Implanted medical devices are more connected than ever. Karen Sandler says we should all have access to the software they run.


There probably aren’t many questions from patients that leave electrophysiologists speechless. Karen Sandler stumped hers with just one. Sandler, executive director at the Software Freedom Conservancy, wanted to know about the software powering the pacemaker that she needed.

Sandler has an outsize heart (three times the size of the average ticker), a condition called hypertrophic cardiomyopathy. For her, the condition is without symptoms but she runs an increased chance of sudden death with each year that passes.

“I was told that everything would be fine, because I could get this defibrillator implanted in my body. If I get into trouble it’ll be like a fairy godmother shocking me,” Sandler recounted in a recent Index Conference keynote. The specialist was showing Sandler and her mother the small, lightweight device that some patients refer to as “internal bling.”

“I had just one question for him: what does it run on?”

Sandler, a lawyer by profession, said the doctor didn’t understand the question. Then he called in a representative for the device, who also didn’t know anything about the software inside. After the doctor’s visit, Sandler dogged the company’s help line, a scenario she describes as “phone tree hell” but found that none of the manufacturers had answers for her.

“I did what any normal person would do, I put it off,” she says. She changed her mind, however, after both her mother and a close friend admitted to fearing Sandler was dead every time they got her voicemail.

So Sandler got the implant – embracing her “inner cyborg” she says while flashing a slide of “Star Trek: Voyager” character Seven of Nine – and embarked on a research project about the proprietary software inside medical devices.

The results? “Software has bugs. Yeah, surprise!” she notes, demonstrating exactly zero surprise. “These devices are totally vulnerable,” Sandler concludes. Unsurprisingly, she found that free and open software was less vulnerable than proprietary systems for medical devices. The Four Freedoms — to use, study, share and improve the software – not only lead to fewer bugs but help wipe out the remaining ones. (More on this in a paper from the Software Freedom Law Center titled “Killed with Code.”)

“That means that if you face a problem, probably other people do too and you can share those changes with others,” Sandler says. Patients don’t have to rely on any particular company, which is really important when it comes to things like your heart.

“Right now what we have in in the medical device space is the worst of both worlds,” she says. “These devices are broadcasting remote wirelessly all the time, they have radio telemetry on them — but no real security and there’s no basic password protection.”

Image // CC BY NC

Sandler had a terrifying experience with the standard issue programming of the device going wrong when she was pregnant – her slightly elevated heart rate caused it to shock her. Because as a pregnant woman she was not the typical for the device, the doctor’s solution was medication to slow down her heart rate. It could’ve been worse:  there were 16,000 deaths associated with medical devices in the FDA database. But with the devices as black boxes, it’s hard to diagnose where the devices went wrong.

“I would have liked to have seen the source code to my device — even if I got all the pregnant women with defibrillators together, there’s not enough money to get those to get the device manufacturer to consider our case,” she says. It’s a perfect example of a company’s good intentions leading to dangerous situations for some.

Sandler, a one-time “Mac fan girl” who previously worked at the Gnome Foundation and has been a proponent of FOSS since the 90s, says that now her interest in it has taken on a new dimension.

“Now I’m someone who thinks that software freedom is essential, not this esoteric issue,” she says. “It’s in fact something that is going to undermine the safety and the very nature of our society.”

Still, she considers it a privilege to be what she calls a voluntary cyborg.

“The truth is we will all become cyborgs over time,” she says. “Because I want to incorporate enough technology in my body to take advantage of advances as they go forward.”

“So I say cyborgs unite!…We’re at the beginning of a road with free and open source software and with it, we have options.”

Catch the entire 43-minute session below.

Hat tip: Monty Taylor

Cover Photo // CC BY NC