Your Data Will Be Used Against You: Policing in the Age of Self-Surveillance

The ancient philosophical mandate to "know thyself" has undergone a radical transformation in the 21st century. What was once a quest for spiritual or intellectual enlightenment has transitioned into a digital exercise in "quantified self" metrics. Through an expansive ecosystem of wearable devices and embedded sensors, individuals now monitor heart rates, blood pressure, sleep cycles, ovulation, and even meditation patterns. However, as legal scholar Andrea Matwyshyn has observed, the "Internet of Things" has rapidly evolved into the "Internet of Bodies" (IoB). This transition has created a massive, decentralized repository of biological data that is increasingly being repurposed as a tool for state surveillance and forensic investigation.

While these technologies are often marketed under the guise of health and self-improvement, the data they generate—ranging from step counts to genetic sequences—is falling under the scrutiny of law enforcement. As the boundary between private health data and public evidence blurs, the legal system is struggling to keep pace with the speed of technological adoption.

The Quantified Self and the Medicalization of Surveillance

The integration of digital tracking into daily life is now ubiquitous. Millions of Americans wear smartwatches that provide algorithmic prompts to stand, breathe, or exercise. These devices function by continuously monitoring bodily activity, creating a digital twin of the user’s physical state. While beneficial for personal health, this data provides a granular map of human behavior that is accessible to authorities.

Medical professionals have largely embraced this connectivity. Smart pacemakers now monitor cardiac rhythms in real-time, digital pills record medication adherence, and smart bandages detect early-stage infections. By linking physical bodies to digital health records, these innovations aim to improve clinical outcomes. However, the same data that informs a physician can also be used to incriminate a patient. Digital pills, for instance, can notify a parole officer if a subject stops taking prescribed psychiatric medication—a development particularly relevant given that the first FDA-approved digital pill was designed to treat schizophrenia. Furthermore, smartwatch data has already been used in criminal investigations to identify periods of physical exertion, which can be correlated with drug use or other specific activities.

Reproductive and Mental Health: New Frontiers of Data Liability

The legal landscape surrounding personal data has shifted dramatically following the 2022 Supreme Court decision in Dobbs v. Jackson Women’s Health Organization. With the criminalization of abortion in various U.S. states, the "femtech" industry has become a focal point of privacy concerns. Approximately one-third of American women use period-tracking applications like Flo, which boasts 48 million users. These apps collect sensitive information regarding reproductive cycles, symptoms, and sexual activity.

In jurisdictions where abortion is restricted, this data constitutes a potential evidentiary goldmine. A missed period combined with recorded symptoms of nausea could serve as circumstantial evidence of pregnancy and subsequent termination. While some companies have implemented "anonymous modes" or localized data storage, they remains subject to court orders. U.S.-based companies must comply with warrants, and as legal experts note, the only way to truly protect such data is to cease its collection—a move that contradicts the business models of most tech firms.

The mental health sector faces similar vulnerabilities. Online therapy platforms like BetterHelp, which serves over 2 million users, have faced intense scrutiny for their data-sharing practices. In 2023, the Federal Trade Commission (FTC) imposed a $7.8 million fine on BetterHelp for sharing sensitive user data with third parties, including Facebook, for targeted advertising. This practice, often facilitated by automated "pixel" capture technologies, extends even to suicide prevention services. Beyond commercial exploitation, this data is accessible to government agencies, where it could be used to establish motive in criminal cases or to discredit political figures.

The Centralization of Biometric Power: FBI and State Databases

The government’s appetite for biological data is evidenced by the massive expansion of biometric databases. The FBI’s Next Generation Identification (NGI) system is currently the largest biometric repository in the world, containing voice profiles, palm prints, iris scans, and facial templates. Integrated with this is the Combined DNA Index System (CODIS), which holds approximately 21.7 million DNA profiles—representing nearly 7 percent of the U.S. population.

State-level initiatives have further expanded this reach. In Orange County, California, the District Attorney’s office implemented a "spit and acquit" program, where misdemeanor charges were dismissed in exchange for a DNA sample. These samples are then permanently stored for future forensic matching.

Perhaps the most controversial expansion of genetic surveillance occurred in New Jersey. Under state law, all newborns undergo blood screening for genetic disorders. However, it was revealed that the state’s Newborn Screening Laboratory retained these DNA samples for 23 years without explicit parental consent for forensic use. In one instance, state police used a subpoena to obtain a newborn’s DNA to link the infant’s father to a crime committed 15 years prior. This case highlighted the lack of transparency in biometric retention, leading to legislative efforts in New Jersey to limit DNA retention to two years.

Facial Recognition: Efficiency and the Risk of Misidentification

The digitization of public life has revolutionized facial recognition technology. Law enforcement agencies now routinely use AI-driven systems to identify suspects from surveillance footage. While successful in some instances—such as the identification of Luis Reyes in a Manhattan theft case—the technology is prone to significant errors.

In New Jersey, Nijeer Parks was falsely arrested for shoplifting after a facial recognition match identified him as a suspect. Despite being 30 miles away at the time of the crime, Parks spent 10 days in jail and incurred $5,000 in legal fees to prove his innocence. Such cases are not isolated. Reports from the Georgetown Law Center for Privacy and Technology indicate that facial recognition systems are often "rife with error," particularly when identifying women and people of color, due to biases in the datasets used to train the AI.

The technology is also being deployed in the private sector for purposes beyond security. MSG Entertainment utilized facial recognition to identify and bar lawyers from law firms involved in litigation against the company from entering venues like Radio City Music Hall. Retail giants like Walmart and Target utilize sophisticated video surveillance that can read the time on a shopper’s watch, while Rite Aid was recently banned by the FTC from using facial recognition for five years after its system erroneously targeted customers for suspected shoplifting.

The Erosion of the Fourth Amendment

The rapid advancement of biometric surveillance poses a fundamental challenge to the Fourth Amendment, which protects citizens against "unreasonable searches and seizures." Traditionally, the legal system has held that individuals have no "reasonable expectation of privacy" regarding attributes they expose to the public, such as their face or voice.

However, the Supreme Court has begun to signal that the scale of digital tracking may require a new legal framework. In Carpenter v. United States (2018) and United States v. Jones (2012), the Court ruled that long-term tracking via cell signals or GPS constitutes a search. Legal analysts argue that persistent facial recognition tracking should be viewed through a similar lens, as it provides a comprehensive map of an individual’s movements over time.

The issue of "abandoned DNA" remains a significant loophole. Currently, police can collect genetic material from discarded items—like a coffee cup or a used tissue—without a warrant. As technology allows for the collection of DNA from the physical environment (touch DNA), the ability to opt out of genetic surveillance is becoming virtually non-existent.

The Privatization of Genetic Genealogy

The rise of consumer genomics has further complicated the privacy landscape. Over 30 million Americans have voluntarily submitted their DNA to companies like 23andMe and Ancestry. While intended for genealogical research, this data has been used by police to solve cold cases through "familial searching." By 2019, consumer DNA data had assisted in closing 66 cases, including those involving 14 suspected serial killers.

Because family members share significant portions of their genetic code, one person’s decision to upload their DNA effectively compromises the genetic privacy of their entire extended family. Investigative genetic genealogy (IGG) allows police to identify individuals even if they have never interacted with a DNA database themselves. While some states, such as Maryland, Montana, and Utah, have passed laws requiring warrants for such searches, the federal government has yet to establish a uniform standard.

Conclusion: The Future of Biometric Anonymity

As the "surveillance theater" of the digital age continues to expand, the cost to human autonomy is becoming clearer. The transition from self-surveillance for health to state surveillance for policing has occurred with minimal public debate and even less legislative oversight.

While biometric data has undoubtedly aided in solving heinous crimes, the collateral damage—the loss of anonymity in public spaces, the risk of false arrests, and the monetization of our most intimate biological secrets—is substantial. As Andrew Guthrie Ferguson argues in Your Data Will Be Used Against You, the power of the state to monitor its citizens is growing far faster than the constitutional protections intended to restrain it. In an era where one cannot "ditch" their DNA or their face, the development of robust statutory protections, such as Illinois’ Biometric Information Privacy Act (BIPA), may be the only way to preserve a semblance of privacy in a world that is always watching.