Denmark has found multiple glitches in cellphone tracking data that’s thrown some 10,700 verdicts into question and led to the release of 32 detainees.
On Monday, Justice Minister Nick Haekkerup ordered a two-month halt to prosecutors’ use of cellphone location data in criminal cases, during which a steering group will investigate the extent of the legal problems the errors may have caused and will monitor the reviews of cases that may have been affected.
Better safe than sorry, he reportedly told local news agency Ritzau:
We shouldn’t take the risk that innocent people could be convicted.
Haekkerup said in a statement that the discoveries have shaken trust in the justice system. Hence, the Attorney General has “now decided to apply the handbrake.”
The errors have been surfacing over the course of months. AFP reports that the first bug cropped up in software that converts raw data from mobile towers to make it usable for police.
During that conversion, important data was being dropped. For example, if a phone made five calls within an hour, the software would sometimes register only the first four. That led to the creation of a less detailed image of a phone’s whereabouts. According to the New York Times, Danish national police, who had discovered the bug, fixed it in March 2019.
Jan Reckendorff, the director of public prosecutions, told Denmark’s state broadcaster that a separate error was found in how some cellphone tracking data associated phones with the wrong towers, potentially linking innocent people to crime scenes.
It’s a very, very serious case. We cannot live with incorrect information sending people to prison.
Other glitches that have surfaced include how phones can be connected to several mobile phone towers at once, incorrect registering of the origin of text messages, and incorrect information on the location of specific towers.
Besides errors in police software, Danish national police went on to find what they said are several errors in the raw data that police are getting from the telecommunications companies. The scope and significance of those errors weren’t clear as of 18 August 2019, Haekkerup said at the time.
The telecom industry doesn’t understand how it can be at fault, though. We’re in the business of getting people to talk to each other, not of providing police surveillance, it responded, while acknowledging that law enforcement values this data.
As it is, the use of cellphone tower data in court cases has gone beyond its original purpose. Here’s what Jakob Willer, director of the Telecommunications Industry Association in Denmark, told AFP:
We should remember that the data is created to deliver telecom services, not to control citizens or for surveillance.
He said that “the mistakes appear when you interpret the data.”
Karoline Normann, who heads the Danish Bar and Law Society’s criminal law committee, told the Times that going forward, lawyers are going to have to interrogate the accuracy of cellphone data in ways they haven’t previously, given that…
…evidence that may appear objective and technical doesn’t necessarily equal high evidence value.
Unraveling the mess
In a 2 July letter to Parliament, the Justice Ministry said that the review of criminal cases that have involved mobile phone location data – they date back to 2012 – would prioritize currently pending cases.
After that, the next priority will be to review cases where people have been sentenced to prison time, probation or other penalties. Next come suspended investigations or acquittals. Finally, the steering group will review cases being actively investigated. If people are in prison based on no evidence besides phone location data, they may have to be released, the Justice Ministry said in the letter.
The letter also said that a report on each review will be forwarded to the court and to the case’s defense lawyer, and that cases will be retried if necessary.
It’s not just Denmark
These kind of location data errors have also been spotted in the US and in South Africa.
It happened to Wayne Dobson, of Las Vegas: a repeat victim of what Naked Security’s Paul Ducklin calls “precise imprecision”: because of a flaw in a mobile phone company’s database, as of 2013, it was sending people who’d lost their phones to his house, even though all it really knew was that their phone was located somewhere in that part of the world.
It doesn’t draw a little circle on the map to say, “That phone’s probably in a 2km radius of here,” or a jagged polygon to say “It’s somewhere inside this grid of lines joining the following five transmission towers spread over an 8km2 area.”
It as good as says, “Head to Casa Dobson. You’ll find the phone in the kitchen, next to the kettle, under this morning’s newspaper.”
Nor is geolocation imprecision limited to cellphone towers.
In 2016, a Kansas couple sued over an IP mapping glitch that repeatedly sent Feds to their house, associating their address with the geographic center of the US and turning what should have been a quiet rural farmhouse into the default answer to “Where the hell is this nefarious IP address located,” as opposed to what that answer should have been: “We don’t have a clue.”