We’re all familiar with crime-scene forensics, or at least the TV version that is the central plot point for every single cop show, but I must admit the concept of cell-phone forensics is new to me.
Fortunately for the hiker who was lost for two days in the snow in the Pemigewasset Wilderness back in May, it’s not new to the people in the Civil Air Patrol who fly search-and-rescue missions.
“We flew and flew and flew but we couldn’t find him in the woods,” said 1st Lt. Charles Sayegh of the CAP, a civilian, volunteer arm of the Air Force. “We contacted the cell phone forensics center and they turned that system on and picked up the guy’s last cell-phone transmission. We then triangulated his position and the ground team – Fish and Game and others – found him within 90 yards of the projected most-likely position.”
The man was in such bad shape that a National Guard helicopter was called in because he wouldn’t have survived being carried out by hand. Score one for cell phone forensics, whatever that is.
I got curious about cell phone forensics after hearing about its use in a different White Mountains rescue. News reports indicated that the Civil Air Patrol has created a national Cellular Forensics Team with an unusual, perhaps unique, expertise in parsing and understanding cell phone signals and their history.
Still, I was puzzled. I can understand using forensic techniques to get inside a password-protected phone, but why is all that effort necessary just to see where a phone was used? Doesn’t your location show up on a screen somewhere?
So I talked to Sayegh. He pointed me to a presentation given by the Cellular Forensics Team a few years ago. That team has been involved in 1,500 search and rescues throughout the country, including a number in New Hampshire. The presentation can be seen online at vimeo.com/220654137.
It turns out that cell phones’ very strength for connecting calls can be a liability for pinpointing them.
Mobile calling is possible only because software in phones and in the network can pick up and hand off your call easily. When you make a call, your phone sends out signals that are usually seen by a number of towers. Which tower takes the call depends on many factors, including geography, the orientation of antennas, how much other traffic is being used already, and of course which company has antennas on the tower.
As you move, even a relatively short distance, the decision matrix may change and suddenly another tower will take your call without you noticing it, with your call being passed between “cells” in the network (hence the name).
Great stuff but, the presentation said, this complexity means that if you make a call then hang up and make another call without moving, different towers may be involved with each, which seems to indicate that you’re in two different locations. In an urban area with lots of towers, a single call can appear to originate from dozens of places.
As a result, using what is called network-based location to find a phone – that is, estimating a phone’s location based on how its signal appears one time within the overall network – can be very misleading. A little online searching finds plenty of stories about arrests or convictions based on what turned out later to be a misinterpretation of network information.
Even in areas with few towers, like the North Country, things can get tricky. Because cell phone signals are mostly line of sight, the tower nearest to you may be blocked by trees or hills, and your signal may end up being picked up by a more distant tower.
Cell-phone forensics requires incorporating other data than just which tower picked up the call.
The CAP’s Cellular Forensics Team, for example, has compiled detailed maps of each tower’s coverage area, which because of geography isn’t always a nice clean circle. They say they’re the only organization that has such maps readily available. They also gather tower information about how far away the phone was; azimuth and beam-width information about the tower’s three antennas, which point in different directions; and knowledge about how accurate different cell phone companies are in the information they provide.
Compiling all this and combining it with real-world data like maps and locations of roads is the final step. As the presentation said, this usually produces not a pinpoint location but a box of likely locations. If the person may have moved since the last call, perhaps because their phone battery died, that increases the size of the box.
And remember, all this has to be done quickly, because somebody is lost and waiting for help.
If you’re lost, by the way, there’s an easy way to assist possible rescuers: Call 911. Federal law requires that 911 calls institute GPS, which uses satellite rather than cell phone towers; it quickly gives your location pretty nearly exactly, so CAP won’t have to fly all over the place to find you.
Incidentally, you don’t have to make a call to leave “a trail of bread crumbs,” as I heard it described several times. If a cell phone is on, it sends “pings” to towers that keep it oriented in the network, even if you don’t make a call. These pings can be used to help find people, even if there’s no call.
That raises obvious privacy concerns, which is why I keep my phone turned off most of the time. Sayegh said the Cellular Forensics system can only be activated by first responders or emergency services. “We don’t use it for any kind of criminal purposes – only use it for search and rescue,” he said.