Ride the Lightning

Heart Pacemaker Data Used to Indict Alleged Arsonist

February 7, 2017

Hat tip to Jeff Sallee.

In September 2015, a home in Ohio caught fire. A neighbor called 911. Make sure the homeowner's out of there, the emergency operator told the neighbor. But they didn't need to worry: Ross Compton, the 59-year-old homeowner and now the alleged arsonist, had walked the driveway, safe and sound.

As Naked Security reported, Compton told authorities that he'd packed a suitcase and some bags, broken a window with his cane and made his escape, climbing through the window and carrying the heavy bags to his car.

The investigators, who discovered that Compton had extensive medical problems including an artificial heart implant, didn't think the story added up.

Fire investigators said the fire was started in multiple places on the outside of the house, according to the search warrant. In his call to emergency services, Compton said at one point that "everyone" was out of the house… and then, at the end of the call, told someone to "get out of here now." Oh, and there was gasoline found on his clothing. Yeah, I can see why they would want to dig a little deeper.

So – he had a pacemaker. According to court records seen by the local paper Journal News, police got a search warrant for all the data stored in the medical device.

The device yielded details of Compton's heart rate, pacer demand and cardiac rhythms prior to, during and after the fire, and the story that data told was a very different from the one than Compton had come up with.

A month after the fire, estimated to have caused $400,000 in damage to the house and to have killed a pet cat, Compton was arrested and charged with felony aggravated arson and insurance fraud. He was indicted in January.

According to court documents, a cardiologist who reviewed the pacemaker's data determined that it was "highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions."

So here we go again, though this may be the first case involving the use of data from a pacemaker, we are increasingly seeing Internet of Things (IoT) data being used in criminal investigations.

A year ago, US Director of National Intelligence James Clapper told the Senate that Big Brother might someday monitor us through our world of connected gadgets – pacemakers, fridges, or toothbrushes.

If and when intelligence agencies get around to tapping into the IoT, assuming they are not doing so already, they'll have quite a list of household (and business) objects to harvest data from. It probably won't be too challenging to do so, given the security holes already documented in IoT devices.

The PowerPoint security slides that engender an unbelievable amount of interest among our lawyer audiences these days are those which discuss Alexa, Siri, Google Assistant and their extended family.

As the article wryly concludes, you may have the right to remain silent when questioned, but that right against self-incrimination doesn't apply to your devices. You may find some refuge in privacy protections, but I sure as heck wouldn't count on it.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson