Madeleine McCann and Cellphone Evidence

Mobile phone evidence is apparently highly significant in the re-examined case of Madeleine McCann, the three-year old who disappeared on 3 May 2007 while on holiday in Portugal’s Algarve and whose story has had an incredible hold on the UK media ever since. 

At the beginning of October 2013 the team of UK police set up and specially funded to re-investigate - Operation Grange - briefed the  press that mobile phone records appeared to provide a break-through.  I have no particular knowledge of the McCann story but various media outlets decided they wanted some brief technical explanations for their audiences. BBC Radio 4’s Today programme was first to contact me, closely followed by BBC’s Radio 5Live.  Once in New Broadcasting House I was whisked into the BBC NewsChannel studio and then asked to pre-record a clip for the main BBC1 News bulletins.  Later I did the same for ITN and Channel 5 News.  One clip was shown in the US on ABC’s Good Morning America. 

It is flattering (and to be honest, commercially useful in marketing terms) to be asked,  but radio and tv news while good at quick reporting is not good at detail.  The purpose of this posting is to set out the potential value of cellphone evidence but also its limitations.  As it happens, the McCann case provides rather a useful way of understanding these.

We are talking here of the communications data collected by mobile phone companies – it is also sometimes referred to as metadata – not what can be retrieved from a physical examination of a mobile phone and its SIM.

Potentially there are two sorts of evidence available – who was talking to whom, when and for how long; and location data – where a phone was at a particular time. Given that 94% of the UK population now have a mobile phone (and 49% use a mobile phone to access the Internet) and there are now 83 million mobile phone subscriptions for a population of 63.7 million it is easy to see why mobile phone evidence is so important in very many types of criminal investigation.  Pop into a sample of Crown Courts and look at the bundles of evidence and it won’t take you long before you will find exhibits of Call Data Records and maps of Cell Site Analysis.

Data Retention

It was for this reason that the police in 2000 or so started to demand laws requiring mobile phone companies to retain these classes of data.  Data Protection legislation treats call data and location records as personal data with the result that once a mobile phone company no longer has a business need for the data it should be destroyed.  The two business justifications for retaining the data are:  to settle bill disputes and to collect engineering information to improve the quality of the service.  Law enforcement lobbying to require the data to be held for much longer resulted in the EU Data Retention Directive of 2006.  The UK implementation occurred in the Data Retention (EC Directive) Regulations 2009.  The “communications” data is held for a year.  The mobile phone company yields information requested in the correct form and with appropriate detail  by a senior law enforcement officer under the Regulation of Investigatory Powers Act, 2000, Chapter 11.  The requesting officer has to justify using necessity and proportionality tests.

Available Records

Several types of record are available:

Call Data Record (CDR)   This refers to a single phone number and the calls in made and received over a given period.  It contains: number of  the counterparty's  phone;   whether call is in-coming or out-going; type of call (eg voice SMS, multi-media message)  time of call;  duration of call;   identity of SIM (IMSI), hardware identity of phone (IMEI),  identity of cell mast through which the call has taken place.   Although all CDRs contain this information, some mobile phone companies may have collected additional data.

Mobile Phone / Mast Registration Data    While it is switched on every mobile phone is monitoring the available signals and registering and re-registering itself to the mobile phone mast that is presenting as strongest.  As the phone moves with its owner across the landscape it will re-register.  The process is intrinsic to how mobile phones work – the system has to know to which mast to send a specific incoming call to the right phone.  The records are collected by mobile phone number, time and mast/cell site identity.   Levels of detail vary between different mobile phone companies.   In the UK these too are kept for a year.

Cell Dump  This record collects each phone number associated with a specific mast/cell site at a particular time.  It is also sometimes referred to as a “tower dump”.

Software Analysis

There are a variety of software aids to assist investigators:

Link Analysis is used on CDRs (and other communications data such as IP addresses and email headers) to indicate relationships between callers / participants.  The software shows frequencies of contact over time.  The results are usually rendered into graphics so that possible conspiracies can be identified, or a particular intensity of interaction at a particular time.

Cell Site Location Analysis  produces maps showing the movements of individuals, or rather their powered-up mobile phones,  as they move from one place to another.   Reasonably detailed maps of movements obviously require that the persons of interest are moving from one mast area to another.  The creation of the maps can require quite a bit of human input.  For example,  if movement is rapid it is a reasonable inference that some-one is travelling in a car or other vehicle and that this must be taking place on a proper road and not over fields or back-gardens.  At any given time a mobile phone may not necessarily be registered to the mast that is geographically closest.  That mast may be fully in use so that traffic is being handed over to an adjacent one;  phone signals can get attenuated through buildings or may be reflected off them;  there may be local anomalies of terrain – an unexpected open “path” to a more-distant mast.  

Cell Dumps by themselves don’t lend themselves to much further software analysis – they identify phone numbers present near a mast at a particular time.

Few of these techniques are used by themselves but are feeds into wider-based reconstruction of events,  other sources including statements from witnesses and, if available closed circuit tv.  In the UK a further source is data from Automatic Number Plate Recognition (ANPR) cameras which track and record movements of vehicle on major roads, data from which is kept for at least two years.

Limitations

The McCann case helps use see some of the limitations: What the Portuguese police collected in May 2007 was, I understand,  a cell dump.   It is not clear how much other cellphone data was collected then, subsequently or has been successfully acquired in the current new UK police investigation.  

Data is not kept indefinitely.  The EU Data Retention Directive was only just in force in 2007. 

All these records are of phone numbers (and SIMs and the handset hardware identities) not of individuals – for that you need what is known as “Subscriber Data”.  Subscriber Data is easy to obtain – provided you are dealing with events in which only one national jurisdiction is involved and all the individuals of interest are pay-monthly customers identifiable by the addresses they provided on sign-up and their banking information.  And, as with all the other data,  the police would have to ask for it within the “data retention” period of a year.  Obviously data subscriber requested outside that period may still be valid.  

But the Algarve is a tourist area and there are likely to have been many “foreign” mobile phones active.  British police will have had to contact many overseas mobile phone companies,  though almost certainly each application could not have taken place directly but would have had to go through a Mutual Legal Assistance or similar procedure.   If these requests were being made in 2011, 2012 and 2013 not  all subscriber data might have been available.

However this is for “pay monthly” subscriptions,  many are PAYG – Pay and You Go. In the UK approximately half of all mobile phone subscriptions are PAYG.    The numbers associated with PAYG SIMs which appear not be used / not topped-up are usually recycled to another, newer customer,  after 270 days.  It is not clear that old customer records are kept.     The PAYG phone and SIMs may have been bought for cash, in which case there will no means of identifying the subscriber.  If the purchase was by credit or debit card and/or if the subscriber registered to top-up online, they may then be identifiable.  But we are still left with the problem of how much information from 2007 was still valid and available by 2011, 2012 and 2013.  

The value of the location data depends on how many masts were serving the specific holiday area, Praia de Luz.  If there was just one mast in the area of interest then it may not be possible to draw a useful map.

Other Leads

There are obviously many other leads in the McCann case and some of the mobile phone data will undoubtedly help the complex reconstruction which has to be at the heart of the police investigation.  But things may not be as simple as hoping that such data unlocks the mystery of Madeline’s  disappearance.  Indeed one possibility is that her abductor, and we assume that such a person exists, may not have even have been a mobile phone user at the relevant time.  

The missingkids uk website currently lists 123 missing children; the oldest disappeared in December 1959 and would now be 70. 

Oversight of GCHQ

“Stronger oversight” is the frequent reply to the concerns raised by the Snowden documents about NSA and GCHQ.  But in UK terms what would more rigorous scrutiny of GCHQ and for that matter, the other Agencies, actually look like?

I wrote a short piece for the Guardian’s Comment is Free but while that is a good platform to get attention, the 800-word limit isn’t enough for more complex nuanced arguments and background explanation.

Inevitably people approach these issues with certain assumptions; you need to know mine and also be able to assess the value of my commentary. 

Assumptions

While my long-term hopes for humankind include permanent world peace and universal honesty, the world in which I live is dominated by competitive, sometimes even aggressive, nation states and an increasing number of non-state global profit-seeking entities based on finance, the supply of ICT services and large-scale manufacture.  There are also many varieties of dishonest and corrupting persons.  That means, alas, the need for intelligence and law enforcement agencies.  In turn these need powers and resources – and much of the investigatory aspects of their work will have to be operationally covert.

As to my qualifications, apart from what you can read on my website,  I have never worked within the intelligence community but I have had many types of contact with various officers from the Agencies since the mid-1990s, largely as a result of my cyber security work.  Between 2003 and 2009 I was on a Panel on Emergency Response run by the then UK Government Chief Scientist during which there was frequent interaction with the Agencies and elements in the Cabinet Office.  I have acted as a Specialist Advisor to a Commons Select Committee and also frequently give evidence to such committees.  You will, I hope,  understand the relevance of all of these experiences later in this post. 


Lost Trust

Trust has been lost in the current mechanisms of oversight:  Interception and Intelligence Commissioners – too limited to simply testing compliance with the Regulation of Investigatory Powers and Intelligence Services Acts (RIPA and ISA);  elected warrant-signing senior politicians – unlikely to have the necessary background to ask the tough questions particularly in relation to the effects of changing technologies,    politically reluctant to challenge the spooks and not really democratically accountable to Parliament as much cannot be fully openly discussed;  the Intelligence and Security Committee (ISC)  - lacking in necessary knowledge and experience and woefully under-resourced to know the right questions. It is difficult to discern, from their published reports,  that they are testing the fundamental assumptions of Ministers and the Agencies about perceived threats and how strategically these are to be met.  There are few references to value-for-money in the various Agency activities.  Nor do they appear to be questioning the quality of the internal procedures of the Agencies.  And there is scant reference to judgements about the impact of changing technologies    

According to Chris Huhne, former Cabinet Minister, but more crucially also a member of the National Security Council, (on its website: “the main forum for collective discussion of the government’s objectives for national security”) he never knew about GCHQ’s Prism and Tempora programs.

Some react with outrage that there should be any issue of questioning the ethics and integrity of the intelligence community.  There are several responses.  First, the main remit of the Agencies is spying and they are assessed on the basis of the value of the “product” and associated assessments.   It is an impossibility that they can simultaneously be the sole arbiter in deciding how far they should go in an intrusion.  Second, however ethical and well-run they are it is inevitable that mistakes in operations and judgements will be made – and with them the temptation to suppress knowledge that they have occurred, if only in the mistaken belief that “trust” would be undermined if imperfections became public.  If we compare the Agencies with the police, who for the most part are believed to behave properly, nevertheless currently there are concerns about Hillsborough, South Wales Police, and undercover policing of demonstrators.  And if we also look at the regular Ministries – the Agencies are part of the civil service – we can also see many mistakes:  Department of Transport in costing the West Coast franchise,  Ministry of Defence with cost over-runs too numerous to mention, Department of Health’s mismanagement and prolonged concealment of the failures of the Connecting for Health system,   Home Office failures in processing immigration requests,  and managing the UK’s borders.  Why would we think that the Agencies are entirely free from these sorts of problems? You have only to read Peter Wright’s Spycatcher to see that in the not-too-distant past very strange views were allowed to feaster in MI5.   Wouldn’t stronger oversight reduce their likelihood or at least publicise them so that corrective action becomes possible?

No Perfect Solution

There is no perfect oversight solution – any new regime will still lack total transparency – and will involve individuals, almost certainly with high levels of security clearance, sitting in secret.

Some specific law reform may be desirable, even necessary - some tightening of  UK and EU Data Protection law and of RIPA and ISA but in this arena, as in many others, clarity in policy aims should precede formulation of wordings for laws.    After a while “law” gives way to “politics”. Even at their best, these laws are only OK for protecting domestic citizens but not foreign individuals, businesses and governments – discovered state spying results in letters of complaint and the expulsion of diplomats, not prosecution.  

In the end who wants to be going to the courts all the time?  The key bits of  RIPA and ISA, to do with Agency remit, will always require flexible interpretation.   Sturdy plausible oversight mechanisms are what are really required.


What are the aims of an oversight mechanism?

Before looking at specific points in the system where oversight can be introduced or developed, we need to think what we want it to do.  The element that appears to be already in place is scrutiny of specific routine operations.  It is the bigger issues that are not covered. 

First among these must be testing current views of “What is the threat?” as everything else, levels of intrusion and expenditure on resources and people, follow.  With fewer than 60 mainland deaths from domestic terrorism since 1989 compared with the 3201 who died in traffic accidents in the single year, 2005, when 52 people died in 7/7, questions must be asked whether terrorism is the persistent existential threat so often used to justify whole-population surveillance.  Or whether, in view of the low evidential requirements to secure prosecutions under the Terrorism Act 2006 – dissemination of terrorist materials, “encouragement”, providing training – there are really large numbers of foiled plots which never come to public attention.  Plainly the traditional diplomatic and military targets of espionage and counter-espionage persist along with their newer cyber variants.   

Next, there is the impact of changing technology.  Yes, one wants GCHQ  to “Master the Internet” but the range and extent of material now available for harvesting plus the ease of large-scale data mining changes the intrusion equation.  Is “you never know all this data might be useful someday” a good enough reason to initiate large schemes for mass collection?  Do we really think that intrusion only occurs when globally collected data is actually searched?  Yes, too there are circumstances when encryption must be broken, but, after Snowden’s revelations,  trust in e-commerce, e-banking and routine business confidentiality precautions, all reliant on crypto and all essential to the economy,  is under threat.     Who understands and tests GCHQ’s judgements on the balance of risk in these matters?

GCHQ cannot be considered apart from its ultra-close relationship with NSA.  But here too there are judgements which can go by the board.  The national interests of the UK and USA are not completely intertwined and there remains the concern that NSA can monitor UK citizens  and businesses as foreigners and pass the results to GCHQ who would otherwise be bound by RIPA – and vice versa.  Should the UK be using US-based cloud services?

Beyond that there is our relationship with other countries – the risks involved in being caught spying on them, or having covert agreements for the siting of Internet probes.

Finally, the public needs re-assurance against abuse.

Scope for improvements exist throughout and beyond the current oversight regime . The Justice and Security Act 2013 already gives some more powers to the ISC  while the Intelligence Services Commissioner’s remit  is extended to cover “any aspect of the functions” of an intelligence service and refers to the implementation or effectiveness of particular policies.



Oversight Agenda

In the agenda for debate set out below I have deliberately designed for some overlap of functions so that there are several semi-competing oversight functions which should act as a mutual check.

• Government to publish annual fact-based national threat assessment rather than the current simplistic references to “moderate”, “substantial” and “severe”

The obvious originator of such a publication appears to be the National Security Council, which in so far as it is not doing so already could borrow ideas from the US National Intelligence Council, responsible for the US Estimates  At the moment the UK  Cabinet Offices publishes a National Risk Register of Civil Emergencies which deals with various threats, natural and deliberate.  It is the public version of a more extensive classified document, the National Risk Assesement.  Something similar,  with historic statistics of terrorism threats in particular would form the basis of public discussion of what counter-measures appeared to be necessary and proportionate.  As an alternative or additional author there is also the Joint Intelligence Committee (JIC) though this entity, once very important, may be being wound down.

• Ministers to retain operational authorisation for Agency activities but warrants for interception, including the broad-based  s 8(4) RIPA “certificated” warrants to be passed for approval to a court; with short-term provision for retrospective warrant-granting in emergencies 

Although Ministers are, in practical terms, not immediately accountable to Parliament as there are nearly always reasons not to make public statements, in a democracy there is no alternative but to have elected individuals responsible for policy. But it seems a mistake to say those persons should necessarily also sign off on warrants. A separate entity, a judge or group of judges, should be tasked with deciding on the necessity and proportionality of specific acts of intrusion within the ministerial policy framework. Such an approach is an improvement on what we have, though there may still be circumstances in which a court over-favours the Agencies – see for example current concerns that the US FISC is misinterpreting the law

• ISC to be a proper Select Committee of Commons and Lords with no pre-nomination by the Prime Minister and preferably with a robust Chair; to have extended semi-permanent staff including a privacy advocate and academic technical experts  not drawn from the intelligence community.   

At the moment the ISC is described as a “Committee of Parliament”, its members are Parliamentarians, members of the Commons and Lords. They are nominated by the Prime Minister in consultation with the Leader of the Opposition and then appointed by Parliament. It is not a Select Committee. The ISC’ s remit: “includes oversight of operational activity and the wider intelligence and security activities of Government. … Other than the three intelligence and security Agencies, the ISC examines the intelligence-related work of the Cabinet Office including: the Joint Intelligence Committee (JIC); the Assessments Staff; and the National Security Secretariat. The Committee also provides oversight of Defence Intelligence in the Ministry of Defence and the Office for Security and Counter-Terrorism in the Home Office.”

The problem with the ISC is not remit but resource and capability. Only two of the current nine members would have had any serious experience of dealing with the Intelligence community, none has much knowledge of changing surveillance and computer technologies. Regular Select Committees rely heavily on the advice of Specialist Advisors, usually recruited from academia to support specific inquiries. In the case of the ISC there is no need for all Specialist Advisors to see everything the Committee sees. Select Committees prefer to have sessions that are open but also frequently have meetings where the public are excluded.

A reformed and extended ISC should also cover the activities of Ministers – as do the departmental Select Committees. It should hold at least one public session a year with the heads of the Agencies and also key Ministers. Ministers as well as the Agencies to provide full candid information in secret sessions. Ministers hould lose their power of vetoing the appearance of Agency Staff before the ISC. All future Annual Reports to cover changing strategic objectives of Agencies, transparency, value for money, impact of technological change, and commentary on intrusion limitation.  The ISC should declare its budget and resources so that they can be seen to be adequate.  There should be powers to demand access without the current limitation of potential ministerial veto. And no-notice visits would also be useful.

• Intelligence Service Commissioner’s remit to extend to reviewing the work of warrant-signing ministers (if that role is retained), to report annually on quality of internal audit within the Agencies, the impact of changing technological facilities and on Agencies’ role in intrusion limitation.  Proper permanent staff resourcing required.  Publication of detail about the types,  purpose and quantity of interception warrants. The Commissioner should declare the size of his budget and resources - so that adequacy can be judged.

• Information Commissioner to have specific role to report on intrusion limitation policies of Agencies and comment on impact on Data Protection policy. 

• GCHQ to follow NSA and appoint a Civil Liberties and Privacy Officer to advise on all aspects of strategy

• GCHQ to review its internal audit facilities so that each intrusive search is recorded together with the justification/authorisation – this facility is essential for any proper external inspection

• ISC,  Intelligence Services Commissioner and Heads of Agencies to adopt a more public profile, engaging in debate both fully in public and at Chatham House Rule-type events

• Better protection for whistle-blowers from within the intelligence community - right of direct access to the ISC.

• The Investigatory Powers Tribunal, currently the ultimate appeal mechanism, to be more transparent and to be made subject to judicial review of its work. 

Some of these are easier to achieve than others – a UK supervising court will need to learn the defects of the US’s FISC, for example.

Snowden’s documents provided detail and confirmation of what had long been suspected by anyone who had read the published books about NSA and GCHQ and then gone onto speculate what those organisations might now be seeking to  do.  Now that some of that detail is in the public domain GCHQ can, paradoxically, be more candid in discussing some of its activities and judgements.  And, rather than concentrating on Snowden’s “traitorous” nature, perhaps achieve greater public support and legitimacy, a view supported by David Omand, one its former Directors and Intelligence Co-ordinator and Stella Rimington, a former MI5 Director.