Is Data the New DNA?

April 29, 2018

Firstly an apology. If you clicked the link expecting some sort of Muskian vision about life evolving in bytes then I’m sorry to disappoint and even more sorry to have resorted to click bait.

No the subject of this report is about data and liberty, perhaps a more important topic, especially to those deprived of their’s. A room full of IoT experts, criminal lawyers and privacy campaigners gathered to chew over disclosure of data from connected devices in criminal proceedings. In the process the contributors revealed some deeply worrying things about how much data can be excavated and posed some searching questions about over-reliance on data. Just as DNA evidence has become less persuasive on its own, it may be that we find that data cannot be trusted as much as some prosecutors might hope.

Neil Brown set the scene with a masterly review of both the types of device now collecting your data and the frameworks that private actors and the State have to get hold of it. The broad powers built into the Investigatory Powers Act 2016, with its vague notion of what is data and what is content, pose a particular problem for those trying to contain disclosure. He also highlighted how anyone can now search the IoT using the Shodan search engine and pondered whether, if the police use it, their activity amounts to police surveillance

Millie Graham Wood of Privacy International then raised the questions that PI would like to see tackled before it’s too late, as we cannot afford to wait for case law to resolve them. Inaccurate and discriminatory data is one concern. Another is data asymmetry, meaning the situation where the defendant is up against a deluge of data potentially mined by State actors. More worrying is the potential to tamper with the evidential data. She recounted the bungled attempts of the Baltimore Police to create false video evidence for drugs prosecutions, which, although amateurish, demonstrated that, when combined with technology to create fake videos, data may not be trustworthy in court. 

That data could also be inadvertently misleading. For instance can you be sure the defendant was wearing the Fitbit at the time of the data in question? To rephrase an old joke, on the Internet of Things nobody knows you’re a dog. The other major gap is that so much of this data is subject to a lack of understanding as to what is happening inside the “black box”. Are we really confident that the algorithms are accurately monitoring your emotional state, heart rate and other possibly tell-tale signs of guilt or innocence.

Two short presentations by criminal lawyers then connected these speculations to the real world of criminal defence. 

Paris Theodorou, of Hodge Jones & Allen, looked at what is admissible, informing us that hacked data may be relied on as there is no doctrine in UK law, in contrast to the US, that prevents use of evidence that is the “fruit of the poison tree. The judge will look at the probative value, perhaps after hearing argument in chambers, but on the face of it, such data is fair game. So in a rape trial, it may be that data from the alleged perpetrator’s sex doll could be disclosed with a presumably deleterious impact on the defendant’s case.

Myles Jackman, a well known defender of clients charged with possession of illegal pornography, then raised the problem of the reverse burden of proof. The existence of illegal imagery on a PC is used as proof of automatic guilt and there seems to be no need for the prosecution to explain how it got there. It is for the defence to come up with a rational explanation as to why their client did not download it, which is a reversal of the normal burden in criminal cases. To illustrate this point he mentioned one client of his who is now in jail because a member of his What’s App group shared an illegal image that was then downloaded onto his client’s phone automatically as the client had forgotten, or been unaware, that the app might do that. 

His views were not without controversy, as there was healthy debate from the floor over the applicability of this apparent reversal in strict liability cases.

However, to my mind, despite these disagreements over the legal niceties, the take-away theme of the evening was that we are at the start of an educational process. Nobody argued that data should not be an important part of a wider collection of evidence but the explosion of available data has outpaced the knowledge of both defendant lawyers and indeed the prosecutors: police officers are transformed into ‘forensic data experts’ after a three-day training course. 

So the apparent inviolability of data as firm evidence needs to be questioned through a greater knowledge of how it might be collected, when and where it was collected and what the algorithms are doing with it. As one questioner said, this is not just a matter for lawyers, juries (who are the wider public) also need to be educated. Otherwise data really does risk becoming the new DNA and depriving innocent people of their liberty.