[00:00.000 --> 00:10.620]  So, happily, my talk is going to build a little bit on the talk that you just saw, the difference
[00:10.620 --> 00:16.000]  being that I'm making proposals and they actually built things, so it's a little different.
[00:16.000 --> 00:21.460]  My name is Robert Reed, I am the founder of Public Invention, but what I'm presenting
[00:21.460 --> 00:26.200]  today is not a Public Invention project, this is co-work with two other people, Victoria
[00:26.200 --> 00:31.160]  Jacqua and Christina Cole of Open Source Medical Supplies, Open Source Medical Supplies
[00:31.160 --> 00:35.960]  and Public Invention are both US 501C3 organizations.
[00:35.960 --> 00:41.280]  So what I'd like to talk about is global open source quality assurance of emergency
[00:41.280 --> 00:49.200]  supplies and we call this GASCOS or the Global Open Source Quality Assurance System and I'm
[00:49.200 --> 00:52.040]  making a proposal today for this.
[00:52.040 --> 00:59.760]  Now, open source manufacture has rapidly responded in a number of important cases to things that
[00:59.760 --> 01:05.800]  have happened like open source software responded to contract tracing in the previous talk.
[01:05.800 --> 01:12.720]  In particular, 3D printers can represent sort of an army for good that can immediately do
[01:12.720 --> 01:17.360]  things to help in a man-made or a natural disaster.
[01:17.360 --> 01:22.680]  In particular, we're working with some people to make tourniquets for the crisis in Ukraine
[01:22.680 --> 01:30.080]  right now and of course, if you saw my other talk, we've also made human ventilation products
[01:30.080 --> 01:32.040]  and other things.
[01:32.040 --> 01:37.800]  But when you do this, you have this fundamental problem, you have a widely distributed supply
[01:37.800 --> 01:43.280]  chain of people attempting to make useful products, but how do you trust them?
[01:43.280 --> 01:45.680]  And the trust can be broken down into two issues.
[01:45.680 --> 01:49.040]  How do you trust that the design itself is useful?
[01:49.040 --> 01:53.960]  And then even if the design is a good design, how do you trust that the manufacturer is
[01:53.960 --> 01:56.200]  in fact a good manufacturer?
[01:56.200 --> 02:02.160]  Because of course, we all know, for example, 3D printing requires tuning and so forth.
[02:02.160 --> 02:09.240]  Well, if you imagine using a tourniquet, which is a simple physical device but can easily
[02:09.240 --> 02:15.120]  be mis-manufactured, especially if it's 3D printed, you're using it in a life-saving situation
[02:15.120 --> 02:17.360]  where you're trying to stop bleeding.
[02:17.360 --> 02:21.080]  If it breaks, you have a real serious problem.
[02:21.080 --> 02:27.600]  And so even though a tourniquet only costs $20 and it's a relatively simple device, ensuring
[02:27.600 --> 02:30.040]  the quality of that is very important.
[02:30.040 --> 02:35.600]  It's almost better not to have a tourniquet than to have a faulty tourniquet.
[02:35.600 --> 02:41.960]  Now I am a humanitarian engineer and I consider humanitarian engineering the space that I
[02:41.960 --> 02:43.520]  work in.
[02:43.520 --> 02:48.480]  Most of the people who worked for this that I know of were not making money from it.
[02:48.480 --> 02:53.920]  They didn't have a financial incentive to try to sell products to address these things.
[02:53.920 --> 02:57.640]  But nonetheless, engineers have a psychological problem, right?
[02:57.640 --> 03:00.480]  Nobody wants their baby to be called ugly.
[03:00.480 --> 03:06.240]  And so all of us wanted to be heroes and we wanted to save the world and save lives.
[03:06.240 --> 03:13.180]  And for that reason, engineers cannot be trusted to evaluate their own work, okay?
[03:13.180 --> 03:17.520]  But of course, this is a problem that the open-source software community has dealt with
[03:17.520 --> 03:19.200]  already and I'll deal with that.
[03:19.200 --> 03:25.360]  So in October of 2022, just four or five months ago, many non-governmental organizations in
[03:25.360 --> 03:31.080]  the humanitarian engineering space got together for three hours and we had really a surprisingly
[03:31.080 --> 03:37.200]  unanimous agreement that we needed quality assurance for rapidly manufactured open-source
[03:37.200 --> 03:38.200]  devices.
[03:38.200 --> 03:44.080]  And we needed an alliance of NGOs to try to address this.
[03:44.080 --> 03:49.880]  And so Christine and Victoria and I formed a new informal organization, we haven't incorporated,
[03:49.880 --> 03:55.080]  that we call GASCOS or the Global Open-Source Quality Assurance System.
[03:55.080 --> 03:59.640]  So the open-source software movement knows how to do testing, okay?
[03:59.640 --> 04:04.380]  Of course, it's easier to test software than to test hardware devices.
[04:04.380 --> 04:09.160]  With software, you normally have automated tests that anyone is empowered to run.
[04:09.160 --> 04:14.320]  You download the repository, you run the test, and you have an independent verification of
[04:14.320 --> 04:16.520]  the quality of the code.
[04:16.520 --> 04:23.120]  So in a sense, what we want to do for hardware devices is what's already been done for software
[04:23.120 --> 04:25.720]  devices or software systems.
[04:25.720 --> 04:30.480]  So fundamentally to this for hardware devices is to show the data.
[04:30.480 --> 04:35.240]  So you want a test procedure that's sort of a named standard test procedure.
[04:35.240 --> 04:37.600]  And then you want to record a test result.
[04:37.600 --> 04:43.240]  You want to say, what was done, when was it done, how was it done, and who did it?
[04:43.240 --> 04:47.960]  And you may have obviously an analysis of either you pass the test or you fail, and
[04:47.960 --> 04:50.820]  if you fail, in what way do you fail?
[04:50.820 --> 04:56.600]  And finally, you want a discoverable publication of those tests for the particular device.
[04:56.600 --> 05:02.000]  Now there are examples of testing organizations like Underwriters Laboratory and ASTM and
[05:02.000 --> 05:03.480]  other things.
[05:03.480 --> 05:08.320]  Often what happens is an industry begins its own testing procedures and then later they
[05:08.320 --> 05:11.560]  become adopted into governmental regulation.
[05:11.560 --> 05:16.360]  So it's actually the case that many industries are sort of self-policing and then they become
[05:16.360 --> 05:20.720]  part of a governmental structure later.
[05:20.720 --> 05:28.720]  So what we propose is asset provenance tracking as the fundamental way that we can improve
[05:28.720 --> 05:32.360]  the quality of rapidly manufactured devices.
[05:32.360 --> 05:37.000]  So when I say provenance, what I mean is the history of the device in the same way that
[05:37.000 --> 05:42.280]  an art object has a provenance, right, who owned it, what happened to it, where was it
[05:42.280 --> 05:44.520]  physically throughout time.
[05:44.520 --> 05:52.640]  Now this is a way to fight counterfeiting, which is a serious problem for medical devices
[05:52.640 --> 05:58.280]  particularly in low and middle income countries, but even in other situations.
[05:58.280 --> 06:02.840]  It's also a way to organize documentation on behalf of makers.
[06:02.840 --> 06:07.840]  So it's not necessarily that you're doing anything that couldn't be done some other
[06:07.840 --> 06:12.680]  way, but you could be relieving the burden of the makers themselves from having to do
[06:12.680 --> 06:18.480]  all of the documentation and distributing the documentation across a number of parties.
[06:18.480 --> 06:25.160]  So this would allow third party quality assurance testing, relatively simple to implement, can
[06:25.160 --> 06:30.400]  use minimal well understood cryptography, I'm going to talk about that in a minute.
[06:30.400 --> 06:34.840]  Now of course people will say, well there exist asset tracking systems.
[06:34.840 --> 06:38.600]  There is an open source app asset tracking system called Snipet.
[06:38.600 --> 06:42.760]  It's possible that this should be a fork of Snipet.
[06:42.760 --> 06:45.320]  There are some ways in which it's different.
[06:45.320 --> 06:48.160]  What I'm proposing is different than Snipet.
[06:48.160 --> 06:52.960]  I don't have time in this talk to discuss that issue, but this is what we would like
[06:52.960 --> 06:54.160]  to produce.
[06:54.160 --> 07:00.880]  So you can imagine a box of tourniquets having a gas cost seal printed on it, literally a
[07:00.880 --> 07:03.720]  sticker is put on it.
[07:03.720 --> 07:10.680]  And the person who manufactures the tourniquets gets a unique key for this box of tourniquets,
[07:10.680 --> 07:13.560]  which either they generate or we generate for them.
[07:13.560 --> 07:18.280]  We describe the product, which is actually more important than you might think.
[07:18.280 --> 07:23.840]  And then we can give certain certifications if they have actually occurred for the object
[07:23.840 --> 07:28.800]  so that anyone who holds the box in their hands can get some useful information about
[07:28.800 --> 07:30.560]  what's in the box.
[07:30.560 --> 07:36.520]  But more importantly, every box will have a key that you can use to look up in a public
[07:36.520 --> 07:44.120]  open access online database stuff about the particular object, okay?
[07:44.120 --> 07:47.760]  Now it's kind of easy to understand how this would work.
[07:47.760 --> 07:52.000]  Imagine that it's made in Prague, it gets a private key, someone else in Prague does
[07:52.000 --> 07:56.160]  a third party test on it that goes into the database, it's then purchased by a middle
[07:56.160 --> 08:02.760]  man in Egypt, the person in Egypt transfers it to Tanzania, in Tanzania, someone verifies
[08:02.760 --> 08:10.120]  that it's in inventory and a potential buyer in Kagoma then looks at the key, takes the
[08:10.120 --> 08:17.760]  box in their hand and points their phone at it and says, this claims to be a box of mask
[08:17.760 --> 08:20.720]  or tourniquets or electronics or whatever.
[08:20.720 --> 08:24.720]  And they look up in the website the complete history of the device.
[08:24.720 --> 08:31.720]  Now just as we use for intellectual property and other art objects, if you can see the
[08:31.720 --> 08:36.160]  complete history of the device, it's very difficult to fake that.
[08:36.160 --> 08:43.200]  Not impossible, but it's quite, quite difficult to fake a chronologically accurate history
[08:43.200 --> 08:44.800]  for a device.
[08:44.800 --> 08:50.200]  And so in this way it provides great confidence to the person in Kagoma that this product
[08:50.200 --> 08:51.560]  is what it says it is.
[08:51.560 --> 08:54.840]  Thank you sir.
[08:54.840 --> 08:59.520]  Okay now I assume most of the people in this room are computer programmers and they can
[08:59.520 --> 09:03.440]  probably have already imagined how this would be implemented.
[09:03.440 --> 09:07.880]  From a programmatic point of view it's very simple, you just have a database, you assign
[09:07.880 --> 09:13.800]  keys, you use one way encryption, much easier than the sort of public key encryption and
[09:13.800 --> 09:18.320]  the other kinds of things that are necessary today in the cryptocurrency world.
[09:18.320 --> 09:28.120]  You just do a simple one-way encryption of the key so that you allow a public access
[09:28.120 --> 09:32.480]  where anyone can write into the database, okay.
[09:32.480 --> 09:42.240]  Now there are a number of things that you would think are security flaws in this.
[09:42.240 --> 09:46.920]  We don't have time in this talk to go over them, but I hold that the following principle
[09:46.920 --> 09:49.120]  is simple enough and good enough.
[09:49.120 --> 09:52.360]  It's not perfect, but it's good enough to build a workable system.
[09:52.360 --> 09:58.320]  If you have the device in your hand you have a right to see the provenance.
[09:58.320 --> 10:02.680]  Now there are ways in which that differs from our norm today.
[10:02.680 --> 10:07.320]  For example in the United States if I have a box of something in my hand I do not have
[10:07.320 --> 10:12.560]  a legal right to see where it physically was located before I got it.
[10:12.560 --> 10:18.640]  And if I have a box in my hand I do not have a right to see the provenance in the future.
[10:18.640 --> 10:23.400]  Nonetheless seeing those things is not particularly harmful.
[10:23.400 --> 10:28.360]  You can imagine that being a right and it wouldn't really hurt anything if that were
[10:28.360 --> 10:29.360]  true.
[10:29.360 --> 10:33.400]  And so I consider this to be a great simplifying assumption.
[10:33.400 --> 10:39.360]  If you have the physical device you have the right to see the provenance.
[10:39.360 --> 10:42.160]  And that simplifies an enormous number of things.
[10:42.160 --> 10:48.160]  Now what you're not allowed to do is even though the database is in a sense public you're
[10:48.160 --> 10:54.520]  not allowed to scrape it and see the history of all of the devices which are in the database.
[10:54.520 --> 10:59.240]  But you won't be able to do that unless you have the keys because it's encrypted.
[10:59.240 --> 11:03.720]  Okay, therefore the database can be made a public database.
[11:03.720 --> 11:09.080]  This is very very simple, but I claim it's going to be good enough for us to really provide
[11:09.080 --> 11:11.200]  quality insurance.
[11:11.200 --> 11:16.880]  So if you imagine this system existing and you have a gas cost seal that can be put on
[11:16.880 --> 11:21.680]  objects you can ask well does it apply to medical devices or does it apply to non-medical
[11:21.680 --> 11:22.680]  devices?
[11:22.680 --> 11:29.640]  Does it interact with the CE stamp used in Europe to authorize medical devices or with
[11:29.640 --> 11:31.840]  the US FDA?
[11:31.840 --> 11:36.360]  And the answer is it can overlap all of those in a complicated way.
[11:36.360 --> 11:39.720]  It really doesn't require the approval of a government.
[11:39.720 --> 11:45.440]  It can be a completely open provenance tracking system which is used or not used as people
[11:45.440 --> 11:50.720]  see fit in a voluntary way.
[11:50.720 --> 11:58.000]  Now the idea of open source devices are a threat to monopolies, but they're not a threat
[11:58.000 --> 11:59.520]  to large firms.
[11:59.520 --> 12:05.360]  There's no reason large firms could not use open source designs and use the same provenance
[12:05.360 --> 12:11.920]  tracking system that we are suggesting here in order to give buyers confidence in their
[12:11.920 --> 12:13.440]  system.
[12:13.440 --> 12:18.920]  Today, very large firms have their own internal provenance tracking systems.
[12:18.920 --> 12:23.640]  They have asset tracking systems that they use for their own inventory purposes, but
[12:23.640 --> 12:28.520]  they do not expose those and make them public to people and would consider them a trade
[12:28.520 --> 12:29.520]  secret.
[12:29.520 --> 12:35.920]  There's no reason why they don't use an open source provenance tracking to add confidence
[12:35.920 --> 12:40.600]  to their products.
[12:40.600 --> 12:47.640]  So I claim that there's no reason anyone ought to particularly oppose this system.
[12:47.640 --> 12:51.560]  Now we have started writing technical papers about this.
[12:51.560 --> 12:53.760]  These are very much in a draft form.
[12:53.760 --> 13:00.720]  They're not super great, but they're publicly available and we invite comment on them.
[13:00.720 --> 13:05.040]  We are actively trying to build this system.
[13:05.040 --> 13:10.720]  And so today, in this very small room, I'd like to publicly launch the free global asset
[13:10.720 --> 13:14.080]  provenance tracking idea.
[13:14.080 --> 13:19.760]  I would like to be the technical lead of the new open source project system to build a
[13:19.760 --> 13:25.280]  website to provide this technology, but I can't do it completely by myself.
[13:25.280 --> 13:29.640]  For one thing, I run public invention, which is a nonprofit that takes up a lot of my time.
[13:29.640 --> 13:36.400]  So I'd like to call for volunteers, both computer programmers and non-computer programmers
[13:36.400 --> 13:41.400]  who can handle business and communications and other things that we need to make this
[13:41.400 --> 13:42.400]  a reality.
[13:42.400 --> 13:47.440]  There's going to be a lot of work convincing people to voluntarily use this system until
[13:47.440 --> 13:51.840]  it becomes respected enough that people start to demand it.
[13:51.840 --> 13:52.920]  Thank you.
[13:52.920 --> 13:57.280]  So that ends my talk.
[13:57.280 --> 13:58.280]  Thank you.
[13:58.280 --> 14:02.560]  And I'm happy to take questions.
[14:02.560 --> 14:07.280]  If anybody has a question, I'll repeat it into the microphone.
[14:07.280 --> 14:09.280]  Yes, sir.
[14:09.280 --> 14:27.280]  If you notice that something was touched in some previous steps of the system, what happens?
[14:27.280 --> 14:30.680]  So the question is, if you notice that something was previously touched.
[14:30.680 --> 14:40.160]  Yes, so for example, this middle man in Egypt took a few out or screwed it up and then after
[14:40.160 --> 14:44.000]  five steps, the guy in Tanzania noticed that something was wrong.
[14:44.000 --> 14:45.400]  What happens?
[14:45.400 --> 14:54.320]  Well, so there's no guarantee that the entries in the database are completely accurate, okay?
[14:54.320 --> 15:01.040]  But it is the case that you can make an entry saying, it looks to me as if the device was
[15:01.040 --> 15:03.120]  tampered with, okay?
[15:03.120 --> 15:07.820]  Now the people downstream of the provenance can decide what to do with that information
[15:07.820 --> 15:09.480]  or not.
[15:09.480 --> 15:14.600]  They can ignore it or they can say, well, so and so says the box was tampered with, I'm
[15:14.600 --> 15:20.360]  going to begin a legal proceeding with someone earlier in the provenance train or I'm going
[15:20.360 --> 15:28.680]  to ignore it or I'm going to believe that that was entered for some nefarious purpose
[15:28.680 --> 15:36.600]  to sabotage my system or I will use it to repair the device and inspect it and make
[15:36.600 --> 15:38.320]  sure that it's good.
[15:38.320 --> 15:44.120]  It's already the case that the US FDA requires market surveillance of objects for the purpose
[15:44.120 --> 15:48.320]  of doing recalls as well as for other safety purposes.
[15:48.320 --> 15:55.880]  So in a sense, the fact that you have that potential information is a positive thing
[15:55.880 --> 16:02.160]  about the provenance tracking, not a negative thing.
[16:02.160 --> 16:03.160]  Yes, sir?
[16:03.160 --> 16:07.880]  So maybe you suggest that anybody can just add information to this whole database, like
[16:07.880 --> 16:12.960]  how does that build on trust of suppliers or like how do you, the sticky recognition
[16:12.960 --> 16:15.040]  of who actually supplied this information?
[16:15.040 --> 16:20.920]  Yes, the question is, can anybody add information to the record for a device and the answer
[16:20.920 --> 16:23.640]  is yes if you have the key.
[16:23.640 --> 16:31.480]  Okay, so a bad actor can't pollute the entire database, but if I broke into your warehouse
[16:31.480 --> 16:37.160]  and took a photocopy of a box, I could create a record for that.
[16:37.160 --> 16:43.000]  So anyone can claim that they have this device if they have the key for the device and they
[16:43.000 --> 16:47.160]  can make a false claim about it or an accurate claim.
[16:47.160 --> 16:54.080]  But just as with art objects and other kinds of things, I think false claims will be relatively
[16:54.080 --> 16:56.760]  easy to sort out in the system.
[16:56.760 --> 17:02.400]  And so the great simplicity of this is that it's a completely open database that doesn't
[17:02.400 --> 17:07.600]  require any security beyond maintaining the individual keys.
[17:07.600 --> 17:14.520]  And if a key for an individual object is corrupted, like for example, suppose I took a photo of
[17:14.520 --> 17:17.640]  your box and published it on the internet.
[17:17.640 --> 17:23.520]  Well, bad actors could likely disrupt the provenance of that box, but they could not
[17:23.520 --> 17:27.720]  disrupt the provenance of the rest of your inventory.
[17:27.720 --> 17:33.960]  So I claim this is the correct balance between simplicity and security, and we don't have
[17:33.960 --> 17:35.960]  to go overboard on it.
[17:35.960 --> 17:39.320]  All right, thank you, I think that's all the questions we have time for.
[17:39.320 --> 18:07.000]  Okay, thank you very much.