A murder case in which a voice-activated device may hold the vital clue prompts one of my periodic reminders that potentially-discoverable data lurks in an increasing number of devices and databases, often without our realising it. And just how long did Postman Pat take on his delivery round?
David Horrigan of kCura gives us an interesting article (Murder, Data Privacy and the Internet of Things) about a lads’ evening which ended with one of them floating face down in the hot tub. As David put it, the survivor went from “hot water literally to hot water figuratively” as the police proceeded with their procedures and made their enquiries.
The only potential witness was a tall slim figure called Alexa (well, strictly called Amazon Echo, but generally addressed as Alexa). Did Alexa hear anything which might help the police? David Horrigan points out that the Amazon Echo does not itself store data – that sits in Amazon’s cloud. As Craig Ball says in his comprehensive and interesting article The Internet of Things meets the four stages of attorney e-grief), you go for the database not the device in these circumstances. Amazon is refusing to comply with a request for the records.
I do not need to summarise either David Horrigan’s article or Craig Ball’s – they are both well worth reading anyway. I use the story as a mounting-block for my regular hobbyhorse: are you remembering all the potential sources of electronic data when you consider what evidence exists and what to collect? You won’t collect the evidence if you don’t think to look for it.
Do you even know what is being collected about you? Yes, you – not the putative criminal or witness in your next case, but you? Because if you are not aware about your own tacit submissions to the providers of your growing collection of Internet of Things things, how will you be on the ball when something like them may be the source of evidence which may be useful to your client, whether in criminal or civil proceedings?
I have written several times about this, and about the related subject of social media and other information which is being collected about you as we speak – literally “as we speak” these days. We have moved on from the hidden metadata in Word documents or email, gone past data in everyday iPhone photographs (I wrote about that here in the context of celebrity selfies gone astray, and in this report of a shipping case, and in a follow-up article about EXIF data), taken on board the constant storage of our geolocation data (my article here covers that), realised that social media is handing out a picture of your life which may be awkward in court (as in this case about a chap whose claim against an insurance company was sunk by the Youtube videos of his active life), and absorbed the fact that Google knows far more about you than you know yourself (or, at least, has the near-perfect memory which you lack).
All these things may used against you (or, perhaps, for you) when you are accused of anything from strangling your mate in a hot tub to taking a little too long on your mail round (it has recently been pointed out that Postman Pat is the only red-haired male in Greendale yet many of the children in the school are red-headed; he may find it helpful to be able to show that his Google Maps records reveal no undue delay between pulling into a drive and, um, pulling out again).
On this last point, I carry a phone permanently logged into Google. I was at my mother-in-law’s house on Monday. Google was slightly adrift on the actual address, but accurately shows when I left home, my arrival and departure time, and the detour via the shop on the way back. Furthermore, you don’t necessarily need to apply to Google to get that information – it is discoverable from me as a “document”. This sort of stuff could have saved Postman Pat some embarrassment – or perhaps not.
In the article referred to above Craig Ball says this:
…discovery from the Internet of Things remains more theoretical than real in civil litigation; and instances of IoT evidence in criminal prosecutions are still rare. That will change dramatically as lawyers come to appreciate that the disparate, detailed data streams generated by a host of mundane and intimate sensors tell a compelling human story.
We are told that pretty well everything will be connected shortly. That will give us some inconvenience as the technology develops. My wifi lighting app keeps telling me that I must download an update (“must” meaning that I have no option), that “the system may become unresponsive”, and that by pressing this compulsory Update button I am agreeing to some Ts&Cs. All that is more than a little tiresome when I just want to turn the bloody lights off and go to bed.
Perhaps you just wanted some water from your connected fridge (not something I have hurried to get):
What will this fridge say about you behind your back? When Plod starts investigating the body face-down in your hot tub, will he want to know what was in your fridge before the evening began and what was left? Perhaps, on the other hand, what you ate may be relevant to your defence. What about Postman Pat: “I put it to you Mr Clifton that the reason why you needed so much red meat….”
I had written half this article when I came across a cartoon in Private Eye by Husband which adds another dimension:
Our homes, offices and factories, to say nothing of our pockets, are filling up with devices which track our every move and, increasingly, our every sentence. Many people focus on the privacy aspects, reading every line in the Ts&Cs and taking all sorts of steps to ensure, or so they think, that their privacy is protected; some of them (well, one or two), pause to wonder how many different suppliers, in what jurisdictions, are involved in a product which includes hardware, fitting, open-source software, bespoke software, firmware and the rest, and how how reliable each of them is at looking after the “private” data which we sign away to them. (I am indebted to Professor Ian Walden for an interesting talk on this disturbing subject at an event I was at in Singapore last year).
Most don’t know or care about the implications of all this. We each make our own trade-off between convenience and security. I don’t much mind who knows what my heating settings are or what I have in my fridge; Siri or Alexa would get very bored with my humdrum domesticity and with my work (most of which ends up in a blog post, a video or a public session of some kind anyway). The risk doesn’t lie in baddies turning my lights on or eyeing up what I eat, but in back-door entry to my bank account or in aggregation of data from multiple sources to allow the use of my identity.
I might pop out to the car, though, and delete the Sat Nav entry for Home.
As Craig Ball points out in his IoT article
Depending upon your point-of-view, it’s wonderful or terrifying; but, the one thing it will certainly be is probative, discoverable evidence. There has never been a better time to be a trial lawyer in terms of the richness, variety and accuracy of evidence to help us establish the facts.
To use this information, whether at trial or in discovery or in any other other legal context, you do first need to know that it exists, and second whether any such sources may have been involved in relation to the facts of your case. Only then can you move to the next question – how much of this information is it proportionate to use?