How Mobile Phone Metadata is Used by Law Enforcement

Post date: Oct 9, 2015 12:11:49 AM

On this site I have recommended a VOIP or prepaid mobile phone for maintaining a secret identity, with the caveat that they are not useful for evading law enforcement. You can feel free to use this information to keep your communications hidden from snooping parents, spouses, employers, or school administrators, but be aware that it's much tougher to hide from someone with access to extensive records from your service provider. If you want know how to avoid surveillance by law enforcement, you can start by obeying the law. Below is a video detailing how small bits of data about mobile phones can be put together to draw a picture of the phone's user, and his or her network of associates.In case you aren't aware of how a mobile phone works, or how metadata helps law enforcement here is a brief description:

  1. As a mobile phone moves around, it affiliates with various cell sites or towers. These sites are generally fixed in one easily identifiable spot. Each site broadcasts in a radius, forming a kind of circle known as a cell. These cells overlap, forming a cellular network.
  2. Mobile phones connect to available towers based on signal strength. If given a choice between multiple sites, the phone chooses the site with the strongest signal. When a mobile phone moves out of range of a site, the phone then "hands over" to another site. This is unique because most of the time this doesn't drop an active call.
  3. The phone in your pocket (a.k.a. your handset) has two identifying pieces of information embedded in it. These numbers associate your handset to a tower and to a telephone number, which translates to a location and your handset's relationship to other handsets based on calling patterns.
  4. The ESN or IMEI is an embedded number that identifies your handset to the tower it has connected to. Because a tower connection is also a rough physical location, it's possible verify where a mobile phone is at a given time based on the tower it is connected to. You can assemble multiple data points to draw conclusions, such as:
    1. where the handset owner sleeps and works based on long periods of time with no movement
    2. the handset owner's daily routine, based the regularity and time of day the handset appears at a given location.
  5. The SIM card in your handset authenticates your phone on your carrier's network. The subscriber number on your SIM is a one-to-one relationship with the telephone number assigned to your handset.
  6. The numbers that you call, and the numbers that call you form a sort of social network. Without knowing what was said on a call, and without having the identities of the persons making and receiving these calls, it's possible to map a network of operatives based on these traffic patterns. By listing the telephone numbers that a handset calls and is called by you can assemble data points to draw interesting conclusions such as:
    1. calling patterns can map a chain of command
    2. calling times before or after a known event can indicate involvement in said event
    3. activity can indicate the planning phase of an operation, lack of activity can indicate the completion of an operation
  7. Combining mobile metadata with other information gathering, such as surveillance and subpoenaed records can associate handsets, telephone numbers, and locations with physical descriptions, credit card numbers, and license plate numbers.

The video below is a talk from the Black Hat conference in Las Vegas. It details an investigation by Italian authorities into the kidnapping of an Egyptian Cleric from Milan by CIA operatives.