April 19, 2022
Pretty Maps & Plea Bargains: Tips on Handling Cellular Records Analysis in Criminal Defense Cases
I’m going to be blunt from the start: If you are not using a trained, qualified, experienced & knowledgeable analyst for cellular records analysis (i.e., historical cell site location), then you are doing your client a large disservice, regardless of the side you’re representing. Furthermore, if you’re taking what the other side tells you as 100% truth, you’re already behind the curve.
Do I have your attention?
Why Do I say this? Because I’m coming off the likely second murder acquittal in about a year where the government used analysts to try and pinpoint their suspect’s location using historical cell site location data to illustrate that the Defendant was in or around a relevant location (i.e., crime scene) at or around the incident being investigated and prosecuted. Both of these analysts were from federal 3-letter agencies and had allegedly analyzed the same records I was provided. I’ll get more into the specifics later…
Historical Cell Site Analysis at a Glance
Before we get into specific case examples, we should define and discuss briefly what historical cell site location records are and are not. There are volumes of articles and at least one book written on the topic, but I’ll try to trim the fat off the conversation to a simple definition:
Cellular companies keep records of activity on their network. This activity often involves the phone’s use (calls, texts and data) and listing of particular cell sites (i.e., towers) used for these events, which are most commonly divided into three sectors in a 360-degree radius. This means that each sector on most cell sites covers an area of roughly 120-degrees. Please note, there are exceptions to this. However, with the data that is acquired in the investigation and litigation process from the cellular provider, we can map these cell sites, using their verified GPS coordinates, and use the sector-specific information contained in the records to map generalized location of a cell phone that is allegedly tied to a Defendant or litigant.
Depending on the timing of the request to the cellular provider, we can also potentially receive and map what are commonly referred to as “specialized location records”, which attempt to estimate the GPS (longitude & latitude) coordinate estimates of the phone itself, within a certain confidence level detailed in the records. These records can be problematic when used as evidence, but this is where the knowledge and competence level of the analyst also becomes crucial.
It should be noted that these records were never intended to be used in litigation. They are held by the cellular providers to help increase the user experience and efficiency on the cellular network. It just so happens that the ubiquitous nature of cell phones in daily life has led to the location of a cell phone (and potentially the person carrying it) to be valuable data in criminal and civil litigation when analyzed & presented competently.
Not All Analysts Are Created Equal
Just like in the practice of law, medicine, auto mechanics, etc., it is a truism in cellular analysis that not all analysts possess the same work ethic, knowledge, training, capability or level of competence. The vast majority of historical cell site data analysts work for the government, and as such, can present their data and analysis with an air of confidence and authority. But I have seen multiple cases where this simply is not the case. Consider the following examples:
Case study #1: A homicide where data records were used to try and tie the Defendant to the phone. Defendant’s primary phone in use was not in question, but the government attempted to illustrate that the “burner” or “drop” phone with which the victim last communicated also belonged to the Defendant by correlating the location of the two phones (known phone & burner phone) together over time, as well as attempting to tie the burner phone and defendant to the area where the victim’s body was located.
Defense Counsel hired a private-sector analyst (me) to conduct an independent analysis of the records and confirm or refute the assertions of the government with regard to this analysis. The problem was, the 3-letter agency’s analysis contradicted itself without explanation. See below image that was entered into evidence as part of the larger initial analysis:
Map #1
Pretty map, isn’t it? The problem, as is highlighted in the red boxes (upper left and lower right), is that this map puts the burner phone (events cited in the red boxes & wedges) miles apart at virtually the same time. No explanation was provided in the report for this. When this was brought forth in cross-examination of the government’s analyst, they testified that their agency calls this “teleportation”. And no, that’s not a joke.
There’s actually a very reasonable explanation for this, which was not relayed to the jury until the analyst was called back to the stand in rebuttal of my testimony and, as coincidence would have it, produced a much more detailed map. Regardless, the Defendant was acquitted of the murder charge. Was it because of this? I have no idea. But I’m sure this didn’t help the jury’s confusion about this data… Nor did the “teleportation”!
Case Study #2: A homicide where the Defendant was accused of the murder and assisting the shooter (who was found guilty prior to our Defendant’s trial) in getting away from the crime scene. The 3-letter agency analyst produced a very short report/analysis, which lacked many things. Take a look at one of the images and I’ll explain what’s lacking:
Map #2
Another beautiful map! But what’s missing? First, the crime scene is barely visible amongst the other noise on the map. The map is hard to decipher. Second, two crucial pieces are missing – the illustration of other cell sites in the area as well as any other potentially relevant locations. And not simply alibi locations either – basic things like the Defendant’s home, which is actually within this map view, but you’d never know it because it wasn’t included in the illustration. Simply put, this is an incomplete analysis. It seeks to prove a theory and disregards the context.
What are the cell sites and why is that important? There are dozens of cell sites in the area of the above map (#2), some of which are closer to the crime scene. And while I cannot emphasize strongly enough that it is not 100% true that the phone always connects to the closest cell site, without the illustration of where the other cell sites are located, we don’t even have enough information to scrutinize. It’s an analysis in a bubble. The green & red dots on map #1 -- Those are the cell sites in a fairly populated metropolitan area, similar to the area in the map #2. Here’s the same event from map #2 in the same area from the same case, but with the context added (and easier to decipher):
Those orange dots are all cell sites for this cellular carrier in the area not used for this event. The other potentially relevant locations, as well as the crime scene, have also been added to this map. The final potentially relevant piece is the terrain of the area. While not a large issue in this particular example, geographical features like terrain can have an effect on which cell site the cellular device chooses to use. For further context, this usage event was 4 minutes after the shooting (as verified by surveillance video time stamp). As you can see, there are several cell sites in between this event and the crime scene, but again, the cell phone will NOT always connect to the closest cell site, rather the cell site with the best signal. That said, the cell site in use is over 2 miles away from the crime scene in a fairly densely populated area.
This map was generated as a more complete view of the relevant data and presented in comparison to map #2 for presentation to the Jury. The exclusion of this information in map #2 is inexplicable.
Why Is Any of This An Issue?
I have been engaged in historical cell site records analysis in litigation for approximately 6 years, and in the practice of forensic data analysis (computers, cell phones, etc.) for 13 years. In that time, I’ve conducted dozens of analyses of carriers of all types, cases spanning from insurance investigations to divorce/custody disputes to criminal prosecution and defense. The practice of historical cell site analysis is not “junk science”, no matter what snake-oil salesman “defense expert” may try to tell you. It works in most cases, if done properly. And if it didn’t work, no one would use it. Further, location of the phone is but one use of these records. There are multiple others, as discussed here.
That said, the problem I’ve seen repeatedly with criminal investigations utilizing historical cell site analysis is that Defense Counsel may be misinformed or lacking in their knowledge about what is presented to them by the government’s analyst. When a client is charged with a serious crime and the government gets the historical cell usage site location records and requests the [insert 3-letter law enforcement agency name here] to conduct an analysis and produce pretty maps showing that your guy was likely there at the wrong time, it tends to force a plea bargain because it looks good and it’s relatively technical. This happens regularly and can often not be in the best interest of the client.
So what can help your client? A thoughtful and informed conversation with an independent, experienced historical cell records analysis expert who can look at the records and provide a practical assessment. To be clear, you do not want a “defense expert”. You want an independent expert who will take in all of the available data and conduct as thorough analysis as possible, given what is available through discovery. And there’s more to “available data” than simply the records in most cases.
A Few Tips From Experience
I’m not perfect and I don’t know everything. On top of that, I’m not a lawyer. However, I have worked many large litigation cases with these types of records and I’ve learned a few tips along the way that could help the process along more smoothly:
• Consider obtaining the records allegedly associated with the target of the investigation independent of discovery. This assists in the ability for you to introduce the records and your expert’s analysis at trial, even if the government chooses not to do so. If the government never enters the records into evidence, it may not be possible for the hard work of your analyst to be presented to the judge or jury. Obtaining these records can be done via Court Order and should be done as soon as possible and in consultation with your independent expert for proper terminology of the request. Some carriers don’t retain certain records for a long period of time (see record retention article here. Updated data may be available.)
• The value of illustrating these usage events on a map can be compelling evidence, but static maps don’t always tell the whole story. Consider using an expert who has access to tools that will help animate the movement in the usage to help paint an overall clearer picture of the cellular location evidence in your case. To date, I’ve not seen a government analyst use animations to illustrate the records. I have, however, conducted analysis for the government using animations.
• Be careful with your stipulations prior to trial. Stipulating to the authenticity of the records is probably OK. Anything beyond that, including stipulating to the other analyst’s credentials, may cause issues down the road during trial testimony and presentation of evidence.
• Don’t forget that there is probably relevant data in more than one place. While it’s true the government has likely tried to cover all of their bases on this – particularly in a major criminal case – that doesn’t mean that there won’t be information to help confirm or refute alibis, alternate location data, etc. that is stored on the cell phone itself or potentially in cloud data sources. If your cellular analyst doesn’t also have experience with analysis of these items, I’d suggest finding someone who has the ability to conduct this “holistic” type of analysis incorporating all potentially relevant pieces of data.
• Look closely at what isn’t provided. I’ve learned that there is almost as much (if not more) value in looking at the evidence that ISN’T presented than there is at looking at evidence that IS presented. If something obvious – like data from the Defendant’s cell phone (i.e., the device itself) was obtained, analyzed and not presented as evidence, that probably means there may be something on that phone that is not favorable to the other side’s case. Look at this closely.
In Conclusion
I was in law enforcement for nearly 15 years, and I still travel the country teaching cops in any number of different subjects, including this one. Many of my former (and current) law enforcement compatriots may read this article and conclude that I’m trying to give the defense a “leg up” or reveal some trade secrets. Nothing could be further from the truth. My goal in relaying this information is simply to do my part to ensure the right people go to prison and the innocent people do not. This involves hard work, no matter who the victim is or what the circumstances of their death or attack may have been. I work many cases for the prosecution. I work many cases for the defense. The truth is always the ultimate goal, and should be for everyone involved in this process.
A final note for prosecuting attorneys who are using government analysts in these investigations: The devil is in the details with this data. There can often be missteps, omissions or other potential Brady-like material that is overlooked simply because the right questions were not asked by the analyst or a plea is expected in many of these cases. While it is true that many times this data can help prove your case, I’ve seen more success with a 360-degree approach to the evidence, rather than relying on one piece to illustrate guilt.
Author:
Patrick J. Siewert
Founder & Principal Consultant
Professional Digital Forensic Consulting, LLC
Virginia DCJS #11-14869
Based in Richmond, Virginia
Available Wherever You Need Us!
We Find the Truth for a Living!
Computer Forensics -- Mobile Forensics -- Specialized Investigation
About the Author:
Patrick Siewert is the Founder & Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia (USA). In 15 years of law enforcement, he investigated hundreds of high-tech crimes to precedent-setting results and continues to support litigation cases and corporations in his digital forensic practice. Patrick is a graduate of SCERS & BCERT and holds several vendor-neutral and specific certifications in the field of digital forensics and high-tech investigation and is a court-certified expert witness in digital forensics and historical cell site analysis & mapping. He continues to hone his digital forensic expertise in the private sector while growing his consulting & investigation business marketed toward litigators, professional investigators and corporations, while keeping in touch with the public safety community as a Law Enforcement Instructor.
Email: Inquiries@ProDigital4n6.com
Web: https://ProDigital4n6.com
Pro Digital Forensic Consulting on LinkedIn: https://www.linkedin.com/company/professional-digital-forensic-consulting-llc
Patrick Siewert on LinkedIn: https://www.linkedin.com/in/patrick-siewert-92513445/
