In a significant stride forward for the policing and criminal justice sectors, the Forensic Science Regulators’ Statutory Code of Practice has been approved by both houses of Parliament and will take effect on 2nd October 2023. The code sets quality standards for Forensic Science Activities related to crime investigation and the criminal justice system in England and Wales. At Chorus Intelligence, we have closely followed the developments of the code and welcome the rigour it brings to the important activity of Call Data Records (CDRs) and cell site analysis for geolocation.
It is reassuring to see regulation introduced, which empowers users of this data to operate with the highest level of integrity, thus moving towards a more compliant environment. The timeline for compliance is reasonable and allows for careful gap analysis and adjustments without disrupting ongoing operational activity. Overall, this code is a positive step forward for the industry and we are proud to support its implementation.
We have received many enquiries from UK Law Enforcement about this new Code of Practice and the implications for practitioners involved in the use of communications data in their work. In this document, we set out to address some of the key questions we have received.
What does it mean for practitioners?
Within the FSR Code of Practice, section 83 (FSA – DIG 200 – cell site analysis for geolocation) it relates to the use of RF survey, mapping and/or cell site analysis for geolocation of a device related to criminal activity. Once the code comes into force on 2nd October 2023 practitioners will need to make a declaration of compliance or non-compliance within 24 months. Compliance is demonstrated by having accreditation to ISO/IEC 17025.
The code sets out the minimum standards required for the processing and normalisation of CDR data or other network provider data for the purpose of cell site analysis or related findings, as well as RF surveys, creating/adopting maps of cells sites and or cell coverage for the purpose of reporting to court and the assessment and evaluation of CDR data against survey data. It is applicable to anyone who may be deemed to give an expert opinion on the communications data and radio frequency outputs.
The Code of Practice applies to all users, be that investigators or analysts who provide communications data evidence and or appear in court as a witness of fact. It also applies to anyone who does RF surveying, cell site analysis and may offer expert opinion on the data. Effectively anyone who acts as an expert witness in relation to CDR data and/or cell site analysis and geolocation.
Users who only use CDR data, cell site analysis or geolocation data for investigative purposes, are exempt from the Code of Practice.
What is Exempt?
FSA – DIG 101 – Analysis of Communications Network Data (Section 97) contains details of the exemptions to the code. We have detailed the exemptions below that apply when these activities are carried out to inform the investigation and the maps and charts are clearly marked as ‘This forensic information is not intended as evidence’.
The most notable exemptions are:
- Processing and normalisation of CDR or other network provider data for the purposes of informing the investigation.
- Relational or temporal analysis of CDR information.
- Presumptive automated tools for analysing CDRs, including ‘co-location’ analysis, and accepting the risks and limitations, including confirmation bias.
- Production of mapping of cell sites and/or cell site coverage for informing the investigation.
What is Chorus doing about it?
Chorus is here to support all our users on their journey to getting ISO17025 accreditation. At our core, Chorus adheres to clear transparent processing of data to a standard that would allow anyone to manually recreate those steps and get to the same result.
Chorus’s intention is to work with the Heads of Profession and relevant Quality Assurance Managers once the national picture is clear. Whilst there will be a national approach when it comes to practitioners, Chorus understands that each force/agency will have their own policies and each will dictate who is or isn’t a practitioner. Chorus wants to understand each of its customers’ requirements and concerns and support them through this process.
As an organisation, Chorus provides tools to cleanse, filter and query CDR data and plot cell site locations on maps, however, the software does not offer opinions on those data points. As these tools do not offer opinion, or perform the actual analysis, the ISO standard is not applicable. However, ensuring best practice, transparency, reproducibility, and accuracy are key factors for anyone looking to get ISO17025 accreditation. Chorus is actively discussing with ISO accreditors how to best demonstrate that our tooling and processes follow best practice to ensure an accurate data set for further analysis and to support our users on their journey to accreditation.
Additionally, we can help facilitate your training requirements. We offer several CPD accredited training courses should your teams need it to help meet the new standards, this would be provided through our training partner, CloudBreak Analysis – https://www.cloudbreakanalysis.com/training.
In addition, Chorus intends to give further support through upgrades of Chorus software. In a future release, Chorus also intends to allow the option to add ‘This forensic information is not intended as evidence’ to the software and any output from the system.
Conclusion:
Chorus Intelligence is excited to welcome the introduction of the Forensic Science Regulator’s Statutory Code of Practice, which provides an opportunity for forensic practitioners to work to a new, robust framework. This will increase the credibility and professionalism of the field and improve the confidence of your staff. By setting a new standard of rigour, the code will ensure that evidential standards remain high, and the risk of error and misinterpretation is minimised.
As for FSA DIG 200, the code has now formalised the excellent work and high standards are already being followed by thousands of practitioners in the UK on cell site and communications data. The Forensic Science Regulator has not reinvented the wheel; rather, it has incorporated existing Standard Operating Procedures (SOPs) into robust quality control systems.
To ensure compliance, all practitioners’ competence must be assessed, and any gaps in skills and knowledge must be filled with high-quality, externally accredited, and verifiable training. Practitioners must also periodically refresh and update their learning. Fortunately, many organisations have already driven competence, which puts them in a good position to achieve compliance.
Although this will entail careful, methodical work, organisations are not starting from scratch. They have sufficient time to complete the necessary work without sacrificing ongoing operational capability, and the team at Chorus Intelligence is here to provide assistance every step of the way.
