Mobile Phone is not a 'Closed Container' Part 2

Mobile Phone is not a 'Closed Container' Part 2

I mentioned in the thread " Mobile Phone is not a 'Closed Container' " that there was more to this disucssion:

http://trewmte.blogspot.com/2010/02/mobile-phone-is-not-closed-container.html

When any digital exhibit produces evidence it is normally presented in a computer document format. The Courts looks at the defendant's behaviour in relation to the data shown in the record.

The categories said to underpin S129 Criminal Justuce Act 2003 are set out in Archibold 2010:

Computers

i) The first is where the computer has been used simply as a calculator to process information.

ii) The second category is information which the computer has been programmed to record.

iii) The third category is information recorded and processed by the computer which has been entered by a person, whether directly or indirectly. It is only information from a computer in this third category which is hearsay.

It is Category II (Cat 2) which it is being said that a mobile phone is a dumb terminal which when plugged in is instructed simply to print out, yet examination of the case law used to reference Cat2 does not support the actions of what happens when examinations are conducted on mobile phones.

Category III (Cat 3) is relevant as it covers the multitude of actions that occur from the time the mobile phone is first seized to the time, in the chain of custody, the mobile phone examiner completes his/her examination. Funnily enough it is the mobile phone examiner who is unfairly prejudiced here because it most cases any actions conducted on the mobile phone prior to reaching the moible phone examiner sets him/her up for a dished up fait accompli. That is because phones do not have a specific application creates an audit trail to record all activity of when, for instance, deletion takes place or the person causing that to happen.

Other instances:

- At the point of seizure - entering *#06# (technically that is asterisk* octothorp# 0 6 octothorp#). Then mistakenly pressing the go key with added or deleted entries to the phone memory call history.

- Using faraday bags for sitched on at seizure where the world and his wife can punch away on the keypad of the handset with no traceability and auditability of what has gone on. The exmainer simply cannot be sure where the data comes from.

- the pressing of speed dial keys the place entries in call history.

- opening unread text messages.

With the above examples in mind, what does the Statute set out:

129. Representations other than by a person

(1) Where a representation of any fact -

(a) is made otherwise than by a person, but

(b) depends for its accuracy on information supplied (directly or indirectly) by a person,

the representation is not admissible in criminal proceedings as evidence of the fact unless it is proved that the information was accurate.

(2) Subsection (1) does not affect the operation of the presumption that a mechanical device has been properly set or calibrated.

Mobile telephones are not simple mechnical devices and are not calibrated, after leaving the factory originating their maunfacture, and are not calibrated prior to securing data from them for evidence. When some much goes unchecked with the evidence and the chain of custody can prove quite difficult to establish, how can behaviour in relation to the data be established with proper and appropriate procedual paths in place? The current system is unnecessarily and unwarrantedly crude in its operation demonstrates the lack of necessary skillsets.

I should imagine those in quality assurance (QA) promoting the merits of ISO9000, ISO17020 and ISO17020 are hampered to a greater degree (and most likely apoplectic at this stage) finding out where the difficulties exist. Whilst these standards are excellent (and I do have respect for them) for identifying each stage-point that needs to be reached so that assessment can be conducted to confirm conformity, they have no application to generating the criteria to build each stage-point given the issues associated with Cat 3 S129 CJA2003, above.

There is a way forward though.

Mobile Phone is not a 'Closed Container'

Mobile Phone is not a 'Closed Container'

.

There has recently been an important judgment in an Ohio Supreme Court that ruled a mobile phone is not covered by the status that a mobile phone is a "closed container" for the purposes of searches; thus mobile phones require a "warrant" prior to searching their (mobile phones') contents. The ruling also refers to the "unique nature of cell phones".
.
.

A commentary discussing part of the Ohio Supreme Court finding
.
In the present case, Justice Lanzinger wrote, "The state argues that we should follow Finley and affirm the court of appeals because the trial court was correct in its conclusion that a cell phone is akin to a closed container and is thus subject to search upon a lawful arrest. We do not agree with this comparison, which ignores the unique nature of cell phones. Objects falling under the banner of 'closed container' have traditionally been physical objects capable of holding other physical objects. Indeed, the United States Supreme Court has stated that in this situation, 'container' means 'any object capable of holding another object.' New York v. Belton,/em> (1981)."
.
.

Further more indepth information:
.

http://www.supremecourt.ohio.gov/rod/docs/pdf/0/2009/2009-Ohio-6426.pdf
http://www.supremecourt.ohio.gov/PIO/summaries/2009/1215/081781.asp
.
.

This is not the first time the treatment towards mobile telephones has come under scrutiny in the US:
http://trewmte.blogspot.com/2009/02/cellular-phones-warrantless-searches.html
.
.

Looking Forward
It is going to be interesting to see how the US Supreme Courts will interpret how mobile phones have been examined and the programming that is imposed on them before the evidence was gathered?
.
.

In the UK, mobile phones have, for some unearthly reason, been attributed a Catagory 2 status under S129 Criminal Justice Act 2003. This allows the Prosecution to stand before the Court and say there is no justifiable reason to have this (mobile telephone) evidence excluded or make it the subject of a voire dire. Apparently, the Prosecution having been mistakenly led to suggest to the public Courts of Law that a mobile phone is almost a dumb terminal to which one simply plugs it in and simply print-off the evidence.
.
.

Having spoken to as many examiners, in the independent marketplace and in the Police as I can and running discussions at Forums (frequented by examiners), I cannot find one examiner who admits to ever informing (or who would have informed) the Prosecution of the explanation given above that would put mobile phones under Cat 2 S129 CJA2003.
.
.

I have not found one examiner who doesn't admit that for the majority of mobile phones it is inescapable thus unavoidable but to programme the mobile phone to get the evidence. Moreover, it has not been possible as yet to find out where the advice came from that informed the Prosecution to make the Cat 2 S129 CJA2003 attribution, when clearly Cat 3 for S129 CJA2003 is the appropriate.
.
.

What examiners are saying is that they do record 'contemporaneous notes' and honestly record what is done when examining phones under public sector contracts for the Police. What they are equally saying is that they are never asked for those notes and the Police do not require them to provide those notes upfront with their evidence. It is acknowledged that much of the programming that goes on with mobile phone examination perhaps does not get recorded in the Reports that actually get presented to the Judge, Juries and to the Defence.
.
.

So what might be the way forward. Well clearly it would be very difficult to carry on the way that it has been going. Observations about what was and is also needs to be viewed. Section 69 of the Police and Criminal Evidence Act 1984 was repealed to make it easier for the Prosecution to present its evidence. Under S69 PACE 1984 the Prosecution had to provide a Certificate and demonstrate the data had not change in the operation of the computer and in the obtaining of the evidence. Presumably the Catagories assigned to S129 CJA2003 are meant to provide some form of appropriate test?
.
.

I recently raised the idea that all mobile phone forensics tools used to acquire evidence should be Certified/Validated:
.
.

http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=5346
.
.

Over 1800 have viewed this important discussion; 36 have voted thus far. It is not actually that difficult to create Certified/Validated tools scheme but it is largely people having expectation that costs will soar or prevent free/low cost tools being brought to the marketplace, when dealing with the way mobile phones operate and the way people and the tools conduct examination in our 'field of distinction'.
.
.

But whatever peoples' feelings about this subject, importantly Certification/Validation would provide for the Courts an open-handed description of what the tools actually do and what actually has been done to get the evidence at first instance. Moreover, it doesn't remove the requirement for user training and having technical knowledge of the science/technology from which evidence is generated, nor reduced skillset and experience. Currently if someone goes on a handset reader training course they are told they are validated as a mobile phone examiner. That simply isn't correct. The person is approved merely because they are said to have understood they from the training, push the buttons on and connect phones to the handset reading software/hardware and the output material as to where to find data. In this regard the over-marketing, perhaps unwittingly so, has created false expectation in those users who have received the tool training and leaves them noticeably vulnerable when challenged by their peers.
.
.

There is more to come on this subject, it is just that there is not sufficient time at the present moment.