Risks of Evidentiary Software

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example).

Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it.

The software engineers proposed a three-part test. First, the court should have access to the “Known Error Log,” which should be part of any professionally developed software project. Next the court should consider whether the evidence being presented could be materially affected by a software error. Ladkin and his co-authors noted that a chain of emails back and forth are unlikely to have such an error, but the time that a software tool logs when an application was used could easily be incorrect. Finally, the reliability experts recommended seeing whether the code adheres to an industry standard used in an non-computerized version of the task (e.g., bookkeepers always record every transaction, and thus so should bookkeeping software).

[…]

Inanimate objects have long served as evidence in courts of law: the door handle with a fingerprint, the glove found at a murder scene, the Breathalyzer result that shows a blood alcohol level three times the legal limit. But the last of those examples is substantively different from the other two. Data from a Breathalyzer is not the physical entity itself, but rather a software calculation of the level of alcohol in the breath of a potentially drunk driver. As long as the breath sample has been preserved, one can always go back and retest it on a different device.

What happens if the software makes an error and there is no sample to check or if the software itself produces the evidence? At the time of our writing the article on the use of software as evidence, there was no overriding requirement that law enforcement provide a defendant with the code so that they might examine it themselves.

[…]

Given the high rate of bugs in complex software systems, my colleagues and I concluded that when computer programs produce the evidence, courts cannot assume that the evidentiary software is reliable. Instead the prosecution must make the code available for an “adversarial audit” by the defendant’s experts. And to avoid problems in which the government doesn’t have the code, government procurement contracts must include delivery of source code­ — code that is more-or-less readable by people — ­for every version of the code or device.

Posted on June 29, 2021 at 9:12 AM46 Comments

Comments

DV Henkel-Wallace June 29, 2021 10:02 AM

When doing drug development or manufacturer, all instruments require independent calibration and proof that it was done. Same for the scale at the deli counter or the meter at the filling station.

The problem with the breathalyzer or speed radar is not one of software. It is one of will. Apparently nobody cares enough to get it right. Perhaps there is a preference to ask no questions.

But let’s not make the problem a technical one. That obscures the real issue.

jones June 29, 2021 10:30 AM

@DV Henkel-Wallace

I’m not sure comparing the breathalizer to a deli scale is fair: State Departments of Commerce have Divisions of Weights and Measures to inspect things like sales and gas pumps. States may mandate regular breathalizer calibration, but who inspects them? Do we trust the police to fine the police for not checking to see whether the breathalizers are properly and regularly calibrated and also functioning correctly?

If no breath sample is retained — only the record of the software’s observation — how is the output of a breathalizer legally different from hearsay? Because the breathalizer is technological? Assuming it is more accurate that a human witness because it is technological creates big problems.

But I think the broader point is this: given the near-complete lack of software liability, the inscrutability of commercial code, and the dubious quality of most commercial software, a court of law — which seeks certainty — should not assume evidence that consists exclusively in the result of a software program is accurate prima facie.

This isn’t a technical issue, but a legal issue caused by poor policy: software needs regulation, liability, and copyright reform.

mark June 29, 2021 11:54 AM

On top of all that, Bruce, the court should REQUIRE two things: first, records of at least the last three times the device has been calibrated, and secondly, a chain of custody.

Without those….

Clive Robinson June 29, 2021 12:18 PM

@ Bruce, ALL,

This sounds like a good idea,

“First, the court should have access to the “Known Error Log,” which should be part of any professionally developed software project.”

But “having a log” and chosing “what goes in the log” are “way more than a country mile” appart.

The accounting profession has been arguing over “simple book keeping” for centuries and still does… What makes anyone think that we can safely legislate for what “MUST” go in such logs…

In any even minorly complex piece of software for business to log all the transition states to find out where a problem is, would be an almost impossible undertaking and we know that it will not be given to the “star programmers” so is likely to be closer to the 20% of lines defective than the 0.2% of lines defective end of the spectrum.

And that’s before the corporate “liability limitation lawyers” get in on the act.

Many here can remember some years back now that scandle after scandle rocked the “de-regulated finance market”. The legislators of the time effectively went cap in hand to the auditors and others tasked with policing the corporate and finance sectors and said “write your own wish list” well they did it got put into law…

The result we have as many financial scandles as ever, however they are now harder to prosecute or even explain to a jury.

So all that happened was the legislation made the dishonest evolve to a higher level of dishonesty.

This happens in part because there are virtually no downsides to the dishonest trying it on. They either get away with it or just buy their way out with tax deductable fines…

What is needed is not “pruning around the edges” but “root and branch changes” to the way corporates legaly exist and the way offending officers are dealt with.

One of the things mentioned was the Post Office Limited company run at the time by Paula Vennells[1] who took home atleast 5,000,000GBP in bonuses on top of her already inflated remuneration. She knew onky to well exactly what was going on, and that evidence of the wrongdoing was being kept from the innocent defendants, some of whom got driven to their deaths.

She is now the Reverend Paula Vennells and feels no shame what so ever for what she very knowingly did to line her own pockets whilst effectively killing and destroying innocent people…

But what the heck I guess in her psychopathic view point she was only doing “God’s Work, for their betterment”.

But what of those who followed her?

They have no intention what so ever of alowing justice to happen[2]

As Upton Sinclair so tactfully put it back in the 1930’s,

“It is difficult to get a man to understand something, when his salary depends on his not understanding it.”

Sometimes you need to take away rather more than the salary… The old Testiment had punishments including selling an offenders family into salavery and prostitution. Others have instituted removal of limbs, toungs, eyes, ears and even the ability to have children… Yet here we are centuries later and still we have not found a way to make the dishonest behave within the limits that the norms of society thing appropriate…

[1] https://en.wikipedia.org/wiki/Paula_Vennells

https://www.postofficetrial.com/2019/12/is-paula-vennells-fit-and-proper-person.html

https://www.theguardian.com/business/2021/apr/26/post-office-paula-vennells-quits-morrisons-dunelm-boards

[2] https://www.postofficetrial.com/2020/06/nick-reads-selective-awareness.html

Bob Paddock June 29, 2021 12:58 PM

Embedded System Guru Jack Ganssle wrote “2028 – A Dystopian Story” as a humors, and sad, view of such things as software logs and notebooks.

http://www.ganssle.com/articles/2028adystopianstory.htm

From the above:

Federal Rule of Civil Procedure Rule 26 was amended in 1993 to require the disclosure of related case materials without awaiting a discovery request. In the 2000 case Kleiner v. Burns the court interpreted Rule 26 to include backup media, and even deleted files. More than a few companies today prohibit engineering notebooks.

“Rule 26. Duty to Disclose; General Provisions Governing Discovery”

https://www.law.cornell.edu/rules/frcp/rule_26

‘The software engineers proposed a three-part test. First, the court should have access to the “Known Error Log,”’

Which I expect the prosecution pounces on as “You knowingly shipped a defective product as documented in your Error Log”.

If my accuser is a Breathalyzer or a Speed Trap Camera, do I not have the right to face them (ie. their source code)?

Bob Paddock June 29, 2021 1:07 PM

@Jones

“This isn’t a technical issue, but a legal issue caused by poor policy: software needs regulation, liability, and copyright reform.”

This is about TicTok, however they make no distinction about ‘connected software’ from Embedded Devices.

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/06/09/executive-order-on-protecting-americans-sensitive-data-from-foreign-adversaries/

“… In evaluating the risks of a connected software application,
several factors should be considered. Consistent with the
criteria established in Executive Order 13873, and in addition to
the criteria set forth in implementing regulations, potential
indicators of risk relating to connected software applications
include: ownership, control, or management by persons that
support a foreign adversary’s military, intelligence, or
proliferation activities; use of the connected software
application to conduct surveillance that enables espionage,
including through a foreign adversary’s access to sensitive or
confidential government or business information, or sensitive
personal data; ownership, control, or management of connected
software applications by persons subject to coercion or cooption
by a foreign adversary; ownership, control, or management of
connected software applications by persons involved in malicious
cyber activities; a lack of thorough and reliable third-party
auditing of connected software applications; the scope and
sensitivity of the data collected; the number and sensitivity of
the users of the connected software application; and the extent
to which identified risks have been or can be addressed by
independently verifiable measures. …

(d) The Secretary of
Commerce shall evaluate on a continuing basis transactions
involving connected software applications that may pose an undue
risk of sabotage or subversion of the design, integrity,
manufacturing, production, distribution, installation, operation,
or maintenance of information and communications technology or
services in the United States; pose an undue risk of catastrophic
effects on the security or resiliency of the critical
infrastructure or digital economy of the United States; or
otherwise pose an unacceptable risk to the national security of
the United States or the security and safety of United States
persons. …

Sec. 3. Definitions. For purposes of this order:
(a) the term “connected software application” means software, a
software program, or a group of software programs, that is
designed to be used on an end-point computing device and includes
as an integral functionality, the ability to collect, process, or
transmit data via the Internet; …”

Grahame Grieve June 29, 2021 1:41 PM

This is a fantasy, as any programmer who’s ever debugged a production mishap will know; the programmer has no idea what the log should contain in advance, since (almost by definition) anything that goes is a situation that was not anticipated, so you don’t know what the log should contain in order to investigate it. You’re very frequently left looking at the whole system in despair, overwhelmed by lack of information about what happened in the real world and in the software.

JonKnowsNothing June 29, 2021 3:52 PM

@Clive, All

re: Error Logs

Error Logs are like kilts: There are no errors:

  • there is nothing worn under, it’s all in perfect working order

The Post Office, The RoboDebt, The RoboSigning, The HiddenAlgorithms, The HiddenLists, The TerroristListing for “Alms”.

Error Logs are only for things that are expected to never be seen. They are supposed to be NIL. Having such a log, purporting to show “errors” is a diversion from 2 views:

  1. You Know There’s an Error or Bug in which case it is not a NIL Event
  2. You Do Not Know there is an Error or Bug, in which case you can do the Long Sword Dance hoping you are not the one without a sword when it is determined that the first option is correct.

The very folks that are making the software have 100% interest in having NIL Error Logs. It doesn’t prevent errors from existing, persisting, propagating while the effects rolled down stream.

There are no 2 Alms About It.

===

ht tps://en.wikipedia.org/wiki/Long_Sword_dance

ht tps://www.theguardian.com/uk-news/2021/jun/27/boy-11-referred-to-prevent-for-wanting-to-give-alms-to-the-oppressed

Boy, 11, referred to Prevent for wanting to give ‘alms to the oppressed’

Teachers contact counter-radicalisation programme after mistakenly believing he said ‘arms’

ht tps://en.wikipedia.org/wiki/Alms

  • Alms giving involves giving to others as an act of virtue, either materially or in the sense of providing capabilities (e.g. education) free.

(url fractured to prevent autorun)

Clive Robinson June 29, 2021 4:53 PM

@ Grahame Grieve,

This is a fantasy, as any programmer who’s ever debugged a production mishap will know; the programmer has no idea what the log should contain in advance…

It’s why I said,

“In any even minorly complex piece of software for business to log all the transition states to find out where a problem is, would be an almost impossible undertaking…”

@ ALL,

From too many years of writing the sort of software where you are required to “log everything” and do it “remotely” (think industrial control on remote high value platforms, and more recently stuff that goes up but does not come down). I know there is only one realistic way currently to produce “log it all software” and most programmers either can not or would not want to write it.

In essence you reproduce “ladder logic”[1] (mostly Combinational logic) as a “Finite-state machine”[2] where “every state is qualified” as are all the “state to state transitions”, thus the entire system is fully determanistic to a level few can get their heads around. Oh and no comnetcial OS’s or frequently hardware either…

Whilst you can write “business logic” this way, it’s not something anyone wants to do for various reasons. It’s why it’s only realy ever used in either limited capability embedded systems or safety critical systems where fail safe and the like have to be guarenteed to some quantifiable level.

To say it’s,an expensive process is a tads understating it…

I’ve even had it go wrong on me, when the underlying microcontroler hardware that was allegedly “space qualified” had firmware bugs… It’s not a conversation you want to be having with what was at the time one of the worlds largest supplier of microcontrolers…

It’s why these days FPGA tends to be the way some go.

But as Apple recently found out when they stripped out some ARM functionality, and opened up an unexpected vulnerability, you realy realy need to know what you are doing…

[1] Ladder logic / relay logic was the way things were done before 8bit CPU chips dropped below a hundred bucks each. Yes there were hundreds of relays in a rack and actual programing was done with a “Wire-Wrap tool” on “wrap posts” –that were common in telephone exchanges,– up untill the mid-late 1970’s. Being replaced with “punch-down tool” on Insulation Displacment Connector” blocks in the mid 70’s through to the mid 90’s. Oddly to some “relay logic” got going due to the thesis of Claude Shannon who took the ideas of Victorian mathmatician, philosopher and logician George Boole from his 1854 “The laws of thought” and in effect made it available. Sadly we don’t know what else George Boole might have done, because his wife effectively killed him just as his career was comming to prominence.

There still are some “safety critical” systems out there that still use hi-rel relays etc in multiply redundant voting circuits and the like… I still get called upon occasionaly to update ICS systems I put in place a third of a century ago. The only real difference is that the industrial systems are now easily worth oh twenty times as much as back when I was that wee bit younger…

[2] Finite State Machines were another idea “come of age” in 1940’s. Around a century after the theoretical knowledge and technology to make them possible had happened… Why so long, well WWII might well have had something to do with it. Prior to then such systems were not “of need” let alone of “pressing need”. WWII was in reality the start of the “autonomous machine age” where machines could be autonomous not force multiplier extentions of a human controler. Yes things like the Jakard Loom existed but they were highly niche thus rare and consummently expensive.

https://en.wikipedia.org/wiki/Finite-state_machine

SpaceLifeForm June 29, 2021 5:25 PM

Re: independent calibration and proof that it was done

Easy calibration of a Breathalyzer: Measure at only one point, and create a paper record that it was calibrated at that point at a documented time.

Some courts will accept that.

Problem: It is NOT really calibrated. AT ALL. You can plot a lot of lines thru one point.

Lets say the machine is tested (this is not calibration) at say .08 percent alcohol level via an allegedly controlled sample.

The test is intended to show that the measurement actually returns .08 from the allegedly controlled sample.

The tester (police), document that they ran the test at some timestamp, and it returned the expected results.

They (the police), can then say in court, yes, your honor, we ran the required calibration (really just a test), and it was accurate (not failing, meeting expectations).

Here are the issues:

  1. The allegedly controlled test sample can not be proven legally to be fact.
  2. The machine may actually be skewed, so that the test may appear accurate at the .08 level, but is totally biased to show higher levels than reality for inputs greater than .08 level. For example, it could report .14 when the actual input is .09 level.

I can draw lots of lines thru a point on a graph. Every line will cross the alleged calibration point.

In order to be able to accept any calibration, it must be tested at three points on the line.

A state Supreme Court has confirmed this point.

ADFGVX June 29, 2021 6:41 PM

@ Bob Paddock

Federal Rule of Civil Procedure Rule 26 was amended in 1993 to require the disclosure of related case materials without awaiting a discovery request.

Sounds like a bunch of damn lawyers are out of their minds insane with greed, billing clients for all that mumbo-jumbo serving restraining orders and warrants with all that eye-stabbing prison-lust, in deep trouble with the bar, not to mention the Constitution, especially the Fourth and Seventh Amendments.

Clive Robinson June 29, 2021 6:54 PM

@ SpaceLifeForm,

I can draw lots of lines thru a point on a graph. Every line will cross the alleged calibration point.

Yup and those lines do not have to be straight lines either…

Which makes,

In order to be able to accept any calibration, it must be tested at three points on the line.

Rather open to abuse as well…

The specification needs to be quite a bit tighter than just three points.

It needs to be a point above, a point below the required range and one or more pounts either side of any determining point. Also these points should fall within a range of linearity such that the “straight line” approximation is valid.

In reality very few devices in electronics are “linear” they are usually “exponential” or “square law” in nature with weirdness as you approach “rails”. On these the usual “straight line approximations” are laid over the top, and the bits that don’t fit get ignored…

Now… It’s known with “Radar Guns” used in speed traps that moving things “close to the rails” is not difficult you just arrange for a largish reflector “close to” to be in the “bore-sight” which “overloads” the front end causing a nonlinear response… As the overload signal is “static” it has no delt F thus gives a DC component out of the detector that is easily blocked by a coupling capacitor or filter. The fact the actuall return signal from the moving vehicle is now distorted and nolonger symetrical” means it has an “effective DC value” it carries across the decoupling capacitor or through the filter…

If the following circuits “rectify and integrate” then that DC offset is hidden in the integrated output and will shift the detection threshold…

Showing that even though equipment is correctly calibrated and tested immediately before use, in use it can become “uncalibrated” but, immediately after use when tested “still in calibration” on the test bench…

There are oh so many other tricks that can be pulled like that, that you have to be smarter than the system designer by quite some way, and deeply deeply suspicious. Because “The Devil makes work for idle hands” and traffic cops have plenty of “Devil time” and a serious need “to make quota” in any which way they can…

SpaceLifeForm June 29, 2021 7:23 PM

@ Clive

It was good enough to prove the point. Judges are expected to at least comprehend basic linear algebra, right?

I’m not expecting them to understand how one can fit a curve thru three points.

Though, it would be ‘A Good Thing’ if more Judges understood this.

JonKnowsNothing June 29, 2021 8:16 PM

@Clive, All

re: Logs

IM(not)HO There are several sorts of logs that get referenced and for me they are rather different

  1. Error Logs are NIL events, existing only during development or PoC.
  2. Audit Logs are supposed to verify inputs made it correctly to their destination. Name entered at the keyboard == Name in the database
  3. Validation Logs are supposed to make Sanity Checks on the data.
    1+1 = 2, 2 + 1 = 3, 3-1 = 2
  4. Keying Logs are popular with some groups and verify the number of typos, backspaces and rewrites it takes to type in information correctly. These used to be mandatory double checks for Manual Key-Entry where people got paid for the number of “correct keys pressed with zero errors”. 2 passes were made to key the data and the had to agree 100%.

The primary problem is that for electronic data there is no verifiable chain of custody. It’s just smoke and no mirrors.

There are loads of problems with physical items and chains of custody too. Physical Evidence is not tamper proof, theft proof, damage or loss proof or old fashioned Round File proof.

tl;dr

… the “hostile environment policy” 2012 instituted by Theresa May during her time as Home Secretary targeted people who had a legal right to come to the UK, they neither needed nor were given any documents upon entry to the UK, nor following changes in immigration laws in the early 1970s.

The policy led to issues with the Windrush generation and other Commonwealth citizens not being able to prove their right to remain in the UK.

The primary proofs of Right To Remain existed in the sailing and passenger manifests of the ships that brought them to the UK in the 1970s.

These documents were never digitized.

The documents were shredded and destroyed preventing the targeted groups from “proving” they had the Right to Remain and Citizenship. The destruction was ordered by Theresa May.

Evidence isn’t evidence if it no longer exists.

===

ht tps://en.wikipedia.org/wiki/Windrush_scandal

note: The scandal continues unabated. The Court ordered legal status for the Right to Remain of the affected persons still has not been rectified.

  • The Windrush scandal was a 2018 British political scandal concerning people who were wrongly detained, denied legal rights, threatened with deportation and in at least 83 cases wrongly deported from the UK by the Home Office.

ht tps://en.wikipedia.org/wiki/Home_Office_hostile_environment_policy

(url fractured to prevent autorun)

Chris Vogel June 30, 2021 2:28 AM

Interesting reference:

“The Evidence Critical Systems research project aims to identify the right technologies and design principles to build systems that will produce adequate evidence to resolve disputes fairly and address the challenges in presenting and interpreting this evidence.”

https://evidencecritical.systems/

Clive Robinson June 30, 2021 4:01 AM

@ SpaceLifeForm,

Judges are expected to at least comprehend basic linear algebra, right?

Sometimes, I’m not sure they comprehend simple addition…

Those that formulate, administer, and apply justice can leave you with your mouth hanging open, and seriously questioning if the actually made it through primary school…

For instance, there is a law in the UK about the length of blades on knives that do not have locking blades or that can be “flicked/sprung” out.

For the better part of my life I’ve carried a Swiss Army knife on my key chain and a more solid folding knife in a small tool kit that fits inside an old Army “ammunition pouch” that I take to do odd jobs for people.

Now it’s clearly a folding knife, it’s clearly in a small tool roll with other tools that is clearly inside a solid bag with yet more tools, thus clasified under EU law as “tools of a trade” that can be freely carried…

Some idiot of a Police Community Support Officer (PCSO) decided that I was committing an offence because… I assume his coffee or donught had not agreed with him or someting.

Now back then PCSO’s had no right of arrest or even detention nor a right of expectation you would answer any of their questions. It’s why Police Officers “with lawful authority” called them amongst many derogatory terms “Robins”[1].

Now the example of intelligence that what would make even Dysenteric amoeba[2] look the other way in shame realised fairly quickly he was on the loosing end of the argument.

So he pulled out his “Master Plan” a Police note book on the back of which were two scales, one in Imperial (inches) and one in Metric (centimetre) measurments, and tried to convince me that he could use the Metric scale to make an Imperial measurment of four inches… Fine if he could multiply 4 by 2.54 in his head and come close to 10.16 but no, the great towering example of intelect said 4cm was 4inches. At which point I kind of told him what kind of a failed individual in life he was…

I guess it was at that point that he found there could be things more disagreable than bad coffee and stale doughnuts…

I’ve had zero respect for the UK Met Police since, worse I’ve had the misfortune to deal with them since and I’ve found those from Twickenham in West London, repeatedly fail to even reach the intellectual hights that “Mr if I say it’s more than 4 inches then it is Robin Reliant” aspired to…

[1] There used to be a three wheel car made in the UK called “The Robin Reliant” which due to it’s construction materials (GRP) and poor handeling capabitiries was less than affectionately also called a “Plastic Pig”,

https://www.reliant.website/plastic_pig.shtml

Thus it’s not difficult to see why Police Officers with a loathing and significant distaste for the then Home Secretary who had forced PCSO’s as “the future of policing” would not take kindly to PCSO’s in any way what so ever (less so now due to “mission creep” PCSO’s have been given ludicrous powers).

[2] Dysenteric amoeba have been clasified as being one of, if not the simplist, form of parasite.

Winter June 30, 2021 4:19 AM

@ATN
“How does the court interpret this line of the license:”

PS: The license cited is the GNU GPL.

Jon June 30, 2021 8:15 AM

@ Space Life Form: (et. al.)

Also see “Dieselgate”, wherein diesel Volkswagens could detect they were being tested, and thus gave perfect results – at that time.

Imagine a “Breathalyzer” also so gently tweaked – except in the opposite direction. “We love this machine! It says everyone’s guilty, and calibrates just the same as the one that lets some people go!”

“Think of the civil and criminal forfeiture we can get away with now!”

The law has quite a bit of catching up to do. J.

JonKnowsNothing June 30, 2021 10:24 AM

@Jon

re: Imagine if a “Breathalyzer” could be tweaked

There are devices that are mounted in cars that do “Breathalyzer” tests to prevent the car from starting/driving if the person blowing into the pipe fails the sobriety test.

These are generally court ordered devices, paid for by the person, that allows them limited travel, like to-from work.

Lots of stories about how people get around the pipe-blow and the device makers have had to tweak the Breathalyzer many times as the targeted persons find no end of security system failures.

iirc(badly)

  • one person had their grandchildren do the pipe blow. ezpz drive down to the pub or liquor store.
  • one person figured out there was another way to start the car, bypassing the device completely.

People are very creative.

Walter C June 30, 2021 10:58 AM

Ignoring the ample fuss (perhaps justified…but seemingly futile) about the legal and software sides of this mess, readings from “Breathalyzers” are falsifiable. And even a few Breathalyzer errors – “device said 0.ddd% alcohol, multiple medical lab tests of drawn blood all said (say) 1/2 that amount” – could be a major scandal. That’d be easily understood by (and emotionally significant to) the average voter. Or jury member.

Getting to that point would require some real-world resources and effort. Nothing which groups such as ACLU (net assets “without donor restrictions” over $350M on their 3/31/2020 Annual Statement) would find at all difficult.

Is any such effort being made, or even seriously contemplated?

Liberty June 30, 2021 11:21 AM

Evidentiary Software should be required to present the entire raw data used to come to its conclusions, to have strong safeguards against manipulating said data, and have regular calibration reports to ensure the sensors work correctly.

This software is used to make automatic deductions then used in proceedings, there is no reason to allow it to just present its conclusion, instead of it presenting a full deduction from the raw data so that it can be audited.

Weather June 30, 2021 11:50 AM

About breathizlers my chemistry teacher said bite a lemon before you blow, I tested it on those cheap crystal ones when drunk and the couler changed back to a new one
Probably won’t work on the machine police use, it probably some dielectric constant capacitor thing, but it works on chemistry ones.

SpaceLifeForm June 30, 2021 3:14 PM

@ Clive

That PCSO makes Dysenteric amoeba look very intelligent.

Imagine if you asked him to convert Celsius and Fahrenheit.

“Oh shite!” he would say. “you want me to do divsion using 5 and 9?”

Dysenteric amoeba: “PCSO, you have between 5 and 9 minutes until your next trip. We decide when you will do the division”

SpaceLifeForm June 30, 2021 4:37 PM

@ Clive

Also these points should fall within a range of linearity such that the “straight line” approximation is valid.

In this instant case, what happened was interesting.

The law as written, was that proper calibration was to be done at .04, .08, .12 levels.

Then, (magic happens), the law was changed, so that only the .08 level was required for calibration.

Then the law was reverted to the ‘test at 3 levels’ requirement.

There was a window of time that did not meet the intent of acceptable calibration.

echo June 30, 2021 4:57 PM

https://www.pacts.org.uk/news-and-publications/another-step-towards-uk-roadside-evidential-breathalysers-105000-awarded-to-winners-of-mebti-competition/

Each year over 240 deaths occur on the UK’s roads involving a driver who is over the legal drink-drive limit. Effective enforcement by the police is crucial in combating this serious crime and loss of life. The breathalysers currently used by police at the roadside are screeners, not evidential. A driver suspected of drink driving must be brought to a police station for an evidential test. Having devices that enable the police to take the evidence at the roadside will increase their efficiency and avoid the risk that a driver might “sober up” before reaching the police station.

PACTS Executive Director David Davies commented, “As a result of a grant from the Department for Transport, PACTS has been able to run the MEBTI (mobile evidential breath testing instruments) competition which is incentivising companies to develop products to meet the exacting technical and legal requirements of Home Office type approval. These awards of £52,500 each, to two UK-based companies, Lion Laboratories and Medacx, are rewards for their substantial R&D investment to date, and assistance with the further costs that will be involved.”

[…]

The Parliamentary Advisory Council for Transport Safety (PACTS) was awarded a grant by the Secretary of State for Transport to run a competition to encourage the development of mobile evidential breath testing instruments (sometimes referred to as roadside evidential breathalysers) which meet Home Office type approval requirements.

https://www.sciencealert.com/this-one-simple-technique-helps-people-to-drink-less-alcohol-experiment-shows

This particular combination of ‘why to reduce’ and ‘how to reduce’ messaging can be useful for promoting good health in a population, says the team behind the study.

Too much drinking doesn’t just lead to cancer, of course. Overdoing it on the booze is associated with a whole range of problems, including premature death, heart disease, digestive issues, and an increased risk of dementia.

“We found that pairing information about alcohol and cancer with a particular practical action – counting their drinks – resulted in drinkers reducing the amount of alcohol they consumed,” says economist and psychologist Simone Pettigrew, from The George Institute for Global Health.

https://www.rac.co.uk/drive/news/motoring-news/men-11-times-more-likely-than-women-to-be-convicted-of-same-driving-offence/

Men are 11 times more likely to be caught driving without seatbelts and having vehicle defects when compared to female drivers, according to Scottish Government figures.

There are also eight times as many men penalised for using a mobile phone behind the wheel than women north of the border.

A total of 192 men were guilty of seatbelt offences in 2018-19 compared with just 17 women.

Meanwhile, 1,034 male drivers were convicted of driving a vehicle with defects, while only 94 females fell foul of the law in the same way.

Of those drivers caught using their phone behind the wheel, 616 were men and just 76 women.

According to the recently released road safety statistics1, male drivers also account for the lion’s share of all other motoring offence categories.

Where dangerous and careless driving is concerned 2,631 men were convicted and only 486 women – more than five to one.

Men were found to be four-and-a-half times more likely to speed, with 7,450 males caught for the offence and 1,617 females collared.

Figures were slightly more evenly matched when driving under the influence of drink or drugs. Even then, 2,752 men were caught compared with 806 women.

There are differences between the UK in terms of culture and economics as well as the spread of expertise on a regional basis. Ditto countries in mainland Europe. I’m not an academic nor am I writing a comparative study but I think this is worth mentioning as they are factors in outcomes with respect to forensics and road safety in the broadest sense.

I don’t drink much and tend to stay away from people who do and places where people congregate to drink. I certainly don’t drink and drive. I also look both ways when crossing the road even down the preverbial one way road in the countryside.

ADFGVX June 30, 2021 7:36 PM

@ echo

Men are 11 times more likely to be caught driving without seatbelts and having vehicle defects when compared to female drivers, according to Scottish Government figures.

There are also eight times as many men penalised for using a mobile phone behind the wheel than women north of the border.

A total of 192 men were guilty of seatbelt offences in 2018-19 compared with just 17 women.

The fact of the matter is that men really don’t drive all that differently from women.

The discrepancies are better explained by a predatory male-dominated police force that views male suspects as “competition” for street women with whom predominantly male police officers desire contact for non-law-enforcement-related or personal reasons.

The minority of police officers who are women themselves tend to act as “big sisters” and protectors of street women, who work to prevent women from being seen as suspects.

We as impartial witnesses (or even potential jurors) are encouraged to toe the politically correct line and believe women’s reports of sexual and sex-related offenses without questioning them or affording any due process of law to the male defendants of the alleged crimes they report.

Fail June 30, 2021 7:57 PM

Any real capitalist would be all for women gaming both men and the system that men have … ahem … supported.

By the way, for brevity purposes::

You don’t sound very impartial on either account.

😁

ADFGVX June 30, 2021 8:28 PM

@ Fail

the system that men have … ahem … supported

It’s a system of powerful men who oppress weak or powerless men. Women sometimes express support for it because they are treated specially or granted favors, but in reality women are only chattel or property to be bought and sold by the more powerful men who run the system.

Fail June 30, 2021 9:54 PM

Times change, property changes, biases change.

Depending on ones position before this calamity one could’ve been struck down or pole vaulted.

Nothing is certain except death, tax collection and data retention.

Clive Robinson June 30, 2021 11:12 PM

@ echo,

You might also want to dig out information about the age ranges of the offenders, and importantly the size, type, status and age of the vehicles.

The current insurance industry rates, will also tell you quite a bit as well.

Yes there is gender bias in the figures but it is only a part of the issue and has an age related component.

Some years ago I was shown the figures that showed the most likely vehicle to be in an accident was[1],

1, A red Nissan Cherry.
2, With two or more people predominately women or children in it.
3, With the driver being asian, female, married with children.
4, Around the end of the school day.

The figures rather upset my then local MP, who had his plans to put VAT on car insurance scuppered by the figures, as the Insurance industry geared up to make the figures public as to why “traditional tory voters” were in effect “carrying” certain drivers and already paying two to three times their due, due to Government rules.

I suspect that with the rise of “singletons” the figures will now be majorly different to back then.

[1] The second most likely were in Golf GTI’s or similar “modified” vehicle, three or four young males in the vehicle, driver young male living with parent, single and in the evening or night time.

Richard July 1, 2021 12:59 AM

Isn’t evidentiary software required to be built according to certain standards?

I create software for medical products, and that software is governed by a number of standards, among which ISO 13485. While our software remains closed source, we are required to write requirements, verification specifications, execute tests, perform failure mode analyses, and similar activities. We are required to keep paper trails of everything, and all documentation is available for inspection by external auditors like the FDA. While this doesn’t guarantee perfect software, it at least shows that the likelihood of failures, and especially the impact of those failures, should be low.

I know that much more rigorous standards exist; the automotive industry has far stricter rules.

I don’t think that having the code of evidentiary software available for inspection would help much. Sure, it sounds nice on the principle that a defendant is entitled to examine his accuser, but you’re not going to suddenly find a bug which both explains why you’ve been falsely accused and which is not found by engineers who have spent multiple years writing the code. Instead, I would like to be able to inspect whether important failure modes have been considered, whether they’ve been mitigated, whether logging output is part of the mitigation and if it is what the output of that log is (if that logging is not available in court, it’s not a mitigation for the failure mode that I’ve been wrongly accused).

So instead of having to hunt for a bug which I’ll never find, I’d like to examine the choices made in code construction. If a reasonable doubt is found (an unmitigated failure mode), that should be enough to dismiss the evidence produced.

Having evidentiary software adhere to such a standard should be a good step in the direction of being able to inspect its quality without compromising its proprietary nature.

Clive Robinson July 1, 2021 2:57 AM

@ Richard,

Having evidentiary software adhere to such a standard should be a good step in the direction of being able to inspect its quality without compromising its proprietary nature.

If you make a device for the FDA or for approval by a near uncountable number of approvals bodies world wide, you have to produce a very detailed set of drawings and BOM. Especially if there are “custom or proprietary” parts within it.

Yet you “just assume” without reason good or baf that software has to be somehow different…

There is absolutly no good reason why software should be “kept secret” in any device approved by a regulatory agency.

There are however many bad ones as history shows…

Richard July 1, 2021 3:37 AM

@Clive

“There is absolutly no good reason why software should be “kept secret” in any device approved by a regulatory agency.”

I agree with you, but I don’t think it will help much in practice to have the software open. I think it helps more that evidentiary software is built in a rigorous way, and I am currently baffled that apparently there’s no mandatory standard for such software.

Having a mandatory standard would be much more easily attainable, and I think would benefit us more than a step towards open software.

Winter July 1, 2021 5:05 AM

@Clive, Richard
“There is absolutly no good reason why software should be “kept secret” in any device approved by a regulatory agency.”

Especially so because Copyright and Patents legislation work based on the protected work to be fully open. Making the software source readable does not in any way affect the Copyright or Patent protection.

The reasons source code are kept a secret are:
!) Possible patent violations in the code

2) Possible copyright violations in the code

3) Serious code quality issues

4) Security by Obscurity

5) Secret Sauce recipes

Ad 5) is simply snake oil and most likely just a variant of 4).

Clive Robinson July 1, 2021 5:23 AM

@ Richard,

I am currently baffled that apparently there’s no mandatory standard for such software.

I’m guessing you’ve not been close to the “standardisation process” it can take years…

In the US it can be particularly bad as they tend toward “Prescriprive legislation” due to the prefered working mode of their judicial process. In some cases the “standard” has remained unchanged since the 1960’s (ever seen a “mirror galvanometer” or “hot filiment calorimeter”?).

Now imagine the “hot 70’s software development model” like “waterfall” or maybe the late 80’s early 90’s SSADM, or project managment such as PRINCE. You’ld probably be happier with “Z” but not by much…

That said, standing up and bullying the meakest members of a team a la “SCRUM” every day is not likely to be good for code quality either.

In theory software development is a thoughtfull stateful process, where the artisanal aproach of patterns has been replaced with a more engineering oriented process based on maths and science. But managment do not want to pay for “engineering” they want the “cat walk” glamour of the fashion industry others rightly call “the rag trade” and all that goes with it…

The reality is though that we still develop software badly for easily avoidable reasons. It’s why “type safe languages” and “garbage collectors” are back in fashion again amoungst many other “coal face” issues. Even the horror that Dynamically typed languages can be is getting attention again, having spent time in the wildernrss.

Why? Even though these are signs that software developers need crutches to get things out the door. And from an engineering perspective they are a handicap or constraint preventing better techniques being used. And even though they have their place (but it is not the whole estate that some are trying to make it). The reality is they are a “sticking plaster for a broken bone” that is a “quick fix” to poorly developed code caused by time constraints that have significant negative impacts at all levels of the development process. So we can safely predict that whilst some issues will get solved it will be sub-optimally at best and yet more sticking plasters will get applied…

Having developed a fair number of safety critical systems in my time and other remote systems some of which are beyond physical intervention I frequently wince at what the industry is about these days…

Yes we can develop code that meets the requirments we need but the cost is more resources that managment do not want to invest in unless they and more importantly their competitors are forced to.

echo July 1, 2021 9:37 AM

@Clive

You might also want to dig out information about the age ranges of the offenders, and importantly the size, type, status and age of the vehicles.

The current insurance industry rates, will also tell you quite a bit as well.

Yes there is gender bias in the figures but it is only a part of the issue and has an age related component.

[…]

[1] The second most likely were in Golf GTI’s or similar “modified” vehicle, three or four young males in the vehicle, driver young male living with parent, single and in the evening or night time.

And

Why? Even though these are signs that software developers need crutches to get things out the door. And from an engineering perspective they are a handicap or constraint preventing better techniques being used. And even though they have their place (but it is not the whole estate that some are trying to make it). The reality is they are a “sticking plaster for a broken bone” that is a “quick fix” to poorly developed code caused by time constraints that have significant negative impacts at all levels of the development process. So we can safely predict that whilst some issues will get solved it will be sub-optimally at best and yet more sticking plasters will get applied…

Yes I’m aware of individual skews and also aware of organisation skews. It’s a very difficult subject to unpack and analyse without upsetting someone so you have to be very careful with your narrative which is why I tend to stall when discussing the topic. There are few people with the multi-domain expertise to discuss anything sensibly and a lot of the cultural or more accurately (I forget the sociologists word for this) latent group knowledge isn’t there which is why things can be very “political”. The medias treatment of this is very poor to the point where they often perpetuate ignorance or cause more harm than good.

You have to be careful not to confuse the general with the specific, opinion with the science, and note that many studies or comparative studies are dependent on their starting point.

I tend to avoid men under the age of 30 and red cars for a reason. I also tend to avoid women who lead with dogmatic and subjective emotional arguments for similar reasons. Case law does recognise “patriarchal” behavior and “mobbing”. Forensics and criminal law is also slowly catching up with abuse of power and backseat driving. These aren’t the only people and situations I would tend to avoid although you have to develop an ability to look around corners and spot landmines being laid in advance. This tends to be less kenetic and obvious more administrative and social but the recklessness and damage tends to be equally unpleasant. It’s not something police are very good at prosecuting or downgrade to “civil” action, and regulators and other agencies can be weak on this too.

On top of this there’s a whole lot of problems with policing. Cost cutting hs led to specialist departments being consolodated and specialist training being overlooked. Expertise becomes more of an average and the importance of incidents may be overlooked. The police are also resisting social policy led policing while lamenting the rise in gang crime including women. This partly explains why the Home Office and police are keen on “evidential breathalysers”. It’s a cost cutting measure.

There was a media article in the Independent the other day highlighting how the state are reluctant to prosecute the state. It has also been noted by a parliamentary panel that police exceeded their powers during recent protests. You will note this doesn’t put the police or Home Secretary in a good light.

You’re going to have to fill in a lot of blanks yourself but I think this is enough to indicate the kind of dynamics at play.

Very few lawyers get this.

ADFGVX July 1, 2021 9:59 AM

@ echo

driver young male living with parent

“Young man! Young man! Young man!”

Do you hear that shrill harsh voice?

There’s a grandmother in a whore’s district promoting and compelling automobile crashes which are no accident.

I tend to avoid men under the age of 30 and red cars for a reason.

The Department of the Army, on the other hand does not. Nor is the red color of a car to be interpreted as a signal of a male drivers’s willingness to pick up a prostitute. There are certain things it would have been better for the old ladies of the district if they had known before they made such arbitrary choices to ruin others’ lives, wreck their homes, and trash their cars.

Very few lawyers get this.

Most lawyers in fact are men, and so are most of their clients. While they are very aware of vice in the district, it does not behoove them or serve their clients well to “get it” or make such extreme feminist assumptions or insinuations of vice on the part of their clients without direct evidence or proof.

There are too many old ladies at the Bingo hall or playing pull tabs on young men’s lives throughout the insurance industry.

Gunter Königsmann July 1, 2021 11:32 AM

In Germany if the breathalyzer detects too much alcohol they will acknowledge that with a blood test. But if there are DNA samples the results won’t be double-checked for user errors (exchanging the reference material with another bit of the sample one, contamination, errors in the algorithm,…).

Since fingerprints are evaluated using computers, most of the time: Are we absolutely sure that they cannot be misidentified, too?

JonKnowsNothing July 1, 2021 1:13 PM

@Gunter Königsmann

re: Since fingerprints are evaluated using computers, most of the time: Are we absolutely sure that they cannot be misidentified, too?

In the USA fingerprint analysis varies by jurisdiction: city, county, state, federal. Training requirements for finger print analysis also varies extensively.

There are lots of databases and lots of datasets but most of them are incomplete and the “matches” are not accurate.

The number of “matching points” needed for legal identification by courts varies too. Some states require only a few “matching points” and others require a lot more “matching points” before a positive ID is made.

Frequently, multiple matches from different individuals are returned.

iirc(badly) tl;dr

The US legal system allows “experts” to testify with little or no challenge to their expertise or findings. In one case, a fingerprint expert testified that the fingerprints found at the scene of the crime were perfectly matched those of
the defendant.

Except… there was no similarity at all.

The defense had to work extremely hard to challenge this false assertion by the expert as most of the legal challenges were no longer allowed due to the status of such “experts”.

After a long haul, simply putting up the projected images of the two “matching” print sets, clearly showed they did not match.

This particular state did not require very many matching points and it was somewhat obvious that the few points that matched in the samples were selected because the “arrested person must have done it else they would not have been arrested”.

The smoke and fire problem.

A similar situation tl;dr

A CCTV image of a robbery was matched with a person, and the person was arrested and charged.

Except… it wasn’t that person.

The CCTV image was unclear and at an odd angle and there was a similarity between the defendant and the image. Even comparing staged pictures to the CCTV picture showed a distinct similarity.

The ID hinged on the shape of the jaw line.

The prosecution claimed that the defendant had changed weight to hide the details, ignoring other factors like the charged person wasn’t near the site of the robbery.

The jury did not agree with the prosecution.

The word “doppelgänger” is often used in a more general and neutral sense, and in slang, to describe any person who physically resembles another person.

Erik July 1, 2021 3:17 PM

Working in medical device software, I’d suggest that law enforcement software use a similar structure: while the source code may or may not be made available to auditors, the requirements, design docs, and verification protocols MUST be available. These will define what the system does, and provides proof that it was tested to verify correct performance to all requirements, even if some part of the algorithm is a legally-protected black box.

Opening the source code to legal process audits is at best hit-or-miss and is always after-the-fact, but software that produces legally-binding output should be held by some licensing body to the same standards as at least Class A medical equipment (the class that cannot cause death or injury under normal use), if not class B (the class that can cause injury but not death). The standards of acceptance are understood and there’s a reasonable body of engineers already trained to that level. The hard part will be getting Congress to assign regulation to some agency, as the anti-regulation forces tend to be ideologically rigid and highly active.

As a responsible coder, I always try to include diagnostic logging on my devices; making raw measurement logging legally required and available to be downloaded after-the-fact as part of the incident report would be a reasonable extension, and one that I think would go a long way towards creating the verifiable trail of information custody that the system requires.

Fail July 1, 2021 3:32 PM

@Clive,

2 individuals advocating closed source finger pointing?

Does targeted advertising qualify as medical device?

What about fake base stations, if they can intercept e911 we may have some ‘dual use’ technologies hiding here.

Americans have the right to confront their accuser, you’d better let me see those logs bud.

We’re talking about life sentences and an error rate vs 700m people.

1% is okay with you?

The trends are to collect MORE data, so if we have 1% offenders today and 1% error rate next year closed source will be 2% offenders with 1% error rate.

After that?

nErrors = X

You can’t solve for X in a closed source reality.

Raw data, if you trust me that I say I saw a black guy do it it’s on you when the ACLU comes calling. I’m a protected witness.

Enjoy.

echo July 1, 2021 4:14 PM

@JonKnowsNothing

In the USA fingerprint analysis varies by jurisdiction: city, county, state, federal. Training requirements for finger print analysis also varies extensively.

By and large the UK has a uniformally higher average standard than the US and led the world at one point with scene of crime forensics protocols, and arguably is still ahead with counter-terrorism as we know it today if for no reason than we invented much of it first for the simple reason there was a problem to be solved and nobody else had.

Not many people outside of the US especially UK politicians who don’t even get the EU really get how varied the US from relatively highly trained in some organisations and some places to utter hick outside of the FBI and big cities. Then there are fundamental cultural and economic differences which boil down to “don’t cherry pick” and “don’t believe everything you watch on television”. I accept not every American is stupid and have many of their own frustrations with the system. I have little clue about standards in most of Europe simply because the UK media don’t cover most of Europe having been frightened off or taken over by the right wing Euro-hostiles. I know more about what is happening in New York than Barcelona.

@Clive

From too many years of writing the sort of software where you are required to “log everything” and do it “remotely” (think industrial control on remote high value platforms, and more recently stuff that goes up but does not come down). I know there is only one realistic way currently to produce “log it all software” and most programmers either can not or would not want to write it.

In essence you reproduce “ladder logic”[1] (mostly Combinational logic) as a “Finite-state machine”[2] where “every state is qualified” as are all the “state to state transitions”, thus the entire system is fully determanistic to a level few can get their heads around. Oh and no comnetcial OS’s or frequently hardware either…

Whilst you can write “business logic” this way, it’s not something anyone wants to do for various reasons. It’s why it’s only realy ever used in either limited capability embedded systems or safety critical systems where fail safe and the like have to be guarenteed to some quantifiable level.

To say it’s,an expensive process is a tads understating it…

It doesn’t sound too difficult. On state change before and after processing stream data. You can do this with one hidden variable to denote clean or dirty state of the object and dump the data via a stream object. I wouldn’t say it was easy as most people haven’t done this so they would have to think it through but havinh done this I don’t see it as being especially difficult. In theory depending on how it is implemented from the log file you can replay the entire operation from end to end. Some older game software at a “meta level” does this to a varying degree with “game replay” although newer game software almost exclusively now saves the state either at pre-determined “checkpoints” or “user directed save”.

If I recall the older Unreal script language not the C derivative was a state machine. The reason this was done was it reduced processing overhead insofar as multiple operations which all needed to happen all at the same time were executed only when needed. This was important when straight line speed really wasn’t there and when multi processor systems effectively didn’t exist for more people.

As for “idle hands” and also “PCSO’s” I would look more towards management. People do need outlets and we are social beings. Clueless management and rote learned inflexibile structures can be frustrating, and media attitudes are often not helpful. The problem is the UK system (mainly the English system) is based on costsaving which can lead to false enomonies and other knock on effects such as systems being designed less for excellence and more as rote learned one size fits all dumbing down to prevent the worst of stupid. Underfunding and jobs for the boys has led to a very brittle system which isn’t even fixing the problems it was created to solve such is the backlog.

Fail July 1, 2021 5:27 PM

@echo,

Re: state change

After every function called,

Or after every opcode executed

This is not basic ‘swift’ soft ware independent fault tolerance… This is more akin to we have .01% of transistors fail in our processors and we have to identify which one it is because that specific corner of the die has a higher failure rate than the rest and we need to identify it.

These guys keep talking about software but your software makes assumptions about non logging hardware inputs that can alter an otherwise proper software’s outputs.

Sorting through data sets is one thing but can you trust your data to not lie?

Are we lying to ourselves?

What’s the phrase, your output is only AS GOOD AS your input?

Verify what you saw was a woman, I want multiple witnesses… 3 at least and they have to be unrelated…

ccc vvv ppp

ADFGVX July 1, 2021 5:44 PM

@ Fail

Verify what you saw was a woman, I want multiple witnesses… 3 at least and they have to be unrelated…

That sounds like an extra harsh version of Islamic Shari`a Law.

echo July 1, 2021 6:18 PM

@JonKnowsNothing

Small town crimes are still crimes.

I am not sure who the Local Law Enforcement Officer disliked more:

  the bad guy for getting away with a crime
or
  moi for telling the Officer they had been made fools of

We have our share of this or the equivalent in the UK. Too many plod think they are the Sweeney or are the ones too thick or unfit to get in the army. By and large the UK doesn’t do “white collar” crime or “complex frauds” and cops mostly spend their time chasing low hanging fruit over walls or scraping drinks off the pavement. Cops traditionally “don’t do computers”. As Clive has already said in the past police statements in court when they are discussing anything to do with computers are a hoot. For years a “mouse” was a “manual input device”. Personally I think it’s touch unfair (only a touch) because cops like anyone else have an amount of intelligence and pride. The problem is they are by and large stupified by their own system. The pace of change in UK bureaucratic systems is glacial. The number of times I have heard someone say “something must be done” when they were being told and came off the rails a decade ago and action was promised then?

Most women I have known who are guilty of anything are largely guilty of being in charge of a big mouth or guilty of embezzlement. Actually getting arrested by a cop is very difficult. Cops don’t have the first clue what to do with women. You almost have to sink your teeth into them to get arrested. “Calm down dear and have a Valium” is as far as most cops go. On the other hand if you actually do get done for anything the sentence tends to be over the top.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.