Source Code On Trial In DNA Matching Case (post-gazette.com)

← Back to Stories (view on slashdot.org)

Source Code On Trial In DNA Matching Case (post-gazette.com)

Posted by Soulskill on Saturday October 10, 2015 @02:32AM from the you-can't-handle-the-knuth dept.

An anonymous reader writes: While computer analysis by other programs was inconclusive in matching DNA evidence to a suspect, one program, TrueAllele, gave a match. As reported in the Pittsburgh Post-Gazette, an expert witness for the defense wants access to the 170,000 lines of source code to determine whether the match is scientifically valid. Not surprisingly, the software creator is resisting. From the article: "TrueAllele, created by Dr. Perlin and in its current version since 2009, is the only computer software system of its kind that interprets DNA evidence using a statistical model. It can single out individuals in a complex DNA mixture by determining how much more probable a match is versus mere coincidence. Complex mixtures can involve multiple people, as well as degraded or small DNA samples. ... Although the technology is patented, the source code itself is not disclosed by any patent and cannot be derived from any publicly disclosed source. The source code has never been revealed, he said, and it would cause irreparable harm to the company if it were. In his declaration, Dr. Perlin said that reading the source code is unnecessary to validate the program, and that a review could be done in his office or online."

87 of 117 comments (clear)

Min score:

Reason:

Sort:

Wrong industry? by Type44Q · 2015-10-10 02:39 · Score: 5, Insightful

Guess if he didn't want his code audited, this guy shouldn't have marketed his software to this particular industry. Dumbass.
1. Re:Wrong industry? by retroworks · 2015-10-10 02:49 · Score: 2, Interesting
  
  Huh. Interesting comment, and on point. The right to defend oneself legally seems to trump copyright law. One the other hand, if I wanted to see someone's copyrighted code, could I simply write bad code (producing a different result) and thereby get access to another programmer's code in any court case? Say for example I want to see automobile code, I find a vehicular homicide case, show a result on my program where the driver was not at fault because automobile code was badly written, and demand to see the code of the vehicle the defense client is accused of driving? EFF.org want to comment?
  
  --
  Gently reply
2. Re:Wrong industry? by Layzej · 2015-10-10 02:59 · Score: 2
  
  Best practice is to discard the minority report. No need to review the source code since there is probably no practical way to prove it correct anyway.
3. Re:Wrong industry? by Eunuchswear · 2015-10-10 03:01 · Score: 3, Informative
  
  Nothing to do with copyright law.
  
  --
  Watch this Heartland Institute video
4. Re:Wrong industry? by Layzej · 2015-10-10 03:07 · Score: 4, Interesting
  
  For instance, for any mission critical component NASA may have three different programs, each written in a different language and running on a unique platform. If at any time one of the programs gives an answer that is not consistent with the other two then the minority report is discarded and the other two are presumed to be correct. No need to halt the proceedings and debug at that point.
  In this case there is only one program that finds a match. It should be considered unreliable and discarded.
5. Re: Wrong industry? by SLi · 2015-10-10 03:18 · Score: 4, Insightful
  
  Well, not really. If the relevant facts are roughly as stated in the summary, it's indeed quite possible that the company will be forced to produce the source code or not rely on the evidence. However the only thing this means is that the defendant's paid experts get access to the source code under a strict protective order. They will then produce an expert report, which is the only thing anybody else will have access to, and even that may be sealed in whole or part if it would reveal, in the opinion of the judge (and often anyway unless the defendants object) significant trade secrets.
  I think the two most realistic reasons to oppose are the costs of production and the possible loss of reputation if the evidence due to the inevitable criticism by opposing experts.
6. Re:Wrong industry? by Anonymous Coward · 2015-10-10 03:19 · Score: 2, Insightful
  
  You don't get to use the code. It is opened for analysis only for few selected professionals and most certainly not shown to someone who has competing code. There is no problem with copyright here. The copyright is still with the one (company) who wrote the code.
7. Re: Wrong industry? by retroworks · 2015-10-10 03:27 · Score: 2
  
  You are right of course (and while a copyright may be issued prior to a license, it's a licensing and not copyright issue). But what if it is a class action suit, all accused parties in vehicular homicides demand access to auto computer codes for prosecution? I agree it's thin (would require cooperation of expensive defense lawyers with little direct benefit to the client), but as a supporter of RightToRepair I thought it was a question worth asking.
  
  --
  Gently reply
8. Re:Wrong industry? by hey! · 2015-10-10 03:30 · Score: 2
  
  The source code shouldn't matter; it's the method used by the source code. If that method cannot be reproduced without the source code, then the output of the program is worthless. If it can be reproduced without the source code, then the output of the program may have value, if the method used stands up to scientific scrutiny.
  As it stands all the prosecution has amounts to a black box with a red and green light on top and a slot in the side into which a couple of samples are dropped. If the light subsequently turns red, then the prosecutor wants the jury to believe the samples match. But they have no reason to believe that other than the prosecutor telling them to trust the box.
  
  --
  Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
9. Re:Wrong industry? by alzoron · 2015-10-10 03:37 · Score: 4, Insightful
  
  Exactly right.
  This is basically the same as asking an expert witness how they determined that the defendant was involved in a crime and the witness refusing to answer the question because "It's a secret."
10. Re: Wrong industry? by drinkypoo · 2015-10-10 04:15 · Score: 1
  
  I think the two most realistic reasons to oppose are the costs of production and the possible loss of reputation if the evidence due to the inevitable criticism by opposing experts.
  The costs of producing the source code: So damned near $0 it doesn't bear mentioning. If you can build it, you can produce it.
  The costs of possible loss of reputation: can be solved by sealing part of the court records, if necessary. But nobody has a right to a certain reputation.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
11. Re:Wrong industry? by drinkypoo · 2015-10-10 04:17 · Score: 2
  
  The source code shouldn't matter; it's the method used by the source code.
  Okay, now go forth and prove that a stated method was used without referring to the code.
  
  As it stands all the prosecution has amounts to a black box with a red and green light on top and a slot in the side into which a couple of samples are dropped. If the light subsequently turns red, then the prosecutor wants the jury to believe the samples match. But they have no reason to believe that other than the prosecutor telling them to trust the box.
  Right, without a code analysis they have no way to know if the box contains anything of value.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
12. Re:Wrong industry? by gerddie · 2015-10-10 04:44 · Score: 4, Informative
  
  It has everything to do with copyright law. It's what the company is using in order to claim that they have a right to keep information from the court.
  No, even if they would show the code, it wouldn't become magically free software or public domain. What they claim here is that they want to keep a trade secret.
13. Re:Wrong industry? by Anonymous Coward · 2015-10-10 04:50 · Score: 1
  
  Copyright law is about the rights to copy and distribute intellectual property, it has absolutely NOTHING to do with secrecy. Btw, nobody has the right to keep information from a court of law; if a judge demands it, you must oblige.
14. Re:Wrong industry? by ThatAblaze · 2015-10-10 06:24 · Score: 1
  
  I think the NSA has already proved you wrong about that on several occasions.
15. Re:Wrong industry? by pepty · 2015-10-10 06:35 · Score: 1
  
  Not really. In this case the best practice for the defense is to consider any match, even from the majority, to be statistically flawed and ask that the full sequences be compared directly. When you are fishing in a database it makes sense to only look for a few datapoints. If you want to prove the match is a false positive there's no need to look at the software results again, these days you can send the trace evidence and the suspect's DNA to a company that does full sequencing of genomes and do the full comparison with (open source) software like Blast or Last for less than it would cost to argue about the original software results in court. Would be difficult in evidence that has a mixture of DNA from different sources, but basically just look for a difference that makes the DNA in the evidence unlike that of the suspect's DNA, instead of looking for similarities between the evidence and the suspect.
16. Re:Wrong industry? by climb_no_fear · 2015-10-10 06:57 · Score: 1
  
  That's not the limitation.
  
  Of course you can sequence every base pair of the suspect. The DNA evidence is limiting, the problem is the evidence.
  
  Just for example, pretend we know beyond a doubt that a killer and five other people used the same pen to sign in in a hotel. Let's pretend that the pen fell down a couple times and it was a rainy day (mud on the floor).
  
  There is a mixture of 5 people's DNA plus bacterial DNA of 100 species and the bacterial enzymes which are busy degrading the DNA.
  
  This mess is sequenced and the program has to identify small stretches of DNA and correct for multiple comparisons to the whole human genome and between similar genomes.
  
  There is nothing left of the evidence to sequence.
17. Re:Wrong industry? by sumdumass · 2015-10-10 07:30 · Score: 1
  
  Not really in this case. This is not a situation where multiple programs do the same thing. Others match DNA identifiers to find a match where the one in question matches the statistical probably of identifiers being a match. Its kind of like the difference between determination of a pipeline diameter by measuring the pipeline verses measuring the flow rate and working back. So while the objective is the same, the approach is different enough to be separated from each other.
18. Re:Wrong industry? by DerekLyons · 2015-10-10 07:31 · Score: 1
  
  For instance, for any mission critical component NASA may have three different programs, each written in a different language and running on a unique platform.
  Nope, the record (which was the Shuttle's control system) is two different programs running on identical hardware. They weren't even identical programs, the first had all mission features, the second had just enough to reach orbit and to return from orbit to earth. But even that was highly unusual - the norm is two identical computers running identical software.
  
  If at any time one of the programs gives an answer that is not consistent with the other two then the minority report is discarded and the other two are presumed to be correct. No need to halt the proceedings and debug at that point.
  Where the three comes in is the primary Shuttle flight control was three copies of the same software running on three identical computers. The minority report is in fact disregarded.
19. Re: Wrong industry? by mspohr · 2015-10-10 07:49 · Score: 1
  
  The problem is that I have my expert and they have their expert... sounds like a standoff.
  If I am going to jail, I need to know that it's based on real science (public, audited, peer reviewed, verified) not some guy's secret algorithm.
  
  --
  I don't read your sig. Why are you reading mine?
20. Re:Wrong industry? by hey! · 2015-10-10 07:59 · Score: 1
  
  It doesn't matter what the code produces. You use an independently developed and open system to confirm that the code in question conforms to the method. Then it's a matter of showing the method is valid, which of course is the important question. Patents don't mean something accomplishes what its inventor purports it does.
  
  --
  Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
21. Re: Wrong industry? by HiThere · 2015-10-10 08:24 · Score: 2
  
  Actually, that's not always true. I've heard of companies that used software they only had in binary. I suppose you could turn that into assembler easily enough, though you might end up with some of your data being rendered as code.
  (The case I heard of was back in the 1970's and the programmer who originally built the software fixed it with binary patches, so the code didn't mean anything...but it had been lost anyway by this point.
  They used this software as a part of how they figured their profits, which they then reported to the IRS. At some point the IRS decided to audit them.... WHOOPS! And the guy who wrote the code was no longer working there.)
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
22. Re: Wrong industry? by Anonymous Coward · 2015-10-10 10:24 · Score: 1
  
  Nope. 5th amendment covers testimony only, and only covers testimony where there is an actual possibility of self incrimination. If you have a document that proves your guilt, you still have to produce it legally.
23. Re:Wrong industry? by Impy+the+Impiuos+Imp · 2015-10-10 12:15 · Score: 2
  
  Well, a criminal case can demand whatever they want from the NSA. The NSA then has a choice (aside from arguing successfully the info is irrelevant):
  1. Give it up
  2. Declare it a secret, and possibly force the release of the suspect as a result.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
24. Re:Wrong industry? by msobkow · 2015-10-10 16:35 · Score: 1
  
  Anything submitted to the courts becomes a matter of public record.
  
  --
  I do not fail; I succeed at finding out what does not work.
25. Re: Wrong industry? by msobkow · 2015-10-10 16:41 · Score: 1
  
  You write your own software in binary?
  I haven't seen that since the age of panel switches and lights for bootstrapping old, old, old computers...
  
  --
  I do not fail; I succeed at finding out what does not work.
26. Re:Wrong industry? by sjames · 2015-10-10 18:11 · Score: 1
  
  Public record, yes. But in cases where the material is identified beforehand as proprietary, the judge can extend protection including sealing it.
  It still wouldn't get rid of the patents.
27. Re: Wrong industry? by HiThere · 2015-10-10 18:27 · Score: 1
  
  No. But the guy who was maintaining the software originally wrote it in assembler, and then fixed bugs by doing binary patches. Not me, I never worked for the company, or met the guy who wrote the software. I understand the company was a shoe seller, but I don't even know whether it was a manufacturer or a vendor.
  Yes, however, this was on an OLD computer. But the software was kept as a deck of punched cards, not panel switches. (It's not THAT old.)
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
28. Re: Wrong industry? by sjames · 2015-10-10 19:11 · Score: 2
  
  If they only have it in binary, that would mean that they are falsely testifying to the validity of code they haven't examined.
29. Re:Wrong industry? by sjames · 2015-10-10 19:16 · Score: 1
  
  That sounds to me like an inconclusive result, not something you should use to send someone to death.
30. Re:Wrong industry? by Anonymous Coward · 2015-10-10 19:52 · Score: 2, Informative
  
  What i find odd about this is that the code is supposed to be statistics. If the code is following the correct mathematical analysis then the code is technically already released to the public or at least academic records. The only thing protected here is the implementation, e.g. how it communicated with hardware, which algorithms are used, and the code got the UI. All this can be easily duplicated by any skilled CS student. So when he states that releasing the code even for court review will cause irreparable harm to his company it draws a serious issue to the credibility of his code. If he is using proprietary algorithms then the code cant be trusted anyway, as any algorithm that has not been scrutinized by peer review is assumed flawed and thus scientifically useless.
  The only evidence in this case is a DNA result that was deemed too complex for analysis using any other method. Yet this software gets a hit, but how do we verify the result to ensure that the hit is valid? Well Dr. Perlin us using copyright and a claim that releasing the code will detrimental to his company. Only his laboratory or online can analyze it. But wait the linked article stated that no known method could analyze it? So which is true will an online search revel an algorithm that can analyze it, if so the algorithm is known and he could simply point them in the right direction, which should be disclosed right? Or the software is using an untested and unreviewed algorithm that cant be trusted. An examination in his office is useless, it has to be an unbiased 3rd party review as he is a biased party in this issue.
31. Re:Wrong industry? by climb_no_fear · 2015-10-10 20:20 · Score: 1
  
  Well, I agree that for a conviction that this is probably insufficient alone, especially when you consider that, the other 5 people, even if you know who they are, may refuse to have their entire genome sequenced as a comparator (I would refuse and I studied genetics), so the comparisons are even weaker.
  
  That is why this computer program needs to be examined even more thoroughly than most people realize.
  
  Whether anyone should be put to death on the basis on any evidence, no matter how sound it is, is a question outside the realm of this discussion.
32. Re:Wrong industry? by sjames · 2015-10-10 20:36 · Score: 2
  
  I asked my magic 8ball^w^wScientific testimony device how accurate this thing is and it said "outlook not so good". Naturally, it uses proprietary algothingamajigs so I will not be submitting it to examination.
  But yes, an unproven methodology implemented by unproven software and they want to hang a man's life on it's results.
33. Re:Wrong industry? by sjames · 2015-10-10 20:38 · Score: 1
  
  It's even worse. The methodology that the software might or might not correctly implement is itself unproven.
34. Re:Wrong industry? by climb_no_fear · 2015-10-11 00:31 · Score: 1
  
  You're absolutely correct, for a non-programmer like myself, most of us confuse the algorithm and the code implementing the algorithm and just call them the program (I know that's wrong but it's how I think).
35. Re:Wrong industry? by lsatenstein · 2015-10-11 05:00 · Score: 1
  
  Guess if he didn't want his code audited, this guy shouldn't have marketed his software to this particular industry. Dumbass.
  Moreover, what if his source code was a sham, and in fact, it was a human, looking at the evidence via a microscope or other clairvoyant instrumentation that decides on the life/death of an individual.
  As a minimum, the source code should be shown, should be compiled and tested with the compiled version. Statistical sampling can be prone to definite errors, particularly if the sample sizes analyzed are too small. What were the sample sizes? Under 100, or under 2000? The former would be dangerous and probably in error, while the latter could give a result within tolerance of 1%.
  
  --
  Leslie Satenstein Montreal Quebec Canada
36. Re:Wrong industry? by beastofburdon · 2015-10-15 06:18 · Score: 1
  
  This isn't about copyright, it is a patent in question. Which makes me think a bit. In a patent you have to describe in detail how the device works so that after the patent expires others can easily emulate it. Shouldn't that mean the source code itself is required to be contained in the patent?
37. Re:Wrong industry? by Lord+Bitman · 2015-10-18 21:05 · Score: 1
  
  Exactly this. I'd argue that due to Copyright law's intent of promoting the eventual public domain, anything "secret" is clearly not covered by copyright law.
  
  --
  -- 'The' Lord and Master Bitman On High, Master Of All
Are these the same guys that run VW? by BitZtream · 2015-10-10 02:43 · Score: 1

Seriously at what point is the general public going to stop accepting that bullshit lie?
My cold fusion work only when I run the experiment in my shed with no one watch too ...

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
1. Re:Are these the same guys that run VW? by gerddie · 2015-10-10 04:48 · Score: 1
  
  My cold fusion work only when I run the experiment in my shed with no one watch too ...
  Obviously, it's quantum physics, by monitoring the experiment you change the outcome ;)
Reasonable Doubt by Anonymous Coward · 2015-10-10 02:46 · Score: 3, Insightful

From the perspective of the burden of proof placed on the Prosecution, they have to disclose how they arrived at this derived 'evidence' of a match via TrueAllele. Criminal justice can't be served using a "Black-Box" as an input.
Disclose the software and its methods to a legally-sworn-to-secrecy-expert-witness, or toss the evidence as inadmissible.
1. Re:Reasonable Doubt by godrik · 2015-10-10 03:13 · Score: 2
  
  I do not know the US legal system that much. But it seems that if you can not get a court-nominated expert witness to vouch for the result, the evidence should be discarded.
  Now, I would even prefer if an independent lab could reproduce that result.
2. Re:Reasonable Doubt by tomhath · 2015-10-10 03:38 · Score: 1
  
  They already have an expert witness - the author of the program. He is willing to testify how his program reached the conclusion it did. At some point you need to accept whether or not an expert is indeed an expert, otherwise you get into an infinite loop of "my expert needs to verify your expert's expertise"
  In this case the defense is on a fishing trip to find a bug or two in the code, which they will then use to discredit the entire program even if the bug has nothing to do with the conclusion.
  All that said, I agree that the source should be made available.
3. Re:Reasonable Doubt by Maxo-Texas · 2015-10-10 06:47 · Score: 1
  
  His testimony simply saying 'well it works" isn't usable because of his vested interest.
  Unless someone else can duplicate the results, it's not really scientific data and shouldn't be admissible.
  Consider VW diesel engines. You can't trust software unless you can validate it.
  
  --
  She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
4. Re:Reasonable Doubt by NoKaOi · 2015-10-10 09:18 · Score: 1
  
  They already have an expert witness - the author of the program. He is willing to testify how his program reached the conclusion it did. At some point you need to accept whether or not an expert is indeed an expert, otherwise you get into an infinite loop of "my expert needs to verify your expert's expertise"
  Said expert is not impartial, for 2 reasons: 1. It's his company, so he has a major financial stake in testifying that his software is perfect. 2. The prosecution is effectively his customer, and the any good business person know the customer is always right.
  As somebody above stated, if the author of the software wasn't willing to submit to a code review, then he picked the wrong damn market. If your life and freedom were at stake, would you want to take the word of the author of the software, or would you want your own expert reviewing it?
5. Re:Reasonable Doubt by Ungrounded+Lightning · 2015-10-10 12:51 · Score: 1
  
  From the perspective of the burden of proof placed on the Prosecution, they have to disclose how they arrived at this derived 'evidence' of a match via TrueAllele.
  IMHO: Unless there is an issue with whether the database TrueAllele searched was obtained illegally (making any results of searching it for suspects "fruit of the poisoned tree"), they DON'T have to show how the match was found.
  They just have to show that the match IS a match. This can be done with the data involved in the match standing on its own,
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
6. Re:Reasonable Doubt by sjames · 2015-10-10 19:20 · Score: 1
  
  However, the defense DOES have a right to bring in their own expert witness. That witness has to be allowed to examine all of the evidence and methodology used by the prosecution's expert.
7. Re:Reasonable Doubt by Ungrounded+Lightning · 2015-10-11 16:33 · Score: 1
  
  No I disagree, as the data involved in matching is the result of a highly filtered process. There are many many data point's that don't support a match, as evidenced by the inability to replicate a match via any other method.
  Simply using the matching data allows the filtering assumptions to go unchallenged.
  If what's at issue is whether the tool selected the matches and hid the mismatches, and this can't be determined by comparing the defendant's genome against the tracable raw data that went into building the database, then the defendant's team gets to examine the software or the evidence is out. Agreed.
  Defendant have the right to a thorough cross-examination. The database used, the filtering process are all relevant to the actrual likelihood of a match.
  Here's where we're differing. I am claiming that, once a match is found, the quality of the match can be checked by comparing the raw data of the defendant's sample against the raw data that went into the database that was searched. Even if the data was reduced and encoded in some proprietary way to assist rapid searching and probability estimation by the proprietary tool, the match can be proven - as can the assertion that no exculpatory evidence was withheld - by providing the base data and ANY algorithm that performs the equivalent probability computation in a transparent way. If it gets the same numbers, that part of the issue is proven.
  If there is some question of whether the tool used improperly obtained evidence in deciding to look at this guy's data, that would make its internals relevant. If there is some question that it may have identified other, equally good, matches and these were withheld from the defence, that might make the OPERATION of the tool relevant, without putting the workings of its innards into that category.
  But IANAL. If the court says you're right on this it won't surprise me. (But their reasoning would be interesting.) Also: I won't complain if they kill database-fishing for "a wrong reason". B-)
  Defendants have the right to compel testimony and other evidence to be produced if they can show it is relevant. Trade secret, patent, or copyright has no power to override constitution guarantees to due process.
  Total agreement there.
  Prosecutors should not be allowed pseudo-science or selective disclosure of data. In fact, knowing use of either constitute prosecutorial misconduct, [an offense] that can result in financial sanctions and or disbarment.
  Total agreement there, too. (Also, IMHO: Such sanctions and/or disbarment should be invoked far more often than they are. B-) )
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Trust us by Anonymous Coward · 2015-10-10 02:47 · Score: 3, Informative

Perhaps it's time for a more open process and open source code backing these types devices before their results are accepted as forensic evidence.
CSI is a lie:
http://www.theatlantic.com/politics/archive/2015/04/csi-is-a-lie/390897/
Crime lab major errors:
http://www.mprnews.org/story/2013/02/14/news/saint-paul-crime-lab-major-errors-found
1. Re:Trust us by aix+tom · 2015-10-10 04:08 · Score: 1
  
  And another example on how "DNA evidence" sometimes isn't:
  https://en.wikipedia.org/wiki/...
2. Re:Trust us by NoKaOi · 2015-10-10 09:21 · Score: 1
  
  Perhaps it's time for a more open process and open source code backing these types devices before their results are accepted as forensic evidence.
  Agreed, and it doesn't even have to be free to be open source. When someone's freedom is at stake, the burden of proof is on the prosecution, which in these cases means the burden of proof is on the software to show that it works. How can they possibly show that it works, beyond a reasonable doubt, without code review?
Thrown it out by Anonymous Coward · 2015-10-10 02:52 · Score: 2, Insightful

Guess if we can't see the code that shows that the DNA sample is valid then thrown out the results, pretty simple.
People need to learn if they are creating software that needs to hold up in court that they can't hide it. Trowing out the evidence would be the first step to make sure no one wants to pay for software that can't be audited in a investigation. Then no one will buy his software anymore and he can be happy that it is still safe from prying eyes.
Patented so no reason to keep secret by Eunuchswear · 2015-10-10 03:00 · Score: 5, Funny

If his method is patented he has no need to keep his code secret.
Unless it's shit, of course.

--
Watch this Heartland Institute video
1. Re:Patented so no reason to keep secret by Crowd+Computing · 2015-10-10 03:41 · Score: 1
  
  Forcing the source code to be revealed might set a precedent that could be used against companies like Google or other cloud service providers. While TrueAllelle appears to be a standalone system rather than a cloud service, the company behind it could claim a similar "trade secret" defense against the petition.
2. Re:Patented so no reason to keep secret by OrangeTide · 2015-10-10 04:03 · Score: 2
  
  I see two reasonable options here:
  1. reveal the source code. does this mean the court gets to force a business to reveal it? I don't think that's right.
  2. remove the evidence from the case.
  If TrueAllele sold their software to prosecution or a forensics department and are unwilling to provide source code, then that should be a civil case for misrepresenting their software as appropriate for working with evidence.
  (My statements assume the world is fair and that courts are interested in facts and truth. I realize that the real world doesn't work that way, but I free to press for how things ought to work)
  
  --
  “Common sense is not so common.” — Voltaire
Computerized evidence, destructive sampling by silas_moeckel · 2015-10-10 03:00 · Score: 5, Insightful

If your going to use a computer to generate evidence then yes you must allow the defence to look at the technique that means source code. You must never be required to merely observe at somebody else's lab especially when there companys continued business relies on the test succeeding. Realy anything that another lab that is not associated to the first can not do should not be admissible.
This gets even more important when the tests are destructive so it can only be done once. Validating the means used etc etc elsewise it becomes a black box to provide evidence against whoever they want.

--
No sir I dont like it.
Interim solution by Anonymous Coward · 2015-10-10 03:09 · Score: 1

Have a third party selected by the court audit the code. There are tons of firms which have the expertise to do this, be it any of the big four or even security consultants, and a court selecting one would make it independent from both parties in the case.
Re:Wrong industry? (not a copyright issue) by tkrotchko · 2015-10-10 03:17 · Score: 5, Insightful

As the other poster said, he's not saying it's a patent or copyright issue, he's effectively saying it's a trade secret.
So the issue is really pretty clear isn't it? If he refuses to show his code to an expert witness and explain it, then the evidence can't be used.
We'll see what the judge has to say.

--
You were mistaken. Which is odd, since memory shouldn't be a problem for you
That's a really good link by tkrotchko · 2015-10-10 03:20 · Score: 1

Pretty eye opening. Worth the 5 minutes to scan through it.

--
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Speaking as an IT expert witness of 16 years... by bfwebster · 2015-10-10 03:45 · Score: 5, Interesting

...I think the defense has the better argument. I have used software tools (both third party and ones I have developed personally) to do source code comparisons and analysis, but they only serve to point me to likely areas of investigation; I have never directly reported and relied upon the output from one of my custom tools in my expert reports.
A key aspect of expert testimony is that your analysis should, in theory, be repeatable by any other qualified expert using the same methodology (which needs to be spelled out in your report). If Perlin is relying directly upon his custom program for his conclusions, he needs to thoroughly expose his methodology -- which, in effect, means either allowing his source code to be reviewed or producing a detailed summary of his methodology that would allow someone else to reproduce it. Trying to claim trade secret status (which is what he's doing, in effect) for a expert methodology is an oxymoron.

--
Bruce F. Webster (brucefwebster.com)
If results cannot be reproduced... by OrangeTide · 2015-10-10 03:57 · Score: 3, Insightful

Then it is not science, and it should not be admissible as evidence. It doesn't really matter that it can't be reproduced because the software vendor won't share their techniques as they believe the software to be a trade secret. If it is not possible to confirm results, it's not science! Yes, TrueAllele is a toy and not only am I skeptical of anyone using it as the basis of their scientific research, use of TrueAllele om court ought to throw any conviction into question as well.

--
“Common sense is not so common.” — Voltaire
1. Re:If results cannot be reproduced... by reve_etrange · 2015-10-10 04:48 · Score: 1
  
  Not to mention the sheer audacity of the claim that "[TrueAllele] is the only computer software system of its kind that interprets DNA evidence using a statistical model."
  There's nothing unique or interesting about this guy's software except the specific application.
  
  --
  .: Semper Absurda :.
Sufficiency of Detail: Is the Patent Valid? by ZipK · 2015-10-10 04:50 · Score: 1

Although the technology is patented, the source code itself is not disclosed by any patent and cannot be derived from any publicly disclosed source.
If the patent doesn't disclose the invention in sufficient detail for it to be reproduced by someone skilled in the arts, is the patent valid?
Testing by FrozenGeek · 2015-10-10 05:27 · Score: 2

So, if I understand this correctly, his product uses a very different methodology to match DNA samples than do his competitors. In this case, his product gave a completely different result from the results generated by his competitors. Has anyone done an independent, double-blind study comparing the results of his product and those of his competitors? And I'm not talking about a handful of tests. I'm talking about thousands, or tens of thousands, of tests.
I can understand why the manufacturers don't want to do that. It may well show that, oh dear, the best product is wrong 5% of the time (not good). Or that product X is head and shoulders above the rest.
But seriously, what industry-wide testing has been done? We're staking peoples' lives to the efficacy of this technology. How effective is it?

--
linquendum tondere
Melendez-Diaz v. Massachusetts by technosaurus · 2015-10-10 06:07 · Score: 2

This has already been ruled on for traffic cameras. I think that is a pretty good precedent.
Trade Secret, not Copyright by Geoffrey.landis · 2015-10-10 07:07 · Score: 1

Nothing to do with copyright law.
It has everything to do with copyright law. It's what the company is using in order to claim that they have a right to keep information from the court.
No, even if they would show the code, it wouldn't become magically free software or public domain. What they claim here is that they want to keep a trade secret.
Correct. It has nothing to do with copyright law. The intellectual property law here is trade secret law.

--
http://www.geoffreylandis.com
1. Re: Trade Secret, not Copyright by amplesand · 2015-10-10 10:56 · Score: 1
  
  "Software the only industry that covers a single body of work by three IP laws: patent, copyright and trade secret. I believe the original intent of each of these laws was that they would mutually exclude each other."
  
  Why would you believe that?
2. Re: Trade Secret, not Copyright by Type44Q · 2015-10-10 11:22 · Score: 1
  
  Why wouldn't you?!
3. Re: Trade Secret, not Copyright by Strangely+Familiar · 2015-10-10 16:33 · Score: 1
  
  OK, I'll bite. Patent law requires sufficient disclosure for a person skilled in the art to make and use the invention. The general intent of patents was to avoid trade secrets, and having technologies lost when master practitioners died. Trade secrets are destroyed by such disclosure. Patent law is supposed to cover the substance of a disclosure, not the particular disclosure. In other words, you could describe a blue semiconductor laser in any way you want, as long as it was clear to a person skilled in the art, and your intellectual property would be blue semiconductor lasers, not the words describing them. Copyright covers the particular expression, not the underlying substance. Thus, many university professors could all write textbooks about the same blue semiconductor laser, without violating each others' copyright. They couldn't all patent the same blue semiconductor lasers. Also, copyright is at odds with trade secrets in the most basic way. Of course there are exceptions, and software seems to span all three. That's because a set of computer words could be 1) an indecipherable secret code 2) an artistic expression, or 3) a functional part of a machine, such as a read only memory in a CVD chamber which makes blue semiconductor lasers. In the third instance, the CVD chamber could turn out useful blue semiconductor lasers or completely useless silicon junk, simply by changing only the contents of the ROM. So, the software in the ROM might be covered by a patent which describes the steps the software makes the CVD chamber perform. You might not need to see the source code or the compiled code in order to understand the invention. The compiled code could be covered by copyright, and the source code could be covered by trade secret. Notice that these are all different things, yet all aspects of the same thing. 65 is not the same as 01000001 or the letter "A", is it? No, they are three different things, just like patents, copyrights, and trade secrets. Any similarity is all in your head. And BTW, it's not yours, so keep your filthy brain off it.
  
  --
  Join the IParty!
4. Re: Trade Secret, not Copyright by amplesand · 2015-10-10 19:33 · Score: 1
  
  Thanks, I'll just add that the concepts of patent and copyright are both quite old. Patents had been invented in Venice some decades before Columbus discovered the western hemisphere and copyrights in the 17th century. [All information according to The Big W.]
Re:Wrong industry? (not a copyright issue) by mspohr · 2015-10-10 07:46 · Score: 3, Insightful

Essentially this guy is going to jail based on a secret algorithm that can't be verified.
I can't imagine how this could be legal.

--
I don't read your sig. Why are you reading mine?
The main problem is finding a disposable expert. by tlambert · 2015-10-10 08:18 · Score: 3, Interesting

The main problem is finding a disposable expert.
The people who originally clean-roomed the IBM BIOS for Compaq were split into two teams, with a Chinese wall between them: the analysis team, and the implementation team. The analysis team analyzed the IBM BIOS, wrote a specification, and then the implementation team implemented a BIOS to that specification. At which point the analysis team were effectively "burned", as in being forever barred from ever working on an implementation team in the future. They were highly paid for this, but they were disposable.
As with clean-room engineering, this expert would not be permitted to work on any software covered by the trade secret in the future. In an expert witness situation, you might be able to get away with disposing of the expert, if all they did was witnessing, rather than actually coding in the field of expertise themselves. However, how likely is it that you can find someone like that who also qualifies as an expert?
Further complication: Having testified (presumably in favor of the prosecution, in this case), would the expert witness be permitted to testify on similar goal programs in the future, given what the [now] knows about the process and techniques of the one they testify about today? Would exposure to multiple, competing trade secrets, damage their ability to perform an unbiased analysis, given what they knew from earlier experience? In general, I think you [as the defense] could argue that it, in fact, did damage their impartiality in their analysis.
Re:Wrong industry? (not a copyright issue) by almechist · 2015-10-10 09:11 · Score: 4, Insightful

Essentially this guy is going to jail based on a secret algorithm that can't be verified. I can't imagine how this could be legal.
Actually, it's worse than that, he's facing a death sentence. It's inconceivable to me - but, sadly, unsurprising in this day and age - that someone might be legally executed based in part on the results of a proprietary algorithm that the defense is not allowed to examine. I can only hope the judge recognizes the seriousness of the situation. This case definitely bears watching
Usually code is kept secret because it is so bad.. by gweihir · 2015-10-10 09:34 · Score: 2

The typical reason to keep code secret from everybody is because it is of abysmally bad quality or there are other severe problems hidden in there. Reasonable-quality code gets inspected and audited by 3rd parties all the time under NDA. In this particular case, it may also well be that the code does not do what its creator claims and the patent is bogus. If the expert finds this, the code becomes worthless and the creator may even become a target for litigation.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
170,000 lines of code... by tomwrake · 2015-10-10 09:52 · Score: 2

Dr. Perlin created the method, the company and uses the software. There are no articles that independently validate the software. The software is a only one of its kind type item. In this case the artificial patent monopoly may work against Dr. Perlin and his company.
From the article
According to a court filing made by Dr. Perlin in the case, his company, Cybergenetics, “has invested millions of dollars over two decades to develop its TrueAllele system, the company’s flagship product. Although the technology is patented, the source code itself is not disclosed by any patent and cannot be derived from any publicly disclosed source.”
Other points 1) Dr Perlin's software does not have a cited "independent validation study" that is a study without the involvement of Dr Perlin. 2) "TrueAllele, created by Dr. Perlin, "is the only computer software system of its kind that interprets DNA evidence using a statistical model."
Here is the trouble I see, 1) Cybergenetics may have a problem defending it's patent, give that the software cannot be derived from "any publicly disclosed source" does the patent really disclose the real methods or it is likely this is another "software patent" with all the legal problems these currently have at the supreme court. 2) The sofware, Cybergenetics and software validates all seem to be tied to Dr Perlin, if this causes problems in courts Cybergenetics market with law enforcement will evaporate. 3) We know "software engineers" have been publicly accused in the VW matter, could they not do the same for Cybergenetics with out Dr Perlin's knowledge?
Re:Wrong industry? (not a copyright issue) by Impy+the+Impiuos+Imp · 2015-10-10 12:08 · Score: 1

Really they should not be relying on him at all to prosecute.
If other analysis systems can't match him well, the defense should be partying and ready to call it a day, regardless of how one particular system responds. That is easily reasonable doubt.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
That's not the reason. by tlambert · 2015-10-10 12:17 · Score: 1

The typical reason to keep code secret from everybody is because it is of abysmally bad quality or there are other severe problems hidden in there.
That's not the reason.
A lot of code violates copyright, patents, and license agreements like the GPL. You would *not* believe what some of the ATI and nVidia code looks like, and you would *not* believe the number of USB keyboards running firmware that one manufacturer pretty much copied wholesale from another, and you would not believe the number of companies that sell "sanitized" open source software as proprietary code to third parties.
1. Re:That's not the reason. by gweihir · 2015-10-10 12:34 · Score: 1
  
  And code violating copyrights is not a "severe problem hidden in there"? I would think it is.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
2. Re:That's not the reason. by tlambert · 2015-10-10 13:58 · Score: 1
  
  And code violating copyrights is not a "severe problem hidden in there"? I would think it is.
  It's not a "severe problem" for everyone, only for the copyright holder.
  I would only class something as a "severe problem" if it impacted the correct function of the software.
  Legal problems do not impact function.
3. Re:That's not the reason. by gweihir · 2015-10-10 15:32 · Score: 1
  
  You have a problem with language semantics. Obviously, the definition of "severe problem" you use here is something you dreamed up, and incompatible with general use.
  And, incidentally, if discovered, it becomes a severe problem for those that wrote and own the software and possible those that use it. Fro example, it could then become subject to criminal penalties (i.e. personal ones) to continue to use the software.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
4. Re:That's not the reason. by tlambert · 2015-10-10 16:40 · Score: 1
  
  You have a problem with language semantics. Obviously, the definition of "severe problem" you use here is something you dreamed up, and incompatible with general use.
  severe /svir/
  1. harsh; unnecessarily extreme: severe criticism; severe laws.
  2. serious or stern in manner or appearance: a severe face.
  3. grave; critical: a severe illness.
  Yes, copyright laws are indeed severe. However, violation of copyright does not lead to death, like the severe flaws in the Toyota ECM software, so in that sense, unlike a severe illness, a violation of copyright is not severe in the same way the Toyota ECM software or an illness can be considered severe.
  
  And, incidentally, if discovered, it becomes a severe problem for those that wrote and own the software and possible those that use it. Fro example, it could then become subject to criminal penalties (i.e. personal ones) to continue to use the software.
  China regularly ignores patent and copyright law, and if the only way to expose such violations would be to provide source code (it's not: companies are just lazy about reverse engineering to determine copyright violations -- which, since it would not be in the interests of interoperability, would be a DMCA violation -- just like the DMCA violation the CARB and the EPA committed to determine that VW was cheating on the smog tests, in fact), then a company would have to be stupid to ever expose their source code.
  BTW: The only penalties for a Chinese violation of a patent or copyright are ... nothing.
  As for those who use the software: ATI and nVidia have basically agreed to not look inside each other's sausage factories. If you are a user who goes looking and finds something, expect to be sentenced for violating the DMCA, and then expect hate mail from everyone who can no longer use the product, because you've exposed the internals of the sausage factory.
  See also: The recent FTDI serial dongle driver debacle.
5. Re:That's not the reason. by gweihir · 2015-10-13 15:52 · Score: 1
  
  Many words, no relevant content. Misdirection to cover up your display of ignorance would be my guess.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Not true. by Ungrounded+Lightning · 2015-10-10 12:42 · Score: 1

If he refuses to show his code to an expert witness and explain it, then the evidence can't be used.
Not true...
As I understand it, he should be able to get his program (or a modification of it) to produce as an output:
- The computation of the probabilities
- The data used to compute them, with annotation giving a trace back to its source.
- The assumptions behind the computation.
The issue of HOW IT IDENTIFIED this individual is separate from WHAT IT IDENTIFIED ABOUT HIM. The former is the "secret sauce" and would not be revealed. The latter is the evidence and can stand on its own. Further, it MUST be able to stand on its own - because if it can't, it's inadequate.
Now if part of his "expert testimony" is that his program did NOT find any other people who 'matched' and this is somehow relevant, THEN how it goes about doing the matching also becomes relevant and he's hosed.
Of course the defence is going to do their darndest to monkeywrench the prosecution, and threatening the tool builder with disclosure of his trade secrets is a good move tactically. It's up to the judge (and possibly the appeals judge) to call them on it if it's just an irrelevant thrash.
(I say this all as someone who personally believes that DNA evidence should only be used for defence, not prosecution, in criminal trials, because non-match is definitive while "match" is a difficult probability estimate based on assumptions about genetics, gene distribution, gene correlation, and on some very difficult to grasp probability computations. Hunting for matches in databases is, IMHO, subject to false positives and overestimation of the improbability of the match being false, based on underestimation of correlation and the genetic and familial mechanisms that might promote it.)

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
1. Re:Not true. by sjames · 2015-10-10 18:48 · Score: 3, Insightful
  
  Honestly, the 50,000 foot view of the methodology sounds a bit dodgy to me. I would like to know what peer reviewed experiments have demonstrated that the methodologies in use can identify a single person out of a mix of DNA that actually owned the item. Were they replicated? Then there is a need to show that the software actually performed that methodology without error. Perhaps the prosecution would care to have a third party run the methodology by hand in a blind test?
  If those 2 sticking points cannot be satisfied, then the "evidence" is bunk.
2. Re:Not true. by Agripa · 2015-10-14 08:23 · Score: 1
  
  Of course the defence is going to do their darndest to monkeywrench the prosecution, and threatening the tool builder with disclosure of his trade secrets is a good move tactically. It's up to the judge (and possibly the appeals judge) to call them on it if it's just an irrelevant thrash.
  As if the prosecution did not pick or encourage a testing method which would prevent cross examination.
Re:Wrong industry? (not a copyright issue) by Strangely+Familiar · 2015-10-10 16:49 · Score: 1

It seems like the software is accusing the defendant, and the defendant should have the right to face and question his accuser, which would mean reading the source code.

--
Join the IParty!
Tests rather than source code by meteormarc · 2015-10-10 20:50 · Score: 1

Rather than providing source code, you would want this kind of software certified. So, construct some tests with a number of samples and a number of reference samples and check whether the software can find one or more "golden eggs", that is a priori known matches. Also, do it double blind, etc.