FUTURE OF MOBILE: The intelligence behind tracking digital evidence

The first time most of us had any sense of how using a mobile phone left a trail that lasted long after you’d hung up was the Joe O’Reilly murder trial.
FUTURE OF MOBILE: The intelligence behind tracking digital evidence

In July 2007, an O2 electronics engineer testified that an analysis of mobile phone records put O’Reilly at or near the scene of the murder at the Naul, Dublin, and not the Broadstone Bus Depot, where he claimed to have been.

When O’Reilly was eventually convicted of bludgeoning his wife to death at their home, the mobile phone evidence was cited as crucial.

Phones too played a central role in Graham Dwyer’s conviction for the murder of Elaine O’Hara earlier this year.

Evidence lead gardaí to Vartry Reservoir in September 2013, where, following a fingertip search, two Nokia phones were found.

Despite the fact both had been lying on the muddy bed of the reservoir for over a year, technical experts were able to retrieve hundreds of text messages and deleted data from them.

It appeared that the two phones — one of which was readily identified as Ms O’Hara’s — were in almost exclusive contact with each other.

Now the technical probe split into two. As one team explored the content of the messages in an effort to find out who the other phone belonged to, civilian crime and policing analyst Sarah Skedd set out to see where the phones had been.

The content search turned up a cluster of personal details; talk about a pay cut, the birth of a child, coming fifth in a model airplane flying competition.

Cross-referencing this material with content from Ms O’Hara’s computer eventually gave the gardaí a name: Graham Dwyer.

Mobile phone location analysis meanwhile revealed that the texts sent by the mystery phone during working hours originated in Dublin 2. During the evening, when far fewer texts went out, the phone was connecting with Co Dublin masts.

The critical piece of evidence, the piece which brought those two technical examinations back together, came when Skedd established that the phone had been used in Galway on July 4, 2012.

She then obtained toll booth records and searched for vehicles whose owners lived in south Co Dublin that went through the M6 tollbooth, then the M4 one an hour later.

The search turned up the registration number 99 G 11850. It was registered to Dwyer.

Trials like these provide the only real source of information on how gardaí access and use phone records in their investigations.

None of the telecommunications companies will say how often gardaí come looking for phone records.

In response to questions, they will only say they comply with their legal obligations. The gardaí are equally tight-lipped.

A spokesman says that only a chief superintendent can request telephone data from a service provider, and only under one of three circumstances.

“The prevention, detection, investigation or prosecution of a serious offence, the safeguarding of the security of the State or the saving of human life.”

The spokesman goes on to say it is not Garda policy to release the number of requests applied for.

Vodafone does however produce a law enforcement disclosure report annually, which is a little more revealing.

It says that prior to the publication of last year’s report, the company asked the authorities if Vodafone could publish aggregate statistics about how often they — the authorities that is — tapped phones, something that is referred to as “lawful interception” in the report.

“In response”, says the report, “the authorities instructed us not to disclose this information”. Vodafone can tell us that last year, Irish law enforcement authorities demanded access to communications data 7,973 times.

Remember that these are requests across the Vodafone network only, and as such, can only represent a portion of the requests made to all providers.

The report says, as the Garda themselves imply, that these requests can take many forms: “For example, police investigating a murder could require the disclosure of all subscriber details for mobile phone numbers logged as having connected to a particular mobile network cell site over a particular time period, or an intelligence agency could demand details of all users visiting a particular website.

“Similarly, police dealing with a life-at-risk scenario, such as rescue missions or attempts to prevent suicide, require the ability to demand access to real-time location information.”

We’ve seen at least one example of the latter in the recent past. In June, a young Limerick woman was reported missing in the city.

Gardaí tracked her mobile phone signal to wetlands at Grove Ireland in Corbally, where she was found and rescued.

Despite the obvious benefits of these powers, privacy advocates don’t like the fact Irish authorities are so secretive about how they use the technology.

Richard Tynan is a technologist with Privacy International.

“The first step in this matter is to understand the process and safeguards in place for the Irish government to get this highly intrusive data en mass,” he says, pointing out the aforementioned Vodafone transparency report highlighted Ireland as one of only five countries that mandated direct and unfettered access to their network.

This effectively means there is no possibility of the company scrutinising any aspect of the interception regime and possibly pushing back against it.

“The Government needs to make clear all the requests it makes, how many users are affected and what is done with the data it receives.”

There’s another dimension to secrecy. Mr Tynan refers to the Garda Síochána Ombudsman Commission bugging scandal.

When a UK counter- surveillance firm was last year brought in to conduct a security sweep of GSOC’s offices, one of three anomalies revealed suggested the presence of a UK mobile network in the vicinity.

Mr Tynan explains that there are only two possible explanations for this. One is that one of the Irish mobile operators deployed a misconfigured device that incorrectly identified itself, but since none of the operators has come forward to admit that this happened, that only leaves the other possibility. Someone was using a Stingray.

“Stingrays”, he explains, “or IMSI Catchers, are used by authorities around the world to put large groups of people under indiscriminate mass surveillance via their mobile phone”.

While there are many different forms of this technology, in essence, the stringray mimics a real cell phone tower, but instead of relaying your call, it tracks both the location and content of your mobile phone.

I asked gardaí if they use Stingray-type technology. Their response couldn’t really be called a denial: “Requests for call related data under the provisions of section 6 (1) of the 2011 (Act) are made to the relevant telecommunications service providers. An Garda has no input into the process of searching for or generating the results.”

Mr Tynan believes it’s quite possible that an IMSI Catcher was in use during the security sweep of the GSOC offices.

“While we have no other specific indication that Irish law enforcement or intelligence services are in possession of these devices, their low cost and ease of use mean that many countries around the world now admit to using them.”

Research by the American Civil Liberties Union has revealed that this technology is widely deployed across the US, by everyone from the FBI and the Internal Revenue Service to the army and the DEA.

However, it’s the fact there’s no regulation around how this technology is sold or used that causes most concern. Rory Byrne is founder and CEO of technology and physical security company, Security First.

“I’ve spoken to former security services people in Europe”, he says, “and they will tell you that for a thousand pounds I can ring a buddy and get the location of any mobile you want me to find.

"Because the technology is accessible by a number of people for government purposes, there’s obviously a sideline going on for people to do that for private purposes”.

Mr Byrne believes technology like this is being used widely for industrial espionage. Both he and Mr Tynan are however particularly concerned with how it’s being used by oppressive regimes.

“This is a very real concern,” says Tynan. “The trade in turn-key surveillance tools for internal repression is extremely worrying and one that requires political accountability. Call monitoring technology, such as IMSI catchers, have been deployed widely.

"Large taps or probes on the provider’s network can intercept thousands of calls and data simultaneously across an entire city or country from a central monitoring centre.”

Last year, The Washington Post reported on a New York-based company called Verint. It manufactures and exports communications analysis systems under the tagline “Locate. Track. Manipulate.”

The blurb says the system offers government agencies “a cost- effective, new approach to obtaining global location information concerning known targets”. The firm, which also has an office in Dundalk, claims to have clients in more than 10,000 organisations in over 180 countries.

An IMSI catcher, it should be said, is not a precision instrument. It operates indiscriminately, hoovering up the unique identifiers of every device within its reach; innocent parties as well as potential suspects.

One of the goals of Privacy International is to stem the export of these technologies to regimes where they will be used for repression.

Privacy activists are however focusing their attention closer to home at the moment. The UK government published the draft text of the new Investigatory Powers bill last month.

If signed into law in its current form, this bill would require web and phone companies to store the online activity of every citizen in the UK for a period of 12 months.

Once stored, this data can then be legally accessed by police, security services and other public bodies.

The bill also explicitly enables security forces and police to hack into computers and phones, and places legal obligations on companies to help them to do this.

This situation, says Mr Tynan, will have repercussions for the privacy and data protection rights of people beyond UK borders.

“The UK government is seeking the power to compel companies, many of them based in Ireland, to hack users on their behalf.

"Accordingly, Facebook serving an Irish user malware for the British Government could be a reality by the summer.

2Similarly, Apple could be compelled to install the malware via an update onto an Irish person’s phone.

"These new powers for the UK government, and their reach into Ireland need to be scrutinised and debated by our lawmakers.”

More in this section

News Wrap

A lunchtime summary of content highlights on the Irish Examiner website. Delivered at 1pm each day.

Sign up

Some of the best bits from irishexaminer.com direct to your inbox every Monday.

Sign up