law School in 2000, where she was a James Kent Scholar and co-founder of the Columbia Science and Technology Law Review. Karen received her bachelor’s degree in engineering from The Cooper Union. She is a recipient of an O'Reilly Open Source Award and also co-host of the "Free as in Freedom" podcast.

Karen's personal blog, GNOMG, can be found at http://blogs.gnome.org/gnomg/.

more » « less
Video Language:: English
Duration:: 54:51

	pandark edited English subtitles for "Freedom In My Heart And Everywhere" Keynote by Karen Sandler
	pandark edited English subtitles for "Freedom In My Heart And Everywhere" Keynote by Karen Sandler
	pandark edited English subtitles for "Freedom In My Heart And Everywhere" Keynote by Karen Sandler
	pandark edited English subtitles for "Freedom In My Heart And Everywhere" Keynote by Karen Sandler
	pandark edited English subtitles for "Freedom In My Heart And Everywhere" Keynote by Karen Sandler
	pandark edited English subtitles for "Freedom In My Heart And Everywhere" Keynote by Karen Sandler
	pandark edited English subtitles for "Freedom In My Heart And Everywhere" Keynote by Karen Sandler
	pandark edited English subtitles for "Freedom In My Heart And Everywhere" Keynote by Karen Sandler

Show all

English subtitles

Revisions

Revision 39

pandark

"Freedom In My Heart And Everywhere" Keynote by Karen Sandler

Revisions

Our website uses cookies

Operating cookies (Required)