Hacker News new | comments | show | ask | jobs | submit login
Apple health data used in murder trial (bbc.com)
128 points by erentz 7 months ago | hide | past | web | favorite | 87 comments

A more troubling use of the data, not mentioned in the discussion so far, would be query driven usage, for example: Prosecutor: OK, lets query all phones with activity showing X among men in this geography and find ourselves a suspect.

This type of use would be very troubling to everyone because, given enough N value, you can always find some people to fit a criteria. Then, it becomes a matter of making a case that fits very narrow criteria. Hard to defend against, possibly very expensive to defend against.

Now, in the US, for these types of cases you need to prove beyond a reasonable doubt. But in reality, many people with limited funds for expensive lawyers, when faced with 30year sentences, will just plea bargain for 2 years -- which is not something that needs proof beyond a reasonable doubt.

In summary, using phone data to independently support an already strong case might be a good way to set innocent people free. Using phone data to find culprits might be a great way to innocent people to get a false accusation just based on statistics and the laws of querying on large datasets.

> Let's query all phones with activity showing X among men in this geography and find ourselves a suspect.

Afaik this technically impossible with Apple Health at this point.

> Many people with limited funds for expensive lawyers will plea bargain for 2 years

Plea bargains rarely (if ever) happen in the Netherlands, and I suspect they don't in Germany either. The reasoning behind this is probably that when the state sues they should go for justice, not victory. Plea bargains may incentivize strong arming, bluffing tactics and money politics that don't belong in a court room.

Plea bargains (Verständigung in Strafsachen, § 257c StPO) happen in Germany, but not in murder cases, though a sentence might be reduced for a cooperative accused. They are more common in complicated financial crimes or small scale crimes like theft. There’s also a limited frame in which the judge decides on the punishment, it would be extremely odd that a potential sentence of 30 years is reduced to 2 years. Having less extreme prison sentences and a right to a paid lawyer reduces the pressure on the defendant.

> A more troubling use of the data, not mentioned in the discussion so far, would be query driven usage, for example: Prosecutor: OK, lets query all phones with activity showing X among men in this geography and find ourselves a suspect.

That was long a problem with DNA data.

I don't know how completely they test DNA nowadays in criminal cases, but in the early days and for many many years afterwards the tests did not determine a unique individual. It just narrowed it down. There could be a large number of people in the world that would match the sample.

There were two correct ways to use DNA with that level of matching.

1. After you have narrowed down your list of suspects through ordinary, non-DNA police work to a small number of good suspects, then check their DNA. If exactly one suspect matches it is extremely likely that is the correct suspect.

2. It can be used to nearly conclusively eliminate suspects. (I say "nearly conclusively" because you are almost never sure that the DNA you are testing from the crime scene is actually from the criminal. There are almost always ways someone who was not the criminal could have left DNA at a crime scene).

Then there was the completely wrong way to use it, which, unfortunately WAS often used:

• Keep a database of DNA samples from a small subset of the general population, such as people who have been arrested. When you start investigating a crime and think you have a DNA sample of the criminal, check that against your database, and if you get a single match conclude that person was involved.

This approach of starting by looking up DNA from the crime scene in your database and focusing everything on a single match is only valid if:

A) the database includes everyone who could possibly be the criminal, or

B) your DNA test is comprehensive enough that it does identify people uniquely.

We don't do A yet, and as I said I don't know if the test they use nowadays are good enough to satisfy B.

Isn’t this misuse of DNA data literally called the “prosecutor‘s fallacy”?

The DA says, “there’s a million-to-one chance it wasn’t this dude.”

Without any other evidence linking the purported perp to the crime, the reality is that the DNA only shows he’s one of 350 people who could have done it (assuming a population of 350m).

> A more troubling use of the data, not mentioned in the discussion so far, would be query driven usage

To be clear, this would not be possible on iOS, because the data is stored locally on the device (They had access to it). Health data cannot be remotely queried.

I have understood how this is acceptable in USA and in many parts of the world. This concept of plea bargains and not having to prove anything beyond a certain limit. I mean isn't it clearly the notion that miscarriage of justice is accepted?

I accept that a lot of this idea in my head is from films set in the USA but then again I have read on the subject and plea deals seem to be not only accepted but encouraged.

How a person, who seemed to have murdered someone, ought to be given only M years of sentence just because that person agrees for a plea deal where if properly tried and proven guilty the person might have been sentenced for N years which usually would be more than M? Just because the prosecution have to work less the culprit gets a lesser sentence? And as you say many who are arrested and haven't done anything but just wants to live with a lesser sentence just agree to such deals because they can't afford a lawyer, let alone a good lawyer.

Is it not questioned? Is it something in the constitution? How does it work? The "deal" itself - is it verbal or plea deals are actually signed and verified?

It is not in the Constitution. Some have argued it is in conflict with the Constitution. See https://mic.com/articles/11949/supreme-court-must-strike-dow...

The deal is in writing.

As you allude, though, it's a terrible system. The DA deliberately files charges one or two tiers higher than needed as a scare tactic to encourage defendants to plea out.

The motivation seems mostly to keep the number of actual trials down to match the capacity of the overall system. And it's one of the reasons (there are others) that our incarceration percentage is higher than anyone else's.

Especially considering how difficult it is, even for white collar professionals, to grasp a basic confusion matrix and adjust their probabilities for false positives.

For DNA testing, for example, the testing labs don't publish, and the courts do not allow questions regarding, their base rate false positive rate. They're worried that juries wouldn't be able to reconcile the "0.5% of DNA tests are false positives" with "beyond a reasonable doubt".

If you don't know the false positive rate, and someone comes in with a positive test result, you know almost nothing conclusive.

"The suspect - identified by a hair found at the scene of the crime - refused to provide police with the PIN code to his phone so investigating officers turned to an unnamed cyber-forensics firm in Munich, which broke into the device."

Really interested in knowing how they got in (and what model of iPhone it was.)

>Really interested in knowing how they got in (and what model of iPhone it was.)

Likely (but not necessarily) it was Cellebrite CAIS:


The iPhone model in question was (allegedly) a 6s, a German article:


I thought I read an article linked from HN(which I can no longer find here or google) that vaguely stated they used a previously trusted device(PC) to gain access. That would mean the "yes, I trust this computer" notification has long term ramifications security-wise.

Or couldn't it have actually been just a backup on that computer that they were able to open up?

Especially since Apple claimed this was impossible in 2014.


The forensics team may have been able to brute force the PIN, depending on the settings, if I'm reading this correctly:


(Please use direct links rather than amp links.)

Which again contradicts Apple's statement from 2014.

My link is also a direct link to a faster loading page. I tried to load the appleinsider.com page, and it hung for nearly ten seconds waiting for a response from the server before I gave up. It's not worth my time, and it's not worth the reader of my comment's time.

The main problem with a lot of these stories is that there are combinations of iPhone models, operating systems, and settings which are believed not to be breakable by general law enforcement agencies, and others which are known or strongly suspected to be.

Apple tends to make its claims regarding latest iPhone model combined with latest iOS version combined with particular settings.

Thus, for example, in the San Bernardino case, the fact that the phone in question was a 5C mattered. The 5C is not just an older phone, it has different security-oriented hardware inside, and that does change the security characteristics of the device.

Also, the Apple statement you keep pointing to said that Apple, as of iOS 8, is unable to retrieve or reconstruct the key used to encrypt the phone's storage. Which is true -- Apple cannot do that, and has designed things so that Apple cannot do that. What the FBI wanted in that case was not for Apple to supply a key or a passcode (which they don't have). What the FBI wanted was for Apple to create and sign and load a custom firmware which would disable anti-brute-force protection for the passcode, allowing the FBI to determine the passcode via brute force. Apple could do that, but refused to do so.

And for completeness' sake, that avenue is no longer available on more recent phones with more recent versions of iOS; performing an iOS update now requires the passcode, regardless of whether the update is initiated from the phone or from a connected device (even one previously designated as trusted).


There's a difference between a backdoor and a vulnerability - as exploited by a third party, say, Cellebrite. Nobody claims that any OS is free of vulnerabilities.

Apple appears to have claimed just that. Moreover, that vulnerability should have been obvious to Apple. It was certainly obvious to the FBI.

It makes sense that any security claim about something "impossible" from 4 years ago might now be possible. They may have been right in 2014.

Has there been a case of someone breaking into a modern Samsung phone? Knox "officially" passes some level of security standard, not sure how it holds up.


Not if your PIN is 1234

If you drill down on the motion log in the iOS Health app, it's very granular, like a web server log.

Perhaps it as improved, but last time I looked HealthKit data is buggy and end user editable. Seems like one of those things that is useful, but not definitive.

Chances are the prosecutor can manipulate that evidence to look good to the judge/jury much better than the defense lawyer can make a counter-argument for why it cannot be used in court. At least that has been the trend with stingrays and other bleeding-edge surveillance technology that is poorly understood by judges.

The prosecutors are backed by government and FBI resources (including technical expertise). Your average defense lawyer isn't. Hell, the FBI was even teaching prosecutors and the police to say that using a stingray was under NDA with the company providing it and therefore they couldn't talk much about using it in court (but still benefited from the gathered evidence).


This was in Germany, so I highly doubt the FBI was involved. Also there isn’t really a jury system.

I don't think it's the judges who are poorly understanding the technology...

I'm not able to edit my health kit data. perhaps some apps that integrate can do it, but the ones I use do not and I'm not able to in the health app itself.

You can absolutely edit your health data.

I can definitely add and delete health data, but on iOS 11 I cannot edit a device-provided value. Not for heart rate and steps anyway.

No I can't. I tried. Did you not read my comment?

Note to self: if I'm ever going to murder someone, turn off my phone, or at least the things in my phone that track what I'm doing and where I am.

So they will see that the phone was on continuously for two years, then the night of the murder it was switched of for 6 hours and has been on ever since. Not at all suspicious...

(this is data your service provider already has, and I wouldn't be surprised if this is already used to flag weird behaviour)

Even better, I find that not murdering people is a much easier solution to this problem.

Murder is -obviously- a hyperbole (though I'm sure a certain H. Reiser would agree).

You can make a case for anything voluntarily involving destroying your privacy. Compare to GDR. You were always watched, period. The same's true now, but its partly voluntarily. Is it desirable? You should decide on that on a case-by-case scenario. Schneier wrote several essays on this matter (here's one [1] and a more recent one [2]) and his latest book, Data and Goliath also covers this subject.

Interestingly the more we centralise on our smartphones, the more difficult voluntarily leaving it home becomes. We already put all kind of NFC cards like our bank and public transport on our phones these days. What's next, unlocking the car via NFC?

[1] https://www.schneier.com/essays/archives/2006/05/the_eternal...

[2] https://www.schneier.com/essays/archives/2016/03/data_is_a_t...

My brother is building appartement buildings. In some they are using NFC card as access key for the appartements. So you might one day enter your home with your phone (without adding IoT or something, out of the box).

I’m not arguing against privacy, or for this kind of abusive tech used in the system. I’m just saying that this particular story doesn’t make for a great exemplar, anymore than the guy who was nailed because of his smart water meter. There are plenty of examples of surveillance abuse and slapdash prosecution without having to rely on this.

Or establish a pattern of leaving your phone (on) at home a few times per week, so when you're doing your murder without your phone, it does not look out of place. You'll just have to provide an alibi on what you were doing and why you didn't take your phone.

Or just solve your problem by non murderous means, since you have the leisure to plan for it several months in advance?

So hire a killer with bitcoins you mined & mixed months earlier? /jk

Dropped it in the toilet?

Could have sworn that phone radios have a unique identifier independent of the customer id (stored in a sim or the phone depending on the network tech).

> Could have sworn that phone radios have a unique identifier independent of the customer id

Of course they do, multiple ids in fact (IMEI/ICCID/MEID). Not sure how that’s relevant in this thread though.

Better to just leave it on and at home, maybe have it stream some movies/series from Netflix or something, that way it would even serve as an alibi.

"Never left my house, spend the whole evening watching XY on my phone in bed, you can check the content providers logs!".

... prop it up on your bed at a good viewing angle and have something lightly vibrate the bed periodically ...

That way the damn things accelerometer has some data - Law & Order style shows need to up their game in the smartphone era.

This could work, but if not then you’ve handed the prosecutors ironclad evidence of your premeditation.

I know it's implied in your comment, but I hope that upon discovering someone was playing Netflix at home and not watching it, that the conclusion is still only "he was not at home while his Netflix is playing" and not "he put on Netflix to premeditate a murder." If he lies and says he was at home then that's perjury, which only may be evidence of premeditation.

I know this whole thread was tongue-in-cheek, but when someone's life is on the line for murder you do need to remember that you're trying to prove that a person did it, and it's not sufficient to disprove the ways that they didn't do it.

Hypothetically, if police caught your periodic-vibration setup in action, and figured out what it's meant for, and found some kind of evidence that you had just recently created this setup, and turned it on before leaving the house and (according to other evidence) committing a homicide…

Well, I don't know about "ironclad", but it would be circumstantial evidence that you were trying to cover something up, which in combination with other evidence might be able to establish premeditation.

Well, yeah, but the phone is going to tattle anyway you look at it. Frankly, the advice is more useful to people who are worried about being tracked than an idiot planning murder. I get the feeling a domestic abuse case is going to be a better bet to use this technique to buy time to get away before we see someone try to hide a murder. Those child tracking tech items are probably going to be a gold mine for abusive partners.

Turning off your phone leaves a hole in the data, but that hole can say a lot. The start and end times and locations are known, and can be correlated with other events to suggest why the hole exists and what might have happened during that gap. That sort of circumstantial evidence was a part of the recent Laura Babcock murder case.

The US military has used phones’ on/off state in the Middle Eastern war theaters as an indication of potential terrorist activity. Based on other meta data like the number of hops to a known terrorist phone number (phone number A contacted phone number B which contacted phone number C which has contact with a terrorist’s phone number) and the temporal proximity to (assumed) terrorists switching their phones off and on, you got a terrorist rating. If you were unlucky, you got drone-murdered. I can’t find the exact source but this article[1] describes the practice of drone-murdering potential terrorists, and the Talibans counter-strategy.

[1] https://www.rt.com/news/nsa-drones-civilian-casualties-383/

That evidence also speaks to premeditation, and mens rea.

Or it could just mean that your battery died.

Sure, unless like most people you’re obsessive about not letting that happen. If your phone dies just long enough to hide your location during a crime there’s other evidence of you committing...

...let’s just say you’d better be perfect in every other aspect of that crime.

I'm not. My battery died yesterday and I managed not to kill anybody.

Leave them at home for an alibi.

Now that is quite interesting. As others have pointed out turning a phone off could provide evidence against you.

Leaving it at home, or having someone else carry it with them could provide an alibi.

It’s a truism, but location data for a phone only proves where the phone was. Or where the phone thought it was. I wonder how quick a prosecutor might be to point this out. Especially when they might be less quick to do so if the location data suggested your phone was at the scene of the crime.

I wonder if you could poke a hole in that (widen the "where it thought it was" doubt) by pointing out incidents like when Facebook thought nearly everyone was in Philadelphia for a few hours.

My phone infrequently thinks I've left home without actually moving - far enough to trigger the 400m geofence around it and to switch the webcam into "I've gone out, HIGH ALERT TIME!"

I assume it's because it's not getting good GPS (I'm inside a block of flats), there's no cellular signal, and therefore latches onto a visible WIFI SSID (I can see 15+) that it's got a location for which just happens to be [somewhere else].

(Similar to when my phone used to think Euston Station was in Manchester because it was picking up the SSIDs from the trains as part of AGPS.)

What, were you not invited?

Damn I always get left out of everything :-( lol I posted "Man it's weird having my house in Philadelphia" or something along those lines when it was saying that and I saw a friend that I hadn't seen in a while the other day and he was like "Hey I thought you moved to Philly? What're you doing here?" haha

> Leave them at home for an alibi.

Presumably that isn't a great alibi though. The activity on those devices probably wouldn't match the "normal" activity when one is home, so I suspect it would be easy for a prosecutor to argue that the devices were just left at home.

A good point, but normal for some people might be to leave it untouched whilst at home.

And move out of the US

>Age will play a part in sentencing. The maximum for someone under 18 is 10 years, whereas the adult sentence for such a crime could be up to 30 years.

Up to 30 years for rape and murder? 30 years is a long long time but that's a max sentence for this crime?! What in the world?

EDIT: I agree that 30 years is effectively life just living in the US where they typically give people one (or sometimes multiple) life sentences for crimes like this has made my judgement odd.

You are underselling how long 30 years is. In my honest opinion, you just can't punish someone for that long because the person you have after 20 years isn't going to be the same person who committed the crime. Sure the crime deserves worse; but I don't believe we can deliver on that, and holding someone is very expensive.

I'm still under 30, so I am literally forced to imagine what it is like. 30 years is currently outside the scope of my experience. It is beyond my gut conception of forever.

Once I get old enough to have a practical idea of what 30 years is (say, 40), a 30 years sentence might as well be a life sentence as it would easily consume the remainder of my productive life.

Punishment (retribution) is only one of a number of reasons to incarcerate someone (the three others normally cited are deterrence, rehabilitation, and incapacitation). I wish we had better metrics for the probability of recidivism. If we knew with a high degree of certainty that a given murder was a one time thing, we could let the perpetrator out very early. On the other hand, if we know that the perpetrator is likely to reoffend, or if we could show that light punishments had less of a deterrent effect, or if society just wouldn't stand for a lesser punishment, we could keep them locked up for longer. Unfortunately we just don't have that level of introspection into the human psyche.

In my honest opinion, you just can't punish someone for that long because the person you have after 20 years isn't going to be the same person who committed the crime.

Can confirm. Brother committed murder at 16. Was tried and sentenced to 70 years (as an adult, thanks Texas). He’s 34 now. Totally different person. He was a kid then.

I seem to recall an article where a guy had spent 30 years locked up for a crime he didn't do.

When he went in, there were few to any mobile phones and virtually nobody talked about the internet.

So when he got out he had to learn how to use all that tech we take for granted in our daily lives.

In Germany, most murder has 15y tops - everything above (Sicherungsverwahrung) is reserved only for really hardened and/or psychologically "mad/dangerous" criminals.

Locking someone up for 30 years is more or less equivalent to a death sentence - society will have progressed so much during this timeframe that the convict will never be any productive part of society again. At that timeframe, seriously, it's more humane to give the convict a gun with a single bullet than lock him up for 30 or more years - and many people are locked up for longer for non-violent crimes.

Then again, the US is barbarian enough to lock up juveniles for life, so people saying "30y is not enough" doesn't surprise me in the slightest.

No, murder has a mandatory life sentence. Sicherungsverwahrung is totally distinct from that, as is the declaration of „special gravity of guilt“ that the court can impose.

Everything less than life is capped at 15 years (manslaughter etc.)

Life sentences mean exactly that: until death. But for constitutional reasons every convict must have hope that he can be released early. That‘s what those regular reviews (after 15 years or more) are for.

Many convicts get released early, because they sat in prison for a long time and pose no threat anymore. Others are released for medical/humanitarian reasons.

But this opinion that murderers always get free after 15 or 17 years is pervasive and utterly wrong. And it leads to people demanding excessive punishments, because they feel they must demand much more to have evil people do time.

Furthermore, if you get released you have to serve a probation period of 5 years.[0]

0: https://www.gesetze-im-internet.de/stgb/__57a.html (In German)

The difference is that European prison is typically more corrective than penitentiary, whereas US is more penitentiary than corrective (to the degree where US prison is effectively crime college). Edit: so, the differences that you pointed out are a consequence of the differing prison systems goals.

Someone with a 30 year sentence could be out on parole in 10 years. Being sentenced to 30 years doesn't actually mean you will do 30 years.

A philosophical cornerstone of criminal justice in many European countries is that indefinite jail sentences are immoral and abhorrent: There always has to be the possibility to be released (and not in some phoney way, as a basic principle).

What in the world, indeed, but from my perspective “What in the world, you routinely want to lock people up indefinitely? That’s abhorrent.“

By default indefinite sentences are gruesome (to say nothing of the death penalty).

Not sure where they get that from. Murder in Germany can have a life-long sentence, and German media reports mention it in reports about the case as such. (Actual sentence durations vary, since a normal for-life sentence still has the possibility to release after at least 15 years. EDIT: average appears to be ~20 years according to wikipedia)

To clarify, the constitutional court has ruled that people who serve a life-long sentence must have the legal means to be regain their freedom at some point.

Yes, but they must not be granted that. What you said is correct, but people might interpret it as an absolute right to be released at some point.

The court mostly ruled that we must not have a situation like in America where elected politicians who are driven by populism decide on it. It must be legal proceedings in a regular court.

BTW, there is an interesting decision by our Constitution Court that touches on this and shows (IMO) an eminently sensible way and a willingness to cooperate with other legal systems. Anyone interested in a story? :-)

I agree with you. Individuals who commit these kinds of crimes have anti-social personality disorder. This kind of disorder is considered fixed and unchanging. When this man gets out of prison in 30 or so years, yes he will be different. But I doubt his frontal lobe is going to magically heal itself and be able to inhibit the intrusive violent thoughts he has.

This is a violent and uneducated adult male who raped a medical student and then murdered her. The opportunity cost to society is already great, now they will waste their society's resources in keeping this man alive. In my opinion, he should be executed as soon as possible.

Europe has much lighter sentences than the US. Norwegian musician Varg Vikernes was sentenced to 21 years for murder and multiple counts of arson and was released on parole after 14 years.

... and now he's spreading vile Nazi crap. To be honest, I have no idea what to do with people like him... they certainly don't deserve to be running around free and they're a danger to society, but locking someone up for life is absolutely inhumane too.

Since then Norway has introduced a sentence class that can effectively jail someone for life.

Every 5 years after the main sentence the person is reviewed to see if releasing him would be a risk to society. And if deemed such a risk, the sentence is extended by another 5 years.

Norway may implement that in a sensible way, but the UK recently scrapped a similar sentence because it was linked to a bunch of injustices.


People would go in for a minor offence, but be seen as high risk, and then stay in for many years.


Ideological rants will get you banned on HN regardless of which flavor you favor.

Please read https://news.ycombinator.com/newsguidelines.html and don't do this again.

This guy had even been previously condemned of sexual violence in Greece, and sentenced to 10 years...

"Wegen einer Gewalttat an einer jungen Frau im Jahr 2013 war K. in Griechenland zu zehn Jahren Gefängnis verurteilt, im Oktober 2015 aber vorzeitig gegen Auflagen entlassen worden."

Wait a sec. If he had been sentenced to 10 years for sexual violence, then how is he 17 years old? Did he escape from prison?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact