Without getting into the issue of whether patents encourage innovation.. I do think that medical devices are a special case. If you have a heart implant, that thing needs to be "unhackable", but also totally verifiably safe. So there should be firmware signing, no mutable state, verifiable memory safety...but the code should be open source, and if need be the firmware signing key for each device (needs to be different for each device!) should be accessible by a legitimate owner. So, no more remote-hackable heart implants, but doctors and cardiac technicians can still apply critical patches and inspect the source for sanity. On 24/07/15 21:26, Lodewijk andré de la porte wrote:
Anyone care for a law that will:
1. Ban unhackable vehicles and other life-critical devices (meaning: life-critical software must be rewritable) 2. Require all life-critical software to be released in source format, for the purpose of public auditing, improving it's safety features and employing the software on the devices it is intended for. 3. Any tools used to translate the source to writable code must also be provided in the manner of 2.
These laws should still allow manufacturers to: 1. Spy on their users without that being changed 2. Lock down their code so competitors may not use it (proprietary open source) 3. Have software in the machines that is not opened; so long as it is properly (verifiably) isolated from essential systems 4. Legally own the entire machine 5. Drop guarantees when non-security-related modifications have been made etc
This law should be as precise and immutable as possible. This is not a matter of "I want to hack things" or "competition would be better if it were open" or "I want to own what I have/use", etc, etc. Being precise with the law allows it to pass more readily.
Personally I think if everything were required open source and self-compiled; that would objectively be better for humanity as a whole. For protecting innovation there's patents, closing the source is excess. Etc. etc.
But this is not about fun. This is about extremely basic safety. It is about national security; if 500,000 cars go haywire at the same time a lot of deaths, directly and indirectly, can be expected. And it's not just the cars; it's also the industrial machines, medical equipment, the metro's and trains, the automated cars and busses and trucks and aircraft, medium sized hobbyist drones, heaters, stoves and ovens, automated doors, elevators, fire, smoke and other emergency alarms, etc.
Should a foreign country cyberattack whilst doing any other kind of large scale attack; the effects could be devastating. Should a person be marked for assassination, no one would be the wiser.
I'd argue for similar protection for fridges, televisions, smartphones, etc, etc, as more and more items are expected to become networked and essential for upholding basic freedoms and ways of life. And I'd argue to have it for privacy; not just essential safety.
Simply put; the simple version of the law above is imperative for personal and national security. And it doesn't exist.
(note: all countries should be more worried about cybersecurity. I cannot trust my government to act as it should if every public servant can be blackmailed or thoroughly spied upon. It's not hard to improve security; but it's much harder now that nobody's doing it, and now that it's given no priority)
-- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey