The use of historical call data records as evidence in the criminal justice system - lessons learned from the Danish telecom scandal
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
ARTICLE:
The use of historical call data records as evidence in the
criminal justice system – lessons learned from the Danish
telecom scandal
By Lene Wacher Lentz and Nina Sunde
Historical call data records (HCDR) are frequently used period 1995-2020.2 HCDR can shed light on the
as evidence in criminal trials. However, several circumstances of an incident, such as who has been in
inherent uncertainties are associated with HCDR data, contact with whom (telephones/telephone numbers),
and, additionally, errors may occur when law at what time and/or at which location (cell
enforcement processes the data. In Denmark, tower/cell).
processing errors were introduced into HCDR from
2010 until 2019. The Danish authorities are currently Although HCDR have been useful, they have also been
reviewing more than 10,000 criminal cases in order to controversial and contested, due to the limitations
secure a fair trial. This article conducts a socio- and uncertainties associated with the information
technical analysis of the Danish telecom scandal, obtained from telecom service providers.3
which shows that, in addition to the processing errors Before we proceed further in discussing what caused
highlighted,1 sources of error are related to or contributed to error in the telecom scandal, it is
competence, cognitive factors and inadequate quality necessary to outline how we understand the concept
management. of error. An error may be described in many ways.
Here, we relate the term “error” to validity, which we
Introduction think of as “the overall probability of reaching the
The widespread use of mobile communication entails correct conclusion, given a specific method and
increased opportunities for law enforcement to data”.4 Thus, we understand error as the invalid
secure relevant information that may contribute to results of a method or a process. Christensen and
solving crimes. Digital communication data in the colleagues discuss error in forensic science and
form of historical call data records (HCDR) are distinguish between different types of error due to
frequently used in criminal trials as evidence. For the sources they originate from: practitioner error,
instance, a search on the term “cell tower” in instrument error, statistical error and method error; in
Norwegian verdicts returns 363 responses from the
1 before HHJ Crowther QC, 14 Digital Evidence and Electronic
For example, see the English case of R v Cahill; R v Pugh –
a summary is set out at 9.90-9.95 in Stephen Mason and Signature Law Review (2017) 67 – 71.
2
Daniel Seng, editors, Electronic Evidence (4th edn, Institute The search was performed with the Norwegian term
of Advanced Legal Studies for the SAS Humanities Digital “basestasjon” in Lovdata Pro: https://lovdata.no/pro/
Library, School of Advanced Study, University of London, performed 09 November 2020.
2017), Open Access PDF version in the Humanities Digital 3
See, for example, Coutts, R. P., & Selby, H. (2016).
Library at http://ials.sas.ac.uk/digital/humanities-digital- Problems with cell phone evidence tendered to prove the
library/observing-law-ials-open-book-service- location of a person at a point in time. Digital Evidence &
law/electronic-evidence ;see also Harold Thimbleby, Elec. Signature L. Rev., 13, 76, and Cherry, M., Imwinkelried,
‘Misunderstanding IT: Hospital cybersecurity and IT E. J., Schenk, M., & Romano, A. (2011). Cell tower junk
problems reach the courts’, 15 Digital Evidence and science. Judicature, 95, 151.
Electronic Signature Law Review (2018) 11 – 32; for the 4
Christensen, A. M., Crowder, C. M., Ousley, S. D., & Houck,
Ruling by the trial judge, see R v Cahill; R v Pugh 14 October M. M. (2014). Error and its meaning in forensic science.
2014, Crown Court at Cardiff, T20141094 and T20141061 Journal of Forensic Sciences, 59(1), 123-126.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International Licence Digital Evidence and Electronic Signature Law Review, 18 (2021) | 1The use of historical call data records as evidence in the criminal justice system
the context of the telecom scandal, the first two are these. We then discuss the telecom scandal from a
relevant.5 socio-technical perspective, with particular focus on
the human factors that may have played a part. We
Practitioner error refers to a mistake or operator argue that such a scandal may repeat itself in this or
(human) error. It may be random or systematic, other domains if these factors are not taken into
intentional or unintended. The Scientific Working account.
Group on Digital Evidence (SWGDE) also refers to tool
usage and the interpretation of results as a human The Danish Telecom scandal
error.6 Every process that involves a human is prone
to human error, particularly when the process Legal framework on the use of HCDR in Danish
involves subjectivity, interpretation, judgements and criminal cases
decisions. Examples of human errors are false
negatives – they do not find what is actually there – or Since 2007, Danish telecom service providers have
false positives, where they find or see something that been obliged by law to retain data related to
is actually not present. A human may misinterpret the telecommunication as regards traffic data (who is
meaning of the evidence. When concluding or communicating with whom and when), the relevant
presenting the evidence, there is a risk of overstating location data, the means of communication used, etc.,
(or understating) the relevance or reliability of the including certain user information connected to
evidence. Internet sessions. The telecom service providers are
required to keep the data for a year.9 Although such a
Practitioner error can be mitigated by quality
retention regime was evaluated as contrary to EU law
assurance systems, training, proficiency testing, peer
by the EU Court of Justice in 2016, no changes have
review, and adhering to validated protocols and
been made to the Danish legislation.10
discipline best practices.
In addition to the retained data, the telecom service
Instrument (or technological) error can be defined as
providers might be in possession of other kinds of
the difference between an indicated instrument value
telecom data related to their network, for example
and the actual (true) value. These errors may be
“signalling data” from mobile units, meaning data
related to the tools or techniques themselves or to
generated from the cell towers related to a switched-
the implementation of the tools or techniques.7 An
on mobile telephone that has not actively been used
error rate may be calculated through testing of the
for communication.
instrument or technology, and error may be
minimized by proper maintenance and calibration.8 In the case of the police wishing to obtain HCDR from
the telecom service provider in a specific
In this article, we will first provide an overview of the investigation, this is regulated by the Danish
Danish telecom scandal. We will outline the measures Administration of Justice Act. Basically, a court order
that were introduced in the wake of the telecom is required when the police wish to obtain HCDR from
scandal and point out some limitations in relation to the service providers. However, the conditions and
5 9
Error and its meaning in forensic science, pp. 123-124. The Danish Judicial Procedure Act, § 786, and the Justice
6 Department’s order no. 988 on 28th September 2006 about
SWGDE, 2018. Establishing Confidence in Digital Forensic
Results by Error Mitigating Analysis. Version: 2.0 (20. Nov, data retention.
10
2018). SWGDE is the Scientific Working Group on Digital The Tele2 judgment on 21st December 2016, in the
Evidence, based in the USA, and was formed by Federal joined cases, Tele2 Sverige AB (C-203/15) and Watson (C-
Crime Laboratory Directors in 1998. 698/15). See also Digital Rights judgment on 8th April 2014
7 in the joined cases, Digital Rights Ireland Ltd (C-293/12) and
SWGDE, 2018. Establishing Confidence in Digital and
Multimedia Evidence Forensic Results by Error Mitigation Kärntner Landesregierung (C-594/12). See Anja Møller
Analysis. Version: 2.0 (20. Nov, 2018). Pedersen, Henrik Udsen and Søren Sandfeld Jakobsen:
8
Establishing Confidence in Digital and Multimedia “Data retention in Europe – the Tele 2 case and beyond”,
Evidence Forensic Results by Error Mitigation Analysis, and International Data Privacy Law, 2018, Vol. 8, No 2, pp. 160-
Christensen, A. M., Crowder, C. M., Ousley, S. D., & Houck, 174.
M. M. (2014). Error and its meaning in forensic science.
Journal of Forensic Sciences, 59(1), 123-126.
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 2The use of historical call data records as evidence in the criminal justice system
procedures for obtaining the permit vary. Lenient convictions, and the rest of the cases concern
conditions apply if the police only demand data unsolved, serious crime.12 To date, the Task Force has
concerning which cell tower was used by the mobile reviewed 213 convictions. In 38 of these cases, the
telephone at a given time (location data), whereas a initial opinion was that telecom data might have
more strict legal framework applies if the police influenced the outcome of the trial. However, the
demand data about which telephone communicated conclusion from the prosecution’s review was that
with which telephone at a given time (traffic data). A there were no grounds for reconsidering the
request for HCDR could relate to two different conviction in these cases, as no relevant errors had
perspectives: related either to specific known been detected in the telecom data.
telephones or to a certain place where a criminal
offence has taken place and where the police would The telecom scandal also led to consequences outside
like to know which telephones were communicating in Denmark. According to the Nordic Police Cooperation
the area. Treaty, the police in the Nordic countries may assist
each other in obtaining evidence in criminal
The Telecom scandal investigations. As far as the authors are aware, the
following description is limited to what occurred in
On 17th June 2019, the Danish newspapers disclosed Norway. The first media reports in Norway came in
the news that the Director of Public Prosecutions had June 2019. On 29th August, the Norwegian Director of
informed the Danish Bar and Law Society and the Public Prosecutions instructed the police districts,
Danish Court Administration about an error in the national police units and state attorneys to identify all
police IT system. The error was identified and the pending Norwegian criminal cases with HCDR
corrected on 8th March 2019, and the Director of obtained from within Denmark. In this letter, the
Public Prosecutions had decided that a number of recipients were informed that the system in which the
criminal cases from 2012-2019, where HCDR had been error occurred was not in used in Norway, and that
obtained, the Directorate of Public Prosecutions there was no reason to suspect the same errors in
ordered a review and the Danish National Police. Norwegian HCDR.13 On 15th January 2020, the
Subsequently, this news was followed by a number of Norwegian Director of Public Prosecutions sent an
critical articles from both technical and legal update to the same recipients, informing them that
perspectives. The criticism was particularly levelled at only a very limited number of ongoing cases involving
the delay and incomplete information provided to the Danish HCDR data had been identified, and only a few
criminal system and the public. As a result of the where further evaluations of possible consequences
increasing number of errors and uncertainties due to erroneous data were necessary. The recipients
discovered in the handling of HCDR and the were instructed to expand the scope of their
subsequent considerations, the Director of Public evaluations to include closed cases involving Danish
Prosecutions ordered a halt of two months in the HCDR from March 2010 to March 2019. The Director
prosecutors’ use of HCDR as evidence in criminal trials of Public Prosecutions also underlined that the police
and hearings about preliminary custody. Currently, districts had experienced significant challenges in
more than 10,000 criminal cases from the period identifying the cases, due to the lack of registries and
2010-2019 are being reviewed in order to establish limited search functionalities. How many hours this
the implications caused by errors and uncertainties in task has entailed is unknown, but, due to the reported
telecom data used as evidence.11 According to the challenges, there is reason to believe that it has
District Attorney in Copenhagen supervising the required a significant workload.
review, the status as at February 2020, is that, of the
approximately 10,000 cases, 7,576 cases relate to
11 location data obtained from Denmark. Identification and
The period in focus was extended, as 2010 was the
starting point for the initial use of the police converting review of relevant cases. Riksadvokaten (28 August 2019)
software; for which see below. Mulig feilinformasjon i trafikk- og lokasjonsdata innhentet
12
Mail communications to the authors on 17th and 18th fra Danmark. Identifisering og gjennomgang av aktuelle
February 2020 from the District Attorney in Copenhagen. saker. https://www.riksadvokaten.no/document/mulig-
13
The Norwegian Director of Public Prosecutions (28th feilinformasjon-i-teledata-brukt-i-straffesaker/.
August 2019. Possible misinformation in traffic- and
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 3The use of historical call data records as evidence in the criminal justice system
Conclusions on the technical error communication activity, such as telephone calls, SMS,
duration of the call, and cell tower position (first and
The Telecenter, a department under the Danish
last cell tower during the conversation), etc., is
National Police, acts as the single point of contact
registered as a row. When converting the rows from
between Danish police and the telecom service
the raw data, an error in the police software resulted
providers. The telecom service providers have
in the loss of rows and, hence, incomplete HCDR.
different systems for storing and retrieving
information, and information is therefore delivered in The reason for the loss of rows was found in a certain
several different formats to the police.14 The telecom “timer” function in the police IT system, used for
service providers are not obliged to use a uniform converting data into the uniform format. In order to
concept, nor are they paid for the data retention. The ensure efficient forwarding of the data to the
different formats result from different needs within requesting police unit, a timer function was set in the
each telecom company, related to operating the Telecenter’s IT system, e.g. one hour. However, the
system and billing the customers. Since 2010, the system was not programmed to check whether the
Telecenter has processed the files from the telecom processing was complete prior to sending the file, and
service providers prior to sending them to the the result was that the data were sometimes sent to
respective police districts. Several of the errors have the requesting police unit, even though the converting
been traced back to the processing of data at the process was not complete. Occasionally, this resulted
Telecenter. in the Telecenter sending incomplete sets of
converted data with “missing rows” to the
From the information given by the Danish Minister of
requester.17
Justice on 3rd October 2019, and on the basis of
conclusions from both the internal examinations The implications of such an error would depend on
carried out by the Director of Public Prosecutions and the specific criminal case. In the question of an alibi, it
the Danish National Police and an independent might be catastrophic for a defendant who claimed to
external review carried out by the consultancy agency, have been elsewhere than at the scene of the crime, if
Deloitte, the technical errors in the system relate to the data that could confirm his or her statement was
the entire chain from the cell tower registering the among the “missing rows” in the incomplete HCDRs.
data to the transmission of the data to the requesting Not only would the missing rows cause lack of support
police unit.15 The errors can be summarized into three for the alibi, but the missing information could also be
overall categories, set out below. held against the defendant’s trustworthiness, for not
being truthful about where he or she was at a certain
(1) Completeness: missing rows as a result of time.
processing by police software
The telecom service providers register the HCDR in (2) Errors in the converted data
databases. Following a request from the police, data is In addition to the missing rows, several other errors
retrieved from these databases and delivered in a resulting from the process of converting the data
format based on cells, rows and columns, such as were uncovered in the HCDRs. The conversion process
those you find in a spreadsheet.16 Each also led to alteration of the cell towers’ geographical
14
The external examination carried out by Deloitte, (2019) with minor statistical corrections on 13th of January 2020;
p. 15, in connection to the Danish Telecom scandal, for https://vidensbasen.anklagemyndigheden.dk/h/6dfa19d8-
which see below. Deloitte identified that the police 18cc-47d6-b4c4-3bd07bc15ec0/VB/82220c78-862d-4735-
received 100 different formats of raw data in the period 8bee-9cae5cddee6a?showExact=true#page=84.
from 2011-2019. 16
For a discussion about the highly significant errors in
15
The Minister’s information, including the internal and spreadsheets, see Electronic Evidence, xii-xiii ’Business
external examinations as Appendices, are available at URL: records’ and 7.144.
http://www.justitsministeriet.dk/nyt-og- 17
See the internal examination from the Director of Public
presse/pressemeddelelser/2019, see: “Justitsministerens Prosecutions and the Director of the Danish National Police,
reaktion på teledata-redegørelser” (”The Minister of 28th September 2019 (Appendix 2), p. 62, and the external
Justice’s reaction to the telecom examinations”, translation examination from Deloitte, 1st October 2019 (Appendix 3),
by the authors as information and examinations are only pp. 33 and 47.
available in Danish). The Deloitte examination was updated
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 4The use of historical call data records as evidence in the criminal justice system
coordinates. According to the external examination, not been paid the appropriate attention over the
the predominant error in the conversion caused a years. A few months after the outbreak of the telecom
difference in the cell tower position of approximately scandal, the Danish newspaper Politiken considered
220 metres; in a smaller number of requisitions, a the list of cell towers in detail, and compared their
deviation of approximately 100 metres was registered address and their geographical coordinates.
identified.18 Other errors resulting from this process They found significant differences between these two
were found in in- and outgoing conversations, the registrations for several cell towers. The biggest
duration of the calls, and types of service (telephone discrepancy uncovered was more than 100
call, SMS, Internet session). kilometres. When discrepancies occurred, they mostly
concerned the coordinates, which established the
When the telecom scandal emerged, this reccurring correct position, and, to a lesser extent, the address.22
error questions the trustworthiness of telecom data.
However, the conclusion must be that this error The effect of such a problem is difficult to establish, as
alone, meaning a displacement of a cell tower of this the procedures within the Telecenter in the Danish
rather small scale, would rarely have an effect on National Police have not clarified this point. It is
criminal cases. This should be seen in connection with unclear whether they based their assumptions about
the general uncertainties about using telecom data as the suspect’s geographical location on the address or
evidence, for which see discussion below. the coordinates, and whether they carried out a
control for discrepancies between the two types of
(3) Errors in raw data location registrations. In any case, the differences in
The third category of errors uncovered in the telecom such registrations in specific cases could possibly have
scandal involves errors in raw data from the telecom been discovered by the requesting police unit and
service providers. This category consists of several then resolved in cooperation with the Telecenter and
types of errors. Some are considered to pose a low the telecom service providers.
risk of problems in criminal investigations, since they
Besides the irregularities concerning the cell tower
could be detected fairly easily. An example of such an
locations, the internal and external examinations have
error is the switching of geographical coordinates,
also revealed other types of errors in raw data from
which would result in the cell tower appearing to be
the telecom service providers. Thus, calls and SMS are
situated far away from Danish territory.19 Others pose
also possible by application of new communication
a great risk of providing misleading information in services, VoLTE (Voice over Long-Term Evolution) and
criminal investigations. For example, the telecom VoWiFi (Voice over WiFi). In connection with the
service providers store information about the examinations, it was revealed that not all telecom
geographical position of their cell towers. However, service providers had delivered all communication
over the years, some cell towers have been moved to
data concerning these new data types.23 This means
different locations, without updating the information
that the raw data material provided by the telephone
about the new geographical position of the cell tower
companies without these data would be incomplete.
and the range of its cells.20 This had already been
acknowledged as a problem in 2015, by the Minister Apart from these identified errors, it has been pointed
of Justice giving a reply on the matter to the Danish out that the vast diversity in raw data is a possible
parliament.21 Nevertheless, this problem has probably source of error. As part of the external examination, a
18 of Public Prosecutions and the Director of the Danish
The external examination from Deloitte (Appendix 3), p.
55. National Police (Appendix 2), p. 22.
22
19
The external examination from Deloitte (Appendix 3), p. Jakob Sorgenfri Kjær: “Telefejl er endnu værre end
39. antaget”; https://politiken.dk/indland/art7389985/Telefejl-
20
The internal examination from the Director of Public er-endnu-v%C3%A6rre-end-antaget, and “Vagthund ser
med alvor på nye telefejl” ;
Prosecutions and the Director of the Danish National Police
https://politiken.dk/indland/art7406682/Vagthund-ser-
(Appendix 2), p. 22, and the external examination from
med-alvor-p%C3%A5-nye-telefejl, both in Politiken, 27th
Deloitte (Appendix 3), p. 39.
21 September 2019.
Reply from the Ministry of Justice on 20th October 2015 23
The internal examination (Appendix 2), p. 66.
to question no. 182 from the Parliament’s Legal Affairs
Committee, and the internal examination from the Director
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 5The use of historical call data records as evidence in the criminal justice system
statistical comparison was carried out on the raw data coverage of the cell, such as – but not limited to – the
formats provided by the different telephone height of the cell tower, the frequency, power and
companies. Conclusively, 100 different formats from configuration of the antenna, the vegetation, the
the period 2011-2019 were identified, with each of surrounding settlement and topography. The capacity
the 100 data formats varying in at least one of either: is also limited, and when it reaches its limits, the call
(1) the order of the columns, (2) the terminology in may be directed to the next cell tower within the
the columns, or (3) the number of columns.24 coverage area. These limitations mean that it is never
Illustratively, 30 different formats for dates were possible to state with 100 per cent certainty that a cell
identified.25 phone was at a certain place at a certain time, based
on the HCDR.
This diversity and the ever-changing raw data formats
represent a significant challenge to the Telecenter. Organizational and procedural aspects
Changes in the raw data format would require a
control of whether the interpretation is still valid. To On 3rd October 2019, on the basis of the internal
ensure a valid interpretation of the raw data at all examination, the Danish Minister of Justice concluded
times, the software would thus need to be frequently that, within the Danish National Police, there had not
controlled and updated.26 The external review been sufficient inspection of the quality of the data
revealed that only one person at the Telecenter was and there had not been sufficient documentation and
appointed to this task.27 The frequent changes to raw follow up of errors. Consequently, information about
data formats entail a risk of error, if the resources or known errors and risks related to HCDR had not been
manpower for controlling and updating the system systematically sent to the relevant parties dealing
are limited.28 with criminal cases. Furthermore, throughout the
years, the management’s focus on the Telecenter has
In addition to the errors mentioned above, the been insufficient.29
inherent limitations and uncertainties with HCDR
must be taken into account. The HCDR are first and Specifically, the internal examination mentions that,
foremost registered for the telecom service providers’ within the Telecenter, no written internal procedures
business purposes. The data are used for optimizing and guidelines in relation to handling HCDR have been
the telecom service, charging for the services and developed, nor, additionally, has the Danish National
billing the customers. HCDR are hence not stored for Police developed any national guidelines for the
law enforcement purposes and may have limitations Telecenter’s and the police units’ handling of HCDR
and uncertainties that should be taken into account and quality control of the data.30
when using these data as evidence about who did In relation to checking the quality of the data, an
what, at which time (and duration), and from which external examination concluded that, before 2018, no
position. HCDR are a product of the service offered by general checking of the quality of the telecom data
telecom companies, where a unit (e.g. a mobile received from the Telecenter was carried out by the
telephone) communicates with the telecom service requesting police unit, as there was the overall
provider’s network and infrastructure (cell towers, presumption that the HCDR received were correct and
antennas, and devices for collection and storing complete, and therefore it was not common practice
telecom data). The cell towers have antennas, which to check whether data in the converted file were
cover different areas, named cells. Each cell has a cell
complete.31
identification (cell id) and two traits – coverage and
capacity. There are several factors that affect the
24 28
The external examination from Deloitte (Appendix 3), p. The external examination from Deloitte (Appendix 3), p.
35. 38.
25 29
The external examination from Deloitte (Appendix 3), p. The information given by the Minister of Justice on 3rd
35. October 2019.
26 30
The external examination from Deloitte (Appendix 3), pp. The internal examination (Appendix 2), p. 90.
37-38. 31
The external examination from Deloitte (Appendix 3), p.
27
The external examination from Deloitte (Appendix 3), p. 67.
9.
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 6The use of historical call data records as evidence in the criminal justice system
Since November 2018, the Telecenter has enclosed a 8. Purchasing special equipment to be able to
guideline for quality control of the data when sending examine the coverage of cell towers in specific
HCDR to the requesting police units.32 The guideline places.
advises the receiver to compare the number of lines in 9. New guidelines for the deletion of telecom
the raw data with the converted data and to check data.
whether the numbers match.33
10. Modernization of existing IT systems.
Importantly, however, the telecom scandal is also
11. Systematic scrutiny of more than 400 IT
related to outdated and insufficient IT systems and
systems within the police and the prosecution
software within the Danish police in general, and
service.
within the Telecenter in particular. The external
examination quite disturbingly states that the 12. Review of IT systems, where technical
outdated technical infrastructure poses a significant evidence is stored and processed, e.g. DNA
risk to the continuing operational stability, meaning to samples and fingerprints.
securing the continuing delivery of converted telecom
13. Evaluation and learning from the telecom data
data.34 Even immediate remedies to the existing
incident throughout the Justice Department.
infrastructure are considered insufficient; hence,
there is a need to implement a new infrastructure, In the following, we limit our discussion to initiatives 1
adequate for modern standards.35 and 2. The understanding of “an independent unit”
(initiative 1), and the handling of inherent
Actions to be taken according to the Minister of uncertainties in telecom data (initiative 2) is discussed
Justice below.
In his conclusion on the telecom scandal and the way The understanding of “an independent unit”
forward, the Minister of Justice presented a list of 13
initiatives: Concerning the establishment of a new independent
unit (initiative 1), on 3rd October 2019, the Danish
1. Establishment of a new independent unit, Minister of Justice indicated a need for “a new,
monitoring technical investigative means and independent unit to supervise the process from the
evidence. time when an investigation goes through a technical
2. The problems inherent in telecom data must process until the time when the results of the
be declared in any court proceedings. investigation are presented as evidence for guilt in a
criminal case.”36
3. Establishment of certification of quality
control within the Telecenter. Accordingly, the competence for the independent unit
should be to supervise “investigative means” in a
4. Strengthening the Telecenter with resources
broad sense, not only as regards telecom data.
and more specialized competencies.
However, the focus on an investigation “going
5. Establishment of a new cooperation forum through a technical processing” suggests quite a
between the police and the telecom industry. narrow scope, when considering the telecom data
6. Relevant education and improvement of case, where, clearly, raw data in itself also present
competencies for the users of telecom data. serious errors and uncertainties, even if the police
have not exposed the data to any processing or
7. Requesting police units must improve control conversion of raw data that the police might perform.
of the telecom data they receive.
In a draft proposal for new regulation, published on
21st February 2020, the Ministry of Justice suggests
32 34
The external examination from Deloitte (Appendix 3), pp. The external examination from Deloitte (Appendix 3), p.
17 and 78. 7.
33 35
The external examination from Deloitte (Appendix 3), p. The external examination from Deloitte (Appendix 3), p.
78. 7.
36
Translation by the authors.
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 7The use of historical call data records as evidence in the criminal justice system
the establishment of a new independent unit for the for the unit: not only overlooking procedures of
supervision of technical evidence, connected to the conversion, but also the requiring of data in general,
Independent Police Complaints Authority. The taking samples and perhaps even seeking to verify
proposal implies a broad scope for the new conclusions in specific cases, mapping uncertainties
independent unit, as the term “technical evidence” is and securing a dialogue and cooperation with the
understood as all information, tracks and material provider of the data, whether private companies or
gathered to be subjected to a technical examination public institutions. We do not know what we might
or process, leading to the presentation of the data as not know in the future, and a constant critical focus
evidence in a criminal trial.37 on new sorts of data and evidence must be secured.
The purpose of the independent unit would be to The conclusion from the statements from the Danish
supervise the development of adequate and relevant Ministry of Justice must be that the 13 initiatives and
procedures and guidelines – and their use by the focus by all parties involved within the police,
practitioners within the police and the prosecution prosecution service and courts are seen as sufficient
service – as regards the handling and processing of to “repair” the errors and uncertainties connected
specific kinds of technical evidence.38 Furthermore, with the procedures of acquiring and processing
the supervision would also be carried out in relation telecom data and thus “repair” the general confidence
to standard declarations, police reports, etc., in order in the reliability of such technical evidence used in
to confirm that reservations and uncertainties related criminal cases.
to specific kinds of evidence are appropriately Understanding telecom data
described. In addition, the supervision would concern
whether the prosecution in general presents these Recently, new and detailed instructions, from both
reservations and uncertainties in connection with the the Directorate of Public Prosecutions and the Danish
evidence used in criminal trials. National Police, have been produced on the use of
telecom data in criminal cases.40 The overall aim is to
Specifically, the draft proposal emphasizes that the secure quality procedures – and the documentation
supervision would not aim to verify conclusions from thereof – in both the requiring police units and the
the examination or processing of technical
prosecution service, when presenting the case and the
information in specific cases (e.g. whether a DNA evidence in court.
match can be verified or whether a person’s cell
phone has been registered in connection with specific As stated in the new Instruction from the Director of
towers, according to the service provider’s Public Prosecutions: In criminal cases, where telecom
information) or how these conclusions specifically data is presented as evidence, the prosecutor must
have been used during the police investigation. verify that all relevant documents are presented. This
means that documents must include raw data and, if
Based on the telecom scandal, the responsibilities processing had been carried out, also converted data,
given to this independent unit should be carefully besides a report describing the police check of the
considered. Given the importance of digital evidence data quality. Furthermore, a general note developed
and our general trust and naivety regarding such by Deloitte on general aspects related to the use of
evidence,39 arguments support a quite broad scope telecom data must always be included in criminal
37 Littlewood, Harold Thimbleby and Martyn Thomas CBE,
Draft proposal for new regulation, published by the
Ministry of Justice, 21st February 2020, p. 33, available at ‘The Law Commission presumption concerning the
https://hoeringsportalen.dk/Hearing/Details/63761%20. dependability of computer evidence’, 17 Digital Evidence
The completion of the regulation concerning the and Electronic Signature Law Review (2020) 1 – 14.
independent unit is now scheduled to be part of the 40 “Anvendelse af teledata i straffesager” (“The use of
government’s program for the parliamentary year telecom data in criminal cases”, translation by the authors),
2020/2021. issued by the Directorate of Public Prosecutions on 29th
38
Draft proposal for new regulation, published by the October 2019 (latest update on 3rd of April 2020), at
Ministry of Justice, 21st February 2020, p. 9. https://vidensbasen.anklagemyndigheden.dk/h/6dfa19d8-
39
This is comprehensively dispelled in Chapter 6 of 18cc-47d6-b4c4-3bd07bc15ec0/VB/dfa9e79e-2c97-4013-
81c9-5699a5ffb3ef?showExact=true (only available in
Electronic Evidence and in Peter Bernard Ladkin, Bev
Danish).
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 8The use of historical call data records as evidence in the criminal justice system
cases where telecom data are presented as evidence, accuracy of location data can, on one hand, be as
“with the purpose of securing relevant knowledge close as a few hundred m2 in closer urban areas and,
with the defence and the court about the potential on the other hand, be extended to several km2 in rural
sources of errors and uncertainties connected to the areas. The applied technologies can also play a role in
use of telecom data.”41 the range of the cell tower signal. Besides, specific
operating conditions can result in errors in the
The “Note about the use of historic telecom data in network, with the consequence that a mobile unit at a
criminal cases”, dated 1st October 2019, is developed given time connects to other cell towers than if the
by Deloitte in connection with the external network were functioning normally.46
examination.42 The note contains a list of the inherent
uncertainties related to cell tower data and thus Keeping these reservations in mind, the note
attention points and reservations regarding the use of mentions that telecom data can be used to indicate
such data as evidence. the location and movements of a specific mobile unit
over time. The more connections between a certain
Data can be missing in the data rows presented, for a mobile unit with a certain cell tower, the more
number of different reasons, e.g. new kinds of data- significant the data could be interpreted to be.47
and communication services, where data are not
registered by the telecom service providers in the Besides telecom data, which telecom service
same way as traditional tele-communications. Also, providers are obliged by law to register and keep for a
the selection of which cell towers are relevant can year, the note from Deloitte also elaborates on other
mean that not all data will be put forward, if a mobile sorts of telecom data that the telecom service
unit has used another cell tower for communication.43 providers might have and that could be required for
specific criminal cases. This concerns “signalling data”
In this regard, the note emphasizes that HCDR do not from mobile units, meaning data generated from the
show the same accuracy as a GPS system in relation to cell towers related to a switched-on mobile telephone
locating a specific mobile telephone.44 This highlights that has not actively been used (called “idle mode” in
the uncertainties surrounding location data for mobile contrast to “connected mode”, where a telephone is
units.45 First and foremost, it is noted that such data communicating either by calls, SMS or Internet
can only be indicative. This is due to a number of connection).48 There are reservations regarding
different aspects: the landscape, network signalling data, as they are less precise and thus less
malfunctions and changes in weather and season, and reliable.49
to which cell tower a specific mobile unit connects
(“cell tower jumps”.) More specifically, it mentions Relating to raw data, the note draws attention to the
that fewer obstacles in the terrain lead to a stronger risk of errors in the registration of cell towers, namely,
mobile signal; hence, a mobile unit would be able to the insecurity related to the specification of the
connect to a cell tower over longer distances across address of a cell tower, where the coordinates are
water than over land. In rural areas, there would be considered more reliable.50 In addition, according to
fewer cell towers, meaning the telephone (telephone recent guidelines from the Danish National Police,
is used for short-hand, but we mean SIM card, or a establishing the location of the cell tower must not be
combination of telephone and SIM card) could “jump” based on information about the address provided by
and connect to a cell tower further away. The
41
Points 1 and 2.4.2 in the Instruction “Anvendelse af title translated by the authors), available at
teledata i straffesager”, (“The use of telecom data in https://www.justitsministeriet.dk/sites/default/files/media
criminal cases”, translation by the authors) issued by the /Pressemeddelelser/pdf/2019/bilag_4.pdf.
43
Directorate of Public Prosecutions on 29th October 2019 Deloitte Note, point 3.1.2.
44
(latest update on 3rd of April 2020), available at Deloitte Note, point 3.1.1.
45
https://vidensbasen.anklagemyndigheden.dk/h/6dfa19d8- Deloitte Note, point 3.2.2.
46
18cc-47d6-b4c4-3bd07bc15ec0/VB/dfa9e79e-2c97-4013- Deloitte Note, point 3.3.
47
81c9-5699a5ffb3ef?showExact=true (only available in Deloitte Note, point 3.2.2.
48
Danish). Deloitte Note, points 3.1.4. and 4.4.
42 49
Deloitte Note: ”Notat vedrørende anvendelse af Deloitte Note, points 3.1.4. and 4.4.
50
historiske teledata i straffesager”, (available only in Danish, Deloitte Note, points 3.3.
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 9The use of historical call data records as evidence in the criminal justice system
the telephone companies.51 Instead, the location of contexts has been a focus on the introduction of new
cell towers must be based on geographical technologies.
coordinates of the cell towers, provided appropriate
Socio-technical systems theory advocates the
checks have been made, meaning a documentation of
consideration of both technical and social factors
the physical location of cell towers, based on
when seeking to promote change within an
observation of the cell tower or material from
organization, whether it concerns the introduction of
surveillance.52
new technology or when there is a change in the
The Danish National Police emphasize that, despite business.56 Leavitt visualized these as four
these new actions to be taken, it will always rely on components (structure, technology, people, task) that
the participants involved in specific cases – not least should be in harmony.57 This has been further
the courts – to evaluate how telecom data most developed into a hexagon of six interrelated elements
appropriately can be presented as evidence, and to (see figure below).
what extent further evidence is necessary, in order to
verify the specific telecom data.53
Socio technical aspects of the telecom
scandal
No process involving technology operates in a
vacuum. Socio-technical systems thinking is therefore
an adequate theoretical perspective to apply in order
to understand how the telecom scandal emerged, and
how new similar scandals may be prevented. The
underlying philosophy of socio-technical systems
thinking has remained largely unchanged, but the
specific principles and applications have evolved to
reflect the changing nature of work, technology and
design practices.54 The emphasis has shifted from an
early focus on heavy industry and advanced
manufacturing technologies, through to office-based Figure 1: Hexagonal socio-technical systems
work and services.55 The common theme across these
framework, as described by Clegg and others.58
51
The Instruction “Anvendelse af teledata i straffesager” 54
Davis, M. C., Challenger, R., Jayewardene, D. N. W., &
(“Use of telecom data in criminal cases”, translation by the Clegg, C.W. (2014). Advancing socio-technical systems
authors), issued by the Directorate of Public Prosecutions thinking: A call for bravery. Applied Ergonomics, 45(2A),
on 29th October 2019, with the Appendix 7b: “Rigspolitiets 171-180. doi: 10.1016/j.apergo.2013.02.009.
Instruks for politiets anvendelse af teledata til brug for 55
Advancing socio-technical systems thinking: A call for
retsmøder under efterforskningen” (“Guidelines from the bravery.
Danish National Police on the use of telecom data in 56
Cherns, A. (1976). The principles of sociotechnical design.
hearings related to criminal investigations”, translation by
Human Relations, 29(8), 783-792. doi:
the authors) on 18th September 2019.
52
10.1177/001872677602900806
Instruction on the use of telecom data in criminal cases, 57
Leavitt, H. J. (1965). Applying organizational change in
issued by the Directorate of Public Prosecutions on 29th
industry: Structural, technological and humanistic
October 2019, with the Appendix 7b: Guidelines from the
approaches. In J. G. March (Ed.), Handbook of
Danish National Police on the use of telecom data in
Organizations (pp. 1144-1170). Chicago, IL, USA: Rand
criminal investigations, on 18th September 2019.
53 McNally.
Considerations from the Director of Public Prosecutions 58
and the Director of Danish National Police, p. 6 in Appendix Clegg, C., Robinson, M., Davis, M., Bolton, L., Pieniazek,
1 to the Information given by the Minister of Justice on 3rd R., & McKay, A. (2017). Applying organizational psychology
October 2019. as a design science: A method for predicting malfunctions
in socio-technical systems (PreMiSTS). Design Science, 3, E6.
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 10The use of historical call data records as evidence in the criminal justice system
To work optimally, these interrelated elements must that changes its meaning. Maintaining the evidence
function in harmony. When exploring the factors that integrity of telecom data requires competence in
may have caused or contributed to error in the processing the data, assessing the quality, as well as
telecom scandal, it is necessary to consider all the documenting the result.
interconnected elements in a socio-technical system.
Covering all will be outside the scope of this article, In relation to the telecom scandal, the Telecenter
and we will limit our discussion here to cover people, carried out the process of converting the data into
one format. Hence, the Telecenter had the main
technology and processes. .
responsibility for the quality of the product they
Human error as a cause or contributing factor in delivered. As mentioned above, in December 2018,
the telecom scandal the Telecenter started including guidelines for quality
control of the data, together with the raw data and
People play an important role in a socio-technical converted data files. Up until this point in time, the
system, and, when exploring the factors that may police districts had not been instructed or encouraged
have caused or contributed to error in the telecom by the Telecenter to perform any quality control of
scandal, we should consider human factors. Here, we the data. The new guidelines encouraged the recipient
will discuss the following aspects as possible sources of the HCDR to compare the number of rows in the
of error: competence and cognitive factors. raw data against the converted data, to assess
whether they matched.64 If performed, this procedure
Competence would be an inadequate quality measure, since it
Identifying, collecting, examining, analysing and would only validate that the files were of a similar size
presenting digital evidence in a forensically sound but would reveal nothing about the integrity of the
manner requires competence.59 Forensically sound is data. Despite the guidelines, the control of
“The application of a transparent digital forensic completeness was not performed by the police
process that preserves the original meaning of the districts. The lack of quality control from the
Telecenter and the insufficient guidelines for quality
data for production in a court of law.” 60 There should
control directed to the police districts demonstrated
be documentation of the continuity of evidence (also
the inadequate level of competency in handling data
called chain of custody) for the evidence, which means
at the Telecenter, as well as in the police districts.
documentation regarding where the evidence has
been kept at all times and who has handled it.61 The Competence is also necessary to derive meaning from
principle of evidence integrity should be considered telecom data, while taking the inherent limitations
paramount, which means that the data should be into account. Telecom data may appear to be reliable
preserved in its original form.62 HCDR often require information, since they are accurate and expressed in
processing in order to derive meaningful information numeric values. The HCDR data are accurate down to
from them in the context of a criminal investigation. the second; the cell towers are in numeric GPS
This involves splitting up and assembling information coordinates. The precise representation of time or
pieces,63 for instance identifying all incoming and place may give the impression that the data is valid,
outgoing calls from a certain time period from several and diminish the attention about limitations and
HCDRs. Any restructuring of data should not result in errors. Making valid inferences based on telecom data
data being deleted or alter the original data in a way requires competence regarding why and how the data
doi:10.1017/dsj.2017.4. Image published under a creative 61 Casey, E. (2011). Digital Evidence and Computer Crime:
commons licence (CC-BY 4.0). Forensic Science, Computers, and the Internet. Academic
59 Sunde, N. (2017). Non-technical sources of errors when
Press, p. 21; for a discussion in the legal context, see
handling digital evidence within a criminal investigation Electronic Evidence, Chapter 9.
(Master's thesis, Norwegian University of Science and 62 Årnes, A. (2017). Introduction. In A. Årnes (Ed.) Digital
Technology). Forensics (pp. 1-11). Hoboken: Wiley, p. 6.
60 McKemmish, R. (2009). When is digital evidence 63 Bjerknes, O. T., & Fahsing, I. A. (2018). Etterforskning:
forensically sound? In IFIP international conference on prinsipper, metoder og praksis. Fagbokforlaget, p. 125.
digital forensics (pp. 3-15). Springer, Boston, MA. p. 10. 64 The external examination from Deloitte (Appendix 3), p.
17.
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 11The use of historical call data records as evidence in the criminal justice system
are collected and stored by the telecom service Danish HCDRs were not uncovered earlier or why the
provider and the inherent limitations of the data. warnings about error were ignored for such a long
What may be accurate and sufficiently reliable for the time may be found within the levels of this taxonomy,
purpose of the telecom service provider may deviate none of which seem to be irrelevant in this respect.
from the required quality to serve as reliable evidence
in legal proceedings. Pohl explains cognitive bias as a cognitive
phenomenon, which reliably deviates from reality,
Cognitive factors, influences and bias occurs systematically and involuntarily, and is difficult
or impossible to avoid by mere willpower.69 One fact
Regardless of the competence level of the people
involved in handling the telecom data, there are other that may have played a role in the telecom scandal is
human limitations that may cause error. Cognitive confirmation bias, which can be described as a
factors and bias affect all processes that involve tendency to seek information that confirms one’s
belief, and to overlook or explain away information
interpretation, subjectivity, judgements and
decisions.65 Awareness of and understanding about that contradicts it.70 The receivers of HCDRs believed
that the product they received from the Telecenter
our inherent cognitive limitations and influences that
increase the risk of error are essential components for was of good quality.71 When the Telecenter (from
minimizing error. However, awareness is not enough. December 2018) asked the receivers of the HCDRs to
A necessary step is to identify the particular risk control the completeness of the converted data by
factors for the discipline and implement measures to comparing the number of rows, the receivers (who
prevent or uncover any errors.66 Unfortunately, also believed that the Telecenter provided good
measures to address cognitive sources of error and quality) would get a confirmation of this notion of
quality by comparing the lines in the two
bias are often only addressed when scandals
spreadsheets, although this would not reveal the true
appear.67
quality of the processed record. It should be noted
Dr Itiel Dror has focused on cognitive and human error that the police districts reported that they did not
in decision-making within several areas, including perform this control, since they trusted the Telecenter
forensic science, and has developed a taxonomy of to deliver data that were accurate and complete.72
sources that affect the decision-making of forensic
experts. These are relevant to handling digital The same bias may have affected the prosecution
authorities. They received a report about the HCDR,
evidence in the context of a criminal investigation68
often with extracts of the data included. Together
and, hence, relevant for handling telecom data. These
with the report, they would also receive the
factors range from the inherent cognitive factors –
converted HCDR. The prosecution authority checked
which relate to how the brain processes information –
whether the data included or referred to in the report
to external contextual factors that influence the
were consistent with the data from the converted
decision-making. Contextual factors may bias
HCDR file.73 The prosecution authority did not have
decisions, and they are found in the organizational
culture and environment, as well as in the particular any knowledge of the insufficient quality control of
case. The explanations for why the errors in the the converted data file and would probably believe
that the data were accurate and complete. If
65 69
Dror, I. E. (2017). Human expert performance in forensic Pohl, R.F., 2016. Cognitive Illusions: Intriguing
decision making: seven different sources of bias. Australian Phenomena in Judgement, Thinking and Memory.
Journal of Forensic Sciences, 49(5), 541-547. Psychology Press.
66 70
Dror, I. E., & Pierce, M. L. (2019). ISO standards Nickerson, R. S., 1998. Confirmation bias: A ubiquitous
addressing issues of bias and impartiality in forensic work. phenomenon in many guises. Review of general
Journal of Forensic Sciences. psychology, 2(2), 175-220.
67 71
ISO standards addressing issues of bias and impartiality in The external examination from Deloitte (Appendix 3), p.
forensic work , and Cole, S. A. (2016). Scandal, fraud, and 67.
72
the reform of forensic science: the case of fingerprint The external examination from Deloitte (Appendix 3), p.
analysis. W. Va. L. Rev., 119, 523. 67.
68 73
Sunde, N., & Dror, I. E. (2019). Cognitive and human The external examination from Deloitte (Appendix 3), p.
factors in digital forensics: Problems, challenges, and the 78.
way forward. Digital Investigation, 29, 101-108.
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 12The use of historical call data records as evidence in the criminal justice system
consistency between the report and the converted The cumulative effect of bias may affect the decisions
data file were established, the prosecution authority made.77 For example, when the missing lines in the
would have this initial perception of high quality HCDR do not provide the suspect with an alibi (which
confirmed – even though this measure would not be he actually would have if the raw data were checked),
sufficient to determine the true quality of the data. this would lead to a strong belief in the suspect’s guilt.
This could in turn lead to a more offensive suspect
The accumulation of bias
interview, confronting him with the missing alibi. The
Earwaker and colleagues highlight that the failure to suspect’s behaviour may be due to the strong belief of
acknowledge and to respond to the interlinking guilt, underpinned by the HCDR, leading to tunnel
nature of participants in criminal justice systems may vision, where the suspect interview, as well as other
lead to inappropriate use of evidence in intelligence ambiguous evidence, would be interpreted to the
(or investigative) settings or in court.74 When a piece detriment of the suspect.
of evidence passes through several participants, there
Implicit associations about technology and bias
is a risk of the accumulation of bias (called in the
literature ‘bias snowball’ and ‘bias cascade’).75 The It is relevant to consider how technology affects
build-up of bias occurs when the effect of contextual human decisions. Elsbach and Stigliani suggest three
information at one stage affects the decision at a later general beliefs about new information technology: It
stage.76 For example, in the telecom scandal, the is mysterious or unknown; it is non-human or alien,
personnel at the Telecenter believed that the system and it is complex or difficult to understand.78 Based
performed well when processing the raw data. This on these general beliefs, they suggest that we make
overconfidence prevented quality control of the implicit associations, which are attitudes about
performance. When the data were received by the objects “that are automatically activated by the mere
investigator, the investigator received them from presence of the object”.79 From their analysis of
someone they believed had specialist competence in empirical findings, they suggest that people associate
assessing the data and trusted that the data were new technology with success and with superiority
accurate and complete. When the prosecution over older technology, and they relate this to the
received the data, they knew from the documentation general belief in new information as mysterious or
that the data had been handled in several stages by unknown. This may lead to the favouring of newer
people with a higher level of competence in telecom over older technology.80
data than themselves. They would therefore also trust
the data and, through the assessment of the Elsbach and Stigliani also find empirical support for
consistency between data in the report and the the assumption that technology endorsed by
converted data, this impression would intensify at legitimate others may lead to a perception of the
each stage. The notion of quality could contribute to technology as trustworthy and valuable.81 They
the decision about charging the suspect, and hence suggest that this is to do with the general belief in
the bias would also pass into the court. technology as complex and difficult to understand.
In relation to the telecom scandal, the implicit bias
may have played an important role: first, regarding
74
Earwaker, H., Nakhaeizadeh, S., Smit, N. M., & Morgan, R. making in forensic science: A six phased approach. Science
M. (2019). A cultural change to enable improved decision- & Justice, 60(1), 9-19.
77
making in forensic science: A six phased approach. Science A cultural change to enable improved decision-making in
& Justice, 12. forensic science: A six phased approach.
75 78
Dror, I. E., 2018. Biases in forensic experts. Science, 360 Elsbach, K. D., & Stigliani, I. (2019). New information
(6386), 243. https://doi.org/10.1126/science.aat8443 and technology and implicit bias. Academy of Management
Dror, I. E., Morgan, R. M., Rando, C., & Nakhaeizadeh, S. Perspectives, 33(2), 185-206.
79
(2017). Letter to the editor—The bias snowball and the bias Hewstone, M., Rubin, M., & Willis, H. (2002). Intergroup
cascade effects: Two distinct biases that may impact bias. Annual Review of Psychology, 53(1), 575-604.
80
forensic decision making. Journal of Forensic Sciences, Elsbach, K. D., & Stigliani, I. (2019). New information
62(3), 832-833. technology and implicit bias. Academy of Management
76
Earwaker, H., Nakhaeizadeh, S., Smit, N. M., & Morgan, R. Perspectives, 33(2), 185-206.
81
M. (2019). A cultural change to enable improved decision- New information technology and implicit bias, 185-206.
Digital Evidence and Electronic Signature Law Review, 18 (2021) | 13You can also read
