Recently on this blog, I wrote You Have the Right to Read Your Accuser. In this, I argued that any software with substantial risk to harm your life or liberty must be open source. I specifically mentioned some breathalyzer software that people were fighting to see the source code of. Though the Florida legislature and many regional prosecutors obviously feel that the breathalyzer company’s rights were more important the individual rights, the New Jersey Supreme Court ordered that source code to a popular breathalyzer be revealed. The results, if you’ll pardon the pun, are breathtaking.
Had this been exemplary software, I might have looked like an idiot to some, though I don’t feel it would invalidate my core argument. Had this been ordinary, run of the mill software, it may have bolstered my case, but this would still be ignored by many. As it turns out, this software was absolutely abysmal and I expect that quite a number of DUI convictions can (and should) be overturned as a result. Note that I’m not in favor of overturning legitimate DUI convictions — blood test verification is regarded as reliable, but convicting someone on the basis of faulty software is a travesty that should not be allowed. In fact, I expect the officers of the corporation manufacturing the breathalyzer in question to be sued.
I also think some people in that corporation should face fraud charges because they have deliberately misrepresented its capabilities. One of their claims on the information page is that the breathalyzer “aborts a test if hardware or software errors occur”. However, the analysis (summary linked to above) states, amongst other things:
- The program presented shows ample evidence of incomplete design, incomplete verification of design, and incomplete “white box” and “black box” testing.
- An interrupt that detects that the microprocessor is trying to execute an illegal instruction is disabled, meaning that the Alcotest software could appear to run correctly while executing wild branches or invalid code for a period of time.
- The diagnostic routines for the Analog to Digital (A/D) Converters will substitute arbitrary, favorable readings for the measured device if the measurement is out of range, either too high or too low.
- The software takes an airflow measurement at power-up, and presumes this value is the “zero line” or baseline measurement for subsequent calculations. No quality check or reasonableness test is done on this measurement.
- The software design detects measurement errors, but ignores these errors unless they occur a consecutive total number of times.
In other words, errors are often suppressed or ignored and false data can be deliberately returned.
No wonder this company didn’t want anyone to see their source code!
This is exactly the same reason, on a smaller scale, why California banned electronic voting. Once again we’re finding that software which directly impinges upon our personal liberties is bug-ridden and for some ludicrous reason, individuals are having to fight to have their basic rights restored, rather than having them assumed.
How, though, are we getting into this position? Two economists, Michael Spence and Joseph Stiglitz shared the 2001 Nobel Prize in Economics for their paper The Market for Lemons: Quality Uncertainty and the Market Mechanism. The basic idea is very simple. You go to buy a car and while you’re willing to pay more for a more reliable car, you’re uncertain of its quality. As a result, this tends to depress the price for all cars. Automobile manufacturers then have a dilemma. It’s very difficult for them to convince you of quality (advertising is a poor substitute), so if they produce the “perfect” car, you don’t know that and probably aren’t willing to pay what it’s worth. As a result, there’s a downward pressure on quality. I’m sure most programmers have horror stories of their bosses telling them to “just shipped the damn thing, we can fix it later.”
In the case of liberty-threatening software, while it’s important to perform quality checks on that software, anyone who’s tried to “break” any code knows it’s far easier to do so when you have the source code. What sort of reliable checks can you do on a complicated system that’s a black box?
- Does humidity matter?
- Does temperature matter?
- Does a voltage spike matter?
- Does does using mouthwash matter?
- Does emphysema matter?
- Does a leak in the air tube matter?
- Does having a drink right beforehand matter?
- … what other things may we have forgotten?
There’s no way you can possibly test everything, but here’s another wrench in the works. From the breathalyzer company’s Web site:
The built-in communication firmware provides the capability of networking with a host computer allowing remote system diagnosis and software updating.
Great. Now you have to know when they’ve updated their software and redo all of those tests.
It’s high time that individuals say “enough” and stop allowing their rights to be gradually eroded. Liberty-threatening software must be open source.