Hackers Remotely Kill a Jeep on the Highway

[l@odewijk.nl (Lodewijk andré de la porte)]

2015-07-25 5:38 GMT+09:00 Cathal Garvey <cathalgarvey@cathalgarvey.me>:

> Without getting into the issue of whether patents encourage innovation.. I
> do think that medical devices are a special case. If you have a heart
> implant, that thing needs to be "unhackable", but also totally verifiably
> safe. So there should be firmware signing, no mutable state, verifiable
> memory safety...but the code should be open source, and if need be the
> firmware signing key for each device (needs to be different for each
> device!) should be accessible by a legitimate owner.
>
> So, no more remote-hackable heart implants, but doctors and cardiac
> technicians can still apply critical patches and inspect the source for
> sanity.
>

Why should a heart implant be different than a car? Because there's experts
involved? There's always experts involved! Because it's so life critical?
It's always "so life critical"!

Legally difficult is the differences between "owner" and "user". I think
whomever actually uses the device should be the one to be able to hack it.
That includes leases, rents, corporate ownership, and everything else. "I
drive it, I decide the software it runs". This follows from the idea that
"the software's choices are my choices" - in case of such direct life
affectors that choice should never be taken away.

It's funny; I think this evolved into an equivalent of the "forced
inoculation" argument... There's some point to be made for experts truly
knowing better, and nobody having any reason to go against the experts'
opinions. I think that, in that case, any rational person should be able to
reach that same conclusion. If they don't, well, that's a more general
problem to be approached separately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20150725/10684643/attachment.html>