The FBI Cellular Analysis Survey Team (CAST) assists on cases involving cell phone evidence. They have a standard report template they use that changes from time to time, but they continue to get it wrong.

I'm a technology expert in cell phone networks, phones and coverage analysis. My background is in cellular technology not law enforcement. The reason I got into assisting attorneys in legal cases is because I saw how prosecutors and law enforcement mislead judges and juries with maps that do not represent reality. The maps they typically create are biased and support their narrative as well as being technically incorrect. I see it on almost every single case I work.

I have worked on several post-conviction appeal cases that we were able to overturn and obtain new trials based on the misleading presentation of the cell phone evidence. What they don't realize is that if they would just present the data as a fair representation of the underlying data they would probably still win their case in the district court and be bullet proof on appeal.

FBI CAST uses the CDR and Historical Precision data from the network providers. They will also plot data from a phone extraction and Google location history.

The first issue is how they use a parameter called Timing Advance to draw an arc with a radial distance from the tower in the direction that the antenna is pointing. You can read my blog on Timing Advance at Timing Advance and Phone Location Estimates – Cell Phone Forensics.

The following table is taken from a T-Mobile timing advance file.

The column to the far right contains the distance to cell values. This value in miles comes directly from the timing advance value.

According to the LTE specification the timing advance numbers increase by .52 microseconds for each timing advance numbers. If we multiply the time of the timing advance value by the speed of light, we get an approximation of the distance.

The following table shows the timing advance (TA) values 0 through 20, their corresponding timing advance in microseconds, and the calculated distances by multiplying times the speed of light in meters and miles.

The first row in the T-Mobile data file has .24 miles for the timing advance for that record. Looking at the prior table, this corresponds directly for a TA of 4. (The outer end of the range is logged in the T-Mobile data.)

T-Mobile should just log the TA value but instead they convert it to distance in miles. This adds confusion as first we need to figure out that this is actually just the TA value converted to miles and not some algorithm T-Mobile used to create the distance value.

If we accept that it is just the TA value converted to miles, then the one might think that this is an accurate measure of distance, which it is not. One might think that when T-Mobile logs the calculated distance of a TA value that it can be plotted onto a map without consideration of its accuracy or lack thereof. One may assume that the error factor is simply the distance range for that TA value. For example, a TA value of 4 has a distance range of .19 to .24 miles.

Here is a cutout of a map that the FBI CAST used in one of my recent cases. I have seen this depiction on multiple cases for at least the last few years.

I measured the thickness of the arc line using the Google Earth measurement tool and it was approximately 78 meters. The line thickness is essentially the error factor. The FBI reports never explicitly state the line thickness or where the thickness value is sourced. They just plot it as is using the TA 78-meter range as the error factor or line thickness. This is incorrect. When testing the accuracy of the TA values I have found the error factor to be over 6 times 78 meters in an area with no interference, flat terrain and a high tower. In other words, my testing was in a best-case scenario. Also, because of multipath and other interference two mobiles could be 50 feet from each other, with one behind a building and another with a direct path to the tower and they would have two different timing advance values.

These maps are misleading, and the FBI should know better. The real world does not function this way. It is not clean lines with small error factors.

The next issue I have with them is how they depict a tower antenna. The following image shows that they depict a cell tower antenna as two fairly long lines showing the antenna beamwidth with a semicircular shaded area between them.

I have no idea what the shaded area means, and the lines seem a bit long. This could lead a jury to believe that the antenna coverage area is only within the lines. This couldn't be farther from the truth.

The lines should be shorter, and the shaded region should be replaced by an arrow such as in the following depiction.

The shorter lines don't mislead someone to think that radio waves travel along a sharp edge. Radio waves spill to the sides and even behind the antenna. Replacing the shaded area with the arrow removes the thought that the shaded area is somehow related to coverage. The reality of coverage is that from the data provided we don't know the coverage of the tower so any kind of indication of coverage should be removed.

Occasionally, the FBI will get a search warrant return from Google for location history. Note that Google no longer keeps subscribers' location history on their servers, but it can be stored on the phone. This same issue I am about to describe also has to do with locations that are stored on the phone. These can be Android or Apple phones.

As described in my blog Life 360 app - cell phone forensics the cell phone obtains its location from several different sources internal to the phone. This can be GPS, Wi-Fi, cell towers and internal sensors. It is important to know which source is providing the location to the log data as part of the extraction. The accuracy of GPS is vastly different than the accuracy of cell towers or using internal sensors alone. If the source of the location is not provided, then any points should not be mapped and should be excluded. All locations are calculated whether it is GPS or Wi-Fi or other source. Any calculated estimate needs to have some error factor and a way of testing its accuracy. The FBI and anyone else should not plot points without the testable error factors and the known source of the location estimate. This can be highly misleading to the jury.

So, the FBI needs to get this right. They need to stop using arc lines based on theoretical distance not related to the real-world environment. They need to depict towers that don't mislead the jury into thinking it depicts any form of coverage area. They need to be better at plotting points that have error factors, and they need to eliminate points that have no testable source of location.

They are overstepping the line when presenting this data in the courtroom. They are biasing the data to fit their narrative. The problem for them is even if they get a conviction in a lower court this allows for post-conviction appeals. If they did some extra work and presented the data fairly, they may still get their conviction and have a solid defense against appeal. Presenting data fairly allows the defense and prosecution to get past the back and forth about how this data is depicted and can argue the merits of the case saving everyone's time.

Don't get me wrong, I respect the FBI and law enforcement in general, but I have seen too many people get convicted on biased and flimsy cell phone evidence. It's something that needs to be fixed in our justice system. Maybe the FBI can take the first step and change the way they do it.