The Burden of Proof

  • Hey, thanks for the chemistry notes.

    I think I'll volunteer to help calibrate the breathalyzers around here. Bring them to my house between 6 and 7 on Fri and Sat. I'll have beers ready and am happy to breathe into those machines for control purposes.

    Can I then deduct the beer on my tax return?:w00t:

  • The code should be available. It is still protected by copyright and sometimes patent law. Not much there will aid pirates indeed most piracy needs no access to source code, just copy the stuff. Other industries don't get this special protection (anyone can take apart a Ford transmission and see how it works), and the software biz certainly should not either.

    In things like security software (encryption etc), indeed public scrutiny uncovers flaws... one should not trust any such software which did not have published source.

    ...

    -- FORTRAN manual for Xerox Computers --

  • I have to agree with the appelate court on this. Standard non-disclosure agreements should cover any concerns about code confidentiality; most companies that use contractors utilize such agreements on a regular basis!

    Under the US system of law, the accused is innocent until proven guilty, and has the right to defend themselves against any "proof" entered against them.

    As for voting machines, speeding cameras, etc, I think the same applies. Anyone who has visited Las Vegas or any other casino realizes that most gambling machines are digital these days. I've read that Nevada in particular has a rather robust certification system for the software that runs on those machines. They've been doing it for a lot of years, so there is a basis out there for having code reviewed by a limited set of technical experts while still protecting it from industry espionage.

    So make the code "public"? No. But have it reviewed by an independent third party with proper non-disclosure? Absolutely.


    Here there be dragons...,

    Steph Brown

  • There is an interesting side point to this.

    Some time ago, MS rightly or wrongly accused some open source people of appropriating their code. What we don't know is how much, if any, MS code is also 'borrowed' from other sources ... makes this kind of a one way street.

    ...

    -- FORTRAN manual for Xerox Computers --

  • I'd like to think that MS has credited their code where needed, but that's a good point. They used to give credit to the BSD TCP stack, which was used in their systems back in the w95 days. Not sure if they've rewritten that.

  • Perhaps public view of the code is the last resort.

    I agree that there should be independent expert testing and, generally speaking, the chemistry black box test should be sufficient.

    In some states in the US, it is required by law that radar guns be calibrated before the beginning of the shift (and at the end of the shift, I hope). Why would that not apply to breathalyzer equipment?

    As noted, the legal system in the US is supposed to be based on the presumption of innocence. Should not the accuser be responsible for taking any and all necessary precautions to make sure that the technology they use to accuse (and possibly convict) is up to snuff?

    ------------
    Buy the ticket, take the ride. -- Hunter S. Thompson

  • My opinion is that anything or anyone used as a "witness" to provide evidence for a conviction needs to be public.

    One of the fundamental tenants of the Sixth Amendment is that the accused has the right to be "confronted with the witnesses against him." This means that the accused has the right to cross examine the witnesses, etc. In this case, one of the "witnesses" is the source code of the machine that is being used to convict him. How can you tell if the "witness" is "telling the truth" in this case, unless the source code is made available?

    If making the source code available will limit the number of machines built to help law enforcement, so be it. The more we depend on machines to do the job of law enforcement, the more we abrogate our rights. I would rather see a few drunk drivers get away rather than to have our law enforcement controlled by a bunch of machines.

  • Charles Cherry (2/8/2008)


    One of the fundamental tenants of the Sixth Amendment is that the accused has the right to be "confronted with the witnesses against him." This means that the accused has the right to cross examine the witnesses, etc. In this case, one of the "witnesses" is the source code of the machine that is being used to convict him. How can you tell if the "witness" is "telling the truth" in this case, unless the source code is made available?

    Sure, you can challange the witnesses but it's the officer handling the equipment. That was done in the early days of radar with the old "where's your tuning fork?" probe. If you want to question the accuracy, reliability or suitability to task of the equipment then it starts at the highest level. If black box can't detect evidence of failure or unsuitability there is no justification to probe lower level components.

    Regards,

    Greg Young

  • The first question is about intellectual property of the company that wrote the code. Any industrial secret that is inside the code can be seen as non disclosable if the company deems it necessary.

    Other then Intellectual property protection the code should be disclosed.

    The second this is as others have stated was the device calibrated and serviced correctly within recommended cycles prior to the finding of 'drunk'?

    In reality the issue is not was the code faulty, but does the device really work. Most of us have written something that is not the best, most efficient, fastest, or most correct piece of code, but it worked. If it works the code is of no consequence.

    Not all gray hairs are Dinosaurs!

  • Andy Leonard (2/8/2008)


    There's the potential for a slippery slope here, but I think Karma nailed the solution - black box testing is good enough for pharma regulators, it should be good enough in this case without actually examining the 1s and 0s.

    If this is a ploy to get out of a legitimate charge, may Karma visit the individual - and soon.

    :{> Andy

    I agree that the black box approach is a good idea, maybe the best compromise that will emerge. But I don't think the "Excel macro" argument - as P Jones suggested - will stand up for long. Defense lawyers can always hire people who can read computer code even if the lawyer himself cannot read it. So the crux is still whether to let the code be seen, because a judge (in addition to the defense) is not going to allow the prosecution to claim that the code is too complex for anyone else to understand.

    The U.S. system is, for better or worse, titled toward the accused, so the accused should have every constitutional advantage available to them. I'm just not sure that seeing the code is going to tell anything that a good black box test could not. And if a black box test is good enough, then the defense is not disadvantaged in any way for the mere fact of not seeing the source code.

    By analogy, if someone demands to see the source code of a calculator program, one could run a random series of tests (2 + 357, 900 / 3.14, etc.) and compare the results to another known program, or even to handwritten calculations. It would be hard for the defense to keep claiming reasonable doubt of the calculator's worthiness if every calculation worked correctly.

    Similarly, there should be a way to verify the functioning of a breathalyzer to beyond reasonable doubt levels. After all, I am sure that people try to challenge DNA results when they are on trial, but more often than not, the results hold up. In fact, more people are exonerated because DNA tests are so reliable, not because they don't work.

    My question is how does anyone know whether the test results on the day of the black box test are the same as when the machine was used at the scene? How can anyone guarantee that a breathalyzer has not been tampered with after the fact? Do police officers have to do daily calibrations of the breathalyzers with logged results in case a particular breathalyzer result is challenged? In my mind, the issue is less with the code than with the specific machine that is used in any given case.

    Fascinating issue.

    webrunner

    -------------------
    A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
    Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html

  • My first instinct was to say that the source code should be released publicly, but the more I thought about it, the more I found flaws in that concept. There are hundreds, if not thousands, of languages in which something could be written. Some of the languages are proprietary or specific to even the processor in the device. In addition, common languages like C++, Basic, or SQL have a number of different dialects which may or may not work like each other. Even if you're using a common dialect of a common language, there are any number of ways to write a given routine. All of this could make it very difficult for an outsider to accurately determine whether or not the code works correctly just by looking at the source code in the limited timeframes allowed by legal proceedings. Black box tests - as long as they were conducted by an independent, certified, and regulated third-party - would ensure that machines like breathalyzers were giving the correct results, which is what we are really looking for, anyway. Once the machine was certified, the results of those certification tests would be submitted as the evidence in the legal case, and the tests could be repeated if desired. In any case, you remove a lot of uncertainty by only looking at what the machine returns, not how it returns it.

    That said, it could be useful to have a limited period of review of some sort during the initial certification process for a new machine for use in public service, like law enforcement or elections. At that point, there is a longer amount of time for thorough review and testing of the code by a number of people (not just a single "expert"), and you're much more likely to get useful results from the review.

    Ed Leighton-Dick | Consultant | Microsoft Data Platform MVP | MCSE | PASS Regional Mentor

  • I'd think that if a machine like this is independently tested by an independent testing facility, and that its track record is accurately recorded (again - by professional agencies which are specifically employed to perform these tests), then I'd think that is all you would need. At face value, you have a stated scientific track record of a supposedly reliable testing corporation with a supposedly solid test plan. Unless there's an actual flaw there - I don't think you have a leg to stand on.

    These machines ARE in fact tested by independent companies, so there's no reason why we couldn't or shouldn't rely on their findings, unless the testing methodology is found to be faulty. There still is a concept of intellectual property, and just using this ploy to bully your way out doesn't give you the right to just trash that concept. There's still a lot to be said in THAT area, so who should know about winning your case there.

    The big slippery slope here is not so much having all of the source code exposed as that it would in effect become impossible to prove anything involving just about anything mechanical. In other words: blame the machine, then blame the components or code, then blame the components of the machine making the components, then blame the machine making the machine that made the components, etc......

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • I agree. One could even take it one step further and establish a trusted agency (preferably NOT gonvernmental, it should remain in the hands of industry)

    Uh, you mean like the tobacco industry council, or the voting machines trade association? Those guys?

    There is no "i" in team, but idiot has two.
  • Dave (2/8/2008)


    I agree. One could even take it one step further and establish a trusted agency (preferably NOT gonvernmental, it should remain in the hands of industry)

    Uh, you mean like the tobacco industry council, or the voting machines trade association? Those guys?

    Definitely not. In my opinion, such a trusted agency shouldn't, actually, remain in the hands of the industry, although I do agree with it not being a government agency either. I think it would need to be in all respects independent and impartial, similar to ACAS in the UK (an independent - albeit publicly funded - arbitration agency).

    Semper in excretia, suus solum profundum variat

  • Perhaps we should relegate the testing to Consumer Reports...

    ------------
    Buy the ticket, take the ride. -- Hunter S. Thompson

Viewing 15 posts - 16 through 30 (of 30 total)

You must be logged in to reply to this topic. Login to reply