Breathalyzer company refuses to turn over source code

94

Author: Stephen Feller

The maker of the Intoxilyzer 5000 breathalyzer, CMI Inc., has informed prosecutors involved in several DUI cases in Sarasota County, Florida, that it will not assist prosecutors in complying with a judicial order to allow an expert hired by defense attorneys to review the source code for software used in the device.

On November 2, a three-judge panel ordered prosecutors to hand over the source code within 15 days, or by November 17, in conjunction with a state law that says defendants have a right to all information about the operation of computerized devices used as evidence in court, including manuals, troubleshooting guides and, potentially, source code for software.

The case has received a lot of attention in the open source and technology communities, in many ways because it is being seen as compelling evidence that devices with the potential to affect individuals’ freedom or liberty – such as breathalyzers used in DUI cases and electronic voting machines in elections – should utilize open source software and be available for any citizen to review. And while open source software would prevent the need for a court order, the case is really about knowing that software is doing what it is designed to do.

Defense Attorney Robert Harrison, who represents several of the 156 defendants who could be affected by the outcome of the source code review, requested the state release the source code for the Intoxilyzer. Harrison said it was clear that either the software or the device itself, based on wide-ranging anecdotal evidence, may not be accurate in assessing a person’s blood alcohol level.

“I was pleasantly surprised by the judgement,” Harrison said. “The way that we have presented our case, the law, without question, supported where we were. My belief was that the court either had to grant our relief or ignore the law … My hat’s off to [the judges] for having the courage to deal with it.”

The court order would allow defense expert Dr. Harley Myler, a professor at Lamar University in Beaumont, Texas, to review the code and report his findings. Myler, specifically named in the order as the only person permitted to see the code, would receive a copy of the source code and after his review would only be able to report on the presence or lack of bugs. Myler could be held in contempt of court if the code were copied or distributed, according to the court order.

Harrison said he has already been told by prosecutors that CMI has been contacted, and the company continues to refuse to allow the source code be reviewed. If CMI continues to refuse to disclose the code, it could allow defense attorneys with related cases having results from the Intoxilyzer disallowed from being used as evidence.

Despite the protections for CMI built into the judicial order, CMI has no intention of letting anyone outside the company have a look at the software’s source code, said Bill Scofield, manager of engineering for the company.

“It’s a trade secret,” Scofield said. “There is no reason to release the source code because there are other ways to test its effectiveness.” Scofield did not provide information on other tests, or if the tests would be suitable to judge whether the software worked properly.

Harrison said he had heard of at least one instance where CMI recalled a device because of malfunctioning software, and it is the testimony of people playing around with the Intoxilyzer that potentially offers the greatest insight as to whether it works properly.

The prospect of forcing a manufacturer to disclose source code for a device has prompted a great deal of discussion online. One interesting discussion has taken place on Freedom to Tinker, a blog maintained by Ed Felten, professor of Computer Science and Public Affairs at Princeton University.

On October 21, Felten wrote about the case, and attempted to clarify that the case isn’t about open source, but about the ability for Floridians to “examine the machines that accused them.” According to Felten, “this is not a dispute over whether the software should be open source. The accused aren’t seeking to open the software to everybody; they only want it opened to their legal teams.”

Felten’s readers have suggested there is good reason to examine the source code for the device, and several have claimed that there are instances of the Intoxilyzer malfunctioning. Comments posted to the blog entry mention that foods such as gum, hot dogs, sugar free gummi bears, and even Binaca resulted in illegal blood alcohol content readings from the device, even though each of those who tested the Intoxilyzer claim to have been sober at the time.

Matt Zimmerman, a staff attorney for the Electronic Frontier Foundation (EFF), said it is just as important for people to know that products like breathalyzers or voting machines work correctly as it is for companies to protect their trade secrets.

“It’s one of the few cases that we’ve seen recently where a court has come out and said it really is appropriate, if you’re going to be making important decisions that affect someone’s liberty, then you should be able to understand what’s going on with these technologies that are helping make these decisions,” Zimmerman said.

He said that in addition to various fears over losing proprietary advantages, companies may also fear that public examination of software would let the public know “there may be some flaws in the design, in the coding, that otherwise they wouldn’t have to reveal.”

“The government is outsourcing a governmental process,” Zimmerman said of both e-voting and the breathalyzer questions. “It’s not a case where you’re alleging that a certain harm has been done to a specific person. You’re making the allegation that the technology doesn’t do its work quite as well as it could.”

The key to both concerns is the potential for these devices to affect people’s liberty and freedom, while the manufacturers do not provide the public with the information to know what is going on, Zimmerman said. Both cases, he said, should tell the government that the public has a right to know how technologies actually work when they have to do with individual liberty.

Although the e-voting issue, and potentially the breathalyzer issue, have the potential to become political issues because of the implication that government is trying to cover something up or at least not pursue answers vigorously enough, each is a matter of protecting citizens rights — which in itself can be a political issue.

Harrison noted that Sarasota County does not have “a bastion of liberal judges on the bench. We’re a very conservative county.” He said the judges were balanced in their decision to protect both the manufacturer and a defendants right to a fair trial, adding that while it makes no difference whether the issue affected one case or the 156 it actually could, the sheer volume of cases helps to prove the necessity for a review of the Intoxilyzer’s source code.

“I will be very happy to defend that order on appeal,” Harrison said. “If you’re going to have a computer program that says somebody committed a crime, we get to know how its coming up with that answer.”

There is speculation that both the e-voting and breathalyzer situations could help influence government entities to further employ open source software. Litigation and requests such as Harrison’s would no longer be necessary because the devices could be audited by the public to find out if things are working the way they should – precisely the reason Zimmerman said the EFF takes the position it does on software used by those entities.

“Closed technology is not a good approach when people’s liberty interests are at stake,” Zimmerman said. “The argument can certainly be made that when the liberty interest is so important, when we’re talking about the right to vote or in the breathalyzer situation … it certainly seems consistent that the legal system shouldn’t be making determinations about people’s liberty without giving them the benefit of examining the process.”

Category:

  • Legal