Imagine being falsely accused of a crime, not by a stranger, but by the companion that knows you best in this world. It’s not your spouse or your parents, but the partner that follows you for nearly every step of your day, through intimate moments good and bad: your phone. That’s the reality for 32 Danish men, convicted using cellphone location data—data that now appears to have been wrong.
We’ve known for years how our phones can track our movements, keeping a perpetual log of our location through Cell-Site Location Information (CSLI) and GPS data. It’s an annotated history of our lives, updated anytime our phone, cell-enabled tablet, or wearable is powered-up and connected to the network. Whether you’re making a call, sending a text, or simply accessing data: nearly every moment your phone is on, it’s leaving a map of which cell towers are closest—down to a matter of feet.
Tracking our phones’ locations increasingly means tracking us. As the Supreme Court noted last year, “nearly three-quarters of smartphone users report being within five feet of their phones most of the time, with 12 percent admitting that they even use their phones in the shower.” And since almost every American has a cellphone, almost every one of us carries around a would-be government tracking device. And now it turns out those trackers can make mistakes… maybe a lot of them.
CSLI is not only one of the most invasive surveillance technologies on the market, but it’s one of the most widespread, with American prosecutors using CSLI in tens of thousands of criminal cases every year.
This sort of location tracking is so intrusive that the Supreme Court took the unusual step of requiring a warrant last year. Typically, the courts don’t require a warrant when data is held by a third party, such as a phone company, service provider, or financial institution. But the court said that CSLI is so intrusive, so expansive, that police need a warrant before they can hijack our phones’ location data.
It’s almost a relief to know that these Orwellian tracking tools make mistakes too, but it could create a crisis for the criminal justice system, and this latest revelation may prove more momentous than even the Supreme Court ruling. Why? Well the courts have generally refused to apply the Supreme Court’s decision retroactively. If you were convicted using CSLI before the court ruled in 2018, too bad, you’re out of luck. Yes, those searches may have violated the Fourth Amendment, but they rationalize that police acted in good faith: how could officers possibly realize that calling up someone’s entire life history from the phone company would be an invasion of privacy?
But new information about CSLI errors might go further. These newest revelations go beyond whether phone data was obtained legally. Now the question is whether prosecutors are using the data misleadingly in court. Juries have been assured for years that CSLI is accurate—so what if it now turns out it’s not? In cases where prosecutors successfully relied on cell phone location data, convictions may now be coming into question.
Prosecutors previously used CSLI to show a defendant’s movements throughout the day, putting them at the scene of a crime or undermining their alibi. But Danish researchers found that phone companies omitted some calls, registered other calls in the wrong location, and even recorded phones at two places at the same time, sometimes hundreds of miles apart.
So far, Danish prosecutors have responded by opening an inquiry into more than 10,000 cases since 2012, and dozens of pending prosecutions have been put on hold. To put this in context, Denmark’s total prison population numbers less than 4,000. The U.S. jail and prison population is more than 2 million.
Consider if hundreds of thousands of our fellow Americans were locked away with evidence that may have been faulty. The situation has the potential to be a forensically-driven miscarriage of justice on an unprecedented scale. Not to mention grinding the court system to a halt as potentially affected individuals file for new trials.
To be clear, we don’t know if this will happen—not yet. It appears that the Danish phone data errors were caused by two distinct problems, one with the software used to extract phone records, and one with the underlying record logging itself. We don’t yet know if this same software was used by U.S. police. But what is clear is that a giant question mark is now hovering over every single case where CSLI was used domestically.
It may turn out that U.S. law enforcement don’t use the same faulty software as their Danish counterparts, but we don’t know if other software products are more reliable. Even more alarming, the record logging issues appear to be an innate part of how the phone network captures data, meaning that we may find similar errors no matter what software we use.
If these errors happen even a fraction as frequently as in Denmark, the only real question is how long before U.S. police and prosecutors pause and review CSLI here in the U.S. The longer they wait, the worse the crisis will grow.
Cahn is the executive director of the Surveillance Technology Oversight Project at the Urban Justice Center, a New York-based civil rights and privacy organization. On Twitter @cahnlawny.