SLED, THE DUI DATABASE and the DUI LAWYER?

SLED has reported that the computer server securely storing all breath test and breath test site video footage data was hit by lightning, possibly last Friday. This news is critical information for an experienced South Carolina DUI and criminal defense lawyer. After outlining why this issue is important, I will offer my impressions about this “unusual event” to borrow a phrase I learned when working in the nuclear power production industry.

As an experienced criminal defense and DUI lawyer in Charleston, South Carolina, the story of this calamity is of great interest to me, and of potential significant interest to current and future clients.

How things pan out will remain to be seen. This is an issue worthy of tracking by any experienced DUI defense lawyer.

Live Five News WCSC Charleston, SC, took quick interest in the story. Veteran reporter Harv Jacobs interviewed me about this incident of total data loss and efforts to restore data which is no less important evidence in a criminal case than a fingerprint, a weapon and other physical evidence. That news story can be viewed via this link LIVE FIVE NEWS WCSC.

Breath Alcohol Testing and Videotaping in South Carolina

While I have addressed this subject elsewhere in this blog and on my website, I think it will be helpful to review a few considerations here that are relevant to this news of lightning destroying SLED records.

The Videotaping System and Procedure

• If placed under arrest for DUI in South Carolina, our law provides that you must be offered a breath test.
• You have the right to refuse to take a breath test, but if you do, your drivers license or privilege to drive in S.C. must be suspended for 6 months.
• If you take the test, and the DMT machine reflects that your blood alcohol concentration (or BAC) is .15 of one-hundredths of one-percent of more, your drivers license must be suspended for 30 days.
• In either circumstance, you have the right to request an administrative hearing to challenge a suspension.
• Our law also provides that the procedure of the offering or administration of this breath test must be videotaped.
• The breath test site (BTSV) video is digital. (While VHS tapes were once used, that practice has been long since abandoned.) The digital “film” or file, is kept on the breath test machine as a digital file. Also kept there is a data file containing all the information about each breath test.
• TAKE A LOOK AT A SAMPLE OF THE BEGINNING OF A DMT SITE VIDEO.
• Periodically, these data files are uploaded from the individual breath test machine to a centralized “server” computer. The implication is that this “server” is located at SLED headquarters. However, here in the era of use of “Cloud Data” and VPNs (virtual private networks), the actual physical location of this “server” is unknown, at least to me.
• Once collected, this data is maintained on this “server” (or set of servers). The portal or ability for the public and lawyers to access this data is via the SLED website www.sled.sc.gov. Once there, the internal link to the “Implied Consent” division of SLED is displayed on the column on the left.

Click here to see a screen shot of the SLED website I am discussing.

How is This Information Accessed? Who Can Do So?

The test data can be accessed by anyone who has internet access-that is, if the system hasn’t been struck by lightning.

The video files can only be accessed by someone who has the USER NAME and PASSWORD for that individual video segment. That username and password is printed on the bottom of a arrested person’s breath test ticket or report. This enable that person and his lawyer, to access the video footage.

Review a sample form and the inclusion of this user name and password information at the bottom of the form.

Prior to the lightning strike, persons accused of DUI and their lawyers would access this breath test site video taking these steps.

1. Go to the SLED website;
2. Click on the link to the Implied Consent page;
3. Click on the videotape link;
4. Input user name and password, (from the breath test sheet)
5. Input the email address of the person requesting to be sent an email LINK to the website where the video sought could be viewed and/or downloaded.
6. [When doing this, a WARNING pops up that all IP addresses are tracked in case an issue arises over the permission to access this data/video]
7. After a few minutes, the person requesting the video link receives an email link that is clickable within the body of the email. See below for an example of such a link.

*** This email was sent pursuant to the user’s request. ***

Request to view SLED EVIDENCE MEDIA: 01e4-**************

The Media is no longer available for viewing.

This link will expire on 9/24/2012 5:09:43 PM.

*** WARNING: All IP addresses and viewing stats are monitored. Any unauthorized access will be prosecuted. ***

South-Carolina Law Enforcement Division

Now, after the “lightning strike” none of this is available.

[divider]

Is Only Video Data Involved in this Lightning Strike? Not Exactly.

All of this data is important. This data is evidence that is or can be used in a criminal case. It is very important.

Equally important to the video evidence is the “test data” that is stored for each breath test that is periodically uploaded to what seems to be the same “server” struck by lightning. What is this “other” data?

Breath Test Data

The machine used in South Carolina for breath alcohol testing since the early 1990’s, the NPAS “Datamaster”, now in the version of the “DMT” was touted for the ability of the machine to store “data” about each test.

This “data” is detailed and critical to determining IF THE MACHINE WORKED PROPERLY when used.

In the current version of the machine, the DMT, this data is stored within the machine as a “zip” file. When uploaded to the “server,” this zip file can be “unzipped” to reveal a host of information that is both descriptive (date and time of test, arresting officer, ticket number, person’s date of birth, and other information) but more importantly, data directly associated with the process of the receipt of a person’s breath sample, the analysis thereof and a host of other analytical factors which include reflections of “error codes” or rather “status codes” which is the descriptive term errors grew to be deemed by SLED over the years. Calibration factors are also included. Data is collected and stored for all tests conducted, maintenance and repair activities, simulator solution changes and data point values collected during the breath sampling process as to two critical aspects of breath sample acceptance and validation-quarter-second measurements of alcohol value and breath flow rate.

To say that this information is not critical would be a misstatement. Reliability of the test result is not wholly dependent upon the achievement of a passing “simulator test” at the beginning of the test procedure. Why? A variety of error or status code or failures can occur even after a passing simulator test. That is why this “zip” file data for each test is so critical. The loss of this data for even an hour, much less a month should be considered a major event by SLED, but seemingly has not.

See a sample of a chronological database report that the lightning strike rendered unavailable until August 9. [You may have to zoom in to read]

To see sample database reports indicating “error” or “status” codes that the lightning strike rendered unavailable to acquire as to any of the 160+ DMT machines in S.C. until August 9, click here and here.

Thoughts, Ideas and Impressions

A Partial Explanation is No Better Than “No Comment.”

When the media contacted SLED about this calamity, the response was basically that this was no big deal, nothing to worry about and everything would be fine by August 9. The explanation was that lightning struck a “server” containing this data, but that (without using the phrase “backups”) all the data was intact (no details were provided) and would be restored. The explanation as to why it would take so long, virtually a month, to get the system back on line was that the data was vast and went all the way back to 1991. Indeed, and if properly backed up, all digital rendering restoration quick, reliable and testable.

When I hear a government official respond to a question from the media with “no comment” it irks me. Short of issues associated with legitimate claims of national security and other reasonable bases to effectively tell us “we decided that you don’t need to know,” “no comment” is unacceptable. Who else are we to ask for information about things that happens in government about which only government officials know?

While SLED’s excuse for this calamity was not “no comment,” it might as well have been. The response was hardly informative.

The citizens of this state recently suffered from the release of tax related information hacked from “secure” state servers. Most citizens are nowadays well aware of the necessity of backing up computer data AND securing that data from theft, hackers and acts of nature such as lightning.

What if we just found out, simply because a head’s-up reporter asked the question, that 22 years of citizen’s tax data was wiped out by a lightning strike-but not to worry, it would all be restored in a MONTH? Would a host of questions follow? What if that reporter, simply by asking, found out that lightning had struck the SLED Forensic laboratory, caused a fire which destroyed all forensic evidence in pending and historical cases in South Carolina but was told that everything would be all okay in a month? Of course I wish no harm of any origin to anyone or anything but I offer this thought to illustrate the point. Why is the total and unexpected loss of criminal evidence in computerized form any less concerning?

What SLED advised us was that the device housing, containing 22 years of data/evidence used in criminal cases disappeared in a flash of lightning, but not to worry about it and that everything would be OK.

Questions that need to be asked, and answered.

What SLED did not tell us was what we need to know, deserve to know and should be told. Our legislators should be asking the same questions:

1. Where is this “server?” Is is physically at SLED, at a third-party contractor’s site, in some “Cloud” or far away?
2. What role does the company at www.irsa.com play if any in all this?
3. What role does any other private company play in this crisis, if any?
4. If the destroyed “server” is at SLED, what other systems, such as homeland security data functions, are vulnerable to total destruction from lightning? Has the US Department of Homeland Security been apprised of this vulnerability, if it exists?
5. Did this vulnerability have anything to do with offsite (from home) access to the database system by employees or contractors?
6. How could this server not be protected from ordinary and frequently occurring acts of nature such as lightning strikes?
7. What exactly did the lightning strike?
8. What records are being kept to document in detail all aspects of the occurrence of this crisis?
9. Has independent review of the crisis been planned or instituted?
10. Has the South Carolina Department of State Information Technology been contacted?
11. What else was damaged by the strike?
12. Why did the surely-used surge protectors and other protective devices fail? Who is responsible for that task? Were redundant systems in place?
13. Backups. How were backups of this data made? How often? Where were they kept? How were they secured? Were redundant systems in place?
14. Backups. In what form were backups made that would require a month to reinstall in new equipment?
15. Backups/Restoration. What assurances exist that the recovery of the data will result in no loss of data integrity or accuracy? What testing will be done to assure that? Who will do the testing? Who will pay for the testing? What records will be kept during testing and verification?
16. Backups/Restoration. Why is restoration of the data taking any more time than a day? Or less?
17. Contingencies. What contingency plans were in effect for such a calamity? What are the restoration timelines in the contingency plans?
18. During the outage. During the outage, what steps will be taken for alternative means and methods of collecting test and video data from DMT devices (over 160) from the field, or otherwise securing the data? What data storage limitations do the individual DMT machines have? If those limitations are exceeded, will existing data be overwritten?
19. Since the data is stored on the storage media in the DMT machines, what has been the role of the manufacturer of the devices, National Patent Analytical Company, and the recent purchaser of that company, Intoximeter, Inc. in addressing this crisis?
20. What communications have been made to all police departments and agencies who have DMT machines about this crisis? When will these communication be produced?
21. What changes are contemplated to avoid this happening again?

The press needs to ask questions. Citizens deserve answers.

In open government, where accidents happen at the hand of mother nature, there should be no reticence in explaining details. Yet as we know, the less explaining up front always results in more explaining to do later.

Stay tuned. And always visit Kulp & Elliott for DUI case answers.

Kulp & Elliott accepts cases in Charleston, North Charleston, Mt. Pleasant, Summerville, Goose Creek, Hanahan, Moncks Corner, Ladson, James Island, West Ashley, Folly Beach, Sullivans Island, Isle of Palms, Awendaw, McClellanville South Carolina.