Jenny leaves the gym, pleased that she reached her step goal for the day. Johnny glances at his wrist quickly during a meeting, and swipes to the left. Billy finishes a marathon and checks his time at the finish line station. What do these people all have in common? They’re all integrating wearable devices into their everyday life. Wearables are arguably the next big craze in portable technology. A recent study by IDTechEx found that the market for wearables will increase 10% annually to over $40 billion in 2018, and by 2026 is anticipated to be over $150 billion per year. The reality is that whether it’s a chip connected to someone’s shoe at a marathon, a smartwatch, a fancy pedometer, or an activity band, it seems like every other person has at least one (if not more) of these devices. Yet little attention has been paid to these devices outside of the fashion and fitness realms until recently.
It is important to note that most of these devices log and in some instances analyze various metrics collected from the wearer’s daily activity. Many of these devices track the number of steps taken in a day, some monitor your heart rate to make sure you’re getting in a good workout or a restful night’s sleep. Recently FitBit and Medtronic announced a partnership to develop the ability for diabetics to track their blood glucose levels using wearables. Other devices, while lacking in intrinsic health benefits, instead tend towards the cool factor of the scale. For instance, Levi’s Jeans company now has a “smart jacket” capable of interacting with a Bluetooth-linked device such as your cell phone. The possibilities for wearable technology are endless, and so are the potential uses of this data in digital investigations.
Think about it – assume there is a harassment (sexual or otherwise) claim. The argument could be made that changes in heart rate corresponding with the timeline of the alleged event corroborate the claim, or they could be indicative of whether someone did or did not in fact feel threatened during an exchange. Wouldn’t it be useful to know exactly how someone reacted physiologically during and around the time of the alleged infraction? The data from these devices could also be useful in evaluating injuries. Take a workman’s compensation injury claim. It would be key to the investigation to know if someone with a neck injury was spending their off time getting in a vigorous workout at a gym or recuperating within the confines their house.
While these methods of investigation may seem intrusive, in some jurisdictions they are already in use. Attorneys at McLeod Law in Calgary, Canada, used wearable device data to show that their client, a former personal trainer, had in fact been seriously injured and that those injuries impacted her quality of life. In the case, she wore a FitBit during an “assessment period” to show that her levels of activity were well below what someone of her age and profession should be exhibiting on a regular basis. Using actual data from the wearer’s daily life has the potential to carry much more weight than traditional clinical assessments, as an assessment often only examines a person for short segments of time. Wearable device data has also played a part in alleged sexual assault cases. In Lancaster, Pennsylvania, police officers responded to an alleged sexual assault and opted to collect the victim’s FitBit as evidence for their investigation. In reviewing the data from the device, a different story unfolded. Rather than corroborating the victim’s story that she was sleeping and awoken by the assailant, the device data showed that the alleged victim was awake and exhibiting signs of normal activity during the time of the alleged assault. Ultimately, the police department stopped their investigation into the assault and instead charged the alleged victim with filing a false police report.
But this technology does not come without its issues. It’s equally important to know that there can be shortcomings to the usage of data from wearable devices in litigation. First, data can be accidentally falsified, such as in the case of fidgeting (for movement data) or having someone jump out from behind a wall and yell “boo!” (for heart rate data). Second, the data collected can also be intentionally falsified. For instance, a workman’s comp claimant could opt to skew the results by sitting on the couch and doing nothing for two weeks when they are perfectly healthy. Or someone could easily let a friend (known to be exhibiting the desired level of activity) borrow the device and wear it to record data that supports the user’s story.
It’s also important to be mindful that many of these wearable devices are unique – they do not fall under a unifying specification where each one has the same interface to extract the data contained within (unlike that of a computer hard drive, mobile phone, etc.). This means that the ease of collecting data from an activity band could vary greatly between models and/or manufacturers. While forensic examiners may be able to connect to one device and access data using a USB cable, they might have to entirely dismantle a second type of device (of the same general category) in order to manually read the internal data chips, and on the third device run into a scenario requiring a court order to a wearables provider to produce the user data stored on their servers.
So what does this all mean? Is the data gathered from this new technology unreliable? Definitely not. As with all information in a case, you should trust, but verify. Wearable technology certainly has its uses, and it’s important to make sure you’re not only aware of them but taking advantage of them when appropriate. From a corporate standpoint, it might be a good idea to start thinking about revising your BYOD (Bring Your Own Device) policies to contemplate wearable devices. But from a litigation standpoint, you should make it a habit to start asking your clients or adverse parties if they use and allow wearable devices. We predict that the use of data collected from wearable devices in legal matters has just begun – get ahead of the curve now.
Ryan Ferreira is a Digital Forensic Examiner at One Source Discovery who specializes in mobile device forensics and call detail record analysis. He has a Master’s degree in Digital Forensics and holds the Certified Computer Examiner (CCE) designation from the International Society of Forensic Computer Examiners, among various other certifications.