Breathalizer Source Code Ruling Upheld

from the another-good-decision dept

A few years back, in a high profile series of lawsuits, a lawyer representing some folks accused of drunk driving asked the manufacturer of a breathalyzer testing machine for access to the product’s source code, so experts could review it to make sure it functioned properly. The company refused, citing trade secrets. However, a judge noted that this went against the defendants’ rights to a fair trial, and said that the breathalyzer evidence had to be thrown out. Slashdot points us to the news that an appeals court has upheld the ruling noting that due process outweighs the company’s trade secrets. While I have no problem with prosecuting drunk drivers, I do agree that the evidence should be solid — and not allowing the source code to be examined is a problem.

This is, in many ways, similar to the issue with e-voting machines. Considering the gov’t is making important decisions based on these machines, it seems only reasonable that the source code should be at least reviewable to investigate the quality of the machines. Though, it strikes me as odd that we’re even more stringent with Breathalyzers than with e-voting machines. Where’s the similar ruling about e-voting machines and the availability of their source code?

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Breathalizer Source Code Ruling Upheld”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

It’s one thing to be cynical, and another to be naive. Be blinded by hate or ignorance or innocence are all forms of naivety.

I mean, granted career politicians are not the sort of people you want running things. That’s why you get situations like Bush not getting impeached despite the 35 articles of impeachment read before congress: Pelosi said it was not “on the table” and when you look into why, its because if they went through with it and Bush DID get impeached so would Cheney and a few others and she’d be the President until the election.

It was politically inconvenient for her so they just didn’t bother with it.

At the same time there are politicians occasionally that are good for the people. Kennedy quite possibly could of been one, though I wonder if him being one of the “best Presidents ever” is because he was assassinated. I wasn’t alive at the time so I can’t really say how he was on a day to day basis, though he seemed to handle the Cuba thing and the space race pretty damn well.

Then there are the politicians that think they are doing what is best for the country, like Nixon. That guy screwed up big, but amazingly he didn’t realize how badly until it all came crashing down.

I’d say that more people are at risk to the actions of the President and other politicians than drunk driving. Sure, I see more drunks on the road than I’d like, but the last few administrations are partly why we’re in the current financial issues.

I don’t know about you, but a lot of people I know have had to go to Iraq and Afghanistan and I’ve lost more people to those countries than to any drunk driver. I don’t want a pacifist President, but I don’t want a trigger happy one either.

Anonymous Coward says:

Re: Re:

that’s the classic argument against open source.

but what ppl forget to mention or perhaps choose not too.

if the source code are open to the public then there weaknesses can be identified much faster and that code can be updated.

were as in the “closed code system” the weaknesses will remain and the few ppl who do manage to find them (and ppl will eventually find them) can exploit them as they need.

Eleanor Hare says:

Re: Poorly written source code

If the code is well constructed, using appropriate security and encryption, access to the source code should not increase the ability to hack the machine. The real danger results from source code that experts have been allowed to evaluate is very poorly written and full of problems that can result in an incorrectly recorded vote. Opening the source code to inspection will pressure the manufacturers to write code that meets minimum security standards.

yaddayadda says:

Oh Please!!

Another lawyer trick to get the guilty off scot free. My company was asked to supply the source code for an indexing machine in a injury lawsuit, I did supply the source code, for a ten year old machine, not the one in question. Nobody knew, nobody questioned, why? Because ol’ Perry Mason wouldn’t know how to review a source code with a gun to his head. By the way we won the suit because the guy was drunk and operating the machine, maybe I should of had a breathalyzer installed on the machine!

Frank Flann says:

Re: Oh Please!!

“Another lawyer trick to get the guilty off scot free.” … “By the way we won the suit because the guy was drunk and operating the machine”

You said it yourself, Offering up the code did not change the end result of the case. So what is wrong with submitting the source code if it wont change anything other than adding a few, “I told you so”s. Unless you are worried that something would found which told the true story, and not your story.

Can you say, “Rights to a fair trial, not biased upon bias”?

Tony (user link) says:

Re: Oh Please!!

“I did supply the source code, for a ten year old machine, not the one in question. Nobody knew, nobody questioned, why? Because ol’ Perry Mason wouldn’t know how to review a source code with a gun to his head.”

Good thing for you the defendant & his lawyers weren’t tech-savvy enough to catch that. It seems to me that submitting source code TO THE COURT, AS EVIDENCE, for a machine other than the one in question, while telling the court that it IS the correct source code, would count as perjury.

Hans says:

Trials, Elections, or Gambling?

I’m not sure if you’re really commenting on our right to a just trial, or after the segue at the end, our right to open and fair elections (if we even have such a right).

Since you brought up voting, I’d like to comment that it has always surprised me that the Nevada Gaming Control Board takes electronic gambling more seriously than we seem to take electronic voting. They include serious technical security and performance specifications, source code deposit or escrow (can’t remember), audit, investigations, etc. They uncover real crime, at the machine code level, that cheats people out of money.

What does it say about us that we think fairness in gambling deserves more oversight than fairness in elections?

DoxAvg says:

My work touches on InfoSec products for various government agencies, and these kind of questions are pretty important to them.

If given access to the source code, will the next lawsuit demand an unimpeachable chain from the source code to the device? Who’s to say that the source code delivered to the defendants isn’t from the “CYA” tree of the version control system, not the “special branch” that’s actually delivered to dirty cops?

While it may sound a little paranoid, it’s not unheard of for companies to sometimes bend the rules a little bit in order to cover up past mistakes.

Even if you can secure that chain, in Ken Thompson’s Reflections On Trusting Trust he outlines an argument wherein even if you have an demonstrated chain from source code to device, you still need to secure every device and piece of software involved from start to finish, and their entire histories. There’s a good summary of it at Good Math, Bad Math. It’s probably below the noise floor for a courtroom, but it pokes holes in the argument that “only by having access to the source can we be absolutely sure”. No, even with access to the source you can’t be absolutely sure.

Paul says:

Re: Re:

“Who’s to say that the source code delivered to the defendants isn’t from the “CYA” tree of the version control system, not the “special branch” that’s actually delivered to dirty cops?”

When pulled over for DUI/DWI, dont the cops use simple portable breathalyzers as a preliminary BAC screening. At the time that their device reads a number close enough to suspect you as being legally intoxicated, they will bring to their station for an “official” BAC reading through their more advanced Breathalyzer machine… aka, “The Drunk Verification Box” (or through blood-test if you decline that.)

hegemon13 says:

Where's the lawsuit?

“Where’s the similar ruling about e-voting machines and the availability of their source code?”

Where’s the lawsuit to make it happen? Having groups like the EFF sue does not always help. It is much more effective when an actual victim brings the lawsuit. With the breathalizers, it is easy to find a specific victim. With voting machines, it is more difficult.

James says:

Step in the right direction

I’m glad to see this upheld. We seem to have a contingent in this country that believes because a crime is wrong, and should be punished that we should be able to do it behind closed doors and without due process.

Hmmmm.. our country does have some history to fall back on that kind of thing, ITS CALLED A WITCH HUNT!

Anon2 says:

not the first

This is an excellent decision, but not the first of its kind. Litigation over the reliability and accuracy of the Breathalyzer has been going on around the country for a decade or more, and just off the top of my head both NJ and Minnesota appeals courts issued similar rulings previously. In NJ, the continued refusal of the company to turn over the source code eventually led to a ruling that Breathalyzer results were not reliable evidence in DUI cases, which in turn has led most counties to acquire newer and apparently more accurate machines from another manufacturer. It’s too soon to tell whether those will wind up in litigation as well, but the maker of the Breathalyzer is definitely losing market share as a result of its unwillingness to provide the code for independent evaluation.

To yaddayadda @ 3:49 am — your snarky comment is asinine. First, no competent attorney would attempt to review source code him/herself. They would retain an expert, and any really decent attorney would find someone with genuine expertise in the technology at issue. And second, you are very lucky nobody figured out what you did. Had you been caught, you would have been at risk of very severe sanctions by the court . . . up to and including hundreds of thousands of dollars in costs and fines, and even jail for contempt of court, which is a criminal offense. You may laugh, but I’ve seen it happen more than once to wiseass techies who think they can pull a fast one over lawyer snd the court, only to get caught and have to fork over a huge chunk of their earnings for a decade or more to compensate my client for attorney fees and expenses, the court for violating governing rules, and the penal system for the cost of incarceration while serving their sentence for the contempt violation.

Wolfy says:

Off topic, but after reading four posts, I had to put this in.

There is not their. (Only one example, I could go on for quite a bit.)

There are too many people (note NOT ppl) who need to learn to spell. Jeez.

If you can’t spell, you will not be as understood. If you can’t make yourselves (note NOT yourselfs) understood, you can’t expect you elected representatives to do what you want them to do.

Beta says:

If I were a crooked cop trying to fix a breathalyzer result, I could probably find much simpler ways to do it, probably involving a cotton ball and a few drops of vodka. Anyone who’s seriously interested in testing the veracity of these things (and not just playing courtroom games) will consider that approach.

If I were the judge I would allow the defense to test the device to their hearts’ content, and if the prosecution balked I’d throw out the breathalyzer evidence. [bangs gavel]

Anon2 says:

Re: While giving the source would be inappropriate...

No doubt they should hand over the testing records, along with all other documentation relevant to the equipment at issue. But that does not eliminate the need for the source code. Without the code, I don’t see how an independent expert hired by counsel for the people challenging their DUI convictions could really evaluate how accurate these things are, what circumstances might cause the accuracy to vary beyond an acceptable tolerance range, and whether that problem (if it exists) is an inherent design flaw, or some other reason (e.g., cops not properly calibrating the equipment).

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...