You Have the Right to Read Your Accuser

by Curtis Poe

A few years ago I was at a meeting where a salesman was trying to pitch his terribly expensive closed-source software to our company. Since security of our data was very important, this topic was raised a few times. I asked about how they encrypted their data. The salesman replied that since security was so important, the company created a proprietary encryption algorithm which was secure because no one knew how it was implemented. He seemed a bit flustered when I burst out laughing.1

If you're reading this blog, you probably have a technical bent and know that the vast majority of software out there has bugs. The larger the project, the more bugs. In fact, I've never worked on any significant (you know, large) piece of corporate software without known bugs. I'm constantly talking to friends who complain bitterly about long-standing problems with their systems. So why is closed-source software allowed to take a witness stand and accuse you of crimes when you're not allowed to cross-examine it?


3 Comments

chromatic
2007-08-11 12:18:17
Imagine if you were accused of a crime but the state would not reveal which law you had broken. Code is law indeed.
hex
2007-08-12 15:49:21
@chromatic: Quite so - as imagined to nightmarish effect in "The Trial" by Franz Kafka.
Fred Trotter
2007-09-11 07:59:38
Great article. But you missed the most important case-in-point. any software with substantial risk to harm your life or liberty must be open source. The software that most regularly has the ability to harm a given person is the electronic health record (EHR) software. The vast majority of EHR software is dangerously proprietary. gplmedicine.org is my site focused on this issue.