5G and the GPRS data opportunity

Share on twitter
Share on linkedin
Share on email

Will Metters explains why using GPRS data is vital, why you can trust it, and what led to the misconception that it can’t be evidential.

General Packet Radio Service (GPRS) records are generated whenever a device can access a mobile data network. These GPRS records, also known as Mobile Data Event (MDE) records, can then be requested by Investigators to indicate roughly where a device has been, based on the cell sites it was connecting to.

When Investigators first started using GPRS data, they were treated much the same as voice call and text message records. However, roughly 10 years ago as a result of a question raised during a court case, it was identified that in some rare cases the Cell IDs listed on a GPRS record might not have been used at the exact time shown, but rather at an earlier time.

As a precautionary measure, Investigators were informed through NPCC/ACPO guidance to be cautious about the reliance on this GPRS data whilst research was undertaken to better understand the issue.

 

Understanding the problem with GPRS

I was then asked to conduct rigorous research to try to understand if the concern was justified, and if this were the case, what the cause was and what national response may be needed.
To do so, I drove around hundreds of miles of urban and rural areas streaming online audio and video content whilst logging the cells I was connecting to across a range of devices.  I then compared the log data with the GPRS and MDE records to look for any instances where the selected cell was not utilised at the time listed. My findings confirmed that while the vast majority of records listed the cell that it was connected to at the time shown, there were some rare circumstances in which there was a variance. The variance extended from as little as 30 seconds to several hours.

This meant that where there was variance, the GPRS data could not be used to factually state that the cell listed was used at the exact time shown. While we knew that the majority of GPRS data records listed the cell that was being used at the time shown and that there were only a very specific set of circumstances that resulted in these variances, there was no easy way, at that time, to quickly and simply clarify which GPRS records were affected. This uncertainty resulted in both confusion and a loss of confidence in using GPRS records evidentially and to false urban myths suggesting that the data was inaccurate or unreliable.

 

An interim solution for GPRS confidence

We went into solution mode, considering what this meant from a worst-case scenario perspective and how to provide ‘cell confidence’ – ensuring that GPRS could be used as part of the digital forensics mix whilst ensuring the descriptions used were factually accurate.

The solution at the time, which has been used for years since, was to change the terminology across the board for GPRS data analysis from ‘this cell was used at…’ to ‘this data was used at or before…’ The ‘before’ extended as far back as the previous data record where a different Cell ID was listed. Where this was only a few seconds or minutes, GPRS data could still be useful in inferring the rough location of a device at a given time, however, where the gap extended to longer, sometimes into hours, this significantly increased the time window in which a given cell may have been connected to and reduced its evidential usefulness.

Additionally, the terminology change meant that while the majority of records were precise, they all had to be described as if they were imprecise. This has led to the misconception that GPRS data as a whole is unreliable, and most investigators avoid using it at all costs, or equally dangerously, interpret it incorrectly.

 

5G and burgeoning data

 

But why does GPRS data matter? The simple answer is that we are already in a time when some people don’t use their handsets for phone calls or text messages at all, so traditional voice call and text message related cell site data that is relied upon for investigations doesn’t exist. Instead, they conduct all communications on their handsets through data messaging services, such as WhatsApp or Facebook Messenger.

4G (LTE) was the first data-only mobile technology, which means that all services are carried as data with this trend continuing with 5G and 6G. In a few years’ time, most of the records will be GPRS or MDE, with even voice calls being carried as data. Legacy networks will become obsolete. With Telematics and the Internet of Things, GPRS data will gain even more importance. And so, leveraging the data is essential.

 

Building cell confidence

 

We know that GPRS data is reliable, we’ve been working to prove it and provide a solution that can build cell confidence for GPRS data ever since doubts emerged.

This work has included the publication of an authoritative White Paper by our own Joe Hoy, who within his decades of experience as a technical trainer and engineer in telecommunications, developed deep knowledge of GPRS systems. Joe also instigated independent research conducted at the UCL Centre for Forensic Sciences, which has validated this White Paper, giving concrete answers to the questions we wanted to seek. Mainly, is GPRS data evidential?

The answer to that is yes, as long as the data is interpreted correctly. So how can investigators interpret the data correctly and ensure both cell confidence and credibility in court?

We’ve been working to make it as simple as possible for analysts and investigators to identify which GPRS data is precise and which needs to be classified as ‘at or before’ due to variance.

Within our ranks Joe Hoy, Martin Griffiths and Paul Kilby have decades of experience in digital forensics and telecommunications data, as well as being highly experienced expert witnesses. They have studied extensively the complex and specific circumstances where the inconsistencies exist across the networks and transferred this knowledge and expertise into our CSAS software.

Earlier this year, we released a solution that filters data by ‘at’ versus ‘at or before’.  This automation allows CSAS users to identify at speed the data which is precise, allowing Investigators to rapidly support or rule out hypotheses and tap into the vast potential of GPRS data for ongoing, or historical investigations.

The implications are huge, opening up extensive data sets to analysis that could provide vital information for investigations. GPRS data has been ignored or side-lined for a long time. Its use in historical cases could provide the missing piece of evidence in an investigation.

 

Credibility in court

CSAS provides the means to access that data with confidence in ongoing investigations, but in order to achieve credibility in court, you need to understand the data.

That’s why we offer our Interpreting GPRS Billing Workshop, giving you the understanding to confidently use and explain GPRS data in investigations.

In this day-long workshop we reveal the power of GPRS, explaining in detail what GPRS is and how it works; how you can interpret it; and preparing you with the knowledge to explain GPRS in court. We explain the disclosures from networks and the different rules that they apply, so that you can better interpret the data and understand the ‘why’, not just the ‘what’.

Once you are empowered with this knowledge and the tools to analyse GPRS records, you’ll gain access to a treasure trove of data and future proof investigations in an ever-evolving digital environment.

 

Book a place on our next Interpreting GPRS Billing Workshop and reveal the evidential power of GPRS data.

 

Author

  • With nearly 20 years of law enforcement experience, 15 of which he spent specialising in digital investigations, Will Metters is rarely happier than when he is looking for the hidden meaning in a mountain of digital records, either to help answer a customer question or as part of his research work.  

If this resonates with you, let’s discuss.