Florida DUI Law and Open Source 400
pete314 writes "A Florida court this Friday will hear arguments in a case where the accuracy of a breathalyzer is being scrutinized because the manufacturer refuses to release the source code. A state court ruling last year said that accused drunk drivers are entitled to receive details about the inner workings of the "mystical machine" that determined their guilt, and defense attorneys are now using that ruling to open up the device's source code.Is this part of a larger trend? With software bugs being a fact of life, consumers and organizations could claim that they need to be able to verify an application's source code before they accept that their calculations are accurate. Think credit card transactions, speed detecting radar guns, electronic voting machines..." Here is our previous story when this first became an issue in Florida.
Should all government software be open source? (Score:5, Insightful)
Umm (Score:5, Insightful)
2. So is this kind of ruling going to spread to radar detectors, baggage-scanning equipment, automated video cameras, etc?
Sorry But (Score:3, Insightful)
A cleaver ploy or honest defense? (Score:4, Insightful)
Re:Sorry But (Score:5, Insightful)
I'm all for Free Software too.. and I also dont think the drunk driver should be let off the hook. That's why the source code has to be released.. Its not as if it was complex software.. and I mean.. they are selling a machine. Its not like asking Microsoft to Free Windows .. it wont kill the company.. But will probably guarantee a fair trial.. And it creates a good precedent for voting machines, etc.
Re:Sorry But (Score:4, Insightful)
The breathalyzer's accuracy HAD been tested. But since the tests the company released numerous software upgrades that have not been tested.
I see no reason to turn over the source code, however, simply retest the devices after each upgrade.
Re:Sorry But (Score:4, Insightful)
This is a good tactic to get your client off the hook as people tend to be greedy. This might not work on every judge of course, but it's not a bad tactic to try if you have the money to spend. Who knows... maybe he was not legally intoxicated. The truth is the person is innocent until proven guilty in a court of law (unless you wave that right).
In another sense... it is a good stepping stone to have those "mysterious" inner workings of other sensitive devices exposed. Oh noes screams the company... we can no longer hide behind the curtain.
Yeah, it sucks it is being started out with a DUI case with scrutiny being eyed on a critical piece of equipment as a breathalizer, but the trend has to start somewhere.
Re:Umm (Score:2, Insightful)
Because someone is paying a defence attorney big bucks to get him/her off the hook and this angle hasn't been tried yet?
The average American would rather lose the vote than the driver's license.
Should be more than just source code (Score:5, Insightful)
The larger problem here is that a lot of these tools (breathalyzers, RADAR and LIDAR guns, etc) are dealing with ambiguous data in the first place. For example, the algorithm used to determine BAC in a breathalyzer may be implemented correctly, but what if the algorithm itself is wrong? You're dealing with many variables (a person's mass, their metabolism, etc), and those variables have different values for different people. It's well-known, for example, that women will blow higher on a breathalyzer than a man simply because they're generally smaller.
Similarly for LIDAR (laser speed detection), the underlying principle is using distance and time to determine rate. Sounds straightforward, as d = r * t, but how do you know you've got the right values for d? It's been shown that rapid movement of a LIDAR gun can cause even inanimate objects to register a rate. How do we know the LIDAR gun measured the distance your car traveled over a period of time, rather than the distance of your car at one point in time and the distance of some other reflective object (say, a much closer stop sign) at a different point in time? At the distances in question, we're talking sharpshooter skills as a requirement for using a LIDAR gun, but it seems that every cop on the force has one. Can they expect us to believe that every cop is a sharpshooter, or that several cups of coffee won't induce shaking in the cop's hands that could cause false readings?
It's a good precedent, forcing the breathalyzer source to be opened to inspection, but the assumption is still that the underlying algorithm is accurate when it's not. I don't understand why courts continue to rely on technology such as the breathalyzer or the LIDAR gun when there are better, proven tests that could be used instead (blood tests, RADAR or pacing with a calibrated speedometer). Worse, once a court has chosen to allow such evidence (this is not arbitrary, but once the admissability of such a test is challenged and lost it's almost impossible to re-challenge), you can no longer argue that the underlying tool is bad (without extenuating circumstances that would bring the acceptability of such tools back into question). You can argue that the machine wasn't properly calibrated or maintained or that the officer using it was untrained or unqualified or out of practice, but you can't argue that the tool itself is inadmissable as evidence even if the facts are on your side.
Re:Umm (Score:3, Insightful)
Not Necessarily Open Source (Score:4, Insightful)
It's important to remember that visible source code isn't the only requirement for Open Source. For software to be Open Source, it's not only necessary that the source code be available, but also that users are free to modify it and redistribute modified or unmodified copies. There's no real chance that the software in this case will be released under those terms. After all, one of the arguments that the lawyers are using is that the software has been modified without being recertified. It would be much more difficult to ensure that software in use hadn't been modified from a certified version if any user were free to modify it.
Do you think their testing is 100% foolproof? (Score:5, Insightful)
Re:Should all government software be open source? (Score:5, Insightful)
Yes. It would be very ideal and it would be in our very best interest to view the source code. It I think affirms the part of accountability. I want to make sure that my govt. isn't screwing me (fines etc) by writing manipulated code
If the government is in fact using our tax dollars to pay programmers, should we be entitled to view the outcome of their workOf course, I want to be sure and for that matter every responsible citizen should be assured that their dollars are not being just given to corporations. Halliburton rings any bell?
and does it become public domain if paid for by public funds?This is debatable. Obviously you wouldn't want your defense software etc to be open source but breath analyzer, I think poses no threat to national security.
Even if it had been tested... (Score:5, Insightful)
Think about easter eggs and date bugs: How do you know the software works correctly on leap year day? On Sundays? On the 295th test? If the cop enters "124341+" on the keypad just before running the test?
You don't.
The output of a machine is NEVER evidence in a trial. What is evidence is the expert testimony of a human - hired by the prosecution - that the output is correct. (This has an incentive structure that encourages both fraud and rose-colored-viewing on the expert's part.)
To mount a defense the accused needs to be able to hire his OWN expert and let HIM examine the machine and identify any ways it could have made a false indication. Then you get a conviction if, and only if, the prosecution's expert is able to show that none of those occurred, so the reading is accurate.
For the defense expert to be able to do his job on a software-using system he needs access to the source. If the prosecution is able to deny him that, he has been denied - by his opponent - his due process right to challenge the evidence against him. So the evidence MUST be thrown out if he is to have a fair trial. IM(NAL)HO that's cut and dried.
Imagine if the machine was a witness. The prosecution gets to question the witness. The defense does not get to cross-examine him. See where that would lead?
How about a program that allegedly (according to a prosecution's expert witness) examines evidence and says "he's guilty" or "he's innocent"? Without a defense expert examining the code how do you know it's not:
g = "innocent"
repeat until eof
if input line == "officer O'Malley saw a rabbit"
g = "guilty"
print "he's " g
So it's:
1) open the software generally,
2) open the software to a long string of (expensive) defense expert witnesses,
3) not use the software's output if challenged, or
4) deny due process.
If they try to settle on 2) it's easy to argue that not going to 1) denys due process to the poor, since they can't take advantage of the expensive experts.
Result: No closed-software devices can be used by the procecution if challenged (unless the courts decide to deny due process).
Re:Sorry But (Score:3, Insightful)
Re:A cleaver ploy or honest defense? (Score:4, Insightful)
They should be forced to use ONLY tests which can be proven to be statistically accurate and not just by marketing materials produced by the people selling them. This means blood only for *BAC*. Unless you measure BAC directly, it's just an estimate - and one that is only accurate in some people. They should have zero right to convict people on the flimsy evidence they have from these machines. The companies who make the machines have a vested interest in rigging the accuracy tests.
Re:Should be more than just source code (Score:4, Insightful)
Re:Should be more than just source code (Score:1, Insightful)
That proves the radar gun doesn't accurately measure the speed of stationary objects. That doesn't mean the gun doesn't work accurately for moving objects!
Re:Sorry But (Score:5, Insightful)
Because the accuracy of the machine can only be demonstrated with the test data that is available. While this should be very close to reality, we have no way of verifying that the test data chosen is relevant to the case of the person on trial. With the source code, we can verify the implementation, and make sure that that implementation will accurately reflect on the defendant.
Put another way: This software is only slightly less critical than the software which is used in the space program. There, people die. In this case, lives can be destroyed by a wrongful conviction. At least if you die, your problems are over and done with. Now, what if a particular test case was missed? How would you know? Even worse, what if THAT test case shows that one in every 10 readings will be wildly inaccurate? Without the source code, what chance do you have of proving this?
Re:Sorry But (Score:4, Insightful)
Personally I think there's way too much contracting being done already. If the US Government wants breathalysers, they can hire some engineers to design them, and post the code. I bet this'll be cheaper than contracting someone to do it (Halliburton, anyone?), and the world will get the blueprints and code for a breathalyser for free.
***
My grandmother died recently, a notorious pack-rat. Cleaning out her attic, we found pamphlets distributed by the government during the 1940's and 1950's. They included a *very detailed* guide to the mechanical and carpentry properties of different sorts of wood -- everything you'd want to know about selecting wood to build with. Another talked about radioactive fallout -- what isotopes are likely to be present, the effects of radiation on humans, how radioactive decay works, and the like.
I was impressed. Name some recent effort by the US government to provide information to the public on such a detailed level, not because it's politically expedient or profitable but just because *it is the government's prime job to be useful to its citizens.*
It varies (Score:3, Insightful)
In generaly, we are pretty convict-happy on DUI offences. There are some very effective lobby groups that have convinced the public that DUI is a major, major problem that needs a strict response. The laws have been steadily getting more baised on the prosecution side, where it takes less alcohol in the blood to be considered drunk, and it's harder to challenge the results in court.
Re:Should all government software be open source? (Score:5, Insightful)
Maybe I'm wrong, but imho, every free citizen has the right to personally verify any evidence used against them in a court of law. Whether or not that citizen is able to comprehend the arguments/details/whatever is not relevant - only that they be allowed to review it.
If they are personally unable to comprehend this, then this affords them the opportunity to consult with the experts of their choosing as they see fit - not as the gvt sees fit.
For due process to be transparent, the defendant needs to be afforded every opportunity to review and question every element that is being used to convict him/her. No matter how "independant" any group/company/organisation/person might be on paper, they are still not "my guy" if they have to sign "their papers" in order to see the evidence.
While this doesn't exlcude non-OSS, it does (and imho should) exclude anything where the mechanism is a trade secret. (that doesn't mean it's OSS, just not a trade secret)
Re:Should all government software be open source? (Score:5, Insightful)
This is used for defining guilt in a court of law, how it works in my opinion is extremely relevant, and people might like to hire a computer scientist to know the value of that definition. I'd bet most people would be quite pissed off if you told them they're going to jail because a little box says so and you have to take it on the little box's word and the word of the makers of the little box.
Re:What's even worse... (Score:4, Insightful)
Re:Should all government software be open source? (Score:4, Insightful)
Re:Sorry But (Score:4, Insightful)
Now, what you don't know is *how* it does what it does, so you do not know if perhaps there are edge conditions where it fails. Perhaps these conditions are one in a million (remember the Pentium floating point bug?) and so would not show up during testing and calibration.
If the code and hardware are open to examination, you can then say "this is how it does what it does, and I've verified that there are no error cases that could cause it to act incorrectly or unpredictably."
--Pat
Re:Should all government software be open source? (Score:4, Insightful)
So, let's sum up this long block of text:
A. An important system has serious flaws, and
B. The designers of this system would rather that not come to light, because they can't or won't fix it.
And this is a good reason for leaving it closed? Seems to make the very case for opening it to me.
Closed-source systems, if left insecure, will be exploited. (See related entry under popular closed-source operating systems.) On the other hand, open-source systems which suck will have their flaws found and corrected by thousands of eyes-and for every person who finds and attempts to exploit a flaw, 5 will be working to fix it.
What if the Breathalyzer code -is- equally flawed? The code in the systems used to do DNA and ballistics testing? The code used in voting machines? Don't we have -every- right to see for ourselves, instead of accept "Trust us"?
Re:Should all government software be open source? (Score:5, Insightful)
But without this ruling we had a situation where essentially:
That's unacceptable. You've got a rigth to confront the evidence against you. That required you to know exactly what that evidence is, so that you (or your lawyer) can point out weaknesses in the evidence, for example.
The logical conclusion is that evidence of any kind that is collected by closed-source software, and that is not independently verifiable is not evidence at all, but instead merely the empty claim of a uncheckable device.
Re:Sorry But (Score:2, Insightful)
Then who gives s shit about the software running on it.
Because without understanding how the machine functions, there's no way for the defense to be able to establish why this one particular person who's being prosecuted might give a false result when those other thousand people didn't. The defense have the right to challenge the evidence.
Re:Should all government software be open source? (Score:2, Insightful)
Every single security consultant I've ever worked with has taken the view that secure or not, giving potential attackers any information whatsoever is a bad idea. The less they have to work with the harder it is for them.
I appreciate and understand the arguments that many eyes make shallow bugs and that an algorithm that's been peer reviewed is inherently more trustworthy than one that hasn't. I understand that if written correctly, knowledge of the source of an application or algorithm is of little or no use to a potential attacker. However, I'd feel uncomfortable with the source for critical, sensitive applications being made public and I know that no security consultant worth their salt would agree to it.
It is FUD, in that it's born of fear, uncertainty and doubt, but it has nothing to do with closed source being inherently more secure than open source. It has to do with the fact that writing secure code is hard, and that while security through obscurity is not sufficient, security and obscurity is better than security alone. Assume that your secrets will be made public and plan for it, but do your best to prevent it from happening.
Re:Should all government software be open source? (Score:5, Insightful)
So the scenario is not "I was accused by (e.g.) the speed camera", but "I was accused by [name of minor civic dignitary responsible for this sort of thing]". You can confront him (or her) and ask "on what grounds do you claim that I was speeding/drunk etc." and they will respond that they have the reading from their machine as evidence. The evidential value of the reading is still up for discussion or dispute, but you're not being accused by the machine itself.
FWIW (and IANAL), I suspect that in the UK, at least, you could challenge the accuracy of the machine (in fact, it's been done successfully with some radar guns, at least) but I think that your chances of having the machine pulled apart to demonstrate that every last component worked would be pretty low. I think it would be enough for the prosecution to show that (i) the machine was accurate when properly calibrated; and (ii) it had been properly maintained, calibrated and tested.
Re:Should all government software be open source? (Score:5, Insightful)
Of course there are, but the algorithm that determines whether I get a criminal record or not should NOT be one of them. It's the equivalent of a cop getting to go into a courtroom and say "Trust us he's guilty, but the method we used to determine that is a trade secret."
Re:Should all government software be open source? (Score:2, Insightful)
Mod parent Overrated (Score:3, Insightful)
The person's ability to play it cool under this kind of unsually direct question is probably inversely correlated with their ability to program.
You described a litmus test for good CEO's, not good engineers. A good engineer is aware of the complexities of the real world, doesn't see things in black and white. When pressed in this manner, a good engineer is immediately going to start second guessing themselves for the thousandth time, as they should.
Re:Sorry But (Score:4, Insightful)
Because it makes it impossible for an innocent person to defend himself. That's why.
It does not matter how many times a black box has given you the correct answer under some artifical test conditions, so long as it is a black box it is impossible to predict when it will give you a wrong answer or to know/explain why it *did* give a false positive under these particular real world conditions.
Maybe it has some internal clock, and if the unit has been on for more than 48 hours then there is an overflow or some sort of error accumulation. You can you a million calibration tests on the device and never run into that problem because the unit is never left on over night during the test proceedure.
Does that sound like a rediculous argument? Well in fact the US Patriot Missle system underwent extensive testing and it passed all of those tests. And then once it was actually used out in the field *that exact problem* ocurred. If it was left on for 48 hours it went out of whack and started producing incorrect calculations. You can have a million tests with 100% accuracy and *still* get false results in actual use.
Perhaps the blood achohol tester gives false positives for people who are on a certain medication, or who have a certain disease. You can run a million laboratory calibration tests on the unit and and get 100% accurate results if none of the test subjects are on that medication or have that disease. However an innocent person (or his hired expert) faced with a FALSE POSITIVE can explicitly look at the factors that may be unique to the case and may have caused that FALSE POSITIVE. They can go over the list of medications he is on, and explicitly check how those medications might interact with the device.
The entire problem with your position is that you are assuming the person is guilty. Of course no one wants guilty people to get away with it. However the very foundation of our justice system is innocent until proven guilty, and that this presumed innocent person has the right to challenge any witnesses against him and to challenge any evidence against him. In this case he is being denied the right to challenge the evidence against him. The fact that someone in government has tested the device X times and gotten accurate results X times does not change the fact that the defence is being denied the chance to examine and challenge the evidence themselves, and being denied the right and opportunity to discover and reveal how and why a test may have been a false positive. innocent untill proven guilty means the presumption that it may indeed be a false positive and that both sides get to present any evidence and arguments on why it may be a false positive. And of course if there is extensive testing and documentation on the device, and if the government has strong arguments that it is not a flase positive, and if... after being given the opportunity to text/examine the device
The problem here is with the government and the prosecution. If they will not or can not present their evidence for examination by the defense... if they will not or can not present the software for examination by the defense... then both the innocent and the guilty get to go free until the government fixes *their* error. Yes it sucks letting the guilty abuse the government's error in order to go free, but that if prefferable to convicting the innocent due to the government's error.
And of course the solution is for the government to fix their error. They either need to subpoena the source and turn it over to the defence if they want to examine it, or they need to buy their test units from a different company that does not prohibit the gover
Re:Should all government software be open source? (Score:3, Insightful)
Obviously you distrust the machine itself (which, as a blackbox, has been tested and verified as accurate)... therefore you have to free the code! But wait, why do you trust that the compiler is correct?
Anyone, and I mean anyone, who has done a significant amount of research into any sort of formalized testing, especially compliance testing, will tell you that neither whitebox nor blackbox testing is sufficient in and of itself. Whitebox testing cannot usually cover all the code used by a system with sufficient expertise to ensure proper operation. Blackbox testing cannot test every single condition under which the system will be used and cannot catch all the edge cases. Maybe the system works fine except every other wednesday due to a problem with the time registration. Maybe it works fine within a certain temperature range, or humidity range. Maybe it works fine so long as the value read by a sensor is not a prime number. Being able to see the inner workings of the device is necessary to catch many of these problems in a real world situation.
It's a simple trade secret... open and shut. Opening this door would cause a world of pain. I realize everyone on slashdot is inherently socialist and thinks no one deserves the right to make money off of anything... however at some point you need to use your brain and really realize what it is you are asking for.
Yeah, because the courts don't have any procedures for dealing with trade secrets. Oh wait, maybe they do it all the time and allow trade secrets to be viewed by experts who agree not to reveal them. There is no reason why this should cause the business to lose money, unless their product is revealed to not be working properly, in which case they shouldn't be making money. And if it comes right down to it, I'd say clearing an innocent person of a criminal charge is more important that a company's right to keep secrets for profit.
I don't think you understand the implications of what you are endorsing. I have a friend who develops closed source software used by police forces to compare DNA samples and used to conduct forensic investigations. Some of the code and calculations he has described to me is nothing short of horrible. Do you want to be matched as having your DNA at a crime scene because a closed source application notices that the DNA it has recorded for you is rare, so it assumes it made a mistake and then ignores that part of your DNA for the comparison? You may well find yourself in that position some day and without access to the code, you certainly can't find and test enough people with rare DNA sequences to prove that the system is not working.
Anyone building software they plan on selling for use by police to gather or process evidence in court had damn well better plan to have that code reviewed by independent experts for both the defense and the prosecution. Any company that does not take this into account in their business plan deserves what they get. Justice is still more important than profit.
Re:Should all government software be open source? (Score:3, Insightful)
You misunderstand me. I don't drink and drive as I find it socially irresponsible and morally repugnant. I'm not looking at it from the side of a guilty person trying to get off on a technicality. I am looking at it from an innocent person who doesn't wish to be falsely accused because of possible bugs in algorithms I don't have access to reviewing if they accuse me of drinking when I have not been doing so.