IoT Medical Devices and Your Privacy

When the internet of things first took off with “connected” devices and home appliances, the resulting reaction was fairly positive.

After all, this was finally the EPCOT Center-style wave of the future we’d long been promised. Our thermostats could adjust themselves based on our usage and our time away, our lights could come on when our smartphones told them to, our refrigerators could order our groceries as we ran out of milk. In short, it was pretty cool.

But then the privacy risks started to come into question. Who else could see our thermostat usage and know whether or not we were home? Which advertisers were ableto tap into that refrigerator’s grocery list and target us with products, whether we wanted them or not?

The bigger risk so far has been from privacy issues related to IoT medical implants. From pacemakers to glucose monitors, the internet has provided a better quality of care by letting doctors access their patients’ implants, but who else can see the data?

As it turns out, the police can, if they have a warrant and reason to suspect you of a crime. That’s certainly the case in a very bizarre tale out of Ohio. According to reports, a man set fire to his own house in order to commit insurance fraud. After different parts of his story didn’t line up, the police requested a warrant for the information recorded by the suspect’s pacemaker, which a judge then granted. Experts in the case have already concluded that his medical history and his heart rate readout from the device indicate he was never in any danger, and that the timeline of his heart rate’s increases and decreases couldn’t match his version of the events.

That case and others have privacy experts concerned. If the man didn’t have a pacemaker—or at least didn’t have one that sent recorded readouts to his doctor over the internet—he would never have been forced to cooperate in his own incrimination.

Another headline-grabbing case involved a man who was charged with murder, largely based on recordings from his home virtual assistant, Amazon’s Alexa. Again, other circumstances provided enough cause for the judge to issue the warrant, but if the man had not owned an IoT-connected device, there would have been no recordings from the night of the murder.

These are just two cases in which users’ own technology may turn on them in a court of law, and it’s a trend that has raised some eyebrows among privacy advocates. It’s also certainly something lawmakers will be expected to address in the future, but for now, it may take a few key court rulings in order to set a privacy precedent.