Conservancy/website
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
website/www/conservancy/static/docs/2023-01-31_KU-Lueven_Sandler-Karen_Software-Rights-Accountability-and-Autonomy-in-Our-Technology.txt

4437 lines
96 KiB
Text
Raw Blame History

WEBVTT
Kind: captions
Language: en
00:00:03.300 --> 00:00:25.740
foreign
00:00:25.740 --> 00:00:27.840
good afternoon ladies and gentlemen
00:00:27.840 --> 00:00:30.660
welcome to this lecture which is somehow
00:00:30.660 --> 00:00:33.420
a warming up for the big official
00:00:33.420 --> 00:00:36.540
celebration of patterns Saints Day next
00:00:36.540 --> 00:00:38.160
Thursday
00:00:38.160 --> 00:00:41.219
since some time we know the names of
00:00:41.219 --> 00:00:43.739
five people who will be awarded an
00:00:43.739 --> 00:00:46.260
honorary doctorate because they are
00:00:46.260 --> 00:00:49.620
considered really as front-runners in
00:00:49.620 --> 00:00:52.260
their field as well as advocates of
00:00:52.260 --> 00:00:55.260
society on different issues and one of
00:00:55.260 --> 00:00:58.500
these names is and that's thanks to the
00:00:58.500 --> 00:01:01.980
nomination by the students delegation Dr
00:01:01.980 --> 00:01:05.400
Karen Sandler sitting here
00:01:05.400 --> 00:01:08.760
it was the vice Rector of research that
00:01:08.760 --> 00:01:12.000
asked me to do this introduction and I
00:01:12.000 --> 00:01:14.820
do this with great pleasure because also
00:01:14.820 --> 00:01:17.280
the topic is something I'm really
00:01:17.280 --> 00:01:18.799
interested in
00:01:18.799 --> 00:01:22.680
Karen is a firm believer of software
00:01:22.680 --> 00:01:25.799
freedom and in my own research field I
00:01:25.799 --> 00:01:27.619
should also maybe
00:01:27.619 --> 00:01:31.140
give some information on myself I am a
00:01:31.140 --> 00:01:33.000
professor of intellectual property law
00:01:33.000 --> 00:01:36.119
so I teach students about the legal
00:01:36.119 --> 00:01:38.759
protection of amongst other things
00:01:38.759 --> 00:01:41.880
software and I also have some parts on
00:01:41.880 --> 00:01:44.520
OPEC explaining the difference between
00:01:44.520 --> 00:01:47.400
proprietary software and open source
00:01:47.400 --> 00:01:51.000
software I'm also head of ctip ctip is
00:01:51.000 --> 00:01:53.520
the center for I.T and IRP rights and
00:01:53.520 --> 00:01:56.220
the law faculty and we do a lot of
00:01:56.220 --> 00:01:58.740
research not only on open source but
00:01:58.740 --> 00:02:01.079
also the data issues property of data
00:02:01.079 --> 00:02:03.899
and so on personal non-personal data
00:02:03.899 --> 00:02:07.200
especially in relation to health and I
00:02:07.200 --> 00:02:09.539
already admitted to Karen that our
00:02:09.539 --> 00:02:11.640
researchers or many of them have signed
00:02:11.640 --> 00:02:14.280
a letter to the I.T responsibles at this
00:02:14.280 --> 00:02:17.340
University that we should switch to big
00:02:17.340 --> 00:02:21.720
blue button but uh and I read in your uh
00:02:21.720 --> 00:02:25.099
article that that is also one of your
00:02:25.099 --> 00:02:28.200
favorite programs
00:02:28.200 --> 00:02:31.200
so as you all I am eagerly looking
00:02:31.200 --> 00:02:33.900
forward to hearing the insights of Karen
00:02:33.900 --> 00:02:36.420
but before giving her the microphone I
00:02:36.420 --> 00:02:39.239
should say a few words on her career I
00:02:39.239 --> 00:02:41.580
will be brief because otherwise I risk
00:02:41.580 --> 00:02:44.400
using up the field lecture time and that
00:02:44.400 --> 00:02:46.860
is not something I want to do Karen
00:02:46.860 --> 00:02:50.760
begin her career as a lawyer after
00:02:50.760 --> 00:02:52.620
having received a law degree from
00:02:52.620 --> 00:02:56.400
Columbia Law School she also holds a
00:02:56.400 --> 00:02:59.160
Bachelor of Science in engineering from
00:02:59.160 --> 00:03:01.019
the Cooper Union
00:03:01.019 --> 00:03:03.959
amongst many other things she currently
00:03:03.959 --> 00:03:06.720
is executive director of the software
00:03:06.720 --> 00:03:10.080
Freedom Conservancy which is a
00:03:10.080 --> 00:03:12.120
non-profit organization that supports
00:03:12.120 --> 00:03:14.700
initiatives that make technology more
00:03:14.700 --> 00:03:17.760
inclusive and promotes free and open
00:03:17.760 --> 00:03:20.099
source software false
00:03:20.099 --> 00:03:23.760
a mouthful of words but it in essence
00:03:23.760 --> 00:03:27.060
all boils down to two big words software
00:03:27.060 --> 00:03:29.220
freedom
00:03:29.220 --> 00:03:32.159
Karen has earned numerous Awards and
00:03:32.159 --> 00:03:35.640
recognitions but I invite you to check
00:03:35.640 --> 00:03:38.879
her website and explore these things
00:03:38.879 --> 00:03:39.959
yourself
00:03:39.959 --> 00:03:42.360
Karen it is truly an honor to have you
00:03:42.360 --> 00:03:44.459
with us today and without a further Ado
00:03:44.459 --> 00:03:48.840
uh gladly invite you to to take the
00:03:48.840 --> 00:03:53.760
floor
00:03:53.760 --> 00:03:55.200
Professor that was such a wonderful
00:03:55.200 --> 00:03:56.400
introduction
00:03:56.400 --> 00:03:58.980
I I would like to hear you give this
00:03:58.980 --> 00:03:59.840
talk
00:03:59.840 --> 00:04:02.879
maybe some other time we'll we should
00:04:02.879 --> 00:04:04.440
jointly do one
00:04:04.440 --> 00:04:07.440
um so I'm so happy to be here um with
00:04:07.440 --> 00:04:11.519
you today I'm I'm going to give you a um
00:04:11.519 --> 00:04:15.299
a story about myself and my work and how
00:04:15.299 --> 00:04:17.820
I got involved in software freedom and
00:04:17.820 --> 00:04:21.959
how that impacts our my view of how
00:04:21.959 --> 00:04:25.259
technology is in our society and where
00:04:25.259 --> 00:04:27.360
we should go from here
00:04:27.360 --> 00:04:31.259
so to start I need to tell you something
00:04:31.259 --> 00:04:34.680
about myself that I still to this day
00:04:34.680 --> 00:04:38.100
even though I have done probably 15
00:04:38.100 --> 00:04:40.199
years worth of advocacy on this
00:04:40.199 --> 00:04:42.780
particular Point uh always talking about
00:04:42.780 --> 00:04:45.660
my medical condition is is always a
00:04:45.660 --> 00:04:47.880
little stressful but I have a heart
00:04:47.880 --> 00:04:50.699
condition I literally have a big heart
00:04:50.699 --> 00:04:53.100
it's called hypertrophic cardiomyopathy
00:04:53.100 --> 00:04:55.620
and my heart isn't just
00:04:55.620 --> 00:04:57.960
um big it's really thick and so it's
00:04:57.960 --> 00:04:59.880
really stiff when it meets and what that
00:04:59.880 --> 00:05:02.580
means is that I am at a very high risk
00:05:02.580 --> 00:05:05.580
of suddenly dying the medical term is
00:05:05.580 --> 00:05:07.400
actually sudden death
00:05:07.400 --> 00:05:11.759
so that's okay because I have a
00:05:11.759 --> 00:05:13.380
pacemaker defibrillator that is
00:05:13.380 --> 00:05:16.199
implanted in my body this picture is
00:05:16.199 --> 00:05:18.660
actually the pacemaker defibrillator
00:05:18.660 --> 00:05:21.000
that I used to have that you can see
00:05:21.000 --> 00:05:24.180
kind of a dent in it that's because it
00:05:24.180 --> 00:05:27.720
was where it was kind of pried out
00:05:27.720 --> 00:05:30.360
um and I have one here if anyone is
00:05:30.360 --> 00:05:32.880
curious can see it after this is the
00:05:32.880 --> 00:05:35.220
model I have now which is a different
00:05:35.220 --> 00:05:37.199
device
00:05:37.199 --> 00:05:41.759
um so when I got this device I was
00:05:41.759 --> 00:05:45.720
astounded by how little the doctors knew
00:05:45.720 --> 00:05:47.580
about the technology that they were
00:05:47.580 --> 00:05:50.880
plant and planting into patients bodies
00:05:50.880 --> 00:05:54.419
they had not for one minute thought
00:05:54.419 --> 00:05:56.039
about the fact that there was software
00:05:56.039 --> 00:05:58.199
on those devices
00:05:58.199 --> 00:06:01.259
and it had not even occurred to them
00:06:01.259 --> 00:06:03.240
that you could
00:06:03.240 --> 00:06:05.460
interact with that technology and that
00:06:05.460 --> 00:06:07.039
anyone other than the medical device
00:06:07.039 --> 00:06:10.020
manufacturers could have any control
00:06:10.020 --> 00:06:11.160
over it
00:06:11.160 --> 00:06:13.680
because I was an engineer turned lawyer
00:06:13.680 --> 00:06:16.560
my first questions were about you know
00:06:16.560 --> 00:06:18.960
can I see the software on my device I
00:06:18.960 --> 00:06:20.460
mean I wanted to know about the safety
00:06:20.460 --> 00:06:22.919
and efficacy and to do that what better
00:06:22.919 --> 00:06:25.620
way than to review the software on my
00:06:25.620 --> 00:06:27.960
device in addition to whatever other
00:06:27.960 --> 00:06:30.000
materials that I could find and of
00:06:30.000 --> 00:06:32.460
course what I found which won't surprise
00:06:32.460 --> 00:06:34.800
anybody oh let's take a poll how many
00:06:34.800 --> 00:06:38.100
people here are engineering or computer
00:06:38.100 --> 00:06:40.080
science students
00:06:40.080 --> 00:06:42.660
so that's like I'd say like a third
00:06:42.660 --> 00:06:44.639
maybe even more
00:06:44.639 --> 00:06:47.400
um anybody here studying law
00:06:47.400 --> 00:06:50.460
oh amazing that's like a quarter
00:06:50.460 --> 00:06:52.020
um what else should I ask
00:06:52.020 --> 00:06:54.840
to know who else is here
00:06:54.840 --> 00:06:57.660
uh students raise your hand
00:06:57.660 --> 00:07:00.479
and that's like a third and uh any
00:07:00.479 --> 00:07:02.280
faculty members
00:07:02.280 --> 00:07:04.500
so like a few okay this is amazing
00:07:04.500 --> 00:07:05.639
welcome
00:07:05.639 --> 00:07:08.580
um so normally uh audiences kind of
00:07:08.580 --> 00:07:10.080
cluster in one area or another and this
00:07:10.080 --> 00:07:11.639
is really cool because you're all here
00:07:11.639 --> 00:07:13.680
in one place
00:07:13.680 --> 00:07:17.220
um and so it with with my background
00:07:17.220 --> 00:07:19.319
um you know this launched me into a
00:07:19.319 --> 00:07:21.780
whole research area and because I was a
00:07:21.780 --> 00:07:23.460
I brought the legal skills I decided
00:07:23.460 --> 00:07:26.699
that um well first my inner engineer
00:07:26.699 --> 00:07:29.639
took over and so I asked the company for
00:07:29.639 --> 00:07:31.680
the source code of course with no avail
00:07:31.680 --> 00:07:34.199
going through phone trees talking to
00:07:34.199 --> 00:07:35.940
people the all of my medical
00:07:35.940 --> 00:07:37.800
professionals the doctors that I worked
00:07:37.800 --> 00:07:40.919
with and the nurse practitioners
00:07:40.919 --> 00:07:42.720
um couldn't really understand why I was
00:07:42.720 --> 00:07:44.340
asking these questions or even what my
00:07:44.340 --> 00:07:47.880
questions meant and ultimately I kept
00:07:47.880 --> 00:07:50.340
getting shoved into various phone trees
00:07:50.340 --> 00:07:52.380
to no avail and being told that someone
00:07:52.380 --> 00:07:55.919
would get back to me and nobody ever did
00:07:55.919 --> 00:07:58.319
um so I decided to file a bunch of
00:07:58.319 --> 00:08:00.240
Freedom of Information Act requests in
00:08:00.240 --> 00:08:01.740
the United States to see what I could
00:08:01.740 --> 00:08:04.440
find about the FDA process in the United
00:08:04.440 --> 00:08:05.880
States the Food and Drug Administration
00:08:05.880 --> 00:08:09.120
process about these devices and what I
00:08:09.120 --> 00:08:11.340
found was that there really wasn't very
00:08:11.340 --> 00:08:13.680
much review at all on the software that
00:08:13.680 --> 00:08:16.259
in fact in the United States we relied
00:08:16.259 --> 00:08:18.780
on the companies who test these devices
00:08:18.780 --> 00:08:21.240
to provide the reports about the safety
00:08:21.240 --> 00:08:23.940
of the software on the devices
00:08:23.940 --> 00:08:26.879
um and so this launched me into an
00:08:26.879 --> 00:08:28.740
existential
00:08:28.740 --> 00:08:34.800
crisis about my body the night before I
00:08:34.800 --> 00:08:37.080
became I but before my surgery where I
00:08:37.080 --> 00:08:40.260
got the defibrillator I had a party
00:08:40.260 --> 00:08:43.500
which was a cyborg becoming party
00:08:43.500 --> 00:08:45.839
I thought well if this is going to
00:08:45.839 --> 00:08:49.680
happen we're gonna do it right and I
00:08:49.680 --> 00:08:51.660
realized that as this software was
00:08:51.660 --> 00:08:54.480
becoming a part of my life and my body
00:08:54.480 --> 00:08:56.720
it also had to become a part of my work
00:08:56.720 --> 00:09:01.800
and so I started I I used to think that
00:09:01.800 --> 00:09:04.140
open source was really cool
00:09:04.140 --> 00:09:06.839
um raise your hand if you are familiar
00:09:06.839 --> 00:09:08.820
with the term open source
00:09:08.820 --> 00:09:10.920
that is almost everybody raise your hand
00:09:10.920 --> 00:09:12.240
if you're familiar with the term free
00:09:12.240 --> 00:09:13.680
software
00:09:13.680 --> 00:09:15.240
that's
00:09:15.240 --> 00:09:17.519
almost everybody again this is so great
00:09:17.519 --> 00:09:19.440
I'm gonna skip this
00:09:19.440 --> 00:09:22.860
fantastic anyway because of all of and
00:09:22.860 --> 00:09:25.260
sorry for people in the live stream
00:09:25.260 --> 00:09:28.399
um but there is a lot of resources go to
00:09:28.399 --> 00:09:31.019
sfconservancy.org if you click on the um
00:09:31.019 --> 00:09:33.540
the learn more about Vizio button you'll
00:09:33.540 --> 00:09:34.920
see and I'll get to that later but
00:09:34.920 --> 00:09:37.620
there's a lot of introductory resources
00:09:37.620 --> 00:09:40.560
um so so I work at the software Freedom
00:09:40.560 --> 00:09:42.300
Conservancy where I was a co-founder
00:09:42.300 --> 00:09:44.339
software Freedom Conservancy is a
00:09:44.339 --> 00:09:46.620
us-based charitable organization where
00:09:46.620 --> 00:09:49.740
we have three major areas of our work
00:09:49.740 --> 00:09:54.000
the first one is we we cannot expect
00:09:54.000 --> 00:09:56.700
people to move away from proprietary
00:09:56.700 --> 00:09:58.380
software if they do not have
00:09:58.380 --> 00:10:01.560
alternatives to move to so we are a
00:10:01.560 --> 00:10:03.420
fiscal sponsor and we have a lot of
00:10:03.420 --> 00:10:05.519
member projects that are developing free
00:10:05.519 --> 00:10:07.440
and open source solutions that we can
00:10:07.440 --> 00:10:10.260
use instead of um
00:10:10.260 --> 00:10:13.140
proprietary software and so that's our
00:10:13.140 --> 00:10:18.300
first branch
00:10:18.300 --> 00:10:20.519
our second branch is called outreachy
00:10:20.519 --> 00:10:25.260
and um and this came about because as
00:10:25.260 --> 00:10:26.820
um as
00:10:26.820 --> 00:10:31.440
as people in a deeply technical field we
00:10:31.440 --> 00:10:33.660
realize that that field was not well
00:10:33.660 --> 00:10:35.160
represented
00:10:35.160 --> 00:10:38.640
um it started out personally where where
00:10:38.640 --> 00:10:40.680
folks realized that
00:10:40.680 --> 00:10:42.240
um uh
00:10:42.240 --> 00:10:45.000
when we ask people to apply to programs
00:10:45.000 --> 00:10:46.920
and participate in our events there
00:10:46.920 --> 00:10:49.680
simply were no women and personally for
00:10:49.680 --> 00:10:53.399
me I noticed that at so many conferences
00:10:53.399 --> 00:10:56.820
I was the only woman in really a sea of
00:10:56.820 --> 00:10:59.940
people and it was uh it was it was
00:10:59.940 --> 00:11:01.339
steeply surprising
00:11:01.339 --> 00:11:04.980
and uh and often off-putting the number
00:11:04.980 --> 00:11:08.000
of sexist comments that were made
00:11:08.000 --> 00:11:12.600
assumptions about my capabilities were
00:11:12.600 --> 00:11:17.160
very demoralizing I would stand next to
00:11:17.160 --> 00:11:19.320
another executive director of a
00:11:19.320 --> 00:11:22.140
non-profit in Tech who was a man and
00:11:22.140 --> 00:11:24.540
people would assume that he had a
00:11:24.540 --> 00:11:26.640
technical background and I didn't but he
00:11:26.640 --> 00:11:29.160
was a marketer and I was an engineer it
00:11:29.160 --> 00:11:32.579
was very surprising and so and so not
00:11:32.579 --> 00:11:34.140
just not from my personal experiences
00:11:34.140 --> 00:11:36.120
but but from the experiences the
00:11:36.120 --> 00:11:36.980
community
00:11:36.980 --> 00:11:40.320
a woman named Marina zurahin skya who
00:11:40.320 --> 00:11:43.560
unfortunately died in June of breast
00:11:43.560 --> 00:11:46.500
cancer after a wonderful three-year
00:11:46.500 --> 00:11:47.540
fight
00:11:47.540 --> 00:11:50.399
she founded this this program with the
00:11:50.399 --> 00:11:52.019
gnome foundation and I came soon after
00:11:52.019 --> 00:11:53.940
and we built it up together this program
00:11:53.940 --> 00:11:56.579
provides internships to people who are
00:11:56.579 --> 00:11:58.500
subject to systemic bias and who are
00:11:58.500 --> 00:12:00.779
impacted by underrepresentation and the
00:12:00.779 --> 00:12:03.420
idea is that but our experience was as
00:12:03.420 --> 00:12:06.240
women and the dearth of women in
00:12:06.240 --> 00:12:09.079
technology and in the field was really
00:12:09.079 --> 00:12:13.079
Stark but the Discrimination runs deep
00:12:13.079 --> 00:12:18.420
in technology in general and in order to
00:12:18.420 --> 00:12:21.180
Rectify it we need to do something
00:12:21.180 --> 00:12:25.200
actively to invite people technology not
00:12:25.200 --> 00:12:26.060
only
00:12:26.060 --> 00:12:30.120
has a horrible impact by reinforcing the
00:12:30.120 --> 00:12:33.540
biases of people who make it but we know
00:12:33.540 --> 00:12:36.000
that our technology will not serve
00:12:36.000 --> 00:12:38.399
everyone until it is made by everyone
00:12:38.399 --> 00:12:41.040
and so giving people a chance to
00:12:41.040 --> 00:12:42.899
overcome the biases and discrimination
00:12:42.899 --> 00:12:45.360
that they have experienced has become an
00:12:45.360 --> 00:12:47.339
important part of the program that we do
00:12:47.339 --> 00:12:48.720
so we call it outreachy it's an
00:12:48.720 --> 00:12:49.920
internship program where we do paid
00:12:49.920 --> 00:12:53.279
remote internships twice a year with
00:12:53.279 --> 00:12:55.980
open source communities students are
00:12:55.980 --> 00:12:57.540
very welcome but you don't have to be a
00:12:57.540 --> 00:12:59.940
student to apply to it just tell us
00:12:59.940 --> 00:13:01.860
about the systemic bias and
00:13:01.860 --> 00:13:03.300
underrepresentation that you've
00:13:03.300 --> 00:13:05.880
experienced and that's the eligibility
00:13:05.880 --> 00:13:08.459
and then it's it's an amazing mentorship
00:13:08.459 --> 00:13:09.540
program
00:13:09.540 --> 00:13:11.820
um anyway it's uh it's been running for
00:13:11.820 --> 00:13:13.920
over 10 years now and this summer we'll
00:13:13.920 --> 00:13:16.500
get to a thousand interns I am really
00:13:16.500 --> 00:13:18.540
really excited about that
00:13:18.540 --> 00:13:22.200
um and so uh that is the second area the
00:13:22.200 --> 00:13:25.019
third area of the work that we do at
00:13:25.019 --> 00:13:27.420
software Freedom Conservancy is is
00:13:27.420 --> 00:13:29.880
focusing on copy left raise your hand if
00:13:29.880 --> 00:13:31.920
you are familiar with the with copy left
00:13:31.920 --> 00:13:33.360
licensing
00:13:33.360 --> 00:13:35.279
okay so that's about half of the
00:13:35.279 --> 00:13:37.920
audience copied left licensing is a form
00:13:37.920 --> 00:13:40.019
of free and open source software so it's
00:13:40.019 --> 00:13:43.680
a subset of licenses that are are free
00:13:43.680 --> 00:13:47.100
and open copy left licenses are licenses
00:13:47.100 --> 00:13:48.779
that have a provision that people call
00:13:48.779 --> 00:13:51.660
reciprocal detractors used to call it
00:13:51.660 --> 00:13:54.300
viral until viral was cool
00:13:54.300 --> 00:13:56.639
um and it basically our licenses that
00:13:56.639 --> 00:13:58.860
say you can do whatever you want with
00:13:58.860 --> 00:14:01.380
this software you can study it you can
00:14:01.380 --> 00:14:03.240
share it you can make changes you can
00:14:03.240 --> 00:14:05.100
share those changes but
00:14:05.100 --> 00:14:07.139
if you distribute it or share those
00:14:07.139 --> 00:14:09.839
changes you must do it under the same
00:14:09.839 --> 00:14:12.000
license and you must give rights to
00:14:12.000 --> 00:14:15.480
everybody who receives it and so with at
00:14:15.480 --> 00:14:18.240
software Freedom Conservancy we are the
00:14:18.240 --> 00:14:20.459
folks that stand up for these licenses
00:14:20.459 --> 00:14:22.740
when companies violate them and I'll get
00:14:22.740 --> 00:14:24.959
more to that a little bit later
00:14:24.959 --> 00:14:27.899
and so doing this work at software
00:14:27.899 --> 00:14:30.420
Freedom Conservancy you know it followed
00:14:30.420 --> 00:14:32.459
on that
00:14:32.459 --> 00:14:35.940
um what I the trying to find ways to
00:14:35.940 --> 00:14:37.200
empower
00:14:37.200 --> 00:14:40.860
people impacted by technology in the
00:14:40.860 --> 00:14:42.540
face of the helplessness that I felt
00:14:42.540 --> 00:14:44.579
about my defibrillator I just wanted to
00:14:44.579 --> 00:14:46.980
see what was inside my own body and it
00:14:46.980 --> 00:14:49.440
was really about the accountability of
00:14:49.440 --> 00:14:51.480
it the auditability of it you know if
00:14:51.480 --> 00:14:53.220
you can't review it how do you know it's
00:14:53.220 --> 00:14:55.500
safe right if you can't test it how do
00:14:55.500 --> 00:14:57.180
you know it's safe
00:14:57.180 --> 00:14:58.139
um
00:14:58.139 --> 00:15:00.899
so I for me it was all about this kind
00:15:00.899 --> 00:15:03.959
of transparency argument and then what's
00:15:03.959 --> 00:15:05.760
been so fascinating is that as I've
00:15:05.760 --> 00:15:08.040
lived with my device
00:15:08.040 --> 00:15:10.139
different things in my life have come up
00:15:10.139 --> 00:15:13.380
from time to time that have changed my
00:15:13.380 --> 00:15:15.120
understanding of the ways in which
00:15:15.120 --> 00:15:17.760
technology impacts people this is a
00:15:17.760 --> 00:15:19.920
picture of me when I was almost I think
00:15:19.920 --> 00:15:21.839
I was nine months pregnant
00:15:21.839 --> 00:15:25.620
um I it was a fun trip but uh but it was
00:15:25.620 --> 00:15:26.820
the very last one
00:15:26.820 --> 00:15:30.420
um but yeah so when I was pregnant uh
00:15:30.420 --> 00:15:32.579
because I have a heart condition my
00:15:32.579 --> 00:15:35.220
heart did no sorry I have a heart
00:15:35.220 --> 00:15:36.600
condition but my heart was doing
00:15:36.600 --> 00:15:38.639
something that normal pregnant like
00:15:38.639 --> 00:15:40.079
people without heart condition pregnant
00:15:40.079 --> 00:15:42.480
women normally do my heart was
00:15:42.480 --> 00:15:44.160
palpitating which is something that
00:15:44.160 --> 00:15:46.199
happens to a quarter to a third of all
00:15:46.199 --> 00:15:48.779
women who have babies some people are
00:15:48.779 --> 00:15:50.519
nodding in the audience because they've
00:15:50.519 --> 00:15:52.320
either experience this or know people
00:15:52.320 --> 00:15:53.699
who've experienced it it's very very
00:15:53.699 --> 00:15:57.380
common but because I had a defibrillator
00:15:57.380 --> 00:16:01.680
and I was palpitating my defibrillator
00:16:01.680 --> 00:16:03.660
thought that my palpitations were a
00:16:03.660 --> 00:16:05.820
dangerous Rhythm and that I needed to be
00:16:05.820 --> 00:16:08.639
shocked and so my defibrillator shocked
00:16:08.639 --> 00:16:09.380
me
00:16:09.380 --> 00:16:13.019
unnecessarily multiple times and the
00:16:13.019 --> 00:16:16.199
only way to stop it from unnecessarily
00:16:16.199 --> 00:16:18.240
treating me and shocking me over and
00:16:18.240 --> 00:16:21.060
over was to go on drugs to slow my heart
00:16:21.060 --> 00:16:22.440
rate down
00:16:22.440 --> 00:16:25.320
so I went on those drugs which were okay
00:16:25.320 --> 00:16:27.180
it was tough it was hard to walk up a
00:16:27.180 --> 00:16:28.380
flight of stairs
00:16:28.380 --> 00:16:30.899
um during that time but it was temporary
00:16:30.899 --> 00:16:34.380
I took those drugs it was fine and the
00:16:34.380 --> 00:16:36.060
baby was born being pregnant as a
00:16:36.060 --> 00:16:38.940
temporary condition and here we are but
00:16:38.940 --> 00:16:45.060
as I thought about it I realized that
00:16:45.060 --> 00:16:46.279
15
00:16:46.279 --> 00:16:49.259
of defibrillators go to people under the
00:16:49.259 --> 00:16:50.940
age of 65.
00:16:50.940 --> 00:16:56.639
only 15 percent and only 44 go to women
00:16:56.639 --> 00:17:00.060
so the set of people who are pregnant
00:17:00.060 --> 00:17:03.740
with defibrillators is teeny teeny tiny
00:17:03.740 --> 00:17:06.839
my use case was simply not something
00:17:06.839 --> 00:17:08.280
that was contemplated by the
00:17:08.280 --> 00:17:10.260
manufacturers of the device
00:17:10.260 --> 00:17:13.439
no one at the device manufacturer wanted
00:17:13.439 --> 00:17:16.559
pregnant people getting shocked what a
00:17:16.559 --> 00:17:18.600
nightmare right and nobody wants that
00:17:18.600 --> 00:17:20.459
you'll make medical devices to help
00:17:20.459 --> 00:17:23.280
people not to put them in trouble but I
00:17:23.280 --> 00:17:25.020
was an edge case something that hadn't
00:17:25.020 --> 00:17:27.660
been contemplated and consequently
00:17:27.660 --> 00:17:30.120
because my use case wasn't the primary
00:17:30.120 --> 00:17:32.820
use case I was out of luck there was
00:17:32.820 --> 00:17:35.280
nothing I could do I couldn't get
00:17:35.280 --> 00:17:36.720
together with all the other pregnant
00:17:36.720 --> 00:17:39.240
people and find out if we could adjust
00:17:39.240 --> 00:17:41.460
the algorithms on the software or take
00:17:41.460 --> 00:17:43.620
other precautions to try to evaluate if
00:17:43.620 --> 00:17:45.299
we could edit the software to make it
00:17:45.299 --> 00:17:46.440
different
00:17:46.440 --> 00:17:48.900
I just had to stick with whatever the
00:17:48.900 --> 00:17:51.720
device manufacturer told me and that was
00:17:51.720 --> 00:17:55.500
that and uh that helplessness made me
00:17:55.500 --> 00:17:58.020
realize that it wasn't just about the
00:17:58.020 --> 00:18:00.419
transparency and auditability of the
00:18:00.419 --> 00:18:04.200
source code but it is about power it is
00:18:04.200 --> 00:18:07.679
about control it is about the ability to
00:18:07.679 --> 00:18:10.380
do something about your own situation
00:18:10.380 --> 00:18:13.919
and having this having any software that
00:18:13.919 --> 00:18:16.740
you rely on isn't about whether
00:18:16.740 --> 00:18:19.140
something can go wrong it's about when
00:18:19.140 --> 00:18:21.120
it will go wrong I used to give talks
00:18:21.120 --> 00:18:22.380
about this and I used to have to give
00:18:22.380 --> 00:18:24.600
all of these examples of you know I had
00:18:24.600 --> 00:18:26.940
pictures of hacked cars and pictures of
00:18:26.940 --> 00:18:29.220
you know which had funny pictures of
00:18:29.220 --> 00:18:31.320
people who thought the car that thought
00:18:31.320 --> 00:18:32.700
it was in park but it was going 100
00:18:32.700 --> 00:18:35.220
miles an hour you know or whatever and
00:18:35.220 --> 00:18:37.679
all these examples new ones every year
00:18:37.679 --> 00:18:39.480
but I don't need to do that anymore
00:18:39.480 --> 00:18:42.539
because there are so many examples of
00:18:42.539 --> 00:18:47.520
software being controlled either through
00:18:47.520 --> 00:18:50.280
um security research for studies through
00:18:50.280 --> 00:18:53.280
actual malicious attacks or elsewhere in
00:18:53.280 --> 00:18:54.960
our society that I don't even need to
00:18:54.960 --> 00:18:56.520
establish it to you because we all know
00:18:56.520 --> 00:18:59.360
how dire it is and it is not about
00:18:59.360 --> 00:19:01.440
whether something will go wrong it's
00:19:01.440 --> 00:19:03.660
about what it will go wrong and what
00:19:03.660 --> 00:19:05.580
will we be able to do about it when it
00:19:05.580 --> 00:19:08.400
does will we have to wait for the
00:19:08.400 --> 00:19:11.039
company that has the problem to admit
00:19:11.039 --> 00:19:13.500
that there's an error and then try to
00:19:13.500 --> 00:19:15.299
figure out what's wrong or will we have
00:19:15.299 --> 00:19:17.820
control over that technology ourselves
00:19:17.820 --> 00:19:20.520
so that we can do something about it and
00:19:20.520 --> 00:19:22.500
build organizational structures to be
00:19:22.500 --> 00:19:25.740
able to to take action
00:19:25.740 --> 00:19:29.340
now again so many examples that come up
00:19:29.340 --> 00:19:31.980
every year one came up this last year
00:19:31.980 --> 00:19:33.660
that I wanted to highlight because it
00:19:33.660 --> 00:19:35.039
was so poignant
00:19:35.039 --> 00:19:36.780
um these are pictures of patients who
00:19:36.780 --> 00:19:39.960
had an implant called Second Sight
00:19:39.960 --> 00:19:43.200
um it was a an ocular implant that
00:19:43.200 --> 00:19:45.720
allowed people who previously had lost
00:19:45.720 --> 00:19:49.799
Vision to see not you know to see some
00:19:49.799 --> 00:19:51.419
range of vision
00:19:51.419 --> 00:19:56.880
um the um the person on your right was
00:19:56.880 --> 00:20:02.100
uh was uh was on the subway she recounts
00:20:02.100 --> 00:20:06.780
the day when her implant stopped working
00:20:06.780 --> 00:20:09.240
the company that made these devices
00:20:09.240 --> 00:20:11.520
second site
00:20:11.520 --> 00:20:14.340
had run out of funding it was a startup
00:20:14.340 --> 00:20:16.140
it was very promising and had early
00:20:16.140 --> 00:20:19.440
investment but ultimately it did not
00:20:19.440 --> 00:20:22.740
have financial support and so the
00:20:22.740 --> 00:20:25.620
software updates stopped coming and that
00:20:25.620 --> 00:20:27.539
Hardware stopped working
00:20:27.539 --> 00:20:31.080
people who could see could no longer see
00:20:31.080 --> 00:20:34.200
these people have devices implanted in
00:20:34.200 --> 00:20:36.600
their bodies they have implants in their
00:20:36.600 --> 00:20:39.900
eyes that it is dangerous to remove that
00:20:39.900 --> 00:20:42.539
do nothing because they can't be updated
00:20:42.539 --> 00:20:45.419
or and can't be repaired
00:20:45.419 --> 00:20:47.640
and what's fascinating about it is that
00:20:47.640 --> 00:20:51.120
these devices could absolutely work if
00:20:51.120 --> 00:20:54.240
they can only have access to the
00:20:54.240 --> 00:20:56.520
software if they could only update it
00:20:56.520 --> 00:21:00.179
and uh it's not just this one company's
00:21:00.179 --> 00:21:02.340
experience the same thing has happened
00:21:02.340 --> 00:21:05.340
in other areas Cochlear implants there
00:21:05.340 --> 00:21:07.140
is a whole range of medical devices
00:21:07.140 --> 00:21:09.480
where this has happened where startups
00:21:09.480 --> 00:21:11.400
have developed exciting promising new
00:21:11.400 --> 00:21:14.940
technology and then relied on VC and
00:21:14.940 --> 00:21:18.600
other investment and has you know those
00:21:18.600 --> 00:21:21.240
patients are just abandoned you could
00:21:21.240 --> 00:21:24.840
have a whole other talk on standards and
00:21:24.840 --> 00:21:27.360
how the the hardware component and and
00:21:27.360 --> 00:21:29.720
other kinds of communication components
00:21:29.720 --> 00:21:32.659
absolutely need to be standardized
00:21:32.659 --> 00:21:35.460
but the software component is one
00:21:35.460 --> 00:21:37.860
important piece of this and it's not
00:21:37.860 --> 00:21:40.740
just this tremendous number of medical
00:21:40.740 --> 00:21:44.340
devices that are in this situation it's
00:21:44.340 --> 00:21:46.679
almost every other device I like talking
00:21:46.679 --> 00:21:48.900
about my medical device because it's
00:21:48.900 --> 00:21:51.059
deeply personal I can tell you my
00:21:51.059 --> 00:21:52.440
experience and I can tell you what I
00:21:52.440 --> 00:21:54.960
know but it's also a really easy
00:21:54.960 --> 00:21:58.140
metaphor it's so critical to my life
00:21:58.140 --> 00:22:00.480
it's literally sewn into my body and
00:22:00.480 --> 00:22:02.220
screwed into my heart
00:22:02.220 --> 00:22:04.320
but it's not the only software that I
00:22:04.320 --> 00:22:07.440
rely on every day and the thing is that
00:22:07.440 --> 00:22:09.780
we don't even know which software is
00:22:09.780 --> 00:22:11.460
going to be our most critical software
00:22:11.460 --> 00:22:14.280
we don't know what software we're going
00:22:14.280 --> 00:22:15.480
to rely on that is going to fail because
00:22:15.480 --> 00:22:19.080
we rely on so much software for every
00:22:19.080 --> 00:22:21.240
part of our life lives for our most
00:22:21.240 --> 00:22:24.780
intimate Communications for our banking
00:22:24.780 --> 00:22:27.960
for everything and we are not in control
00:22:27.960 --> 00:22:29.520
as
00:22:29.520 --> 00:22:34.380
as individuals as a public of a vast
00:22:34.380 --> 00:22:37.440
majority of that software
00:22:37.440 --> 00:22:40.440
um so uh and and one of the things that
00:22:40.440 --> 00:22:43.020
really astounds me is that a lot of
00:22:43.020 --> 00:22:45.299
companies that are Distributing their
00:22:45.299 --> 00:22:48.299
software are doing so without ever
00:22:48.299 --> 00:22:50.940
having the source code of the software
00:22:50.940 --> 00:22:52.919
that they ship themselves so they have a
00:22:52.919 --> 00:22:54.600
vendor that gives them the software they
00:22:54.600 --> 00:22:56.580
put it on their products they get it out
00:22:56.580 --> 00:22:58.919
into market and
00:22:58.919 --> 00:23:00.720
even if there's a problem those
00:23:00.720 --> 00:23:02.580
companies can't do anything about it and
00:23:02.580 --> 00:23:05.280
so we're left with we're we're left with
00:23:05.280 --> 00:23:06.539
the short end of the stick we're left
00:23:06.539 --> 00:23:09.720
with these devices that don't work and
00:23:09.720 --> 00:23:12.539
um and with uh with software that can't
00:23:12.539 --> 00:23:14.940
be adjusted to our use
00:23:14.940 --> 00:23:16.620
so
00:23:16.620 --> 00:23:19.919
free and open source software is an
00:23:19.919 --> 00:23:22.080
alternative to this because if we had
00:23:22.080 --> 00:23:24.179
access to the source code if we had
00:23:24.179 --> 00:23:26.340
access to that software we would be able
00:23:26.340 --> 00:23:28.260
to change that software we would be able
00:23:28.260 --> 00:23:31.380
to get together even if you are not a
00:23:31.380 --> 00:23:33.240
developer yourself even if you're not
00:23:33.240 --> 00:23:34.980
technical you could work with other
00:23:34.980 --> 00:23:36.980
people to do it you could hire someone
00:23:36.980 --> 00:23:40.980
even if I wanted to hire even if I were
00:23:40.980 --> 00:23:43.320
very wealthy and wanted to hire a
00:23:43.320 --> 00:23:45.539
medical professional to customize my
00:23:45.539 --> 00:23:47.880
defibrillator for me I would be unable
00:23:47.880 --> 00:23:49.320
to do it
00:23:49.320 --> 00:23:53.700
so with free and open source software
00:23:53.700 --> 00:23:56.159
we have a chance free and open source
00:23:56.159 --> 00:23:57.720
software it's funny advocating for
00:23:57.720 --> 00:24:00.299
software freedom is tough because I
00:24:00.299 --> 00:24:02.460
can't say that open source software is
00:24:02.460 --> 00:24:03.480
better
00:24:03.480 --> 00:24:04.679
can't say that free software There's
00:24:04.679 --> 00:24:06.780
Something Magic about free software
00:24:06.780 --> 00:24:08.880
where if you publish it it's going to be
00:24:08.880 --> 00:24:10.740
you're going to have a better experience
00:24:10.740 --> 00:24:13.020
it will be safer or better or faster or
00:24:13.020 --> 00:24:15.539
more reliable but what I can say is that
00:24:15.539 --> 00:24:16.860
with free and open source software it
00:24:16.860 --> 00:24:18.960
has a chance we can test it and we can
00:24:18.960 --> 00:24:20.460
do something about it when things go
00:24:20.460 --> 00:24:21.419
wrong
00:24:21.419 --> 00:24:25.260
and so uh
00:24:25.260 --> 00:24:27.440
copy lifted software
00:24:27.440 --> 00:24:30.539
in particular where
00:24:30.539 --> 00:24:34.380
we have this this snowballing nature
00:24:34.380 --> 00:24:36.960
right copy left at software is software
00:24:36.960 --> 00:24:38.700
where if you're if companies are
00:24:38.700 --> 00:24:40.620
Distributing that software they have to
00:24:40.620 --> 00:24:43.640
provide this the source code when asked
00:24:43.640 --> 00:24:46.500
and those rights
00:24:46.500 --> 00:24:50.360
um uh travel with the software and so
00:24:50.360 --> 00:24:53.940
there's copy lifted software in actually
00:24:53.940 --> 00:24:56.460
a ton of devices that are in the market
00:24:56.460 --> 00:24:58.980
you basically can't go anywhere or do
00:24:58.980 --> 00:25:01.080
anything without encountering something
00:25:01.080 --> 00:25:04.140
that has Linux in it right like raise
00:25:04.140 --> 00:25:07.500
your hand if you have an Android phone
00:25:07.500 --> 00:25:10.140
it's like three quarters of the audience
00:25:10.140 --> 00:25:12.419
all right I want out the Apple people
00:25:12.419 --> 00:25:14.640
but you know who you are
00:25:14.640 --> 00:25:18.659
um so uh uh and again it's not
00:25:18.659 --> 00:25:20.880
necessarily that one is is better than
00:25:20.880 --> 00:25:23.100
the other like some devices that are
00:25:23.100 --> 00:25:25.620
proprietary may be more secure right now
00:25:25.620 --> 00:25:28.380
they may be you know they they may have
00:25:28.380 --> 00:25:30.900
features that um that products that are
00:25:30.900 --> 00:25:32.940
based with more free and open source
00:25:32.940 --> 00:25:35.520
software products don't have but over
00:25:35.520 --> 00:25:36.720
time
00:25:36.720 --> 00:25:39.299
we are stuck not being able to make them
00:25:39.299 --> 00:25:41.760
the way we want them to be because they
00:25:41.760 --> 00:25:43.620
are proprietary and they're a complete
00:25:43.620 --> 00:25:45.179
Black Box to us
00:25:45.179 --> 00:25:48.720
so the Linux kernel and other free and
00:25:48.720 --> 00:25:50.220
open source software products are
00:25:50.220 --> 00:25:52.679
software is on more than 80 of mobile
00:25:52.679 --> 00:25:54.299
devices if you count the Android market
00:25:54.299 --> 00:25:56.820
and 90 of super computers in New York
00:25:56.820 --> 00:25:59.640
Stock Exchange runs on it it's basically
00:25:59.640 --> 00:26:03.000
and everywhere it's also in TVs and um
00:26:03.000 --> 00:26:05.059
every product if you go into a lot of
00:26:05.059 --> 00:26:07.740
kitchens and homes you'll find lots and
00:26:07.740 --> 00:26:10.080
lots of devices now I mentioned TVs
00:26:10.080 --> 00:26:11.580
because
00:26:11.580 --> 00:26:14.580
um this is a Vizio TV
00:26:14.580 --> 00:26:16.799
um and uh
00:26:16.799 --> 00:26:18.860
software Freedom Conservancy sued them
00:26:18.860 --> 00:26:21.720
and the reason that we sued them was
00:26:21.720 --> 00:26:24.779
because we wanted to use
00:26:24.779 --> 00:26:28.440
some Vizio TVs and they have copy left
00:26:28.440 --> 00:26:31.200
it software in it so we wanted to use
00:26:31.200 --> 00:26:33.360
those TVs for a variety of things we
00:26:33.360 --> 00:26:34.320
have a few
00:26:34.320 --> 00:26:35.600
um uh
00:26:35.600 --> 00:26:37.620
some grants that we had written that
00:26:37.620 --> 00:26:39.779
we'd hope to be able to use these these
00:26:39.779 --> 00:26:44.539
TVs for but when we when we got the TVs
00:26:44.539 --> 00:26:48.480
we uh well we first got TV
00:26:48.480 --> 00:26:50.520
well we've got the original we were just
00:26:50.520 --> 00:26:53.039
like got some Vizio TVs and they had no
00:26:53.039 --> 00:26:55.620
um no uh no Source or an offer for
00:26:55.620 --> 00:26:57.360
source and we worked with Vizio to try
00:26:57.360 --> 00:26:59.100
to get into compliance
00:26:59.100 --> 00:27:01.980
um and uh after years of talking to them
00:27:01.980 --> 00:27:04.080
um they had provided some incomplete
00:27:04.080 --> 00:27:05.520
source code but had not come into
00:27:05.520 --> 00:27:07.799
compliance yet and years later when we
00:27:07.799 --> 00:27:09.659
went to buy some more TVs to do the
00:27:09.659 --> 00:27:12.360
product project we wanted to do they had
00:27:12.360 --> 00:27:13.380
no
00:27:13.380 --> 00:27:15.720
Source or offer for source so copyleft
00:27:15.720 --> 00:27:17.640
licenses require that you either have to
00:27:17.640 --> 00:27:19.440
provide the source code along with the
00:27:19.440 --> 00:27:21.000
distribution so if you buy a TV it's got
00:27:21.000 --> 00:27:23.159
to have the source code on it and if it
00:27:23.159 --> 00:27:24.779
doesn't have the source code then you
00:27:24.779 --> 00:27:26.220
have to at least provide an offer you
00:27:26.220 --> 00:27:27.960
have to tell people that it's there and
00:27:27.960 --> 00:27:29.159
you have to tell them how they can get
00:27:29.159 --> 00:27:30.480
it
00:27:30.480 --> 00:27:33.419
um and these TVs didn't have
00:27:33.419 --> 00:27:35.220
either
00:27:35.220 --> 00:27:38.039
um so even after us having talked to
00:27:38.039 --> 00:27:39.779
them they were just flagrantly ignoring
00:27:39.779 --> 00:27:42.179
their obligations and so we at software
00:27:42.179 --> 00:27:44.580
Freedom Conservancy filed a lawsuit
00:27:44.580 --> 00:27:46.799
but this lawsuit that we filed was a
00:27:46.799 --> 00:27:49.020
consumer rights lawsuit
00:27:49.020 --> 00:27:52.320
the lawsuit was basically uh we we filed
00:27:52.320 --> 00:27:55.860
it as a purchaser of televisions which
00:27:55.860 --> 00:27:58.919
uh with respect to copy left licensing I
00:27:58.919 --> 00:28:00.960
think has never been done before and we
00:28:00.960 --> 00:28:05.700
said that because the license the um the
00:28:05.700 --> 00:28:09.059
licenses of the software on the TVs
00:28:09.059 --> 00:28:11.460
gives rights to third parties it says
00:28:11.460 --> 00:28:15.539
that the um uh that all third parties
00:28:15.539 --> 00:28:18.000
will have a have a right where you have
00:28:18.000 --> 00:28:19.740
to make sure that they receive or can
00:28:19.740 --> 00:28:21.960
get the source code and that you must
00:28:21.960 --> 00:28:24.480
show them the um these terms so that
00:28:24.480 --> 00:28:26.640
they know that they have this right
00:28:26.640 --> 00:28:30.539
um and so our lawsuit says that um that
00:28:30.539 --> 00:28:32.460
because we have this right they have to
00:28:32.460 --> 00:28:35.760
give us the source code which is also a
00:28:35.760 --> 00:28:37.320
a third it's called third party
00:28:37.320 --> 00:28:39.960
beneficiary in in the United States and
00:28:39.960 --> 00:28:42.000
it's a contract law claim rather than a
00:28:42.000 --> 00:28:43.679
copyright claim
00:28:43.679 --> 00:28:46.200
um and we uh we asked for what we call
00:28:46.200 --> 00:28:49.559
specific performance which is uh when
00:28:49.559 --> 00:28:52.200
you bring a lawsuit you can ask for
00:28:52.200 --> 00:28:54.240
um for money usually you can say look
00:28:54.240 --> 00:28:56.760
I've been injured here somebody wronged
00:28:56.760 --> 00:28:59.760
me and uh and the way to handle it is
00:28:59.760 --> 00:29:01.620
that they need to compensate me and most
00:29:01.620 --> 00:29:03.779
consumer rights lawsuits that you hear
00:29:03.779 --> 00:29:05.760
about are class actions where they get
00:29:05.760 --> 00:29:07.500
settlements and everybody gets a payout
00:29:07.500 --> 00:29:10.380
of ten dollars or whatever but the
00:29:10.380 --> 00:29:12.659
amount in whole is great because it it's
00:29:12.659 --> 00:29:14.340
a big penalty overall and it gets
00:29:14.340 --> 00:29:16.620
companies to change but what we're
00:29:16.620 --> 00:29:18.720
asking for is a little bit different in
00:29:18.720 --> 00:29:20.700
this case it's a contract case and what
00:29:20.700 --> 00:29:23.399
we're asking for is the actual excuse me
00:29:23.399 --> 00:29:25.740
the actual software itself
00:29:25.740 --> 00:29:26.580
um
00:29:26.580 --> 00:29:28.679
so uh so we want the complete and
00:29:28.679 --> 00:29:30.299
corresponding source code which is what
00:29:30.299 --> 00:29:31.860
the license says that we're able to do
00:29:31.860 --> 00:29:33.779
and the script we should be able to get
00:29:33.779 --> 00:29:35.580
and the scripts to control compilation
00:29:35.580 --> 00:29:38.159
and installation so we should be able to
00:29:38.159 --> 00:29:39.840
replace the software on the TV the
00:29:39.840 --> 00:29:42.299
license says so and we want to do it and
00:29:42.299 --> 00:29:45.179
Vizio didn't even provide any offer for
00:29:45.179 --> 00:29:46.799
Source or the source itself
00:29:46.799 --> 00:29:51.059
and so uh Vizio tried to try to get rid
00:29:51.059 --> 00:29:52.559
of it by saying oh these people at
00:29:52.559 --> 00:29:54.360
software Freedom Conservancy they're
00:29:54.360 --> 00:29:56.039
really bringing a copyright case but
00:29:56.039 --> 00:29:58.320
they're doing all this tap dancing to
00:29:58.320 --> 00:30:01.440
make it seem like a contract case but so
00:30:01.440 --> 00:30:03.179
they removed it to
00:30:03.179 --> 00:30:04.860
um to federal court in the United States
00:30:04.860 --> 00:30:07.200
and the federal judge said actually
00:30:07.200 --> 00:30:09.419
these people have a claim this is cut
00:30:09.419 --> 00:30:12.059
this this sounds reasonable so it's been
00:30:12.059 --> 00:30:13.860
romantic back to State Court this stuff
00:30:13.860 --> 00:30:16.200
takes forever it'll probably be a long
00:30:16.200 --> 00:30:17.940
time before there's any resolution or
00:30:17.940 --> 00:30:19.620
movement in it but I wanted to talk
00:30:19.620 --> 00:30:21.539
about it because we're bringing these
00:30:21.539 --> 00:30:25.200
novel actions to connect the fact that
00:30:25.200 --> 00:30:27.899
um that people have to think about their
00:30:27.899 --> 00:30:30.360
technology in terms of how it impacts
00:30:30.360 --> 00:30:32.580
them and their lives that we have to
00:30:32.580 --> 00:30:34.860
recognize that for millions of devices
00:30:34.860 --> 00:30:37.799
we already have a right to see the
00:30:37.799 --> 00:30:40.080
source code on those devices it's there
00:30:40.080 --> 00:30:43.200
it's already there we just have to ask
00:30:43.200 --> 00:30:46.500
for it and we just have to use it and
00:30:46.500 --> 00:30:48.360
it's you know we used to have this is
00:30:48.360 --> 00:30:51.299
like a real like old school I like this
00:30:51.299 --> 00:30:52.860
picture because it reminds me of like an
00:30:52.860 --> 00:30:55.260
old America you know right like and it's
00:30:55.260 --> 00:30:58.260
like this dilapidated TV repair shop I
00:30:58.260 --> 00:31:00.720
remember when there were TV repair shops
00:31:00.720 --> 00:31:03.240
like in every couple of blocks in New
00:31:03.240 --> 00:31:05.340
York I remember where people you'd have
00:31:05.340 --> 00:31:07.200
to have it close because TVs were heavy
00:31:07.200 --> 00:31:08.880
and there were so many people who needed
00:31:08.880 --> 00:31:10.260
their TVs repaired that you would see
00:31:10.260 --> 00:31:12.360
these all over now you don't see TV
00:31:12.360 --> 00:31:14.940
repair shops at all and the reason is is
00:31:14.940 --> 00:31:16.559
that when they break it's often the
00:31:16.559 --> 00:31:19.080
software that isn't working and people
00:31:19.080 --> 00:31:22.440
say uh it's dead
00:31:22.440 --> 00:31:24.179
we need a new TV
00:31:24.179 --> 00:31:26.159
uh my phone stopped working I need a new
00:31:26.159 --> 00:31:28.919
phone and so we're throwing all of these
00:31:28.919 --> 00:31:30.899
devices that are perfectly serviceable
00:31:30.899 --> 00:31:32.279
if we could just
00:31:32.279 --> 00:31:36.059
update the software into landfill
00:31:36.059 --> 00:31:38.760
and companies are often deliberately not
00:31:38.760 --> 00:31:41.640
updating their old devices to get us to
00:31:41.640 --> 00:31:44.520
buy new devices when the old devices
00:31:44.520 --> 00:31:46.860
work great we just don't have any right
00:31:46.860 --> 00:31:48.720
to replace the software that came on
00:31:48.720 --> 00:31:50.399
them but
00:31:50.399 --> 00:31:53.159
the trick is that for the vast majority
00:31:53.159 --> 00:31:55.380
of these devices we actually do have a
00:31:55.380 --> 00:31:57.360
right we just don't know about it and we
00:31:57.360 --> 00:31:59.880
just don't exercise it
00:31:59.880 --> 00:32:02.399
now it can be different this is a
00:32:02.399 --> 00:32:05.220
picture of a um of a router because
00:32:05.220 --> 00:32:07.980
there's a project called open wrt and
00:32:07.980 --> 00:32:10.799
that project was a result it's a it's a
00:32:10.799 --> 00:32:12.240
free and open source software project
00:32:12.240 --> 00:32:14.220
and that project came out of oh open
00:32:14.220 --> 00:32:15.659
writ people
00:32:15.659 --> 00:32:16.799
um fans
00:32:16.799 --> 00:32:22.200
um so uh that that project came out of a
00:32:22.200 --> 00:32:23.159
um
00:32:23.159 --> 00:32:26.700
uh a lawsuit seeking the source code and
00:32:26.700 --> 00:32:28.740
when the source code it was it was a
00:32:28.740 --> 00:32:30.360
product of a settle of a settlement and
00:32:30.360 --> 00:32:33.059
when the source code came out a whole
00:32:33.059 --> 00:32:33.899
product
00:32:33.899 --> 00:32:37.140
uh was born and now loads and loads of
00:32:37.140 --> 00:32:38.580
people can replace the software on their
00:32:38.580 --> 00:32:39.899
routers and there's a really Vibrant
00:32:39.899 --> 00:32:42.059
Community and in fact it's been good for
00:32:42.059 --> 00:32:44.460
some router manufacturers to make sure
00:32:44.460 --> 00:32:48.360
that their routers are are able to have
00:32:48.360 --> 00:32:50.940
uh are compatible with open wrt because
00:32:50.940 --> 00:32:52.620
people seek it out and so there's a
00:32:52.620 --> 00:32:54.179
there's a business case for it in
00:32:54.179 --> 00:32:56.100
addition and there are other projects
00:32:56.100 --> 00:32:58.140
like this um open wrt is a software
00:32:58.140 --> 00:32:59.760
Freedom Conservancy member project so I
00:32:59.760 --> 00:33:01.320
had to highlight them but there are
00:33:01.320 --> 00:33:03.059
other projects as well that are like
00:33:03.059 --> 00:33:04.020
this
00:33:04.020 --> 00:33:04.980
um
00:33:04.980 --> 00:33:08.640
so it's you know it's it we don't
00:33:08.640 --> 00:33:11.940
necessarily have to just rely on the
00:33:11.940 --> 00:33:13.919
device manufacturers to be the source of
00:33:13.919 --> 00:33:16.080
the software that runs on them raise
00:33:16.080 --> 00:33:17.340
your hand if you've replaced the
00:33:17.340 --> 00:33:19.500
software on a device with a free and
00:33:19.500 --> 00:33:21.720
open source software operating system or
00:33:21.720 --> 00:33:23.820
software of any kind yeah it's like a
00:33:23.820 --> 00:33:25.440
third of the uh like a quarter or a
00:33:25.440 --> 00:33:27.059
third of the audience which is really
00:33:27.059 --> 00:33:28.380
exciting
00:33:28.380 --> 00:33:31.140
um and it's so exciting and Powerful to
00:33:31.140 --> 00:33:32.760
do that because
00:33:32.760 --> 00:33:37.140
well it changes everything often at the
00:33:37.140 --> 00:33:39.419
point where you're in now you're trading
00:33:39.419 --> 00:33:41.399
off some features you might not be able
00:33:41.399 --> 00:33:42.840
to do everything that you could do
00:33:42.840 --> 00:33:45.539
before but you get to decide what
00:33:45.539 --> 00:33:47.159
software you put on it you get to decide
00:33:47.159 --> 00:33:48.179
if you're going to put some of the
00:33:48.179 --> 00:33:50.640
proprietary stuff on it or you decide if
00:33:50.640 --> 00:33:51.960
you're going to keep you know try to
00:33:51.960 --> 00:33:53.940
make as much free and open as you
00:33:53.940 --> 00:33:56.820
possibly can and you decide when and how
00:33:56.820 --> 00:33:58.500
it gets updated some of these projects
00:33:58.500 --> 00:34:00.120
automatically update and that's really
00:34:00.120 --> 00:34:03.299
wonderful for security updates
00:34:03.299 --> 00:34:06.299
um now I I wanted to talk a go back to
00:34:06.299 --> 00:34:08.940
my medical device situation a little bit
00:34:08.940 --> 00:34:10.320
um this is a picture of me it's an old
00:34:10.320 --> 00:34:13.020
picture of me getting my old device
00:34:13.020 --> 00:34:15.000
interrogated
00:34:15.000 --> 00:34:17.639
um and uh and interrogated is basically
00:34:17.639 --> 00:34:19.679
the word they use which is actually it
00:34:19.679 --> 00:34:22.379
sounds very like old spy movie like I'm
00:34:22.379 --> 00:34:25.080
going to interrogate your device but um
00:34:25.080 --> 00:34:27.599
it it just means that it's the reading
00:34:27.599 --> 00:34:29.639
of the device by a piece of equipment
00:34:29.639 --> 00:34:32.460
called a programmer the terminology is
00:34:32.460 --> 00:34:34.619
so confusing but uh but the device that
00:34:34.619 --> 00:34:37.080
reads it is called a programmer and the
00:34:37.080 --> 00:34:39.599
programmer gets the information those
00:34:39.599 --> 00:34:41.580
are have shown to be totally insecure
00:34:41.580 --> 00:34:44.040
also where people have sold programmers
00:34:44.040 --> 00:34:46.080
to the like into the market from
00:34:46.080 --> 00:34:48.659
hospitals that had thousands of patients
00:34:48.659 --> 00:34:53.159
data on them um fascinating stuff but in
00:34:53.159 --> 00:34:54.659
in this instance
00:34:54.659 --> 00:34:57.180
um I wanted to highlight the fact that
00:34:57.180 --> 00:35:00.240
um that my medical saga continues and
00:35:00.240 --> 00:35:02.580
that every time that I have something
00:35:02.580 --> 00:35:04.560
new in my life I realize there are a
00:35:04.560 --> 00:35:06.119
whole aspects of this that need to be
00:35:06.119 --> 00:35:09.560
explored so this week before I came here
00:35:09.560 --> 00:35:12.240
I realized that I needed to find out
00:35:12.240 --> 00:35:13.440
something urgently about my
00:35:13.440 --> 00:35:14.839
defibrillator
00:35:14.839 --> 00:35:16.859
and so I needed to get my device
00:35:16.859 --> 00:35:19.740
interrogated but when I got my device
00:35:19.740 --> 00:35:22.500
replaced the last time which is right
00:35:22.500 --> 00:35:25.440
when this picture was taken I was really
00:35:25.440 --> 00:35:27.839
concerned with the possibility that my
00:35:27.839 --> 00:35:29.820
device would be maliciously hacked I
00:35:29.820 --> 00:35:33.000
told you about my work on outreachy
00:35:33.000 --> 00:35:35.400
a lot of people don't like work on
00:35:35.400 --> 00:35:39.420
diversity programs they they think that
00:35:39.420 --> 00:35:43.140
they are misguided and despite the fact
00:35:43.140 --> 00:35:47.300
that that the
00:35:47.300 --> 00:35:51.839
studies show the impact that um that
00:35:51.839 --> 00:35:53.940
underrepresentation has in the field and
00:35:53.940 --> 00:35:56.640
despite the fact that the tech industry
00:35:56.640 --> 00:36:00.240
is very obviously misrepresented
00:36:00.240 --> 00:36:03.420
um the people are it's a very polarizing
00:36:03.420 --> 00:36:05.820
issue and so I I've actually had a lot
00:36:05.820 --> 00:36:07.980
of threats related to my work on this
00:36:07.980 --> 00:36:12.480
including rape and death threat
00:36:12.480 --> 00:36:14.040
um and I'd like to not think about it
00:36:14.040 --> 00:36:18.300
too often but in getting a new device I
00:36:18.300 --> 00:36:21.359
um I did not want these my device to do
00:36:21.359 --> 00:36:23.880
what all of these devices do which is to
00:36:23.880 --> 00:36:26.900
broadcast incessantly all of the time
00:36:26.900 --> 00:36:29.460
and previously without very good
00:36:29.460 --> 00:36:32.280
encryption especially earlier on and so
00:36:32.280 --> 00:36:35.339
we're security protection and so I got
00:36:35.339 --> 00:36:38.339
the one device that was available in the
00:36:38.339 --> 00:36:41.520
U.S market where you could switch off
00:36:41.520 --> 00:36:43.680
the remote Telemetry the broadcasting
00:36:43.680 --> 00:36:45.480
component I got the only one device I
00:36:45.480 --> 00:36:47.520
called all the device manufacturers I
00:36:47.520 --> 00:36:49.380
had a great nurse practitioner who
00:36:49.380 --> 00:36:51.240
helped me out she and I sat in a
00:36:51.240 --> 00:36:52.500
conference room and we called all of the
00:36:52.500 --> 00:36:55.079
device manufacturers biotronic was the
00:36:55.079 --> 00:36:57.599
most hilarious because they said oh you
00:36:57.599 --> 00:36:59.280
don't have to worry about ours our
00:36:59.280 --> 00:37:02.040
device is hack proof and I was like
00:37:02.040 --> 00:37:04.320
really biochronic why do you think that
00:37:04.320 --> 00:37:06.839
you're hack proof oh because
00:37:06.839 --> 00:37:08.579
Medtronic has been shown to be
00:37:08.579 --> 00:37:11.339
vulnerable and uh Saint Jude has been
00:37:11.339 --> 00:37:13.320
shown to be you know uh guidance has
00:37:13.320 --> 00:37:15.119
been shown to be vulnerable but we've
00:37:15.119 --> 00:37:16.079
never I was like well that's because
00:37:16.079 --> 00:37:18.180
you're the fourth size and when people
00:37:18.180 --> 00:37:20.880
are showing the vulnerability of these
00:37:20.880 --> 00:37:22.200
devices they're not going to go with the
00:37:22.200 --> 00:37:23.460
fourth most popular they're going to go
00:37:23.460 --> 00:37:25.440
with the most popular could you send me
00:37:25.440 --> 00:37:28.020
some devices and I'll I'll get some
00:37:28.020 --> 00:37:29.760
volunteers and we'll test it I'm still
00:37:29.760 --> 00:37:31.380
waiting
00:37:31.380 --> 00:37:33.540
um but uh but I didn't get a biotronic
00:37:33.540 --> 00:37:35.579
device I got a device manufacturer that
00:37:35.579 --> 00:37:37.680
that I could switch off the radio
00:37:37.680 --> 00:37:39.839
telemetry so my device is not
00:37:39.839 --> 00:37:41.640
broadcasting which means that I can't
00:37:41.640 --> 00:37:44.579
use like um uh like they have a lot of
00:37:44.579 --> 00:37:45.960
black boxes that people can have in
00:37:45.960 --> 00:37:47.700
their homes that will monitor their
00:37:47.700 --> 00:37:49.020
devices
00:37:49.020 --> 00:37:50.820
um but it also means that when I got
00:37:50.820 --> 00:37:53.280
this device that company is a very large
00:37:53.280 --> 00:37:55.079
European company with a very small
00:37:55.079 --> 00:37:56.760
presence in the United States but they
00:37:56.760 --> 00:37:58.320
were very present in the United States
00:37:58.320 --> 00:38:00.359
when I got my device
00:38:00.359 --> 00:38:02.160
um and it was great because it's a very
00:38:02.160 --> 00:38:05.400
high quality device and when I got it uh
00:38:05.400 --> 00:38:07.980
I got it years ago and it still has
00:38:07.980 --> 00:38:10.460
enough battery life for 10 to 15 years
00:38:10.460 --> 00:38:13.500
which is a very long time and it's very
00:38:13.500 --> 00:38:15.359
exciting because it means I won't need
00:38:15.359 --> 00:38:17.760
surgery for that period of time so that
00:38:17.760 --> 00:38:20.880
would be just wonderful however when I
00:38:20.880 --> 00:38:23.040
needed to get my device interrogated I
00:38:23.040 --> 00:38:26.119
found out that the device
00:38:26.119 --> 00:38:29.400
manufacturer representative who is the
00:38:29.400 --> 00:38:33.119
one who has this programmer in New York
00:38:33.119 --> 00:38:35.220
had gone out of the country
00:38:35.220 --> 00:38:38.880
and guess what there was no backup rep
00:38:38.880 --> 00:38:41.280
no one there was literally nowhere I
00:38:41.280 --> 00:38:43.740
could go in New York City some hospitals
00:38:43.740 --> 00:38:45.300
have the devices but none of them were
00:38:45.300 --> 00:38:47.400
available for me to go to
00:38:47.400 --> 00:38:50.099
I could not get the information off of
00:38:50.099 --> 00:38:53.160
my defibrillator I just was out of luck
00:38:53.160 --> 00:38:55.440
and I was just suddenly put in that same
00:38:55.440 --> 00:38:57.900
position as those Vision patients I
00:38:57.900 --> 00:38:59.520
could really feel I mean it's very
00:38:59.520 --> 00:39:01.200
different situation I'm still functional
00:39:01.200 --> 00:39:04.680
it's a or I mean I still my heart is
00:39:04.680 --> 00:39:06.900
still is not completely reliant on this
00:39:06.900 --> 00:39:09.300
defibrillator it's preventative but I I
00:39:09.300 --> 00:39:12.060
could unders I could taste that how how
00:39:12.060 --> 00:39:15.420
hard that is and the realization that I
00:39:15.420 --> 00:39:18.780
may need to get surgery to replace a
00:39:18.780 --> 00:39:20.760
perfectly functional device simply
00:39:20.760 --> 00:39:23.160
because this manufacturer has decreased
00:39:23.160 --> 00:39:24.960
their presence what good is a
00:39:24.960 --> 00:39:28.320
defibrillator if if it can't be if you
00:39:28.320 --> 00:39:29.760
can't get the information you need when
00:39:29.760 --> 00:39:32.339
you need it it's not um it's not all
00:39:32.339 --> 00:39:33.720
Bleak it's really fascinating there's
00:39:33.720 --> 00:39:35.040
some really excellent work that's been
00:39:35.040 --> 00:39:36.980
happening in the insulin pump space
00:39:36.980 --> 00:39:40.680
where people have actually exploited old
00:39:40.680 --> 00:39:42.960
insulin pumps and the fact that they
00:39:42.960 --> 00:39:45.300
have a security vulnerability and they
00:39:45.300 --> 00:39:47.880
use it to create another device that
00:39:47.880 --> 00:39:50.099
talks to their insulin pump to deliver
00:39:50.099 --> 00:39:52.740
insulin in a much more precise Way open
00:39:52.740 --> 00:39:55.079
API yes and it's a really amazing
00:39:55.079 --> 00:39:58.760
movement and so I want to like you know
00:39:58.760 --> 00:40:01.140
amazing things happen when you let
00:40:01.140 --> 00:40:03.240
patients actually take control of their
00:40:03.240 --> 00:40:05.700
devices the stories in the insulin Pub
00:40:05.700 --> 00:40:09.000
space are amazing because there are kids
00:40:09.000 --> 00:40:11.460
that have insulin pumps whose parents
00:40:11.460 --> 00:40:13.859
are Technical and are able to precisely
00:40:13.859 --> 00:40:16.560
monitor their insulin delivery one story
00:40:16.560 --> 00:40:20.760
that I heard was a kid who uh who had
00:40:20.760 --> 00:40:23.400
gone to the nurse's office at school
00:40:23.400 --> 00:40:25.980
almost every day for a whole Academic
00:40:25.980 --> 00:40:29.460
Year and then after using this was only
00:40:29.460 --> 00:40:31.680
in the nurse's office like three or four
00:40:31.680 --> 00:40:34.680
times it's the amazing stuff and it this
00:40:34.680 --> 00:40:36.480
is life life changing right and this is
00:40:36.480 --> 00:40:38.339
what happens when we allow patients to
00:40:38.339 --> 00:40:40.619
engage in their care and allow people to
00:40:40.619 --> 00:40:42.780
control their technology and as I said
00:40:42.780 --> 00:40:44.400
it's not just medical devices medical
00:40:44.400 --> 00:40:46.560
devices are poignant but we have all of
00:40:46.560 --> 00:40:49.200
these ways that we can take control of
00:40:49.200 --> 00:40:50.339
our technology if we have the
00:40:50.339 --> 00:40:52.980
opportunity we can get together and we
00:40:52.980 --> 00:40:56.220
can form the um the organizations that
00:40:56.220 --> 00:40:58.500
can do this work we don't have to rely
00:40:58.500 --> 00:41:00.839
on these particular companies who like
00:41:00.839 --> 00:41:03.060
my medical medical device manufacturer
00:41:03.060 --> 00:41:06.480
may just not be tuned into are concern
00:41:06.480 --> 00:41:08.880
we may be in a part of the world where
00:41:08.880 --> 00:41:10.500
that company doesn't really have an
00:41:10.500 --> 00:41:12.599
interest or doesn't have expertise
00:41:12.599 --> 00:41:15.180
we may that company may not have a very
00:41:15.180 --> 00:41:18.119
diverse team the um if you've heard the
00:41:18.119 --> 00:41:19.680
an amazing
00:41:19.680 --> 00:41:23.579
um there's an amazing uh story about the
00:41:23.579 --> 00:41:25.079
that was all over Twitter a few years
00:41:25.079 --> 00:41:27.540
ago of a um
00:41:27.540 --> 00:41:29.220
soap soap dispensers and there are
00:41:29.220 --> 00:41:30.420
actually multiple brands of soap
00:41:30.420 --> 00:41:32.940
dispensers where if someone with light
00:41:32.940 --> 00:41:34.920
skin puts their hand under the soap
00:41:34.920 --> 00:41:37.920
dispenser it works great but if someone
00:41:37.920 --> 00:41:40.140
with dark skin puts their hand under the
00:41:40.140 --> 00:41:41.880
same soap dispenser nothing happens
00:41:41.880 --> 00:41:43.680
because they were relied on light
00:41:43.680 --> 00:41:45.900
reflection in order to determine whether
00:41:45.900 --> 00:41:48.260
to dispense soap and they're just
00:41:48.260 --> 00:41:50.700
obviously it was known with dark skin on
00:41:50.700 --> 00:41:52.740
that testing team otherwise they would
00:41:52.740 --> 00:41:55.740
have known right so we need to make sure
00:41:55.740 --> 00:41:57.900
that we are engaged with the creation of
00:41:57.900 --> 00:41:59.520
our technology that our technology has
00:41:59.520 --> 00:42:01.200
created diversely and that we don't
00:42:01.200 --> 00:42:03.599
leave it up to these companies who are
00:42:03.599 --> 00:42:06.240
only interested in their profit margins
00:42:06.240 --> 00:42:07.859
you know like
00:42:07.859 --> 00:42:09.359
they don't want disasters to happen
00:42:09.359 --> 00:42:10.920
because their profit margins are often
00:42:10.920 --> 00:42:13.740
aligned with public health but their
00:42:13.740 --> 00:42:18.119
goal is their profits so what can you do
00:42:18.119 --> 00:42:21.300
first of all please you're here so I
00:42:21.300 --> 00:42:22.560
think you're probably doing this already
00:42:22.560 --> 00:42:24.780
but have a dialogue about the big
00:42:24.780 --> 00:42:26.880
solutions that are possible I am
00:42:26.880 --> 00:42:30.359
astounded still as an American that gdpr
00:42:30.359 --> 00:42:34.079
happened and filled with gratitude for
00:42:34.079 --> 00:42:35.820
the protection that it is spilled over
00:42:35.820 --> 00:42:38.280
to the United States and if you would
00:42:38.280 --> 00:42:40.320
ask many people prior to it we would
00:42:40.320 --> 00:42:43.020
have said it was not possible there is a
00:42:43.020 --> 00:42:45.240
possibility for Mass reform if we look
00:42:45.240 --> 00:42:48.300
in every selection every way right if we
00:42:48.300 --> 00:42:50.160
look towards advocating for better
00:42:50.160 --> 00:42:54.300
legislation requiring the publication of
00:42:54.300 --> 00:42:57.000
of source code and giving users rights
00:42:57.000 --> 00:42:59.460
we can talk about making sure that we as
00:42:59.460 --> 00:43:02.460
consumers buy copy left of products we
00:43:02.460 --> 00:43:05.400
can talk about how we can we can create
00:43:05.400 --> 00:43:08.400
solutions that we can rely on and none
00:43:08.400 --> 00:43:10.740
of the solutions that will move us to a
00:43:10.740 --> 00:43:12.599
world with software Freedom will happen
00:43:12.599 --> 00:43:15.420
overnight none of them are easy they are
00:43:15.420 --> 00:43:17.460
all hard I was talking to somebody about
00:43:17.460 --> 00:43:21.240
this recently and I I said ah yes it's
00:43:21.240 --> 00:43:23.280
like trying to ask everyone to give up
00:43:23.280 --> 00:43:25.859
Amazon how do we do that now right none
00:43:25.859 --> 00:43:28.380
of these things are easy but they are
00:43:28.380 --> 00:43:29.940
important and they are Broad and
00:43:29.940 --> 00:43:31.319
sweeping and they are only going to
00:43:31.319 --> 00:43:33.960
happen with coordinated dialogue
00:43:33.960 --> 00:43:36.960
you everyone here in this room and
00:43:36.960 --> 00:43:40.740
listening on the live stream you are the
00:43:40.740 --> 00:43:44.160
tech savvy population you are the top
00:43:44.160 --> 00:43:47.160
knowledgeable people it is time for all
00:43:47.160 --> 00:43:49.740
of us technologists to stop relying on
00:43:49.740 --> 00:43:52.619
big tech for our Solutions I was in a
00:43:52.619 --> 00:43:54.619
meeting with some of the most
00:43:54.619 --> 00:43:58.079
influential Tech rights organizations in
00:43:58.079 --> 00:44:00.060
the world and they are advocating
00:44:00.060 --> 00:44:02.760
against Google by using Google Docs and
00:44:02.760 --> 00:44:06.420
Google infrastructure we are using all
00:44:06.420 --> 00:44:07.740
of these solutions that big tech
00:44:07.740 --> 00:44:09.420
provides us because they are convenient
00:44:09.420 --> 00:44:11.099
but they are not in our long-term
00:44:11.099 --> 00:44:13.260
interests and we have Alternatives that
00:44:13.260 --> 00:44:15.540
are ready now if you want to collaborate
00:44:15.540 --> 00:44:17.460
on a document we at software Freedom
00:44:17.460 --> 00:44:19.020
Conservancy maintain an ether pad which
00:44:19.020 --> 00:44:20.700
etherpad is also a software Freedom
00:44:20.700 --> 00:44:23.339
Conservancy member project you can use
00:44:23.339 --> 00:44:27.380
video chat using uh jitsi this is the
00:44:27.380 --> 00:44:29.400
meat.jit.c is the link
00:44:29.400 --> 00:44:31.079
um I really have to give a plug for a
00:44:31.079 --> 00:44:32.339
big blue button because it's designed
00:44:32.339 --> 00:44:34.680
for academic use and I think you should
00:44:34.680 --> 00:44:37.920
all join the charge to get this
00:44:37.920 --> 00:44:40.079
University to switch to big blue button
00:44:40.079 --> 00:44:42.720
it is perfect for that solution I have
00:44:42.720 --> 00:44:44.460
loved teaching classes on it and I think
00:44:44.460 --> 00:44:46.940
it works great and it's very stable
00:44:46.940 --> 00:44:48.720
and then
00:44:48.720 --> 00:44:50.760
go ahead and if you have old devices
00:44:50.760 --> 00:44:52.619
just play and put an alternate
00:44:52.619 --> 00:44:54.660
Distribution on it as many of you have
00:44:54.660 --> 00:44:56.460
if you have a phone try putting lineage
00:44:56.460 --> 00:44:58.740
or something else on it if you've got a
00:44:58.740 --> 00:45:00.540
laptop if you're just trying it out for
00:45:00.540 --> 00:45:02.760
the first time Ubuntu or Debian is
00:45:02.760 --> 00:45:04.500
really really great and you can save old
00:45:04.500 --> 00:45:06.599
equipment from going into landfills and
00:45:06.599 --> 00:45:08.940
make them perfectly useful if more
00:45:08.940 --> 00:45:11.280
people use it we have this like amazing
00:45:11.280 --> 00:45:14.880
spiraling situation where we don't have
00:45:14.880 --> 00:45:16.740
the buy-in for a software Freedom
00:45:16.740 --> 00:45:18.599
Solutions and so those Solutions
00:45:18.599 --> 00:45:21.780
continue to degrade and they get a
00:45:21.780 --> 00:45:23.099
little bit worse and a little bit worse
00:45:23.099 --> 00:45:25.319
over time because people say oh it's
00:45:25.319 --> 00:45:27.540
just so convenient I'm going to use you
00:45:27.540 --> 00:45:29.220
know I'm gonna I'm gonna use the the
00:45:29.220 --> 00:45:31.440
Apple product or I'm going to use um you
00:45:31.440 --> 00:45:34.920
know the the Google suite and over time
00:45:34.920 --> 00:45:37.920
we're just making more of that happen so
00:45:37.920 --> 00:45:40.859
we have to we have to buy into it the
00:45:40.859 --> 00:45:42.420
other thing I have to ask each and every
00:45:42.420 --> 00:45:44.579
one of you to do
00:45:44.579 --> 00:45:47.160
when you buy something if you see a
00:45:47.160 --> 00:45:49.560
license notice in it that says you have
00:45:49.560 --> 00:45:50.819
rights with respect to some of the
00:45:50.819 --> 00:45:52.680
software in this device and you get the
00:45:52.680 --> 00:45:55.800
manual that has the licenses in it if it
00:45:55.800 --> 00:45:57.180
says
00:45:57.180 --> 00:45:59.880
if it says ask for the source code by
00:45:59.880 --> 00:46:02.940
emailing this address please do it ask
00:46:02.940 --> 00:46:05.520
for it because right now only people who
00:46:05.520 --> 00:46:07.500
are really interested in modifying their
00:46:07.500 --> 00:46:09.660
software in a very intent way will ask
00:46:09.660 --> 00:46:11.520
and then companies it's very easy for
00:46:11.520 --> 00:46:13.680
them to ignore it even though the people
00:46:13.680 --> 00:46:15.599
who are asking are the ones who are
00:46:15.599 --> 00:46:16.740
going to make software that everyone
00:46:16.740 --> 00:46:18.540
else is going to use
00:46:18.540 --> 00:46:20.460
because only one person or a few people
00:46:20.460 --> 00:46:22.319
a handful of people asks the company
00:46:22.319 --> 00:46:23.819
thinks nobody cares and they're not
00:46:23.819 --> 00:46:25.560
taking it seriously and that's one of
00:46:25.560 --> 00:46:26.579
the things that we see over and over
00:46:26.579 --> 00:46:29.760
again until uh we contact them being the
00:46:29.760 --> 00:46:30.960
software Freedom conservancy and they
00:46:30.960 --> 00:46:32.520
get nervous that we might take action if
00:46:32.520 --> 00:46:34.800
they don't listen to us nothing nothing
00:46:34.800 --> 00:46:36.540
happens and the reason why we file that
00:46:36.540 --> 00:46:39.420
consumer rights suit was basically so
00:46:39.420 --> 00:46:41.400
that anyone who asked for the source
00:46:41.400 --> 00:46:43.740
code will be taken seriously
00:46:43.740 --> 00:46:45.839
um and then please support and engage in
00:46:45.839 --> 00:46:47.339
the organizations that are trying to
00:46:47.339 --> 00:46:49.500
make these changes possible
00:46:49.500 --> 00:46:51.599
um there's Ulysses on this you know
00:46:51.599 --> 00:46:54.480
that's active here and I understand they
00:46:54.480 --> 00:46:56.819
have a like an open source job fair that
00:46:56.819 --> 00:46:58.740
happens in this very building
00:46:58.740 --> 00:47:00.119
um like engage in these local
00:47:00.119 --> 00:47:01.560
organizations because this is how we're
00:47:01.560 --> 00:47:02.940
going to build the infrastructure that
00:47:02.940 --> 00:47:05.220
will make a change it's funny because
00:47:05.220 --> 00:47:08.339
when I was a student there was software
00:47:08.339 --> 00:47:10.339
Freedom like you could easily replace
00:47:10.339 --> 00:47:12.599
your the software on any of your devices
00:47:12.599 --> 00:47:15.359
and it was super easy you had a fully
00:47:15.359 --> 00:47:17.099
free device that you had complete
00:47:17.099 --> 00:47:18.300
control over
00:47:18.300 --> 00:47:20.339
um but it was it was it was kind of hard
00:47:20.339 --> 00:47:21.900
to do and it was kind of a niche thing
00:47:21.900 --> 00:47:24.960
and now free and open source software is
00:47:24.960 --> 00:47:27.540
everywhere and in everything but we
00:47:27.540 --> 00:47:29.160
actually have far less software freedom
00:47:29.160 --> 00:47:31.079
than we ever had before because we can't
00:47:31.079 --> 00:47:33.300
do anything with any of our devices it's
00:47:33.300 --> 00:47:34.859
the lower layers that are free and open
00:47:34.859 --> 00:47:36.119
and the only way we're going to change
00:47:36.119 --> 00:47:38.220
that is by banding together and
00:47:38.220 --> 00:47:40.319
supporting these organizations so I
00:47:40.319 --> 00:47:41.520
think I've gone a little bit long but I
00:47:41.520 --> 00:47:44.160
think we have time for questions
00:47:44.160 --> 00:47:46.980
um great so thank you so much and I
00:47:46.980 --> 00:47:49.560
would love to hear your questions please
00:47:49.560 --> 00:47:52.140
are you moderating the questions
00:47:52.140 --> 00:47:59.780
okay thank you
00:47:59.780 --> 00:48:04.079
no you might have to just come here
00:48:04.079 --> 00:48:07.200
let's open something it's collaborative
00:48:07.200 --> 00:48:09.839
collaborative okay I don't have a
00:48:09.839 --> 00:48:12.599
microphone so if you would like to ask a
00:48:12.599 --> 00:48:13.980
question please
00:48:13.980 --> 00:48:15.300
um
00:48:15.300 --> 00:48:17.660
speak very loudly
00:48:17.660 --> 00:48:21.540
yes floor is open there please go ahead
00:48:21.540 --> 00:48:28.940
Shout
00:48:28.940 --> 00:48:41.400
your Hardware security researcher
00:48:41.400 --> 00:48:42.839
yes
00:48:42.839 --> 00:48:45.420
please all Hardware security researchers
00:48:45.420 --> 00:48:49.760
please email compliance at
00:48:49.760 --> 00:48:52.079
sfconservancy.org we have a lot of work
00:48:52.079 --> 00:48:54.599
that we would love for you to do
00:48:54.599 --> 00:48:56.880
um yeah there's I mean there's there's
00:48:56.880 --> 00:48:59.700
so much there's so much and um you know
00:48:59.700 --> 00:49:02.220
we are we are a tiny organization we
00:49:02.220 --> 00:49:05.099
have uh six people on staff
00:49:05.099 --> 00:49:06.540
um and we run our internship program
00:49:06.540 --> 00:49:10.079
that has 130 people every year we have
00:49:10.079 --> 00:49:13.020
our 50 member projects that are building
00:49:13.020 --> 00:49:15.300
Alternatives and we're we do the
00:49:15.300 --> 00:49:17.339
lawsuits and protect copy left and we do
00:49:17.339 --> 00:49:19.079
all that with a really small staff and
00:49:19.079 --> 00:49:20.819
we rely on a lot of volunteers and
00:49:20.819 --> 00:49:22.859
that's really important because we're
00:49:22.859 --> 00:49:25.440
funded by the public primarily and
00:49:25.440 --> 00:49:28.079
grants and um and and a huge amount of
00:49:28.079 --> 00:49:29.700
our work is done by volunteers and
00:49:29.700 --> 00:49:31.980
that's important not just because
00:49:31.980 --> 00:49:34.020
um it gets the work done but it's also
00:49:34.020 --> 00:49:35.579
because it shows us that this work is
00:49:35.579 --> 00:49:38.220
important it's not enough that I think
00:49:38.220 --> 00:49:41.460
it's important it's it it has to be that
00:49:41.460 --> 00:49:43.560
we as a community think that this is
00:49:43.560 --> 00:49:45.000
important and can work together so I'd
00:49:45.000 --> 00:49:49.619
love to talk to you about that
00:49:49.619 --> 00:49:52.200
someone else question
00:49:52.200 --> 00:50:00.540
of time these
00:50:00.540 --> 00:50:03.839
how
00:50:03.839 --> 00:50:05.819
how can company
00:50:05.819 --> 00:50:07.319
thank you how can companies be
00:50:07.319 --> 00:50:09.599
incentivized to um to publish their
00:50:09.599 --> 00:50:10.920
source code
00:50:10.920 --> 00:50:13.680
um and how can we get them to do it
00:50:13.680 --> 00:50:15.300
um you know on their own and I've been
00:50:15.300 --> 00:50:18.060
wondering this for forever I thought I
00:50:18.060 --> 00:50:19.740
you know honestly I was so naive when I
00:50:19.740 --> 00:50:21.359
started this work I really thought that
00:50:21.359 --> 00:50:24.180
this is one of those areas where the
00:50:24.180 --> 00:50:26.880
corporate interests and the public good
00:50:26.880 --> 00:50:29.220
were aligned I really thought that the
00:50:29.220 --> 00:50:32.119
business case for open source
00:50:32.119 --> 00:50:36.119
would carry the day and that in fact and
00:50:36.119 --> 00:50:38.880
I think I think that The Originators of
00:50:38.880 --> 00:50:41.700
the software Freedom ideology also
00:50:41.700 --> 00:50:43.740
thought that and so many of the early
00:50:43.740 --> 00:50:46.079
developers especially for example the
00:50:46.079 --> 00:50:47.760
Linux kernel developers and other
00:50:47.760 --> 00:50:50.099
original projects like that that were so
00:50:50.099 --> 00:50:52.859
ideological and so forward-thinking were
00:50:52.859 --> 00:50:55.319
so excited when they started when their
00:50:55.319 --> 00:50:57.720
collaboration yield amazing results and
00:50:57.720 --> 00:50:59.760
those results started getting adopted by
00:50:59.760 --> 00:51:01.920
technology companies they it was
00:51:01.920 --> 00:51:03.960
suddenly like we've made this like we've
00:51:03.960 --> 00:51:06.540
this has happened because we've created
00:51:06.540 --> 00:51:08.099
something so useful that companies want
00:51:08.099 --> 00:51:10.559
to use it and then companies hired all
00:51:10.559 --> 00:51:12.900
of those people and now a very high
00:51:12.900 --> 00:51:16.200
percentage of those developers work at
00:51:16.200 --> 00:51:18.059
companies to work on those products and
00:51:18.059 --> 00:51:20.160
many of them work on things that they
00:51:20.160 --> 00:51:21.480
think are important to improve the
00:51:21.480 --> 00:51:22.800
software and many of them are still
00:51:22.800 --> 00:51:25.140
ideological but the idea that we could
00:51:25.140 --> 00:51:28.680
do well by doing good was flawed because
00:51:28.680 --> 00:51:31.859
we have put so many of our resources in
00:51:31.859 --> 00:51:36.300
into into corporate interest into into
00:51:36.300 --> 00:51:38.220
things that companies find either
00:51:38.220 --> 00:51:42.059
palatable or profitable and what becomes
00:51:42.059 --> 00:51:45.420
overlooked is our ability as a public to
00:51:45.420 --> 00:51:48.059
do with our devices what we want to our
00:51:48.059 --> 00:51:50.040
ability to stay free from surveillance
00:51:50.040 --> 00:51:52.500
our ability to make sure that you know
00:51:52.500 --> 00:51:54.960
we're not only not being spied on but
00:51:54.960 --> 00:51:58.440
that we can use our devices not only for
00:51:58.440 --> 00:52:00.540
their intended purpose or other purposes
00:52:00.540 --> 00:52:04.380
right I it's currently difficult to find
00:52:04.380 --> 00:52:06.000
a product on the market that doesn't
00:52:06.000 --> 00:52:08.400
phone home like there are smart
00:52:08.400 --> 00:52:10.619
toothbrushes where they're taking video
00:52:10.619 --> 00:52:12.839
of your teeth to send back to a
00:52:12.839 --> 00:52:15.180
centralized company and then also taking
00:52:15.180 --> 00:52:17.280
video of everything else in your house
00:52:17.280 --> 00:52:19.800
and these companies are trying to
00:52:19.800 --> 00:52:21.420
collect as much information as they can
00:52:21.420 --> 00:52:23.160
because they want to be able to Pivot
00:52:23.160 --> 00:52:24.540
whatever business model that they can
00:52:24.540 --> 00:52:26.880
and this is so Insidious that it's very
00:52:26.880 --> 00:52:28.680
hard to predict what the interests will
00:52:28.680 --> 00:52:30.059
be of those companies in the long run
00:52:30.059 --> 00:52:31.800
and what we have found is that without
00:52:31.800 --> 00:52:35.160
text checks and balances the free and
00:52:35.160 --> 00:52:36.839
open source software is just exploited
00:52:36.839 --> 00:52:40.319
and what we need is to have a public
00:52:40.319 --> 00:52:42.960
focused component of it there we used to
00:52:42.960 --> 00:52:44.880
people used to say
00:52:44.880 --> 00:52:46.859
from like the old days and I know that
00:52:46.859 --> 00:52:48.839
some of you here are have been involved
00:52:48.839 --> 00:52:50.520
in the community for a long time and
00:52:50.520 --> 00:52:52.440
some of you are new and haven't
00:52:52.440 --> 00:52:54.240
experienced it a lot but in the old days
00:52:54.240 --> 00:52:56.640
people would say free software is an
00:52:56.640 --> 00:52:59.460
ideological movement and open source is
00:52:59.460 --> 00:53:01.680
commercial and I used to fight so hard
00:53:01.680 --> 00:53:05.040
to say that's not true because open
00:53:05.040 --> 00:53:07.859
source sounds like it's just about
00:53:07.859 --> 00:53:10.800
seeing the code but everyone would tell
00:53:10.800 --> 00:53:12.240
you that it's not open source if you
00:53:12.240 --> 00:53:14.339
don't have the ability to modify it and
00:53:14.339 --> 00:53:15.900
free software it sounds like it's just
00:53:15.900 --> 00:53:17.040
about price
00:53:17.040 --> 00:53:19.140
but it is about rights and it's really
00:53:19.140 --> 00:53:21.119
about the same thing if you look at the
00:53:21.119 --> 00:53:23.819
definitions they're they effectively say
00:53:23.819 --> 00:53:26.940
the same things in the end but what was
00:53:26.940 --> 00:53:30.599
true about that that I missed is that is
00:53:30.599 --> 00:53:33.859
that we can't have it all we have to
00:53:33.859 --> 00:53:36.420
prioritize the public good we have to
00:53:36.420 --> 00:53:38.280
prioritize our ability to take control
00:53:38.280 --> 00:53:40.380
of our of our technology
00:53:40.380 --> 00:53:44.040
and I don't know I I guess I'd say that
00:53:44.040 --> 00:53:46.440
we've tried that experiment of trying to
00:53:46.440 --> 00:53:48.599
make it interesting and exciting for
00:53:48.599 --> 00:53:50.220
companies and what happens is they
00:53:50.220 --> 00:53:52.319
engage only as much as they have to they
00:53:52.319 --> 00:53:53.940
give up only as much as they absolutely
00:53:53.940 --> 00:53:56.040
have to so the only way to incentivize
00:53:56.040 --> 00:53:58.260
them is to legislate it so that they
00:53:58.260 --> 00:53:59.760
must do it
00:53:59.760 --> 00:54:02.940
or we incentivize them by every single
00:54:02.940 --> 00:54:05.640
one of us only buys products that have
00:54:05.640 --> 00:54:07.619
copy left it software in them and we
00:54:07.619 --> 00:54:09.300
tell companies that we're doing it we
00:54:09.300 --> 00:54:11.040
asked for the source code when they
00:54:11.040 --> 00:54:13.079
don't provide it we say well I'm never
00:54:13.079 --> 00:54:14.640
going to buy your device again
00:54:14.640 --> 00:54:16.200
and I'm telling everybody else I'm
00:54:16.200 --> 00:54:18.300
writing an article to my local paper I'm
00:54:18.300 --> 00:54:19.980
going to find an alternative where I can
00:54:19.980 --> 00:54:21.180
get the source code and I'm going to
00:54:21.180 --> 00:54:22.680
support it I think I think it's the only
00:54:22.680 --> 00:54:25.020
way because otherwise we're just kidding
00:54:25.020 --> 00:54:29.059
ourselves
00:54:29.059 --> 00:54:31.500
okay I think there's time for one more
00:54:31.500 --> 00:54:32.819
question
00:54:32.819 --> 00:54:40.800
please
00:54:40.800 --> 00:54:43.500
oh this is such a great question how do
00:54:43.500 --> 00:54:45.900
you manage the risks and liability what
00:54:45.900 --> 00:54:47.099
if somebody working on your
00:54:47.099 --> 00:54:49.980
defibrillator gets it wrong and the
00:54:49.980 --> 00:54:52.380
secret answer like the real answer to
00:54:52.380 --> 00:54:55.260
this question is that software is full
00:54:55.260 --> 00:54:57.180
of liability because software is
00:54:57.180 --> 00:54:59.520
vulnerable and just because something is
00:54:59.520 --> 00:55:02.819
free and open source doesn't mean that
00:55:02.819 --> 00:55:05.579
it is any any more vulnerable in fact
00:55:05.579 --> 00:55:07.440
it's the opposite way around and
00:55:07.440 --> 00:55:10.319
security researchers have found that
00:55:10.319 --> 00:55:12.180
devices that have free and open source
00:55:12.180 --> 00:55:14.640
software there's like a more complicated
00:55:14.640 --> 00:55:15.900
answer to this that I'm going to skip
00:55:15.900 --> 00:55:17.819
but uh but they call what you're talking
00:55:17.819 --> 00:55:20.460
about security through obscurity so if
00:55:20.460 --> 00:55:22.380
you don't publish the source code then
00:55:22.380 --> 00:55:24.720
you're safe but in fact that's not the
00:55:24.720 --> 00:55:27.240
only like there are many ways to you can
00:55:27.240 --> 00:55:28.800
talk to the general in the back there
00:55:28.800 --> 00:55:32.160
are so many ways to or I'm sorry for
00:55:32.160 --> 00:55:33.540
generating the person in the back I
00:55:33.540 --> 00:55:35.280
don't know why I did that I apologize uh
00:55:35.280 --> 00:55:37.319
but um but there are so many ways that
00:55:37.319 --> 00:55:40.440
you can that you can you can show a
00:55:40.440 --> 00:55:42.599
device be vulnerable and exploited and
00:55:42.599 --> 00:55:45.059
so having real Security on devices
00:55:45.059 --> 00:55:46.740
having
00:55:46.740 --> 00:55:48.900
um you know having encryption having
00:55:48.900 --> 00:55:51.660
real security not this not security
00:55:51.660 --> 00:55:53.760
theater I mean that's really where it's
00:55:53.760 --> 00:55:56.819
at I for example I want the software on
00:55:56.819 --> 00:55:58.680
my device to be published and available
00:55:58.680 --> 00:56:01.440
for review but I want there to be I
00:56:01.440 --> 00:56:03.660
don't want any I want there to be either
00:56:03.660 --> 00:56:06.000
a password or encryption or some way
00:56:06.000 --> 00:56:07.920
that only my device can tell and that
00:56:07.920 --> 00:56:09.540
and that's and that's real because
00:56:09.540 --> 00:56:12.420
previously these devices had no had none
00:56:12.420 --> 00:56:13.920
of that before but this device the
00:56:13.920 --> 00:56:15.660
software wasn't published and so
00:56:15.660 --> 00:56:17.579
researchers show that you could just
00:56:17.579 --> 00:56:19.859
cause them to shock people unnecessarily
00:56:19.859 --> 00:56:21.540
you could get information off of those
00:56:21.540 --> 00:56:23.819
devices so
00:56:23.819 --> 00:56:25.859
the question is like how do we manage
00:56:25.859 --> 00:56:28.380
our software liability and it's scary
00:56:28.380 --> 00:56:31.079
stuff but having the software public
00:56:31.079 --> 00:56:32.819
means that it can be reviewed and it can
00:56:32.819 --> 00:56:34.500
be tested and yes there might be times
00:56:34.500 --> 00:56:35.819
where
00:56:35.819 --> 00:56:37.920
um where folks who are malicious may be
00:56:37.920 --> 00:56:40.079
able to find an exploit by Examining The
00:56:40.079 --> 00:56:41.940
Source Code but because there are so
00:56:41.940 --> 00:56:43.619
many exploits available without access
00:56:43.619 --> 00:56:45.059
to the source code
00:56:45.059 --> 00:56:47.579
it's just one of the benefits vastly
00:56:47.579 --> 00:56:49.079
outweigh the
00:56:49.079 --> 00:56:52.020
um you know the risks in my in my view
00:56:52.020 --> 00:56:54.540
and as we develop more infrastructure
00:56:54.540 --> 00:56:56.040
around free and open source software
00:56:56.040 --> 00:56:57.180
projects we'll find that to be the case
00:56:57.180 --> 00:56:59.099
an example perfect example of this is
00:56:59.099 --> 00:57:00.660
the Linux kernel which is considered to
00:57:00.660 --> 00:57:04.740
be one of the most secure kernels and
00:57:04.740 --> 00:57:08.339
that has been free and open for
00:57:08.339 --> 00:57:12.059
about 30 years
00:57:12.059 --> 00:57:14.520
oh I said well I I did we said one more
00:57:14.520 --> 00:57:16.319
can I do more okay one more before but
00:57:16.319 --> 00:57:20.760
yeah okay
00:57:20.760 --> 00:57:22.859
how does right to repair ah how does
00:57:22.859 --> 00:57:24.180
right to repair fit into the goals of
00:57:24.180 --> 00:57:25.800
the software Freedom Conservancy if it
00:57:25.800 --> 00:57:28.859
were not abundant yet from my talk
00:57:28.859 --> 00:57:30.960
software freedom is the software right
00:57:30.960 --> 00:57:32.220
to repair
00:57:32.220 --> 00:57:33.599
so
00:57:33.599 --> 00:57:36.359
in order to be able to repair any modern
00:57:36.359 --> 00:57:40.260
equipment we need software Freedom you
00:57:40.260 --> 00:57:42.480
cannot effectively repair anything
00:57:42.480 --> 00:57:45.000
without being able to have the software
00:57:45.000 --> 00:57:47.400
right to repair and what's cool about
00:57:47.400 --> 00:57:49.319
copy left licensing and why I spent so
00:57:49.319 --> 00:57:52.200
much time on the Vizio suit is that we
00:57:52.200 --> 00:57:54.180
have a right to repair in all of these
00:57:54.180 --> 00:57:55.619
Linux devices
00:57:55.619 --> 00:57:58.619
I mean the Vizio TVs had I forget how
00:57:58.619 --> 00:57:59.400
many
00:57:59.400 --> 00:58:01.260
um different kinds of software on it I
00:58:01.260 --> 00:58:04.859
think 22 22 copy lifted projects on it
00:58:04.859 --> 00:58:06.960
it wasn't just the Linux kernel loads of
00:58:06.960 --> 00:58:09.359
software that give us these rights the
00:58:09.359 --> 00:58:11.280
rights to get complete and corresponding
00:58:11.280 --> 00:58:12.720
source code and the scripts to control
00:58:12.720 --> 00:58:15.420
installation so we should be able to do
00:58:15.420 --> 00:58:17.520
something about this but we haven't been
00:58:17.520 --> 00:58:19.079
able to yet in part because companies
00:58:19.079 --> 00:58:20.819
just don't do the right thing they don't
00:58:20.819 --> 00:58:22.980
they don't think about the fact that
00:58:22.980 --> 00:58:25.619
they have to publish their source code
00:58:25.619 --> 00:58:27.839
before they go to market then they go to
00:58:27.839 --> 00:58:30.540
market and they scramble in general we
00:58:30.540 --> 00:58:33.059
we've talked to loads and loads of
00:58:33.059 --> 00:58:35.099
companies about their non-compliance and
00:58:35.099 --> 00:58:37.020
what turns out is that often as I said
00:58:37.020 --> 00:58:38.220
they don't even have the software
00:58:38.220 --> 00:58:40.020
themselves because they never ask for it
00:58:40.020 --> 00:58:41.700
from their vendors to begin with and
00:58:41.700 --> 00:58:43.140
they didn't put if they developed it
00:58:43.140 --> 00:58:45.119
in-house they did put the process in
00:58:45.119 --> 00:58:46.920
place to begin with so they don't have
00:58:46.920 --> 00:58:50.339
the infrastructure in place they don't
00:58:50.339 --> 00:58:52.559
even employ the employees that worked on
00:58:52.559 --> 00:58:53.940
the developers that worked on that
00:58:53.940 --> 00:58:56.579
software back then those people have
00:58:56.579 --> 00:58:58.559
often left the company and moved on to
00:58:58.559 --> 00:59:00.839
other projects and so they just don't
00:59:00.839 --> 00:59:03.000
even have the resources to be able to
00:59:03.000 --> 00:59:04.859
find that software later which is
00:59:04.859 --> 00:59:06.240
terrifying because it means that if
00:59:06.240 --> 00:59:07.680
there's a problem with their products
00:59:07.680 --> 00:59:09.540
they basically have to recall them
00:59:09.540 --> 00:59:11.220
there's nothing left that that can be
00:59:11.220 --> 00:59:13.260
done so in order for us to make sure
00:59:13.260 --> 00:59:15.240
that that changes we have to be louder
00:59:15.240 --> 00:59:17.339
about it and we have to make these
00:59:17.339 --> 00:59:18.720
companies realize that there is
00:59:18.720 --> 00:59:20.119
liability
00:59:20.119 --> 00:59:22.740
for their you know for their
00:59:22.740 --> 00:59:24.359
non-compliance because that will
00:59:24.359 --> 00:59:27.240
incentivize them to comply
00:59:27.240 --> 00:59:35.960
foreign
00:59:35.960 --> 00:59:40.079
are evoking but I was told that yeah we
00:59:40.079 --> 00:59:41.819
should close the session after one hour
00:59:41.819 --> 00:59:43.619
maybe there are students that are still
00:59:43.619 --> 00:59:45.960
having to do some exams I don't know
00:59:45.960 --> 00:59:48.119
wishing them good luck in that case of
00:59:48.119 --> 00:59:51.480
course but uh most of all I would like
00:59:51.480 --> 00:59:54.540
you to invite you to share with me the
00:59:54.540 --> 01:00:02.339
Applause for Aaron once more
01:00:02.339 --> 01:00:04.980
and you know you still have to put four
01:00:04.980 --> 01:00:06.180
more
01:00:06.180 --> 01:00:08.460
uh in two days I think the second yeah
01:00:08.460 --> 01:00:11.579
two days from now when you will get this
01:00:11.579 --> 01:00:14.760
Armory uh award from our University
01:00:14.760 --> 01:00:16.980
someone else will give it to you I would
01:00:16.980 --> 01:00:18.900
love to do it but that's uh we
01:00:18.900 --> 01:00:23.880
definitely
01:00:23.880 --> 01:00:25.200
um
01:00:25.200 --> 01:00:28.380
being here with Ken thanks so much
01:00:28.380 --> 01:00:31.380
foreign
Reference in a new issue View git blame Copy permalink