Results matching “kentucky” from Educated Guesswork


May 3, 2009

The Minnesota Supreme Court has ruled that defendants in DUI cases can get discovery of breathalyzer source code. (Ruling here). Apparently this puts a pretty serious crimp in Minnesota DUI proceedings because the manufacturer won't provide the source code:
The state's highest court ruled that defendants in drunken-driving cases have the right to make prosecutors turn over the computer "source code" that runs the Intoxilyzer breath-testing device to determine whether the device's results are reliable.

But there's a problem: Prosecutors can't turn over the code because they don't have it.

The Kentucky company that makes the Intoxilyzer says the code is a trade secret and has refused to release it, thus complicating DWI prosecutions.

"There's going to be significant difficulty to prosecutors across the state to getting convictions when we can't utilize evidence to show the levels of the defendant's intoxication," said Dakota County Attorney James Backstrom.

"In the short term, it's going to cause significant problems with holding offenders accountable because of this problem of not being able to obtain this source code."

I can't find the original filings, which include an affidavit from David Wagner, so I'm not sure I'm seeing the best argument for this position. That said, however, I'm not sure that source code analysis is really the best way to determine whether breathalyzers are accurate.

At a high level a breathalyzer is a sensor apparently either an IR spectrometer or some sort of electrochemical fuel cell gizmo attached to a microprocesser and a display. The microprocessor reads the output of the sensor, does some processing, and emits a reading. Obviously, there are a lot of things that can go wrong here, and this page describes a bunch of problems in the source code of another machine, mostly that there seems to be a bunch of ad hoccery in the way the measurements are handled. For instance:

3. Results Limited to Small, Discrete Values: The A/D converters measuring the IR readings and the fuel cell readings can produce values between 0 and 4095. However, the software divides the final average(s) by 256, meaning the final result can only have 16 values to represent the five-volt range (or less), or, represent the range of alcohol readings possible. This is a loss of precision in the data; of a possible twelve bits of information, only four bits are used. Further, because of an attribute in the IR calculations, the result value is further divided in half. This means that only 8 values are possible for the IR detection, and this is compared against the 16 values of the fuel cell.

So, maybe this is bad and maybe it isn't. But it's not clear that you can determine the answer by examining the source code. Rather, you want to ask what the probability is that a system constructed this way would produce an inaccurate reading. If, for instance, the A/D converters have an inherent error rate/variance that's large compared to the sensitivity that they read out in, then it's not crazy to divide down to some smaller number of significant digits—though I might be tempted to do it later in the process. More to the point, any piece of software you look at closely is going to be chock full of errors of various kinds, but it's pretty hard to tell whether they are going to actually impact performance without some careful analysis.

On the flip side, actually reading the source code is a pretty bad way of finding errors. First, it's not very efficient in terms of finding bugs. I've written and reviewed a lot of source code and it's just really hard to get any but the most egregious bugs out with that kind of technique. Second, even if we find things that could have gone wrong (missed interrupts, etc.) it's very hard to determine whether they caused problems in any particular case. [Note that you could improve your ability to recover from some kinds of computational error by logging the raw data as well as whatever readings the system produces.] Third: there are a lot of non-software things that can go wrong. In particular, you need to establish that what the sensors is are reading actually correspond to the alcohol level in the breath, that that actually corresponds to blood alcohol level, that the sensors are reading accurately, etc.

Stepping up a level, it's not clear what our policy should be about how to treat evidence from software-based systems; all software contains bugs of one kind or another (and we haven't even gotten to security vulnerabilities yet). If that's going to mean that all software-based systems are useless for evidentiary purposes, the world is going to get odd pretty fast.


January 21, 2009

I've written before about Kentucky's attempt to seize a bunch of domain names from gambling sites. They prevailed at the trial level and were able to take control of the names, but just lost at the appellate level. From the Register article:
The lower-court ruling rested on Franklin County Circuit Judge Thomas Wingate's highly specious finding that internet casino domain names constitute "gambling devices" that are subject to the state's anti-gambling statutes. Tuesday's decision disabused Wingate of that notion in no uncertain terms.

"Suffice it to say that given the exhaustive argument both in brief and oral form as to the nature of an internet domain name, it stretches credulity to conclude that a series of numbers, or internet address, can be said to constitute a machine or any mechanical or other device ... designed and manufactured primarily for use in connection with gambling," they stated. "We are thus convinced that the trial court clearly erred in concluding that the domain names can be construed to be gambling devices subject to forfeiture under" Kentucky law.

(Decision here. BTW, can you believe that in 2008 they're still distributing documents as scans turned into PDFs? Clearly this was sourced on a computer, so what's the problem?)

While I agree that it doesn't make a lot of sense to view domain names as a gambling "device", I'm not sure that this is quite as broad a ruling as I would have liked. As far as I can tell, this is just a ruling that this particular Kentucky law is inapplicable, but it's not clear what would stop Kentucky from passing a law explicitly giving them the right to seize domain names used in gambling, which would put us right back where we started. The problem here isn't so much the overreach of the particular Kentucky law, but rather with the potential for a situation where every political unit has joint universal jurisdiction over DNS entries just because the owners of the domain names exchange traffic with people in that political unit. It's understandable that the court didn't want to address that when it could find on narrower grounds, but presumably we'll eventually run into a case where the applicability of the local laws is clearer and we'll have to take the major jurisdictional issue head-on.

Thanks to Hovav Shacham and Danny McPherson for pointing me to this ruling.


October 19, 2008

Joe Hall has a followup on the Kentucky domain names case (see here for background).
What's the upshot of all of this? To me, it's pretty scary: A state government moved to order seizure of domain names that it found were illegal "devices" and a judge issued an order demanding the transfer of these domain names before any hearing or opportunity to protest. The state has so far successfully argued that domain names are property and devices used for illegal gambling within Kentucky and that the 141 Domain Names defendants must identify themselves to have standing to contest the seizure and forfeiture. The last shoe to drop is that Judge Wingate, as part of his order from yesterday, ordered the state to rescind any forfeiture for gambling sites that block Kentucky gamers using geographical blocking methods (the wording was, essentially: Defendants who install a "software or device [...] which has the capability to block and deny access to [the defendant's] online gambling sites [...] from any users or consumers within the [...] Commonwealth [of Kentucky] and reasonably establishes to the [state] or this Court that such geographical blocks are operational, shall be relieved from the effects of the Seizure Order and from any further proceedings [in this action.]").

I'm no lawyer, but I find this whole thing really puzzling. I've got a simple question, though: is it in general true that courts in State X can serve orders on an entity located in State Y and actually have them enforced? As an example, say I'm a gambling outfit located in Nevada and I use a mail drop (non-government for simplicity) located in California, could a court in Kentucky force the mail drop to redirect all my mail to Kentucky?


September 23, 2008

[Terence] Spies alerted me to this story about the state of Kentucky trying to take control of 141 domain names in an effort to block Internet gambling:
FRANKFORT -- Kentucky is commandeering 141 domain names of Internet gambling sites in a novel legal move to crack down on the unregulated industry.

Franklin Circuit Judge Thomas Wingate ordered the names transferred to the state last week, Gov. Steve Beshear announced Monday.

Sites affected include such names as and

If officials get their way at a Sept. 25 forfeiture hearing, the state will control the domain names and can ask Web registrars to block access to the sites, said Justice and Public Safety Secretary J. Michael Brown.

Putting aside for a moment one's opinion of trying to stop Internet gambling, this seems like a seriously problematic operating theory. Sportsbook isn't located in Kentucky (it seems to be based in Malta) and is registered with Network Solutions, which is based in Herndon, VA. As far as I can tell, the only relationship that they have with Kentucky is that they let people from Kentucky gamble on their site. If we're operating on that basis, then what's to stop the city of Grano, North Dakota, population 9, from deciding that Google is violating some local ordinance and seizing Sure, maybe they're operating on some bogus pretext and Google will eventually prevail, but in the meantime all your searches turn up businesses in North Dakota. This doesn't really seem viable.

Of course, you could argue that Sportsbook could just not do business with everyone in Kentucky, but this is impractical for two reasons. First, geolocation technology isn't really good enough for Sportsbook to determine for absolute certain where every potential user is. Second, even if they could be sure, it's not really practical for every domain holder to know the laws of every potential jurisdiction their customers might come from—it's entirely possible I'm violating the laws of Grano right now.

If you want to actually have a working Internet, then, you really need to arrange matters so there's not a semi-infinite set of attackers who can trivially bring down anyone's domain.


July 31, 2006

Today's Louisville Kentucky Courier Journal has an article on how the RIAA is suing a bunch of local old people for downloading music. As usual, the reporting isn't very good:
It's not OK with recording companies, who lose money with each illegal download and have filed more than 18,200 civil suits since September 2003.

Look, I know this is the recording industry party line, but it's simply not true. If I download a song that I never had any intention of buying, it doesn't cost the recording company anything. A better reporter might have pointed this out.

There's also an oh-so-helpful sidebar on what's legal and what's not:

What are examples of violating copyright law?
  • Sharing music files on the Internet, via peer-to-peer networks.
  • Burning copies of a CD for friends.
  • Transferring a music file through an instant messaging service.
  • Lending a friend a CD so he or she can copy it.

This too, is from the RIAA playbook, but it's misleading at best. First, it's clearly not illegal for you to share music you yourself made or that is freely available using any of these methods. There's lots of such music about. Second, it's not at all clear that burning a copy of a CD for a friend—much less letting them borrow your CD to copy—is a copyright infringement. The Audio Home Recording Act specifically exempts non-commercial copying. These protections have been subsatantially modified by the NET Act, but as I understand the situation, it's not at all a slam dunk that private copying in small quantities is a violation.


December 5, 2005

Slate writes:
The NYT fronts a compelling yarn about a troubled Kentucky couple that won a $34 million lottery jackpot in--but still couldn't escape their demons. The husband ended up dying of complications from alcoholism in 2003. The wife, who is said to have turned her geodesic dome-shaped mansion into a drug den, died of a possible overdose shortly before Thanksgiving. Between them, they had squandered much of their fortune.

In the words of the late George Best, "I spent most of my money on booze, birds and fast cars, and the rest I just squandered."