The Internet of Things is a marvel. Cars, medical devices, homes, refrigerators—all of them now come with silicon chips and data collection, analysis and sharing capabilities. For the most part the enhancements in efficiency, connectivity and cost-reduction make the use of IoT a no-brainer. But lurking in the background are a host of unaddressed issues of cybersecurity, civil liberties, transparency, accountability, and privacy. Today’s story of the Tell-Tale Heart lies at the intersection of technology, privacy and criminal law.
According to CNet, Ross Compton’s house caught on fire. Notwithstanding his protestations, the authorities came to believe that the fire might have been caused by arson and that Compton had set the fire to collect on the insurancce. So far, a fairly standard case and, presumably (the story does not say) the investigation proceded on normal lines (e.g. looking for accelerants as evidence of arson). Then it took a turn.
You see, Compton has a heart pacemaker—one that records data about heart rythms and the like. Compton had told the police that he was awakened from sleep by the start of the fire—and an enterprising prosecutor in Butler County Ohio got to thinking that the data from Compton’s pacemaker might rebut that claim. They obtained a warrant for the data from Compton’s pacemaker. (It is not clear from the various stories—see, here, here, and here—exactly how the evidence was collected, that is whether it was from Compton himself or from his doctor and whether the process served was actually a warrant based on probable cause or a grand jury subpoena.) Using that data, the prosecutor then proffered the testimony from a cardiologist that the information he had reviewed was not consistent with Compton’s story. The news of the day is that Compton’s motion to supress has been denied and that his trial is scheduled for later this year.
To begin with, it seems to me that the judge’s ruling is likely canoncially correct under existing law. Assuming that a warrant was issued based on probable cause, the Fourth Amendment objections seem to lose force. And it has long been the law that a defendant does not have a Fifth Amendment privilege against providing physical evidence that might implicate him in a crime. The Amendment is limited, under Supreme Court doctrine, to compelled testimony. The seminal case on these points, involving blood alcohol, is Schmerber v. California.
This seems, however, to be another instance in which technological development is outstripping the law. Consider the implications of a rule in which the IoT is generally a source of evidence for criminal investigations (or civil suits):
This is a big deal…
If data in medical tech can…
…IoT may stand for:
Internet of TremendousEvidenceGoldmine https://t.co/7M8pKnhoNs
— ♘ Josh Corman (@joshcorman) July 13, 2017
I am not sure what the right answer is here. After all, one can readily imagine any number of circumstances in which evidecne relevant to a crime (or a terrorist incident) might reside in an IoT device. And, at least in the traditional view, if a warrant was actually issued (again, I am not clear from the stories) then Compton’s rights got the gold-standard in protection against government abuse. Yet at the same time, this transition feels like a privacy invasion of a different sort than being required to give up fingerprints or even blood. What I do know for sure is that the transition is happening in an unexamined way … and it strikes me as clear that more thoughtful consideration would benefit everyone.