An interesting case has developed in Minnesota when it comes to the state's use of the Intoxilyzer breath-testing machine in drunk driving charges. The state's highest court ruled Thursday that defendants have the right to have the source code of the software used in the breath-testing machines examined by their own experts.
However this is creating a big problem for prosecutors and defense attorneys alike because they don't have the source code and the Kentucky company that makes the machine won't make the code available on the grounds of the code being a trade secret. This argument prompted Ed Felten of Freedom to Tinker to question the company's argument because the company also says it's all about the sensors
The problem is illustrated nicely by a contradiction in the arguments that CMI and the state are making. On the one hand, they argue that the machine's source code contains valuable trade secrets -- I'll call them the "secret sauce" -- and that CMI's business would be substantially harmed if its competitors learned about the secret sauce. On the other hand, they argue that there is no need to examine the source code because it operates straightforwardly, just reading values from some sensors and doing simple calculations to derive a blood alcohol estimate.
It's hard to see how both arguments can be correct. If the software contains secret sauce, then by definition it has aspects that are neither obvious nor straightforward, and those aspects are important for the software's operation. In other words, the secret sauce -- whatever it is -- must relevant to the defendants' claims.
Much of the argument used by one defense lawyer was based around the fact that defects have been found in voting machine source code as well as defects being found in the code of a breath-testing machine in New Jersey. It was this argument that led the state Supreme Court to overturn an earlier appeals court decision.
Patrin, his attorney, asked a district judge to order prosecutors to turn over the source code. He accompanied his request with a memorandum and nine exhibits. Among them: a computer science professor's testimony that defects had been found in the code used in voting machines, as well as a report saying problems had been found in the code used in the breath-testing machine used by police in New Jersey.
The Supreme Court said Brunner's submissions "show that an analysis of the source code may reveal deficiencies that could challenge the reliability of the Intoxilyzer and, in turn, would relate to Brunner's guilt or innocence."
As an ex-developer I know full well how even the smallest bug can creep into software without anyone realizing it. While this might seem like a specious argument on the behalf of desperate people and their lawyers the fact is that all software used in this manner should be questioned and examined.