August 10, 2007 2:44 PM PDT

Doubts arise over fate of breathalyzer source code

An attorney for a Minnesota man accused of drunken driving says he doesn't think the manufacturer of a breathalyzer will meet a court-imposed deadline of August 17 to turn over its source code.

If that happens, his client could go free.

As CNET News.com reported earlier this week, the Minnesota Supreme Court ruled late last month that source code for the Intoxilyzer 5000EN, made by a Kentucky-based company called CMI, must be handed to defense attorneys for use in a case involving charges of third-degree DUI against a man named Dale Lee Underdahl. CMI's historic resistance to such demands has led to charges being dropped in at least one case outside of Minnesota.

In this case, the high court concluded that language in the contract between CMI and the state indicates the source code belongs by extension to Minnesota, rejecting the state public safety commissioner's earlier argument that the state was not entitled to the code because of its confidential, copyrighted and proprietary nature. The decision effectively means it's now up to the state to do what it takes to enforce that contract--including suing the company, if necessary.

But as for when the code would be turned over, "I guess the answer is probably never," attorney Jeffrey Sheridan said in a telephone interview Friday. That's because state officials, he added, "haven't given me any indication that the manufacturer has changed its mind."

It remains unclear what steps Minnesota officials plan to take, as representatives did not immediately respond to requests for comment. CMI also did not return calls for comment on Friday.

If August 17 comes and goes without the source code in his hands, Sheridan said he will request what is known as a sanctions hearing, which would likely occur within 30 days of that deadline. At that hearing, he would ask the judge to throw out any evidence the state had obtained using the device in question, which would likely prompt dismissal of at least one charge--that his client was driving with a blood alcohol concentration above the legal limit of .08.

That occurrence could have a ripple effect because the same device was used to administer about 38,000 tests in Minnesota last year, Sheridan suggested. He said he believes the state officials "know what's at stake, and they would happily give (the source code) to me if they have it to give."

Other breathalyzer makers already make their source code more readily available, perhaps in some cases in an attempt to gain a competitive edge, according to Sheridan. Of CMI, he said, "quite frankly, it's such bad P.R. for them...If there's nothing wrong with this thing...you'd think they'd step up and say, 'Sure, analyze away, you'll see we're the maker of the best breath-test analyzer on the face of the earth.'"

CNET News.com's Declan McCullagh contributed to this report.

See more CNET content tagged:
Minnesota, source code, state official, attorney, state

22 comments

Join the conversation!
Add your comment
Another one
Yay, another drunk driver back on the streets.

This is what the software industry is all about these days. Get the product working during the sale; who cares if it fails when it's needed most. (Coming from a software developer)
Posted by tobart (24 comments )
Reply Link Flag
And you *know* he's drunk, how?
Unless you where there, you don't. A machine that he blew into said that he had an alcohol amount over the legal limit. If the software for that device, however, is flawed, then those results could be flawed and the machine incorrectly identified him as being over the legal limit.

I agree with the story; if the company is so sure that there's nothing wrong with the code, they should release it as ordered and allow it to be analyzed. Otherwise, it leaves people wondering what they're hiding....

I'm all for getting drunk drivers off the road and into LONG jail sentences. But *only* if they actually broke the law and were, in fact, driving under the influence and/or with a blood alcohol level over the legal limit. I would hate to see someone jailed falsely due to a faulty machine.
Posted by TheBugsAttack (2 comments )
Link Flag
You haven't understood the issue
You may be a software developer, but obviously haven't understood the issue.
If the software is buggy, it should not have been used. Convicting somebody of a crime (in this case, drunk driving) based on faulty software is a very bad thing. If the software is ok, the company should not have any problems subjecting the software to analysis, and they would indeed help getting a drunk driver off the streets. If the software is faulty, it is better to not use it than falsely convicting people.
Posted by JoeF2 (1306 comments )
Link Flag
Re:
If that's your business motto or a reflection on your software's support department, I'd hate to work in your shoes.

I disagree with your generalization... there's a large majority of development corps that do care when it fails. Including mine.

(Coming from another software developer)
Posted by T.Scott (11 comments )
Link Flag
Why are people against this?
It will either validate or invalidate the breathalizer. If it gives invalid results, that is bad for everyone. It is a very bad thing if it is saying people who are not over the legal limit are, and almost as bad if it says someone who is over the limit is not over.

There are only benefits to doing a code review, unless you think it is OK to jail innocent people or don't mind if guilty people walk free..
Posted by The_Decider (3097 comments )
Reply Link Flag
Can't accuracy be tested without source code?
Even if the algorithm remains a "black box" surely its accuracy
can be assessed without viewing the actual code.

Assessments involving multiple tests for accuracy and
calibration can be done without seeing the source. In fact,
viewing the source is likely to be less useful than empirical tests.

(I doubt the actual source code does much of the work in a
device of this nature - the accuracy of the sensor to detect
alcohol molecules would be of far more significance.)

If there is any doubt of the accuracy of these devices, why were
they chosen for use at all? Why continue to use them instead of
taking a blood sample and assessing alcohol content with the
traditional serum analysis?

The prosecution should be able to demonstrate the devices are
accurate 99.9% of the time (if indeed they are), without having to
present the source code.

It sounds a bit like a phone company being asked to present the
source code for its phone system before a phone tap is
admissible as evidence.
Posted by dotmike (154 comments )
Reply Link Flag
thank you
i would hate to see a criminal go free or an innocent man go to jail but why on earth is the source code needed? clearly the device can be tested thoroughly for accuracy without the company being forced to turn over proprietary code, effectively placing it in the public domain.

the court requiring the source code is potentially setting a nasty precedence. every criminal defense lawyer in the state will be foaming at the mouth at the possibility of demanding private sector source code from the D.A.'s office or having the charges dropped. breathalysers, radar/laser guns, dna matching equipment, finger print readers and associated programs for matching prints would all seem to be fair game for this type of lawyer's ploy. why cant the court see through this?
Posted by gsman11 (27 comments )
Link Flag
Because... its not scientifically, nor legally, true...
Without being able to dissect the actual mechanisms involved, all that any such analysis can show is a statistical-correlation within a very limited data-set. That is not reasonable-proof (unless you think that a "manufacturer" should simply, always, be trusted over impartial analysis, or you think that a "suspect" should be forced to fund such research... themselves... to prove that they are "innocent"). Otherwise, such a limited examination could not, and should not, be allowed, by any court, to be considered as sufficient for a criminal-conviction.
Posted by Had_to_be_said (384 comments )
Link Flag
Not really - There's actually some precedent to this
Sadly, you can't just assume these tests the police use are actually accurate. And saying you can test something w/o the source code wouldn't bring out all possible issues, that's the nature of software development (I'm in software QA myself, incidently).

Either way, there is some precedent here, did you hear about the case of someone being arrested b/c the police used a faulty test on Doc Bronner's soap & assumed it was GBH? Don Bolles was arrested for having "GBH", later in court it turns out that Doc Bronner's was indeed just soap & he was released. One would wonder how law enforcement tested this device's accuracy.

<a class="jive-link-external" href="http://hemp.net/news/?article=1177010783" target="_newWindow">http://hemp.net/news/?article=1177010783</a>
(sorry the LA Times article itself isn't online anymore)
Posted by M A (51 comments )
Link Flag
You're all correct, but...
You all have good valid points, but based on appearances and the general lack of credibility by attorneys in these types of matters and what their true goal is, it is more than reasonable to assume that this is nothing more than an attempt via legal manuevering to get a client off for drunk driving.

You can argue computer code, proprietary rights, semantics of the law and "high minded" principles all you want all you want. It won't obscure what I believe is really going on here.

Is someone going to argue the guy was not drinking and driving? I don't think so. Do you know any dead bodies that got the way from someone drinking and driving?
Posted by mikele11111 (166 comments )
Reply Link Flag
shortsighted
I don't know if he was driving drink, neither do you. You assume he was because the police said so(what happened to innocent until proven guilty?).

That is the entire point.

If a code review shows that the device is accurate enough to be used in a court of law, then he is still on the hook.

If it shows that it is too flawed to be used then that is a huge positive also. Since when is it "high minded" to make sure that the tools that help police do their job are accurate?

If this guy doesn't have a right to confront and examine witnesses then no one has any rights including you.

I hope a faulty breathilizer nails you falsely, then maybe why it is important to make sure it is accurate will sink into your thick skull.
Posted by The_Decider (3097 comments )
Link Flag
I doubt the value of a code inspection
I'm not sure what's to be gained here, other than the guy getting off on this technicality. I'm a fairly competent embedded software engineer who's been writing software for machines for many years. Would I be the judge for the quality of this software? Even badly written software can still allow the machine it's writen for to work within its specifications.

I go along with the people who are saying, test the machine as a black box. Show that it's accurate within the required specifications and that is all that's needed here. Does somebody expect to find a comment in the code that says, "This is where an inaccurate result is reported when used in Minnisota - hee hee."?

Bye.
Posted by Crunchy Doodle (41 comments )
Reply Link Flag
How many tests will be needed?
If you write software as you claim, you should know that it is far simpler and better to do functional and unit tests on code then it is to run a few tests on the entire system.

This is not a review on comments in code, but the code itself. Surely you understand the difference, since you are a developer. This flippant remark makes you less credible.

Testing as you think is needed, would require a very large sample to be able to measure accuracy. This is expensive and very time consuming.

There is no negative to letting tests of the source code happen. Either the courts will have precedence that says it is a reliable system, or the police will have to find a better quality tool. Either way, society wins.

I would not be surprised to find out that you work for the company that created this device and are scared about the consequences of what could happen to your company and job if this goes ahead.
Posted by The_Decider (3097 comments )
Link Flag
Why wasn't the results verified?
I think it was a couple of years ago when I was in college, that a Fort Wayne officer told me that if a person gives a positive reading for being drunk, they take the person in and they verify the result by doing a blood test. I want to know why this wasn't done in this case in Minnesota. Don't they verify the results there?
Posted by aka_tripleB (2211 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.