THE EXPERT Newsletter - September 2023

In this Issue:

Oppenheimer, Truck Drivers’ Hours-of-Service, and Formal Verification

Lithium Batteries - Unique Fire Characteristics - Part 2

ATA Participates in the DPS Texas Challenge

Oppenheimer, Truck Drivers’ Hours-of-Service, and Formal Verification

By Guillermo Errezil, Head of Technical Specifications

Computer software and programming languages are related to the branch of mathematics known as computable mathematics. Within that field, formal verification is a lesser known topic. Formal verification methods are a group of mathematical theories which concern software security, their purpose being to prove that a given software is based on a mathematically perfect specification and that the software follows that perfect specification exactly. Formal verification is used in a variety of critical industries from NASA to crypto currencies, where there are no second chances, where a rocket may explode, or crypto investments may simply disappear if bugs or errors happen.

Formal verification is still in developmental stages in many industries. No one has yet achieved formally verified software in an industry which affects the day-to-day life of people. The methods involved are simply too complex. Formal verification methods are today like quantum physics was in the early 1940s, mostly confined to academia, awaiting an Oppenheimer to appear to make the first industrial application. So, how might any of this be relevant to commercial truck drivers and their hours-of-service records? Let’s see.

A commercial truck driver’s hours-of-service are defined in Part 395 of the Code of Federal Regulations (CFR). Part 395 describes what Stanford University calls “computational laws”, laws intended as technical specifications to describe software for legal purposes. A relevant example is the specification for the algorithm within an electronic logging device (ELD) to track a driver’s hours-of-service based on the CFR’s on-duty, off-duty, sleeper berth, and driving time rules. Should formal verification play a role in such computational laws? Absolutely!

Formal verification may be even more important in future computational law than it is in the critical industries where it is currently used. While a bug in a critical industry might cause a rocket to explode, in law a bug could potentially send someone to jail or, at the very least, result in a faulty, unjust citation.

And so, the stage is set for a new Oppenheimer.

Kodea-LTS, collaborating with Formal Vindications, wants to present the first formally verified software and technology to help drivers correctly interpret and log hours-of-service. Highlights of our efforts to that end include the following:

1.) Technology used and developed: public certification of a specification and its software.
2.) Certified software with this technology.

  • Formal Time Manager - a calendar in coordinated universal time (UTC) as required by CFR (Microsoft, Google, Android and IOS calendar do not work in UTC)
  • Formally verified hours-of-service according to the CFR.
  • Formally verified SHA 256 encryption algorithm according to the specifications of the Department of Commerce to disperse the results obtained through the Internet with the proof that it has not been manipulated.

The system is an independent internal back-end system working in Linux or Windows which can be linked to any front-end system. The results are given in JSON format, including the input data which produced the output results. Everything is embedded with a SHA256 value to verify that the JSON has not been manipulated. This can be used by anyone, including the Federal Motor Carrier Safety Administration (FMCSA). At Kodea-LTS, we plan to implement this technology into our online portal and solutions by this fall. We will read ELD files in the original format according to the CFR (in .CSV format), with the verification of the checksum.

To be accepted or not, that is the question.

Kodea LTS
Formal Vindications


Lithium Batteries - Unique Fire Characteristics Part 2

By Steven D. Emerson, PhD, PE
Emerson Technical Analysis, LLC


Fires involving lithium batteries are unusually intense. There are two general stages. Initially, the fire is incandescently bright, with fast gas evolution, sparks and dense whiteish smoke. The smoke cloud contains lithium hydroxides, hydrogen fluoride (HF), hydrogen cyanide (HCN) and many other reactive chemical species, including hydrogen gas (H2).

Attempting to water quench the fire during this phase is generally futile, as the burn site will quickly dry out and again burst into flame. All ingredients for combustion are still present and intimately mixed.

Once the mixed reactive ingredients are consumed, the fire enters a longer second phase during which combustible materials including residual hydrocarbon electrolytes, polymeric separators, any electronic circuitry, battery cases, etc. are burned in more conventional combustion. In this phase, the fire switches to becoming oxygen-starved, and now emits a dense dark cloud of highly-reducing gases and char. If not extinguished by fire response, this phase can burn for long periods.


For comparison, solid rocket propellants are cast into solid blends of oxidizer, aluminum powder and polymeric binder. All ingredients for fire are contained in a single package. Once ignited, burning does not stop until the propellant is completely consumed and the motor case is empty.

In similar fashion, a single lithium ion battery contains all ingredients for fire. Inside the battery case, lithium/ carbon compounds along with aluminum and cobalt will act as fuels when oxidized up to higher valence states, giving off considerable heat energy. These fuels along with chemical oxidizers are comingled within the battery itself.

Fluorine, a very active halogen, acts as an excellent oxidizing agent inside the battery case, as does in-situ oxygen contained within cyclic electrolyte carbonates. All that is needed to start a battery burn then is a hot spot or spark.

Later on, any remaining electrolytes will be combusted in the conventional manner that petroleum products burn, requiring oxygen from air in the surrounding environment.


Overheating, on either a macro or microscopic scale is the predominate means to begin the avalanche of reactions leading to thermal runaway. A handful of causes have been identified after event investigations:

· External short circuiting from anode directly to cathode

· Overcharging, from failure of control circuitry

· Mechanical damage from mishandling or external overtemperature

· Aging and repeated charge/discharge cycles which can precipitate lithium/ copper dendrites bridging internally from one electrode to its opposite. A tiny short circuit point can quickly lead to ignition.


Successfully fighting lithium battery fires does not follow convention. There is no easy answer. Obviously, the first order of business is moving any people away from the area, followed by defensive cooling of nearby structures or vehicles. Generally, dowsing with copious volumes of water or flooding with dry chemicals will not be successful, particularly during the initial, intense phase. Evolved fumes will be extremely toxic so that responders must be in full protective gear. If water quenching is attempted, runoff should be carefully controlled due to hazardous acidic contamination.

If a lithium battery fire is detected inside a closed and sealed structure, extreme caution must be observed. Flashover explosion from ignition of evolved, hot, reactive combustible gases is a serious threat to responders. Opening such a container allows air to enter and the cloud to explode.

Full report


ATA Participates in the DPS Texas Challenge

ATA staff members have been active participants in this state-wide DPS competition for over a decade. For this year’s event, we were “In Kind” sponsors, performing video and photographic services and assisting with competition judging.

To see a video montage of the competition and associated festivities to: DPS Texas Challenge