Security News > 2021 > June > Risks of Evidentiary Software

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence.

First, the court should have access to the "Known Error Log," which should be part of any professionally developed software project.

Next the court should consider whether the evidence being presented could be materially affected by a software error.

Data from a Breathalyzer is not the physical entity itself, but rather a software calculation of the level of alcohol in the breath of a potentially drunk driver.

What happens if the software makes an error and there is no sample to check or if the software itself produces the evidence? At the time of our writing the article on the use of software as evidence, there was no overriding requirement that law enforcement provide a defendant with the code so that they might examine it themselves.

Given the high rate of bugs in complex software systems, my colleagues and I concluded that when computer programs produce the evidence, courts cannot assume that the evidentiary software is reliable.

News URL

https://www.schneier.com/blog/archives/2021/06/risks-of-evidentiary-software.html