Legality of software restrictions

[quote="ProfessorEd"]Respironics and Resmed have apparently told their DME firms not to sell the software to the general public.

A general principal of anti-tust law is that such actions where a manufacturers tells retailers not to sell to certan people are a "restraint of trade" and are illegal.

However, there may be exceptions for case such as this where it might be argued the public would be endangered by having access to more informaiton or the ability to change settings.

Is anyone up to date on antitrust law to know this area or have an informed opinion?

The anti-competitive effect of this policy is obvious since this restriction can created additional business for doctors or DME firms (if they charge a fee for reading the cards).

there may be a possible class action lawsuit here where the damages might be large since health is arguable being endanagered by not having needed information on whether our treatment is working. I suspect if the law is on our side (or even arguably on our side) that the firms would chose to settle and a class action lawyer would get a good fee out of it (and hence would be willing to take the case on for a contingency only fee) and thi would make the software available again, with possibly a small cash settlement to those who were hurt (more likely a coupon for a discount).

Since it is likely the equipment firms tried to remove the software only to keep the doctors or DME firms happy (who determine which manufacturers get the business in most cases), I supsect they would concede quickly and explain to those that wanted software access restricted (DME firms probably) that they had not legal choice.

By not having software available machiine manufactuers are at a competitive disadvantage with Puritan-Bennett (as long as they offer their software to the public). Also, there is somemoney to be made from software sales to the public (Obviously a disk and small manual is very cheap to make).

Actually my anti-trust law knowledge is a lot better than just having looked it up on the internet. While not a lawyer, I have had graduate level economcs courses dealing with the area and have read quite a few decisions (even for one case spending significant time in the a Harvard Library reading the filings) and have read several text books on the subject.

Still the issues are complex here and I hoping there would be someone with real knowledge of the relevant cases here.

Snorkel wrote:I know someone who spends his life dealing with smart cards - interop and drivers - and I'll see if I can get any ideas from him.

If EPA understands how to read the SQL db, then the only real issue *is* as pointed out reading the data (and understanding the data structure) on the cards, which I doubt would be very hard. Since I see no encryption stuff in the Encore Pro UI, I doubt the cards themselves have encryption enabled.

David

I don't believe the encryption is in the UI it'self, but is probably in the ERASE/FORMAT module. It does not take much to use a key, but then that is what "smart cards" were designed for. It has a "processor" of sorts and appears to be programmed from the UI. Good news is that they really can't change the "key" so any reverse engineered key would always work. I know there is a size limit on the key, if my memory was better I'd remember it.

Anyone know a cheap/reasonable place to buy cards? OR better yet the real vendor? Like the read/writer, it is OEM'd from someone... I want to clone one with data on it, if it is readable, then it not encrypted. It is nice that they used a read/write card reader for the UI instead of just a reader and having the xPAP machine overwrite data or reinitialize when inserted.

mb

"Actually my anti-trust law knowledge is a lot better than just having looked it up on the internet. While not a lawyer, I have had graduate level economcs courses dealing with the area and have read quite a few decisions (even for one case spending significant time in the a Harvard Library reading the filings) and have read several text books on the subject".

You may have takan an economics course or two but you know nothing about anti trust law. I think it would be a safe bet that I have taken many more economics and finance courses than you. You are still clueless. In reading your posts I don't consider you an expert on econimics either.

mhacker wrote:

Snorkel wrote:I know someone who spends his life dealing with smart cards - interop and drivers - and I'll see if I can get any ideas from him.

If EPA understands how to read the SQL db, then the only real issue *is* as pointed out reading the data (and understanding the data structure) on the cards, which I doubt would be very hard. Since I see no encryption stuff in the Encore Pro UI, I doubt the cards themselves have encryption enabled.

David

I don't believe the encryption is in the UI it'self, but is probably in the ERASE/FORMAT module. It does not take much to use a key, but then that is what "smart cards" were designed for. It has a "processor" of sorts and appears to be programmed from the UI. Good news is that they really can't change the "key" so any reverse engineered key would always work. I know there is a size limit on the key, if my memory was better I'd remember it.

Anyone know a cheap/reasonable place to buy cards? OR better yet the real vendor? Like the read/writer, it is OEM'd from someone... I want to clone one with data on it, if it is readable, then it not encrypted. It is nice that they used a read/write card reader for the UI instead of just a reader and having the xPAP machine overwrite data or reinitialize when inserted.

mb

Remember, they are in the business of selling things. And making money.

Getting the data off the card is the thing. EPA just reads the sql data base "after" EP has retrieved, converted and stored it. The best practice here would be read the data straight to a file and then use a program like EPA to get the results.

It probably makes sense to store the data in sql - cross check for "ghosts" with EPA and EP. Once the door is open to getting the data then it can be written out in any format (open source) and any platform can have a program to read the data.

I know tonight I learned something and when I looked at my data - I see a problem with me and my mask. One more reason to get to the data and write an interpretive guide to what it all means. However, information overload can be very discouraging in the beginning, glad I fell down a few times first.

mb

snorkel, mhacker, Bert, jskinner, other hacks.

It sounds that the skill set easliy exists between you to write an interface with EPA. If Fortran, PL/1, and COBOL skills helped, I'd help code.

But what I am known to do is to contriute financially in my own small way to software of community interest. James has a link up for contributions, i believe. The cards are pretty cheap, and the reader from HK also.

And I'm a fair to middling Project Manager, but this doesn't really seem to merit one. I wonder though, if this discussion might need to go to Private Messaging, though.

mhacker wrote:Getting the data off the card is the thing. EPA just reads the sql data base "after" EP has retrieved, converted and stored it. The best practice here would be read the data straight to a file and then use a program like EPA to get the results.

Has anyone taken a look at an Encore Pro SQL database with Enterprise Manager? Enterprise Manager is the management interface for the full blown MS SQL Server product. We use Enterprise Manager to manage our SQL servers at work and it will also read the slimmed down version of SQL server databases created by MSDE. Unfortunately I don't have any EP SQL database to look at because my machine is a Resmed.

If one was to look at the Stored Procedures with Enterprise Manager, it may give some insight to how the data is coming off the card. I would bet it is in plain text at some point and the SQL engine parses it and loads it into the necessary tables. Of course, at this point, I may be putting the cart before the horse. If no one can read the data off the card, knowing how SQL processes it isn't really that helpful.

Dave

I have had a look into this. While I am no expert, I was able to learn that the cards on not standard "memory" cards. In other words, they do more than simply store data. This means that the system is probably proprietary, probably encrypted, which would render illegal under DMCA any cracking of the system.

The most promising approach, in my view, is to capture the data before it goes to the card.

the cards on not standard "memory" cards. In other words, they do more than simply store data. This means that the system is probably proprietary, probably encrypted, which would render illegal under DMCA any cracking of the system.

Yep, but if the data is not encrypted then it can be read out with a program and would be legal. Still looking into the issue...

The most promising approach, in my view, is to capture the data before it goes to the card.

That would defeat the purpose of reading the data universally for all users. A hardware mod is beyond most people's ability.

I think it is time that this be reverse engineered...we have a right to our own data IMO.

I think if I were doing it, it would be nice to have a WiFi interface, so you don't have to worry about corrupt data downloads, or having a card reader. Or even bluetooth, provided it meets the range requirements.

Or at least the software should be available for distribution or something...IDK. Someone care to put it up onto the Gnutella network? P2P baby! This is about the patient...

If anyone needs a PCB laid out let me know, I have the software to do it.

I think if I were doing it, it would be nice to have a WiFi interface, so you don't have to worry about corrupt data downloads, or having a card reader. Or even bluetooth, provided it meets the range requirements.

Nope, it would be streaming data, you still need to capture it to analyse it. That means leaving the computer on with the program running. If there was a glich, you could lose all the night's data. Using a card is not the problem, it is the software that is lacking (no pun). I have installed medical software that costs thousands of dollars. This program would not interface with any of them. It is a very poor patient tracking program, and at best a very bad information data base.

Personally, if were Respironics, I would release a "single user" edition that phoned home for validation (copy protection) and gave users a chance to store their data either online or in a file on their system. They could market it as a feature, just like they do the recorder.

Anyone have luck combining data from several weeks into one report? Thank Jim for EPA or I would remove this program after I used it twice.

mb

[quote="mhacker
Personally, if were Respironics, I would release a "single user" edition that phoned home for validation (copy protection) and gave users a chance to store their data either online or in a file on their system. They could market it as a feature, just like they do the recorder.
[/quote]

Or just build the memory and a web server into the unit, put an ethernet port on the back and let it be network accessible like so many other consumer electronic items. If this functionality can be built into a cheapo $30 router, why can't it be put into an expensive CPAP machine? But then if they were concerned about the patients, the software would still be available.

Dave

Having a decent amount of experience in this area, im considering spending some time on this.

Given my other workload, I would need to know there are other skilled people that can work on this as well.

PM me if interested. Thanks.

Dave Or just build the memory and a web server into the unit, put an ethernet port on the back and let it be network accessible like so many other consumer electronic items. If this functionality can be built into a cheapo $30 router, why can't it be put into an expensive CPAP machine? But then if they were concerned about the patients, the software would still be available.

I agree, every room in my house has 2 ports (hot tub 4 and pool 6), I can go wireless from across the street to behind the pool. Just not everyone is lucky like that.

I would agree to reinvent the wheel but there is an established circular userbase. If it can not be done with the Smartcard, then I'd say spend the time building a different module. Don't be surprised that no one can or will buy it. From the reading I have done, most people have spent a lot of money already. I am lucky mine was 100% covered and somehow I managed to get the top upgrades - not like I knew what I was doing either. To tell someone to spend a lot of money when their friend will loan a copy of the software.... It is just not practical.

IMHO - this is just a software issue, not a hardware problem and a software fix can be spread to everyone, universal, no extra skills required.

That is not to say that you reminded me I have a spare NAS chassis and the idea interests me...