Patient Feedback in Product Lifecycle Management of Brain Pacemakers

The Need for Patient Feedback in the Product Lifecycle Management of Deep Brain Stimulation Devices

Katina Michael interviews Gary Olhoeft

Background

Professor Emeritus Gary Olhoeft of the Colorado School of Mines

Professor Emeritus Gary Olhoeft of the Colorado School of Mines

This interview was conducted by Katina Michael with Gary Olhoeft, a deep brain stimulation (DBS) device recipient on September 8, 2017. Katina is a Professor at the University of Wollongong who has been researching the social implications of implantable devices for the last 20 years and Gary is a retired Emeritus Professor of Geophysics at the Colorado School of Mines. Gary has previously taught a number of subjects related to Advanced Electrical and Electromagnetic Methods, Antennas, Near Surface Field Methods, Ground Penetrating Radar, and Complex Resistivity. Gary had a deep brain stimulator  installed in 2009 to help him combat his Parkinson’s Disease. This interview is a participant observer’s first-hand journey into a life dependent on a deep brain stimulator. Of particular interest is the qualified nature of the participant in the field of electromagnetics with respect to his first-hand experience of the benefits, risks and challenges surrounding the device that has been implanted in his body. Katina first came to know of Gary’s work through his open comments in a Gizmodo article in 2017 [i] while looking into the risks associated with biomedical devices in general. Gary has also delivered numerous presentations to the EMR Policy Institute on “Electromagnetic Interference and Medical Implants”, dating back to 2009 [ii]. The interview is broken into two parts.

KATINA MICHAEL: Gary, thank you for your time. We have previously corresponded on two full-length written questionnaires, and now this structured Skype interview. I think within my capacity in the Society for the Social Implications of Technology in the IEEE, we might be able to take some of the issues you raise forward. I think as more people come on board with various brain implants, heart pacemakers and internal diagnostic devices that the Federal Communications Commission (FCC), the Food and Drug Administration (FDA) and the health insurance industry more generally, will have to engage with at least some of the issues that you and other biomedical device recipients have identified from your experience.

GARY OLHOEFT: Thank you for the opportunity.

KATINA MICHAEL: So many people who are designing biomedical devices do not actually realise that patients are awake during some of the DBS procedure. I found on the engineering side of the design, that many engineers have never witnessed a DBS going into someone’s brain, or at least understood the actual process of implantation. I have spoken to biomedical engineers in key academic institutions that have major funded brain implant projects who have challenged me about whether or not the patient is actually awake during the process. I do find it bewildering at times that some engineers have never spoken to patients or are so withdrawn from the practical side of biomedical device deployment. Engineers tasked with some complex problems sometimes look at only solving a single part of the end-to-end design, without understanding how all the componentry works together.

GARY OLHOEFT: That’s amazing.

KATINA MICHAEL: Yes.

GARY OLHOEFT: I was also amazed to talk to the Chief Engineer at Medtronic about the DBS once. He told me the whole thing was entirely built out of discrete components with no integrated circuits because the FDA has not approved any integrated circuits yet.

KATINA MICHAEL: What do you make of this? That the regulations and the regulatory body responsible is holding things up? What is your personal position?

GARY OLHOEFT: Well, I definitely think that the regulatory body is holding things up. Just look at when the first DBS was installed in France in 1987 [iii]. It was something like 14 years before it was made available in the USA in about 2001 with FDA approval. I got mine in 2009, and they had already sold hundreds of them at that point in America.

KATINA MICHAEL: And for you at that time, there was no other alternative? I assume that if you had not adopted, that your quality of life was going to diminish quickly?

GARY OLHOEFT: That’s right. I would have continued shaking and not been able to write or I would have avoided reading, or walking or talking. Something I think I haven’t told you yet is that my device is also an interleaved device that has two settings that alternate- one is set for me to walk, and the other is set for me to talk. You used to have to choose between the two but now they can alternate because they are interleaved so that I can do both at the same time.

KATINA MICHAEL: For me Gary, it is nothing short of miracles what they are doing.

GARY OLHOEFT: Yes.

KATINA MICHAEL: And I marvel at these things. Was the FDA correct in waiting those 15 years or so before they approved or they should have approved earlier so other people may have had an improved quality of life in the United States? What do you think about the length of time it took to get approval? Are you critical of it?

GARY OLHOEFT: It depends on what they are talking about. Some of the things they are talking about with genetic modification implants- with viral inducing genetic modifications and stem cells- these things are going too fast. A doctor once told me when they go to the FDA for approval they have to go through trials. The first trial involves a few people. The next trial involves a few tens of people. And then at the approval point there are hundreds of people but then when it is approved possibly hundreds, or thousands or millions of people will get it and next all kinds of things can go wrong that they did not anticipate. So you have to be very careful about this stuff. However, the FDA seems to reinvent the wheel requiring their own testing when adequate testing has already been done in other countries.

KATINA MICHAEL: I agree with you. It is the brain we are talking about after all.

GARY OLHOEFT: The thing that bothers me most is that Apple footage you sent me. You know that clip with Steve Jobs and the Wi-Fi problem?

KATINA MICHAEL: Yes [iv].

GARY OLHOEFT: I would not have liked to have been in that room with a DBS.

KATINA MICHAEL: Yes. Interestingly I was researching that for a talk on business ethics and AI and the future and then we had this correspondence, and I just connected the two things together [v]. And if he could not run an iPod demo with that EMC (electromagnetic compatibility) interference problem when we know he would do exhaustive user testing at launches [vi], then what are we going to do Gary when we have more and more people getting implants and even more potential electromagnetic interference? I am trying to figure out what kind of design solution could tackle this?

GARY OLHOEFT: And there’s a whole bunch of other things that bother me, like the electromagnetic pulse to stop cars on freeways and the devices they have to shock people.

KATINA MICHAEL: The tasers?

GARY OLHOEFT: What about all those people that have implants like me or other kinds of implants? In one of those fictitious mystery shows someone was depicted as being killed in a bank robbery and he was killed by an electromagnetic pulse. So we can see these kinds of scenarios are making it into the public eye through the visual press.

KATINA MICHAEL: And that is a fictional account, right?

GARY OLHOEFT: It’s a fictional scenario but it is certainly possible [vii].

KATINA MICHAEL: Yes, it sure is. Exactly. I am talking at the annual conference for the Australian Communications Media Authority (ACMA) next month, and I will be using our discussion today as a single case study to raise awareness here. I am talking on implantables for non-medical applications, and there is presently a great deal of pressure from the biohacking community [viii]. A lot of these guys are my friends given my research area, but are doing some very strange things. Presently some of them are talking about hacking the brain and I am telling them you really should not be doing that without medical expertise even if it is in the name of “citizen science”. Some of them are amateur engineers and others are fully-fledged qualified engineers but not medical people. And I personally feel the brain is not to be experimented with like this. It is reminiscent of what I would call ‘backyard lobotomies’. 

GARY OLHOEFT: It is like DARPA. They have a call up at the moment to have a million electrodes inside the brain so they can communicate, not for therapeutic value like I have [ix],[x].

KATINA MICHAEL: You are likely familiar with the DARPA project from 2012, for a brain implantable device that could be used to aid former service men and women suffering from post-traumatic stress disorder, depression and anxiety [xi]. We did a special issue on this in the IEEE Technology and Society Magazine last year [xii]. They have also claimed this device solution could be used for memory enhancement. It sounds like the cyborgisation of our forces.

GARY OLHOEFT: That’s like what I have. The latest one is more like when you want to remote control a vehicle or something. The September 2017 IEEE Spectrum had an article about Brain Racers using brain controlled avatars to compete in a cyborg Olympics [xiii].

KATINA MICHAEL: Exactly. And we did raise issues in that special which I will send to you. I held a national security workshop on brain implants in the military in 2016 [xiv], at the University of Melbourne where they are doing research on stentrodes. The University of Melbourne is considered to have some leading academics in this space, receiving some partial funding I believe from DARPA [xv]. I then invited some biomedical engineers in the DBS space from the University of Melbourne to participate in the workshop, like Thomas Oxley, but all were unavailable to make it. Thomas incidentally was undergoing training in the USA related to DBS and stentrodes [xvi].

GARY OLHOEFT: Okay.

KATINA MICHAEL: There are so many things going on at present like implantables in your jaw that are so close to the ear that they can allow you to communicate wirelessly so you can hear via your teeth [xvii]. We were looking at these kinds of implants and implications at various workshops including at the University of Wollongong where we have a Centre of Excellence [xviii].

GARY OLHOEFT: It’s not surprising. In the old days, when we had the silver amalgam fillings in teeth, there were people that used to go listening to the radio through their teeth.

KATINA MICHAEL: Yes. There’s a well-known episode of the Partridge Family where Laurie gets braces and her boyfriend’s Walkman is interfering with her ability to sing songs when a film crew comes to record music in the family home [xix]. So yes, teeth are amazing, the auditory links there have been well-known for decades are just being rediscovered by the younger generation.

GARY OLHOEFT: Yes.

KATINA MICHAEL: And the communications for autonomous weapons or over-ride. Can a human be autonomous for instance? Last week we were discussing some of the ethics behind overriding someone's decision not to fire or strike at a target [xx]. Or imagine the ability to remotely control a drone just by using your thoughts, versus someone in a remote location executing the fire or strike commands without being in-situ by intercepting that communication stream. Imagine the potential to intercept a person’s thoughts and to make them physically do something. This is where for me the waters get muddied. I do not mind the advancements in the Cochlear space for instance, where deaf persons have the ability to hear music and entertainment through an embedded technological device [xxi]. I think that is another marvel, really. But I’d be interested to hear your opinion about the crossover between the medical and non-medical spaces? Do you think that is just life- that is just how innovation is? That we need to get used to this or do you believe prosthetics are the only reason we should be implanting people in the brain?

GARY OLHOEFT: I think the only reason we should be implanting people is for therapeutic reasons. For instance, I have a deep brain stimulator for a specific disease, others might have a particular problem or maybe it is to replace a part of the brain that has been damaged physically. Because the question becomes, when are we no longer human anymore if we go beyond prosthetics purposes?

KATINA MICHAEL: Yes.

GARY OLHOEFT: We have problems with driverless cars and people are talking about mirrored systems and all sorts of electronics in them that interfere with DBS. There was a paper that was published where researchers took about 10 cars at different times, and they discovered the ones that were diesel powered did not interfere because they didn’t have any ignition system [xxii]. Conventionally powered cars which had an electronic ignition system pad caused some interference. But electrics and hybrid engines had problems with people with implants [xxiii], [xxiv], [xxv], [xxvi].

KATINA MICHAEL: So do you fear getting in a vehicle at any time? Or is that not the issue, rather it is if you are driving or physically touching parts of the car?

GARY OLHOEFT: No, it’s probably if you are just in the vehicle itself because of the way they have the wiring in some vehicles. A Prius has 8 computers inside it, Wi-Fi and Bluetooth, and the way they run the wiring from the batteries to the front, it is not twisted wiring it is just a straight pair of wiring. If it was twisted pair there would be a lot less magnetic noise inside the car body.

KATINA MICHAEL: So that’s the car company trying to save money, right?

GARY OLHOEFT: I really don’t know. We have a Prius as well. I’ve tested our car. We have two sets of batteries. The front and right passenger seat are okay but the driver’s position is very noisy. There’s a woman we know, when she drives her Prius, her deep brain stimulator turns off when the car goes into charging mode (while braking) [xxvii].

KATINA MICHAEL: Oh dear, this is a major problem.

GARY OLHOEFT: That’s why I don’t drive.

KATINA MICHAEL: These issues must get more visibility. They can no longer be ignored. This is where consumer electronics come head-to-head with biomedical devices.

GARY OLHOEFT: I’ve also sent you documents that I’ve sent to the FCC and FDA.

KATINA MICHAEL: I read these.

GARY OLHOEFT: I’ve not received any response to these.

KATINA MICHAEL: This is truly an important research area. This topic crosses over engineering, policy and society. It is really about the importance of including the end-user (or patient in this case) in the product lifecycle management (PLM) process.

GARY OLHOEFT: Agreed.

KATINA MICHAEL: You are the first person I have engaged with who has convinced me to go further with this particular research endeavour. Save for some very sporadic papers in the press, and random articles in journal publications about electromagnetic interference issues, it was the Gizmodo article [xxviii] that my husband stumbled across citing you, that has validated our present conversation. It is time to take this very seriously now. We now have so many pacemakers, it is not just heart, it is brain as well. And I cannot even get a good figure for how many there are out there and I keep being asked but different sources state different things.

GARY OLHOEFT: They don’t know because they don’t track them [see introduction in [xxix].

KATINA MICHAEL: That is right but somewhat shocking to me because surely these numbers exist somewhere. And we have to track them. And I do not mean track the names of people. I do not really want people to be in a database of some sort because they bear an implant. I worry about potential hackers getting access to that, not from the privacy perspective alone but the fact that I do not wish to tip off potential predatory hackers “switching people off” so to speak, in the future.

GARY OLHOEFT: Sure.

KATINA MICHAEL: My concern is that the more of us who bear these implantables for non-medical reasons in the future, the greater the risks.

GARY OLHOEFT: There is a well-known story of someone who has had an internal insulin pump hacked, and an insulin dose was changed so that it killed them [xxx], [xxxi].

KATINA MICHAEL: I do wonder Gary if this all has to do with liability issues [xxxii]. There is simply no reason that companies like Medtronic should not be engaging the public on these matters. In fact, it is in their best interest to receive customer feedback.

GARY OLHOEFT: It’s definitely a problem and I don’t know what to do about that….

KATINA MICHAEL: So we need some hard core evidence that someone’s implantable has previously been tampered with?

GARY OLHOEFT: I’ve already raised the issue several times and Medtronic, my brain implant manufacturer just sent me the programmer’s manual for the patient. The original one I got was just a couple of pages that had to do with interference. The latest version is 16-18 pages in length on interference. And that is because of the questions I raised about interference and the evidence I showed them.

KATINA MICHAEL: Right.

GARY OLHOEFT: They still won’t admit that their device was defective in one case where I could prove it. My doctor believed me because I showed him the evidence, so he had them replace it at no charge.

KATINA MICHAEL: Okay. I have a question about this. Thank you for the information you sent me regarding your EEG as being logged by your DBS implant.

GARY OLHOEFT: It is not the EEG that I sent you, it is the measurement of the magnetic field from induced DBS current.

KATINA MICHAEL: It is the pulse?

GARY OLHOEFT: Right. The pulse height and the pulse frequency.

KATINA MICHAEL: Ok. So I saw the graph which indicated that every second pulse was being skipped.

GARY OLHOEFT: Right.

KATINA MICHAEL: So the question I have, is whether you have access to your EEG information? There was a well-known case of Hugo Campos who wanted access to his ECG information and last I heard he had taken to court the manufacturer who claimed they had the right to withhold this data [xxxiii]. He is more interested in data advocacy than anything else [xxxiv]. He was claiming it was “his” heart rate, and his personal biometrics, and that he had every right to have access to that information [xxxv].

GARY OLHOEFT: There are devices on the web that show you how to build something to get an ECG [xxxvi].

KATINA MICHAEL: Exactly. Hugo, even enrolled himself in courses meant for biomedical engineers to do this himself, that is hack into his own heart beat information, with the pacemaker device residing in his own body [xxxvii]. So he has been at the forefront of that. But the manufacturer is claiming that “they” own the data [xxxviii]. And my question to you is: Is your DBS data uploaded through some mechanism, like the heart pacemaker data is uploaded on a nightly basis and sent back to base [xxxix]?

GARY OLHOEFT: No, only when I visit the doctor’s office, is the only time they have access to it. Only when I go to the doctor.

KATINA MICHAEL: You mean to download information or to check its operation?

GARY OLHOEFT: Download information from the pack in my chest. Actually, they store it in there. They print it out in hardcopy because they are afraid of people hacking their computers.

KATINA MICHAEL: Yes.

GARY OLHOEFT: And this is the University of Colorado Hospital.

KATINA MICHAEL: Yes, I totally understand this from my background reading. I’ve seen similar evidence where hardcopies are provided to the patient but a lot of the patients like Hugo Campos are saying hardcopies are not enough. I should be able to have access at any time, and I should be able to tell someone my device is playing up, or look something is wrong [xl].

GARY OLHOEFT: Right. Remember how I told you about the interleave function. Well when they set it to the interleave setting for the first time, they didn’t do it right. And I woke up the next morning feeling like I had had 40 cups of coffee. It turns out it was running at twice the frequency it should have been and I could show that. So I called them up and said you’ve got a problem here and they fixed it right away. I figured I could measure it independently of the Medtronic device. That’s why I built my own AC wirewound ferrite core magnetometer to monitor my own DBS.

KATINA MICHAEL: Okay.

GARY OLHOEFT: But all the Doctor had was a program that told him whatever Medtronic wanted to tell him. I wanted more information than that, I wanted to actually see it so I built my own.

KATINA MICHAEL: So I saw your information that you would have had a product out on the market to help others but the iPhone keeps upgrading so I get that.

GARY OLHOEFT: It keeps changing faster than I can keep up with it.

KATINA MICHAEL: So I am going to argue that it is their responsibility, the manufacturer’s responsibility to provide this capability.

GARY OLHOEFT: I see no reason why they couldn’t, but I like the idea of a third party providing an independent measurement of whether the implant is working and measuring the parameters directly (pulse height, pulse width, pulse repetition frequency, etc.).

KATINA MICHAEL: So I am concerned on a number of fronts, and have been for some time. This in particular is not a huge ask if they are cooperative in the process of an incremental innovation. E.g. imagine if Apple collaborated with Medtronic or the other providers from Stryker and so forth, like Cochlear have collaborated with Apple. I think biomedical device manufacturers have to offer this as a service and in layman’s understanding for non-engineers. And it must be free and not cost the recipient anything. It is the only way to empower recipients of the pacemakers and for them to feel at ease, without having to go for a visit to a cardiac specialist.

GARY OLHOEFT: I told you about the experience of walking into a Best Buy and having their automated inventory control system turn off my DBS?

KATINA MICHAEL: Yes.

GARY OLHOEFT: Then I used my device to see what frequency it was operating at and then asked my doctor to change my DBS to a different frequency so that I could walk in and out of Best Buy. So the frequency range means the operator needs to have such things in mind. These inventory control devices are built  into walls in stores and malls, so you no longer know that they are even there or have any warning. But they are there.

KATINA MICHAEL: I know, they are unobtrusive.

GARY OLHOEFT: So there needs to be warning signs or other things like that. They seem to begin appearing in hospitals and imaging centres where they say “MRI in use” if you have a cardiac pacemaker or brain pacemaker device do not enter this room. But it is a rare thing still. I remember 20 years ago or so when they had “danger microwave oven in use”.

KATINA MICHAEL: Yes, I remember that.

GARY OLHOEFT: It is like we need a more generic reason than that.

KATINA MICHAEL: What is your feeling with respect to radio frequency identification (RFID)? Or the new payment systems using near field communications? Are they affecting pacemakers? Or is it way too low in terms of emissions?

GARY OLHOEFT: Well, no. There are wireless devices that are low-level that don’t bother me. For example, I have a computer with Wi-Fi, and that doesn’t bother me. That is because I’ve measured it and I know what it is. It is a dosage thing. If I stay nearby it the dosage begins to build up, and eventually it can get to a point where it could be a problem. Not necessarily for my DBS but for other things. Heart pacemakers are much closer to the heart so there is less of a problem. And the length of wiring is much shorter in heart pacemakers. I have a piece of wire that runs from my chest, up my neck, up over the top of my head, and back behind my eyes, and it is almost 18 inches long. That is part of the problem. They could have made that a twisted pair with shielding like CAT6 wiring but they didn’t and the Medtronic people need to fix that one.

KATINA MICHAEL: And Gary I spoke to some researchers last year in June who were talking about not having the battery packs so low, having it closer to the brain and smaller in size. Do you think the problem would dissipate somewhat if the battery pack was closer to the brain?

GARY OLHOEFT: Yes. But then the battery won’t last as long because it’s smaller.

KATINA MICHAEL: Yes, I know that is the issue.

GARY OLHOEFT: They are already trying rechargeable batteries but you spend all day at the charger- you get 9 hours of charging for only 1 hour of use.

KATINA MICHAEL: No, that is definitely not feasible.

GARY OLHOEFT: So my doctor told me that, and he recommended against that for me.

KATINA MICHAEL: Now here is another question that is a difficult one for you, I think. Do you find a conflict in your heart sometimes? You are trying to help the manufacturer make a better product and you are trying to raise awareness of the important issues that patients face, and yet you are relying on the very product that you are trying to get some response to. Have you ever written to Medtronic and said “This is my name and this is my story- would you allow me to advise you, that is, provide feedback to your design team?” [xli]

GARY OLHOEFT: There is a Vice President that is responsible for R&D who is both a medical doctor and an engineer… I wrote to him several times and never got an answer.

KATINA MICHAEL: Right.

GARY OLHOEFT: But I have spoken to Medtronic’s Chief Engineer that my device is misbehaving, you know with all those missing pulses. He was quite open about it. I also told him about the interleave problem at that time that it felt like I had had 40 cups of coffee and he said that was outside his area of expertise because he built the hardware but someone else programmed it. And you can find there are books out there that might tell you how to program these things. I’ve looked at them but I don’t agree with the approach they take. They never talk about interference. The default programming for this is 180 repetitions … it’s still the wrong place to start because in the US, 180 is a multiple (harmonic) of the powerline and close to the frequency used by many security systems and inventory control systems. See my talks on YouTube [xlii], [xliii].

KATINA MICHAEL: I am so concerned about what I am hearing. Concerned that the company is not taking any action. Concerned that we are not teaching our up and coming engineers about these problems because they have to know if they are not going to fall into the same pitfalls down the track as devices get even more sophisticated. I am also concerned that recipients of these brain pacemakers are not given the opportunity to provide proper feedback to design teams directly and that there is no indirect path in which to do this. A web page does not cut it. There are people like yourself Gary, who are willing and have relevant research expertise, whom these companies should be even welcoming onto their payroll to improve the robustness of their technologies. And I’ve already raised issues like those you are stating, with collaborators at the Consortium for Science, Policy & Outcomes at Arizona State University.

GARY OLHOEFT: Well, I’ve tried writing to various organisations and agencies and when possible, giving testimony to FDA, FCC and other agency requests for information.

KATINA MICHAEL: I think it is important to create a safe space where manufacturers, medical practitioners, patients, and policymakers come together to discuss these matters openly. I know there are user groups where patients go to discuss issues but that serves quite a different function, more of a support group. But until there is some level of openness then it will be likely that these issues will continue to cloud future developments. Gary, we need more people like yourself who have real stories to share, that are documented, together with peer-reviewed published research in the domain of interference and DBS. We should continue to write to them and also invite them to workshops and roundtable meetings, invite representatives from the FDA and FCC. What do you think about this approach?

GARY OLHOEFT: Yes, you can put me down for that. I’ll be involved.

KATINA MICHAEL: Great!

GARY OLHOEFT: Part of the problem is that the FCC authorisation says 9KHertz up to 300 GigaHertz. And these devices operate at below 200 Hertz. So the FCC has no regulatory authority over them, except as Part 15 devices. The FDA has no limit. From lasers down to direct current (DC). The FCC has nothing to do with it, so we need to get involved with the FDA. We need them to get to document things at any rate.

KATINA MICHAEL: I have a question also about the length of time that battery packs last in biomedical implantable devices? Could they last longer? One researcher who is known as a Cyborg Anthropologist was speaking to someone on a plane from one of these biomedical companies who said to her that the devices are replaced in 4-5 year periods so that the companies can make more money, like 40,000 dollars for each new device. What do you make of this?

GARY OLHOEFT: Possibly the case. But really, you don’t want to be making bigger battery packs, right? You just want to be able to make better battery technology. For example, do you really want a Lithium ion battery in your body because it lasts longer?

KATINA MICHAEL: Yes, you have a point there. What kind of battery do you have?

GARY OLHOEFT: I don’t know what kind it is. I do have the dimensions for how big it is.

KATINA MICHAEL: Yes, I saw the information you sent, 6x6x2 cm.

GARY OLHOEFT: It’s already presentable “looks-wise”, so I wouldn’t risk it.

KATINA MICHAEL: Ok, I agree with your concerns here. I was just worried about this remark because I have heard it before, replacement biomedical devices being a money generator for the industry [xliv].

GARY OLHOEFT: He must’ve been a marketing type.

KATINA MICHAEL: Yes, he was in sales engineering.

GARY OLHOEFT: Do you know how they have those wireless power transmitters now? The Qi system is the only one I have been able to test because I’ve been able to get through to them as there is a potential there for interference [xlv]. So they have given me a device with which to actually play with.

KATINA MICHAEL: That is great. And a very good example of what we are talking about should be happening.

GARY OLHOEFT: There is a Wireless Power Consortium of other people who work at different frequencies [xlvi]. They are the only ones that give me no response to my letters. So the wireless power transmission people need to be brought into the scope of this somehow.

KATINA MICHAEL: Could you elaborate?

GARY OLHOEFT: These are the people who create devices to recharge batteries for devices that require power transmission.

KATINA MICHAEL: Yes, mobility types of technology devices. And there are lots of those coming and most of them with little testing in the security space. I mean the Internet of Things is promising so much in this market space. I think the last statistic I read that the media caught wind of was 20 billion devices by 2020 [xlvii].

GARY OLHOEFT: You are looking at a house that could have every lightbulb, every appliance, every device in it on the Internet.

KATINA MICHAEL: Yes indeed, we just have to look at the advent of NEST.

GARY OLHOEFT: And yet they are wirelessly transmitting. It would be much better if they were hooked up using fibre optics.

KATINA MICHAEL: Agreed… I mean for me it is also a privacy concern with everything hooked up in the house to the Internet [xlviii]. Last year somebody demonstrated they could set a toaster alight in the IOT scenario [xlix].

GARY OLHOEFT: You know how Google has these cars driving around taking pictures everywhere?

KATINA MICHAEL: Yes, that is part of my research [l].

GARY OLHOEFT: And they also record whatever wireless systems they can get into that is not subject to a password, and then they can record anything that is in it. They lost a lawsuit over that.

KATINA MICHAEL: Yes. There is one that was handed down into the billions in Europe recently. But over the last several years they have been fined very different amounts in different markets. It was very ridiculous that they were fined only a few thousand US dollars in for example, South Korea! [li]

GARY OLHOEFT: That is a joke.

KATINA MICHAEL: At the IEEE Sections Congress last month I spoke to several young people involved with driverless cars. And I don’t know, they were very much discounting the privacy and security issues that will arise. One delegate told me: “it’s all under control”. But I do not think they quite get it Gary. I said to one of them: “but what about the security issues” and he replied: “what issues, we’ve got them all under control, I am not in the slightest concerned about this because we are going to have protocols.” And I pointed to the Jeep Cherokee case that some hackers got to stop in its tracks on a highway in the United States [lii], [liii]. One of my concerns with these driverless cars is that people will die, sizzling in a hot vehicle, where they have been accidentally locked inside by the “car”. And they don’t even have to have pacemakers, it is an issue of simply having a vehicle unlock its doors for a client to exit.

GARY OLHOEFT: There was the case of the hybrid vehicle that was successfully stopped and demonstrated on TV.

KATINA MICHAEL: Yes. And there was also someone wearing an Emotiv device that was steering their vehicle with their thoughts [liv]. I was giving a talk at Wollongong’s innovation hub called iAccelerate last week and I told them this very scenario. What if I hacked into the driver’s thoughts, and steered the car off a cliff?

GARY OLHOEFT: So what will they do between vehicles when the devices start to interfere with one another? 

KATINA MICHAEL: Yes, exactly! And when devices begin interfering with one another more frequently for who knows what reason?

GARY OLHOEFT: We have had situations in which cell phones have stopped working because the network is simply overloaded on highways, or blocked by landslides or just traffic congestion. The Broncos Football Stadium here is undergoing a six million dollar upgrade, just so they can get the Wi-Fi working, and now they are building it in to every seat. So they now have security systems like Airports do, and so I cannot go into the Stadium anymore because of my DBS. I couldn’t sit in a  light rail train either.

KATINA MICHAEL: So here is a more metaphysical and existential question. I am so fortunate to be speaking to you! You are alive, you are well in terms of being able to talk and communicate, and yet somehow this sophisticated tech also means that you have had to dull down your accessibility to certain places, almost living off the grid to some degree. So all of this complex tech actually means you are living more simply perhaps. What does that feel like? It really is a paradox. You are being careful, testing your devices, testing the Wi-Fi, and learning by trial and error on-the-fly it seems.

GARY OLHOEFT: Well I have a landline phone against my head right now because I know it doesn’t bother me. I cannot hold a cellular phone within 20 inches of my head.

KATINA MICHAEL: Hmm…

GARY OLHOEFT: So you are right. I mean there are a lot of places I cannot go to, like the School Library or the Public Library because of their system for keeping track of books. It has a very powerful electromagnetic pulse. So when I go to the Library, I go remotely via Virtual Private Network (VPN) on the Internet and fortunately I have access to that. I can also call the librarian who lets me in via the back door.

KATINA MICHAEL: So for me, in one case you are very free, and in the other case, somewhat not free at all. I really do not know how to express that in any other way.

GARY OLHOEFT: I see what you are trying to say but I would be less free without the device because it dramatically improves my functionality and quality of life, but also limits where I can go.

KATINA MICHAEL: I know. I know. I am ever so thankful that you have it and that we are able to talk so freely. I am not one to slow down progress but I am looking at future social implications. One of the things I have been pondering on is the potential to use these brain stimulators in a jail-like way. I am not referring here to torturous uses of brain stimulators, but for example, the possibility of using brain stimulators for repeat offenders in paedophilia for instance, or extreme crimes, whether we would ever get to the point where an implantable would be used for boundary control. Perhaps I am referring here to electronic jails of the future.

GARY OLHOEFT: That gets to be worrisome in a different way. How far are you away from that from controlling people. 1984 and all that [lv]. These DBS are being used now to help with obsessive compulsive disorder (OCD) and neural pain management.

KATINA MICHAEL: Yes, that is what we have pondered in the research we have conducted on uberveillance with MG Michael. So if we can fix the brain with an implantable then we can also do damage to it [lvi]. It is a bit like the internal insulin pump- if we can help someone receive the right amount of insulin, we can also reverse this process and give an individual the wrong amount to worsen the problem. Predatory hacking is something that will happen, if it is not happening already. That’s just the human condition that people would be dabbling with that kind of stuff. It is very difficult to talk about this in public because you do not wish to scare or alarm brain pacemaker or any pacemaker recipient, but we do need to raise awareness about this.

GARY OLHOEFT: That would be good because we don’t have enough people talking about these issues.

KATINA MICHAEL: I know. According to the NIH, there are 25 million people who have pacemakers and are vulnerable to cybersecurity hacks [lvii], [lviii]. That is a huge number. And it was you who also told me that 8% of Americans have some form of implant.

GARY OLHOEFT: Well it was 25 million in the year 2000.

KATINA MICHAEL: And the biggest thing? They must never ever link biomedical devices to the Internet of Things. Never. That is probably my biggest worry for the pacemaker community, that the companies will not think about this properly and they are going to be thinking of the ease of firmware updates and monitoring rather than safety of the individual. I envisage it will require a community of people and I am not short-sighted, it will mean a five-year engagement to make a difference to policy internal to organisations, and government agencies to listen to the growing needs of biomedical patients. But this too is an educational process and highly iterative. This is not like going down to your local mechanic and getting your car serviced, this is about the potential for things to go wrong, minimising exposure, and ensuring they stay right.

GARY OLHOEFT: I agree.

KATINA MICHAEL: Thank you Gary for your time.

 

Key Terms

Biomedical device: is the integration of a medical device and information system that facilitates life-sustaining care to a patient in need of a prosthetic function. Biomedical devices monitor physiological characteristics through mechanical parts small enough to embed in the human body. Popular biomedical devices include heart pacemakers and defibrillators, brain stimulator and vagus nerve stimulator devices, cochlear and retinal implants, among others. The biomedical device takes what was once a manual function in the human body, and replaces it with an automatic function, for example, helping to pump blood through the heart to sustain circulation.

Biomedical Co-creation: co-creation is a term popularised in the Harvard Business Review in 2000. Biomedical co-creation is a management design strategy, bringing together a company the manufactures a biomedical device and recipients of that device (i.e. patients) in order to jointly produce a mutually valued outcome. Customer perspectives, experiences and views in this instance, are vital for the long-term success of biomedical devices.

Deep Brain Stimulation: also known as DBS, is a neurosurgical procedure involving the implantation of a biomedical device called a neurostimulator (also known as a brain pacemaker), which sends electrical impulses, through implanted electrodes, to specific targets in the brain for the treatment of movement and neuropsychiatric disorders. DBS has provided therapeutic uses in otherwise treatment-resistant illnesses like Parkinson's disease, Tourette’s Syndrome, dystonia, chronic pain, major depressive disorder (MDD), and obsessive compulsive disorder (OCD). It is also being considered in the fields of autism and even anxiety-related disorders. The technique is still in its infancy and at the experimental stages with inconclusive evidence in treating MDD or OCD.

Federal Communications Commission: The Federal Communications Commission is an independent agency of the United States government created by statute to regulate interstate communications by radio, television, wire, satellite, and cable. Biomedical devices are not under the regulation of the FCC.

Food and Drug Administration: The Food and Drug Administration (FDA or USFDA) is a federal agency of the United States Department of Health and Human Services, one of the United States federal executive departments. The FDA is responsible for protecting and promoting public health through the control and supervision of a number of domains, among them those relevant to the biomedical device industry including electromagnetic radiation emitting devices (ERED).

Cybersecurity issues: are those that affect biomedical device recipients and place patients at risk of an unauthorised intervention. Hackers can attempt to hi-jack and administer incorrect levels of dosage to a recipient by penetrating proprietary code. These hackers are known as predatory hackers, given the harm they can cause persons who rely on life-sustaining technology.

Implantables: are technologies that sense parameters of various diseases and can either transfer data to a remote center, direct the patient to take a specific action, or automatically perform a function based on what the sensors are reading. There are implantables that have sensors that monitor, and those that facilitate direct drug delivery, or those that do both.

Participatory Design: is synonymous with a co-design strategy of development of biomedical devices. It is an approach that tries to incorporate various stakeholders in the process of design, such as engineers, medical practitioners, partners, manufacturers, surgeons, patients, ethics and privacy-related NGOs, end-users, to ensure that resultant needs are met.

Product Lifecycle Management: is the process of managing the entire lifecycle of a biomedical device from inception, through engineering design and manufacture, to service and disposal of manufactured products. Importantly, PLM is being extended to the ongoing monitoring of the embedded biomedical device in the patient, remotely using wireless capabilities.

 

References

[i] Kristen V. Brown, March 7, 2017, “Why People with Brain Implants are Afraid to Go Through Automatic Doors”, Gizmodo, http://www.gizmodo.com.au/2017/07/why-people-with-brain-implants-are-afraid-to-go-through-automatic-doors/, Accessed: February 19, 2018.

[ii] Gary Olhoeft, December 7, 2009, “Electromagnetic interference and medical implants”, The EMR Policy Institute, https://youtu.be/jo-B6LWfVzw

[iii] Rosie Spinks, June 13, 2016, “Meet the French neurosurgeon who accidentally invented the “brain pacemaker””, Quartz, https://qz.com/704522/meet-the-french-neurosurgeon-who-accidentally-invented-the-brain-pacemaker/, Accessed: September 16, 2017.

[iv] Staff. “Steve Jobs Most Pissed Off Moments (1997-2010)”, Apple, https://www.youtube.com/watch?v=1-oIL9cLHDc, Accessed: September 15, 2017.

[v] Katina Michael, “The Creative Genius in Us- the Sky’s the Limit or Is It?”, iAccelerate Series, https://www.youtube.com/watch?v=3W-8oR_bjAU, Accessed: October 18, 2017.

[vi] Fred Vogelstein, October 4, 2013, “And Then Steve Said, ‘Let There Be an iPhone’”, The New York Times Magazine, Accessed: September 15, 2017.

[vii] Alexandra Ossola, November 17, 2015, “Tasers May Be Deadly, Study Finds”, http://www.popsci.com/tasers-may-be-unsafe-says-new-report, Popular Science, Accessed: February 17, 2018.

[viii] Katina Michael, February 2, 2018, “The Internet of Us”, RADCOMM2017, http://www.katinamichael.com/seminars/2017/11/2/the-internet-of-us-radcomm2017, Accessed: February 19, 2018.

[ix] Emily Waltz, April 26, 2017, “DARPA to Use Electrical Stimulation to Enhance Military Training”, IEEE Spectrum, https://spectrum.ieee.org/the-human-os/biomedical/devices/darpa-to-use-electrical-stimulation-to-improve-military-training, Accessed: September 15, 2017.

[x] Kristen V. Brown, July 11, 2017, “DARPA Is Funding Brain-Computer Interfaces To Treat Blindness, Paralysis And Speech Disorders”, Gizmodo Australia, https://www.gizmodo.com.au/2017/07/darpa-is-funding-brain-computer-interfaces-to-treat-blindness-paralysis-and-speech-disorders/ Accessed: September 15, 2017.

[xi] Robbin A. Miranda, William D. Casebeer, Amy M. Hein, Jack W. Judy et al., 2015, “DARPA-funded efforts in the development of novel brain–computer interface technologies”, Journal of Neuroscience Methods, Vol. 244, pp. 52-67, http://www.sciencedirect.com/science/article/pii/S0165027014002702, Accessed: September 15, 2017.

[xii] Katina Michael, M.G. Michael, Jai C. Galliot, Rob Nicholls, 2017, “Socio-Ethical Implications of Implantable Technologies in the Military Sector”, IEEE Technology and Society Magazine, Vol. 36, No. 1, March 2017, pp. 7-9, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7879457, Accessed: September 15, 2017.

[xiii] Serafeim Perdikis, Luca Tonin, Jose del R. Millan, 2017, "Brain racers," IEEE Spectrum, Vol. 54, No. 9, September 2017, pp. 44-51, http://www.ieeeexplore.ws/stamp/stamp.jsp?tp=&arnumber=8012239&isnumber=8012214, Accessed: February 16, 2018.

[xiv] Katina Michael, M.G. Michael, Jai C. Galliot, Rob Nicholls, 2016, “The Socio-Ethical Implications of Implantable Technologies in the Military Sector”, 9th Workshop on the Social Implications of National Security, University of Melbourne, Australia, July 12, 2016, http://www.katinamichael.com/sins16, Accessed: September 15, 2017.

[xv] Jane Gardner, Feburary 9, 2016, “Moving with the Power of Thought”, Pursuit, https://pursuit.unimelb.edu.au/articles/moving-with-the-power-of-thought, Accessed: September 15, 2017.

[xvi] Katina Michael, May 8, 2016, “Invitation to speak at the 9th Workshop on the Social Implications of National Security”, Personal Communications with Thomas Oxley.

[xvii] MF+ Staff, 2016, “SoundBite: Hearing Aid on your Teeth”, Sonitus Medical, http://medicalfuturist.com/soundbite-hearing-aid-on-your-teeth/, Accessed: September 15, 2017.

[xviii] Gordon Wallace, Joseph Wang, Katina Michael, 2016, “Public Information Session – Wearable Sensing Technologies: What we have and where we are going!”, Wearables and Implantables Workshop, University of Wollongong, Australia, Innovation Campus, August 19, 2016, http://www.electromaterials.edu.au/uploads/69133/ufiles/Booklet_-_Wearable_and_Implantable_Sensors_Workshop.pdf, Accessed: September 15, 2017.

[xix] Herbert Kenwith and James S. Henerson, 1971 “Laurie Gets Braces”, Partridge Family: Season 1, https://www.youtube.com/watch?v=KzBz1oR8nYE, Accessed: September 15, 2017.

[xx] Katina Michael, August 31, 2017, “The Creative Genius in Us- the Sky’s the Limit or Is It?”, iAccelerate: Illawarra’s Business Incubator, https://www.iaccelerate.com.au/events/882-the-creative-genius-in-us-the-sky-s-the-limit-or-is-it.html, Accessed: September 15, 2017.

[xxi] Emma Hinchcliffe, July 27, 2017, “This made-for-iPhone cochlear implant is a big deal for the deaf community”, Mashable, http://mashable.com/2017/07/26/cochlear-implant-iphone/#9ijsleSJqaqJ, Accessed: September 15, 2017.

[xxii] Ronen Hareuveny, Madhuri Sudan, Malka N. Halgamuge, Yoav Yaffe, Yuval Tzabari, Daniel Namir, Leeka Kheifets, 2015, “Characterization of Extremely Low Frequency Magnetic Fields from Diesel, Gasoline and Hybrid Cars under Controlled Conditions”, Vol. 12, No. 2, pp. 1651–1666.

[xxiii] Nicole Lou, February 27, 2017, “Everyday Exposure to EM Fields Can Disrupt Pacemakers”, MedPage Today/CRTonline.org, https://www.medpagetoday.com/cardiology/arrhythmias/63433, Accessed: February 17, 2018.

[xxiv] Oxana S. Pantchenko, Seth J. Seidman, Joshua W. Guag, 2011, “Analysis of induced electrical currents from magnetic field coupling inside implantable neurostimulator leads”, BioMedical Engineering OnLine, Vol. 10, No. 1, pp. 94, https://biomedical-engineering-online.biomedcentral.com/articles/10.1186/1475-925X-10-94, Accessed: February 17, 2018.

[xxv] Oxana S. Pantchenko, Seth J. Seidman, Joshua W. Guag, Donald M. Witters Jr., Curt L. Sponberg, 2011, “Electromagnetic compatibility of implantable neurostimulators to RFID emitters”, BioMedical Engineering OnLine, Vol. 10, No. 1, pp. 50, https://biomedical-engineering-online.biomedcentral.com/articles/10.1186/1475-925X-10-50, Accessed: February 17, 2018.

[xxvi] Kelly Dustin, 2008, “Evaluation of Electromagnetic Incompatability Concerns for Deep Brain Stimulators”, Disclosures: J. Neurosci. Nurs., Vol. 40, No. 5, pp. 299-303, http://www.medscape.com/viewarticle/582572, Accessed: February 19, 2018.

[xxvii] Joel M. Moskowitz, September 2, 2017, “Hybrid & Electric Cars: Electromagnetic Radiation Risks”, Electromagnetic Radiation Safety, http://www.saferemr.com/2014/07/shouldnt-hybrid-and-electric-cars-be-re.html, Accessed: February 16, 2018.

[xxviii] Kristen V. Brown, July 4, 2017, “Why People With Brain Implants Are Afraid To Go Through Automatic Doors”, Gizmodo: Australia, https://www.gizmodo.com.au/2017/07/why-people-with-brain-implants-are-afraid-to-go-through-automatic-doors/, Accessed: September 15, 2017.

[xxix] National Institutes of Health, January 10-12, 2000, “Improving Medical Implant Performance Through Retrieval Information: Challenges and Opportunities”,  U.S. Department of Health and Human Services, https://consensus.nih.gov/2000/2000MedicalImplantsta019html.htm, Accessed: February 16, 2018.

[xxx] Dan Goodin, October 27, 2011, “Insulin pump hack delivers fatal dosage over the air”, The Registerhttps://www.theregister.co.uk/2011/10/27/fatal_insulin_pump_attack/, Accessed: September 15, 2017.

[xxxi] BBC Staff, October 4, 2016, “Johnson & Johnson says insulin pump 'could be hacked'”, BBC News, http://www.bbc.com/news/business-37551633#, Accessed: September 15, 2017.

[xxxii] Office of Public Affairs, December 12, 2011, “Minnesota-Based Medtronic Inc. Pays US $23.5 Million to Settle Claims That Company Paid Kickbacks to Physicians”, Department of Justice, https://www.justice.gov/opa/pr/minnesota-based-medtronic-inc-pays-us-235-million-settle-claims-company-paid-kickbacks, Accessed: February 19, 2018.

[xxxiii] Hugo Campos, January 19, 2012, “Fighting for the Right to Open his Heart Data: Hugo Campos”, TEDxCambridge 2011, https://www.youtube.com/watch?v=oro19-l5M8k, Accessed: September 15, 2017.

[xxxiv] Hugo Campos, July 15, 2012, “Stanford Medicine X ePatient: On ICDs and Access to Patient Device Data”, Stanford Medicine X, https://www.youtube.com/watch?v=K35enPVJki4, Accessed: September 15, 2017.

[xxxv] Emily Singer, “Getting Health Data from Inside Your Body”, MIT Technology Review, https://www.technologyreview.com/s/426171/getting-health-data-from-inside-your-body/, Accessed: September 15, 2017.

[xxxvi] Hugo Silva, June 22, 2015, “How to build a DIY heart and activity tracking device”, OpenSource.com, https://opensource.com/life/15/6/how-build-diy-activity-tracking-device, Accessed: September 15, 2017.

[xxxvii] Hugo Campos, March 24, 2015, “The Heart of the Matter: I can’t access the data generated by my implanted defibrillator. That’s absurd.”, Slate, http://www.slate.com/articles/technology/future_tense/2015/03/patients_should_be_allowed_to_access_data_generated_by_implanted_devices.html, Accessed: September 15, 2017.

[xxxviii] Jody Ranck, 2016, “Rise of e-Patient and Citizen-Centric Public Health”, Ed. Jody Ranck, Disruptive Cooperation in Digital Health, Springer, Switzerland, pp. 49-51.

[xxxix] Haran Burri and David Senouf, 2009, “Remote monitoring and follow-up of pacemakers and implantable cardioverter defibrillators”, Europace. Jun, Vol. 11, No. 6, pp. 701–709, https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2686319/, Accessed: December 6, 2017.

[xl] Mike Miliard, November 20, 2015, “Medtronic enables pacemaker monitoring by smartphone”, Healthcare IT News, http://www.healthcareitnews.com/news/medtronic-enables-pacemaker-monitoring-smartphone, Accessed: September 15, 2017.

[xli] Staff. “How can we help?”, Medtronic, http://professional.medtronic.com/customer-support/contact-us/index.htm#.Wbua5dWCzIU, Accessed: September 15, 2017.

[xlii] Gary Olhoeft, December 12, 2009, “Gary Olhoeft #1 Electromagnetic Interference and Medical Implants.mov”, Youtube: EMRPolicyInstitutehttps://www.youtube.com/watch?v=SymnXTNh8Ms, Accessed: February 16, 2018.

[xliii] Gary Olhoeft, December 12, 2009, “Gary Olhoeft #2 Electromagnetic Interference and Medical Implants.mov”, Youtube: EMRPolicyInstitute, https://www.youtube.com/watch?v=XrETLgwPljQ, Accessed: February 16, 2018.

[xliv] Tim Pool, August 2, 2017, “When Companies Start Implanting People: An Interview with Amber Case on the Ethics of Biohacking”, TimCast, Episode 139, https://www.youtube.com/watch?v=UC8iQzjKQoU, Accessed: September 15, 2017.

[xlv] Administrators. Qi (Standard), Wikipedia, https://en.wikipedia.org/wiki/Qi_(standard), Accessed: September 15, 2017.

[xlvi] WPC, 2017, Wireless Power Consortium, https://www.wirelesspowerconsortium.com/, Accessed: September 15, 2017.

[xlvii] Amy Nordrum, August 16, 2016, “Popular Internet of Things Forecast of 50 Billion Devices by 2020 Is Outdated”, IEEE Spectrum, https://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated, Accessed: September 16, 2017.

[xlviii] Grant Hernandez, Orlando Arias, Daniel Buentello, Yier Jin, 2014, “Smart Nest Thermostat: A Smart Spy in Your Home”, Blackhat.com, https://www.blackhat.com/docs/us-14/materials/us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home-WP.pdf, Accessed: September 16, 2017.

[xlix] Mario Ballano Barcena, Candid Wueest, 2015, “Insecurity in the Internet of Things”, Symantec, https://www.symantec.com/content/en/us/enterprise/iot/b-insecurity-in-the-internet-of-things_21349619.pdf, Accessed: September 16, 2017.

[l] Katina Michael and Roger Clarke, 2013, “Location and tracking of mobile devices: Überveillance stalks the streets”, Computer Law and Security Review: the International Journal of Technology Law and Practice, Vol. 29, No. 3, pp. 216-228.

[li] Katina Michael, M.G. Michael, 2011, “The social and behavioural implications of location-based services”, Journal of Location Based Services, Vol. 5, Iss. 3-4, http://www.tandfonline.com/doi/full/10.1080/17489725.2011.642820?src=recsys, Accessed: September 16, 2017.

[lii] Andy Greenberg, July 21, 2015, “Hackers remotely kill a Jeep on the Highway- with me in it”, Wired, https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/, Accessed: September 16, 2017.

[liii] Andy Greenberg, August 1, 2016, “The Jeep Hackers are back to prove car hacking can get much worse”, Wired, https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/, Accessed: September 16, 2017.

[liv] Markus Waibel, February 17, 2011, “BrainDriver: A Mind Controlled Car”, IEEE Spectrum, https://spectrum.ieee.org/automaton/transportation/human-factors/braindriver-a-mind-controlled-car, Accessed: September 16, 2017.

[lv] Oliver Balch, November 17, 2016, “Brave new world: implantables, the future of healthcare and the risk to privacy”, The Guardian, https://www.theguardian.com/sustainable-business/2016/nov/17/brave-new-world-implantables-the-future-of-healthcare-and-the-risk-to-privacy, Accessed: February 19, 2018.

[lvi] Katina Michael, 2015, “Mental Health, Implantables, and Side Effects”, IEEE Technology and Society Magazine, Vol. 34, No. 2, June, pp. 5-7, 17, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7128830, Accessed: September 16, 2017.

[lvii] Staff. August 30, 2017, “Cyber-flaw affects 745,000 pacemakers”, BBC News, http://www.bbc.com/news/technology-41099867, Accessed: September 16, 2017.

[lviii] Carmen Camara, Pedro Peris-Lopez, Juan E. Tapiador, 2015, “Security and privacy issues in implantable medical devices: A comprehensive survey”, Journal of Biomedical Informatics, Vol. 55, June 2015, pp. 272-289, https://www.sciencedirect.com/science/article/pii/S153204641500074X, Accessed: February 19, 2018.

 

Citation: Excerpt from Gary Olhoeft and Katina Michael (2018), Product Lifecycle Management for Brain Pacemakers: Risks, Issues and Challenges Technology and Society (Vol. 2), University of Wollongong (Faculty of Engineering and Information Services), ISBN: 978-1-74128-270-2.

Dan DeFilippi - Credit Card Fraud: Behind the Scenes

Katina Michael: Dan, let’s start at the end of your story which was the beginning of your reformation. What happened the day you got caught for credit card fraud?

Dan DeFilippi: It was December 2004 in Rochester, New York. I was sitting in my windowless office getting work done, and all of a sudden the door burst open, and this rush of people came flying in. “Get down under your desks. Show your hands. Hands where I can see them.” And before I could tell what was going on, my hands were cuffed behind my back and it was over. That was the end of that chapter of my life.

Katina Michael: Can you tell us what cybercrimes you committed and for how long?

Dan DeFilippi: I had been running credit card fraud, identity theft, document forgery pretty much as my fulltime job for about three years, and before that I had been a hacker.

Katina Michael: Why fraud? What led you into that life?

Dan DeFilippi: Everybody has failures. Not everybody makes great decisions in life. So why fraud? What led me to this? I mean, I had great parents, a great upbringing, a great family life. I did okay in school, and you know, not to stroke my ego too much, but I know I am intelligent and I could succeed at whatever I chose to do. But when I was growing up, one of the things that I’m really thankful for is my parents taught me to think for myself. They didn’t just focus on remembering knowledge. They taught me to learn, to think, to understand. And this is really what the hacker mentality is all about. And when I say hacker, I mean it in the traditional sense. I don’t mean it as somebody in there stealing from your company. I mean it as somebody out there seeking knowledge, testing the edges, testing the boundaries, pushing the limits, and seeing how things work. So growing up, I disassembled little broken electron­ics and things like that, and as time went on this slowly progressed into, you know, a so-called hacker.

Katina Michael: Do you remember when you actually earned your first dollar by conducting cybercrime?

Dan DeFilippi: My first experience with money in this field was towards the end of my high school. And I realized that my electronics skills could be put to use to do something beyond work. I got involved with a small group of hackers that were trying to cheat advertising systems out of money, and I didn’t even make that much. I made a couple of hundred dollars over, like, a year or something. It was pretty much insignificant. But it was that experience, that first step, that kind of showed me that there was something else out there. And at that time I knew theft and fraud was wrong. I mean, I thought it was stealing. I knew it was stealing. But it spiraled downwards after that point.

Katina Michael: Can you elaborate on how your thinking developed towards earn­ing money through cybercrime?

Dan DeFilippi: I started out with these little things and they slowly, slowly built up and built up and built up, and it was this easy money. So this initial taste of being able to make small amounts, and eventually large amounts of money with almost no work, and doing things that I really enjoyed doing was what did it for me. So from there, I went to college and I didn’t get involved with credit card fraud right away. What I did was, I tried to find a market. And I’ve always been an entrepreneur and very business-minded, and I was at school and I said, “What do people here need? ... I need money, I don’t really want to work for somebody else, I don’t like that.” I realized people needed fake IDs. So I started selling fake IDs to college students. And that again was a taste of easy money. It was work but it wasn’t hard work. And from there, there’s a cross-over here between forged documents and fraud. So that cross-over is what drew me in. I saw these other people doing credit card fraud and mak­ing money. I mean, we’re talking about serious money. We’re talking about thousands of dollars a day with only a few hours of work and up.

Katina Michael: You strike me as someone who is very ethical. I almost cannot imagine you committing fraud. I’m trying to understand what went wrong?

Dan DeFilippi: And where were my ethics and morals? Well, the problem is when you do something like this, you need to rationalize it, okay? You can’t worry about it. You have to rationalize it to yourself. So everybody out there commit­ting fraud rationalizes what they’re doing. They justify it. And that’s just how our brains work. Okay? And this is something that comes up a lot on these online fraud forums where people discuss this stuff openly. And the question is posed: “Well, why do you do this? What motivates you? Why, why is this fine with you? Why are you not, you know, opposed to this?” And often, and the biggest thing I see, is like, you know, the Robin Hood scenario- “I’m just stealing from a faceless corporation. It’s victimless.” Of course, all of us know that’s just not true. It impacts the consumers. But everybody comes up with their own reason. Everybody comes up with an explanation for why they’re doing it, and how it’s okay with them, and how they can actually get away with doing it.

Katina Michael: But how does a sensitive young man like you just not realize the impact they were having on others during the time of committing the crimes?

Dan DeFilippi: I’ve never really talked about that too much before... Look the aver­age person when they know they’ve acted against their morals feels they have done wrong; it’s an emotional connection with their failure and emotionally it feels negative. You feel that you did something wrong no one has to tell you the crime type, you just know it is bad. Well, when you start doing these kinds of crimes, you lose that discerning voice in your head. I was completely dis­connected from my emotions when it came to these types of fraud. I knew that they were ethically wrong, morally wrong, and you know, I have no interest in committing them ever again, but I did not have that visceral reaction to this type of crime. I did not have that guilty feeling of actually stealing something. I would just rationalize it.

Katina Michael: Ok. Could I ask you whether the process of rationalization has much to do with making money? And perhaps, how much money did you actu­ally make in conducting these crimes?

Dan DeFilippi: This is a pretty common question and honestly I don’t have an answer. I can tell you how much I owe the government and that’s ... well, I suppose I owe Discover Card ... I owed $209,000 to Discover Card Credit Card Company in the US. Beyond that, I mean, I didn’t keep track. One of the things I did was, and this is kind of why I got away with it for so long, is I didn’t go crazy. I wasn’t out there every day buying ten laptops. I could have but chose not to. I could’ve worked myself to the bone and made millions of dollars, but I knew if I did that the risk would be significantly higher. So I took it easy. I was going out and doing this stuff one or two days a week, and just living comfortably but not really in major luxury. So honestly, I don’t have a real figure for that. I can just tell you what the government said.

Katina Michael: There is a perception among the community that credit card fraud is sort of a non-violent crime because the “actor” being defrauded is not a person but an organization. Is this why so many people lie to the tax office, for instance?

Dan DeFilippi: Yeah, I do think that’s absolutely true. If we are honest about it, everyone has lied about something in their lifetime. And people... you’re right, you’re absolutely right, that people observe this, and they don’t see it in the big picture. They think of it on the individual level, like I said, and people see this as a faceless corporation, “Oh, they can afford it.” You know, “no big deal”. You know, “Whatever, they’re ripping off the little guy.” You know. People see it that way, and they explain it away much easier than, you know, somebody going off and punching someone in the face and then proceeding to steal their wallet. Even if the dollar figure of the financial fraud is much higher, people are generally less concerned. And I think that’s a real problem because it might entice some people into committing these crimes because they are considered “soft”. And if you’re willing to do small things, it’s going to, as in my case, eventually spiral you downwards. I started with very small fraud, and then got larger. Not that everybody would do that. Not that the police officer taking the burger for free from Burger King is going to step up to, you know, to extortion or something, but certainly it could, could definitely snowball and lead to something.

Katina Michael: It has been about 6 years since you were arrested. Has much has changed in the banking sector regarding triggers or detection of cybercriminal acts?

Dan DeFilippi: Yeah. What credit card companies are doing now is pattern match­ing and using software to find and root out these kind of things. I think that’s really key. You know, they recognize patterns of fraud and they flag it and they bring it out. I think using technology to your advantage to identify these patterns of fraud and investigate, report and root them out is probably, you know, one of the best techniques for dollar returns.

Katina Michael: How long were you actually working for the US Secret Service, as a matter of interest? Was it the length of your alleged, or so-called prison term, or how did that work?

Dan DeFilippi: No. So I was arrested early December 2004. I started working with the Secret Service in April 2005, so about six months later. And I worked with them fulltime almost for two years. I cut back on the hours a little bit towards the end, because I went back to university. But it was, it was almost exactly two years, and most of it was fulltime.

Katina Michael: I’ve heard that the US is tougher on cybercrime relative to other crimes. Is this true?

Dan DeFilippi: The punishment for credit card fraud is eight-and-a-half years in the US.

Katina Michael: Do these sentences reduce the likelihood that someone might get caught up in this kind of fraud?

Dan DeFilippi: It’s a contested topic that’s been hotly debated for a long time. And also in ethics, you know, it’s certainly an interesting topic as well. But I think it depends on the type of person. I wasn’t a hardened criminal, I wasn’t the fella down on the street, I was just a kid playing around at first that just got more serious and serious as time went on. You know, I had a great upbring­ing, I had good morals. And I think to that type of person, it does have an impact. I think that somebody who has a bright future, or could have a bright future, and could throw it all away for a couple of hundred thousand dollars, or whatever, they recognize that, I think. At least the more intelligent people recognize it in that ... you know, “This is going to ruin my life or potentially ruin a large portion of my life.” So, I think it’s obviously not the only deterrent but it can certainly be useful.

Katina Michael: You note that you worked alone. Was this always the case? Did you recruit people to assist you with the fraud and where did you go to find these people?

Dan DeFilippi: Okay. So I mainly worked alone but I did also work with other people, like I said. I was very careful to protect myself. I knew that if I had partners that I worked with regularly it was high risk. So what I did was on these discussion forums, I often chatted with people beyond just doing the credit card fraud, I did other things as well. I sold fake IDs online. I sold the printed cards online. And because I was doing this, I networked with people, and there were a few cases where I worked with other people. For example, I met somebody online. Could have been law enforcement, I don’t know. I would print them a card, send it to them, they would buy something in the store, they would mail back the item, the thing they bought, and then I would sell them online and we would split the money 50/50.

Katina Michael: Was this the manner you engaged others? An equal split?

Dan DeFilippi: Yes, actually, exactly the same deal for instance, with the person I was working with in person, and that person I met through my fake IDs. When I had been selling the fake IDs, I had a network of people that resold for me at the schools. He was one of the people that had been doing that. And then when he found out that I was going to stop selling IDs, I sort of sold him my equipment and he kind of took over. And then he realized I must have something else going on, because why would I stop doing it, it must be pretty lucrative. So when he knew that, you know, he kept pushing me. “What are you doing? Hey, I want to get involved.” And this and that. So it was that person that I happened to meet in person that in the end was my downfall, so to speak.

Katina Michael: Did anyone, say a close family or friend, know what you were doing?

Dan DeFilippi: Absolutely not. No. And I, I made it a point to not let anyone know what I was doing. I almost made it a game, because I just didn’t tell anybody anything. Well, my family I told I had a job, you know, they didn’t know... but all my friends, I just told them nothing. They would always ask me, you know, “Where do you get your money? Where do you get all this stuff?” and I would just say, “Well, you know, doing stuff.” So it was a mystery. And I kind of enjoyed having this mysterious aura about me. You know. What does this guy do? And nobody ever thought it would be anything illegitimate. Everybody thought I was doing something, you know, my own webs ites, or maybe thought I was doing something like pornography or something. I don’t know. But yeah, I definitely did not tell anybody else. I didn’t want anybody to know.

Katina Michael: What was the most outrageous thing you bought with the money you earned from stolen credit cards?

Dan DeFilippi: More than the money, the outrageous things that I did with the cards is probably the matter. In my case the main motivation was not the money alone, the money was almost valueless to a degree. Anything that anyone could buy with a card in a store, I could get for free. So, this is a mind-set change a fraudster goes through that I didn’t really highlight yet. But money had very little value to me, directly, just because there was so much I could just go out and get for free. So I would just buy stupid random things with these stolen cards. You know, for example, the case where I actually ended up leading to my arrest, we had gone out and we had purchased a laptop before that one that failed, and we bought pizza. You know? So you know, a $10 charge on a stolen credit card for pizza, risking arrest, you know, for, for a pizza. And I would buy stupid stuff like that all the time. And just because I knew it, I had that experience, I could just get away with it mostly.

Katina Michael: You’ve been pretty open with interviews you’ve given. Why?

Dan DeFilippi: It helped me move on and not to keep secrets.

Katina Michael: And on that line of thinking, had you ever met one of your victims? And I don’t mean the credit card company. I actually mean the individual whose credit card you defrauded?

Dan DeFilippi: So I haven’t personally met anyone but I have read statements. So as part of sentencing, the prosecutor solicited statements from victims. And the mind-set is always, “Big faceless corporation, you know, you just call your bank and they just, you know, reverse the charges and no big deal. It takes a little bit of time, but you know, whatever.” And the prosecutor ended up get­ting three or four statements from individuals who actually were impacted by this, and honestly, you know, I felt very upset after reading them. And I do, I still go back and I read them every once in a while. I get this great sinking feeling, that these people were affected by it. So I haven’t actually personally met anyone but just those statements.

Katina Michael: How much of hacking do you think is acting? To me traditional hacking is someone sort of hacking into a website and perhaps downloading some data. However, in your case, there was a physical presence, you walked into the store and confronted real people. It wasn’t all card-not-present fraud where you could be completely anonymous in appearance.

Dan DeFilippi: It was absolutely acting. You know, I haven’t gone into great detail in this interview, but I did hack credit card information and stuff, that’s where I got some of my info. And I did online fraud too. I mean, I would order stuff off websites and things like that. But yeah, the being in the store and playing that role, it was totally acting. It was, like I mentioned, you are playing the part of a normal person. And that normal person can be anybody. You know. You could be a high-roller, or you could just be some college student going to buy a laptop. So it was pure acting. And I like to think that I got reasonably good at it. And I would come up with scenarios. You know, ahead of time. I would think of scenarios. And answers to situations. I came up with techniques that I thought worked pretty well to talk my way out of bad situations. For example, if I was going to go up and purchase something, I might say to the cashier, before they swiped the card, I’d say, “Oh, that came to a lot more than I thought it would be. I hope my card works.” So that way, if something happened where the card was declined or it came up call for authorization, I could say, “Oh yeah, I must not have gotten my payment” or something like that. So, yeah, it was definitely acting.

Katina Michael: You’ve mentioned this idea of downward spiraling. Could you elaborate?

Dan DeFilippi: I think this is partially something that happens and it happens if you’re in this and do this too much. So catching people early on, before this takes effect is important. Now, when you’re trying to catch people involved in this, you have to really think about these kinds of things. Like, why are they doing this? Why are they motivated? And the thought process, like I was saying, is definitely very different. In my case, because I had this hacker background, and I wasn’t, you know, like some street thug who just found a computer. I did it for more than just the money. I mean, it was certainly because of the chal­lenge. It was because I was doing things I knew other people weren’t doing. I was kind of this rogue figure, this rebel. And I was learning at the edge. And especially, if I could learn something, or discover something, some technique, that I thought nobody else was using or very few people were using it, to me that was a rush. I mean, it’s almost like a drug. Except with a drug, with an addict, you’re chasing that “first high” but can’t get back to it, and with credit card fraud, your “high” is always going up. The more money you make, the better it feels. The more challenges you complete, the better you feel.

Katina Michael: You make it sound so easy. That anyone could get into cybercrime. What makes it so easy?

Dan DeFilippi: So really, you’ve got to fill the holes in the systems so they can’t be exploited. What happens is crackers, i.e. criminal hackers, and fraudsters, look for easy access. If there are ten companies that they can target, and your company has weak security, and the other nine have strong security, they’re going after you. Okay? Also, in the reverse. So if your company has strong security and nine others have weak security, well, they’re going to have a field-day with the others and they’re just going to walk past you. You know, they’re just going to skip you and move on to the next target. So you need to patch the holes in your technology and in your organization. I don’t know if you’ve noticed recently, but there’s been all kinds of hacking in the news. The PlayStation network was hacked and a lot of US targets. These are basic things that would have been discovered had they had proper controls in place, or proper security auditing happening.

Katina Michael: Okay, so there is the systems focus of weaknesses. But what about human factor issues?

Dan DeFilippi: So another step to the personnel is training. Training really is key. And I’m going to give you two stories, very similar but with totally different outcomes, that happened to me. So a little bit more about what I used to do frequently. I would mainly print fake credit cards, put stolen data on those cards and use them in store to go and purchase items. Electronics, and things like that, to go and re-sell them. So ... and in these two stories, I was at a big- box well-known electronics retailer, with a card with a matching fake ID. I also made the driver’s licenses to go along with the credit cards. And I was at this first location to purchase a laptop. So pick up your laptop and then go through the standard process. And when committing this type of crime you have to have a certain mindset. So you have to think, “I am not committing a crime. I am not stealing here. I am just a normal consumer purchasing things. So I am just buying a laptop, just like any other person would go into the store and buy a laptop.” So in this first story, I’m in the store, purchasing a laptop. Picked it out, you know, went through the standard process, they went and swiped my card. And it came up with a ‘CFA’ – call for authorization. Now, a call for authorization is a case where it’s flagged on the computer and you actually have to call in and talk to an operator that will then verify additional information to make sure it’s not fraud. If you’re trying to commit fraud, it’s a bad thing. You can’t verify this, right? Right? So this is a case where it’s very possible that you could get caught, so you try to talk your way out of the situation. You try to walk away, you try to get out of it. Well, in this case, I was unable to escape. I was unable to talk my way out of it, and they did the call for authorization. They called in. We had to go up to the front of the store, there was a customer service desk, and they had somebody up there call it in and discuss this with them. And I didn’t overhear what they were saying. I had to stand to the side. About five or ten minutes later, I don’t know, I pretty much lost track of time at that point, they come back to me and they said, “I’m sorry, we can’t complete this transaction because your information doesn’t match the information on the credit card account.” That should have raised red flags. That should have meant the worse alarm bells possible.

Katina Michael: Indeed.

Dan DeFilippi: There should have been security coming up to me immediately. They should have notified higher people in the organization to look into the matter. But rather than doing that, they just came up to me, handed me back my cards and apologized. Poor training. So just like a normal consumer, I act surprised and alarmed and amused. You know, and I kind of talked my way out of this too, “You know, what are you talking about? I have my ID and here’s my card. Obviously this is the real information.” Whatever. They just let me walk out of the store. And I got out of there as quickly as possible. And you know, basically walked away and drove away. Poor training. Had that person had the proper training to understand what was going on and what the situation was, I probably would have been arrested that day. At the very least, there would have been a foot-chase.

Katina Michael: Unbelievable. That was very poor on the side of the cashier. And the other story you were going to share?

Dan DeFilippi: The second story was the opposite experience. The personnel had proper training. Same situation. Different store. Same big-box electronic store at a different place. Go in. And this time I was actually with somebody else, who was working with me at the time. We go in together. I was posing as his friend and he was just purchasing a computer. And this time we, we didn’t really approach it like we normally did. We kind of rushed because we’d been out for a while and we just wanted to leave, so we kind of rushed it faster than a normal person would purchase a computer. Which was unusual, but not a big deal. The person handling the transaction tried to upsell, upsell some things, warranties, accessories, software, and all that stuff, and we just, “No, no, no, we don’t ... we just want to, you know, kind of rush it through.” Which is kind of weird, but okay, it happens.

Katina Michael: I’m sure this would have raised even a little suspicion however.

Dan DeFilippi: So when he went to process the transaction, he asked for the ID with the credit card, which happens at times. But at this point the person I was with started getting a little nervous. He wasn’t as used to it as I was. My biggest thing was I never panicked, no matter what the situation. I always tried to not show nervousness. And so he’s getting nervous. The guy’s checking his ID, swipes the card, okay, finally going to go through this, and call for authorization. Same situation. Except for this time, you have somebody here who’s trying to
do the transaction and he is really, really getting nervous. He’s shifting back and forth. He’s in a cold sweat. He’s fidgeting. Something’s clearly wrong with this transaction. Now, the person who was handling this transaction, the person who was trying to take the card payment and everything, it happened to be the manager of this department store. He happened to be well-trained. He happened to know and realize that something was very wrong here. Something
was not right with this transaction. So the call for authorization came up. Now, again, he had to go to the front of the store. He, he never let that credit card and fake ID out of his hands. He held on to them tight the whole time. There was no way we could have gotten them back. So he goes up to the front and he says, “All right, well, we’re going to do this.” And we said, “Okay, well, we’ll go and look at the stock while you’re doing it.” You know. I just sort of tried to play off, and as soon as he walked away, I said, “We need to get out of here.” And we left; leaving behind the ID and card. Some may not realize it as I am retelling the story, but this is what ended up leading to my arrest. They ran his photo off his ID on the local news network, somebody recognized him, turned him in, and he turned me in. So this was an obvious case of good, proper training. This guy knew how to handle the situation, and he not only prevented that fraud from happening, he prevented that laptop from leaving the store. But he also helped to catch me, and somebody else, and shot down what I was doing. So clearly, you know, failing to train people leads to failure. Okay? You need to have proper training. And you need to be able to handle the situation.

Katina Michael: What did you learn from your time at the Secret Service?

Dan DeFilippi: So a little bit more in-depth on what I observed of cybercriminals when I was working with the Secret Service. Now, this is going to be a little aside here, but it’s relevant. So people are arrogant. You have to be arrogant to commit a crime, at some level. You have to think you can get away with it. You’re not going to do it if you can’t, you know, if you think you’re going to get caught. So there’s arrogance there. And this same arrogance can be used against them. Up until the point where I got caught in the story I just told you that led to my arrest, I was arrogant. I actually wasn’t protecting myself as well as I had been, should have been. Had I been investigated closer, had law enforcement being monitoring me, they could have caught me a lot earlier. I left traces back to my office. I wasn’t very careful with protecting my office, and they could have come back and found me. So you can play off arrogance but also ignorance, obviously. They go hand-in-hand. So the more arrogant somebody is, the more risk they’re willing to take. One of the things we found frequently works to catch people was email. Most people don’t realize that email actually contains the IP address of your computer. This is the identifier on the Internet to distinguish who you are. Even a lot of criminals who are very intelligent, who are involved in this stuff, do not realize that email shows this. And it’s very easy. You just look at the source of the email and boom, there you go. You’ve got somebody’s location. This was used countless times, over and over, to catch people. Now, obviously the real big fish, the people who are really intelligent and really in this, take steps to protect themselves with that, but then those are the people who are supremely arrogant.

Katina Michael: Can you give us a specific example?

Dan DeFilippi: One case that happened a few years ago, let’s call the individual “Ted”. He actually ran a number of these online forums. These are “carding” forums, online discussion boards, where people commit these crimes. And he was extremely arrogant. He was extremely, let’s say, egotistical as well. He was very good at what he did. He was a good cracker, though he got caught multiple times. So he actually ran one of these sites, and it was a large site, and in the process, he even hacked law enforcement computers and found out information about some of these other operations that were going on. Actu­ally outed some, some informants, but the people didn’t believe him. A lot of people didn’t believe him. And his arrogance is really what led to his downfall. Because he was so arrogant he thought that he could get away with everything. He thought that he was protecting himself. And the fact of the matter was, law enforcement knew who he was almost the whole time. They tracked him back using basic techniques just like using email. Actually email was used as part of the evidence, but they actually found him before that. And it was his arrogance that really led to his getting arrested again, because he just didn’t protect himself well enough. And this really I cannot emphasize it enough, but this can really be used against people.

Katina Michael: Do you think that cybercrimes will increase in size and number and impact?

Dan DeFilippi: Financial crime is going up and up. And everybody knows this. The reality is that technology works for criminals as much as it works for businesses. Large organizations just can’t evolve fast enough. They’re slow in comparison to cybercriminals.

Katina Michael: How so?

Dan DeFilippi: A criminal’s going to use any tools they can to commit their crimes. They’re going to stay on top of their game. They’re going to be at the forefront of technology. They’re going to be the ones out there pioneering new tech­niques, finding the holes before anybody else, in new systems to get access to your data. They’re going to be the ones out there, and combining that with the availability of information. When I started hacking back in the ‘90s, it was not easy to learn. You really pretty much had to go into these chat-rooms and become kind of like an apprentice. You had to have people teach you.

Katina Michael: And today?

Dan DeFilippi: Well after the 2000s, when I started doing the identification stuff, there was easier access to data. There were more discussion boards, places where you could learn about these things, and then today it’s super easy to find any of this information. Myself, I actually wrote some tutorials on how to conduct credit card fraud. I wrote, like, a guide to in-store carding. I included how to go about it, what equipment to use, what to purchase, and it’s all out there in the public domain. You don’t even have to understand any of this. You know, you could know nothing about technology, spend a few hours online searching for this stuff, learn how to do it, and order the stuff overnight and the next day you could be out there going and doing this stuff. That’s how easy it is. And that’s why it’s really going up, in my opinion.

Katina Michael: Do you think credit card fraudsters realize the negative conse­quences of their actions?

Dan DeFilippi: People don’t realize that there is a real negative consequence to this nowadays. I’m not sure what the laws are in Australia about identity theft and credit card fraud, but in the United States, it used to be very, very easy to get away with. If you were caught, it would be a slap on the wrist. You would get almost nothing happening to you. It was more like give the money back, and possibly serve jail time if it was a repeat offence, but really that was no deterrent. Then it exploded post dot com crash, then a few years ago, we passed a new law that it’s a mandatory two years in prison if you commit identity theft. And credit card fraud is considered identity theft in the United States. So you’re guaranteed of some time in jail if caught.

Katina Michael: Do you think people are aware of the penalties?

Dan DeFilippi: People don’t realize it. And they think, “Oh, it’s nothing, you know, a slap on the wrist.” There is a need for more awareness, and campaigning on this matter. People need to be aware of the consequences of their actions. Had I realized how much time I could serve for this kind of crime, I probably would have stopped sooner. Long story short, because I worked with the Se­cret Service and trained them for a few years, I managed to keep myself out of prison. Had I not done that, I would have actually been facing eight-and-a-half years. That’s serious, especially for somebody who’s in their early 20s. And really had that happened, my future would have been ruined, I think. I probably would have become a lifelong criminal because prisons are basically teaching institutions for crime. So really I, had I known, had I realized it, I wouldn’t have done it. And I think especially younger people, if they realize that the major consequences to these actions, that they can be caught nowadays, that there are people out there looking to catch them, that really would help cut back on this. Also catching people earlier of course is more ideal. Had I been caught early on, before my mind-set had changed and the emotional ties had been broken, I think I would have definitely stopped before it got this far. It would have made a much bigger impact on me. And that’s it.