 Hi, everybody, good morning. As Danielle said, my name is Karen. I'm the executive director of the Software Freedom Conservancy. This is our cute tree logo and many of our member projects, which include a lot of software that you're using, whether you know it or not. We're also the home of Outreachy, which is a paid internship program for women non-binary people and people of color who are underrepresented in US tech. And we also are, perhaps, most well known in some circles for enforcing the GPL and copy left. So that's sort of our organization. I am a lawyer by training, even though I'm an executive director. And now I mostly do legal work just as a volunteer. And I am super, super into free and open source software, really, really into it. And part of the reason that I'm really into free software is because I'm a patient. So I literally have a big heart. My heart is three times the size of an ordinary person's heart. It's called hypertrophic cardiomyopathy. And it's fine. My heart is actually just really thick. And it's totally fine, except that I'm at a very high risk of suddenly dying. It's called sudden death is the legal term, which is quite alarming. But it's like a 2% to 3% chance per year compounding. And I was diagnosed when I was 31. So that was very upsetting. And so the doctors sort of said, well, this isn't a big deal, because don't worry about it. You're asymptomatic. And what we can do is we can give you a pacemaker defibrillator. And then if you go into sudden death, it's like people are following you around with paddles. And they'll say, clear. And you will be revived and not to worry. And so what they do in the doctor's office when they tell you this is that they have the defibrillators in their desk drawers. These devices are really expensive. On the pacemaker forums, we call them our internal bling, because they're so expensive. But the device manufacturers give samples to doctors so that they can show them to the patients. And so I'm sitting there in the doctor's office. And the doctor slips this little device across the desk to me and is sort of like, you know, pick it up, hold it. My mother is there, of course, in the doctor's office with me. And we look at this little thing. And the doctor is looking at me expectantly, saying, you know, basically I can see in his face. He's sort of saying, like, isn't it cute? It's small. It's tiny. It's not a big deal. See, this is nothing to be afraid of, to which I agreed with. But what I said was, what does it run? And he said, run. And I explained that this device had software on it. And, like, you know, that that was critical to its operation. And what did he know about the software? And this doctor said, software? And so we had a little conversation. And we talked about it. And he said, well, don't worry. Because right now in the office, I don't know anything about the software on this device. And in fact, despite the fact that he implanted so many of these devices, sometimes multiple times per day, he had not even thought about the fact that there was software on this device and what implications there might be for the whole of the medical care that he was delivering to his patients. And so he said, but don't worry. Because today in our office is Tom. And Tom is the representative from the medical device manufacturer. And Tom knows everything about these devices. So don't worry. And he, like, pokes his head out of his office door. And he says, Tom, come on in. So Tom comes in. And this doctor says to Tom, expectantly, can you tell this patient about the software on the defibrillator? And Tom said, software? And apparently, not only had no one ever asked this electrophysiologist, who does this all the time about the software on this device, none of the doctors and nobody else had ever asked the medical device representative. So Tom said, don't worry. These devices are very, very safe. They're fully tested. I'm going to give you a hotline that you can call with my company. And they will answer all the questions that you need to know about the safety of the software on this device. Of course, that did not necessarily come to pass. I basically went into a phone tree hell where I kept getting people and leaving messages and nobody ever returned my call. And it became clear that I was basically going to have to just get this device. And it raised a lot of questions for me in terms of doing my research and figuring out what it meant to get a defibrillator and what it meant to have something metallic with wires that literally went through my arteries and screwed into my heart. Having that technology in my body changed the way I thought about technology in general and what that meant. And I realized with some jubilation, and I am not kidding, that I would be able to refer to myself as a cyborg. This was the pinnacle of the entire experience was that I could be, and actually the night before I had my operation to get my defibrillator, I had a cyborg becoming party because it was so exciting. But knowing that this technology was going to be integrated with my body and something that I was going to be a part of me and that I was going to rely on every moment of every day, it was deeply disturbing to me that the, so for people who aren't aware, this is Bill Gates as a board. And this was a picture that made the rounds on the internet for a while. And so the idea that I would have proprietary software in my body that I couldn't see was extremely upsetting, extremely upsetting. And moreover, I used this as an excuse to launch a research program about free and open source software, about software safety on these medical devices. And what I found out was really quite upsetting. What I found was that these devices are vulnerable. They mostly are broadcasting with radio telemetry with no real security on them. There's no encryption, there's no password protection. It's simply not, they're relying on security through obscurity, which we know does not work. So it's the worst of both worlds. These devices are completely vulnerable because they have no real security, but the software is closed and proprietary. And I think many of us in the room know, and one of the cool things was that I got to research the state of software safety and free and open source software, and security researchers agree that over time free and open source software is safer and better. And so I went from there to realizing that my whole attitude about software was needed to change this experience. And now you're saying, this is BangBangCon. What is happening here? This is a real downer, right? So when Lindsay asked me to speak, she asked if I could put an optimistic spin on it, which fair, fair enough, because man, this alone is amusing, but depressing. So instead, this is really how I feel, because, okay, and I have to say that I am only in season six of Voyager right now, so nobody spoil it for me. I'm at the end of season six though, and I think I have a handle on where the character is going, but I am a unique individual, right? And my cyborg components are a part of me, and they help me see the world in a different way. And they have allowed me to take something that was a problem, is a medical condition, and turn it around to something that I feel like I can make a real change, a real difference in the world on. I see the world differently because I'm a cyborg, but that new knowledge has allowed me to pivot my career and my work to help the situation for everyone. And so when I get to speak about medical devices, well, first of all, it makes the audience feel really vulnerable, right? Because you're like that poor woman who has the heart condition, poor thing. She's gonna suddenly die. I really hope that doesn't happen while I'm watching. And so it causes the audience to let down their defenses a little bit, right? And start thinking about the problem at hand, right? So before I had my defibrillator, I tried to talk about free and open source software. I tried to say, hey, you know, it's obvious studies are showing that free software is better and safer over time. I'm not gonna lie to you and say that all free software exaggerates so much to say that free software is better and safer always because we know that's not true. But as developmental methodologies and over the long run, free and open source software is better and it is safer. And if I say that to people without talking about the fact that I have a medical condition, they kind of give me blank looks and they act like I'm a tiny bit, you know, just a little bit crazy. When I talk about the fact that I have software in my body and connect it to my heart, it makes them open up to the idea of the fact that these issues are really important and that they matter. And then from your medical device, it's a really short walk from there to cars, right? Which we entrust our lives to every day. And a short walk from cars to voting machines or stock markets or any of the things that we rely on. And as we build our internet of things where everything talks to everything else, we are only as safe as our weakest link. So we don't even know which software will be critical to us in the long run. When researchers show the vulnerability of cars, they don't go straight for the ignition system or the brake system, right? They go through the entertainment system in the cars or the wheel maintenance system. And because all the systems are talking to everything else, there can be vulnerabilities in basically any of the software that we're using as we network them. But the good news is that it's still early days for this technology, right? We're still building the infrastructure that we're going to rely on. And so there's a lot of opportunity and a lot of excitement in getting involved and sharing these ethical issues. Many times I talk to people and they consider software to be like a hammer, right? A hammer is a tool that they used to get a job done. Thinking about the fact that their software might have an ethical component is something that most people haven't even considered before. And everybody here in this room is part of a special class of people. You are people who have special superpower abilities to understand the technology that we rely on as a society and to communicate that to everybody else. So three million people in the world have pacemakers and 600,000 get them every year, which is astounding to me. It's so many people. Raise your hand if you or someone you know has an implanted medical device. That's like a third of the room. And what's amazing to me is that we don't even know what kinds of technology we're going to incorporate in our bodies in the future. Right? I'm sorry. Looking at that photo. This is probably the only conference I would ever put that photo in. So there are all these ways that we're going to enhance our bodies and enhance our lives. And we don't even, we can't anticipate what those might be, but we know it's gonna happen. And if we don't start to plan for that and understand that our technology is going to be used in ways that we can't anticipate, then we might be in trouble. But since this is BangBangCon, I'll take it to the flip side of that, which is that we all have the power to do something about this because we are all, if we are not cyborgs now, we are future cyborgs, right? So you could argue, it's a little cheeky to call myself a cyborg, right? Like for having a defibrillator, I've had people come up to me and say, Karen, you call yourself a cyborg. That's really an overreach. The definition of cyborg is having technology incorporated in your body. So arguably, anyone who's wearing glasses is a cyborg. Arguably right now, my microphone is part of my cyborg nature. And yes, you could remove it. I will be removing it after this talk, but I could also remove my implants. And so being a cyborg is a fluid thing. We are all in the process of becoming and unbecoming cyborgs, right? And you could argue, actually, that we are cyborgs just for using language since language is technology. But so the definition of cyborg doesn't really matter. The important thing is that we are embracing the technology that we incorporate closely and critically in our lives, right? And that we look at that critically and start to ask questions of the people who are responsible for making it. And that means asking really tough questions of manufacturers. And that means having a healthy skepticism generally to companies that are in control of our critical technology. In the past, I would say that we've had government regulation over some of the most important areas of the way that we interact with each other. And now we're starting to lose a lot of that oversight because we're entrusting single companies with a lot of our critical technology. And one of the things that is important about free and open source software is that it levels the playing field, right? We can review our source code. We can make changes whenever there's a problem. And it's not simply just free and open source software. It's overall control of our technology and control of our software. And it's about the future. You know, it's about what your life will look like in 10 years. This is not something, this is not like an esoteric thing. And I wasn't expecting it to hit me so strongly when I got diagnosed with my weird heart condition. And yet it suddenly became completely evident what the situation is. And all of this has been a huge help to me aside from just recognizing how I am unique and my own process of becoming an individual. It's been an interesting, I don't wanna say how long I've been a cyborg because that will age me. But it's been an interesting number of years since I've gotten my defibrillator because I've been working in this area to try to raise awareness. And there have been times where it has felt very dark. There have been times where it has felt like I was spinning my wheels, like I was advocating for a cause that nobody cared about and that the only way I could explain that it was important was by talking about my own medical condition which I didn't wanna do. But my battery is running out on my defibrillator right now. And in fact, if you have lunch with me, you'll hear my alarm go off at one 10. Which happened yesterday for the first time and I was so surprised. I was like, what is that? Oh, it's my defibrillator. But what's cool about this process of getting my new defibrillator is that while some things are a little worse than when I first got my defibrillator, some things are definitely better and as a result of the work that I and others have been doing. So one of the things that I was worried about is that I needed to get a defibrillator without radio telemetry. I know it won't surprise anybody here that because in part because I run a diversity program, I've been the subject of online attacks and I've received threats to my safety and well-being on the internet. It's sort of like the basic price of being active in that field. And that's okay, it's difficult when it flares up but everybody is so lovely in our communities that there's so much support and it's just such worthwhile work. But when I started to get a new defibrillator, my defibrillator is old. It doesn't have radio telemetry in it. So I wasn't worried and I hadn't really thought about the fact that my new defibrillator might not be in the same situation but when I started looking for my new defibrillator or started the process, it turned out that all of the major manufacturers don't have any ability to disable the radio telemetry on these devices, which I couldn't believe. It's very easy to locate me on the internet and given that there were real threats, I didn't feel comfortable getting a defibrillator with radio telemetry. But because I've been doing all this advocacy, I know all of the security researchers now in the medical device space and they're all amazing people. Most of them are also cyborgs. And so I've been in a process with the help of my doctor's office who as soon as they watched my talk and heard about this advocacy, we're able, I basically got on board immediately and started calling all the device manufacturers which was a hilarious process, including one device which referred to, one company which referred to their devices as being hack-proof. Mm-hmm, which I published. So I named the manufacturer. But the process was an easy one and I found a small manufacturer that is making a device that I can switch off the radio telemetry. And for the first time in maybe in all of these years that I've had, again, not saying how old I am, in all of these years that I've had this device implanted, it's the first time that I really have so much hope that the situation is changing, that people are starting to understand these issues, that understanding that the ethics of our technology really matters, that the issues around transparency and accountability matter. And with free and open source software and with technology we control, when there's an end of life, not literal end of life, end of life of a product, it's the beginning, right? It's not an end of life period, right? When we have control of our technology, if there's a problem with a device, we don't have to wait for the manufacturer to admit there's a problem and then we don't have to wait for the manufacturer to fix the problem. We can do it ourselves. I can hire whatever medical professionals that I want to help me. When I was pregnant somewhat recently, I got shocked unnecessarily by my device, not because I needed to be shocked, but because my heart was doing something that normal pregnant women's hearts do. My heart palpitated a little bit, which is normal for women nodding in the audience who know. It's quite normal for this to happen, but because so few women have defibrillators who are pregnant, it simply isn't an issue that my manufacturer was focused on. I promise you, Medtronic does not want pregnant women to be shocked with their defibrillators. It is the last thing they want. But it's simply not a use case that they're focused on. And because I was pregnant for a limited amount of time, happily, the situation ceased to be an issue. And the idea that I couldn't even hire whatever medical professionals that I wanted to address the issue was really upsetting. And the solution was to give myself medication such that my heart was slowed down, not because my heart needed to be slowed down, but simply to prevent my defibrillator from giving me unnecessary treatment. And for me, it was the perfect example of why what the manufacturers anticipate may not be what we actually need or want. There may be plenty of circumstances that are not anticipated by manufacturers, but when we give them all of the control over our technology, we don't have any options. And so this is Bang Bang Han and I seem to have gone on a negative downer note again. But this slide really sums it up for me, which is to say that when we control our technology as a society, it's in our hands. And we as consumers can put a lot of pressure. We as advocates, we as educated tech-savvy people, we have so much power just asking, what does it run? What is the software like on this device? Can we have control? Can we have the source code? Can it be put in a public repository? What can we do so that we as a society and we as individuals can control the software that we rely on? And I would be thrilled to talk to everybody in the break about this. If you have any ideas, Conservancy is a charity and these slides are under CC by SA 4.0. Thank you.