This type of use would be very troubling to everyone because, given enough N value, you can always find some people to fit a criteria. Then, it becomes a matter of making a case that fits very narrow criteria. Hard to defend against, possibly very expensive to defend against.
Now, in the US, for these types of cases you need to prove beyond a reasonable doubt. But in reality, many people with limited funds for expensive lawyers, when faced with 30year sentences, will just plea bargain for 2 years -- which is not something that needs proof beyond a reasonable doubt.
In summary, using phone data to independently support an already strong case might be a good way to set innocent people free. Using phone data to find culprits might be a great way to innocent people to get a false accusation just based on statistics and the laws of querying on large datasets.
Afaik this technically impossible with Apple Health at this point.
> Many people with limited funds for expensive lawyers will plea bargain for 2 years
Plea bargains rarely (if ever) happen in the Netherlands, and I suspect they don't in Germany either. The reasoning behind this is probably that when the state sues they should go for justice, not victory. Plea bargains may incentivize strong arming, bluffing tactics and money politics that don't belong in a court room.
That was long a problem with DNA data.
I don't know how completely they test DNA nowadays in criminal cases, but in the early days and for many many years afterwards the tests did not determine a unique individual. It just narrowed it down. There could be a large number of people in the world that would match the sample.
There were two correct ways to use DNA with that level of matching.
1. After you have narrowed down your list of suspects through ordinary, non-DNA police work to a small number of good suspects, then check their DNA. If exactly one suspect matches it is extremely likely that is the correct suspect.
2. It can be used to nearly conclusively eliminate suspects. (I say "nearly conclusively" because you are almost never sure that the DNA you are testing from the crime scene is actually from the criminal. There are almost always ways someone who was not the criminal could have left DNA at a crime scene).
Then there was the completely wrong way to use it, which, unfortunately WAS often used:
• Keep a database of DNA samples from a small subset of the general population, such as people who have been arrested. When you start investigating a crime and think you have a DNA sample of the criminal, check that against your database, and if you get a single match conclude that person was involved.
This approach of starting by looking up DNA from the crime scene in your database and focusing everything on a single match is only valid if:
A) the database includes everyone who could possibly be the criminal, or
B) your DNA test is comprehensive enough that it does identify people uniquely.
We don't do A yet, and as I said I don't know if the test they use nowadays are good enough to satisfy B.
The DA says, “there’s a million-to-one chance it wasn’t this dude.”
Without any other evidence linking the purported perp to the crime, the reality is that the DNA only shows he’s one of 350 people who could have done it (assuming a population of 350m).
To be clear, this would not be possible on iOS, because the data is stored locally on the device (They had access to it). Health data cannot be remotely queried.
I accept that a lot of this idea in my head is from films set in the USA but then again I have read on the subject and plea deals seem to be not only accepted but encouraged.
How a person, who seemed to have murdered someone, ought to be given only M years of sentence just because that person agrees for a plea deal where if properly tried and proven guilty the person might have been sentenced for N years which usually would be more than M? Just because the prosecution have to work less the culprit gets a lesser sentence? And as you say many who are arrested and haven't done anything but just wants to live with a lesser sentence just agree to such deals because they can't afford a lawyer, let alone a good lawyer.
Is it not questioned? Is it something in the constitution? How does it work? The "deal" itself - is it verbal or plea deals are actually signed and verified?
The deal is in writing.
As you allude, though, it's a terrible system. The DA deliberately files charges one or two tiers higher than needed as a scare tactic to encourage defendants to plea out.
The motivation seems mostly to keep the number of actual trials down to match the capacity of the overall system. And it's one of the reasons (there are others) that our incarceration percentage is higher than anyone else's.
For DNA testing, for example, the testing labs don't publish, and the courts do not allow questions regarding, their base rate false positive rate. They're worried that juries wouldn't be able to reconcile the "0.5% of DNA tests are false positives" with "beyond a reasonable doubt".
If you don't know the false positive rate, and someone comes in with a positive test result, you know almost nothing conclusive.
Really interested in knowing how they got in (and what model of iPhone it was.)
Likely (but not necessarily) it was Cellebrite CAIS:
The iPhone model in question was (allegedly) a 6s, a German article:
(Please use direct links rather than amp links.)
My link is also a direct link to a faster loading page. I tried to load the appleinsider.com page, and it hung for nearly ten seconds waiting for a response from the server before I gave up. It's not worth my time, and it's not worth the reader of my comment's time.
Apple tends to make its claims regarding latest iPhone model combined with latest iOS version combined with particular settings.
Thus, for example, in the San Bernardino case, the fact that the phone in question was a 5C mattered. The 5C is not just an older phone, it has different security-oriented hardware inside, and that does change the security characteristics of the device.
Also, the Apple statement you keep pointing to said that Apple, as of iOS 8, is unable to retrieve or reconstruct the key used to encrypt the phone's storage. Which is true -- Apple cannot do that, and has designed things so that Apple cannot do that. What the FBI wanted in that case was not for Apple to supply a key or a passcode (which they don't have). What the FBI wanted was for Apple to create and sign and load a custom firmware which would disable anti-brute-force protection for the passcode, allowing the FBI to determine the passcode via brute force. Apple could do that, but refused to do so.
And for completeness' sake, that avenue is no longer available on more recent phones with more recent versions of iOS; performing an iOS update now requires the passcode, regardless of whether the update is initiated from the phone or from a connected device (even one previously designated as trusted).
The prosecutors are backed by government and FBI resources (including technical expertise). Your average defense lawyer isn't. Hell, the FBI was even teaching prosecutors and the police to say that using a stingray was under NDA with the company providing it and therefore they couldn't talk much about using it in court (but still benefited from the gathered evidence).
(this is data your service provider already has, and I wouldn't be surprised if this is already used to flag weird behaviour)
You can make a case for anything voluntarily involving destroying your privacy. Compare to GDR. You were always watched, period. The same's true now, but its partly voluntarily. Is it desirable? You should decide on that on a case-by-case scenario. Schneier wrote several essays on this matter (here's one  and a more recent one ) and his latest book, Data and Goliath also covers this subject.
Interestingly the more we centralise on our smartphones, the more difficult voluntarily leaving it home becomes. We already put all kind of NFC cards like our bank and public transport on our phones these days. What's next, unlocking the car via NFC?
Of course they do, multiple ids in fact (IMEI/ICCID/MEID). Not sure how that’s relevant in this thread though.
"Never left my house, spend the whole evening watching XY on my phone in bed, you can check the content providers logs!".
That way the damn things accelerometer has some data - Law & Order style shows need to up their game in the smartphone era.
I know this whole thread was tongue-in-cheek, but when someone's life is on the line for murder you do need to remember that you're trying to prove that a person did it, and it's not sufficient to disprove the ways that they didn't do it.
Well, I don't know about "ironclad", but it would be circumstantial evidence that you were trying to cover something up, which in combination with other evidence might be able to establish premeditation.
...let’s just say you’d better be perfect in every other aspect of that crime.
Leaving it at home, or having someone else carry it with them could provide an alibi.
It’s a truism, but location data for a phone only proves where the phone was. Or where the phone thought it was. I wonder how quick a prosecutor might be to point this out. Especially when they might be less quick to do so if the location data suggested your phone was at the scene of the crime.
I assume it's because it's not getting good GPS (I'm inside a block of flats), there's no cellular signal, and therefore latches onto a visible WIFI SSID (I can see 15+) that it's got a location for which just happens to be [somewhere else].
(Similar to when my phone used to think Euston Station was in Manchester because it was picking up the SSIDs from the trains as part of AGPS.)
Presumably that isn't a great alibi though. The activity on those devices probably wouldn't match the "normal" activity when one is home, so I suspect it would be easy for a prosecutor to argue that the devices were just left at home.
Up to 30 years for rape and murder? 30 years is a long long time but that's a max sentence for this crime?! What in the world?
EDIT: I agree that 30 years is effectively life just living in the US where they typically give people one (or sometimes multiple) life sentences for crimes like this has made my judgement odd.
I'm still under 30, so I am literally forced to imagine what it is like. 30 years is currently outside the scope of my experience. It is beyond my gut conception of forever.
Once I get old enough to have a practical idea of what 30 years is (say, 40), a 30 years sentence might as well be a life sentence as it would easily consume the remainder of my productive life.
Can confirm. Brother committed murder at 16. Was tried and sentenced to 70 years (as an adult, thanks Texas). He’s 34 now. Totally different person. He was a kid then.
When he went in, there were few to any mobile phones and virtually nobody talked about the internet.
So when he got out he had to learn how to use all that tech we take for granted in our daily lives.
Locking someone up for 30 years is more or less equivalent to a death sentence - society will have progressed so much during this timeframe that the convict will never be any productive part of society again. At that timeframe, seriously, it's more humane to give the convict a gun with a single bullet than lock him up for 30 or more years - and many people are locked up for longer for non-violent crimes.
Then again, the US is barbarian enough to lock up juveniles for life, so people saying "30y is not enough" doesn't surprise me in the slightest.
Everything less than life is capped at 15 years (manslaughter etc.)
Life sentences mean exactly that: until death. But for constitutional reasons every convict must have hope that he can be released early. That‘s what those regular reviews (after 15 years or more) are for.
Many convicts get released early, because they sat in prison for a long time and pose no threat anymore. Others are released for medical/humanitarian reasons.
But this opinion that murderers always get free after 15 or 17 years is pervasive and utterly wrong. And it leads to people demanding excessive punishments, because they feel they must demand much more to have evil people do time.
0: https://www.gesetze-im-internet.de/stgb/__57a.html (In German)
What in the world, indeed, but from my perspective “What in the world, you routinely want to lock people up indefinitely? That’s abhorrent.“
By default indefinite sentences are gruesome (to say nothing of the death penalty).
The court mostly ruled that we must not have a situation like in America where elected politicians who are driven by populism decide on it. It must be legal proceedings in a regular court.
This is a violent and uneducated adult male who raped a medical student and then murdered her. The opportunity cost to society is already great, now they will waste their society's resources in keeping this man alive. In my opinion, he should be executed as soon as possible.
Every 5 years after the main sentence the person is reviewed to see if releasing him would be a risk to society. And if deemed such a risk, the sentence is extended by another 5 years.
People would go in for a minor offence, but be seen as high risk, and then stay in for many years.
Please read https://news.ycombinator.com/newsguidelines.html and don't do this again.
"Wegen einer Gewalttat an einer jungen Frau im Jahr 2013 war K. in Griechenland zu zehn Jahren Gefängnis verurteilt, im Oktober 2015 aber vorzeitig gegen Auflagen entlassen worden."