CyberTech Rambler

May 8, 2006

Is revealing the source code really necessary?

Filed under: Uncategorized — ctrambler @ 11:34 am

A while ago, there are some storm clouds over the use of Breath Alcohol results in Driving Under Influence (DUI) charges. In particular, judges in Florida rules that the source code must be available to the defendents for them to analyze and contests the results. Unfortunately, claiming trade secret, manufacturers refuses to provide the source code and this leads to problems in prosecution.

A lot is at stake here. Most importantly, the rights for defendents to scrutinize and challenge accusation levelled at them. The fundamental issues in these case is whether the breath alcohol analysis machine is accurate "as claimed by the manufacturer". Manufacturers refusal to allow examination of source code, even by independent, bonded third parties is alarming, as it at best suggests bad practice and at worst, the machine is not accurate at all. However, is the disclosure of source code really necessary? I do not think so. At issue is accuracy, a question normally solved by calibrating the machine. Hence, an argueably better way of judging the accuracy of the breath alcohol test is to treat the unit as a black box and subject it to rigorous tests. In this case, the easiest way is to hand the machine over to the defendent to test as a black box. This is of course, impractical. May be a similar machine can be provided, but the best compromise in this case is of course having an independent party (for example, Florida state ANSI branch) testing and calibrating the machine at regular interval and to provide this information to the defendent.

While Florida's legislature is right to try close this loophole by saying that only the test results need to be disclosed to the defendent. But I fear the legislation might not had strike the correct balance. One major pillar for  arguing that  source code should be disclosured is the ease to update the program in those Breath Alcohol Machine means the machine can be using source code that are untested or calibrated. Providing test results (assuming third party testing) does NOT make this goes away.

Between calibration run, if the software on these machines are updated, it must automatically require immediate recalibration. Machine record must reflects that the software is updated. Machine must be treated as new from accuracy point of view because this modification do change its operating parameters (hopefully for the better).

If you think this is all that is needed, you are wrong. There is an important requirement that the machine should be calibrated before the software are updated. Why? To ensure that results from the machine since last calibration to the point before software update are still accurate. This is a fundamental right of the defendent, i.e., to be sure that the equipment that incriminates him is accurate. 

Moreover, machine history must be provided as well. Each product has its own faults/merits, and each machine has its own characteristics. These are important information for defendent for them to defend themselves. Without machine history, the value of the test results diminishes for the defendent, something we must avoid.

In short, I believe that source code disclosure is not necessary, but a rigorious calibrating procedure and machine history documentation is needed instead.  


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: