- 0 Comments
By Craig Ball
I give dozens of talks each year on electronic evidence where I discuss geolocation data and its transformative potential as evidence in criminal prosecutions and civil litigation. Smart phones constantly track our movements using gyroscopes, accelerometers, global positioning features, geolocation apps, cell tower triangulation and three independent radio systems. Our steps are tallied, altitudes logged, and, for many, vital signs are monitored, too. We are earthbound astronauts, instrumented and coupled to sensors and telemetry as thoroughly as any who journey into space.
This doesn’t fully resonate with audiences until I guide them through their own phones, showing the level of detail with which movements are tracked. Some listeners boast that they’ve set their privacy settings to block geolocation. They’re the ones most surprised to learn that, although they can disable their ability to see their own geolocation history and stop geolocation data from being shared with apps, they can’t disable geolocation broadcasting and still have a functioning phone. Here’s the bottom line: if a phone can operate as a phone, it must broadcast its geolocation coordinates with a precision of ten meters (~30 feet) or better. U.S. law requires it.
When I broach geolocation data and see that look of “we already know this” creep across faces, that’s when I ask for a show of hands of how many in the audience use iPhones. Nearly every hand shoots up. I then invite them to drill down in their phone’s Settings with me to the Significant Locations logs. Surprisingly, most have never done this before and are shocked, even frightened, by the richness of detail in the data.
To try it on your iPhone, navigate through Settings>Privacy>Location Service>System Services> Significant Locations. Unless you’ve disabled your ability to see geolocation data, you’ll arrive at the phone’s History list setting out locales visited and the number of sites gone to within those locales.
But, wait! There’s more! Tap on one of the historic locations, and you’ll see an annotated map of the area with blue dots denoting prior stops. Below this is a more detailed list of addresses and sites visited (restaurants, stores, schools, etc.) with the number of stops noted. Here’s where it gets really interesting (or creepy, depending on your point-of-view). Click on one of the listed sites or addresses to see a zoomed-in map with a listing of the time and duration of each visit logged along with the time and mode of travel getting there (e.g., 10 min drive, 4 min walk).
Again, most of my audiences haven’t seen these logs before and a few fairly freak out when they see their worst Orwellian worries come true.
That’s when I remind the lawyers listening to change hats; “Doff your privacy Panamas and don your your fact finder fedoras!” Geolocation histories aren’t something to fear. They’re gifts. It’s evidence. Powerful. Probative. Precise.
Well, maybe not terribly precise. On the iPhone, geolocation coordinates occasionally pair to sites not visited but nearby. My iPhone sometimes mistakes the popular Atchafalaya restaurant for my New Orleans home, although Atchafalaya is around the corner. The geocoordinates are right, but the pairing’s wrong. Harmless error for the most part, but a quirk worth recalling when challenging geolocation data in court.
In U.S. trial practice, the ability to discover electronically-stored information (ESI) is a function of its accessibility. Relevant ESI that’s reasonably accessible must be preserved and produced when sought, if not privileged from disclosure. But when we speak of “reasonable accessibility,” is it measured from the perspective of the custodian of the data (who enjoys ready access to geolocation data) or from the standpoint of service providers tasked to collect and process ESI? A phone’s user can reach their phone’s geolocation history in a few clicks, but it’s daunting for e-discovery service providers to obtain the geolocation history with anything like the ease they secure e-mail or documents.
Apple doesn’t permit geolocation coordinates to be stored in iTunes or iCloud backups, nor does Apple keep such data in its own records–so forget about serving a subpoena on Apple to get it. Excepting the geolocation data that U.S. laws require be shared with cell service providers to support 911 emergency services and the cell service provider’s cell tower records, a phone’s geolocation history lives on the phone. Accordingly, the “easiest” method of self-collection is also the most cumbersome and least searchable: grab screenshots of geolocation history screens.
Screenshots suck; but, all is not lost. An iPhone may be “jailbroken” by a forensic examiner and its geodata extracted. Else, the phone may have shared geolocation data with various apps serving as historical repositories.
Two examples of application sources are Google Timeline (formerly Google Location History) and the geolocation data stored in photographs taken with the phone’s camera. You won’t have these sources in every matter because the former requires the user to have installed the Google Search app (granting the app access to geolocation data) and the latter–though enabled by default–may have been disabled by a privacy-conscious user.
The geolocation data stored by Google Timeline is breathtakingly rich, reflecting place or business, arrival, departure, duration, route, and mode of transport. The screenshot below depicts the data Google stored about my peripatetic wanderings for part of August 14, 2018. It starts at my hotel in Leiden, tracks my route by car, then bicycle rental, pedaling Utrecht, a visit to Castle De Haar and my evening flight from Amsterdam to Frankfurt. Google has been storing information about me with a comparable level of detail for at least five years. Happily for e-discovery, Google allows users to freely and simply collect this data using Google Takeout (in JSON or KML formats). You can see your Google Timeline at google.com/maps/timeline and you can take out Location Services data at https://takeout.google.com.
The geolocation data that’s embedded as EXIF data in smart phone photos includes precise longitude, latitude, and altitude coordinates alongside information on date, time, phone used, and more. An iPhone user can see their photos’ geolocation mapped in Photos>Albums>Places>Map (screenshot below). As you pinch out, the precision boggles the mind. Mine shows which room in the house photos were made and extends back beyond eight years.
Can you imagine the power of robust geolocation histories to establish actions and interactions more precisely and reliably than fragile human memory? Consider the questions posed to U.S. Supreme Court nominee Brett Kavanaugh and Christine Blasey Ford in the confirmation hearings. Specific comings, goings, dates, and places were forgotten or challenged; but today would we have trouble proving teens were together? Probably not because, today, everyone’s a telemetered, terrestrial astronaut.
Isn’t it time we put powerful, probative geolocation evidence to work for civil justice? It’s right in the palms of our hands. When it’s likely to be relevant, we should preserve it; moreover, we should take steps to insure our opponents preserve it. Screenshots of location histories aren’t the best forms–they may be about the worst–but, screenshots aren’t difficult or time consuming to create, and they’re a darn sight better than preserving nothing at all.
This article was originally posted at Craigball.net and is shared here with full permission from the author.