April 20, 2024 | Matthew Rowles | Police1 |
Exploring how everyday mobile technology empowers law enforcement with tools to track, investigate and solve crimes through detailed call records and location data
Technology is a valuable tool at law enforcement’s disposal. According to Consumer Affairs Research Team, 97% of Americans own a mobile phone, which translates to about 325.4 million people. Additionally, 50.6% of the world’s internet traffic comes from mobile phones. According to the United States Census, the population of the United States is 335,917,563 people. We can all agree that no one leaves home without their mobile phone, so let’s use this to our advantage.
Each mobile phone must communicate with a mobile phone provider. Mobile phone providers have a vast network of cellular phone towers that are strategically located to provide uninterrupted communications (Remember the “Can you hear me now?” commercials). Providers store records, including Call Detail Records, Tower Information and Specialized Location Information, as business records.
Phone calls can be tracked through historical records, normally referred to as call detail records (CDR). These records include the date, time, duration of call, originating number, terminating number, identifiers for the target phone, and the specific cell tower and sector that the call connected to.
Consider the following:
Law enforcement is required to serve a search warrant upon the mobile phone provider to identify the phone number, or serial number, of the target device. The provider will provide several PDF and Excel documents that include the specific CDR information related to the target phone number. Cell towers are identified by an area code, address, or GPS coordinates (latitude and longitude).
The actionable evidence that can be translated from these records includes:
- Incoming calls, outgoing calls, missed calls, voicemails, and text messages;
- The target device’s most frequently called phone numbers;
- Pattern of life;
- Who the suspect or device was in contact with prior to, during, and after a crime under investigation;
- Estimated location of the target device, and the target device’s direction from the tower;
- And, the target device’s “home” or most used tower.
Cell tower sectors and crime solving
Each cell tower is divided into sectors. A cell tower may be divided into as few as three or as many as six sectors. Much like a pizza is divided into equal slices, cell tower sectors are divided into equal areas of coverage.
Suppose law enforcement has surveillance video of a suspect committing a crime, and a tentative identification of the suspect, which includes the suspect’s mobile phone number. Law enforcement may obtain a search warrant for the suspect’s cell phone records. Upon receipt of the records, law enforcement will be able to analyze them to confirm that, at the time the crime was committed, the suspect’s device was within the estimated cell tower sector covering the area where the crime was committed.
This information can be used to rebut the defense’s claim that the suspect was not in the area at the time the crime occurred. Additionally, location information records can be imported into a mapping program, such as Google Earth, where the specific locations of the target device are displayed for demonstrative purposes.
Case study
In April 2012, law enforcement responded to a homicide that occurred inside a barbershop. Through investigation, investigators learned that a lone actor entered the barber shop dressed in a woman’s “Niqab,” which concealed his body and face. The actor approached the victim, who was working inside. After approaching the victim, the actor drew a firearm, which was concealed under the Niqab, and shot the victim, execution style.
Investigators developed a suspect, who willingly met with them for an interview. During the interview, the suspect denied having any involvement in the murder. He claimed that he was at a different business, in the City of Philadelphia, at the time of the murder. The suspect was confident that investigators would believe his alibi; however, he was unaware that the investigators had done their homework.
Before the interview, investigators served a search warrant on the suspect’s mobile phone provider. Pursuant to the search warrant, the suspect’s mobile phone provider relinquished the suspect’s call detail records (CDR) to investigators. Upon reviewing the CDR, investigators were able to determine that, on the date and time of the murder, the suspect’s mobile device was connected to a mobile phone tower located across the street from the barbershop. Specifically, the mobile phone was utilizing the specific sector that serviced the area of the murder scene.
When the suspect provided investigators with his alibi, the investigators confronted him with the CDR evidence. After being confronted with the CDR evidence, the suspect confessed to the murder. Additionally, investigators prepared a map, containing the CDR data, and presented it at trial. Ultimately, the suspect was convicted of third-degree murder.
Using Call Detail Records (CDR) in criminal cases
Other valuable assets recorded by the mobile phone providers are Internet Protocol (IP) addresses and Time-of-Arrival (TOA). Each mobile phone provider refers to TOA differently. TOA measurements relate to the time from the serving sector to the target device. This data is utilized by cellular phone providers for engineering and network optimization purposes. These records can be invaluable to a criminal investigation, and law enforcement can request them through a search warrant.
TOA records differ from CDR records. TOA records contain location-based data that can determine the distance of the mobile phone from the cell tower. TOA estimates the location of the target device using round trip delay measurement from the tower. Certain providers will supply a confidence rating in reference to the measurement of distance from the tower.
Location data can provide valuable information, such as:
- Confirming that the suspect’s mobile device was in the area where a crime occurred;
- Determining the location of the suspect’s phone prior to, during and after the crime occurred;
- Confirming or disproving an alibi.
When a suspect uses the internet, or social media, to communicate, their device’s IP address is recorded. This type of communication does not require a phone number, but it does require an internet connection, either through WiFi or cellular service. Mobile providers assign an IP address to each mobile device that utilizes their cellular network. When a user accesses a social media account from their mobile device, the IP for their mobile device is recorded and stored by the social media application. Social media direct messages, such as iMessage, will not be displayed on CDR because they utilize a data connection, not the normal text messaging connection. When a legal process is served upon the social media application, law enforcement will obtain the IP address, which is associated with the communication. This IP address can be researched and traced back to a mobile device through the mobile phone provider.
Law enforcement can obtain subscriber information by obtaining a search warrant for an IP address. Law enforcement can input an IP address on certain websites, such as https://www.iplocation.net/, to determine the cell phone provider for a mobile device.
Case study
In an effort to avoid apprehension, many criminals monitor high-profile investigations to stay ahead of the most recent investigative technology. Many criminals utilize social media and mobile phone applications for communication. Naively, they believe that law enforcement cannot obtain their social media communication records.
In August 2020, law enforcement responded to a shooting homicide that occurred in a grassy, isolated area. While there were no witnesses to the homicide, investigators determined that the victim had communicated with an unknown subject, through a social media application, just prior to the homicide. Investigators served a search warrant on the social media application, which yielded the IP addresses associated with the unknown subject’s device. Additionally, the IP addresses were assigned to a mobile phone provider.
Investigators served a search warrant on the mobile phone provider. Through the service of the search warrant, investigators obtained the unknown subject’s device information, phone number, and identity. Subsequently, investigators served a search warrant for CDR, which provided them with the evidence needed to make an arrest.
The value of Internet Protocol (IP) addresses and Time-of-Arrival (TOA) records
As previously discussed, CDR records and location-based records are obtainable when a suspect’s mobile phone number or mobile device identifiers are known. Suppose law enforcement is unable to identify the suspect’s mobile phone number. Cell phone providers retain cell tower information, which is available to law enforcement through a court order. This information, referred to as a tower dump, can provide law enforcement with an abundance of information. Tower dumps are essentially a “dump” of all data from a specific cell phone tower, on a specific date, at a specific time. This data is helpful during the investigation of single crimes, where law enforcement does not have a suspect, but has other information indicating that the suspect may have used their mobile phone during the commission of the crime.
Additionally, tower dumps preserve data, which law enforcement can use when a suspect is developed. When multiple crimes of the same modus operandi are committed in different locations, law enforcement can obtain tower dumps from cell towers that service the area surrounding the location of each crime. Investigators can compare the tower dump information in an effort to identify the mobile devices that were present on the same date, time, and location of the crimes.
Another less-known option for identifying a target device is an area search. Law enforcement can provide a cell phone provider with specific locations and request a search of these locations be completed. The providers will produce identifiable information for each device that was in each location at the specific time.
The quick and simple method to locate a known mobile device is called a “ping.” Law enforcement may contact a cell phone provider, through exigent circumstances or legal process, to compel the cell phone provider to send a silent signal to the target device. The silent signal reveals the location of the target device through GPS coordinates.
OnStar has the ability to locate OnStar-equipped vehicles, even if the OnStar subscription is inactive. According to OnStar they can provide law enforcement, with proper legal service, the GPS coordinates of the target vehicle, flash the vehicle’s lights, beep the horn, disable the ignition and bring the vehicle to a safe stop.
Technology revolutionizes industries, and law enforcement must embrace the power of this emerging innovation. Industries continue to identify and prioritize emerging technologies, which are researched and implemented into their current infrastructures. Law enforcement should parallel these surging innovations and adapt them to their investigations.
Read the original article HERE.