After a long legal wrangle, some defendant-side attorneys have audited the source-code of Alcotest, the breathalyzer used in New Jersey DUI stops. Turns out it was programmed by muppets who don't know how to calculate an average and who throw out error messages by the dozen.
Like voting-machine vendors, breathlyzer vendors go crazy when defendants ask to have their source-code audited, claiming that there's a bunch of top-s33kr1t stuff in there that their competitors would steal. And, just like voting-machine software, breathalyzer software appears to have been written by squirrels dancing on the keyboard until they got something that would compile.
2. Readings are Not Averaged Correctly: When the software takes a series of readings, it first averages the first two readings. Then, it averages the third reading with the average just computed. Then the fourth reading is averaged with the new average, and so on. There is no comment or note detailing a reason for this calculation, which would cause the first reading to have more weight than successive readings. Nonetheless, the comments say that the values should be averaged, and they are not…4. Catastrophic Error Detection Is Disabled: An interrupt that detects that the microprocessor is trying to execute an illegal instruction is disabled, meaning that the Alcotest software could appear to run correctly while executing wild branches or invalid code for a period of time. Other interrupts ignored are the Computer Operating Property (a watchdog timer), and the Software Interrupt.
SUMMARY OF THE SOFTWARE HOUSE FINDINGS
FOR THE
SOURCE CODE OF THE
DRAEGER ALCOTEST 7110 MKIII-C
(via Schneier)
