Breathalizer Source Code Ruling Upheld
from the another-good-decision dept
A few years back, in a high profile series of lawsuits, a lawyer representing some folks accused of drunk driving asked the manufacturer of a breathalyzer testing machine for access to the product’s source code, so experts could review it to make sure it functioned properly. The company refused, citing trade secrets. However, a judge noted that this went against the defendants’ rights to a fair trial, and said that the breathalyzer evidence had to be thrown out. Slashdot points us to the news that an appeals court has upheld the ruling noting that due process outweighs the company’s trade secrets. While I have no problem with prosecuting drunk drivers, I do agree that the evidence should be solid — and not allowing the source code to be examined is a problem.
This is, in many ways, similar to the issue with e-voting machines. Considering the gov’t is making important decisions based on these machines, it seems only reasonable that the source code should be at least reviewable to investigate the quality of the machines. Though, it strikes me as odd that we’re even more stringent with Breathalyzers than with e-voting machines. Where’s the similar ruling about e-voting machines and the availability of their source code?
Filed Under: breathalyzer, openness, source code
Comments on “Breathalizer Source Code Ruling Upheld”
What about the source info about the machines hardware?
More people are at risk of having their lives changed through the action of drunk drivers. With elections, it’s not like changing one group of criminals for another will really change all that much for people, so it’s less important for voting machines.
That, or I’m just really, really cynical today.
Re: Re:
It’s one thing to be cynical, and another to be naive. Be blinded by hate or ignorance or innocence are all forms of naivety.
I mean, granted career politicians are not the sort of people you want running things. That’s why you get situations like Bush not getting impeached despite the 35 articles of impeachment read before congress: Pelosi said it was not “on the table” and when you look into why, its because if they went through with it and Bush DID get impeached so would Cheney and a few others and she’d be the President until the election.
It was politically inconvenient for her so they just didn’t bother with it.
At the same time there are politicians occasionally that are good for the people. Kennedy quite possibly could of been one, though I wonder if him being one of the “best Presidents ever” is because he was assassinated. I wasn’t alive at the time so I can’t really say how he was on a day to day basis, though he seemed to handle the Cuba thing and the space race pretty damn well.
Then there are the politicians that think they are doing what is best for the country, like Nixon. That guy screwed up big, but amazingly he didn’t realize how badly until it all came crashing down.
I’d say that more people are at risk to the actions of the President and other politicians than drunk driving. Sure, I see more drunks on the road than I’d like, but the last few administrations are partly why we’re in the current financial issues.
I don’t know about you, but a lot of people I know have had to go to Iraq and Afghanistan and I’ve lost more people to those countries than to any drunk driver. I don’t want a pacifist President, but I don’t want a trigger happy one either.
I’m guessing that giving public access to e-voting code would make it too easy for hackers to mess with the votes
Re: Re:
that’s the classic argument against open source.
but what ppl forget to mention or perhaps choose not too.
if the source code are open to the public then there weaknesses can be identified much faster and that code can be updated.
were as in the “closed code system” the weaknesses will remain and the few ppl who do manage to find them (and ppl will eventually find them) can exploit them as they need.
Re: Re:
NOT giving public access to e-voting code would make it too easy for crooks to mess with the votes. whatcha gonna do?
Re: Poorly written source code
If the code is well constructed, using appropriate security and encryption, access to the source code should not increase the ability to hack the machine. The real danger results from source code that experts have been allowed to evaluate is very poorly written and full of problems that can result in an incorrectly recorded vote. Opening the source code to inspection will pressure the manufacturers to write code that meets minimum security standards.
Re: Sheila
So it’s better that only a few hackers can rig the election rather than many, because?
I think that just gives us better representation if more hackers can do it.
Oh Please!!
Another lawyer trick to get the guilty off scot free. My company was asked to supply the source code for an indexing machine in a injury lawsuit, I did supply the source code, for a ten year old machine, not the one in question. Nobody knew, nobody questioned, why? Because ol’ Perry Mason wouldn’t know how to review a source code with a gun to his head. By the way we won the suit because the guy was drunk and operating the machine, maybe I should of had a breathalyzer installed on the machine!
YY
Re: Oh Please!!
“Another lawyer trick to get the guilty off scot free.” … “By the way we won the suit because the guy was drunk and operating the machine”
You said it yourself, Offering up the code did not change the end result of the case. So what is wrong with submitting the source code if it wont change anything other than adding a few, “I told you so”s. Unless you are worried that something would found which told the true story, and not your story.
Can you say, “Rights to a fair trial, not biased upon bias”?
Re: Oh Please!!
“I did supply the source code, for a ten year old machine, not the one in question.”
Good job on screwing with the system. Kudos to you, asshat.
Re: Oh Please!!
“I did supply the source code, for a ten year old machine, not the one in question. Nobody knew, nobody questioned, why? Because ol’ Perry Mason wouldn’t know how to review a source code with a gun to his head.”
Good thing for you the defendant & his lawyers weren’t tech-savvy enough to catch that. It seems to me that submitting source code TO THE COURT, AS EVIDENCE, for a machine other than the one in question, while telling the court that it IS the correct source code, would count as perjury.
Trials, Elections, or Gambling?
I’m not sure if you’re really commenting on our right to a just trial, or after the segue at the end, our right to open and fair elections (if we even have such a right).
Since you brought up voting, I’d like to comment that it has always surprised me that the Nevada Gaming Control Board takes electronic gambling more seriously than we seem to take electronic voting. They include serious technical security and performance specifications, source code deposit or escrow (can’t remember), audit, investigations, etc. They uncover real crime, at the machine code level, that cheats people out of money.
What does it say about us that we think fairness in gambling deserves more oversight than fairness in elections?
Rob Friedman -> “What about the source info about the machines hardware?”
— What ?
Re: Re:
He means the circuit diagram. Hardware and software programming are interchangeable, so it’s possible that something in the hardware could cause the devices to read inaccurately.
Re: DoxAvg
That’s exactly my argument against e-voting machines. There’s no way of knowing what’s inside them.
My work touches on InfoSec products for various government agencies, and these kind of questions are pretty important to them.
If given access to the source code, will the next lawsuit demand an unimpeachable chain from the source code to the device? Who’s to say that the source code delivered to the defendants isn’t from the “CYA” tree of the version control system, not the “special branch” that’s actually delivered to dirty cops?
While it may sound a little paranoid, it’s not unheard of for companies to sometimes bend the rules a little bit in order to cover up past mistakes.
Even if you can secure that chain, in Ken Thompson’s Reflections On Trusting Trust he outlines an argument wherein even if you have an demonstrated chain from source code to device, you still need to secure every device and piece of software involved from start to finish, and their entire histories. There’s a good summary of it at Good Math, Bad Math. It’s probably below the noise floor for a courtroom, but it pokes holes in the argument that “only by having access to the source can we be absolutely sure”. No, even with access to the source you can’t be absolutely sure.
Re: Re:
“Who’s to say that the source code delivered to the defendants isn’t from the “CYA” tree of the version control system, not the “special branch” that’s actually delivered to dirty cops?”
When pulled over for DUI/DWI, dont the cops use simple portable breathalyzers as a preliminary BAC screening. At the time that their device reads a number close enough to suspect you as being legally intoxicated, they will bring to their station for an “official” BAC reading through their more advanced Breathalyzer machine… aka, “The Drunk Verification Box” (or through blood-test if you decline that.)
Where's the lawsuit?
“Where’s the similar ruling about e-voting machines and the availability of their source code?”
Where’s the lawsuit to make it happen? Having groups like the EFF sue does not always help. It is much more effective when an actual victim brings the lawsuit. With the breathalizers, it is easy to find a specific victim. With voting machines, it is more difficult.
Step in the right direction
I’m glad to see this upheld. We seem to have a contingent in this country that believes because a crime is wrong, and should be punished that we should be able to do it behind closed doors and without due process.
Hmmmm.. our country does have some history to fall back on that kind of thing, ITS CALLED A WITCH HUNT!
due process and trade secrets
While it may be a (shallow) victory for due process, the effect is that it is more important to protect trade secrets than to prosecute drunk drivers. Isn’t there a public policy problem here somewhere? IP is climbing to the top of the legal hierarchy by leaps and bounds. Are we aware of this?
not the first
This is an excellent decision, but not the first of its kind. Litigation over the reliability and accuracy of the Breathalyzer has been going on around the country for a decade or more, and just off the top of my head both NJ and Minnesota appeals courts issued similar rulings previously. In NJ, the continued refusal of the company to turn over the source code eventually led to a ruling that Breathalyzer results were not reliable evidence in DUI cases, which in turn has led most counties to acquire newer and apparently more accurate machines from another manufacturer. It’s too soon to tell whether those will wind up in litigation as well, but the maker of the Breathalyzer is definitely losing market share as a result of its unwillingness to provide the code for independent evaluation.
To yaddayadda @ 3:49 am — your snarky comment is asinine. First, no competent attorney would attempt to review source code him/herself. They would retain an expert, and any really decent attorney would find someone with genuine expertise in the technology at issue. And second, you are very lucky nobody figured out what you did. Had you been caught, you would have been at risk of very severe sanctions by the court . . . up to and including hundreds of thousands of dollars in costs and fines, and even jail for contempt of court, which is a criminal offense. You may laugh, but I’ve seen it happen more than once to wiseass techies who think they can pull a fast one over lawyer snd the court, only to get caught and have to fork over a huge chunk of their earnings for a decade or more to compensate my client for attorney fees and expenses, the court for violating governing rules, and the penal system for the cost of incarceration while serving their sentence for the contempt violation.
Off topic, but after reading four posts, I had to put this in.
There is not their. (Only one example, I could go on for quite a bit.)
There are too many people (note NOT ppl) who need to learn to spell. Jeez.
If you can’t spell, you will not be as understood. If you can’t make yourselves (note NOT yourselfs) understood, you can’t expect you elected representatives to do what you want them to do.
Re: Off topic, but after reading four posts, I had to put this in.
“If you can’t spell, you will not be as understood. If you can’t make yourselves (note NOT yourselfs) understood, you can’t expect you elected representatives to do what you want them to do.”
Classic.
If I were a crooked cop trying to fix a breathalyzer result, I could probably find much simpler ways to do it, probably involving a cotton ball and a few drops of vodka. Anyone who’s seriously interested in testing the veracity of these things (and not just playing courtroom games) will consider that approach.
If I were the judge I would allow the defense to test the device to their hearts’ content, and if the prosecution balked I’d throw out the breathalyzer evidence. [bangs gavel]
While giving the source would be inappropriate...
…perhaps the detailed testing records that show the software/device works would be more appropriate? If these are going to be used in legal/public matters, the testing documentation should be made available.
Re: While giving the source would be inappropriate...
No doubt they should hand over the testing records, along with all other documentation relevant to the equipment at issue. But that does not eliminate the need for the source code. Without the code, I don’t see how an independent expert hired by counsel for the people challenging their DUI convictions could really evaluate how accurate these things are, what circumstances might cause the accuracy to vary beyond an acceptable tolerance range, and whether that problem (if it exists) is an inherent design flaw, or some other reason (e.g., cops not properly calibrating the equipment).
Re: While giving the source would be inappropriate...
Why would providing the source code be inappropriate ? What do they have to hide ?
The cheat code maybe ? Something like:
Up, Up, Down, Down, Left, Right, Left, Right, B, A
asas
asas