Heart pacemakers are evolving and becoming more like an Internet of Thing (IoT) devices with evidence showing they’re hackability and ability to compromise the life of an individual relying on the assistance of additional regulating medical devices. However, in the case of Ross Compton, his heart pacemaker data was used to help secure a felony charge of insurance fraud and aggravated arson.
In the case of Mr Compton, authorities were already sceptical of the testimony he gave to both 911 dispatchers and on-scene officials over how the fire started. When able to secure a search warrant for the data on his cardiac pacing device, forensic investigators were able to chart out and map how his heart was responding at the time of events and deduced that his levels of activities would not be in accordance to those of a person under the same circumstances in same situation. Additionally, it certainly helped authorities to have the testimony of fire department officials, the testimony of Compton’s neighbour (who was even asked for help moving multiple desktop computers to Compton’s car) and knowledge from the beginning that Mr Compton used a pacemaker to properly cast doubt on Compton’s testimony and think holistically in their evidence gathering approach .
“[It was] improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated, due to his medical conditions.”
Now in terms of moving forward, Compton’s case serves as recognition for a number of legal considerations. In the US, there has already been debates about the accessibility of cellphone access using biometrics and how as to what purposes biometric data is covered and can be properly used under the 5th amendment. In Canada too, there has been concerns over similar protections on law enforcement’s ability to collect and access data that would be linked to “the person at its core” ( R. v. Plant, 1993 CanLII 70 (SCC),  3 SCR 281).
Did Compton know his heart pacemaker had the ability to identify him in such fashion? Did he have a right to protect himself as to bodily autonomy not knowing his pacemaker was “leaking” data about himself? This is especially a concern with more of these devices becoming bluetooth equipped and wifi-equipped as the capability for leaks and access is well known if the security of the device is not up to standard (if it even exists at all).
Furthermore, the data revealed on heart pacemakers is tamper-able as while a pacemaker can be used for remote monitoring services, there are tools available to collect, extract, and thus alter logs and heart rate limits. This was the case of Marie Moe who found her pacemaker was set improperly due to her age and demographic and thus altered it to better support her quality of life.
Finally, in an age where privacy is a general concern of all individuals and the fear of Government’s having overreaching power over the collection of its citizen’s private lives. What will this mean in cases of insurance fraud and liability coverages? will clients be fearful of needing a pacemaker that may stifle their coverage later on? Will disclosure of electronic body evidence become a norm with people ratting each other out? (i.e. “his heart rate escalated when I called him out on his affair”) These are all questions worth pondering and I look forward to see how all countries respond to these growing concerns.
References to ponder:
Talking about Biometrics and Privacy Canada