How Your Smart Devices Became the Government's Most Reliable Witness

Andrew Guthrie Ferguson has spent years watching the American legal system struggle to keep pace with technology, and his conclusion is not a comfortable one. In his new book, Your Data Will Be Used Against You: Policing in the Age of Self-Surveillance, published by NYU Press, the law professor lays out a case that is difficult to dismiss: the Internet of Things has not merely changed how we live, it has changed what it means to be observed. Every fitness tracker, smart thermostat, connected car, and voice-activated speaker is quietly compiling a record of your behavior, and that record is increasingly finding its way into courtrooms, police databases, and government surveillance programs.

Ferguson calls this phenomenon "sensorveillance," a term that captures something important about the shift underway. Traditional surveillance required deliberate effort. Someone had to follow you, tap your phone, or station a camera outside your home. The new surveillance is different because it is ambient. You opt into it voluntarily, often enthusiastically, because the devices that collect your data also make your life more convenient. The result is a system in which citizens are, in Ferguson's framing, effectively informing on themselves.

What makes sensorveillance particularly consequential is not just the volume of data being generated but its intimacy. A smartphone does not merely record where you went. It records when you woke up, how long you stayed in one location, whether your heart rate spiked, who you called and for how long, and what you searched for at 2 a.m. Connected cars log acceleration patterns, GPS coordinates, and door-open events. Smart home devices capture the rhythms of domestic life in granular detail. Taken together, these data streams create something closer to a behavioral biography than a simple location log.

Law enforcement has noticed. Prosecutors have used Amazon Echo recordings as evidence in murder trials. Fitbit data has been introduced to challenge alibis. Pacemaker data has been used to charge a man with arson. These are not hypothetical scenarios from a dystopian novel. They are documented cases that have already worked their way through American courts, and they represent only the visible edge of a much larger practice. Police departments routinely request data from device manufacturers, and those companies, operating under legal compulsion or simply under the terms of their own privacy policies, frequently comply.

The legal framework governing all of this remains deeply unsettled. The third-party doctrine, a principle established by the Supreme Court decades before smartphones existed, holds that information voluntarily shared with a third party carries no reasonable expectation of privacy. Applied to the Internet of Things, this doctrine would seem to strip constitutional protection from nearly everything a connected device records, since by definition that data is transmitted to a company's servers. The Supreme Court's 2018 decision in Carpenter v. United States introduced some limits by requiring a warrant for extended cell-site location data, but the ruling was narrow and left enormous questions unanswered.

There is a systems dynamic at work here that deserves more attention than it typically receives. Consumer demand for smart devices drives manufacturers to collect more data, which makes the devices more useful, which drives further adoption, which generates more data, which makes that data more attractive to law enforcement, which creates pressure on manufacturers to retain and share it. At no point in this cycle did most users consciously agree to become subjects of a surveillance infrastructure. They agreed to a terms-of-service document that almost nobody reads, and the consequences cascaded from there.

The second-order effect that Ferguson's work points toward is a chilling one. If people begin to understand, really understand, that their devices are potential witnesses against them, behavior may change in ways that are hard to predict and harder to reverse. Some will simply accept the trade-off. Others may retreat from connected technology in ways that disadvantage them economically and socially. And a smaller group, those with the resources and technical knowledge to do so, will find ways to minimize their data footprint, creating a two-tiered privacy landscape in which protection from surveillance becomes a function of wealth and expertise rather than legal right.

Ferguson's book arrives at a moment when Congress has repeatedly failed to pass comprehensive federal privacy legislation, and when the regulatory frameworks that do exist were designed for a world of desktop computers and static databases. The sensors keep multiplying. The data keeps accumulating. And the courts keep being asked to apply eighteenth-century constitutional principles to twenty-first-century evidence.

The most unsettling possibility is not that the government is building a surveillance state from the outside in. It is that consumers have been building one from the inside out, one firmware update at a time.