Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 18 May 2009 14:37

Breathe into this, sir - proprietary software fails DUI test

By
A remarkable court case in New Jersey saw the source code for the Alcotest 7110 MKIII-C reviewed by an independent software firm. The findings showed terrible bugs and technical deficiencies raising serious questions about the reliability of the devices and previous judgments issued. This is why open source is a must for accountability.

This is an astounding event and provides a genuine real-world example of why the philosophy behind open source software has strong merits.

Previously I spoke about a closed source Diebold electronic voting system which was proven to be faulty. An open source solution in matters of such importance does much more than merely provide something presumed to be cost-effective or “free” but rather establishes trust and confidence.

A manual ballot counting system is trustworthy as any person is entitled to view the counting of the votes and to observe the ballot box is not tampered with in any way.

By contrast, a closed source ballot counting system is a mysterious black box. Can the ordinary person on the street be confident it does not fudge the count? That it does not introduce errors?

In Diebold’s case, an open source Python program proved specific voting systems they sold were miscounting votes and the company even knew about the bug but never disclosed it to its customers.

This last week another closed source software program hit the news because of its failures. This time around it is the software powering a breathalyser, as used by police officers around the world.

The fact software powers such a device is news to me; I always just figured it was a chemical reaction going on, but thankfully my experience with breathalysers is fairly limited.

The case in particular is State v. Chun where defense counsel spent two years trying to obtain the source code for the Alcotest device. They succeeded and submitted the code to Base One Technologies who performed a thorough code review.

The review found a stunning 19,400 potential errors.

Base One Technologies even went so far as to state the program showed “ample evidence of incomplete design, incomplete verification of design, and incomplete ‘white box’ and ‘black box’ testing. Therefore,” they state, “the software has to be considered unreliable and untested, and in several cases it does not meet stated requirements.”

That’s barely the tip of it!


Base One Technologies noted several sections of the code were marked as “temporary, for now” indicating the programmers knew their work was incomplete but had failed to return and repair it.

Some of the flaws meant that breathalyser readings are not averaged correctly with what can only be described as a pure rookie mistake.

If you wish to average a collection of readings you must consider them all. The average of 12, 18 and 21 is 17. However, the Alcotest unit would determine the average of the first two readings - giving 15 in the case of 12 and 18 -  and would then take the average of this calculated number and the third reading – giving 18 in this example, the average of 15 and 21 being 18.

Such a flaw means the device does not succeed in its stated purpose, with all documentation explaining the unit calculates averages of a series of readings.

Another problem is that the microprocessor’s catastrophic error detection interrupt was disabled meaning that if an illegal instruction was encountered the device will still appear to run correctly even though it was executing arbitrary code.

These are staggering revelations. Indeed, Draeger – the manufacturer – may well find themselves on the end of a lawsuit from the state of New Jersey to recoup $USD 7 million.

Now, I’m all for stopping people driving when their judgment and ability is hampered, but using such buggy software means there cannot be any confidence in the results returned by this device. It is possible people have escaped penalty when they were legitimately over the limit, and similarly, it is possible other drivers have been penalised despite being less intoxicated than the machine indicated.

Regardless of the application of this specific unit, it hits hard that as we become more and more dependent on computer software for evidence and legal purposes and determining the will of the people, there must be a way to examine that software for accuracy and reliability.

It is an imperative that closed source applications used by Governments be made available for scrutiny and code review if the public can be expected to have trust and confidence in their results.

This is why we need open source.

BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments