May 24, 2024

Breathalyzer Source Code Secrecy Endangers Minnesota Drunk Driving Convictions

The Minnesota Supreme Court ruled recently that defendants accused of drunk driving in the state are entitled to have their experts inspect the source code for the software in the Intoxilyzer breath-testing machines used by police to gauge the defendants’ blood alcohol levels. The defendants argued, successfully, that they were entitled to examine and challenge the evidence against them, including the design and functioning of devices used to generate that evidence.

The ruling puts many of the state’s drunk driving prosecutions on thin ice, because CMI, the Intoxilyzer’s maker, is withholding the source code and the state apparently has no way to force CMI to provide the code.

Eric Rescorla argues, reasonably, that breath testers have many potential failure modes unrelated to software, and that source code analysis can be labor-intensive and might not turn up any clear problems. Both arguments are valid, as far as they go.

I’m not a lawyer, so I won’t try to guess whether the court’s ruling was correct as a matter of law. But the ruling does seem right as a matter of policy. If we are troubled by criminal convictions relying on secret evidence, then we should also be troubled by convictions relying on evidence generated by a secret process. To the extent that the Intoxilyzer functions as a secret process, the state should not be relying on it in criminal prosecutions.

(Though I haven’t thought carefully about the question, I might potentially draw a different policy conclusion in a civil case, where the standard of proof is preponderance of evidence, rather than guilt beyond a reasonable doubt.)

The problem is illustrated nicely by a contradiction in the arguments that CMI and the state are making. On the one hand, they argue that the machine’s source code contains valuable trade secrets — I’ll call them the “secret sauce” — and that CMI’s business would be substantially harmed if its competitors learned about the secret sauce. On the other hand, they argue that there is no need to examine the source code because it operates straightforwardly, just reading values from some sensors and doing simple calculations to derive a blood alcohol estimate.

It’s hard to see how both arguments can be correct. If the software contains secret sauce, then by definition it has aspects that are neither obvious nor straightforward, and those aspects are important for the software’s operation. In other words, the secret sauce — whatever it is — must relevant to the defendants’ claims.

As in electronic voting, where we have seen similar secrecy arguments, one can’t help suspecting that the real “secret” is that the software quality is not what it should be. A previous study of source code from New Jersey breath testers did appear to find some embarrassing errors.

Let’s hope that breath tester companies can do better than e-voting companies. A rigorous, independent evaluation of the breath tester source code would either determine that the code is sound, or it would undercover problems that could then be fixed, to restore confidence in the machines. Either way, the police in Minnesota would end up with a reliable tool for giving drunk drivers the punishment they deserve.


  1. supercat says

    Dan Simon: If this ruling were to nullify the charges against people for whom the only evidence of a “crime” was that a machine read 0.08, how would that be a bad thing? If a cop has video that shows a person’s vehicle careening around the road and the person staggering out of it when stopped, a breath-test reading of 0.18 would be substantial corroborative evidence of intoxication even if one regards the machine’s accuracy as only being +/- 50%. If, however, there is no evidence other than the machine’s reading, that would suggest that the person should not have been pulled over in the first place.

    Indeed, if cops actually want to reduce drunk-driving accidents, they would probably achieve that aim more usefully if they spent their time looking for motorists who are driving erratically rather than harassing innocent people in the hopes of finding one whom the machine will register as “intoxicated”. Cops who only target visibly-drunk motorists may not manage as many arrests as those who harass everybody, but getting one genuinely-drunk motorists of the road will to more to improve safety than arresting a dozen “intoxicated” motorists who register 0.08.

  2. Anonymous says

    “In other words, the secret sauce — whatever it is — must relevant to the defendants’ claims.”

    Not sure why you say that – perhaps the “secret sauce” is battery life management, or fast boot time, or generating really cool synthesized audio from a cheap speaker to give voice prompts, or some other feature that’s important to the police officer but doesn’t affect the signal and measurement path.

  3. Ed, surely you can come up with a few more perfectly plausible outcomes than the happy endings you described:

    – A rigorous independent evaluation of the breath tester source code uncovers “problems” that can cause slightly inaccurate readings in an incredibly tiny fraction of cases. Energetic defense lawyers parlay this “egregious flaw” into a blanket ban on the use of breathalyzer evidence in court–perhaps at the federal level–thereby making DUI prosecutions much more difficult, and convictions much rarer. Drunk driving accidents skyrocket.

    – A rigorous independent evaluation of the breath tester source code uncovers “problems” that can cause inaccurate readings under certain very odd circumstances. Energetic defense lawyers parlay this “possibility of a rigged breathalyzer” into an elaborate set of court-imposed procedures that police must follow in order for their DUI evidence to be admissible. A cottage industry of “breathalyzer lawyers” springs up, specializing in subjecting police breathalyzer procedures to withering scrutiny, and almost always finding a flaw that gets the reading excluded. Total DUI convictions aren’t markedly lowered, but a class of savvy, well-to-do defendants becomes unconvictable despite repeated arrests and many of them go on quite predictably to kill bystanders while driving drunk.

    – A rigorous independent evaluation of the breath tester source code uncovers a whole host of ambiguous “problems” that may or may not have any technical or legal significance. Courts eventually rule them all insignificant, but only after many, many years of complex litigation, in which numerous decisions are reached and then overturned. In the meantime, the uncertainty causes police forces to drift away from breathalyzer use, and the companies that sell breathalyzers go out of business trying to keep up with the law’s moving target and recover police forces’ lost faith. By the time the courts finally rule the breathalyzer reliable once and for all, police forces have given up and moved on, and an exhausted public has learned once again to accept the highway carnage that used to be the norm before the anti-druink-driving movement began.

    – A rigorous independent evaluation of the breath tester source code uncovers serious-but-fixable problems with its operation. The resulting reversal of thousands of convictions, and the multi-year delay while breathalyzer companies scramble to build a model that can pass legal muster, practically eliminate DUI convictions for an extended period. The resulting sharp spike in DUI-related deaths and injuries creates huge political momentum in favor of drastic measures to get drunk drivers off the road. Politicians and police forces, heeding the public mood, come up with an alternative strategy for catching drunk drivers. It turns out to be far less accurate than even the current breathalyzer, detecting far fewer drunk drivers and producing convictions of far more sober ones. But for various legal and political reasons it turns out to pass muster in court where the original breathalyzer failed. The public, the lawyers and the police thus walk away satisfied, and the small jump in DUI-related deaths–and much larger jump in false DUI convictions–is hardly noticed (except by the victims, of course).

    Note that I’m not even arguing that rigorously analyzing breathalyzer software is the wrong thing to do. I just don’t share the tiniest bit of your confidence that the outcome could not but be positive.

  4. for someone to develop a breath tester with source code disclosed (it doesn’t have to be under an open-source license, even – just publicly released). Sounds like the state(s) would be all but obliged to buy it instead of the competitors’ products.

    I personally think that any vendor that provides devices like this to a government agency should be required to disclose their source, at a bare minimum to the government, preferably to the public. One thing these companies – and others, like computer hardware manufacturers – seem to frequently miss is that the drivers or firmware are entirely peripheral to the product they’re selling – the hardware – and making the source available only enhances the value of their product.

  5. Vincent Clement says

    Abuse of red light cameras by government is well known. The duration of the yellow light is reduced to generate more incidents. The cameras are installed at high volume intersections not problem intersections to generate more tickets. The appeal of red light camera tickets is through the company the processes the tickets – no bias there . On and on the list goes.

  6. could easily determine whether the trade-secrets claims were real. In theory, of course, it’s possible that the software has to remain secret to protect some special features of the hardware and sensors, but if they’re so all-fired special then there’s also a question of whether the data they produce are really scientifically verified…

    I’m waiting for someone to apply this legal theory to red-light cameras. There you have enormous financial incentives for the maker to fudge results (since they get a large cut of the revenue), a “crime scene” with effectively no witnesses, and some really easy parameters to tweak to produce the desired results.

  7. concerned citizen says

    What I hope is that some day the same presumption of innocence afforded for other criminal charges will one day apply to DUI cases. As it currently stands, you must prove your innocence but meanwhile you may have lost your license (possibly even your car) which seems to go against the concept of equal protection under the law, not to mention the fact that you can’t cross-examine your accuser (the breathalyzer). There’s a bill in the Minnesota House of Representatives that seeks to do this, but few expect it to pass (I’m not sure where it stands right now; I read about it on April 11th).

    There is also the extremely disturbing trend of forced blood draws for suspected DUI that in some cases are taken on the scene by the officer (who presumably took a short class on how to draw blood properly), so now we have police officers conducting medical procedures on likely-hostile suspects, which makes the issue of the accuracy of breathalyzers seem relatively insignificant (to me at least) but will hopefully result in very expensive lawsuits for the jurisdictions using such medieval tactics.

    The hysteria about drunk driving has blinded many people to the erosion of some rather important Constitutional rights, and MADD’s fanaticism (a primary source of this hysteria) has gone far beyond what is reasonable to combat this problem. Why no similar outcry about fatigued drivers, drivers trying to read maps, eat lunch, put on makeup, sending text messages, talking on the phone (in many states this is still legal), suffering from dementia, or other situations that create dangerous driving conditions? The demonization of and severe penalties surrounding alcohol obscures these other very real threats. You may be held liable for being under the influence of prescription medication or driving while knowing you are at a high risk of a stroke or seizure after causing a wreck, but there are no prescription/dementia/fatigue/etc. checkpoints, yet drivers who fail a breathalyzer test but whose BAC may not be at a level considered statistically high risk of causing harm are aggressively pro$ecuted for the harm they might have caused. The government may as well automatically revoke someone’s license, fine them thousands of dollars, and criminally prosecute them for being charged with exceeding the speed limit since they too might have hurt somebody.

    DUI is about money first and safety second, and protecting this source code is about keeping the gravy train rolling. Driving while drunk is a serious threat to the public, but a blanket limit of .08% BAC is not high enough to cause statistically significant impairment in many people and breathalyzers (when they have been put to the test) have not been shown to be accurate enough in many instances to even determine the correct BAC. Colorado legislators apparently know this, which is why Denver’s Police Department’s Operations Manual has a provision informing officers that legislators are exempt from DUI arrest (in fact the officer is instructed to give the legislator a ride). Oh, the hypocrisy…

    • Anonymous says

      “Denver’s Police Department’s Operations Manual has a provision informing officers that legislators are exempt from DUI arrest (in fact the officer is instructed to give the legislator a ride).”

      If true, that CERTAINLY violates the Equal Protection Clause.

  8. Anonymous says

    Would it be possible to setup some rigorous certification program? That should increase consumer confidence and a code review should definitely be a part of the certification.

    The problem would be to come up with an appropriate program that everyone could agree on.

  9. Minnesota resident says

    CMI refuses to release the source code, as is their right.

    If/when sales of new units drops to zero they may change that policy. (CMI may have to negotiate with their upstream providers, assuming they didn’t write everything in house.)

    • Anonymous says

      That source code has become important to several criminal cases. Doesn’t that open it up to the possibility of being subpoenaed, trade-secrecy claims or no trade-secrecy claims?