As I discussed in a post earlier this week, after the Cronkite decision, the standard for obtaining a certificate of materiality for the source code in Georgia DUI cases changed dramatically — and not in a good way for criminal defendant or, more generally, for those seeking information about how the government prosecutes DUI cases.
The Volkswagen cheating scandal has led many of us to look critically about how we approach the source code issue in DUI cases. Below are some excepts from a New York Times article on the Volkwagen scandal. Consider all of the parallels between the Volkswagen source code problem and the source code issue in the Georgia DUI cases:
- First, smart objects must be tested “in the wild” and not just in the lab, under the conditions where they will actually be used and with methods that don't alert the device that it's being tested. For cars, that means putting the emissions detector in the tail pipe of a running vehicle out on the highway. For voting machines that do not have an auditable paper trail, that means “parallel testing” — randomly selecting some machines on Election Day, and voting on them under observation to check their tallies. It is otherwise too easy for the voting machine software to behave perfectly well on all days of the year except, say, Nov. 8, 2016. – This is absolutely a concern given given Georgia's current breath testing inspection protocol. When an Intoxilyzer 9000 undergoes a quarterly inspection, the area supervisor tells the machine that the machine is being inspected – a special mode is selected.
- Second, manufacturers must not be allowed to use copyright claims on their software to block research into their systems, as car companies and voting machine manufacturers have repeatedly tried to do. There are proprietary commercial interests at stake, but there are many ways to deal with this obstacle, including creating special commissions with full access to the code under regulatory supervision. – CMI, the producer of the Intoxilyzer 5000 and 9000, has repeatedly claimed copyright protection against any effort to obtain access to the source code.
- Third, we need to regulate what software is doing through its outputs. It's simply too easy to slip in a few lines of malicious code to a modern device. So the public can't always know if the device is working properly — but we can check its operation by creating auditable and hard-to-tamper-with logs of how the software is running that regulators can inspect. – This is almost laughable in the context of DUI breath test machines. Georgia has absolutely no control over the code included in the DUI breath testing devices. Not only is there no control, but we don't even know what is in the code.
Blog Post Provided By:
Atlanta, Georgia 30309
Phone: (470) 225-7710