Andrew Bean of Salesforce had an interesting session on how the Internet of Things will play with monitoring almost everything and the implications with law enforcement.
Here’s the abstract:
By 2020, there will be approximately 30 billion connected sensing devices surrounding us. The ability to monitor every aspect of our lives will be unprecendeted. This capability is also of interest to law enforcement. Join us as we delve into what your rights are under the 4th and 5th Amendments, and the clever ways authorities today are working around current constitutional limitations.
Search and Seizure is the Fourth Amendment. (Note this is a discussion that applies to U.S. law.) Compelled disclosure comes under the Fifth Amendment. What’s interesting is that this presentation was made without knowledge of the forthcoming Salesforce Internet of Things Cloud.
The idea of IoT is the idea that billions of things will create information which can be used to make smarter decisions. IoT is going to be big. The guesses range from 30B through 300B. At any rate, it’s going to be a lot of devices we see by 2020. As things mature, these devices will become almost transparent and invisible. Moore’s law almost demands that. The sensors will also be used in almost any device or tool.
Good Read: Enchanted Object by David Rose
David Rose envisions a time where the sensors will be so small that you would just scatter them like dust. At that point, they will be everywhere. We will be tracked or monitored all the time. This ubiquitous distribution could mean we are wizards as our environment changes to our known preferences.
The Issue
- The landscape is going to be really big
- We don’t craft IoT devices with privacy in mind today
- We don’t understand the constitutional implications of our engineering decisions
Under the law, you are more constitutionally protected with a simple password than with any super complicated biometric device. It’s about the law.
But remember, you are tracked….always.
Andy showed off the Google Map of his activity last night. It’s not unique that Google knows this. Facebook and Angry Birds have it. In fact almost any user can be tracked by Angry Birds because of the data they pull in from the phone. They even pulled in your contact records. Every major apps will do this. Free flashlights even turn on your microphone while you are using it. They can build an amazing profile of you. (Or scary depending on your viewpoint)
The Solution?
Start with international laws that set the expectation of privacy or lack thereof. This implies new laws, investigators, and a framework for it.
Fourth Amendment: “The right of the people to be secure in their person, houses, papers, and effects against unreasonable searches and seizures, shall not be violated and no warrants shall issue but upon probably cause…..
The Law
Fourth Amendment
The fourth amendment case law has changed over time. Police can search anything around you. They can also search anything in risk of being destroyed. They basically said in 1973 that you can search any container on a person.
The Katz case started us thinking about what is reasonable privacy that society agrees with. Over time, the idea evolved that once that information moved outside your person or your property then it could be seized . Reasonable privacy ends at the walls of your home. So garbage is just such an example of evidence. (See California vs Greenwood 1988)
Now think about what that means about data that is emitting information to a variety of sources….. The FBI believes that you are discarding information from your phone and they can use devices to capture it.
Rule: If you want to search a modern cell phone, get a warrant (Riley vs California) This holds because cell phones have become digital archives of our lives. No longer are they like a container. They contain too much information about your life.
But what about a fitbit? It has a lot of information on your life? Is it more like a beeper (no warrant) or a smart phone (need a warrant) Andy postulates that grains of sand sensors are more like a beeper. In the next few years there will probably be a whole series of cases on this.
Fitbit has now been used in court. Strava has been used in court several times. There will be more examples.
Fifth Amendment
Fifth Amendment: No one can ever force you to testify against yourself.
Implications: a pin code is more secure than blood, DNA, or other biometric. It is because the law says you cannot be forced to reveal a pin code. Your blood and fingerprint can be forced by the police legally.
Apple has a new patent that uses biometric with a gesture pin code which brings you back under the law.
Bottom Line
There’s a lot of unknowns on what can be done and it will evolve over time. What we do know is that once outside your person or home, you have lost a lot of your privacy.