All,
There is an opportunity to discuss problems US law-enforcement is having with the cell phone industry from an investigative standpoint. We already have two of the major carriers at the table and hope to have more coming soon.
Please reply with ANY problems you have experienced ASAP. The meeting is Nov. 14.
Issues I already have include, disabling of data ports, password protection, non-standard OS's, standardization of data cable/port, standardization of cdr and access logs.
Thanks,
Mike
Mike,
I think the biggest problem is the disabling of the data port. However one additional thing to consider is will a letter from law enforcement advising of a search warrant (include a copy) on the phone itself prevent the carrier from zapping (deleting) data from the phone remotely upon the subscribers request. I am thinking of a scenario where the subscriber claims to have lost or phone was stolen when in fact it was seized as part of a search warrant. Would this work for them?
Thank you,
Chris Currier
Sealing/encasing on-board memory chips with stuff like polymer. Had it on pre-paid phone. Makes the direct reading extremely complicated.
Thanks guys. I will add these to the list.
standardization of cdr and access logs.
Mike as this is a US matter I can only raise observations from experience of seeing how things can get messed up from a UK perspective. From the UK perspective Unless you have finite detail and you know exactly what you are doing when dealing with CDR content and the various types of CDR; as soon as you go down the path of 'standardising' content or even 'standardising' the procedural path to requesting this type of evidence it always ends up with data getting dumbed-down and thus ultimately producing watered down evidence.
My observation to you is take the CDR discussion off the table unless you can guarantee you will get complete CDRs, and you actually know whether what you are actually looking at is the complete content of the CDR or a watered down, misleading version?
I raise the above observations to you also because of the very narrow window of opportunity that has been afforded to provide feedback (not from me, but those on the US side) which has not been more that a matter of one day in which they could respond.
I hope you see that I am endeavouring to provide helpful feedback.
Thank's for your point Greg. I will keep your fears in mind.
Luckily, the meeting is more of a forum to get law enforcement and cell phone companies talking. No decisions will be made here, at least not at this point.
Thank's for your point Greg. I will keep your fears in mind.
Luckily, the meeting is more of a forum to get law enforcement and cell phone companies talking. No decisions will be made here, at least not at this point.
Mike,
Will you be meeting with these carriers from a CALEA standpoint or is it something else? Is this a precursor in an attempt to change existing law or just an annual meeting?
I would love to see mandatory retention periods, especially for SMS content, but unless the current law is changed I don’t see billion dollar companies agreeing to spend millions on infrastructure, servers, staff, benefits, etc, just to help out the cops.
I would like clear answers on what is retained and what is not and the specific terminology and legal process to obtain the records that are being sought. There is nothing worse than getting records back, finding out you didn’t get something you requested and then having an analyst tell you a Court Order is required. (Like I carry a Judge in my pocket)The terminology is necessary because it has been my experience that requesting “any and all” doesn’t always get you any and all.
I spoke to a Sprint rep the other day in reference to a digital image I thought originated on their network. When speaking with the rep I asked her if I needed to ask for an MMS log. She told me I needed to ask for picture message data. I have yet to confirm what she said with a second source, but if true this is just a small example of how different terminology can have an effect.
RTT and PCMD seem to be common knowledge in the CDMA world, but what about the GSM world? It’s my understanding that they have access to enhanced ranging measurements called “timing advance.” I had an instructor tell me once he was at a T-Mobile center during an emergency and that he was able to see this data real time and communicate it to a tactical team. (My gut feeling is that they do retain this data, but they don’t want to start offering it up because it had the potential to create additional work.) Do GSM carriers have this and can we get it Y/N?
Does Verizon have any future plans to enhance its current RTT capabilities to be able to provide precision location on its devices? I can get precision location with Sprint/CDMA and AT&T/GSM, why not Verizon?
I’ve had great experiences with Verizon, Sprint, AT&T and T-Mobile, but Cricket seems to be another story. I’ve called them several times and I felt like I was being put through the ringer. I know from speaking with others that Cricket seems to give us a bit of a rough time when calling for records.
Nlpd120 makes a good point about 2703 f and what the providers will or won’t do with a preservation letter. Something to consider might be IF someone were concerned about the provider wiping the phone they should equally be concerned with some sort of internet based/App program wiping the phone as well. If we could get the providers on our side to stop or keep from initiating some sort of wiping procedure would they also agree to stop incoming sms messages or lock a device down from internet communication with just a preservation letter? I’d like to be in the room for that discussion!
How about some sort of training classes/webinars, vendor specific, with a certification test that could enable one to correctly interpret CDR/s? They could offer these classes to LE, PI’s and Attorneys? I don’t believe one would need to be a network specialist to accurately interpret the data. I’m also not trying to cut into expert testimony, but I think the providers could do a bit more to educate those that obtain these records. (I have a feeling Greg will beat me up on this!)
With the volume of requests these providers receive each day, for the most part, I would say they do a good job in getting the records back to us, but I would like for you to ask each of them what specifically are they doing to decrease turnaround time. Personally I would like to see pdf and csv be the standard in which records are returned rather than tif and notebook.
Standardized data ports!
Let us know how the meeting goes!
Thank's for your point Greg. I will keep your fears in mind.
Luckily, the meeting is more of a forum to get law enforcement and cell phone companies talking. No decisions will be made here, at least not at this point.
Excellent. No fears, though, as this doesn't affect or effect the UK, and US Constitition enables amendments to correct errors.
You go for it, good luck.
Will you be meeting with these carriers from a CALEA standpoint or is it something else? Is this a precursor in an attempt to change existing law or just an annual meeting?
This is a very informal meeting that is a side note to something else. It just so happens that some of the parties will be there. This is no where even close to the point of trying to change laws.
How about some sort of training classes/webinars, vendor specific, with a certification test that could enable one to correctly interpret CDR/s?
This is definitely one of the goals. They are making gazillions of dollars; help out.
I have added everyone's concerns and comments to the list. We shall see what transpires.