Unencrypted comm. protocols in diabetes tech: not a feature

Today, when I woke up I found an email in my Inbox from Animas Corporation, the J&J company that makes my insulin pump. The email was in regards to a cybersecurity vulnerability identified in the Animas insulin pump, that under certain fairly extreme circumstances could give a person “unauthorized access to the pump through its unencrypted radio frequency communication system.”

I tweeted about it, and I was a confused with the first response to my tweet (which was merely meant to inform my peers in the #DOC), indicating that the fact that there was an unencrypted communication channel was a feature of the pump. The conversation quickly started taking a different tone: “I think the opportunities of open comm are worth more than the paranoia of pump hacking for evil. #MyTwoCents” I replied with this comment:

Several hours later, I found my Twitter notifications exploding with replies, RTs and Likes opposing my comment and asking me to “show where this is a legit risk that doesn’t read like a bad Tom Clancy novel“. I quickly realized I was in way over my depth, and Twitter is a terrible place to explain complex things, so I decided to blog about it.

There are many friends in the diabetes community that I have tremendous respect for, and I feel I owe it to them to write this, because I don’t want a series of tweets in any way to be interpreted as lack of support for the way way in which they have contributed to the advancement of things in diabetes technology. Of course, I am talking about the folks behind the #WeAreNotWaiting movement, and the folks at Tidepool.

I understand what David Cintron says:

and I also understand what Howard Look @Tidepool_org says:

At the same time, and maybe because I have been in industry since May 2015, I don’t think the only two options are either completely open and unencrypted channels to communicate with insulin pumps OR proprietary and encrypted protocols. Traditional paradigms can lead us to believe that, but we live in a new world, the world I was referring to in my initial tweet, that has shown us a very ugly face in recent years. This is the world that author Joshua Cooper Ramo talks about in his amazing book “The Seventh Sense: Power, Fortune, and Survival in the Age of Networks“. The central idea in the book:

Connection changes the nature of an object…

This notion can be best understood when you consider that incredible connection-enabling tools like Twitter were central to facilitating the Arab Spring, and have recently become a recruiting tool for terrorists. We are not in Kansas any more. This is not about Tom Clancy or science fiction: all it (sadly) takes is to look around us and pay attention at the Presidential Campaign, to remind us of how different a world we live in.

So what will it take to avoid stifling innovation? How to balance it with the mandate to empower AND protect the health and lives of the patients we serve?

We should not defend vulnerabilities: we need to advocate for secure communication protocols that are exposed in a responsible manner (I am not an expert on this topic, but as an optimist it strikes me as doable) to the research and development community. To this end, I like Howard’s idea of an “innovation switch” introduced last month at the NIH-NIDDK Artificial Pancreas Workshop.

This may or may not come from the incumbent companies. It remains to be seen, but when I see what BigFoot is doing (including a crypto-chip in their upcoming pump):

and what Tandem is doing (their t:slim G4 pump exceeds the highest standards as laid out by the Diabetes Technology Society), I feel hopeful about a future where we won’t need to wait five years since a vulnerability on a Medtronic pump was first identified by a hacker with type 1 diabetes like Jay Radcliffe to identify a similar vulnerability with the Animas Ping pump, before action is taken.

In the meantime, in spite of what Jeff Dachis may claim, I will continue to say what I said on Twitter:

Pokesteps? Poke-yes!

A few weeks ago, I was lured into playing a game that has become quite popular. Of course, I am referring to Pokemon Go. Our 12-year old son had been quite a dedicated fan of Pokemon for years now, and since I missed this phenomenon growing up, half the time I didn’t understand what he was saying when he spoke about it. But I decided to give the mobile game a try.

Since I started playing, I don’t cease to be tremendously impressed about the way the game succeeds at getting you to go out and about. Not only is this amazing for kids and young adults (who grew up on Pokemon) alike, since it gets them back outdoors, the way most of us who were born in the 70s and 80s grew up. This game motivates people to get more active…

You are not told you have to put in X number of steps, you have to walk off to hatch eggs that will eventually turn into Pokemons that you can play with in the game. You are not invited to walk for 30 minutes, but without doing so you really cannot hit the Pokestops where you get the pokeballs and other items you need to catch Pokemons and make the most of your catches. The BYPRODUCT of doing all these fun things is that you put in steps that otherwise you may have not taken… As I call them, POKESTEPS!

SO this has officially become the first game since the early days of the Wii, where moving got you points and helped you advance, that I am truly excited about. Gotta catch them all!

Share your thoughts on Pokemon Go in the comments, below.

2 ways to download select emails out of your Gmail

This week, I found myself needing a tool to help me move several hundred personal emails I had in a “personal” folder within my previous email at DHF.

I had been able to clean things up quite a bit, getting rid of personal emails I didn’t care about any more, but there were enough messages I needed to move, for which the solution of “emailing them” to my personal account would have turned out time-consuming and arduous to get them re-organized in my personal email later.

I took to Google and FINALLY found two options that I liked:

  1. A little over a year ago, Google started allowing you to download Gmail messages and a lot more. The beauty of this solution (the one I pursued) is that you don’t have to export EVERYTHING in your Gmail account. You can export just the labels (folders, in Google-speak) that you want, which was ideal for my needs. The personal emails I needed to export, took up a convenient 200+ MB zip file, and in a matter of minutes I was able to get a ZIP file with them.
  2. The other solution (which I was about to go with, and may be suited for some of you anyway) was to use the Thunderbird email client in a special way.

So there you have it: two neat ways to get yourself out this Gmail bind, if you find yourself in it too.