Notifications

Clear all

UK Criminal Evidence Delays

trewmte · 2009-05-23T10:46:47Z

UK Criminal Evidence DelaysDue to delays in passing evidence to the defence certain building blocks of evidence used against a defendant are not being held by the prosecution, but worst still, the expert who obtains, for instance the tests and results, holds on to them because they claim their client (the Police) haven't made that a term of the instructions to pass them over. The police say they don't need to have it because the expert hasn't said it's necessary so they wont ask for it.So what makes me and others think that we should expect, as a requirement, all the mobile telephone/cell site analysis evidence upfront from the prosecution and why do we think, as a requirement, the prosecution have a lawful duty to have obtained all the evidence from their expert, in order to meet the first requirement?It is the lawful duty, so we are told, of the prosecution to look at, examine and retain a copy of all evidence (e.g. tests and results) and to conduct an assessment of risk, which is the principle enunciated in the "Golden Rule" by none other than Lord Bingham.Examiners/Experts at common law are no longer entitled or permitted to arbitrarily withhold any evidence from their work in a case but are required to produce to the prosecution an index of all used and unused material they are holding which should replicate the actual physical copy of evidence given to the prosecution. So for a case involving mobile telephone/cell site analysis that would mean1) written instructions of work to be undertaken2) call records/subscriber details3) cell site details and data4) GPS/CCTV evidence5) handset/SIM (USIM) data and report6) copy of the actual radio test measurement results obtained at site and presented in a visible, legible and intelligible format (with the electronic file of the original radio test measurements to accompany them)7) copy of the expert's analysis of the results, report and any supporting exhibits8 ) copy of written questions to and written responses from the mobile network operator9) material considered and unused material and/or material disgarded as not relevant…….and so on.This enables the prosecution to sit down and examine what is on file put before them by the examiner/expert (usually the data can be recorded onto a CD costing less than £1.00) and all the material on CD and/or in paper form are identified on a tick sheet. The prosecutor/prosecution should then avail him/herself/themselves of the knowledge of that material by familiarisation with the information on the CD and/or in paper form. As some information may not be readily understood the examiner/expert should be called (by phone, written or in a meeting) to explain material or information not understoood. The risk assessment can then be made.It is equally understood that the right of the defence to investigate the evidence held against a defendant was and is to stop cases being brought against anyone where evidence was being withheld, in a deliberate or clandestine fashion, in order to meet the principles of ECHR (Foucher v France). No evidence on file can be withheld from a defendant and no steps should be taken to find mechanisms to avoid holding or hiding evidence from the defendant. For the avoidance of doubt, I am not referring to public interest immunity (PII) information, which is another matter entirely.So it is easy to see the principles enunciated by Lord Bingham in the Golden Rule contain impeccable logic and foresight. The Golden Rule requires the prosecution to logically assess that it has a complete copy of the evidence e.g. tests and results and if they were not held by the prosecutionA) How would it be possible for the prosecution to conduct a risk assessment without the full evidence made available to them from their examiner/expert?B) What happens, for instance, if the examiner/expert dies and no one can find the test results?…. and the list goes on.So what are the current delays? Whenever asking for standard mobile telephone evidence, for instance items such as cell site radio test measurement data or ask for corroboration of enquiries to and written responses from the mobile operator, the prosecution do not readily hold the evidence and massive delays ensue until just before going before the Judge part of the evidence suddenly emerges and then the defence are left to hurry an examination of that evidence.I have a case on right now where I requested evidence on the 6th March 2009 and apart from the prosecution correcting mistakes in their material which the defence had to point out to make any sense of what the prosecution's evidence was meant to mean, the other corrobating information expected to be found in the file or CD under the Golden Rule principle and could/should have have been disclosed up front in March, this still has NOT been served. For instance, the radio test results have still not been served along with other information.These delays impact by cau...

Page 3 / 3 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by trewmte 15 years ago

26 Posts

10 Users

0 Reactions

2,065 Views

RSS

sgrills

(@sgrills)

Eminent Member

Joined: 15 years ago

Posts: 36

06/07/2010 5:52 pm

trewmte,

Obtaining any engineering changes is well understood by most Cell Site Analysts. However let's put this into context. Significant engineering changes are not made on a daily basis - they are well planned events to occur at times when the network is least busy (usually late at the weekend). We call them maintenance windows.

Regarding your point about about getting details of engineering changes prior to conducting RF measurements, this is not how it should be done.

It is expedient for CSA RF measurements to be performed as soon as possible after a particular crime which inherently will render possible engineering/environmental changes negligible. Details of engineering changes should be requested in parallel and if changes have been made these should be assessed by an expert to determine if they have any significance or not.

If you wait around for the networks to provide engineering-change information then you run the risk of having such changes (the ones we are trying to avoid!) imposed on the network during this period. Yes that's right networks delay in giving information too -)

So your logic of waiting for engineering change information prior to performing CSA measurements is flawed and self-defeating.

ReplyQuote

Robbo747

(@robbo747)

Eminent Member

Joined: 17 years ago

Posts: 37

06/07/2010 7:52 pm

Your article on evidence delays in the UK is interesting and takes mobile phone forensics certainly to another platform- especially in the area of cell tower analysis. In our little part of the world here in Queensland, Australia, as forensic computer examiners, we concentrate on the exhibit more so. As long as continuity is covered, its our job really to assist with the investigation by doing a mobile phone/SIM card download with the tools at our disposal, such as Cellebrite & XRY, in a forensic manner-ie-extraction made by use of a Faraday room.

There is no real forensic value in doing this- it's just a phone dump & only value-adds to the investigation. If an investigator or the court needs to know about how messages get transmitted, for example from phone A to phone B or why times and dates are different from when phone A sent the message to phone B receiving the message, it would be more prudent for the courts to call in the phone companies to explain how messages get transmitted across different cell towers.

Where it becomes interesting is in those certain cases where requests are made to make attempts to recover deleted data. Lucky for us our Cellebrite license covers the Physical Pro & with XRY we have the XACT bolt on to perform file system dumps.

ReplyQuote

trewmte

(@trewmte)

Noble Member

Joined: 19 years ago

Posts: 1877

Topic starter 09/07/2010 5:47 am

sgrills, I do not agree with your reasoning. You seem to suggest delay and lag. The conclusions you are propounding are not only wrong, worst still, they are untrue.

Firstly, if there is need for urgent speed then law enforcement can seek a BTS dump (figuratively speaking) for the area and take radio test measurements - even if they do not understand the readings initially. That can be subject to the type of case. Use of passive readers may be used but they do not provide the complete and appropriate set of radio information needed; later another radio test maybe conducted to firm up any early passive test readings. As the test is later, the information can be obtained from the operator prior to conducting the later tests. There has been a down turn in pros work, not an increase, because of the techniques discussed and, also the economic conditions have meant other lines of evdience may be used as opposed to mobile telephone evidence. The reluctance to get details about Mast changes does not support your understanding.

Secondly, I have statements from operators that make it clear they keep records of changes to their Masts, so to speak, and are available if they are requested. So nothing self-defeating or flawed there.

Your third argument is also a continuation of what appears to be your misunderstandings about CSA. Changes that are planned in advance are 'known' changes. Not every case is urgent and therefore CSA is not conducted straightaway. In many cases declarations have been made in reports (served in evidence) identifying the date of instruction in the report and identify the date when radio test measurements were conducted. The time-span between instruction and tests have been noted to be many weeks apart. Thus access to network operator information is available for past and future changes prior to testing, as speed is not of the essence.

ReplyQuote

JoelTharas

(@joeltharas)

Trusted Member

Joined: 16 years ago

Posts: 53

09/07/2010 2:07 pm

Great article.
Thanks
Joe.

ReplyQuote

sgrills

(@sgrills)

Eminent Member

Joined: 15 years ago

Posts: 36

09/07/2010 4:14 pm

I fully appreciate that those obtaining evidence would want to finesse what they are getting, so when you get e.g mast details it would make sense to ensure getting details about whether the masts have changed or not before sending someone out to conduct radio tests - that is if you want to avoid the potential risk of 50% or greater obtaining false positive readings. Perhaps asking to know about mast changes in advance is not so much implying a high/low standard, but more an action of pragmatism to demonstrate a standard is being met.

trewmte

As I highlighted in my previous post, this approach is seriously flawed for the following reasons

• In order for CSA to be fully effective we must understand if there have been significant engineering/enviornmental changes. By suggesting that we should not take readings until the networks have reported back with engineering info then we run the risk of these changes being implemented before we can have the chance to conduct the RF measurements. Also, to suggest unnecessary delays in obtaining RF measurements would increase the risk of enviromental changes.

• Waiting to receive details of engineering changes will create delays in the investigation. Indeed, this will only exacerbate subsequent delays in prosecution submitting the survey report to the defence. Your thread suggested unneccessary delays, yet you suggest this approach which will inherently produce more delays.

A much better approach would be to proceed with the tests immediately and request the engineering change details from the networks in parallel. If changes have been made these should be assessed by an expert to determine if they have any significance or not.

Having worked in telecoms for many years I have overseen numerous “maintenance windows” and also performed root cause analysis on network faults and consulted on network design. So I can assure you I have a firm grasp of this area. All these details can also be requested from the networks to give us a clear picture so we can make the correct conclusions.

Perhaps you are unaware of this approach, but this concurs with how the major forces that my company trains conduct CSA.

ReplyQuote

trewmte

(@trewmte)

Noble Member

Joined: 19 years ago

Posts: 1877

Topic starter 09/07/2010 6:07 pm

OK, well I have answered your questions sgrills. I do not agree with your analogies as I have set out three examples for you, which you ignore that experience and the facts that go with them. I am still of the opinion you display misunderstandings about how Cell Site Analysis works. But you are convinced of having the "better" way.

Respectfully I really cannot takes hours of my working time to spare proving to you every syllable I raise mentioned in posts to help other forum members. I am sorry if that disappoints you but I cannot give affirmation to you or your firm's methodology just because you say it is "better" when there has been no proof of that at all.

I noticed in your reply to Sam Raincock that you stated she had got it wrong as it was probably another "person" she was thinking about when she said to you about your training course. You now admit above you are running training courses.

Good luck with what it is you are trying to do but if you really feel you are being misunderstood may I extend goodwill by saying to you produce a paper setting out exactly, from cradle to the grave, your methdology for cell site analysis including use of tools and timetables etc you say are pertinent and I will take a look and give you some pointers for your training course. Fair enough.

ReplyQuote

Page 3 / 3 Prev

8 Forums
15.7 K Topics
92.3 K Posts
238 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed