CYFOR Blog

From the perspective of cell site experts, there are many frustrations around the disclosure of evidence.

A brief introduction to Cell Site Analysis

For the reader who has no experience on this particular topic, Cell Site Analysis involves the review and interpretation of call data records (CDRs) from mobile phones. The Communications Service Providers (CSPs) create the records, which are made available to customers and law enforcement officials under certain circumstances – and with the appropriate authority.

CDRs identify telephone events such as calls, text messages and data sessions. Additionally, they provide granular detail for each event – including the network cell, which was utilised for that communication. Cell site experts use these CDRs to show various locations where a telephone may have been during a specific billing period. The CSPs provide the CDRs in two formats: a PDF and a spreadsheet (.xls or .csv). It is at this point where the frustration around disclosure begins to ‘rear its ugly head’.

Understanding the situation

Cell site experts will agree that you cannot effectively investigate CDRs from a PDF (unless you are dealing with an extremely limited dataset). Whether utilising analytical software, such as Forensic Analytics’ CSAS or manually checking the data, a spreadsheet is essential.

Filtering, sorting, redacting, formulas, macros, highlighting, colour coding etc. all go out of the window when faced with an un-editable image of the data. Therefore, as cell site experts, we require spreadsheets! They need to be served alongside the PDFs to enable analysis which can be verified and corroborated. In a recent CYFOR investigation, a discrepancy was established between the two formats; this highlighted an error by the network provider when the CDRs were created and resulted in the data being withdrawn from the trial.

• So, why do we not get the spreadsheets?
• Why do we repeatedly receive a disc containing numerous, neatly exhibited PDFs?
• Is the prosecution being awkward?
• Are they deliberately trying to tie the defence expert’s hands behind their back?
• Or, is it a case of them not understanding the implications of their omission?

In my opinion, it’s quite often the latter – but I’ve also encountered several occasions when officers have point-blank refused to provide the CDRs in spreadsheet format. One officer recently exclaimed, “you’ve had the PDF and that’s what I used, why should I give you anything else?”; clearly, they did not appreciate the potential disclosure issues when not providing relevant unused material on request.

I have also been told, “we don’t have the files in any other format, the police only obtained the PDFs”. They quickly changed their minds when I highlighted the analyst’s MG11 from the case bundle which contained the line, “I then used file +4475xxxxxxxxx2 TRAFFIC DATA TELEFONICA UK LIMITED 1xxxxxA (4xxxx).XLS to create exhibit xxxxx/01”.

This common situation often signals the onset of several prolonged sets of email tennis. I ask the client for the data, the client asks the CPS, the CPS ask the officer, the officer refuses, and this gets fed back through the original channel, a week later I am still twiddling my thumbs. I am now explaining to the client why I require the data so they can list the case for mention and have a judge preside over the disclosure issue. Several weeks and one circuitous route later, I am finally in possession of the data and able to provide the client with their required report. This causes unnecessary delays to a court system which is already both flooded and overwhelmed by listings.

The cause

This irks is due to officers who are ‘trained’ so to speak, but are – and without knowing it –  demonstrating a lack of (in most instances) training, or being able to make cogent sense of and/or understanding disclosure in the digital evidence arena.

As a former police officer, I can say with confidence that instruction and guidance on this topic were practically non-existent or delivered and found (at later stages and after having fingers burned) to be vastly wide of the mark in terms of accuracy. Although various digital training courses exist, they often focus too heavily on the technical element, disregarding how the newly generated data should be exhibited, listed correctly on disclosure schedules and served in a fair and correct manner on the defence.

It is also common for police forces to ignore the voice of technically able officers due to them not being of sufficient rank. Quite simply, if they want to retain their antiquated model – using an Inspector or above for decision making – they need to ensure their senior officers are trained correctly or start listening to their educated understudies. It is time for the police to realise that knowledge is more important than rank and that taking advice should be encouraged rather than seen to be losing face.

Progression

As cell site experts, all we seek to achieve is a level playing field. Access to the relevant data in a timely fashion and in a format which we can use effectively. Police forces need to produce clear standard operating procedures for their officers who are exhibiting telephony data. They should combine the knowledge of SPOC’s, DMI’s and technical officers, with that of seasoned disclosure officers and senior members of the CPS. They should also seek out, listen to and appreciate the frustrations of expert witnesses who are experiencing these issues on a weekly basis. Once authored, this guidance could be published and disseminated nationally, ensuring the ‘treacle factory’ that is the current court system is not unnecessarily further delayed.