Data from man's pacemaker led to arson charges (journal-news.com)
78 points by pavel_lishin 3 hours ago | hide | past | web | 74 comments | favorite





Imagine that you are in a car accident (the other person hit you). The insurance company uses your sleep tracker to claim that you were negligent due to not getting enough sleep the night before, and are therefore at fault, so they won't pay.

Data is as dangerous as it is helpful. The scary thing is that you cannot control how someone else will interpret your data.

In your example I think it's right that the driver is found at fault. The effects of sleep deprivation on driving are very well documented and are comparable to drinking. If a driver is not fit to be driving a car, then they are a danger to the other road users and must take responsibility for their negligence.

The same evidence could of course be helpful to the driver. If their sleep tracking app shows they are well rested and their phone's use shows no distractions while driving, then they could use that as evidence to fight a charge of driving without due care and attention.

Even if they are responsible, not receiving insurance coverage for a very expensive mistake like this could run someone's life into the ground. Sometimes, imperfect information helps us lift each other up. I'm all for accountability, but we don't want to leave people hanging out to dry with no second chances either.

It's not as though we can derive some hard cutoff on how little sleep is clearly negligent. We're talking about wide ranges and tolerances for different people in different circumstances.

We're in the same situation with alcohol -- how much before you're actually impaired? -- but most states have responded to that reality with laws that prohibit driving after drinking almost any alcohol at all.

Are you sure you want a similar situation with respect to your sleep?

Given that I don't know of a single driver actually obeying the rules about mandatory breaks for long-distance travel, yes, I'd definitely want a similar situation with respect to sleep.

There is something weird about driving that makes most people feel they're smarter and better than everyone else, so they can ignore traffic laws at their discretion. That attitude costs quite a lot of lives every year.

If you have a neural mesh, the state will likely have intent to claim they have access and rights to the date in the mesh, regardless of whether it is in your body or not.

There's no way in hell I'm ever hooking a computer up to my brain in this reality.

I'm curious why you called it a neural mesh. I've never heard that term before and some searching doesn't result in anything. Is that something you made up?

Even in alternate realities, really. There's a Black Mirror episode (a really good one, so no spoilers here) about exactly that scenario.

I think multiple episodes including the season 2 christmas episode comment on brain computer interfaces in one form or another and they all seem realistic and scary to me. Best not use direct brain computer interfaces.

Is that s3e01?

Why not build a well regulated state that only uses such powers in narrow circumstances?

I mean, you are sort of implying that installing a neural mesh would give you greater exposure to injustice than not doing so, so why not just fight the injustice to begin with?

Not believing that such a state is achievable is one thing, but you did say "in this reality".

First reason that springs to mind is that the deviation from "well regulated state" to "fascist dictatorship" is always one election away.

> Why not build a well regulated state that only uses such powers in narrow circumstances?

Because the definition of "well regulated" is highly subjective and any state that's in power would consider its own uses to be with the confines of any circumstance no matter how narrow.

The only way to win is to not play the game.

No, the only way to win is to continually work to build a more just society.

It may be pragmatic to keep computers out of your brain in the meantime.

I would recommend the book Animal Farm.

The revolution was good in every way. It was peaceful and the animals got back control of their lives. But even from that, the pigs convinced everyone they needed leaders.

Unfortunately, the pragmatic reality is that no matter how much you try to shape a system of control to be balanced, the people who eventually get into power are the ones that crave it and often don't have much respect for the individual.

The intractable problem is that what constitutes "more just" is highly subjective, highly debatable, and always will be.

All historic societies believed they were being "more just" in some sense.

Even the narrowest of circumstances tend to broaden when it can benefit the state.

"It is not that power corrupts but that it is magnetic to the corruptible." - David Brin

Because 1930's German census and current US politics is why,.

Unfortunately you have to assume the worst will happen, and plan accordingly.

I would argue I am also talking about planning for the worst. Surviving while millions of people are exterminated around you is not an amazing, tremendous success.

It seems people think I was arguing that they should be eager to plug computers into their brains. I was not. I was arguing that hiding while injustices are carried out upon those around you is not success.

There is no such thing. Absolute power corrupts absolutely and all stateful societies will trend toward dystopia.

And all stateless societies will tend towards a state.

By way of ideals, I'm an anarchist. But I recognize it isn't practically achievable.

Wouldn't something like that be encrypted and have a neural password?

What makes you think the government couldn't demand the maker of the neural connectors exfiltrate the neural password?

The fact that this is already a solved problem for iPhones via the Secure Enclave?

There is a even easier way to get somebody finished off.. drop a noisy true crypt container on there cellphone or notebook - if they get searched- they will be held in contempt indefinably for a white noise treasure trove they can not open.

I'm not convinced it is entirely solved though. Didn't the FBI drop their request to Apple because they found a loophole or security vulnerability that allowed them to accomplish what they wanted?

I think at the end of the day, software has bugs. And if you have an extremely well funded and intelligent group (e.g. Equation Group) looking for these holes and keeping them secret for personal use and exploitation rather than fixing them, there are going to be ways for your data to be compromised.

I agree with you, although you were wrong about that specific Apple case. I don't trust "secure enclave" because it would be too easy for a TLA to infiltrate the chip foundry and backdoor the silicon. they can literally print money, circumvent the constitution using secret courts/NSL's, their resources are infinite. what would stop them from doing this ?

Even if you couldn't infiltrate the chip foundry, you could order a bunch of the chips, reverse engineer them, and in a few months, ship a duplicate with a neutered "enclave". Then interdict the shipment to the phone manufacturer (this isn't tinfoil, it's been done) and "supply" them with your version of the "secure enclave". There's no limit to this cat and mouse game.

That's not really an argument against a neural lace, though. You're just as fucked if you don't get one - they drop child porn on your laptop, or just disappear you.

No, the model of the iPhone the FBI wanted to access didn't have the Secure Enclave.

> Didn't the FBI drop their request to Apple because they found a loophole or security vulnerability that allowed them to accomplish what they wanted?

The phone in the San Bernardino case was an iPhone 5C, with the A6 processor. Secure Enclave was introduced in the A7.

https://9to5mac.com/2016/04/07/fbi-iphone-hack-method-secure...

It's a solved problem the way the laws are currently written. It's not a solved problem if the laws are rewritten to require manufacturers to support a backdoor.

There have been several court cases where the government has compelled people to give up encryption keys in court, I assume this will be no different.

If you have something, a court can order you to give it up. If you know something which might incriminate you (e.g. a password), your testimony is protected by the 5th.

For international laws, see: https://en.wikipedia.org/wiki/Key_disclosure_law

Specifically for the US, see: https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_ord... and https://en.wikipedia.org/wiki/United_States_v._Fricosu

Important to note that this is a legal theory, that is not yet backed up by precedent or statute! The police have successfully compelled password disclosure many times.

unless you're that police officer from pennsylvania who they just locked up without due process until he coughs up the password.

Source? I'm from PA and haven't heard about this.

https://www.washingtonpost.com/news/morning-mix/wp/2016/04/2...

apparently the "All Writs Act" of 1789 is the "constitution doesn't apply to you" trump card.

Passwords have only been protected by the 5th amendment when ownership of the electronic account/device is unproven.

The Florida Second District Court of Appeals disagrees with you.

My iPhone is set to passcode unlock instead of fingerprint because of the reasoning you say, but if other courts start agreeing with this one, I'm inclined to change to Touch ID for simplicity :(

There is still the argument that you can be physically coerced to unlock your phone against your will by someone pressing it against your finger, but you can't type in a passcode against your will.

I get it but this is some scary stuff that pushes the bounds of ethics. I mean, on one hand we want to prevent insurance fraud because it impacts everyone. On the other, where do we draw the line? Should we even have to consider that a pacemaker could be used to gather data about us before we consent to a pacemaker? It shouldn't. Now it is.

reply


reply


And medical history can't really be used to indict someone. Where this clearly was.

EDIT: can't be used to indict, only as addition evidence for a trial. It's an important distinction, but I'm not sure I think it's okay either.

You can't stay alive without blood, but we can use it to convict a person.

The 4th amendment isn't there to make it hard to get a conviction. It is there to make sure you aren't harassed by searches.

Why isn't it ok? The whole purpose of a warrant is to reveal private information when necessary. I get that medical history is especially sensitive, but I don't see why it should be completely off limits. What if, say, someone claimed to be out of the country for an extended period of time, but their medical history showed they actually required frequent treatment at a local hospital? Should that be inadmissible?

reply


Suppose there was a criminal who claimed that, with a broken leg, they couldn't possibly have committed some act. Isn't it reasonable to get a warrant for the person's XRays in order to get hard evidence that the person was or was not incapacitated?

The scary part to me is the medical examiner. They are making a very advanced claim (that they can determine something definitive about what the person was or was not doing) based on the heart data. Given previous overreaches from forensic examiners, I'd want to see some actual research before chucking the person into jail.

This is just one more inflammatory example of why free software is necessary, especially in medical devices. It should not be possible for your computing devices to be used against you without your consent. For more on this area specifically, please watch this excellent talk by Karen Sandler: https://www.youtube.com/watch?v=GcWlD2Y6HNM

reply


reply


Your pacemaker gathers that data (exertion history over time) so that your doctor can view it after the fact and ask you "what were you doing last Thursday afternoon? The pacemaker says it was running extra high between 3:30 and 4:30."

I think most people would opt into such a device for their own health - in fact, many might wear it on their wrist and pair it with their phone.

At least police obtained the data through the proper channels, securing a search warrant. I can't think of an argument against this being valid and reasonable.

Same reason they can't make a spouse testify against you. The chilling effect would be problematic. (Or, if you want something more medical, why Physicians or Psychiatrists can't be force to testify against you.)

As a former medical person, and a current tech person; I'm sitting here wondering how I could write software that would allow me to get the data to help and protect my patient's health, while still protecting/limiting the data from things/actions like this one.

When helping my patients to make the decision of whether or not to have a pacemaker installed, I don't want them worrying if it's ever going to become evidence against them at some later date.

This was the reassuring part to me. Hey they can get a warrant to download your vehicle's "black box" history too. It would have alarmed me if they simply told the pacemaker service provider "this is a person of interest, give us all your data on them, oh and you can't tell anyone about this or we'll bring you up on treason charges." That is the kind of stuff that really bothers me.

I can, maybe. Is that pacemaker legally part of that man's body? If so, wouldn't this be requiring a man to testify against himself, and would a search warrant be appropriate? I don't think you can use one to force a DNA or HIV test, for example.

I'm curious how a) they determined he had a pace maker b) where they got the idea to check it for data. Pretty wild.

Exactly - parallel construction is a thing.

I feel obligated to mention it every time in these circumstances because even if it doesn't apply in this particular case, people should be aware of how surveillance can affect them even if what the police do is on the up and up on the surface.

From the article:

> Compton, who has extensive medical problems, including an artificial heart implant that uses an eternal pump

reply


Good pickup. Haha I'd an "eternal" pump would be handy.

i read another article about this, and apparently he told the 911 operator something along those lines...

reply


People dislike government but love their technology. So it makes sense for them to not like when government uses technology.

Apart from anything else, there's a delightful irony in that the device that (probably) kept him alive to be able to commit a crime was also responsible for catching him.

It sounds as though the doctors' evidence was fairly powerful regardless of the data from the pacemaker.

The Tell-Tale Heart

You should take a bow for that one, way to stick the landing.

I wonder if he had any idea his pacemaker collected such data or that it could be used against him? Should patients be made aware of this risk when they're receiving the devices?

> Should patients be made aware of this risk when they're receiving the devices?

Yes, if they find out via the internet, instead of the physician; now your patient doesn't trust you as much, and you can't do your job.

> Should patients be made aware of this risk when they're receiving the devices?

What risk? The risk that the truth comes out? Give me a break.

Devil's Advocate:

Software has bugs, what if the data implicated him but was incorrect? Of course bugs in a pacemaker means bigger problems... but you get my point.

One person's metadata is another's data

reply


reply


They can't proof that you were wearing the device at the time of the incident. It's also possible to fake the data, either by letting someone else wear it or by spoofing the bluetooth device itself.

How is this not a HIPPA violation?

reply


https://www.hhs.gov/hipaa/for-professionals/faq/505/what-doe...

HIPPA allows disclosure in response to a court order or warrant (among other things). See here: https://www.law.cornell.edu/cfr/text/45/164.512#f

IANAL nor American but this feels like another thing stepping on top of their constitution, specially the spirit of the fifth:

> nor shall be compelled in any criminal case to be a witness against himself

I can be tried for my data? That's kind of messed up, what if the data was faked, etc.

reply


Of course you can be tried for you data. Letters, records, etc. have always been used.

