Although it’s widely accepted that police use information from security devices or cellphone data to aid in tracking criminals, a new case has opened the possibility that police could use data that hits even closer to home—or maybe closer to heart. Last week, an Ohio judge ruled that a man’s pacemaker data could be used against him in a criminal case, opening the door for a new type of electronic surveillance.
Police were investigating a September fire at 59-year-old Ross Compton’s home in Middletown, Ohio, as a potential arson. Compton claimed he was woken by the fire in the middle of the night, packed a few items in a suitcase, and broke a window to escape from the house. The Associated Press reports the police obtained a search warrant for his pacemaker data, which includes information about his heart rate and cardiac rhythms before, during, and after the fire. Compton was charged earlier this year with arson.
A cardiologist reviewed Compton’s pacemaker data and said, “It is highly improbable Mr. Compton would have been able to collect, pack, and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions,” the Hamilton Journal-News reported. At a pretrial hearing, Compton’s lawyer moved to have the evidence tossed out, saying that using the pacemaker information violated Compton’s privacy. The judge disagreed and permitted the pacemaker data to be used at Compton’s trial.
The case—and how it exemplifies the ways that the data we shed can incriminate us—struck a bit of a personal chord with me because I wear hearing aids. I was once startled when my audiologist told me, “I can call your parents and tell them that you study a lot, because your hearing aids tell me that you spend 60 percent of your time in quiet settings.” It’s all well and good (I’ve known her since I was 6), but I hadn’t realized that audiologists could access that type of information. When this case came up, it made me wonder what other medical devices could be collecting information on their users.
It turns out that other implantable devices, such as glucose sensors and cochlear implants, also store data about their users. But unlike pacemakers, hearing aids and cochlear implants aren’t necessarily capable of isolating the exact moment and environment when an alleged crime occurred. So it looks like I don’t have to worry about my particular devices being used against me in court.
Nonimplanted devices may also provide relevant physical information about their users, too. In one case a murder victim’s Fitbit was used to determine whether her murderer’s alibi held up based on the distance she had traveled before her death. In another case, a woman’s Fitbit was used to determine her general fitness levels. But unlike Compton’s pacemaker data, the Fitbit data wasn’t used against their wearers in court.
Although this case is believed to be the first to use this kind of data, the debate around medical privacy isn’t new. Medical notices from doctors, hospitals, and pharmacies often warn that they are allowed to turn your medical information over to law enforcement at their request if you are a criminal suspect, and the Patriot Act forbids medical service providers from telling patients that they shared their medical documents with the government.
Brian Jackson, director of Rand’s Homeland Security Operational Analysis Center, says in a blog post that if people know their implant data can be used against them, they may be less likely to get the life-saving devices. Jackson also emphasizes that this isn’t just a responsibility that should fall on the patients. Making such decisions, he says, “requires involvement of society as a whole, including legislators, technology companies that have a financial interest in getting it right, and the citizens whose rights are at stake.”
Although this case’s precedent is small in scope, the implications are troubling. The results may create tough ethical cases where people in need of medical devices might hesitate to use them due to privacy concerns. Barring a satisfying solution to these privacy issues, the best thing might be for users of pacemakers and other medical implants to know exactly what information can be collected on them and how it can be used. Take it to heart before doing anything where the data from your heart may be used against you.