Primer on Types of Cellphone Evidence
Contents
The Essential Role of Cellphones in Modern Life
Cellphones have become an integral part of modern life. We use them to communicate by phone, text message, email, and mobile applications. Cellphones are also tools to take photographs, film videos, and to access the internet for countless reasons related to daily life such as to pay bills, access bank and other accounts, transfer money, read the news, conduct research, and more. The list of ways and reasons we use our phones is endless and varies from person to person. Because of how pervasive phones have become in modern life, it is no surprise they are regularly targeted and seized by law enforcement during criminal investigations.
Cellphones in Criminal Investigations: A Treasure Trove of Evidence
Criminal investigations seek cellphone evidence in various forms to detect criminal activity and to obtain evidence necessary to prove crimes. The various forms of cellphone evidence include:
- Pen register information
- Toll data information
- 911 GPS ping information
- Cell site data
- Digital forensic extractions (DFE)
Below is a summary of each type of evidence, to include how it is obtained by law enforcement and the information it provides.
Toll Data Information
Toll data information may be obtained by law enforcement from cellphone service providers using a subpoena. Toll data consists of historical, detailed call and text message activity sent and received by a particular phone number, referred to during investigations as a target telephone (TT). The data will show all incoming and outgoing calls by the TT during a specified time period, to include the date, duration, and numbers participating in each call. Toll data will also provide the same for text messages.
However, it does not include the substance of text messages. Toll data information for messages only relates to SMS text messages, and not messages sent or received utilizing mobile applications such as iMessage, WhatsApp, Facebook messenger, and more. These and other applications use the internet to send and receive messages, opposed to the cellular service. Therefore, the cellphone service provider is unable to capture this data, as it does with SMS text messages. Once law enforcement collects toll data information, it identifies the numbers the TT was in communication with and compares them to other numbers that have been identified by other investigations as associated with suspected criminals and/or criminal activity.
Pen Register Data
Pen register data may only be obtained with a court-authorized search warrant, supported by probable cause. Pen register data is similar to toll data, except that the information from the pen register is provided by the cellphone carrier to law enforcement in real time. It enables law enforcement to monitor, in real time, a TT’s call and SMS text message activity. It does not, however, enable the monitoring of text and instant message communications through mobile applications that utilize the internet. When a pen register warrant is issued, it is normally limited to one or more TTs for a specified time period. If law enforcement requires an extension of time to continue monitoring real time call and SMS text activity, it must apply to the court.
911 GPS Ping
Callers in need of emergency assistance may dial 9-1-1 from a cellphone. To aid 911 emergency responders with providing aid to callers, a cellphone service provider using the cellular network may determine a particular phone’s GPS location. Phones active on a network silently communicate with the network to provide their GPS location. This is known as 911 GPS ping. Cellphones periodically and silently ping the network, communicating their location.
The ping intervals vary by carrier and other factors, but range from seconds to a few minutes. The pings are designed to inform emergency responders of a 911 caller’s location in the event he or she cannot communicate it directly to a 911 operator. Law enforcement often seeks this information when attempting to track the location and movements of a suspected user of a particular cellphone.
The data provides real time information as to a TT location. Law enforcement seeking 911 GPS ping data must obtain a warrant supported by probable cause to believe the data will yield information about criminal activity. When issued, the ability to obtain this location data is limited to a particular TT for a specified time period.
If law enforcement requires an extension of time to continue monitoring this information, it must apply to the court.
Cell Site Data
Cell sites are radio towers that comprise a cellphone network. The towers transmit calls, text messages, and data downloaded or uploaded using the internet. Law enforcement may subpoena cell site information pertaining to a particular TT. The historical information will provide detailed date and time as to when calls, texts or data was transmitted, and by what particular cell site or tower within a cellphone carrier’s network.
Each cell site also consists of three sectors, totaling up to 360 degrees. For example, sector one is 0 to 120 degrees, sector two is 120 to 240 degrees, and sector three is 240 to 360 degrees.
Cell site data not only includes which tower transmitted the call, text or data, but also by which of the three sectors of the cell site. Armed with this information, law enforcement will attempt to estimate the physical location of a TT during a cellphone transmission.
This information is not as precise or as accurate as real time 911 GPS ping data. However, cellphone providers are able to determine that the TT was located within a particular radius, measured in feet or percentage of a mile, when transmitting a call, text or data. Law enforcement may obtain cell site data from a cellphone service provider using a subpoena. A warrant is not required.
Digital Forensic Extractions
When collecting evidence during criminal investigations, law enforcement routinely seize cellphones. Once in possession of a device, law enforcement may wish to search the contents of the device. Beforehand, the investigator must either obtain consent of the device’s owner or user, or a court-authorized search warrant.
Once authorized to search the device, an investigator must first gain access to its contents by overcoming any security features such as passwords, electronic fingerprint recognition, or facial recognition. Once accessible, the device will be connected to a piece of digital hardware or equipment, which utilizes software to extract the data stored on the phone.
This data is then downloaded onto a computer where it is sorted and analyzed. The extracted data will include call history, text message history, mobile application usage history, internet browsing history, photos, videos, GPS data of the phone’s historical location, metadata regarding any files stored on the device, and more. Deleted data may sometimes also be recovered during a digital forensic extraction.
The amount and quality of the data extracted varies by the level of security on the device, the operating system and version of software on the device, and the sophistication of law enforcement’ s extraction hardware and software.
Cellphone Evidence Analysis
Cellphone evidence is often analyzed by an expert in conjunction with a criminal case. Police departments often have staff who are trained, certified and/or experienced with digital forensic extractions and with understanding and interpreting the various types of cellphone evidence. Sometimes these experts are willing to speak with and even assist defense attorneys, other times they are not.
It is recommended that criminal defense attorneys consult with an independent expert regarding cellphone evidence. This will assist with understanding government witness cellphone evidence collection methodologies, understanding reports, and may even lead to the discovery of independent evidence or competing interpretations of existing evidence.
As technology continues to evolve, so will the methods and means by which criminal activity is committed and investigated. Being familiar with the types of cellphone evidence will enable defense attorneys and prosecutors alike to better analyze case evidence, prepare and draft pretrial motions, develop questions for in-court direct and cross-examinations, consult with digital forensic experts, and overall, prepare for trial.
This primer was designed to provide an overview on the types of cellphone evidence presently available. Because technology rapidly changes, individual practitioners should work to stay abreast of technological advances and developments that may affect the ways we practice law.
Data from Mobile Applications Used as Evidence in Criminal Cases
Data from mobile applications is now being obtained by law enforcement to investigate crime, and also used as evidence in subsequent criminal prosecutions. Mobile devices, whether smart phones or tablets, are integral to our daily lives.
We do just about everything imaginable on these devices with the use of mobile applications that are downloaded onto and used by them, similar to a computer utilizing software or programs. Innumerous mobile applications exist for things such as communicating, finance, business, education, shopping, recreation, entertainment, and more. Law enforcement is now relying on data collected and recorded from your mobile device by mobile application companies to investigate and ultimately prosecute crime.
A Closer Look at Snapchat and GPS Data Collection
By way of example, many people are familiar with the mobile application, Snapchat. This application allows users to communicate with one another by sending messages, voice, and video calls, and sending data in the form of images, video clips, and more.
Because of the popularity of this application, the company that owns it tracks the GPS locations of devices on which the application is installed and used. This in turn provides Snapchat with data about where its users are located. This data is used to enhance the performance of the application itself, and is also likely sold to marketing agencies.
GPS data is transmitted from the mobile devices of Snapchat users to the company and then is stored in Snapchat computer databases for further use and analysis. Other mobile applications do the very same thing and law enforcement is watching.
Expanding the Frontier of Digital Evidence in Criminal Cases
As discussed in other articles, cellphones provide a wealth of data in the form of digital evidence that may be used in criminal cases. The frontier of digital evidence has now expanded to include data collected from the use of mobile applications. Placing a defendant at the scene of a crime, or tracking his movement before or after a crime is often important to a criminal investigation and resulting prosecution.
Aside from eyewitnesses and video surveillance, police now look to digital evidence such as GPS data from mobile applications, stored on a suspect’s phone. This GPS data may aid police with plotting the location of a suspect’s phone at relevant times surrounding a crime. This may be used as circumstantial evidence to establish the suspect’s location at the time of the crime itself, and later argued in court that the physical location of a device is equivalent to the physical location of its known user.
The Process of Seizing and Searching Mobile Phones in Criminal Cases
If a cellphone is seized in connection with a criminal case, police will seek to search the digital contents of the phone to include its call history, messages, emails, photos, web browsing history, and installed mobile applications.
Once they determine what applications are on a phone, police may also subpoena from the mobile application company its user’s GPS data over a designated time period that relates to a pending criminal investigation. While defendants will be given this information during pretrial discovery, it is unlikely they will be given advance notice during the subpoena and evidence collection processes by police.
Legal Advice for Those Charged with Crimes Involving Mobile App Data
If you are charged with crime and have questions about evidence collected from your use of mobile applications, contact Criminal Defense Lawyer, John L. Calcagni III, at (401) 351-5100.