Unencrypted comm. protocols in diabetes tech: not a feature

Today, when I woke up I found an email in my Inbox from Animas Corporation, the J&J company that makes my insulin pump. The email was in regards to a cybersecurity vulnerability identified in the Animas insulin pump, that under certain fairly extreme circumstances could give a person “unauthorized access to the pump through its unencrypted radio frequency communication system.”

I tweeted about it, and I was a confused with the first response to my tweet (which was merely meant to inform my peers in the #DOC), indicating that the fact that there was an unencrypted communication channel was a feature of the pump. The conversation quickly started taking a different tone: “I think the opportunities of open comm are worth more than the paranoia of pump hacking for evil. #MyTwoCents” I replied with this comment:

Several hours later, I found my Twitter notifications exploding with replies, RTs and Likes opposing my comment and asking me to “show where this is a legit risk that doesn’t read like a bad Tom Clancy novel“. I quickly realized I was in way over my depth, and Twitter is a terrible place to explain complex things, so I decided to blog about it.

There are many friends in the diabetes community that I have tremendous respect for, and I feel I owe it to them to write this, because I don’t want a series of tweets in any way to be interpreted as lack of support for the way way in which they have contributed to the advancement of things in diabetes technology. Of course, I am talking about the folks behind the #WeAreNotWaiting movement, and the folks at Tidepool.

I understand what David Cintron says:

and I also understand what Howard Look @Tidepool_org says:

At the same time, and maybe because I have been in industry since May 2015, I don’t think the only two options are either completely open and unencrypted channels to communicate with insulin pumps OR proprietary and encrypted protocols. Traditional paradigms can lead us to believe that, but we live in a new world, the world I was referring to in my initial tweet, that has shown us a very ugly face in recent years. This is the world that author Joshua Cooper Ramo talks about in his amazing book “The Seventh Sense: Power, Fortune, and Survival in the Age of Networks“. The central idea in the book:

Connection changes the nature of an object…

This notion can be best understood when you consider that incredible connection-enabling tools like Twitter were central to facilitating the Arab Spring, and have recently become a recruiting tool for terrorists. We are not in Kansas any more. This is not about Tom Clancy or science fiction: all it (sadly) takes is to look around us and pay attention at the Presidential Campaign, to remind us of how different a world we live in.

So what will it take to avoid stifling innovation? How to balance it with the mandate to empower AND protect the health and lives of the patients we serve?

We should not defend vulnerabilities: we need to advocate for secure communication protocols that are exposed in a responsible manner (I am not an expert on this topic, but as an optimist it strikes me as doable) to the research and development community. To this end, I like Howard’s idea of an “innovation switch” introduced last month at the NIH-NIDDK Artificial Pancreas Workshop.

This may or may not come from the incumbent companies. It remains to be seen, but when I see what BigFoot is doing (including a crypto-chip in their upcoming pump):

and what Tandem is doing (their t:slim G4 pump exceeds the highest standards as laid out by the Diabetes Technology Society), I feel hopeful about a future where we won’t need to wait five years since a vulnerability on a Medtronic pump was first identified by a hacker with type 1 diabetes like Jay Radcliffe to identify a similar vulnerability with the Animas Ping pump, before action is taken.

In the meantime, in spite of what Jeff Dachis may claim, I will continue to say what I said on Twitter:

My Favorite Kind of Captcha

Know those semi-cryptic wavy characters that you need to type back in when trying to link to a web site on Facebook or sign up for some web services? They are known as captchas and, in case you are wondering, they are there to try to keep spammers at bay (though spammers are never shy of exploiting good people around the world and pay them to sit at terminals typing these in for pennies an hour…)

This morning (probably the result of not enough sleep or coffee… or both), I was wondering what my favorite kind of captcha was. There are, of course, the ones so cryptic that it takes a true calligrapher to tell what the heck they say! I am sure those keep spammers at bay, but they probably also keep REAL people at bay, because they are so hard to read! 🙁

So, I guess my favorite kind of captcha is the one I encounter in Facebook:

I can not only read the words, but it also provides a certain level of entertainment, because they are real words (“wagons” and “unfair” in this case) that leave me wondering sometimes what the connection may be between them… Are wagons unfair? Is it unfair to ride a wagon? What’s a wagon? What’s fair…?

See? Next time, I will get more sleep or get more coffee into my system before I blog! 🙂

Getting Wireless Router to Like my MacBook

(or maybe it’s the other way around…)

I used to have my Linksys Wireless Router set up to use WEP security and that went well until we brought the MacBook in. I couldn’t connect to it not even once. So, this week my friend Danilo recommended I switched to another protocol called WPA Personal.

It worked like a charm, plus I realized I am now more secure: according to Wikipedia WPA (which stands for Wi-Fi Protected Access) “was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).