Wearable Health Data: Legal Challenges in Criminal Investigations
Wearable health devices have rapidly transformed from niche gadgets into essential tools for fitness, wellness, and increasingly, even fashion. Devices like the Apple Watch, Fitbit, Whoop, and smart rings are now commonplace, seamlessly integrating into our daily routines. These devices collect an array of personal health data, including heart rates, step counts, blood oxygen levels, sleep patterns, and stress levels. With just a few taps, this data can be accessed and shared, raising several critical legal and ethical issues.
This growing reliance on wearable technology presents significant concerns about privacy, security, and the potential for misuse, particularly within criminal investigations. While this data can support health improvements and encourage positive changes, it can also serve as key evidence against targets of criminal investigations and defendants. The incorporation of this data in investigations also presents notable conflicts with constitutional rights and questions of reliability.
This article explores these questions, providing insights for defense counsel in cases involving health-tracking device data.
Cases Involving Wearable Health Data
Several high-profile cases exemplify the complexities surrounding the use of wearable health data in criminal investigations.
One example is the case of Anthony Aiello, a 90-year-old man accused of murdering his stepdaughter, Karen Navarra, in San Jose, California. Investigators relied heavily on Navarra’s Fitbit data to establish a timeline of her final moments on September 8, 2018. The Fitbit showed a spike in her heart rate at approximately 3:20 p.m., followed by a rapid decline, stopping at 3:28 p.m. — just before Aiello left the house. This data, combined with other evidence like video footage and bloodstained clothing, helped connect Aiello to the crime. However, the Superior Court of California case was dismissed following Aiello’s death in custody in 2019, leaving questions about the reliability and accuracy of the data.
Another high-profile case involved the 2022 conviction of Richard Dabate, found guilty of murdering his wife, Connie, in December 2015. Dabate claimed an intruder shot his wife while he was bound to a chair in their basement. However, data from Connie’s Fitbit contradicted his story. The Fitbit indicated that Connie was home for at least 48 minutes after returning from the YMCA, walking at a normal pace, posting on Facebook, and messaging a friend. This directly refuted Dabate’s claim that she was killed immediately upon arriving home. The Dabate case is currently undergoing further scrutiny by the Connecticut Supreme Court. Dabate contends that the Fitbit data is scientifically unreliable and cannot be accurately measured. He argued that the expert witness, Dr. Keith Diaz, a behavioral medicine expert, could not explain how the device works or the methodology behind it.
In response, the prosecution presented Diaz’s testimony. He explained the Fitbit uses an accelerometer to measure movement on three planes, converting that data into step counts via a proprietary algorithm, which directly contradicted the defense’s claim. He also testified that the specific Fitbit model Connie wore had been extensively tested and showed 98% accuracy in step counts while worn on the hip. Diaz mentioned that the Fitbit has been validated in several peer-reviewed studies and is widely accepted in the scientific community for clinical applications. While Dabate’s defense argued against the Fitbit’s proprietary algorithm, the prosecution used Diaz’s testimony to support its general acceptance in step counting. The prosecution, on appeal, asserted the trial court acted within its discretion when admitting the Fitbit records, highlighting that the expert testimony demonstrated the data’s accuracy and general acceptance in the scientific community.
Currently, the Connecticut Supreme Court is determining the case outcome, with oral arguments heard on October 20, 2024.
In State v. Burch, the Wisconsin Supreme Court ruled expert testimony was not required because the Fitbit data was self-authenticating. George Burch was convicted of murdering Nicole VanderHeyden. Evidence presented included Fitbit data from VanderHeyden’s boyfriend, Douglass Detrie. The data showed Detrie was inactive around the time of the murder, directly contradicting Burch’s defense. GPS data from Burch’s phone placed him at key locations near the crime scene, strengthening the case. Burch received a life sentence without the possibility of parole in 2018. He appealed his conviction to the Wisconsin Supreme Court, arguing that the Fitbit evidence should have been excluded because expert testimony was required to establish reliability and that the data was insufficiently authenticated. The Supreme Court upheld the conviction and did not require expert testimony because the data was not unusually complex. The court reasoned that the general public understands the basic functionality of step-counting devices, such as smartphones and fitness trackers. Since jurors could understand the basic functions and the potential for reliability, they deemed expert testimony unnecessary. The court also found that Fitbit records were adequately authenticated, given an affidavit from a custodian of Fitbit’s records, and it confirmed their authenticity and accuracy. The court determined that, after the records were authenticated, it was up to the court, as the fact-finder, to assess the weight and credibility of the evidence.
In another case, Terrence Chip Ogle of Yakima, Washington, was convicted last year of murdering his girlfriend’s toddler, Alexander Lynch, in 2020. The prosecution used data from an Apple Watch worn by Ogle’s girlfriend, Marie Kotler. The data suggested that Kotler was asleep at the time her son was injured, which supported the case against Ogle. The watch data showed Kotler’s heart rate remained at 52 to 71 beats per minute from 1 a.m. to 2 a.m., with a spike after she woke up to perform CPR. Despite challenges from Ogle’s defense about the data’s authenticity, the Yakima County Superior Court accepted it, which contributed to his conviction for second-degree murder. Ogle has filed an appeal.
Finally, in a recent case from last year, Laken Riley’s Garmin smartwatch provided key evidence in the investigation of her February 22, 2024, murder in Athens, Georgia. The smartwatch revealed a major disruption in her heart rate around 9:10 a.m., coinciding with her activation of the SOS function on her phone and a 911 call. The smartwatch also tracked her movement as she was dragged into the woods, showing no movement after 9:28 a.m., marking her likely time of death. Along with DNA evidence, this data played a major role in identifying José Ibarra as the perpetrator. At the trial in Athens-Clarke County Superior Court, Ibarra’s attorney argued that the evidence was circumstantial, but Ibarra was convicted of murder in November and sentenced to life in prison. Ibarra has filed a motion for a new trial.
HIPAA Concerns
The inclusion of wearable health data in criminal investigations presents significant legal challenges, especially regarding privacy and data protection. A pivotal issue is the potential applicability of the Health Insurance Portability and Accountability Act (HIPAA), which protects health information.
HIPAA was designed to protect individuals’ health data, especially amongst healthcare providers, insurance companies, and other organizations involved in medical treatment. However, the uncertainty surrounding whether data from wearable devices is protected under HIPAA is a great challenge. Wearable devices such as Fitbits or Apple Watches collect a wide range of personal health data, but most of this data is not transmitted through healthcare providers or covered entities. HIPAA protections apply mainly to healthcare providers, insurers, and specified entities that handle medical records or health data within a clinical setting. Therefore, health data generated by consumer-grade wearables—particularly when shared with third parties or used in criminal investigations—might fall outside the scope of HIPAA protections. For instance, should a Fitbit user voluntarily share their data with a law enforcement agency, this data could be used in a criminal investigation without necessarily being protected by HIPAA, since it is not shared with a healthcare provider, which creates a gap in privacy protections.
On the other hand, if the data is shared with a healthcare provider, it is considered protected health information under HIPAA and requires a subpoena. The lack of specific guidance on HIPAA’s scope concerning wearable health devices means law enforcement agencies may have greater access to personal health data than users initially expect. This may lead to considerable privacy concerns, particularly if the data is utilized without consent or if it is shared with third parties who are not bound by HIPAA confidentiality requirements.
Constitutional Concerns
The utilization of wearable health data also raises significant constitutional issues, specifically in reference to the Fourth and Fifth Amendments. The Fourth Amendment protects against unreasonable searches and seizures, which means law enforcement generally needs a warrant to access personal data. Wearable devices, however, pose unique difficulties. Courts have yet to definitively determine whether data accessed from a defendant’s wearable device requires a warrant, especially if the owner or a third party has shared the information. The issue becomes ever more complex if the data can incriminate the defendant. Do prosecutors need to specify in the warrant that they are going to review personal health data on the device? The Fifth Amendment protects against self-incrimination, giving rise to questions of whether a defendant could be compelled to unlock or provide access to their wearable device. Like cases involving smartphones, courts may eventually address whether accessing personal health data from devices like the Apple Watch or a Fitbit violates the defendant’s right to remain silent. If the obtained data suggests the defendant’s involvement, concerns arise over whether forcing the defendant to grant access to their wearable device would violate constitutional rights.
Possible Defense Arguments
In cases where wearable health data is used against a defendant, defense attorneys should raise reliability arguments. They could question a device’s data collection, analysis methods, and the algorithms used, and also the validation process. User input errors, inconsistencies in sensor technology, and variations in sensor quality could lead to misleading data. Counsel should examine how the individual used the device—such as placement—as improper placement may affect readings significantly.
Defense counsel should question the direct correlation between unusual data and criminal behavior, as many factors unrelated to criminal activity may cause similar irregularities. Finally, should the government be required to obtain this data for witnesses, which can then be used to challenge surrounding data? If a warrant was obtained in order to collect evidence or if it was collected with unclear consent, defense lawyers could invoke Fourth Amendment protections, arguing that the data was obtained without permission. Accessing the data without permission, lawyers could invoke the Fifth Amendment arguing compelling said access forces the defendant to affirm its existence, accuracy, and control. If law enforcement accessed the data without the proper authorization, evidence may be inadmissible.
Conclusion
As wearable health devices become more integrated into criminal investigations, legal systems must adapt. Given the prevalence of these devices, there is an urgent need for clearer guidelines around how this data is accessed, used, and protected within the context of criminal investigations. As technology advances, it is vital to balance law enforcement’s need for evidence with the individual’s fundamental rights to privacy and against self-incrimination. This issue is not just about the specific legal and investigative technicalities it strikes at the core of personal freedoms and the constitutional safeguards designed to protect them. Just as wearable devices track our movements, the legal system must be careful—ensuring that, in the pursuit of justice, it operates within constitutional bounds.
