Despite MN Supreme Court Ruling, Breathalyzer Manufacturer Refuses to Turn Over Source Code

from the code-is-law dept

Earlier this month, the Minnesota Supreme Court ruled that defendants accused of drunk driving have the right to inspect the source code of the breathalyzers used in their arrest. This is the right decision for a number of reasons - not only have studies shown that breathalyzers are poorly coded, potentially leading to inaccurate results, but in a legal system with the right to confront one's accusers, being able to examine the source code for errors seems like a fair digital extension. Given that more and more law enforcement is being done through shoddy technical tools, assuring fair procedure in code is no different than doing so for police officer behavior.

However, the breathalyzer manufacturer, CMI, is refusing to turn over the source code, claiming that doing so would reveal "trade secrets." Ed Felten points out that this is logically inconsistent with CMI's assertion that the source code is straight-forward calculations. If that is so, secrecy isn't what is stopping competitors from emulating CMI's product. The more likely reason for not revealing the source code, of course, is the same reason e-voting is so controversial: the code is crappy.

The obvious answer was posited years ago by Eric S. Raymond - given enough eyeballs, all bugs are shallow. The source code for breathalyzers, e-voting machines and other technical law enforcers should be open source to ensure that secrecy doesn't obscure important imperfections.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    SRJCollege@gmail.com, May 12th, 2009 @ 9:26am

    Case Dismissed

    You are free to go. Please don't drink and drive.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    lavi d (profile), May 12th, 2009 @ 9:29am

    Also

    Hic! Yesh!

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Tgeigs, May 12th, 2009 @ 9:44am

    Hahaha

    "Listen, occifer, I'm not putting my mouth on that thing, no matter how much you want me to blow it. I don't want to catch any bugs from its code, yo!"

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Ima Fish, May 12th, 2009 @ 9:49am

    It would seem obvious that our constitutionally protected right to confront one's accusers should take precedent over a trade secret. But who cares about inalienable rights when there's profits to protect.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Buzz, May 12th, 2009 @ 9:51am

    HA!

    Trade secret? In breathalyzer code? HA! Like what?

    "We user zero comments in our code."

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    lavi d (profile), May 12th, 2009 @ 10:02am

    Re: Case Dismissed

    SRJCollege@gmail.com

    You sir, are evil.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Ed, May 12th, 2009 @ 10:09am

    Put blame where it is due.

    I believe that the accused probably has a right to have called for a blood test. But they probably decided that they would rather fight what was probably an obvious case of DUI than to stop drinking and driving.
    This is probably compounded because an officer pulled the defendent over because they were driving erratically in the first place.

    But no matter what, the source code isn't going to even solve the dilemna. If they can't invalidate the source code, the next thing that they'll do is go after the sensor manufacturer. and then the batter manufacturer, and then the display manufacturer.

    The reality should be that the analyzer should be tested using standard scientific principals and methods to assure proper reading. I believe that this would be done by blowing air with the specified concentration of alcohol through it and noting the readings.

    It really doesn't matter to me what the code is, it's what the results are that is important.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    spencerMatthewP, May 12th, 2009 @ 10:21am

    A bug does not exist until it's found

    I'm a software engineer. One thing I've found is that problems don't exist until they're found. It's entirely possible that in the design phase of the product that no one thought the scenario of use would come up.

    For instance in the e-voting. It's easy to think that no one would walk away from the machine without committing the vote. It's possible that the designers never thought that someone would try to do something funny with the breathalyzer, or that various other substances might trigger a false positive.

    It's impossible to perform a 100% negative-test. (Give bad input, an get the proper response. There are too many possible bad inputs) It's much easier to do a full positive test. (All perfect inputs give the correct output.) I'm guessing that in the real world, there are problems with the code that these developers never imagined. And rather than simply own up to it, go back and fix the problems; they are doing what most developers are wont to do. "There's nothing wrong with MY code. Why do you need to see it?"

    It's an easy trap to fall into. Unfortunately, that's the reason why so many software packages have so many problems. When a bug is found, swallow your pride and fix it. it'll make you a better developer.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    B, May 12th, 2009 @ 10:25am

    Re: Put blame where it is due.

    Your comment is a bit misguided. You don't know anything about the case beyond the fact that they're ACCUSED of DUI. Innocent until proven guilty, and if the instrument used to make the assertion is faulty, then the case is invalid.

    And those "what's next?" cases you mentioned should ABSOLUTELY be tested and checked and rechecked. Who knows? Maybe they'll find out that the source code is very well written, free of memory links and fully capable of doing its job. Congrats, now you have precedent AND a leg up on competitors because you can say "proven in a court of law" (see case: foo vs bar blah blah blah).

    Anything used in the public domain like this needs to be hammered at from all angles and it damn well better be able to stand up to the test.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    SimonTek (profile), May 12th, 2009 @ 10:43am

    Been saying it for years. Why don't we as a community build Systems to do it? I can setup the e-voting system. Breathalyzer, I know nothing about.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Jack Daniels, May 12th, 2009 @ 10:47am

    Alternate Ideas

    Meh!! ... if the cops pull you over, stop, jump out of the car, run to the sidewalk and down a mickey of booze right in front of them.

    Of course the analyzer will show positive.

    Wonder what the charge is for drinking in a public place??

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, May 12th, 2009 @ 11:19am

    Re: Put blame where it is due.

    the dilemna is that the batter has too much alcohol...

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Dave, May 12th, 2009 @ 11:19am

    Once again... maybe I'm being overly simplistic here... but wouldn't a carefully worded NDA from CMI address their "proprietary code" concerns?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    John Doe, May 12th, 2009 @ 11:44am

    Taken to the logical conclusion; you could call into question the code behind any digital evidence gathering device such as gene sequencers for DNA testing, imaging code used in the digital camera the photographed the scene to the BIOS used to run the radar gun. The code is not important, because the judge, jury, lawyers, defendant, prosecutor and so-on would have no way to make heads or tails of the code. What is important are the test results. Can the manufacturer demonstrate the device is accurate based on a 3rd party, independent testing facility?

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Yosi, May 12th, 2009 @ 11:47am

    Why stop on software?

    Why not examine HDL code of chips inside? How about netlist? Sensor signal-to-noise ratio? Maybe re-examine some physics in the process?
    As someone already pointed out, it's results that important, not underlying process.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, May 12th, 2009 @ 11:57am

    this reminds me of...

    Senator McCarthy and his list of commies. The list says you're a commie. What? No you can't see the list.

    bool isDrunk = false;
    try
    {
    isDrunk = CheckBreath();
    }
    catch (CrappyCodeException)
    {
    isDrunk = false;
    }

    return isDrunk;

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    B, May 12th, 2009 @ 12:04pm

    Re: Alternate Ideas

    After they tazed you

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    lulz, May 12th, 2009 @ 12:45pm

    Re: this reminds me of...

    Person suspect;

    suspect.CheckBreath();

    if ((suspect.suspectWantsSourceCode())== true){
    suspect.BeatDown();
    }

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    B, May 12th, 2009 @ 12:46pm

    Re: Why stop on software?

    And as I pointed out, you're damn right we should examine these things (either openly or by a published government audit).

    Putting input into a black box and having that black box render a verdict that greatly affects lives is unacceptable.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, May 12th, 2009 @ 12:47pm

    Re: Hahaha

    "...and I'm not going to use your breathalyzer either!"

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Freedom, May 12th, 2009 @ 12:56pm

    Re: Why stop on software?

    >> As someone already pointed out, it's results that important, not underlying process.

    Unless you understand how something works (i.e. the underlying process), you can't fully understand where it can fail. As we increasingly become dependent on our accuser being technology, it is vital that we have full and open access for not only the software/code, but hardware design, chips, and full product part traceability and validation processes.

    Software is nothing more than a set of procedures that a chip/design follows. We have access and can be critical of law enforcement procedures/steps used with a department, etc., but we can't do the same for software?

    For those that think a validation process (i.e. testing certification without source code access) is enough. How can any device be certified without examining the source code? You could perform literally millions of test combinations and certify the product is functionality correctly and you'll still the miss the one where it wasn't.

    When it comes to using technology to throw my a** in jail, I expect to have the right to examine every aspect of a device, procedure, process, etc., that says I'm guilty.

    Freedom

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Rob R., May 12th, 2009 @ 1:43pm

    So next they will want the code for the radar guns, the Video camera and of course Windows. The computer that the officer used to check their record runs MS Windows, so we need to see the source code for it.

    Ambulance chasing lawyers looking for loopholes to get guilty people off. Again.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    johnny, May 12th, 2009 @ 1:47pm

    technology....

    the high priest of false security(imprisonment)!

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, May 12th, 2009 @ 2:05pm

    Anyone claiming that what happens inside the code of the breathalizer is not important, that it can't be understood, other than by testing the results, must think that inside the breathalizer is some sort of alcohol-sniffing gnome that consults spirits from the Otherworld to determine whether a person is guilty or not of DUI.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    dennis parrott, May 12th, 2009 @ 2:19pm

    Re: Put blame where it is due.

    there is more to this business than just grepping their lousy code, or the follow-ons suggested by Ed in #7. let me explain...

    for a breathalyzer to have a prayer of standing up in court it has to be properly serviced at very regular intervals. from the bitter experience of a friend of mine I know that the service techs DO NOT follow proper procedures. those procedures are vital to ensuring the accuracy (to the extent they can be accurate) of the readings taken.

    a breathalyzer needs to be serviced BEFORE it goes in the field. in that service it has to be calibrated against known standards so that it can be trusted to make an accurate measurement while in the field. when it come back AFTER being in the field it must be compared against those same standards BEFORE any of its parts are touched otherwise you have invalidated any measurements taken. once that comparison is made you can repair any problems and then recalibrate it before sending it out. that process takes time and lots of techs will simply make repairs, calibrate and sign it off...

    if it were me, I would have simply attacked that area first. then i would have gotten into the very science of breathalyzers. if there ever was a definition of "junk science" there is a picture of a breathalyzer next to it!

    breathalyzers INFER blood alcohol volume (BAV being the basis of the legal definition of impairment in most states) from alcohol residue in your breath. that measurement is based on an idealized curve of alcohol transferring from your gut to your blood to your breath (via the lungs). that idealized curve was based on some scrawny 150 pound male at the time I learned about all this crap. EVERYONE metabolizes alcohol differently and that idealized curve is a really bad joke.

    while i feel that people ought not drive drunk i also feel that our "legal system" (code for "revenue enhancement gang") is geared to shoving people into a classification that will allow the "long arm of the law" (and the insurance companies and the people who will collect your "driver responsibility fee" and the chucklehead who will berate you at those bad driver clinics and ...) to take cash from your wallet over and over again...

    as for the source code, serve a warrant and lock the place down. that will get their bloody attention. oh, but wait, that might disrupt the revenue stream from this scam we call "drunk driving enforcement" so who would want to do that?

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    B, May 12th, 2009 @ 2:20pm

    Re:

    Your point has been made already and refuted. Twice.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Mike Mixer, May 12th, 2009 @ 2:46pm

    The point you are all missing

    This isn't about lousy code versus good code anymore, this is about accountability. Do the police buy the equipment that works the best? yes. Do police define what works the best by how many people get convicted of a crime using that equipment? yes. Does that create a situation where a manufacturer might use faulty hardware or software to make their equipment show more false positives thus resulting in more convictions? if you say no you're an idiot

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Tgeigs, May 12th, 2009 @ 2:46pm

    Re: Re: this reminds me of...

    Actually, depending on the city/state/county, should probably read more like this:

    Person suspect;

    suspect.CheckBreath();

    if ((suspect.suspectBlackMale())== true){
    suspect.ShootWhileFleeing();
    }

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    Eclecticdave (profile), May 12th, 2009 @ 3:03pm

    Re: Re: Put blame where it is due.

    > EVERYONE metabolizes alcohol differently and that idealized curve is a really bad joke.

    Ah yes, the "jeez, I only had a couple of cans" defence.

    It's really very simple - if you're going to be driving, DON'T DRINK. At all.

    Personally I don't drink and drive. Not because I don't want to get caught, but because I don't want to hit a kid. But feel free to keep justifying your position.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    White Privileges, May 12th, 2009 @ 3:04pm

    Re: Alternate Ideas

    I'm black I'll get shot before I make it to the curb. :p

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    RGS, May 12th, 2009 @ 3:23pm

    Re: Put blame where it is due.

    My, my! An intelligent comment and it pinpoints the obvious problem.......the "accused," not the code. And since this clown seems determined to take this to the supreme court and beyond, the manufacturer should offer a scientifically monitored court demostration of the device to determine its accuracy. Preferably with the very device used in the arrest. GET HIM! (or her?)

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Allen D. Porter, May 12th, 2009 @ 5:28pm

    Importance of Accuracy

    The ability to measure alcohol in the blood combined with numerous studies (read thousands and thousands of subjects) on the physiological effects of alcohol on the senses, and the setting of .08 as the legal limit for intoxicated driving makes up the basis for our DUI laws. But complaints regarding the accuracy of breathalyzers raise an important issue.

    Breathaylzers NEED to be accurate and their code NEEDS to be clean and consistent.

    I have said it before and I'll say it again. There are two reasons not to let your code go public. One is intellectual property rights and the other is because you know that your code sucks and you don't want anyone to find out! The interests of public safety (i.e. we need accurate breathalyzers to keep non-drinkers safe) should trump intellectual property rights.

    Unless the code sucks embarrassingly, they should just turn it over.

    So much talk goes on about the reliablility of breathalyzer code and somewhere in most discussions, it is brought out that the basic computations involved are 'well-established' and commonly available.

    I'd like to see a new open source breathalyzer on the market. But here's how I think it needs to work ...

    There needs to be an open source core which performs the true calculations wrapped within a digital cloak of additional features adorned by the authors. The core should be open, well-documented, and not impacted by wrapper code.

    With such a scenario, Company A and Company B, both produce breathaylzers which yield EXACTLY the same results consistently, although they operate, look, or cost different. The marketing needs to be independant of the coding because the coding should always be the same.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Azrael, May 13th, 2009 @ 12:18am

    Re: Why stop on software?

    And how would you know if the results are accurate ? By flying a magic wand maybe?

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Yosi, May 13th, 2009 @ 2:41am

    Re: Importance of Accuracy

    Open Source core? You seem to be clueless how any complex hardware and ASICs being developed. There's no single vendor that provides hardware core as open source.
    While being somewhat successful in software, open source in hardware is simply non-existing.

    Now, people here seems to think that by "examining" some kind of "source code" they can reach the conclusion whether results are accurate or not.
    It doesn't work this way. The correct one is to check results against reference model, nevermind open sourced or not.

    This thread makes me say only one thing: "what a bunch of incompetent dilettantes".

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This