More info about search warrants/cell phone data searches, etc.
Determining Probable Causes
A search is not reasonable unless there was probable cause to believe that the search would produce evidence of a crime or contraband. Probable cause is defined as a state of facts which would lead a man of ordinary care and prudence to believe that the object sought is presently located at the designated place. The standard is the same whether the search is with or without a warrant, but the constitutional provision and court decisions make it clear that a warrant is preferred, unless there is good reason for not taking the time to obtain the warrant.
Source:
http://www.judicial.state.sc.us/summaryCourtBenchBook/HTML/CriminalC.htm
Obtaining CDR (Cell Data Records)
Social networking sites have created an environment that allows easy sharing of content across the Web. Each time content is shared or requests are sent, the receiving servers generate a specific log entry in different logs across numerous networks. These logs can tell us what was requested, from what resource or page the request was generated, details about the system requesting the resource, and the outcome of the request. Facebook is one of the more popular social networking sites with nearly 700 million active users. If requested and received, the Web access logs can essentially retrace a user’s activity on the site. The actual content of a posting may not be determined through the logs themselves but the action of posting, deleting, or logging in/out can be confirmed through analysis of the access logs.
The table below contains some of the fields that would be found in access logs related to Facebook activity. Note that other data would be mixed in with a large amount of noise. The order of log entries can be summarized as such:
• A user navigates to Facebook.com and logs into an account.
• The user hovers over a link for Facebook ID 123456 from their home page.
• The user navigates to the home page of Facebook ID 123456.
• The user posts comments to the home page of Facebook ID 123456.
• The user deletes comments from the home page of Facebook ID 123456.
• The user logs out of their Facebook account while on the home page of Facebook ID 123456.
Under the Electronic Communications and Privacy Act (ECPA), 18 U.S.C. §§ 2510–2522,
cell providers must be served with either a court order issued pursuant to 18 U.S.C. §2703(d) or a § 2703(c) search warrant to compel production of CDRs containing cell site information. See 18 U.S.C. § 2703(c)(1)(A), (B) (2010). In the case of a cooperating witness or victim subscriber, CDRs may be obtained with the subscriber’s consent. See id. § 2703(c)(1).
For on-going criminal investigations, a § 2703(c) search warrant or a combined § 2703(d) court order and pen register order, 18 U.S.C. § 3121–1327, known as a “hybrid” order, may be used to collect prospective CDRs containing cell site information. For more information on collecting CDRs with cell site information, see CCIPS Online, available to federal prosecutors on the Department of Justice, Computer Crime and Intellectual Property Section (CCIPS) Intranet Web site.
Cell tower data and maps: Cell tower data/map records contain the geographical locations of the cell towers in the cell provider’s cellular network, recorded by longitude and latitude, and cell tower/sector information, including the number of cell sectors for each cell tower and the directional orientation of cell tower sectors for all cell towers in the cell provider’s cellular network.
No ECPA-required process is available for acquiring these records because these records relate to the cellular network and not to individual subscribers. Depending on the cell provider, these records may be obtained through an informal request, administrative subpoena issued by an appropriate law enforcement agency, or trial subpoena. However, consideration should be given to acquiring such records so that they are admissible in evidence. See FED. R. EVID. 803(6) and 902(11).
CDRs contain accurate date, time, and location information for cell phones and, unlike a witness’ memory, are not prone to impeachment based on their accuracy, reliability, or bias.
Additional information available in CDRs includes the telephone number of the wireless or wire-based phone connecting with the relevant cell phone, whether the voice calls or text messages were incoming or outgoing, the duration of voice calls, and the cell tower and cell tower sectors at the beginning and end of voice calls or when text messages are sent or received.
Cell tower and cell sector information for a particular cell phone is recorded in CDRs at the time
(1) a voice call is initially connected, (2) a voice call is terminated, (3) a connection is made with the voicemail message service to leave or retrieve a voice message, (4) a text message is sent, and (5) a text message is delivered, which may be different than the time that the cell phone user reads the text message. CDRs do not record “handover” cell towers/cell sectors through which a cell phone travels during a voice call unless a particular cell tower/sector is the originating or terminating point of a voice call.
A cell phone that is switched on and operational will register with a nearby cell tower so that the cellular network knows its location to enable immediate access to the cellular network to send or receive voice calls or text messages. Typically, the strongest signal received by a cell phone is the closest tower or one that is in direct line of sight of a cell phone. The cell tower with the strongest signal to a cell phone is known as the “servicing” tower that sends and receives voice calls and text messages to the cell phone. A cell phone also monitors and measures signals from nearby cell towers. As a cell phone moves through the cellular network, the cell provider’s Base Station Controllers and MSC monitor, control, and manage “handover” of the cell phone to other servicing cell towers/sectors to enable uninterrupted voice calls on the cell phone. Cell tower/sector information for the constantly-monitored location of a cell phone during “handover” activity is not recorded in CDRs. Only the cell tower/sector information for the call or message activity listed above is recorded in CDRs.
Source:
http://www.justice.gov/usao/eousa/foia_reading_room/u
