Without getting into the issue of whether patents encourage innovation..
I do think that medical devices are a special case. If you have a heart
implant, that thing needs to be "unhackable", but also totally
verifiably safe. So there should be firmware signing, no mutable state,
verifiable memory safety...but the code should be open source, and if
need be the firmware signing key for each device (needs to be different
for each device!) should be accessible by a legitimate owner.
So, no more remote-hackable heart implants, but doctors and cardiac
technicians can still apply critical patches and inspect the source for
sanity.
On 24/07/15 21:26, Lodewijk andré de la porte wrote:
Anyone care for a law that will:
1. Ban unhackable vehicles and other life-critical devices (meaning:
life-critical software must be rewritable)
2. Require all life-critical software to be released in source format,
for the purpose of public auditing, improving it's safety features and
employing the software on the devices it is intended for.
3. Any tools used to translate the source to writable code must also be
provided in the manner of 2.
These laws should still allow manufacturers to:
1. Spy on their users without that being changed
2. Lock down their code so competitors may not use it (proprietary open
source)
3. Have software in the machines that is not opened; so long as it is
properly (verifiably) isolated from essential systems
4. Legally own the entire machine
5. Drop guarantees when non-security-related modifications have been made
etc
This law should be as precise and immutable as possible. This is not a
matter of "I want to hack things" or "competition would be better if it
were open" or "I want to own what I have/use", etc, etc. Being precise
with the law allows it to pass more readily.
Personally I think if everything were required open source and
self-compiled; that would objectively be better for humanity as a whole.
For protecting innovation there's patents, closing the source is excess.
Etc. etc.
But this is not about fun. This is about extremely basic safety. It is
about national security; if 500,000 cars go haywire at the same time a
lot of deaths, directly and indirectly, can be expected. And it's not
just the cars; it's also the industrial machines, medical equipment, the
metro's and trains, the automated cars and busses and trucks and
aircraft, medium sized hobbyist drones, heaters, stoves and ovens,
automated doors, elevators, fire, smoke and other emergency alarms, etc.
Should a foreign country cyberattack whilst doing any other kind of
large scale attack; the effects could be devastating. Should a person be
marked for assassination, no one would be the wiser.
I'd argue for similar protection for fridges, televisions, smartphones,
etc, etc, as more and more items are expected to become networked and
essential for upholding basic freedoms and ways of life. And I'd argue
to have it for privacy; not just essential safety.
Simply put; the simple version of the law above is imperative for
personal and national security. And it doesn't exist.
(note: all countries should be more worried about cybersecurity. I
cannot trust my government to act as it should if every public servant
can be blackmailed or thoroughly spied upon. It's not hard to improve
security; but it's much harder now that nobody's doing it, and now that
it's given no priority)
--
Scientific Director, IndieBio EU Programme
Now running in Cork, Ireland May->July
Learn more at indie.bio and follow along!
Twitter: @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: cathalgarvey
