Breath-test manufacturer sued to release source code for devices
Judges in Minnesota have ruled — in over 100 cases — that drivers charged with DWI, as part of their defense, have a right to examine the source code of the breath-test machines used. Those rulings were upheld by the Minnesota Supreme Court last July. The breath-test device manufacturer, CMI, Inc., has to date refused to make the source code available, citing trade secret considerations, and the Minnesota Department of Public Safety (responsible for prosecuting the DWI cases) has up until now concurred. This, in turn, has led to judges dismissing the DWI charges (a single judge having dismissed over 30 such cases) for failure of CMI and the MDPS to provide that source code.
So now the Minnesota Department of Public Safety has reluctantly sued CMI to force CMI to make its source code available, which the MDPS apparently has a right to under the terms of its contract with CMI. Even as it pursues this suit, the MDPS claims in its pleadings that “[s]ource code review is not a generally accepted means of determining whether a scientific measuring instrument is fit for a particular purpose, nor does the BCA [Minnesota Bureau of Criminal Apprehension] believe that source code review is an appropriate means to determine whether this particular instrument works as represented by the manufacturer.”
However, it’s unclear how MDPS — which apparently has never seen the source code itself — can make that statement. On the contrary: it’s not at all unusual in IT-related lawsuits for source code to be reviewed to see whether or not certain functionality exists, how it is implemented, and what defects might occur during operation. In cases such as this, the manufacturer typically releases its source code under an “attorneys eyes only” designation, and the other side retains a technical expert who must sign a protective order (the legal equivalent of a non-disclosure agreement) before s/he can review and analyze the source code.
I suspect that CMI software engineers (and their managers) would really like to do some cleaning up (and rewriting) of the source code first, since issues of code documentation, architecture, design, implementation, performance, reliability, and user interface are all fair game. At the same time, the expert might well ask to see defect tracking logs or databases to see how many open defects existed for the version(s) in question. And there might even be issues of how well the software integrates and interacts with the hardware of the device itself.
However, CMI would be obligated to release the exact version(s) of the source code used in the device(s) in question, warts and all. This raises another issue for the DWI defense: has CMI practiced source code control with sufficient rigor to be able to produce the exact source code version for the serial number of each breath-test machine in question? If not, then some judges might well continue to dismiss the corresponding DWI cases, and the state of Minnesota could be compelled to upgrade all of its breath-test machines to a software version that can be reliably produced.
As with the electronic voting machine issue, this case should be interesting going forward and could ripple into other states as well. ..bruce..
Comments (1)
Trackback URL | Comments RSS Feed
Sites That Link to this Post