State laws could force software makers to open source their code
US drink/drive laws could push open source
/v3-uk/news/1962720/us-drink-drive-laws-push-source
20 Oct 2005, Tom Sanders in California , V3
A Florida court will hear arguments on Friday in a case where the accuracy of a breathalyser is being scrutinised because the manufacturer has refused to release the source code.
Lawyers representing more than 150 defendants who have been charged for driving under the influence of alcohol in two Florida counties will file the request.
They argue that they have a right to see the source code of the alcohol breath analyser that was used to determine their clients' guilt.
"None of the [software] programs that was used here is approved," said Robert Harrison, a lawyer representing some of the defendants.
"The question is whether the difference [between these programs] is material or not. Without seeing the source code, we do not know."
At the centre of the controversy is the Intoxilyzer 5000, a device made by CMI of Ownsboro, Kentucky.
A marketing brochure for the device claims that it has been used for more than 25 years, and touts it as the "standard for accuracy, reliability and courtroom evidence".
Information on the internet shows that the Intoxilyzer 5000 is being used worldwide, including in Norway, the US and Canada. CMI did not return repeated phone calls seeking further information.
Florida approved the Intoxilyzer 5000 in 1993, but the manufacturer has since made numerous changes which Harrison argues have not been certified. CMI had to recall its devices in at least one case due to a software error, he said.
Releasing the source code of the device could take away any doubt about its accuracy, but the manufacturer has said in the past that it refuses to do so because it considers that information a trade secret.
This refusal could have far reaching consequences, potentially giving those convicted of 'Driving Under the Influence' a reason to appeal against their rulings.
It also has caused a backlog of such cases that await the results of this case to determine whether evidence gathered by the Intoxilyzer 5000 is still admissible in court.
Florida Assistant State Attorney Jason Miller said that he will oppose the defendants' motion asking to see the device's source code at Friday's hearing. "It will be their burden to show that that information is material," he told vnunet.com.
Citing 'ethics rules', Miller declined to go into further details about why he opposes the request to open up the appliance's software.
Florida law is very specific about a defendant's rights in Driving Under the Influence cases. An appellate court ruling in February last year entitled defendants to learn about the inner workings of alcohol breath analysers by receiving copies of the device's manuals, maintenance manuals and schematics, as well as changes made to the device that are not in those documents.
"It seems to us that one should not have privileges and freedom jeopardised by the results of a mystical machine that is immune from discovery, that inhales breath samples and that produces a report specifying a degree of intoxication," the February 2004 ruling stated.
Friday's hearing will seek to add the device's source code to the information that defendants are entitled to see. Although the judges in the case are said to be determined to come to a quick resolution, a ruling could take up to four weeks.
Because Florida's laws are so specific about the rights of individuals accused of drink driving, Miller said that there are only "remote chances" that a ruling asking to release the source code can be used as a precedent for other states or countries.
The case does, however, signal a growing interest in the inner workings of computers and applications as they gain a larger role in our everyday lives.
With software bugs a proven fact of life, consumers and organisations could claim that they need to be able to verify an application's source code before they accept their calculations as accurate.
In another case illustrating that closed source could cause problems, authorities in the US last year called on makers of electronic voting machines to publish the source code of their devices.
Applications containing bugs could allow parties in an election to manipulate the results, or could illegally prevent votes from being counted.
The voting machine debate received much attention in the US after the 2000 presidential elections in Florida turned into a vote counting soap opera.
Irish authorities have also scrutinised electronic voting machines over a perceived lack of reliability.
Nedap, the manufacturer of the machines, refused to provide the government with a copy of the device's source code. The parties last year agreed to an audit by a trusted third party.
Silicon Valley Sleuth: Drunk drivers ask judge to open breathalyser source code
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Blackbox testing
I response to Jim's comment arguing for blackbox testing, remember that proving a program's accuracy through testing is impossible (not just in practice, but in theory) - the only way to prove a program's accuracy is through analysis of its source code.
Posted by Safalra, 21 Oct 2005
Black Box testing
I have been in S/W verififcation for my entire career, 16 years now in the telecom industry.
Black box testing is excellent for success path testing, but can never, ever, completely cover failure path testing, the variables are too great and you can't know what they are without seeing the source. No one who hasn't seen the source code, no matter how much testing, can state, in court, there are no flaws. Here's a simple example, suppose at EXACTLY 64% humidity, the machine is off by a factor of two. at 63, it is fine, at 65, it is fine, but at 64, the software does not handle the carry over from 111111 Binary to 1000000 Binary correctly.
What about flaws if unit is just powered up and not warm? How about if unit is cold and inaccurate because of temperature delta between unit and breath? Does smog affect it's accuracy?
I see that this is going to get messy because you have the right to confront your accuser, in this case, it is a trade secret piece of software. that's why, in Canada, last I knew, a blood test is used to verify results. Pass blood test, no DUI.
Posted by Kevin, 21 Oct 2005
Testing
One doesnt need to see the source to verify accuracy. What about black box testing?
Posted by Jim, 20 Oct 2005
Black box testing impossible !!
Please refrain from making general statements like "black testing is impossible"
For a system with no feedback and with a limited number of inputs, blackbox testing should be straight forward
Posted by Gani, 21 Oct 2005
where is the theroy "chain of evdance in this
the problem in any device like this is in calibration drift
something like this needs to be calabrated befor and after any test befor its results can be trusted not just the software
the amount of achol is in the parts per billons its hard to keep labtroy equpment calabrated to this dregee of acuratcy
let alone something rideing around in a car
the same holds trus for police rader
Posted by rob, 02 Nov 2005
airliners and car crashes
Uhmm... now everytime an airliner crashes... we should open up the source code to determine if it was tested robustly! Then sue the airlines if it wasn't. If I have a car accident, should I open up the source code to the braking system to enure the brakes engaged as specified? YES! There should be standards for all SW in embedded systems!
Posted by S K, 16 Nov 2005
liberty interest
unlike a source code for your car, a breath machine creats a vested interest for the most precious of rights-liberty and as such all evidence to be used against you should be transparent.
Posted by david, 08 Aug 2006