In several recent murder trials, cell-phone records played an important role. Sean Fitzpatrick used cell-phone records as part of an alibi. The prosecution in the Carla Hughes trial used both her and her boyfriend’s cell-phone records to place the defendant in the vicinity of the crime scene at time the murder is believed to have occurred. Even in Scott Peterson’s trial years ago, the prosecution used his cell-phone records to show a supposedly suspicious pattern of behavior (calling girlfriends while driving).

In the Carla Hughes murder trial, police discovered that Ms. Hughes and her boyfriend (also the murder victim’s fiancé) communicated by cell phone only minutes before the crime is believed to have been committed. According to TruTV’s Jean Casarez (on the air), police have never been able to question Ms. Hughes about the call.

But what do cell-phone records really prove?

The principle fact proven by cell-phone records is that a call was made from a certain phone number to another phone number at a specific time. Note that I used the phrase “phone number” rather than “cell phone,” because a cellular network can only track phone numbers, not phones. GPS systems can track a physical cell-phone, but cellular networks alone cannot.

According to “HowStuffWorks,” each cell phone has a unique 32-bit Electronic Serial Number (ESN) embedded in it at the time of manufacture. In addition, when the phone is activated, two other codes are programmed into the device: a Mobile Identification Number (MIN), which is based on the 10-digit phone number, and the service carrier’s 5-digit System Identification Code(SID). These three codes uniquely identify the cell phone account to the network.

Here, too, please note that I used the phrase “cell-phone account” and not “cell phone.” They are not the same things. As an analogy, consider your bank account and account number. Anyone can deposit money into a bank account, whether they own the account or not. Criminals can steal a bank card or forge checks to access the account’s funds.

Who Made the Call/Who Answered the Call

Cell-phone records do not tell a jury who actually made or received a phone call—and not only because the device can be used by anyone who possesses it (a thief, for instance). It is possible for criminals to use scanners to hijack a cell-phone’s identifying codes (ESN and MIN) and then to use them to make calls from someone else’s account. (The only way for the phone’s owner to find out that this theft has occurred is to carefully monitor records.)

Theft of phones and phone numbers is a critical issue for cell-phone forensics. If I were a defense attorney, I would insist that the prosecution prove both that the cell phone in question was in its owner’s possession when incriminating calls were made and that all the calls from the phone number were actually initiated from the physical cell phone.

It is true that cell-phone owners can password-protect their phones, but I suspect very few do so. So, in most cases a stolen or borrowed cell phone can be used by people other than its owner. And when a stolen cell phone contains data indicating that such a password has been set up, there is still no guarantee that the owner had activated the password protection when the phone was stolen. (How many of us really expect to lose our phones on any given day?)

In the Carla Hughes trial, for example, as evidence that the defendant knew the victim, the prosecution pointed to two calls to the defendant’s cell phone from the victim’s cell-phone number. But there was no way to prove that the victim actually placed those calls. The calls might have been made by the victim’s fiancé to Ms. Hughes, for example.

• Sidebar: As a mystery writer, I can’t help but imagine many ways a person might be “framed” by a phone-number hijacker or by a cell-phone “borrower.”

Call Records

Cell-phone account records show only that a given account (phone number) was charged for certain cellular services. In most cases, the records show when a call was initiated and to what phone number, when a call was received and from what phone number, the duration of the call, and the location of the cellular tower(s) (or “masts”) that routed the call.

Depending on the account type, though, as I understand it (and that isn’t saying much) all uses of the phone may not be fully recorded. For example, an account with unlimited services of one type or another may not be tracked at the level of detail a more-limited account may be. Neither SMS messages, for example, nor data services (email, the Internet) might be tracked in detail by a given carrier. (I seem to remember a case in which SMS or other types of messages were not part of the records presented in court for this reason. And my iPhone records show nothing about my constant data usage.)

The issue of data services records particularly intrigues me. A full-function 3G or 4G phone has all the multimedia functions of a laptop, including Skype phone calls (and apps do seem to be available). I don’t know, though, whether Skype Internet phone calls generate the same level of detail as do other calls.

• Sidebar: I’ve found several interesting and potentially useful 3G “forensic” apps for the iPhone: several GPS apps, flashlight apps (for nosing around in dark places), a sex offender locator, “CSIScanner” (a dopey fake lie-detector test), most-wanted lists, “Crime Rate USA,” and many books and courses for whodunit fans.

Certainly a 3G phone could use interactive instant messaging services to communicate with another Internet user. And these communications would not be included in the carrier’s account records. In such cases, a type of computer forensics would have to be applied to cell-phone’s storage media.

• Sidebar: I suppose a clever investigator could also make some assumptions about a cell-phone account by examining records of “missed calls,” since even when a cell phone is turned off records of incoming calls are retained. For example, in a mystery novel I might have my P.I. note that incoming calls were missed during the time of the crime. It’s one of those “absence of evidence is not evidence of absence” non sequiturs, though: A missed call tells a jury only what the phone’s owner was not doing—not what they were doing.

Location of the Cell Phone During Calls

Cell-phone records do not prove exactly where a person was at any given time. And this is my biggest problem with courtroom use of cell-phone records.

• In the Sean Fitzpatrick case, he claimed to have checked cell-phone messages when his phone was on his kitchen countertop and to have made calls at critical times.
• In the Scott Peterson case, his cell-phone records supposedly showed that he was making questionable calls while driving away from his workplace toward San Francisco Bay. In my opinion, though, it is hard to understand what possible relevance this information had to the prosecution’s case. Peterson told the police that is what he was doing and when.
• In the Carla Hughes case, her cell-phone records supposedly placed her in the vicinity of the crime scene, while simultaneously the cell-phone records of another suspect placed him further away from the crime scene. Since Hughes did not testify in her defense, the jury concluded (incorrectly, I believe) that this was evidence of her being the murderer. (At worst, to me it sounds like evidence she had guilty knowledge.)

As a result I have several problems with cell-phone location information. Cell-phone location records are:

• After-the fact: 

  All that such after-the-fact records can tell a jury about a cell-phone’s location is which cellular tower (or “mast”) the phone (or a phone using a hijacked number) was near when a call was made or received.  In a moving vehicle, the records may show movement between towers or—may not. If a call is initiated within the range of given tower, that tower may continue to receive the call’s signal for the duration of the call, or it may relinquish the call to another tower. It all depends on a complex algorithm used by the specific carrier to route calls around its network.

  Precise “triangulation” tracking of a cell phone’s location (in real time, as opposed to after the fact) is not a part of the records presented in court.  Such triangulation requires law enforcement to access the realtime activities of several towers in an area where a given (known) cell phone is believed to be.

• GPS tracking of a cell phone, which is precise, requires the cell phone to contain a GPS device and requires the cell phone and/or the GPS services application to be on. GPS locations are not included in the cellular carrier’s records.

• Imprecise:

A tower or mast has about a 25-mile radius of coverage. In a rural area with few towers, the records might conceivably prove only that a cellular call was made within 25 miles of the tower, but not in which quadrant the phone was located—if, for example, the next-nearest mast was over 25 miles away. Conceivably, in such a situation, the cell-phone could be almost 50 miles away from any given location. In a city crowded with masts, the cell-phone records could prove a location more precisely. But, if I were a juror in a case involving cell-phone locations I would want to know how dense the population of towers was in the area before I excepted the records as evidence.

• Easy to falsify:

Sean Fitzpatrick demonstrates how easy it is to falsify the location of a cell-phone’s owner if not of the phone itself. All you have to do is charge up your cell phone, turn it on, turn off the ringer and vibration (so you can explain why you did not answer it during the period in question), and then leave it somewhere while you go off and commit a crime. You could even have a second cell-phone in someone else’s name with which you make a call to your distant phone just to make sure its location will be tracked in your records.

Now I know most criminals are too stupid to figure out a clever way to use their cell phones as an alibi. So, in most trials cell-phone records may be valid evidence of “opportunity” to commit a crime.

But a few criminals are smart. A few criminals are technically knowledgeable. A few criminals can manipulate cell-phone records for their own purposes. A few criminals can actually hijack a cell-phone number. Even a low-IQ murderer like Michael King knew enough to smash and discard his cell phone before the cops found it in his possession.

Besides, very few cops and few prosecutors are Sherlocks either.

Jurors Need to be Skeptical

IMHO, jurors need to examine cell-phone records skeptically. The cops may say that the records “prove” where a certain person was at a given time, but on their own the records do not “prove” anything. Cell-phone records are “evidence,” that is, data that may add up to proof in context.

I suppose that’s what irks me about most forensic evidence—it is only evidence, not proof. It is subject to interpretation, and the quality of the interpretation depends on the quality of the analysis from which the interpretation evolved.