A man in Ohio claimed he was forced into a quick window escape when his house caught fire last year. His pacemaker data obtained by police showed that was not the case and he was charged with arson and insurance fraud. In Pennsylvania, authorities dismissed rape charges after data from a woman's Fitbit contradicted her version of where she really was during the reported assault.
Incredible amounts of information collected from our phones, fitness bands, smart toasters and thermostats, are increasingly being used in US legal proceedings to prove or disprove potential evidence. In a recent case that made headlines, authorities in Arkansas sought, and eventually obtained, data from a murder suspect's Amazon Echo speaker to obtain evidence. One thing that all of the devices have in common is the cloud; of course that is the mysterious place that data goes to be "safe and secure". Pardon my sarcasm as the cloud is in reality a large company of servers that are used to store information for a price. That price includes being hacked, breaking down as the Amazon AWS S3 servers did recently, and cloud purveyors selling information as television company Vizeo did secretly. The US Federal Trade Commission in February fined them for secretly gathering data on viewers collected from its smart TVs and selling the information to marketers.
So, where are we in our search for answers as to why the smart devices and those that are an integral part of the Internet of Things (IoT) can be used against us as well as for us by looking at the fourth amendment to the Constitution:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
But the key to our security is in the phrases "unreasonable search and seizure" and "probable cause". These terms have been at the core of our security for a long time and we know from experience that when a local or federal jurisdiction seeks a warrant based on either phrase the bar can be moved depending on the information that the court is provided. For example, if the police have a warrant to search for stolen property and in the process see growing marijuana, they can seize that under the probable cause phrase.
But. here comes the tricky part of my concern for personal security. When you're smart device sends your data to the cloud, it is going to a third party and it is no longer in your personal possession! So, all the police have to do is raise the question of probability that there is information relevant to a crime and request the data. And, unless your cloud service explicitly says that it protects your anonymity, you may no longer be protected by the fourth amendment.
There is a lot of activity in the courts regarding the cloud data and whether or not cloud providers can either sell or give your information to other parties including local and federal authorities. But, there are some steps that we can take to safeguard our data. First, read the agreement provided by the cloud provider to determine if they have a policy about protection. Second, decide when you're smart device is allowed to collect and send data to the cloud. Third, either back-up your photos and sensitive data using either standard recording media or use your own server made from an old computer or a readily available server. Fourth, be aware that many websites are using and sending data to the cloud about you and your searches.
The internet is really the wild west and perhaps we should add the word "ass" to our smart devices. That smart ass may be used against you! Just an observation...