The Admissibility of Telecoms Evidence

I am a strong believer in the validity of technically impartial evidence such as mobile phone related evidence.  However it seems that disputes over this validity are common.

So to address this here are some thoughts.

The evidence comes through the same physical phenomena as is used to carry the evidence of our eyes (or cameras).

Our eyes see things because light is entering them.  Video cameras are the same.  The light we see is part of the electromagnetic spectrum, the same spectrum that also carries EM_spectrum_compare_level1_lgmobile wireless signals.

The evidence is processed in the same way as video evidence.

In both cases there is a receiver that picks up the electromagnetic signal, converts it to electrical impulses and sends it to some backend system to be stored.  Later on the information that has been received in the signal is read and displayed on a screen or in a printed document.Mobile Network Elements

The evidence is analysed by human beings

Sometimes it takes an expert to say what exactly is being shown on the video screen in a court room.  Likewise it sometimes takes an expert to explain the coverage maps and other evidence collected from mobile phone signals.  But in the end some analysis must happen for both.

Advertisements

Explaining Cell Site Analysis to the layman

Telecommunications and radio engineering, Call Detail Records and Cell Site Analysis are complicated terms which deal with matters that most people never need to be involved in.  However if you are on a jury in a court where these matters are being discussed, it helps if you can understand enough about what is being discussed to be able to form an opinion on the evidence being presented.

Therefore, in layman terms Cell Site Analysis (CSA) is like trying to estimate where the sound of someone shouting out a name came from.  The witness that heard the sound would capture what was said and the general direction and area it came from but wouldn’t know exactly where the sound came from.    The mobile phone networks and the systems associated with them are like the witnesses to what was said in this case.

0001ac6f-314Another analogy which might be useful to think of is what happens when you go along the M50 and the toll cameras take your car’s registration plate.  In this case the car is like the mobile phone, you may or may not have been driving it, just as someone may or may not have had the phone with them when it was detected by the radio masts.  The difference here is that when a car is detected on the M50 you not only get the registration plate and the time it passed the camera but you also know exactly where the car was when it was detected.  When a mobile number is picked up by the mobile network you know exactly what the number was and what time it was used but you have a less precise idea of where it was.  It is as if the camera could pick up the number plate but you didn’t know exactly where it was pointing when it did.  Also, like in mobile networks, records are kept in the toll management systems that can be analysed to verify or disprove whether a car was in the area or not.

When courts use expert witnesses to do CSA it is like getting someone who is an expert in listening to recorded sounds and is able to estimate better than you can where it came from.  He can tell you how far away it could have been, what factors might have meant it was closer or further away than it sounded and where it was very unlikely to have been and the area it was probably in.  He could produce a map showing the possible locations of the sound so that you can go searching in that area for the source of the sound.

If you got a second expert to do the same analysis you may find he will take a different approach and come up with either a smaller or larger area to search.  Someone then might decide to get the two experts in to question them as to why their conclusions were different and the significance of the differences.

Similarly an expert in cell site analysis will produce maps saying where, and where not, the phone was likely to have been when it was detected.  I use a particular method of doing this which gives a larger area to search than some other methods but which also indicates with more certainty where the phone could not have been.  Many times knowing where the phone could not have been is more useful than pinning down exactly where it was.

Admissions of Guilt

I’ve observed some things when I’ve been in court.

Mobile phone evidence is fairly incontrovertible at times.  When there is enough of the right kind of evidence and it is presented in the correct way, it is very similar to CCTV –  it can clearly say who someone was calling or who was calling them, what websites they browsed, who is in their contacts list or what messages they sent.  Mobile phone evidence can also pin someone’s phone location down to a discrete area or a route.

Surprised witness

The reaction of the witness or defendant involved to the evidence being presented in this way is often very revealing which stands to reason.  If the evidence backs up what they are saying then they will be delighted with it.  On the other hand if it says something different to the story they are telling then they are going to dispute it’s validity or resist it being produced at all.

Therefore the threat of producing mobile phone evidence can in itself do enough for an investigator to elicit useful information depending on the reaction of the person to the threat.  If they refuse to cooperate with the disclosure process  you know they are probably hiding something.  If they cooperate fully then it is likely that the story they are telling is true.

So there is even value in knowing someone who you can say is an expert in mobile phone evidence, even if you never use them!

Differentiating your company in a declining market

The estimated cost of all road collisions reported to, and recorded by, An Garda Síochána in 2011 was €792 million. This is a reduction of 42 per cent since 2007. (Road Safety Association of Ireland, 2013).

The setting up of the Personal Injuries Assessment Board in 2006 almost halved the Personal Injuries litigation costs. In 2011, InjuriesBoard.ie delivered the current level of compensation at a delivery cost of 8.8% as against 46% under the litigation system prior to the Board’s establishment, as identified in the Motor Insurance Advisory Board Report (2004) (InjuriesBoard.ie, 2012).

It is likely that the downward trend in the market for PI and Motor Traffic Accident solicitors will continue at least in the short term. In terms of the level of human suffering involved this can only be greeted as a good thing. In the long term the trend will probably level out hopefully at a very low level.

However this downward trend means that PI solicitors and motor assessors are competing for a share of a smaller market. Those who want to win this competition will have to provide a better service which is where The Agreed Denarius comes in. With an estimated 20-30% of accidents being caused by distracted driving – and mobile phones being a major source of this distraction – knowing whether someone was on a mobile phone at the time and location of an incident becomes an increasingly important differentiator for any PI solicitor.

Using a mobile phone while driving – the new “Drink Driving”?

More penalty points are awarded in Ireland to drivers Driving a vehicle while holding a mobile phone than for any other offence except Speeding.

The figures for the awarding of points for this offence by Gardai have remained uniform for the last few years in all the counties and cities in Ireland, however there is a category called “No Driver Number” which has shown a steady and significant increase from 19670 points awarded in Jan 2011 to 28329 in May 2013.  If anyone wants to comment on the why that category (and none of the others) is showing this increase then please do.

The Dept. of Transport’s annual report for 2013 identifies “using a mobile phone while driving” as one of the four “main Road Traffic offences associated with serious accidents”.  The other 3 are speeding, drink/drug driving and non–wearing of seatbelts.  All four are identified in the report as the first offences that will be addressed in the mutual recognition of penalty points between Ireland and Northern Ireland.

Not surprisingly the RSA is currently running a campaign in national media targeting drivers tempted to use a mobile phone while driving (which is anyone with a mobile phone and a car).  The headline statistic from the campaign is “your mobile phone makes you four times more likely to crash”4 times more likely

This statistic arises from a report the RSA published in May 2010 which also contains references to other studies carried out in the area of mobile phone use and distracted driving.  That report should be read by anyone dealing with Road Traffic Accidents in Ireland.  Here are some extracts:

“There are a large numbers of research sources on the topic. The research department in the Road Safety Authority has over a hundred research papers. The topic is also well referenced in all current traffic and transport safety publications (Cartt, Hellinga, & Bratiman, 2006).”

“Driver distraction is thought to play a role in 20-30% of all road collisions (Dews & Stayer,
2009).”

“The vast majority of drivers (39 % to 45%) report using their mobile phone at least
sometimes while driving, and it is estimated that at any given moment during the day, 2 to
6% of the drivers is using a mobile phone (Road Safety Authority, 2010).”

“The mobile phone distracts drivers in two ways: it causes physical distraction and cognitive distraction. Physical distraction occurs when drivers have to simultaneously operate their mobile phone (i.e. reach, dial, hold) and operate their vehicle. Cognitive distraction occurs when a driver has to divert part of his/her attention from driving to the telephone conversation.”

“Probably the most famous and most frequently cited epidemiological study about the risks of mobile phone use while driving is the study of Redelmeier and Tibshirani (Redelemeir & Tibshirani, 1997). The researchers found that the risk of a collision when using a mobile phone was four times higher than the risk when a mobile telephone was not being used. The results of the study also suggested that hands-free phones offered no safety advantage over handheld units. Similar findings were achieved in other epidemiological studies (LabergeNadau, et al., 2003), (McEvoy, et al., 2005).”

“In 2002, a study by the Transport Research Laboratory in the UK found that while driving while intoxicated is clearly impaired, certain aspects of driving performance are even more
impaired by mobile phone use. (Burns, Parkes, Burton, Smith, & Burch, 2002). A similar
study in 2006 that mobile-phone drivers may exhibit greater impairments than intoxicated
drivers. (Strayer, Drews, & Crouch, 2006).”

“The use of hand-held mobile phones while driving is illegal in over 40 countries….; most EU countries, Australia, and one Canadian province and the United States.”

Drink driving began to be recognised as a serious problem in the 1960’s.  Fifty years later is using a mobile phone whileCarcrash about 1965 driving beginning to be treated in the same way?

The implications of poor implementation of standards – the “thunderbolt”

Back in the late 80’s I was involved in my first case as an expert witness.   I had researched lightning protection at Telecom Eireann (now Eircom) in the rather ivory tower environment of the Technical Directorate for about a year and half from ’87-’88 and produced a number of detailed reports making recommendations on how to protect Telecom Eireann’s plant and customers from the effect of lightning.  There had been enormous frontal lightning storms which like the Dublin buses didn’t come for ages and then two of them came in quick succession doing millions of punts worth of damage to the plant all over the country.

When the Technical Directorate was reduced to a rump as a result of one of TE’s reorgs most of us engineers were taken out of our nicely cocooned  labs and put into the Operations Directorate under one Brendan Trapp.  Being a practical man he had only two main things on his mind in relation to plant maintenance – lightning protection and gas pressurisation of underground cables.  He set up steering groups to get both in place.  Thankfully someone brought my work to one of the first meetings and its name was changed from the LPSG to the LPISG (Lightning Protection Implementation Steering Group).

I was put in charge of the implementation of Telecom Eireann’s external plant lightning protection.   I had written up procedures and standards myself on the word processor complete with simple line drawings.  We were the first engineers to start doing this ourselves, before that there was always a secretary to type up your handwritten text for you.  Drawings used to be sent away to a specific technical drawing department.  We were now producing a lot more documents – though the drawings were at times a bit primitive.

Earthing practices

Extract from Telecom Eireann’s  guide to earth rod installations at a customer’s premises (NSC 21/’89)

One of the standards I drew up included a section on how to earth a telephone line at the entrance to a customer’s premises.  Network Services Circular 21/’89 laid out the “Customer Terminal Protection Practices” which involved, inter alia, driving two 1m galvanised steel earth rods into the ground and attaching a 6 sq. mm guage steel wire to them.  There was also a detailed description of how to install them.

Sometime after the issuing of this circular I was asked to look into a case which involved  the death of one of Telecom Eireann’s customers.

The man concerned was a farmer who had just come in from the field and was rather wet. His wife called him to the phone so he took off his boots and walked across the bare concrete floor to the type 100 telephone,  stuck the handset to his ear and shortly afterwards fell down and died.  A lightning storm was occurring in the area at the time.

Understandably the family sued Telecom Eireann for negligence.

Subsequent investigations established a number of facts:

1.  There was no fault with or obvious damage to the equipment or any of its connecting cables.  There had been no direct lightning strike to the cable, phone or the house.

2. A current of electricity had passed from the earpiece into the respiratory centre of the victim’s brain.  He then “forgot” how to breathe and died from drowning in his own fluids.

My study of the effect of nearby lightning strikes on overhead cables enabled me to explain to the barrister that it didn’t need a direct strike on a cable to induce a current in it.  The electromagnetic pulse emanating from a lightning strike to the ground anywhere within several kilometres of an overhead cable could induce an electric current sufficient to kill the man in the way described.

What was more surprising was the fact that, according to the evidence presented, this equipment had apparently been installed with customer protection in the manner prescribed in NSC 21/’89.  Which meant he should have been protected from such pulses.

The installation needed further investigation. So we headed off to the customer’s premises in question to look at the installation first hand.  Sure enough there was the customer premises box with the regulation steel wire bonded to the right place on it and leading into the ground.  All seemed OK until we gave the wire a tug.  Out came a six inch bolt where the earth rods should have been.

When we came back with our results to the barrister he promptly called the offending article a “thunderbolt”.  It struck Telecom Eireann’s coffers since they then had to settle the case.

I was glad it hadn’t proven the lightning protection methodology wrong.  NSC 21/’89 is still in use to this day and, as far as I know, there have been no similar fatalities since.

Mobile Banking and Security

If you ask a bank what the single most important thing they consider when putting in any new system and they will tell you it is security.  Well at least they did until the latest crash happened.  Now they will probably tell you it is total cost of ownership – or in other words – how much money will we make from it?

There are several reasons why online and mobile banking is attractive to a bank from a profit point of view.  It reduces the need for warm bodies and (cold) bank buildings and, if done correctly, increases customer satisfaction with the bank.

The snare is in the phrase “if done correctly”.  That can mean a number of things to a bank but, once they are happy with the price, it is security that is the next item on the agenda.

Any banking system needs to be secure whatever face it presents to the public.  In some of the more advanced solutions out there there are multiple interfaces to the customer – the front end – as well as an interface to the bank’s core banking systems – the back end.  Each of these interfaces and the databases and systems behind them need to be as secure as any of the bank’s other systems and databases.

According to ISO standard 27002, the objective of communication security is the preservation of three requirements of any communication between two parties.  These three requirements are:

  • Confidentiality:  Only authorised staff are allowed to see or use the data being communicated.
  • Integrity:  the data are not changed during the communication and are not able to be modified by an unauthorised person.
  • Availability:  There is sufficient bandwidth and enough time for authorised staff to access the data.

According to the the US National Institute of Science & Technology* there are seven main categories of threats that may prevent these three requirements being met:

Threat Category

Description

Requirement Affected

Denial of Service An attacker prevents the normal use or management of networks or network devices Availability
Eavesdropping An attacker passively monitors network communications for data including authentication credentials. Confidentiality
Man-in-the-Middle (MITM) An attacker actively intercepts the path of communications between two legitimate parties, thereby obtaining authentication credentials and data.  The attacker can then masquerade as a legitimate party. Confidentiality and Integrity
Masquerading The attacker impersonates an authorised user and thereby gains unauthorised access to data. Integrity
Message modification An attacker alters a legitimate message by deleting, adding to, changing or reordering it. Integrity
Message replay An attacker passively monitors transmissions and retransmits messages, acting as if the attacker were a legitimate user Integrity
Traffic analysis An attacker passively monitors transmissions to identify communication patterns and participants. Confidentiality

Banks are also interested in non-repudiation which means being able to prove that someone authorised a transaction (such as a credit card transaction).

There are several techniques available to banking system designers to help them ensure their systems are protected.  One of these is to ensure that secure protocols are implemented on all the channels that are used to communicate with the system.  We are probably all familiar with the lock symbol and “https” that replaces the “http” in the address box on our browser whenever we are buying something.  You may not know that this means that a  security protocol is being used on the communications channel between you and the web server offering the product.

A security (aka cryptographic) protocol should carry out at least the following functions:

The most commonly used secure protocols on the Internet are SSL 3.0 and its very similar successor TLS 1.0.  They use asymmetric cryptography for authentication of key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity.

Even though Wikipedia gives some useful definitions of the terms mentioned above it takes an expert to understand the significance of these terms for the system under scrutiny.

*National Institute of Standards and Technology, Guide to Securing Legacy IEEE 802.11 Wireless Networks, Special Publication 800-48,  Revision 1, 2008