Pacemaker: a small medical device implanted under the skin (or, if it’s the latest model, inside the heart) in a cardiac patient, whose mission is to send rhythmic electrical signals to the heart in order to counter arrhythmias. One of the first successful attempts—sixty years ago—at merging human and machine, and therefore a foundational moment in the genealogy of the cyborg.
Over the past decades, following the general trend of informatization, pacemakers evolved from simple electrical devices into integrated electronic systems, complete with firmware, software, wireless control, updates, and all that goes with them. But wherever such circuits operate, the possibility of hacking always exists. This is what the U.S. FDA—the government agency that regulates drugs and food—recently discovered, and it promptly issued a recall of half a million St. Jude Medical pacemakers after finding that the devices’ remote monitoring system could be subjected to a wireless cyberattack, causing dangerous fluctuations in patients’ heart rhythms and even death. Let us be clear: the recall does not concern pacemakers sitting in stock, awaiting surgical implantation, but rather half a million already implanted units; therefore the recall practically targets the cardiac patients themselves, who must visit an authorized service center for an upgrade. In addition, prompted by this “hole” in the firmware, a second investigation was launched—by the Department of Homeland Security (!!!)—which uncovered further electronic security vulnerabilities in the pacemakers, forcing yet another upgrade.
Although the possibility of fraudulent interference in such vital (sic!) devices is not unlikely, the discussion about potential hacking by, for example, a cyber mafia demanding ransom shifts the issue into the realm of criminal threats and the necessary ‘protection’, obscuring the equally essential fact that all kinds of hyper-modern devices that are incorporated—figuratively or literally—are under the control of third parties, either companies or services. Consequently, ‘remote control’ over these extends to the very subjects who ‘wear’ them; and how is such ‘hacking’, invisible yet official, to be prevented?