Accused murderer wins right to check source code of DNA testing kit used by police

Re: Go for it

Any system that is used to help convict people should be developed to the same standard as "life critical" systems (e.g. medical, avionics, automotive) - especially if it is being used in a region that has the death penalty.

You mean every cheap surveillance camera now has to have its code and firmware tested like Avionics software now? Bugger

Re: Go for it

From the article:

The co-founder of the company, Mark Perlin, is said to have argued against source code analysis by claiming that the program, consisting of 170,000 lines of MATLAB code, is so dense it would take eight and a half years to review at a rate of ten lines an hour.

From AC's post:

Whilst that is running, I would be asking to see the testing (including coverage data) and code review results that Cybergenetics must have - they must have this, or else there is no way they can claim their code can be trusted.

If a proper code review would take 8.5 Person-years to complete, it's likely that Cybergenetics didn't do it. (Answer this: when was the last time you or one of your colleagues spent a day doing code reviews? Or asked another way, how many calendar days has it been since you or a colleague, amassed 8 hours of code review work?) It would be enlightening, indeed, to get the results that AC wants...what are the chances that the code review logs show 8.5 person-years of work?

From Someone Else:

You can write FORTRAN in any language.

170,000 lines of MATLAB?!? One can only imagine the amount and different varieties of pasta in that pile of "code". And they wanna claim it's bug free? Hey, buddy! I got this 'ere bridge....

(Oh and a small note about this Mark Perlin fellow: Seems that most of the published work validating TrueAllele's accuracy was conducted and published by -- wait for it -- Mark Perlin. So, "the program works because we (the program's vendors) say so!" Where have I heard that before...?)

Re: Too big to be bug free

Also, MATLAB: WTF? It's a great tool for many things, such as matrixy/mathsy stuff including image processing, but I always treat it as a sketchpad/ad-hoc problem solver/rapid prototype generator. It's not at all geared towards this sort of thing. I once knocked up some Monte Carlo simulations using it, and they worked just great. I then spent several weeks converting them into C, finding numerous bugs in the process. For my trouble, I also got a 70-fold [sic] speed increase.

And 170,000 lines of critical code (i.e., in the US at least, potentially life and death deciding)? That's like making a railway bridge out of Meccano. Sure, it looks like a bridge and quacks like a bridge, but it relies heavily on all those tiny bolts being in the right place and none of them being loose. Has MATLAB become the Excel of scientific companies now?

In summary, I don't blame the guy for seeking a code review, however impractical it may be.

Re: Too big to be bug free

And no doubt the defense team would be remiss at then not finding an expert of some form to testify that the presence of at least one of the bugs found, however trivial they might really be, should introduce reasonable doubt as to base a conviction on it - perhaps get the expert to throw enough jargon into their testimony to confuse jurors.

Perhaps what might also be needed is sufficient quantity of traceable evidence that the device in question can produce an accurate result.

Re: Isn't there an open source genetic analysis tool?

Probably, but I expect it includes output that's irritating to the prosecution, like 'uncertainty'

Re: Isn't there an open source genetic analysis tool?

The FST one was developed by a public (NYC) crime lab - OK, its "consultants", but the product belonged to the crime lab anyway - and they still didn't want to let anyone look at the code. I guess they earned a buck or two every tiime other crime labs asked for help.

Re: Repeatable experiment

I'm betting the state has no interest in verifying the result as if they differ the defence will claim it's a problem and the defence likewise has no interest in independent verification.

Re: Repeatable experiment

DNA tests aren't deterministic, but probabilistic. If I recall my CSI TV knowledge (not that crap from NY or Miami, but Vegas), DNA "matches" are one out of a billion. That's nearly eight people in the world that that test could come back as a match for.

Furthermore, if my TV memory is correct, testing is destructive. Given this sample came from a gun, perhaps there wasn't enough for a proper second test. Given the route the public defender has taken, perhaps challenging the program is the simpler route.

I do think the crux of the matter is that New Jersey is one of the few states that still adheres to the Frye standard, "that expert testimony must be based on scientific methods that are sufficiently established and accepted." How is a piece of software which hasn't sustained an open and proper adversarial challenge, "expert testimony"?

As a corollary (and more in my wheel house), a good encryption method isn't weakened through the "sunlight is the best disinfectant" process, but strengthen.

Crappy and/or closed encryption (often) is.

Re: Repeatable experiment

But you can't be sure that the machines don't all have the same source code in the verification section where it matters. It's not unknown for an employee to leave a firm to take a bunch of source code to their new job. We probably need to check the source code of all the machines.

Re: Repeatable experiment

If all the labs are using that same faulty code to analyse the results, the fact that they all agree means very little.

Re: Repeatable experiment

This assumes that you have a sufficiently large sample to do this - or are prepared to "prove" that PCR can be used as part of a verifiable chain of evidence. Of course with contaminated samples it may well end up being the "dog that done it".

Re: What about the compiler? Linker?

All the tools used within the development of a critical system should been formally qualified. For a compiler (especially C++), it may only be practicable to qualify parts of it - in which case, a corresponding language subset needs to be enforced within the code base.

Re: What about the compiler? Linker?

Do you mean BISON?

Or is this a form of YACC-shaving I was unaware of? :-)

(an early adopter of gcc, about 1.22)

Re: Wolly thinking

In this case the software determines the probability that the defendent's DNA is contained in a mix of the evidential DNA. A jury is likely to believe that if the defendent's DNA is in the evidential sample, the defendent is guilty. Therefore the statement that the software is determining the likelihood of guilt is a reasonable statement to make.

I could similarly comment that a Gatso camera does not determing whether the defendent is guilty of speeding, it merely measures speed.

Re: "the program's source code is a trade secret"

Because justice has to be an open process, not secret.

Re: "the program's source code is a trade secret"

>You leak, you get caught, you're guilty and risk a sizeable fine anyway.

Screaming Mad Jack, address 'The dumpster in the alley behind the Boeing factory' claims Airbus is using chemtrails to control his mind. He gets to review all their designs and software.

When he loses the plans he is sued in a civil case and Airbus get a $bn judgement against his shopping cart of junk.

Re: Blackstone's Dictum

That doesn't help. It's not the source code as such (although they will point out any bugs to the jury) it's the fitting model and algorithms.

Expert to 12 random jury members: See here where they use a 3rd order Legendre polynomial to fit the background level to a confidence interval of 0.5% - no reasonable person would find that acceptable.

And I'm using big words and have a nice suit and look like a professor so you have to believe me and not the other guy.