Breathalyzer threat models

| Comments (4) | Misc
Craig asks:
You also need your testing to include whatever tricks are used by the highway patrol administering the test in order to "trick" it into giving false positives. Maybe it's more likely to FP if you leave the device in front of the outlet of you car's heater or AC? Maybe it's more likely to FP if you hold it upside-down for 60 seconds before the guy blows into it? Analysis of the source code would be the simplest way of determining if any process-manipulation could result in more false positives, and then you could investigate in your defense whether or not any of those manipulations were in fact occurring in the field.

It's like voting machines. You can run a ton of lab test where you feed it fake votes and lo! it reports what you fed in. But when you have someone deleting batches of votes in the field in some odd way and it nukes some other batch... You discover that by accident, but then once discovered it's open to deliberate manipulation.

It's important to distinguish between accidental errors and deliberate malfeasance by the police. No matter how much effort we put into engineering the breathalyzer, I'm not particularly sanguine that we'll be able to build a system that is immune to tampering by the police. Even if the device always gives the right result for a given input, what stops the officer from just lying about the results? OK, so the device has some sort of digitally signed timestamp on each reading; the officer arranges to feed an alcohol-doped sample to the device. Maybe we can come up with some countermeasure to make sure that someone actually is breathing into it, but then maybe the police can find someone else who is drunk to take a sample from. Technical controls are good, but fundamentally the system assumes that the police are honest; remember that in traffic stops it's just your word versus the officer's. DUI arrests have technical evidence if they use a breathalyzer, but that evidence isn't designed to be proof against police tampering. If you're trying to stop that, you need a much stronger set of procedural controls, starting with videotape of the entire operation, the right to an independent test, etc.

With regard to the utility of source code, cerainly that will let you discover some kinds of errors, but only in the software portion of the system. This doesn't help you if the errors are in the sensors, or, worse yet, the sensor readings don't correlate tightly enough with the variable you're really trying to measure (namely BAC). I tend to be more inclined to do some kind of black box study, as Kevin suggests, comparing breathalyzer measurements to direct blood measurements.

4 Comments

Actually, some states do allow you to demand a blood test, in lieu of a breathalyzer or urine test. It's a widely adopted choice by the actual infringer, because even a tiny amount of thought will tell you that the time it takes to get to the testing facility gives your body extra time to absorb the alcohol.

There's malfeasance in terms of feeding a doped sample, and then there's "playing within the rules to keep the roads safe" where if you just store the breathalyzer in front of your AC/heater/whatever you do, it tends to not give the drunk driver the benefit of the doubt.

I think most cops are entirely honest & well meaning, and wouldn't fabricate evidence. Collecting evidence by nefarious means though is considered by the police to be pretty much 100% kosher, and I suspect that if there was something like "heat the breathalyzer" that could be done to make it more likely that the drunk would blow as over the limit, then cops would do that.

I think that the same reasoning by the way which applies to getting access to the source code of the breathalyzer software should likely apply to the entire hardware design of the system, including specs on the components used, etc. As you say, there's nothing special about source code, and you need to be able to get an understanding of the entire system to really be able to mount a reasonable defense if you think the evidence might be wonky.

In MN, you can still get a DUI even if your BAC is less than 0.08, so I would just see it being easy for a 'bad' cop to say you acted intoxicated to him or her. Why even mess with tampering?

Craig, whom do you think such a regime would benefit? Here in Washington state, we have an elaborate set of rules governing the admission of radar-based evidence of speeding. The result is that anyone who can afford the cost of a lawyer who specializes in speeding tickets, is virtually guaranteed to be able to have the ticket overturned in court.

The exception is a specific county in Eastern Washington that uses speeding tickets as a revenue source--they've invested heavily in making sure that all their speeding tickets are airtight, and make the money back fining drivers exorbitantly for driving a half-mile over the speed limit.

Leave a comment