In the privacy world, we often talk about trade-offs: the trade-off between privacy and convenience, or privacy and security. But what about privacy and life, itself? What if the technology that helps keep you alive also spies on you? Would you still use it? Is that even fair? Or legal?
For some people, this life-and-death trade-off is already a reality. Take the case of Ross Compton, for example. The Middletown, Ohio, resident has been indicted on felony charges for aggravated arson for allegedly burning down his house. In its case against him, law enforcement obtained a warrant for all of the electronic data produced by his pacemaker — the data included his heart rate, pacer demand, and cardiac rhythms before, during, and after the time of the fire.
Why would this data help investigators?
Well, for one, Compton had packed a few bags and told the police he quickly did so during the fire and threw them out the window. According to a cardiologist who reviewed the data, however, this could not have been the case, based on Compton's medical condition. The court document stated, "it is highly improbable Mr. Compton would have been able to collect, pack, and remove the number of items from the house, exit his bedroom window, and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions."
It didn't help that Compton allegedly had gasoline on him when authorities arrived at the scene last September.
Whether he's guilty or not, the case brings to light a difficult tension that will only grow as technology plays a more prominent role in our physical lives. It's one thing for me to decide to purchase a smartphone, download a Facebook app, purchase products from Amazon, knowing full well, that this data is potentially up for grabs by the government, a third-party ad network, or an adversary. If I don't want third parties to access my transactional data, I can choose to not use my smartphone, or employ alternative privacy-enhancing features like Signal or Tor.
The same alternative isn't true, however, for a pacemaker, or other life-saving medical technology. Don't get me wrong, I hope medical technology improves and saves and extends more lives. But we're also going to see a rise in technology that will have physical effects on our lives. Connected cars, virtual- and augmented-reality entertainment suites, interactive smart home devices, and personalized artificial intelligence assistants will all potentially have digital and physical consequences for users.
Of course, we've known for years now that hackers can access insulin pumps and connected vehicles. But there hasn't been much talk about government access to data generated from these devices. Is using your heart rate data against you a Fifth Amendment violation? Is this Compton case one more example of why we need a rethink of the third party doctrine? Will people be less likely to use life-saving devices over fears of being spied upon?
As internet-of-things technology improves and embeds itself further into the very skin of our lives, we will have to consider this life or death trade-off as users and privacy professionals. This means privacy pros will have a huge role to play here, whether it's ensuring data is encrypted, that users have control of their data and are properly informed, or other solutions that have not yet been thought up.
Someone's life may depend on it.
photo credit: FotoDB.de Herzschlag via photopin (license)