Slashdot Mirror

← Back to Stories (view on slashdot.org)

Source Code On Trial In DNA Matching Case (post-gazette.com)

Posted by Soulskill on from the you-can't-handle-the-knuth dept.

An anonymous reader writes: While computer analysis by other programs was inconclusive in matching DNA evidence to a suspect, one program, TrueAllele, gave a match. As reported in the Pittsburgh Post-Gazette, an expert witness for the defense wants access to the 170,000 lines of source code to determine whether the match is scientifically valid. Not surprisingly, the software creator is resisting. From the article: "TrueAllele, created by Dr. Perlin and in its current version since 2009, is the only computer software system of its kind that interprets DNA evidence using a statistical model. It can single out individuals in a complex DNA mixture by determining how much more probable a match is versus mere coincidence. Complex mixtures can involve multiple people, as well as degraded or small DNA samples. ... Although the technology is patented, the source code itself is not disclosed by any patent and cannot be derived from any publicly disclosed source. The source code has never been revealed, he said, and it would cause irreparable harm to the company if it were. In his declaration, Dr. Perlin said that reading the source code is unnecessary to validate the program, and that a review could be done in his office or online."

35 of 117 comments (clear)

  1. Wrong industry? by Type44Q · · Score: 5, Insightful

    Guess if he didn't want his code audited, this guy shouldn't have marketed his software to this particular industry. Dumbass.

    1. Re:Wrong industry? by retroworks · · Score: 2, Interesting

      Huh. Interesting comment, and on point. The right to defend oneself legally seems to trump copyright law. One the other hand, if I wanted to see someone's copyrighted code, could I simply write bad code (producing a different result) and thereby get access to another programmer's code in any court case? Say for example I want to see automobile code, I find a vehicular homicide case, show a result on my program where the driver was not at fault because automobile code was badly written, and demand to see the code of the vehicle the defense client is accused of driving? EFF.org want to comment?

      --
      Gently reply
    2. Re:Wrong industry? by Layzej · · Score: 2

      Best practice is to discard the minority report. No need to review the source code since there is probably no practical way to prove it correct anyway.

    3. Re:Wrong industry? by Eunuchswear · · Score: 3, Informative

      Nothing to do with copyright law.

      --
      Watch this Heartland Institute video
    4. Re:Wrong industry? by Layzej · · Score: 4, Interesting

      For instance, for any mission critical component NASA may have three different programs, each written in a different language and running on a unique platform. If at any time one of the programs gives an answer that is not consistent with the other two then the minority report is discarded and the other two are presumed to be correct. No need to halt the proceedings and debug at that point.

      In this case there is only one program that finds a match. It should be considered unreliable and discarded.

    5. Re: Wrong industry? by SLi · · Score: 4, Insightful

      Well, not really. If the relevant facts are roughly as stated in the summary, it's indeed quite possible that the company will be forced to produce the source code or not rely on the evidence. However the only thing this means is that the defendant's paid experts get access to the source code under a strict protective order. They will then produce an expert report, which is the only thing anybody else will have access to, and even that may be sealed in whole or part if it would reveal, in the opinion of the judge (and often anyway unless the defendants object) significant trade secrets.

      I think the two most realistic reasons to oppose are the costs of production and the possible loss of reputation if the evidence due to the inevitable criticism by opposing experts.

    6. Re:Wrong industry? by Anonymous Coward · · Score: 2, Insightful

      You don't get to use the code. It is opened for analysis only for few selected professionals and most certainly not shown to someone who has competing code. There is no problem with copyright here. The copyright is still with the one (company) who wrote the code.

    7. Re: Wrong industry? by retroworks · · Score: 2

      You are right of course (and while a copyright may be issued prior to a license, it's a licensing and not copyright issue). But what if it is a class action suit, all accused parties in vehicular homicides demand access to auto computer codes for prosecution? I agree it's thin (would require cooperation of expensive defense lawyers with little direct benefit to the client), but as a supporter of RightToRepair I thought it was a question worth asking.

      --
      Gently reply
    8. Re:Wrong industry? by hey! · · Score: 2

      The source code shouldn't matter; it's the method used by the source code. If that method cannot be reproduced without the source code, then the output of the program is worthless. If it can be reproduced without the source code, then the output of the program may have value, if the method used stands up to scientific scrutiny.

      As it stands all the prosecution has amounts to a black box with a red and green light on top and a slot in the side into which a couple of samples are dropped. If the light subsequently turns red, then the prosecutor wants the jury to believe the samples match. But they have no reason to believe that other than the prosecutor telling them to trust the box.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    9. Re:Wrong industry? by alzoron · · Score: 4, Insightful

      Exactly right.

      This is basically the same as asking an expert witness how they determined that the defendant was involved in a crime and the witness refusing to answer the question because "It's a secret."

    10. Re:Wrong industry? by drinkypoo · · Score: 2

      The source code shouldn't matter; it's the method used by the source code.

      Okay, now go forth and prove that a stated method was used without referring to the code.

      As it stands all the prosecution has amounts to a black box with a red and green light on top and a slot in the side into which a couple of samples are dropped. If the light subsequently turns red, then the prosecutor wants the jury to believe the samples match. But they have no reason to believe that other than the prosecutor telling them to trust the box.

      Right, without a code analysis they have no way to know if the box contains anything of value.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    11. Re:Wrong industry? by gerddie · · Score: 4, Informative

      It has everything to do with copyright law. It's what the company is using in order to claim that they have a right to keep information from the court.

      No, even if they would show the code, it wouldn't become magically free software or public domain. What they claim here is that they want to keep a trade secret.

    12. Re: Wrong industry? by HiThere · · Score: 2

      Actually, that's not always true. I've heard of companies that used software they only had in binary. I suppose you could turn that into assembler easily enough, though you might end up with some of your data being rendered as code.

      (The case I heard of was back in the 1970's and the programmer who originally built the software fixed it with binary patches, so the code didn't mean anything...but it had been lost anyway by this point.

      They used this software as a part of how they figured their profits, which they then reported to the IRS. At some point the IRS decided to audit them.... WHOOPS! And the guy who wrote the code was no longer working there.)

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    13. Re:Wrong industry? by Impy+the+Impiuos+Imp · · Score: 2

      Well, a criminal case can demand whatever they want from the NSA. The NSA then has a choice (aside from arguing successfully the info is irrelevant):

      1. Give it up
      2. Declare it a secret, and possibly force the release of the suspect as a result.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    14. Re: Wrong industry? by sjames · · Score: 2

      If they only have it in binary, that would mean that they are falsely testifying to the validity of code they haven't examined.

    15. Re:Wrong industry? by Anonymous Coward · · Score: 2, Informative

      What i find odd about this is that the code is supposed to be statistics. If the code is following the correct mathematical analysis then the code is technically already released to the public or at least academic records. The only thing protected here is the implementation, e.g. how it communicated with hardware, which algorithms are used, and the code got the UI. All this can be easily duplicated by any skilled CS student. So when he states that releasing the code even for court review will cause irreparable harm to his company it draws a serious issue to the credibility of his code. If he is using proprietary algorithms then the code cant be trusted anyway, as any algorithm that has not been scrutinized by peer review is assumed flawed and thus scientifically useless.

      The only evidence in this case is a DNA result that was deemed too complex for analysis using any other method. Yet this software gets a hit, but how do we verify the result to ensure that the hit is valid? Well Dr. Perlin us using copyright and a claim that releasing the code will detrimental to his company. Only his laboratory or online can analyze it. But wait the linked article stated that no known method could analyze it? So which is true will an online search revel an algorithm that can analyze it, if so the algorithm is known and he could simply point them in the right direction, which should be disclosed right? Or the software is using an untested and unreviewed algorithm that cant be trusted. An examination in his office is useless, it has to be an unbiased 3rd party review as he is a biased party in this issue.

    16. Re:Wrong industry? by sjames · · Score: 2

      I asked my magic 8ball^w^wScientific testimony device how accurate this thing is and it said "outlook not so good". Naturally, it uses proprietary algothingamajigs so I will not be submitting it to examination.

      But yes, an unproven methodology implemented by unproven software and they want to hang a man's life on it's results.

  2. Reasonable Doubt by Anonymous Coward · · Score: 3, Insightful

    From the perspective of the burden of proof placed on the Prosecution, they have to disclose how they arrived at this derived 'evidence' of a match via TrueAllele. Criminal justice can't be served using a "Black-Box" as an input.

    Disclose the software and its methods to a legally-sworn-to-secrecy-expert-witness, or toss the evidence as inadmissible.

    1. Re:Reasonable Doubt by godrik · · Score: 2

      I do not know the US legal system that much. But it seems that if you can not get a court-nominated expert witness to vouch for the result, the evidence should be discarded.
      Now, I would even prefer if an independent lab could reproduce that result.

  3. Trust us by Anonymous Coward · · Score: 3, Informative

    Perhaps it's time for a more open process and open source code backing these types devices before their results are accepted as forensic evidence.

    CSI is a lie:
    http://www.theatlantic.com/politics/archive/2015/04/csi-is-a-lie/390897/

    Crime lab major errors:
    http://www.mprnews.org/story/2013/02/14/news/saint-paul-crime-lab-major-errors-found

  4. Thrown it out by Anonymous Coward · · Score: 2, Insightful

    Guess if we can't see the code that shows that the DNA sample is valid then thrown out the results, pretty simple.

    People need to learn if they are creating software that needs to hold up in court that they can't hide it. Trowing out the evidence would be the first step to make sure no one wants to pay for software that can't be audited in a investigation. Then no one will buy his software anymore and he can be happy that it is still safe from prying eyes.

  5. Patented so no reason to keep secret by Eunuchswear · · Score: 5, Funny

    If his method is patented he has no need to keep his code secret.

    Unless it's shit, of course.

    --
    Watch this Heartland Institute video
    1. Re:Patented so no reason to keep secret by OrangeTide · · Score: 2

      I see two reasonable options here:
      1. reveal the source code. does this mean the court gets to force a business to reveal it? I don't think that's right.
      2. remove the evidence from the case.

      If TrueAllele sold their software to prosecution or a forensics department and are unwilling to provide source code, then that should be a civil case for misrepresenting their software as appropriate for working with evidence.

      (My statements assume the world is fair and that courts are interested in facts and truth. I realize that the real world doesn't work that way, but I free to press for how things ought to work)

      --
      “Common sense is not so common.” — Voltaire
  6. Computerized evidence, destructive sampling by silas_moeckel · · Score: 5, Insightful

    If your going to use a computer to generate evidence then yes you must allow the defence to look at the technique that means source code. You must never be required to merely observe at somebody else's lab especially when there companys continued business relies on the test succeeding. Realy anything that another lab that is not associated to the first can not do should not be admissible.

    This gets even more important when the tests are destructive so it can only be done once. Validating the means used etc etc elsewise it becomes a black box to provide evidence against whoever they want.

    --
    No sir I dont like it.
  7. Re:Wrong industry? (not a copyright issue) by tkrotchko · · Score: 5, Insightful

    As the other poster said, he's not saying it's a patent or copyright issue, he's effectively saying it's a trade secret.

    So the issue is really pretty clear isn't it? If he refuses to show his code to an expert witness and explain it, then the evidence can't be used.

    We'll see what the judge has to say.

    --
    You were mistaken. Which is odd, since memory shouldn't be a problem for you
  8. Speaking as an IT expert witness of 16 years... by bfwebster · · Score: 5, Interesting

    ...I think the defense has the better argument. I have used software tools (both third party and ones I have developed personally) to do source code comparisons and analysis, but they only serve to point me to likely areas of investigation; I have never directly reported and relied upon the output from one of my custom tools in my expert reports.

    A key aspect of expert testimony is that your analysis should, in theory, be repeatable by any other qualified expert using the same methodology (which needs to be spelled out in your report). If Perlin is relying directly upon his custom program for his conclusions, he needs to thoroughly expose his methodology -- which, in effect, means either allowing his source code to be reviewed or producing a detailed summary of his methodology that would allow someone else to reproduce it. Trying to claim trade secret status (which is what he's doing, in effect) for a expert methodology is an oxymoron.

    --
    Bruce F. Webster (brucefwebster.com)
  9. If results cannot be reproduced... by OrangeTide · · Score: 3, Insightful

    Then it is not science, and it should not be admissible as evidence. It doesn't really matter that it can't be reproduced because the software vendor won't share their techniques as they believe the software to be a trade secret. If it is not possible to confirm results, it's not science! Yes, TrueAllele is a toy and not only am I skeptical of anyone using it as the basis of their scientific research, use of TrueAllele om court ought to throw any conviction into question as well.

    --
    “Common sense is not so common.” — Voltaire
  10. Testing by FrozenGeek · · Score: 2
    So, if I understand this correctly, his product uses a very different methodology to match DNA samples than do his competitors. In this case, his product gave a completely different result from the results generated by his competitors. Has anyone done an independent, double-blind study comparing the results of his product and those of his competitors? And I'm not talking about a handful of tests. I'm talking about thousands, or tens of thousands, of tests.

    I can understand why the manufacturers don't want to do that. It may well show that, oh dear, the best product is wrong 5% of the time (not good). Or that product X is head and shoulders above the rest.

    But seriously, what industry-wide testing has been done? We're staking peoples' lives to the efficacy of this technology. How effective is it?

    --
    linquendum tondere
  11. Melendez-Diaz v. Massachusetts by technosaurus · · Score: 2

    This has already been ruled on for traffic cameras. I think that is a pretty good precedent.

  12. Re:Wrong industry? (not a copyright issue) by mspohr · · Score: 3, Insightful

    Essentially this guy is going to jail based on a secret algorithm that can't be verified.
    I can't imagine how this could be legal.

    --
    I don't read your sig. Why are you reading mine?
  13. The main problem is finding a disposable expert. by tlambert · · Score: 3, Interesting

    The main problem is finding a disposable expert.

    The people who originally clean-roomed the IBM BIOS for Compaq were split into two teams, with a Chinese wall between them: the analysis team, and the implementation team. The analysis team analyzed the IBM BIOS, wrote a specification, and then the implementation team implemented a BIOS to that specification. At which point the analysis team were effectively "burned", as in being forever barred from ever working on an implementation team in the future. They were highly paid for this, but they were disposable.

    As with clean-room engineering, this expert would not be permitted to work on any software covered by the trade secret in the future. In an expert witness situation, you might be able to get away with disposing of the expert, if all they did was witnessing, rather than actually coding in the field of expertise themselves. However, how likely is it that you can find someone like that who also qualifies as an expert?

    Further complication: Having testified (presumably in favor of the prosecution, in this case), would the expert witness be permitted to testify on similar goal programs in the future, given what the [now] knows about the process and techniques of the one they testify about today? Would exposure to multiple, competing trade secrets, damage their ability to perform an unbiased analysis, given what they knew from earlier experience? In general, I think you [as the defense] could argue that it, in fact, did damage their impartiality in their analysis.

  14. Re:Wrong industry? (not a copyright issue) by almechist · · Score: 4, Insightful

    Essentially this guy is going to jail based on a secret algorithm that can't be verified. I can't imagine how this could be legal.

    Actually, it's worse than that, he's facing a death sentence. It's inconceivable to me - but, sadly, unsurprising in this day and age - that someone might be legally executed based in part on the results of a proprietary algorithm that the defense is not allowed to examine. I can only hope the judge recognizes the seriousness of the situation. This case definitely bears watching

  15. Usually code is kept secret because it is so bad.. by gweihir · · Score: 2

    The typical reason to keep code secret from everybody is because it is of abysmally bad quality or there are other severe problems hidden in there. Reasonable-quality code gets inspected and audited by 3rd parties all the time under NDA. In this particular case, it may also well be that the code does not do what its creator claims and the patent is bogus. If the expert finds this, the code becomes worthless and the creator may even become a target for litigation.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  16. 170,000 lines of code... by tomwrake · · Score: 2
    Dr. Perlin created the method, the company and uses the software. There are no articles that independently validate the software. The software is a only one of its kind type item. In this case the artificial patent monopoly may work against Dr. Perlin and his company.

    From the article

    According to a court filing made by Dr. Perlin in the case, his company, Cybergenetics, “has invested millions of dollars over two decades to develop its TrueAllele system, the company’s flagship product. Although the technology is patented, the source code itself is not disclosed by any patent and cannot be derived from any publicly disclosed source.”

    Other points 1) Dr Perlin's software does not have a cited "independent validation study" that is a study without the involvement of Dr Perlin. 2) "TrueAllele, created by Dr. Perlin, "is the only computer software system of its kind that interprets DNA evidence using a statistical model."

    Here is the trouble I see, 1) Cybergenetics may have a problem defending it's patent, give that the software cannot be derived from "any publicly disclosed source" does the patent really disclose the real methods or it is likely this is another "software patent" with all the legal problems these currently have at the supreme court. 2) The sofware, Cybergenetics and software validates all seem to be tied to Dr Perlin, if this causes problems in courts Cybergenetics market with law enforcement will evaporate. 3) We know "software engineers" have been publicly accused in the VW matter, could they not do the same for Cybergenetics with out Dr Perlin's knowledge?

  17. Re:Not true. by sjames · · Score: 3, Insightful

    Honestly, the 50,000 foot view of the methodology sounds a bit dodgy to me. I would like to know what peer reviewed experiments have demonstrated that the methodologies in use can identify a single person out of a mix of DNA that actually owned the item. Were they replicated? Then there is a need to show that the software actually performed that methodology without error. Perhaps the prosecution would care to have a third party run the methodology by hand in a blind test?

    If those 2 sticking points cannot be satisfied, then the "evidence" is bunk.