Anything that is used by government should be opensource.

Companies that make products for government should be aware of that.

People in general should have the code for software they use, especially the government. If the government uses programs that affect the public, such as the one running the breathalysers, then it should absolutely be mandatory for that code to be open to public scrutiny. Furthermore there should be a way to ensure that the code running on the individual devices has not been modified. For all we know the first night someone is sitting in their cell the cops could just change the code on the device they used to bust them.

I know that most cops are trying to help us and are good people, but shit happens and there are bad people in the world. Some of them happen to pursue noble careers.

How about anything used to prosecute people? It doesn't make sense that every government employee could not get access to mainstream tools and devices. But you shouldn't lock people up with secret binaries. Same thing with classified material, it should have to be handled with tools at least the handling agency has the source code for.

I imagine the police have done lots of testing of the software and have found thats its been accurate. And I am sure a normal person could buy the same kind of breathalyzer to find if its been accurate or not as well. Source code isn't the only method.

I don't know why you are getting downmodded, to my knowledge modern breathalysers are based on IR spectroscopy. It would be quite simple to verify that the machine accurately reports ethanol concentrations of standard vapour samples. Obviously you wouldn't want to test a different machine as you stated, but the one that was actually used to breathalyse you.

If the machine passes these tests I don't see a need to release the source code, it's not reasonable IMO for every forensic science lab to release source code to all of their analytical apparatus that could potentially be used to convict someone.

Maybe you missed this part of the article:

One of the common criticisms... of breath devices is that the "state-certified" models are updated even after they are certified . The companies that manufacture the machines make tweaks, bug fixes, and even add new features, but the machines are not generally recertified after every single source code change . This means that any given machine could potentially be running non-certified code, code which may or may not have errors . And as voting machine software has shown, assuming that such source code is rigorously locked down and tested can be a a bad idea .

The problem isn't that "spectroscopy" might suddenly stop working or anything stupid like that.

The problem is that some random programmer's uncertified accidental code fuck-up might send me to jail for years.

I see your point, but then surely a recertification of the machine would prove that the machine is working correctly, unless you're arguing that the code may contain random bugs that may or may not present themselves during testing.

There are two issues here:

First: yes, recertification would be better than no recertification at all.

Second: yes, ability to inspect the code would be the best alternative of all.

Given how easy it is for bugs to be present in any non-trivial system, I'd be highly surprised if there weren't unknown nasties lurking in this kind of embedded system. Given how often these systems are used, and how often "proprietary" is used as a cover-all excuse to hide all sorts of inadequate, buggy or broken code, ability to defend myself by checking the code for bugs seems only fair.

Basically, if someone's testifying against me I reserve the right to question them as well and see if their story holds up.

If it's a machine testifying against me I reserve the same right to try to find out if it's lying, crooked or just mistaken.

Against the possibility of wrongly convicting an innocent, the minimal business interests lost in giving NDAed access to the code seems so trivial it seems positively offensive for companies to refuse.

From Wikipedia:

Breathalyzers assume that the subject being tested has a 2100-to-1 partition ratio [7] in converting alcohol measured in the breath to estimates of alcohol in the blood. If the instrument estimates the BAC, then it measures weight of alcohol to volume of breath, so it will effectively measure grams of alcohol per 2100 ml of breath given. This measure is in direct proportion to the amount of grams of alcohol to every 100 ml of blood. Therefore, there is a 2100 to 1 ratio of alcohol in blood to alcohol in breath. However, this assumed "partition ratio" varies from 1300:1 to 3100:1 or wider among individuals and within a given individual over time . Assuming a true (and legal) blood-alcohol concentration of .07%, for example, a person with a partition ratio of 1500:1 would have a breath test reading of .10%—over the legal limit.

http://en.wikipedia.org/wiki/Breathalyzer#Homeostatic_variables

So they correctly measure things, but then take the results and multiply them by essentially an average value that can vary widely depending on the person and the time tested. Which means the results should never be trusted, especially for close calls like blowing a .08 on the dot.

Or that it's just easier and cheaper to do than a blood test and courts accept it. They get more convictions with less cost. Breathalyzers by definition aren't accurate because they don't use blood but try to calculate blood alcohol content. It's all a guess. With criminal charges attached.

The problem, which is stated in the article, is that certification like that only happens once for the machine. Patches to the software are regularly applied, and the machine is not then re-certified. So if the latest patch had a bug that turns 0.01 into 0.55, how would you know it? Having the current source is the best way to look for this type of thing.

*edit spelling In addition, I agree with the other posts that anything the government uses to convict should be open source. It's the principle of being able to face your accuser. In this case, the software itself is the accuser.

"For all we know, it's a random number generator." hahaha... How do you know they QA'd it??

It's based on D20, and I guess the guy didn't have a good enough Sobriety saving throw.

There where a bunch of cases thrown out in Ireland at one stage on the same grounds. Someone asked to see the source, the state didnt have a licence to it and the judge threw the case out.

would have to compile the code and check against the binaries on the breathalyser? I can give you source code all day but if there isn't anything to compare it against it is useless.

Although the defendant was probably just trying to get out of a DUI, it does seem fair that he has access to it.

I would tend to disagree. The tools used are patented to commercial companies that rely on being able to keep their company secrets to be able to compete in the marketplace. This seems like a quick and easy way to get all the know-how for a competing company. Yes, yes, I know that the world of breathalyzers isn't exactly overflowing with corporate espionage, but it's more of the basic principle. If the government has certified the device I think it should be sufficient -- but, like they bring up in the article, if newer versions of the product are in use without certification that could be grounds for dismissal.

Another aspect of this would be suppose you were trying to hack into a government computer system and we caught when the network's IDS logged your attempt. Does that mean you should get the rights to the IDS source and possibly the OS it was running on (assuming it wasn't already open source)?

The Breathalyzer is essentially a witness. The defendant should be able to "cross examine" it.

And you can't do that simply by taking the unit as a whole and running a set of controlled tests with it?

The state isn't sure that it has the rights to the source code, though the agreement between CMI and the state does appear to give the state the necessary control of the source code.

If that's true and the state does have "the necessary control of the source code," then as a tax-paying citizen I think it is fair that he have access to it.

The state should be forbidden from using closed-source equipment as evidence to prosecute people. In other words, either he should have access to the source code, or the trial should be thrown out.

I guess it depends on the legalities behind the company giving control of the source code over. The state may only had control of it for testing and certification purposes. There could also be a clause in the contract stating the state isn't allowed to give the source code out to anyone. If that isn't the case, I would see no harm.

There could also be a clause in the contract stating the state isn't allowed to give the source code out to anyone. If that isn't the case, I would see no harm.

Not being able to give out the source code is the harm.

Wouldn't being able to take the unit as is and running your own set of controlled experiments on it be sufficient?

No.

Patenting something is the opposite of keeping it secret. In order to patent something you must publish it so everyone can see it.

This is supposed to be the trade-off - you contribute to the general body of public knowledge, but get a time-limited monopoly on some specific applications (and/or can license those applications to people).

One problem (not the only one) with software patents is that the software and IT businesses move sufficiently quickly that the time period of the patent is "too long".

In geneeral, companies are allowed to try and keep things secret. But finding out such things (as long as you break no other laws in the process) is perfectly legal.

Whether a company's attempt to keep things secret should be allowed to trump the public interest of someone accused of a crime is what the court has just given a view on - and come down in favour of the public interest.

I would tend to disagree. The tools used are patented to commercial companies that rely on being able to keep their company secrets to be able to compete in the marketplace. This seems like a quick and easy way to get all the know-how for a competing company.

Too bad. Any unique features of their product can easily (some say too easily) be protected by patents. Trade secrets, algorithms that haven't been vetted, and so forth have no place in a product that acts as de facto judge and jury as these devices do.

Yes, yes, I know that the world of breathalyzers isn't exactly overflowing with corporate espionage, but it's more of the basic principle. If the government has certified the device I think it should be sufficient -- but, like they bring up in the article, if newer versions of the product are in use without certification that could be grounds for dismissal.

Why do I care about Government certification? Most of these certifications are banjo playin', porch sitting, toothless, products of an incestuous bureaucrat-corporate partnership. If you lean towards conspiracy rationale there exists the undeniable fact that the Government is more than happy to convict as many people of drunk driving as possible. Keep those dollars rollin' in. Certainly a defendant has the right to ensure that these electronic marvels of our age represent a true and accurate representation of their intoxication level.

Another aspect of this would be suppose you were trying to hack into a government computer system and we caught when the network's IDS logged your attempt. Does that mean you should get the rights to the IDS source and possibly the OS it was running on (assuming it wasn't already open source)?

I think so, yes. Certainly the detail and quality of the IDS logs and how the logs are/were handled should be in question. At least by a good defense attorney. The difference is once the IP is logged typically a warrant is obtained and the recovered computers further incriminate the suspect. Requesting details of the OS is somewhat irrelevant in such a case, sort of like requesting the service records of the cop car that busted you running away from a bank robbery. It is sort of beside the point.

So if someone attempts to gain access to a classified government system and gets caught, he should be allowed to have access to that very system so he can validate the logging mechanisms and any other security aspects of the system?

... anyone else see something wrong with that?

Requesting details of the OS is somewhat irrelevant in such a case, sort of like requesting the service records of the cop car that busted you running away from a bank robbery. It is sort of beside the point.

Uh, no. The OS logs many things itself. Therefore it would be part of the security measures. Attempted failed logins, user accounts accessed, file permissions changed, etc. All handled by the OS.

So if someone attempts to gain access to a classified government system and gets caught, he should be allowed to have access to that very system so he can validate the logging mechanisms and any other security aspects of the system?

Yes, exactly. What's to say that the evidence against you isn't being generated by "echo 'guy-i-hate: breakin attempt' > log"? You need the source to verify that the data is being collected correctly. Otherwise, the data is worthless.

The logs won't tell you how the entry was created. I can just as easily fake a log entry by appending something to the log file manually as by letting whatever program writers to it do it's job. Just as someone who's good at system intrusion knows to go into these same files and remove the entries that shows they were there.

So if someone attempts to gain access to a classified government system and gets caught, he should be allowed to have access to that very system so he can validate the logging mechanisms and any other security aspects of the system?

Fallacy: red herring. Someone breaking into a classified system is not in the same situation as someone who has been charged with a crime and wishes to confront the witnesses against him while mounting his defense, and hence your argument fails for lack of a convincing or even relevant analogy.

As for the merits of this ruling: the device and its software are -- in this case -- "witnesses" providing evidence against him, and the defendant has a constitutionally-guaranteed right to examine those "witnesses" and to compel their appearance in court as part of his defense.

Being as it is a part of the US Constitution, this absolutely trumps any and all claims of protection which might be raised on the basis of copyrights, patents or trade secrets. Case closed.

The tools used are patented to commercial companies that rely on being able to keep their company secrets to be able to compete in the marketplace.

They aren't patented. Patenting a method makes a description of the method publicly available.

Trade secret then?

Sure, but I still think the responsibility of companies that provide forensic tools to demonstrate that their products work outweighs their right to protect trade secrets.

Yes, but this could be done without making it open source. He, his counsel, and expert support could sign an NDA, and then get to look at the code.

I don't what grounds a company could use to resist that.

I can agree quite readily with that. Anything that has the potential to cost a man his freedom should definitely be verifiable.

So if someone tries to hack into a bank's mainframe and is caught, they should be allowed access to all the security mechanisms utilized by the bank that caught him? Guess he won't be making the same mistake twice...

Worst. Analogy. Ever.

The tools used are patented to commercial companies that rely on being able to keep their company secrets to be able to compete in the marketplace.

We're talking about software. Up until very recently the consensus was that you couldn't patent software methods. You still can't patent a piece of actual software. You can only claim copyright.

If the government has certified the device I think it should be sufficient

Some people don't consider blind trust in government being sufficient when their liberty is at stake.

This is evidence being used in court to procure a conviction. The technical methods used to create that evidence must be examinable.

Finally, I'd like to state that I support random breath testing and that if you drink and drive then you're a bloody idiot.

You're assuming the breathalyzer even has software components. I'm betting if it does it's a few kilobytes on a EEPROM chip. Most breathalyzers I've seen don't look that complicated.

Some people don't consider blind trust in government being sufficient when their liberty is at stake.

Very true, especially considering the way this administration is heading. But at some point you have to trust someone to tell you it's OK unless you yourself understand the technologies.

If there has been a huge fuss about turning over said software, it's safe to say it exists.

You have to consider that because of efficiency reasons, the state has somewhat abdicated its oversight role -- the article states that numerous updates, patches, etc., are made without a re-certification process. So you really have no way of knowing what code was running when you were charged, nor does the government.

I think they might be making a mountain out of a molehill personally. I can't imagine there being that many patches/upgrades to a breathalyzer... unless it somehow runs Windows.

Or Oracle :-)

haha, valued page to view

"assume the position, punk. You going to jail."

That would be the response down here in Texas to your request.

I found Texas police to be very polite when I visited the US 5 years ago. But then, I only have our Australian authorities to compare it to.

Texan authorities are no better than any others...they just cover up the fact that there was a second gunman on the grassy knoll whereas others cover up that 9/11 was an inside job. Wake up sheeple!!

Looking at your posts you appear to be satirical. Pretty sad that this isn't obvious.

Oh no, it was obvious to me, it just also wasn't funny.

No there wasn't and no it wasn't. Go to sleep peopleep!!

           
            ____________________________________
         |                ____                |
         |    \        / |    | \        /    |
         |     \  /\  /  |    |  \  /\  /     |
         |      \/  \/   |____|   \/  \/      |
         |                                    |
         |            YOU HAVE WON            |
         |                                    |
         | The Weirdest Counter-Troll Award!  |
         |____________________________________|
           
          

Off topic. Banhammer!!

Nobody should be allowed to drive drunk, but you. Downmodded.

But the real question is, Does It Run on Linux?

Imagine a Beowulf cluster of those!