Ben, can you tell us a little bit about your background and how you became involved in mobile phone forensics?
I never expected to be here. I was an electrical engineer 25 years ago when my company at the time needed people to start working on “cellular telephones”. It sounded good to me so I joined that group. Cell phones were just coming out on the market, but there were lots of problems so the industry formed a “standards group” that consisted of engineers from everybody in the industry. We met at least once a month for a week somewhere in the world and solved problems. For example, we developed roaming so that a subscriber could use their phone outside their home service area. That was ground breaking at the time. More recently we developed a standard “Picture Phone”. When picture phones came out, each company had their own system. We sat in meetings for a year and agreed on a single design so that customers could send pictures to friends who had phones with different cell phone companies. In the future you’ll see more great stuff. We’ve designed a system so you’ll be able to get up to 40 TV channels on your mobile phone. Most households only watch six channels. You’ll get to pick the channels you want. We also designed 911 and wiretap for cellular phones.About 20 years into this, I started to get calls from lawyers who had clients that were charged with various crimes and the evidence against them was based on their cellular phone. Possibly they made a phone call from an area where a serious crime occurred and they were arrested on that basis. I was happy to help out because I was always a “murder mystery” fan and it was very interesting to use my knowledge for practical purposes. The attorneys continued to be referred to me and I continued to help out, until someone suggested that I start working as an “expert witness”.
After some study I learned that “expert witnesses” are impartial experts that investigate crimes based on their expertise and are paid for this. I also understood that this was a great “retirement job”. I started doing expert witnessing on the side and built quite a reputation. After my company merged with another big cell phone company and I finally realized I hated working in corporations I simply started to do expert witnessing as a business.
Everybody is good at something, and you don’t realize how much knowledge you have after working 25 years in any field. That knowledge is tremendously valuable to assist in forensics for attorneys, law enforcement and in civil matters. I’ve worked for the FBI, defense attorneys and solved mysteries involving accidents.
What do you feel are the greatest forensic challenges posed by mobile phones?
Without a doubt, the greatest challenge is obtaining valid data that is several years old. Often with criminal cases, I’m not called to investigate till two years after the crime has occurred. By that time much of the most useful data has been purged. Further, there are so many phone companies and so many mergers of companies that you cannot look at a cellular phone network as it is today and form opinions on what occurred two years ago.
How should these challenges be met?
I am not one for advocating more laws, but in this case we need to require cellular telephone companies to keep technical data for at least seven years. It’s my opinion that phone companies do not want to become involved in assisting law enforcement so I find that they increasingly are purging data at more frequent intervals. Mind you, every company I know will comply 100% with law enforcement when they are served with a court order and even have special departments that specialize in this – however, purging the most valuable technical data in 60 days makes forensics difficult. Phone bills are kept for seven years for tax reasons, however, the data on a phone bill is less than 1/10th of the technical data that is collected on every single call you place. This also points out a legitimate beef that the phone company has – where do they store all that data?
As someone who is often called upon to give evidence in court, how knowledgeable do you find both jurors and legal professionals with regard to telephone and mobile device forensics?
Great question. Most attorneys and jurors are grossly misinformed about cellular phones and mobile devices. One great example is a case I had where a group of employees were accused of stealing company secrets and starting their own company. This was a civil case of “theft of trade secrets”. The defendants in this matter made thousands of calls between each other but kept every call under one minute because they thought that “first minute free” meant that there was no way to trace their conversations if they kept the calls short. The reality is that we, as telephone companies, don’t exactly know when a call starts due to the time it takes to set up the call and the number of times the phone rings so we just offer the first minute free to be fair. That’s one example.
As far as jurors, attorneys and the police are concerned, they all lack knowledge of the technical aspects of mobile devices. In the past six years, I have found that the police view mobile phone records as the “new DNA” in investations. Unfortunately they don’t understand the technology and I’ve seen many cases of innocent people being accused of crimes they didn’t commit. Attorneys don’t have the knowledge either so they often accept the faulty facts presented to them and work from that. When I’m engaged by an attorney or a firm, the first thing I do is teach them a class for an hour or two on the basics of telephones. This is tremendously helpful to them. As well, when I’m asked to testify, I do the same for the jury before I present the evidence.
A related question: How knowledgeable do you find "traditional" computer forensics practitioners when it comes to telephone and mobile device forensics?
Another great question. Ten years ago, we had experts in computers and experts in telephones. In our own industry, telephones are now using the Internet. Internet people don’t understand telephones and telephone people for the most part don’t understand computers and the Internet. It’s been a learning experience for both sets of engineers and that spills over into forensics.
You've been involved for a long time in developing mobile telephony standards. How important is it that forensic examiners are familiar with these standards?
The technical standards are everything. They define exactly how every step of every feature and action of cell phones work. When I make an opinion regarding a cellular phone matter, there is little room for argument. The standards define step by step procedures and if you know the standards, you can easily evaluate events that occurred in a criminal matter. I don’t believe I’ve ever been involved in a case where there was an opposing expert. Experts don’t take losing cases, or to state it more accurately, if an expert’s findings are not favorable to an attorney or law enforcement the expert will likely not testify on the matter. When it comes to cellular phones, since the standards define procedures so carefully, there is no wiggle room. I understand when it comes to medical forensics there can be endless disagreements as to causes of death which are all valid. In accident reconstruction, the evidence may be interpreted in a number of ways. In matters involving psychiatric disorders, there may be many opinions. Cellular phone forensics is more like Accounting forensics. It follows a fairly rigid interpretation based on standards.
The CALEA wiretap system is another project you were involved with – can you describe what CALEA is and what benefits it has brought to forensics examiners in the US?
CALEA is the “Communications Assistance for Law Enforcement Act”. It is a law that requires telephone companies to provide wiretap to law enforcement when presented with a court order. Until the law was signed in 1994, every phone company would assist law enforcement to the extent possible in wiretapping a subscriber when presented with a court order. But the problem was every phone company had a different method. Things got worse when celluar phones came into being. The rights and capabilities that law enforcement had to wiretap somebody were quickly eroding due to advances in technology. CALEA became law in October of 1994 and required that a standardized form of wiretap be available at every phone company that would permit law enforcement to simply “plug and play” in order to perform a wiretap. The law balances the rights of people to unreasonable searches by allowing only phone companies to turn on the wiretap and it preserves the right for law enforcement to obtain legally authorized wiretaps which they have had since 1932. The system is not without controversy and it may appear to many that the CALEA act is the creation of Big Brother. No new telephone service can be launched with the CALEA capability. Others say that CALEA is a great benefit to law enforcement and the taxpayer because one standard system enables a single cost effective method for wiretap. My own views are in the middle. I see both sides and developed a patent that I feel truly protects the privacy of individuals and further provides law enforcement with an instant method to obtain and store needed evidence in criminal matters. This method essentially provides an immediate wiretap upon court approval but seals the data until it is authorized to be released by a judge.
After your recent interview for the Talk Forensics podcast, some Forensic Focus members were curious about differences in mobile technology between the US and the UK (e.g in relation to three sector cell sites, GPS in phones, etc.) Can you speak a little bit about any major differences you're aware of?
At this point there are essentially only two types of cellular phone technology in the world; the US system, known as TIA/EIA-41 and the European system known as GSM. The two systems are like computers. There are Apple computers and PC computers for the most part in the world and PCs currently own 90% of the market. The same goes with cellular phones. GSM owns 90% of the world market and the US system about 10%. Verizon, Alltel, USCellular and Sprint use the US System. T-Mobile, AT&T and the Nextel part of Sprint use the GSM based system. As with computers, both systems are moving closer together as we move to “third generation cellular systems.” Third generation cellular systems move telephone traffic across Internet based networks rather than the traditional fixed connections. To answer the question, the differences are getting fewer and fewer, but in forensics for cellular phones we must be aware of both standards. The most significant difference between the US designed system and the GSM system is that the GSM system uses “SIM cards”, small cards that users can remove from their phone and move to another phone. The majority of user data for GSM phones is found on this chip and this makes analysis of GSM phones much easier than the analysis of US-based CDMA phones.
Is the analysis of cell phones and their usage a viable career in itself?
My primary job is an independent telecommunications consultant and author. Forensics is a small but profitable part of my business. If you want to make cell phone forensics a career, you can do well today working for State Bureaus of Investigation or local law enforcement. Otherwise, if you intend to work for defendants as an expert you cannot really make it a career. Many states disallow experts from testifying in court if more than 50% of their work is forensics. Prosecutors who cross examine forensic experts in any field who don’t have another business will try to portray you as a “paid witness” who is only interested in the money and therefore will say anything to win your client’s case.
What advice would you give to someone wishing to specialise in this field?
Forensics is a great career. I would encourage anyone who wants to have a future-proof job to get into any math, science or technology field. We have so many liberal arts majors coming out of college and they are going to have difficulty finding jobs. If you come out of college with a technical degree you will work.
If you are young, find a technical field you love and work it for 10 years till you understand it fully. Without this background you cannot be a great expert. If you want to go directly into forensics, consider working for law enforcement, the FBI, the CIA, the NSA or even private investigators.
If you are well into your career, think about what you really know. Stuff that is second nature to you is incredibly valuable to forensics. An accountant brought down Al Capone. A biologist developed DNA. If you have worked 30 years in any field, you have knowledge. Can you move into a career in forensics with that knowledge? I’ll bet you can.
For either group, my number one piece of advice is to learn to translate what you know into simple terms. The best piece of advice anyone ever gave me was to draft your presentations as if you were teaching a third grader.
Along with this, get comfortable with public speaking. Start with Toastmasters. It’s cost effective and teaches you how to speak in front of a group…the number one fear of most people beating out fire and heights.
What would you most like to see changed or improved in the field of mobile phone forensics?
Simple. The preservation of digital data for at least seven years. Memory / Digital Storage is getting very inexpensive and the detailed technical information that cell phone companies use to figure out maintenance problems is invaluable to evaluating telephone matters. Too often law enforcement gets this data in the course of investigating a crime within days of the incident, but may not keep it. By the time an attorney gets the case and realizes he needs a telecommunications expert, more than a year or two may have passed and the data is gone.
What is the most rewarding part of your job?
The knowledge that I can find the truth in a matter. No doubt, playing CSI is a lot of fun, and getting into the data to find out what really happened is a tremendous thrill. There is so much satisfaction in sitting down with a pile of documents and working the data until you get that “Ah ha” moment where all the evidence falls into place and you know what happened.
What aspect do you find most challenging?
The most challenging part of being a forensic expert is dealing with the reality of our legal system. We have an adversarial court system meaning a lawyer will do anything within the rules to free his client and the prosecution will do anything within the rules to convict a defendant. As an expert my job is simply to tell the truth. I’ve had evidence that clearly shows that a defendant and a victim of a murder were in two different states at the time the victim was known to have been murdered. This evidence, if seen by the jury would have surely freed the defendant. Through legal battling this exhibit (a timeline) was suppressed by the prosecution and the defendant now sits in jail for 38 years. Of course appeals are in progress based on the fact that the jury didn’t see the time line but still I have some anxiety about the defendant’s situation. You have to take an attitude that you’ve done your job and told the truth. You learn quickly that people do lie in court, and not everybody is unbiased. It would be nice to have a system based on the “Innocence Project” that doesn’t seek to win or lose but simply to find the truth, but that’s not going to happen too soon, so you have to learn to deal with this challenging reality.
What do you do to relax and unwind?
I’ve always worked at things I love. Engineering, cell phones and now consulting. With that type of attitude you don’t get too stressed. Clearly, you need to have balance, so when I find I’m working too much I readjust my balance. I love to scuba dive, exercise, and stay connected with friends who are not involved in any aspect of engineering or the court system.