Mobile phone evidence is apparently highly significant in
the re-examined case of Madeleine McCann, the three-year old who disappeared on
3 May 2007 while on holiday in Portugal’s Algarve and whose story has had an
incredible hold on the UK media ever since.
At the beginning of October 2013 the team of UK police set
up and specially funded to re-investigate - Operation Grange - briefed the press that mobile phone records appeared to
provide a break-through. I have no
particular knowledge of the McCann story but various media outlets decided they
wanted some brief technical explanations for their audiences. BBC Radio 4’s Today programme was first to contact me,
closely followed by BBC’s Radio 5Live. Once in New Broadcasting House I was whisked
into the BBC NewsChannel studio and then asked to pre-record a clip for the
main BBC1 News bulletins. Later I did
the same for ITN and Channel 5 News. One
clip was shown in the US on ABC’s Good
Morning America.
It is flattering (and to be honest, commercially useful in
marketing terms) to be asked, but radio
and tv news while good at quick reporting is not good at detail. The purpose of this posting is to set out the
potential value of cellphone evidence but also its limitations. As it happens, the McCann case provides
rather a useful way of understanding these.
We are talking here of the communications data collected by
mobile phone companies – it is also sometimes referred to as metadata – not
what can be retrieved from a physical examination of a mobile phone and its
SIM.
Potentially there are two sorts of evidence available – who
was talking to whom, when and for how long; and location data – where a phone
was at a particular time. Given that 94% of the UK population now have a mobile
phone (and 49% use a mobile phone to access the Internet) and there are now 83
million mobile phone subscriptions for a population of 63.7 million it is easy
to see why mobile phone evidence is so important in very many types of criminal
investigation. Pop into a sample of
Crown Courts and look at the bundles of evidence and it won’t take you long
before you will find exhibits of Call Data Records and maps of Cell Site
Analysis.
Data Retention
It was for this reason that the police in 2000 or so started
to demand laws requiring mobile phone companies to retain these classes of
data. Data Protection legislation treats
call data and location records as personal
data with the result that once a mobile phone company no longer has a
business need for the data it should be destroyed. The two business justifications for retaining
the data are: to settle bill disputes
and to collect engineering information to improve the quality of the
service. Law enforcement lobbying to
require the data to be held for much longer resulted in the EU
Data Retention Directive of 2006.
The UK implementation occurred in the Data
Retention (EC Directive) Regulations 2009.
The “communications” data is held for a year. The mobile phone company yields information
requested in the correct form and with appropriate detail by a senior law enforcement officer under the Regulation of
Investigatory Powers Act, 2000, Chapter 11.
The requesting officer has to justify using necessity and
proportionality tests.
Available Records
Several types of record are available:
Call Data Record
(CDR) This refers to a single phone
number and the calls in made and received over a given period. It contains: number of the counterparty's phone; whether call is
in-coming or out-going; type of call (eg voice SMS, multi-media message) time of call; duration of call; identity of SIM (IMSI), hardware identity of
phone (IMEI), identity of cell mast
through which the call has taken place.
Although all CDRs contain this information, some mobile phone companies
may have collected additional data.
Mobile Phone / Mast Registration
Data While it is switched on every mobile phone is
monitoring the available signals and registering and re-registering itself to
the mobile phone mast that is presenting as strongest. As the phone moves with its owner across the
landscape it will re-register. The
process is intrinsic to how mobile phones work – the system has to know to
which mast to send a specific incoming call to the right phone. The records are collected by mobile phone
number, time and mast/cell site identity.
Levels of detail vary between different mobile phone companies. In the UK these too are kept for a year.
Cell Dump This record collects each phone number
associated with a specific mast/cell site at a particular time. It is also sometimes referred to as a “tower
dump”.
Software Analysis
There are a variety of software aids to assist
investigators:
Link Analysis is
used on CDRs (and other
communications data such as IP addresses and email headers) to indicate
relationships between callers / participants.
The software shows frequencies of contact over time. The results are usually rendered into
graphics so that possible conspiracies can be identified, or a particular
intensity of interaction at a particular time.
Cell Site Location
Analysis produces maps showing the
movements of individuals, or rather their powered-up mobile phones, as they move
from one place to another. Reasonably
detailed maps of movements obviously require that the persons of interest are
moving from one mast area to another.
The creation of the maps can require quite a bit of human input. For example,
if movement is rapid it is a reasonable inference that some-one is
travelling in a car or other vehicle and that this must be taking place on a
proper road and not over fields or back-gardens. At any given time a mobile phone may not
necessarily be registered to the mast that is geographically closest. That mast may be fully in use so that traffic
is being handed over to an adjacent one;
phone signals can get attenuated through buildings or may be reflected
off them; there may be local anomalies
of terrain – an unexpected open “path” to a more-distant mast.
Cell Dumps by themselves
don’t lend themselves to much further software analysis – they identify phone
numbers present near a mast at a particular time.
Few of these techniques are used by themselves but are feeds
into wider-based reconstruction of events,
other sources including statements from witnesses and, if available
closed circuit tv. In the UK a further
source is data from Automatic Number Plate Recognition (ANPR)
cameras which track and record movements of vehicle on major roads, data from
which is kept for at least two years.
Limitations
The McCann case helps use see some of the limitations: What
the Portuguese police collected in May 2007 was, I understand, a cell dump.
It is not clear how much other cellphone data was collected then,
subsequently or has been successfully acquired in the current new UK police
investigation.
Data is not kept indefinitely. The EU Data Retention Directive was only just
in force in 2007.
All these records are of phone numbers (and SIMs and the
handset hardware identities) not of individuals – for that you need what is
known as “Subscriber Data”. Subscriber
Data is easy to obtain – provided you are dealing with events in which only one
national jurisdiction is involved and all the individuals of interest are
pay-monthly customers identifiable by the addresses they provided on sign-up
and their banking information. And, as
with all the other data, the police
would have to ask for it within the “data retention” period of a year. Obviously data subscriber requested outside
that period may still be valid.
But the Algarve is a tourist area and there are likely to have
been many “foreign” mobile phones active.
British police will have had to contact many overseas mobile phone companies, though almost certainly each application could
not have taken place directly but would have had to go through a Mutual Legal
Assistance or similar procedure. If
these requests were being made in 2011, 2012 and 2013 not all subscriber data might have been
available.
However this is for “pay monthly” subscriptions, many are PAYG – Pay and You Go. In the UK
approximately half of all mobile phone subscriptions are PAYG. The numbers associated with PAYG SIMs which
appear not be used / not topped-up are usually recycled to another, newer
customer, after 270 days. It is not clear that old customer records are
kept. The
PAYG phone and SIMs may have been bought for cash, in which case there will no
means of identifying the subscriber. If
the purchase was by credit or debit card and/or if the subscriber registered to
top-up online, they may then be identifiable.
But we are still left with the problem of how much information from 2007
was still valid and available by 2011, 2012 and 2013.
The value of the location data depends on how many masts
were serving the specific holiday area, Praia de Luz. If there was just one mast in the area of
interest then it may not be possible to draw a useful map.
Other Leads
There are obviously many other leads in the McCann case and
some of the mobile phone data will undoubtedly help the complex reconstruction
which has to be at the heart of the police investigation. But things may not be as simple as hoping
that such data unlocks the mystery of Madeline’s disappearance.
Indeed one possibility is that her abductor, and we assume that such a
person exists, may not have even have been a mobile phone user at the relevant time.
The missingkids
uk website currently lists 123 missing children; the oldest disappeared in
December 1959 and would now be 70.
No comments:
Post a Comment