2015-07-25 5:38 GMT+09:00 Cathal Garvey <cathalgarvey@cathalgarvey.me>:

Without getting into the issue of whether patents encourage innovation.. I do think that medical devices are a special case. If you have a heart implant, that thing needs to be "unhackable", but also totally verifiably safe. So there should be firmware signing, no mutable state, verifiable memory safety...but the code should be open source, and if need be the firmware signing key for each device (needs to be different for each device!) should be accessible by a legitimate owner.

So, no more remote-hackable heart implants, but doctors and cardiac technicians can still apply critical patches and inspect the source for sanity.

Why should a heart implant be different than a car? Because there's experts involved? There's always experts involved! Because it's so life critical? It's always "so life critical"!

Legally difficult is the differences between "owner" and "user". I think whomever actually uses the device should be the one to be able to hack it. That includes leases, rents, corporate ownership, and everything else. "I drive it, I decide the software it runs". This follows from the idea that "the software's choices are my choices" - in case of such direct life affectors that choice should never be taken away.

It's funny; I think this evolved into an equivalent of the "forced inoculation" argument... There's some point to be made for experts truly knowing better, and nobody having any reason to go against the experts' opinions. I think that, in that case, any rational person should be able to reach that same conclusion. If they don't, well, that's a more general problem to be approached separately.