Pluralistic: Orphaned neurological implants (12 Dec 2022)

Today's links

The staring eye of HAL9000 from 2001: A Space Odyssey. Centered in it is a medieval anatomical engraving of the human nervous system, limned in a blue halo.

Orphaned neurological implants (permalink)

The startup world's dirty not-so-secret is that most startups fail. Startups are risky ventures and their investors know it, so they cast a wide net, placing lots of bets on lots of startups and folding the ones that don't show promise, which sucks for the company employees, but also for the users who depend on the company's products.

You know what this is like: you sink a bunch of time into familiarizing yourself with a new product, you spend money on accessories for it, you lock your data into it, you integrate it into your life, and then, one morning – poof! All gone.

Now, there are ways that startups could mitigate this risk for their customers: they could publish their source code under a free/open license so that it could be maintained by third parties, they could refuse to patent their technology, or dedicate their patents to an open patent pool, etc.

All of this might tempt more people to try their product or service, because the customers for digital products are increasingly savvy, having learned hard lessons when the tools they previously depended on were orphaned by startups whose investors pulled the plug.

But very few startups do this, because their investors won't let them. That brings me to the other dirty not-so-secret of the startup world: when a startup fails, investors try to make back some of their losses by selling the company's assets to any buyer, no matter how sleazy.

A startup's physical assets are typically minimal: used ergonomic chairs and laptops don't exactly hold their value, and there's not much of a market for t-shirts and stickers advertising dead businesses.

Wily investors are more interested in intangible assets: user data and patents, which are sold off to the highest bidder. That bidder is almost certainly a bottom-feeding scumbag, because the best way to maximize the value of user data is to abuse it, and the best way to maximize a failed business patent is to use it for patent trolling.

If you let your investors talk you into patenting your cool idea, there's a minuscule chance that the patent will be the core of a profitable business – and a much larger chance that it end up in a troll's portfolio. Real businesses make things that people want. Patent trolls are parasites, "businesses" whose only products are legal threats and lawsuits, which they use to bleed out real businesses.

The looming threat of dissolution gives rise to a third startup dirty secret: faced with a choice of growth or sustainability, companies choose growth. There's no point in investing in sustainability – good information security, robust systems, good HR – if it costs you the runway you need to achieve liftoff.

Your excellent processes won't help you when your investors shut you down, so a "lean" startup has only the minimum viable resiliency and robustness. If you do manage to attain liftoff – or get sold to a Big Tech firm – then you can fix all that stuff.

And if the far more likely outcome – failure – comes to pass, then all the liabilities you've created with your indifferent security and resiliency will be someone else's problem. Limited liability, baby!

Combine these three dirty secrets and it's hard to understand why anyone would use a startup's product, knowing that it will collect as much data as it can, secure it only indifferently, and sell that data on to sleazy data-brokers. Meanwhile, the product you buy and rely upon will probably become a radioactive wasteland of closed source and patent trolling, with so much technology and policy debt that no one can afford to take responsibility for it.

Think of Cloudpets, a viral toy sensation whose manufacturer, Spiral Toys, had a successful IPO – and then immediately started hemorrhaging money and shedding employees. Cloudpets were plush toys that you connected to your home wifi; they had built-in mics that kids could activate to record a voice-memo, which was transmitted to their parents' phones by means of an app, and parents could send messages back via the toys' speakers.

But Spiral Toys never bothered to secure those voice memos or the system for making new ones. The entire database of all recordings by kids and parents sat on an unencrypted, publicly accessible server for years. It was so indifferently monitored that no one noticed that hackers had downloaded the database multiple times, leaving behind threats to dump it unless they were paid ransoms.

By the time this came to light, Spiral Toys' share price was down more than 99% and no one was answering any of its email addresses or phones. The data – 2.2 million intimate, personal communications between small children and their parents – just hung out there, free for the taking:

Data leakage is irreversible. Those 2,200,000 voice memos are now immortal, child-ghosts that will haunt the internet forever – after the parents are dead, after the kids are dead.

Data breaches are permanent. Filling a startup's sandcastle with your important data is a high-risk bet that the company will attain liftoff before it breaches.

It's not just your data that goes away when a startup folds – it's also the money you invest in its hardware and systems, as well as the cost of replacing devices that get bricked when a company goes bust. That's bad enough when it's a home security device:

But what about when the device is inside your body?

Earlier this year, many people with Argus optical implants – which allow blind people to see – lost their vision when the manufacturer, Second Sight, went bust:

Nano Precision Medical, the company's new owners, aren't interested in maintaining the implants, so that's the end of the road for everyone with one of Argus's "bionic" eyes. The $150,000 per eye that those people paid is gone, and they have failing hardware permanently wired into their nervous systems.

Having a bricked eye implant doesn't just rob you of your sight – many Argus users experience crippling vertigo and other side effects of nonfunctional implants. The company has promised to "do our best to provide virtual support" to people whose Argus implants fail – but no more parts and no more patches.

Second Sight wasn't the first neural implant vendor to abandon its customers, nor was it the last. Last week, Liam Drew told the stories of other neural abandonware in "Abandoned: the human cost of neurotechnology failure" in Nature:

Among that abandonware: ATI's neural implant for reducing cluster headaches, Nuvectra's spinal-cord stimulator for chronic pain, Freehand's paralysis bypass for hands and arms, and others. People with these implants are left in a precarious limbo, reliant on reverse-engineering and a dwindling supply of parts for maintenance.

Drew asked his expert subjects what is to be done about this. The least plausible answer is to let the market work its magic: "long-term support on the commercial side would be a competitive advantage." In other words, wait for companies to realize that promising a durable product will attract customers, so that the other companies go out of business.

A better answer: standardization. "If components were common across devices, one manufacturer might be able to step in and offer spares when another goes under." 86% of surgeons who implant neurostimulators back this approach.

But the best answer comes from Hunter Peckham, co-developer of Freehand and a Case Western biomedical engineer: open hardware. "Peckham plans to make the design specifications and supporting documentation of new implantable technologies developed by his team freely available. 'Then people can just cut and paste.'"

This isn't just the best answer, it's the only one. There's no ethical case for permanently attaching computers to people's nervous systems without giving them the absolute, irrevocable right to nominate who maintains those computers and how.

This is the case that Christian Dameff, Jeff Tully and I made at our Defcon panel this year: "Why Patients Should Hack Medtech." Patients know things about their care and their needs that no one else can ever fully appreciate; they are the best people to have the final say over med-tech decisions:

This is the principle that animates Colorado's HB22-1031, the "Consumer Right To Repair Powered Wheelchairs Act," landmark Right to Repair legislation that was signed into law last year:

Opponents of this proposal will say that it will discourage investment in "innovation" in neurological implants. They may well be right: the kinds of private investors who hedge their bets on high-risk ventures by minimizing security and resilience and exploiting patents and user-data might well be scared off of investment by a requirement to make the technology open.

It may be that showboating billionaire dilettantes will be unwilling to continue to pour money into neural implant companies if they are required to put the lives of the people who use their products ahead of their own profits.

It may be that the only humane, sustainable way to develop neural implants is to publicly fund that research and development, with the condition that the work products be standard, open, and replicable.

Cryteria (modified)

CC BY 3.0

(Image: Cryteria, CC BY 3.0, modified)

Hey look at this (permalink)

This day in history (permalink)

#20yrsago Wardriver bumper-stickers

#15yrsago w00t is Merriam-Webster’s Word of the Year for 2007

#15yrsago RIP Anita Rowland, blogging pioneer and sf convention runner

#15yrsago Why do downloads make Amazon go crazy?

#15yrsago KnitML: standards-defined knitting patterns

#15yrsago Facebook’s Beacon was illegal as well as dumb
#15yrsago Movable Type now under a free license

#15yrsago Neil Gaiman helps fan propose to girlfriend through book inscription

#15yrsago Terry Pratchett has rare, early-onset Alzheimer’s

#10yrsago France remains America’s copyright crash-test dummy: about to ditch HADOPI, poised to adopt the dregs of SOPA instead

#10yrsago Interlibrary Loan is awesome

#10yrsago Understanding the NDAA, a US law that makes it possible to indefinitely detain people without charge or trial

#5yrsago How a maker with diabetes led an open source project to create a free-as-in-code artificial pancreas

#5yrsago Independent auditor: Trump has made it impossible for students defrauded by predatory diploma mills to get their loans cancelled

#5yrsago Child molester Roy Moore said he wants to repeal all Constitutional amendments after the first ten, which would revive slavery and end votes for women and black people

#5yrsago German VW exec is going to US prison for seven years for his role in Dieselgate

#5yrsago A law-enforcement agency is trying to figure out who owns the bots that hacked the FCC’s Net Neutrality comment period, but the FCC is obstructing justice

#5yrsago 100 million Americans live in areas where every single ISP has admitted to violating net neutrality

#5yrsago Security Planner: a peer-reviewed tool to help you figure out your personal digital security plan

#5yrsago Open primaries? Democratic establishment bars anyone who challenges an incumbent from using the party’s Votebuilder database

#5yrsago Your inbox is full of spyware-riddled emails that are both potentially very harmful to you and also very easy to disable

#5yrsago ACA isn’t enough: single-payer is a feminist issue

Colophon (permalink)

Today's top sources: Jeanne Kramer-Smyth (

Currently writing:

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. (92849 words total) – ON PAUSE

  • A Little Brother short story about DIY insulin PLANNING

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • The Internet Con: How to Seize the Means of Computation, a nonfiction book about interoperability for Verso. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • Vigilant, Little Brother short story about remote invigilation. FIRST DRAFT COMPLETE, WAITING FOR EXPERT REVIEW

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE

  • A post-GND utopian novel, "The Lost Cause." FINISHED

  • A cyberpunk noir thriller novel, "Red Team Blues." FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: Daddy-Daughter Podcast, 2022 Edition

Upcoming appearances:

Recent appearances:

Latest books:

Upcoming books:

  • Red Team Blues: "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books, April 2023

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

(Latest Medium column: "Plato Would Ban Ad-Blockers: He was a dick."

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla