Slashdot Mirror

← Back to Stories (view on slashdot.org)

Breathalyzer Source Code Revealed

Posted by kdawson on from the and-it-ain't-pretty dept.

Nonillion writes "New Jersey attorney Evan M. Levow was finally able to get an order from the Supreme Court of New Jersey forcing the manufacturer of the popular Draeger AlcoTest 7110 to reveal the source code. Levow turned the code over to experts, Base One Technologies, to analyze. Initially, Base One found that, contrary to Draeger's protestations that the code was proprietary, the code consisted mostly of general algorithms: 'That is, the code is not really unique or proprietary.' In other words, the 'trade secrets' claim which manufacturers were hiding behind was completely without merit." Following up an earlier discussion here, the state of Minnesota has (without explanation) missed a deadline to turn over the code for a different breathalyzer.

9 of 501 comments (clear)

  1. Re:"code" is probably in the hardware by MBCook · · Score: 5, Informative

    You don't seem to have read the "article", but then again this is /.

    Even in such a simple case there are many things it should be testing. Is the A/D output sane? Does it take 3 quick samples while someone is blowing and average them or just take it once (which could be wrong for some reason)?

    According to the article, it doesn't look like it does. It calibrates the wind sensor, but doesn't check that the calibration is sane. It doesn't report errors unless they happen 32 times in a row. It disables the watchdog timer. It disables the interrupt for illegal instructions. It doesn't meet any coding standards. It contains code with things like "this is temporary for now" in it.

    There is an obvious reason why they didn't want the code released.

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
  2. Re:"code" is probably in the hardware by Nos. · · Score: 5, Informative
    Well, looks like its a bit more than that (FTA):
    • Several sections are marked as "temporary, for now"
    • Converters will substitute arbitrary, favorable readings for the measured device if the measurement is out of range
    • The software takes an airflow measurement at power-up, and presumes this value is the "zero line" or baseline measurement for subsequent calculations. No quality check or reasonableness test is done on this measurement
    • It would fail software standards for the (FAA) and (FDA), as well as commercial standards used in devices for public safety
    What is this thing, alpha?
  3. The entire 12 problems by poetmatt · · Score: 5, Informative
    Please read here at http://www.sandiegodrunkdrivingattorney.net/2007/0 8/successful-dui-breath-test-machine.html where they have all the information on the flaws. I will post the summary line of each result from Base one (link to their homepage) as follows:

    1. The Alcotest Software Would Not Pass U.S. Industry Standards for Software Development and Testing
    2. Readings are Not Averaged Correctly: When the software takes a series of readings, it first averages the first two readings.
    3. Results Limited to Small, Discrete Values: The A/D converters measuring the IR readings and the fuel cell readings can produce values between 0 and 4095.
    4. Catastrophic Error Detection Is Disabled: An interrupt that detects that the microprocessor is trying to execute an illegal instruction is disabled
    5. Implemented Design Lacks Positive Feedback: The software controls electrical lines, which switch devices on and off, such as an air pump, infrared source, etc. The design does not provide a monitoring sensory line (loop back) for the software to detect that the device state actually changed. This means that the software assumes the change in state is always correct, but it cannot verify the action.
    6. Diagnostics Adjust/Substitute Data Readings: The diagnostic routines for the Analog to Digital (A/D) Converters will substitute arbitrary, favorable readings for the measured device if the measurement is out of range, either too high or too low.
    7. Flow Measurements Adjusted/Substitute d: The software takes an airflow measurement at power-up, and presumes this value is the "zero line" or baseline measurement for subsequent calculations.
    8. Range Limits Are Substituted for Incorrect Average Measurements: In a manner similar to the diagnostics, voltage values are read and averaged into a value.
    9. Code Does Not Detect Data Variations
    10. Error Detection Logic: The software design detects measurement errors, but ignores these errors unless they occur a consecutive total number of times
    11. Timing Problems: The design of the code is to run in timed units of 8.192 milliseconds, by means of an interrupt signal to a handler, which then signals the main program control that it can continue to the next segment.
    12. Defects In Three Out Of Five Lines Of Code: A universal tool in the open-source community, called Lint, was used to analyze the source code written in C. This program uncovers a range of problems from minor to serious problems that can halt or cripple the program operation.

    Sorry if this is redundant, I didn't see it listed anywhere that I could tell up front. If you note that list is pretty serious. They picked a "top 5" type thing for the other link, but this one is pretty accurate. Note these guys were called in as expert witnesses and their information on their website shows they have extensive experience working with government. If these guys find flaws that is definitely pretty serious.

  4. Re:"code" is probably in the hardware by Marxist+Hacker+42 · · Score: 4, Informative

    It's even worse than that. The A/D converter is hooked up to a chamber, which at one time held a known amount of air. An infrared light source is at one end of the chamber, a photovoltaic cell at the other. The A/D converter reads the photovoltaic, they multiply it by the magic 2100 number (which is truly a magic number- it's based on an average and can really range from 1300 to 3000) and spit out the answer.

    This is why it's always vitally important to get a true blood test, and to preserve a sample for your attorney.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  5. Re:My problem with the 12 problems... by Myrv · · Score: 4, Informative

    Please read more carefully before you make incorrect phrases. Perhaps you should take your own advice to heart because as the previous poster noted, you are wrong.

    The last reading has the least weight, as the first one determines the average Nope, given the description you have so nicely put in bold the first reading is the least signficant.

    Take 3 readings, say 1 2 3 for the sake of argument. The text says the first two are averaged, so:

    (1+2)/2 = 1.5

    Now this average is averaged with the third reading

    (1.5+3)/2 = 2.25

    or in full

    ((1 + 2) /2 + 3) /2 = 1/4 + 2/4 + 3/2

    Note the 3rd point is weighted twice that of the first 2 (i.e, its divided by 2, the first two points are divided by 4).

    The real average should be:

    (1+2+3) / 3 = 2

    but the last point is being weighted more in the incorrect version so the average was given as 2.25

    If the first point was weighted more you would expect the average to be less than 2.

    It's basically using a mean instead of an average. mean and average are the same thing.

    What this means is each reading could increase or decrease the score, as opposed to being consistant. If you take 3-4 tests each one could show you as "more drunk" when you might have started at .06 and ended at .30 (as an extreme example) or started at .15 and ended at .03. No, it's not. Each subsequent reading is basically being averaged into previous value with double the weight. There are cases where you would want to do this, i.e. damp out the history, but the code comments suggest this wasn't the case (of course the code may have been changed on purpose and somebody forgot to change the comments)
  6. This is important by sjames · · Score: 4, Informative

    Without measures like this, police brethalyser selection is distorted by powerful confirmation biases.

    Given an honest belief that suspects that are given the brethalyser test are intoxicated, the natural selection bias is towards machines that read positive more often. Even without a single thought of "we need a machine that convicts regardless of guilt", that's what they will tend to get.

    Allowing the defense to face the actual witness (the brethalyser) so to speak provides the needed negative feedback to drive selection back towards accurate impartial instruments even if only to make DUI charges stick in court.

    More to the point, it can drive machine selection towards those that meet the beyond a reasonable doubt standard. If trials are going to favor the readout on a brethalyser, the machine should (for example) always round towards a lower reading when measuring or computing. For example, if there is any noise in a reading, the lowers is beyond reasonable doubt, the average is vaguely justifiable (though it is probably closer to a preponderance than it is beyond reasonable doubt) and the highest is just plain trying to get convictions regardless of merit. Otherwise it has the potential to accuse someone of DUI (to the extent that a machine can accuse) even if in fact componant tolerances may mean the difference between just over the limit vs. just under. After all, the machine is not suceptable to a jury judging if it seems unsure or knew it was close to the edge based on testimony.

    A surprising number of measurement devices meant for scientific and medical purposes (as well as law enforcement) do NOT correctly handle significant digits, error bars, or rounding. Many programmers do not understand the importance of different rounding rules, and even think that add .5 then truncate is always correct.

  7. Re:"code" is probably in the hardware by cayenne8 · · Score: 4, Informative
    "On the contrary, insist on the breathalyzer and contest the results if you fail. If you fail the blood test, you're screwed."

    I've posted this type info before...on other stories, but, depending on the state you are in, if you know you're gonna blow over the limit....refuse ALL tests...don't blow anything, don't give blood....and for God's sake...don't get out and try the field sobriety tests. All those do, is let the cops collect evidence to be used against you. According to my atty....he said you know you're going to jail no matter what...don't help them gather evidence from you. Just don't say anything, and put your hands out for the cuffs. And call the lawyer immediately....

    I know if varies from state to state...but, in many (maybe most) you probably will lose your license automatically for a year, but, can often get a hardship license for getting to work, food, etc. You may get a reckless driving...but, at least it isn't a DWI. That can hurt your credit, and job possibilities in this day of the MADD witchhunt. The new ridiculously low BAC forced by the feds (0.08) can get you nailed even if you are fine to drive.

    Anyway, if you like to have a drink out at all...you should know the laws of your state...and be prepared...

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  8. Re:"code" is probably in the hardware by russotto · · Score: 5, Informative

    Converters will substitute arbitrary, favorable readings for the measured device if the measurement is out of range

    that's more reasonable than reporting you have enough alcohol in you to kill two bull African elephants and a wildebeest.
    No, it isn't. If it, due to some error, detects enough alcohol in you to kill an elephant, it's obviously malfunctioning and should not report any value. Reporting the absurd value is second-best, because it allows you (or your attorney) to challenge the value. Reporting a reasonable-sounding value is manufacturing of evidence.

    Consider, for instance, if radar guns reported "91mph" any time they detected too high a value (say, above 200mph). You could be driving by at 75mph, some malfunction could cause the gun to detect 600mph, it would report "91mph", and you'd be screwed. If it reported 600mph and you got pulled over based on it, you'd probably win in court because your car can't do 600mph.

  9. Re:"code" is probably in the hardware by fishbowl · · Score: 4, Informative

    >Does the friggin' device work?

    Of course, by the time they actually bring out the breathalyzer, they've probably already decided to arrest you based on the Nystagmus test. Most of the procedure is just misdirection to keep the suspect calm, thinking he still has a chance to avoid arrest, even though it's already a foregone conclusion. It gives the DUI suspect a chance to dig a deeper grave for himself... The breathalyzer result is more valuable for getting confessions in the field, rather than for evidence in court. They don't actually *need* mechanical sobriety tests, since HGN, one-leg-stand, walk-and-turn tests and the like, stand up just fine in court.

    --
    -fb Everything not expressly forbidden is now mandatory.