Wednesday, January 17, 2018

Data, Data, Who owns the data? Part #3,624

So here's an interesting (if tragic) scenario:

"An Afghan refugee named Hussein Khavari is being accused of raping and murdering 19-year-old medical student Maria Ladenburger, disposing of her body in a river."

He has since confessed to the crime, but is disputing some of the details that were obtained once the police were able to access his iPhone's health/activity data for the date of the crime. It seemed to confirm his guilt, but has raised some interesting questions (some of which we've seen echoed here: the Sam Bernadino tragedy comes to mind):

"Sean O’Brien, a researcher at Yale Privacy Lab [believes that it] would be much better... not to collect such surveillance data at all. Such data is best kept locally on devices whenever possible. If it is collected, those who handle it have a deep responsibility to defend the privacy of their users.”

It seems to me that there are (at least) two issues in play here:

First, as we've asked more than a few times before, who actually owns your data? It's not as clear-cut as one might think:

"Hugo Campos has [an ICD] buried in his chest to help keep him alive. But he has no idea what it says about his faulty heart."

The information the device accumulates is stored in a proprietary format, inaccessible to Hugo (or anyone else, for that matter). The iPhone data is also, after a fashion: the owner must either give up the password or the authorities must (try to) use brute force to unlock it themselves. And of course here there are significant 4th Amendment issues at play here (not so much in Germany).

On the other hand, the data can be prove useful in other ways, (alleged) crime-wise:

"Further investigating – including a review of a Fitbit activity tracker – showed the scene was staged and 43-year-old Jeannine Risley knowingly filed a false report."

Two steps forward....
blog comments powered by Disqus