Buggy Breathalyzer Bounces Boozers

DUI defendants are asking courts to mandate source code reviews on the software that runs breathalyzer devices to determine if bugs or malware is present. While it’s easy to see how this tactic would be employed in attempts to get charges reduced or dropped, the more serious issue could be the device failing to detect when a person is under the influence, thus sending them back on the road. Two independent reviews weigh in, according to an Ars Technica article.

The reviews differ in scope and offer different conclusions, but they both agree that the code falls below industry-standard best practices and that it contains bugs. The [Base One] report identifies 24 major defects and points to a wide range of troubling issues. The analysts discovered that the embedded software disables safeguard features built into the device's processor that are intended to detect and prevent the execution of invalid or corrupt instructions. The researchers contend that this circumvention can lead to unpredictable results in the event of fatal errors.

In his blog, security expert Bruce Schneier further notes:

This is an excellent lesson in the security problems inherent in trusting proprietary software. As we become more and more dependent on software for evidentiary and other legal applications, we need to be able to carefully examine that software for accuracy, reliability, etc. Every government contract for breath alcohol detectors needs to include the requirement for public source code. "You can't look at our code because we don't want you to" simply isn't good enough.

<< Blog Home
Mocana Website >>

c84dv4dw2u