So I want to compare the regulatory process it takes to write software for a medical device compared to a voting machine. A thread:
-
-
To write software for this device you have to: - Maintain a complete design history file - Perform a traceability analysis ...
-
- perform a risk analysis such as FMEA - perform a cybersecurity analysis - generate a maintenance plan for updates ...
-
- maintain a device history record, linking serial numbers to versions - establish reporting protocols for failures ...
-
- notify the FDA for any bugs that affect a patient - document every software decision, who made it, and when it was made, in the DMR - etc
-
Now, here is the complete regulatory process for a voting machine:
-
That's it. Nothing. No mandatory code reviews. No cybersecurity analysis. No versioning reqs. Absolutely nothing.
-
Everything that's done is done at the discretion of the manufacturer. Maybe there's some state regulations out there, but I don't know any.
-
If you want to copy patient data off a medical device using a thumb drive, HIPAA regs require you to have a destruction plan for that drive.
-
For voting machines, it just gets copied to a laptop, whatevs.
-
If you're like, "wow, that seems like there's a lot of potential failure modes" then indeed you are correct.
-
In my precinct, I fill in a scantron thingy. Except it's not really a scantron, it's like a printed word doc. And the machine eats it.
-
Does it get my vote right? Is it robust to dirty fingerprints and pen colors and creases in the paper? ¯\_(ツ)_/¯
-
Can I look up a database and see failures and recalls? ¯\_(ツ)_/¯
-
.
@Slestac points me to this: https://www.eac.gov/testing_and_certification/testing_and_certification_program.aspx … This exists as a certification effort, but seems to lack the FDA's teeth. -
To be clear: industry standards are not enough in high-risk devices. Regulatory oversight by a congressionally-empowered agency is needed.
-
This document contains all state regulations: https://www.eac.gov/assets/1/Page/State%20Requirements%20and%20the%20Federal%20Voting%20System%20Testing%20and%20Certification%20Program.pdf … Most back-trace to federal *certification* requirements.
End of conversation
New conversation -
-
-
this is so true. My aunt worked in med instrument software compliance. My mom worked for company that made gambling machines
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
... one of those clippy things ...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.