Consider a pulse oximeter, one of those clippy things they put on your finger at the hospital to measure your pulse.
-
-
-
To write software for this device you have to: - Maintain a complete design history file - Perform a traceability analysis ...
-
- perform a risk analysis such as FMEA - perform a cybersecurity analysis - generate a maintenance plan for updates ...
-
- maintain a device history record, linking serial numbers to versions - establish reporting protocols for failures ...
-
- notify the FDA for any bugs that affect a patient - document every software decision, who made it, and when it was made, in the DMR - etc
-
Now, here is the complete regulatory process for a voting machine:
-
That's it. Nothing. No mandatory code reviews. No cybersecurity analysis. No versioning reqs. Absolutely nothing.
-
Everything that's done is done at the discretion of the manufacturer. Maybe there's some state regulations out there, but I don't know any.
-
If you want to copy patient data off a medical device using a thumb drive, HIPAA regs require you to have a destruction plan for that drive.
-
For voting machines, it just gets copied to a laptop, whatevs.
-
If you're like, "wow, that seems like there's a lot of potential failure modes" then indeed you are correct.
-
In my precinct, I fill in a scantron thingy. Except it's not really a scantron, it's like a printed word doc. And the machine eats it.
-
Does it get my vote right? Is it robust to dirty fingerprints and pen colors and creases in the paper? ¯\_(ツ)_/¯
-
Can I look up a database and see failures and recalls? ¯\_(ツ)_/¯
-
.
@Slestac points me to this: https://www.eac.gov/testing_and_certification/testing_and_certification_program.aspx … This exists as a certification effort, but seems to lack the FDA's teeth. -
To be clear: industry standards are not enough in high-risk devices. Regulatory oversight by a congressionally-empowered agency is needed.
-
This document contains all state regulations: https://www.eac.gov/assets/1/Page/State%20Requirements%20and%20the%20Federal%20Voting%20System%20Testing%20and%20Certification%20Program.pdf … Most back-trace to federal *certification* requirements.
End of conversation
New conversation -
-
-
Thanks for talking about the cert process on Med Devices. You should see what we go through for avionics!
-
I worked in Aerospace controls for 8 years, so oh god am I so familiar. Sometimes I awake in a start, yelling "DO-178B!"
-
Oh excellent! Now, we beg to keep our DO-178B plans to prevent us from rolling to DO-178C.
-
It is a strange source of comfort that DO-178B is basically the thing standing between us and the police using RQ-4s.
-
“You want HOW MUCH for a drone like my kid has?”
-
Legit just spit my coffee out
-
it doesn't matter that i don't know the details of your exchange, it was entertaining as hell anyway
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.