10 Technology Quarterly |The Internet of Things The EconomistSeptember 14th 2019
21A
world fullof connected sensors
will generate huge amounts of data.
It will also generate arguments about
who can use and analyse those data. For
Hugo Campos—an American campaign-
er whose vital organs are connected to
the internet via a medical implant—such
arguments have consumed the past
decade of his life.
Mr Campos has hypertrophic cardio-
myopathy, a disease in which the heart
muscle becomes abnormally thick, to the
point where it can interfere with the
patient’s blood flow. In Mr Campos’s
case, it also interferes with the delicate
electrical system that controls how his
heart beats. In 2007 he was given an
implanted cardioverter-defibrillator
(icd). The device monitors his heart
rhythm, looking for dangerous abnor-
malities. When it spots one, it adminis-
ters a corrective electrical shock.
Such devices have existed since the
1980s. But Mr Campos’s model was one of
the first that could be monitored online.
“I was really excited,” he says. “I remem-
ber thinking that I’d be able to get alerts
from the device, to see what it was doing.
I asked my doctor to point me to the
patient website. And he looked at me and
said, ‘Oh, this is all for us, not for you’.”
Data from the device were streamed to its
maker, Medtronic, and from there to
doctors. The patients, for whose benefit
the icdhad been designed, had no ac-
cess, and not just those with heart condi-
tions, says Mr Campos. Similar restric-
tions applied to people with positive
airway-pressure machines (used to treatsleep apnoea) and to diabetes sufferers
fitted with connected insulin pumps.
Mr Campos has been lobbying for
change ever since. He has had sympathetic
press coverage; in 2015 he was honoured by
the White House. Yet the data remain
locked away. Part of the problem, he
thinks, is cultural. “For the manufacturers
of a lot of these devices, the patient is not
the customer,” he says. Instead, companies
must persuade doctors and hospital ad-
ministrators to buy their products, so
firms focus on features that appeal to
them, rather than to the patients into
whose bodies the devices will be put. And,
he says, companies question whether
patients would be able to make sense of
the data even if they were made available.
In 2012 Mr Campos lost his health
insurance. Without easy access to a doctor,
he took matters into his own hands. He
obtained a device from eBay designed toreprogram his icdand set about trying to
hack his way in. Wary of experimenting
on his own device, he tracked down an
undertaker who would sell him used
icds which had been removed from
bodies before they were cremated.
In recent years, though, that kind of
do-it-yourself approach has become
harder. The medical-device industry has
become more conscious of computer
security, says Mr Campos, particularly
after an incident in 2011 when research-
ers at a security conference remotely
hacked a pacemaker live on stage. These
days, he says, the devices are hardened
against intrusion, and the data they
stream are encrypted.
Doctors in some areas of medicine,
such as diabetes, seem more willing to
let patients see what the devices they
carry are up to, perhaps because such
data can directly help them manage their
condition (for example by watching their
diet). New entrants, more focused on
consumers than doctors, are emerging:
Mr Campos points to Apple’s latest smart
watch, which can detect atrial fibrilla-
tion, another sort of abnormal heart
rhythm, and which shares all its data
with its wearer.
America’s medical regulators have
been prodding device-makers. In 2016
they confirmed that rules controlling
where patient data can be sent did not
prevent sharing the data with patients
themselves. But Mr Campos is frustrated:
“If you’d asked me a decade ago, would I
have access to these data by now, I’d have
said of course I would. But I don’t.”Hugo Campos has waged a decade-long battle for access to his heart implantWhen humans are connectedThe data liberator
tion at computer-security conferences. Some accidental infec-
tions have already happened. In 2018, 55 speed cameras in Victoria,
Australia, were infected by a piece of ransomware that was de-
signed to attack desktop computers. In June Avast Software, a
Czech cyber-security firm, demonstrated how to install ransom-
ware on a networked coffee machine, making it gush boiling water
and constantly spin its grinder until the victim pays up.Dangers of connection
Companies are aware of the danger. A survey of managers by Bain
& Company, a consulting firm, found that worries about security
were the single biggest barrier for companies thinking of adopting
iottechnologies. Consumers are worried, too. A survey of 2,500 of
them by Ernst & Young, a management consultancy, found that
71% were concerned about hackers getting access to smart gadgets.Patching up the holes will not be easy. One reason is that com-
puters, and computer software, are complicated. Ford’s best-sell-
ing f150 pickup truck, for instance, is reckoned to have around
150m lines of code. A general rule is that good programmers work-
ing under careful supervision average about one bug per 2,000
lines of code. That means that almost any computerised gadget
will be riddled with bugs.
Another problem is that few of the companies making connect-
ed gadgets have much experience with cyber security—or the in-
centives to take it seriously. Good security costs money, and the
better it is, the less its benefits are visible to the end-user. Attacks
like Mirai, in which the costs fall not on the gadget-makers or their
owners but on unrelated third parties, muddy things even more.
The upshot is that basic precautions are routinely ignored. A paper
published in June by Stanford University analysed telemetry from