Listen to this story
The moment Myrna Nilsson’s heart stopped beating was recorded by her Apple Watch. In September 2016, the 57-year-old was found dead in the laundry room of her home in Adelaide, Australia. According to her daughter-in-law, the murder was the result of a home invasion.
The smartwatch on the victim’s wrist suggested otherwise.
On the night of the killing, Caroline Nilsson emerged from her home around 10:10 p.m., mouth and hands bound with tape. A neighbor called the police, the distressed 26-year-old was taken in, and her version of events was heard. According to Nilsson, her mother-in-law, Myrna, had been followed home by a group of men in a car. The men argued with her for 20 minutes before the fatal attack—an attack that Caroline herself didn’t hear because she was in the kitchen with the door closed. After the murder, the attackers found Caroline, bound her, and left her while they fled the scene.
The prosecutors, however, allege that Caroline Nilsson staged the invasion. Myrna Nilsson was wearing an Apple Watch, which was silently taking measurements of her movement and heart rate throughout the night. Based on this data, police were able to glean when her body went into shock and when she lost consciousness.
“The deceased must have been attacked at around 6:38 p.m. and had certainly died by 6:45 p.m.,” said prosecutor Carmen Matteo, as reported by ABC News.
That leaves three hours between the attack and Caroline Nilsson’s emergence from the house—a gap that the prosecutor argued “tends to contradict the accused’s version of an argument occurring between the deceased and these men outside the laundry for a period of up to 20 minutes.” Three hours, the argument goes, would have been enough time to clean up and discard bloodied clothing.
Twenty or so years ago, those sorts of timelines might have relied on witness testimony. Today, the devices on our bodies and in our homes hold detailed records on every tap, step, and heartbeat.
“It’s just another file system to be downloaded, extracted, eventually put into tables with times and locations and other information,” explained Alistair Ewing, a digital forensics expert for London-based Compute Forensics.
Ewing specializes in pulling together the disparate strands of calls, apps, locations, heart rate data, IP addresses, and upteenth other digital breadcrumbs left by the tech we own.
“I’ve used a technique where I basically just dump out all the data from the whole phone, then make a timeline,” Ewing explained. “From that, you can see how to take out entries of logs, web browsing…From that, you can build up a timeline and get a full picture of what the person’s been up to.”
Even location information can be decanted from the devices in our pockets and on our wrists. Ewing told me about a kidnap case where location metadata from photos was used as evidence in the defendant’s favor: “The so-called victim’s phone was analyzed as she was seen to be taking pictures that were different from the location that she was at. These can be stripped out, put into an Excel table, then even plotted to an A3 piece of paper. You can estimate where the person has been.”
He added, “When you get to the point of someone being accused of doing something in Brighton, and they’re [185 miles away] in Sheffield, then it’s quite a strong piece of evidence.”
Building a Picture
Myrna Nilsson’s murder isn’t the first time fitness tracking data has been used in an investigation. In 2015, Richard Dabate told police that he had returned at 9 a.m. to his Connecticut home to find a masked man waiting for him. He said that when he heard his wife, Connie, turn the key in the front door, he screamed for her to run, but the intruder shot her dead. The masked man then proceeded to tie Richard Dabate to a chair and burn him with a blowtorch. A fight broke out, the torch was turned on the intruder, and he ran away. Dabate, still tied to the chair, crawled upstairs and pushed a panic button.
But the Fitbit on Connie Dabate’s wrist matched a different timeline. The number of steps the victim took while she was at home did not chime with the number of steps she would have taken if Richard Dabate’s version of events is to believed. Detectives used this data in coordination with emails, calls, social media usage, and garage door sensors to argue that Connie had, in fact, been at home much longer than husband claims; that she had posted pictures to Facebook between 9:40 and 9:46 a.m. and had been moving right up until 10:05 a.m., when her partner killed her.
Dabate’s case, like Nilsson’s, is ongoing, but the prosecutor’s argument shows how data spread across a cabal of devices, from laptops and fitness trackers to panic buttons and garage doors, can be used to draw a detailed picture of a murder.
While lawyers and detectives have long been drawing on clues to create chronologies for crimes, the sheer scale of records offered by “smart” technology stands to bring about a whole new level of criminal evidence.
“With the ubiquity of smart personal devices, it seems inevitable that there will be an increase in data from such devices being considered for use in criminal investigations or prosecutions,” Marion Oswald, a senior fellow in law at the University of Winchester, told me.
“It certainly seems likely that questions of identity and location may become less arguable due to smartphone data, provided you can show who was using the phone at the time,” she said. “Other questions, such as what data from a Fitbit actually proves, may not be so straightforward.”
As Oswald points out, biometric evidence can’t be taken as an objective truth. Metadata on a photo may be hard to dispute, but a connection between a victim’s heart rate and the moment of an assault requires interpretation. “Interpretations can be disputed, and such disputes are only likely to increase,” she said.
There’s also the fact that data is open to manipulation. The use of smart devices as evidence may be new, and therefore criminals are likely unprepared for how their watches and phones could be used against them. But as this becomes more common, we could see more in the way of crafty misdirection.
“Data manipulation is an interesting question,” Alice Hutchings, a senior research associate at the Cambridge Computer Lab, told me. “The most straightforward way of doing this would be physically moving the device, as I assume it would be in the offender’s presence, and requires no technical expertise. These devices measure movement, not who or what they are attached to.”
One of the most high-profile cases to encompass this kind of data interpretation drew to a close this year, when health data from an iPhone was used as evidence to prosecute Hussein Khavari for the rape and murder of 19-year-old medical student Maria Ladenburger in Freiburg, Germany.
In October 2016, Ladenburger was attacked on her way home from a party, raped, then drowned in the Dreisam River. A jogger found her body in the morning, and a special commission was subsequently established to find her killer.
According to the German paper Die Welt, the health app on Khavari’s iPhone had recorded bouts of strenuous activity on the night of the murder, including two peaks that the software designated as “climbing stairs.” The investigators argued that this represented the times he had, in fact, dragged the victim’s body down the bank of the river, thrown it in the water, and climbed back up.
In March 2018, Khavari was sentenced to life imprisonment. The result showed how investigators could use biometric information to convincing effect. But that doesn’t spell the end for witness testimony. The Freiburg police reportedly questioned more than 1,400 people. It was also the first time they had correlated health and geolocation data, suggesting we’re a far cry from this kind of evidence being routinely used for every murder.
“Our daily trace is complex, [spread] across multiple technologies, but the effort and level of expertise is still considerable,” said Allan J. Brimicombe, head of the Centre for Geo-Information Studies, University of East London. “There is an enduring mismatch, termed the ‘knowledge asymmetry,’ between the current state in the evolution of science and technology and the capabilities of the police and particularly the Courts.”
When police have to deal with decades-old computers and a backlog of cases, spending hours poring through the logs of smartwatches and connected home appliances might seem like an indulgence, particularly when the case isn’t as high-profile as a major homicide.
There’s also the issue of getting this information in the first place. Apple famously clashed with the FBI in 2016 over access to the iPhone of the San Bernardino shooter, with the tech giant refusing to break into the device. The argument went to court, but the FBI dropped it after hiring a third party to break into the iPhone—something the investigators in the Maria Ladenburger case also did after Khavari refused to grant entry to the device. And now, Apple has updated its software to make it harder for law enforcement to access information via the USB port without authorisation from the owner, closing a loophole police had relied on.
Ewing described the relationship between digital forensics firms and tech companies as “a game of cat and mouse.” Third parties will find a way to break into the device; the tech company will roll out a security update; third parties will find a workaround. It’s unlikely to be a sustainable relationship, and there’s a feeling that further legal guidance will be needed if this type of evidence becomes commonplace.
And it’s not only tech companies and digital forensics playing a game of cat and mouse. Just as DNA evidence brought about new ways to identify perpetrators, Brimicombe said that health data and other information from smart devices could become the crucial pieces of proof needed to secure a conviction. At the same time, criminals will become savvier about hiding their tracks.
“Gloves are used to avoid fingerprints, bodysuits to avoid leaving DNA-able material,” Brimicombe said. “Now the criminal will know to remove all electronic devices, as they can be incriminating.”
As we become more comfortable with connected devices in our lives, there will be more and more opportunities for our actions to be recorded. The legal and ethical clashes will follow — as will master criminals bending the data to their own ends. But as we get used to phones and fitness trackers quietly keeping score of our steps, those making the timelines are going to have plenty more pieces to build with.