Mobile location data now plays a critical role in many criminal investigations worldwide. Just how important it is to get things right though is illustrated by recent problems experienced in Denmark. The issues that were uncovered have serious implications for investigations worldwide.
“Danish National Police are reviewing 10,000 cases to investigate the significance of an error in the program used by the police ton process data on citizens’ movements and mobile activity by telecommunications companies.”
This was how Danish Radio alerted Danish citizens to a serious problem with criminal investigations in Denmark. The resulting investigation led to a two-month ban on using location data as evidence in criminal cases, while the problem was investigated.
10,700 criminal cases had to be reviewed
32 prisoners were released
40 new cases were postponed
“We couldn’t take the risk that innocent people might be convicted,” said Nick Haekkerup, The Danish justice minister, who added that the first priority must always be to avoid miscarriages of justice.
“This is a very, very serious issue,” Jan Reckendorff, Denmark’s director of public prosecutions told Denmark’s state broadcaster DR.
“We simply cannot live with the idea that information that isn’t accurate could send people to prison.”
Reckendorff went on to say that errors in mobile location data meant that not only was it possible that innocent people could have been placed at crime scenes, but also that criminals were wrongly excluded from inquiries.
Software issues behind the inaccurate results
The Danish police’s mobile location data problems derived from software used to convert raw data from phone masts into usable evidence - dating back to at least 2012. Police discovered three main problems with the data they had been relying on for criminal investigations:
the solution was inaccurately linking phones to the wrong masts – recording them as simultaneously connected to several towers, getting the origins of text messages wrong and incorrectly locating specific cell towers. This had the effect of mislocating suspects – potentially leading to the conviction of innocent people or failing to accurately locate guilty parties.
the data was incomplete because the conversion process from raw to usable data was omitting data. This meant some calls were missed and the history of the phone’s historic movements was incomplete. This might have meant guilty parties being excluded from criminal investigations because their movements and history had not been accurately recorded.
telecoms firms were not ensuring that they were compliant with lawful authorisation – either handing over too much data or not ensuring that police had the legal authority to the data (such as a court order). This could undermine trials if data had to be excluded because it wasn’t lawfully obtained. It also meant that both police and telecoms firms might be impinging on data privacy rights putting the in breach of their GDPR responsibilities.
These problems called into question the use of mobile location data not only in Denmark but globally. Swedish authorities immediately began to investigate whether its own data was reliable. While Norway’s acting Director of Public Prosecutions Harald Strand tasked Norway’s National Criminal Investigation Service to find out whether “there may be a corresponding error” in Norway.
A legal expert quoted in the New York Times said that police and lawyers had taken for granted that mobile location evidence was accurate. Karoline Normann, the head of the Danish law society’s criminal law committee, commented to Agence-France Presse: “Until now, mobile data has had a high significance and value in courtrooms because this kind of evidence has been considered almost objective. This situation has changed our mindset about cellphone data. We are probably going to question it as we normally question a witness or other types of evidence, where we consider circumstances like who produced the evidence, and why and how.”
Jakob Willer of the Danish Telecom Industry Association pointed out that the problem arose from the requirement for telecoms firms to provide data to police in the first place. He noted that telecoms systems were designed for the operation of phone networks and to enable communication, not for investigative or legal purposes. “We are not created to make surveillance systems, but to make phone networks,” he said.
Inaccurate mobile data: A global concern
This is not the only time that police authorities have faced such problems. In 2016, a Kansas family sued a geolocation company after their remote farm was visited countless times by police looking for fraudsters, stolen cars, missing people and hackers, as well as angry business owners complaining about scams and spamming. An investigation discovered that a LDNS (local domain name server) had incorrectly been located on their property by a location firm, which meant 600 million IP addresses had erroneously been assigned to the their remote farm.
Meanwhile, a family in Pretoria, South Africa living in a quiet middle-class neighbourhood had police officers turning up to locate stolen phones and laptops, missing persons and fugitives. A team of armed commandos even stormed their property while they were having dinner. Their problems were caused by a default geolocation setting at the National Geospatial Intelligence Agency (NGA) in the US. This meant that over a million IP addresses had been geolocated to the family’s home.
Mobile location data is such a vital part of police investigations that it must be reliable and beyond question. To restore public confidence in geolocation, and to ensure data supports criminal investigations rather than hindering them, data has to be both holistic and accurate. Access also has to be demonstrably compliant with court order and privacy regulations, so that evidence is admissible in court while privacy and data rights are respected.
Is there a better way?
Subtonomy REX is an accurate call- and geolocation management solution for criminal investigations. An automated, highly secure and self-service solution, REX is fully compliant with all regulatory and legal requirements. This ensures that all data retrieved is legally-authorized and admissible in court, with the ability to limit searches to what has been authorized (by time, location or individual) and a full audit trail of searches to improve data security. Subtonomy REX makes mobile geolocation more efficient while protecting customers, lawful authorities and CSPs themselves.
Find out more about Subtonomy REX and how you can rethink your response to lawful telecom interception requests by meeting us at ISS MEA 13-15 February 2024.