Friday, September 4, 2009

Should the Existence of "Spoofing" or "Jamming" GPS signals render GPS generated evidence inadmissable?

I've reviewed a couple of articles on the Internet that argue that GPS evidence should not be admissible in court. Some criticize GPS tracking as not accurate enough, which is surprising, as New York's highest court excluded warrantless GPS tracking evidence because of its far too accurate abilities. This post, however, will analyze whether "Spoofing" or "Jamming" technologies, by their very existence, so taint any possible GPS evidence generation as to render GPS evidence generally unaccepted and unreliable, and thus excluded under the Frye standard. (Wikipedia explanation).

Professor Susan Brenner did an excellent description of "Spoofing" and "Jamming" in her CYB3CRIM3 Blog. I see no reason to reinvent the wheel, so thanks to her, I will forgo an explanation.

In our society, many things can be forged, manipulated, altered or used without proper authority. U.S. Currency can be counterfeited, yet we all use it every day, usually without looking at it twice. Photos, now usually generated either digitally or from magnetic signal (on videotape) can be digitally retouched, making it difficult to know what the original looked like. Audio recordings can be sliced, spliced and diced to put words in someone's mouth. Documents can be scanned and signatures transferred that rival the original, thus rendering the documents complete and utter forgeries. Video tapes, likewise, can be doctored to make the impossible seem possible.

Yet, despite the existence of technologies that make it harder and harder to know what is "real," our court system every day accepts into evidence as real both currency, photographs, audio statements and recordings, signed documents and videotapes. While parties have the right to challenge the authenticity of evidence, no court I know of has ever barred evidence just because a technology exists that someone might use to tinker with or outright falsify the evidence. Likewise, I don't believe any court should exclude GPS evidence simply because someone somewhere has the capability of tampering with that evidence.

To be clear, there are four methods of "tampering" with GPS evidence I know of 1) "Jamming" GPS signals (thus blinding the GPS to location completely 2) "Spoofing" GPS- externally sending signals to the GPS reciever to make it think it is in a different location than it actually is 3) Uploading a false GPS track into a totally accurate GPS (which I describe in a blog post here.) 4) Tampering with the GPS evidence after it has been downloaded (which would be evident if the parties follow appropriate downloading procedures, and built a chain of custody of the raw GPS data.)

"Jamming" is very easily dealt with- It can't bar admission of GPS generated evidence, as, by definition, "Jamming" blinds the receiver. Now, unless the "Jammer" is mobile, and following the GPS tracked vehicle, it is likely only to block a portion of the GPS track. GPS tracks, however, are severable-that is, each trackpoint is constructed independent of the previous trackpoint, so each trackpoint constitutes admissable evidence without depending on the other trackpoints before it or trackpoints following it.
Therefore, if a court is presented with a "partial" track, individual track points, if relevant, are admissible to prove whatever the proponent is attempting to prove. Accordingly, "jamming" only creates an information vacuum for the period of time it is going on, and does not effect the veracity of the rest of the trackpoints, and therefore, the rest of the track.

Jamming is analogous to blinding a camera with a bright light to something the camera should be able to see, but can't through the light. We don't discard the rest of the photo because one portion is washed out. Nor does the washed out part lack information-we just can't see it. But the washed out part does not "contaminate" the rest of the photo.

Uploading a false track is like loading an official camera with film taken from a different camera, that appears to be real. Careful examination of GPS tracks will disclose problems, and careful "chains of evidence" will ensure the veracity of GPS track evidence.

Tampering with downloaded GPS evidence is like retouching a photograph after it has left the camera. This, too, can be prevented by preserving the raw data in a non-changeable form, like burning to a CD, and carefully protecting the chain of evidence that data goes through.

Attorneys should, and will, examine those who handle and process GPS evidence to make sure these evidenciary foundations have been fulfulled before GPS tracks are admitted. Doing so ensures the accuracy and credibility of the GPS evidence presented.

Finally, "spoofing" is the most troublesome technology. "Spoofing" a GPS is like setting a false scene for an official camera to shoot, but the scene appears real. The camera works, parts of the scene appear real, but something is false as part of the scene. Accordingly, where the jammer simply leaves a vaccum of information, the spoofer gives false information.

Fortunately, spoofing a GPS that would be admitted to court would be incredibly complicated. First of all, either the subject of the GPS tracking would have to know that he was being tracked to be involved in a "spoofing" in the first place, if he intended to use the spoofed track on his own behalf. The only GPS targets that know they are being tracked are criminals (or accused criminals) wearing GPS bracelets. While there is a possible scenario that the criminal spoofs the bracelet into thinking he is stationary when he is out committing a crime, the criminal would have to have good expertise, and good luck.

"Spoofing" has one other telltale characteristic- because the GPS satellites broadcast to ALL GPS recievers, and "spoofing" gear would have to overcome those signals to "spoof" a position, thus transmitting the "spoofed" signal to all the GPS recievers in the area, not just the target GPS. Where such tracks can be located and compared, and the GPS users interviewed, spoofing will either be proven, or disproven.

"Spoofing" an immobile GPS to make it look mobile could be easy, but in real life, "created" movements may become shockingly apparent when, for instance, a GPS tracked accused criminal crosses a river where there is no bridge, the GPS did not move with the actual current, and where the GPS isn't waterproof. Likewise, if the GPS travels over high fences, through secured areas or over cliffs, it will be suspect. Finally, a GPS attached to vehicle that routinely follows paved roads will be suspect when it starts to travel through cornfields and through swamps. While "spoofing" is possible in theory, "spoofers" may find that, like currency counterfeiters, the details are what trip them up.

"Spoofing" a mobile GPS would be quite difficult, given that the distances between the transmitting "spoofer" vehicle and the GPS tracked vehicle would vary, so would the strength of the signal, and real signals could leak through. Also, the "spoofing" vehicle would have to know where it was at all times to correctly transmit spoofing data that "makes sense" in the real world. How can it do that with a spoofed GPS reciever?

Because the slim likelyhood of successfully "spoofing" a GPS receiver without having it detected in the track, I would conclude spoofing, as a technology, is not a reason to either doubt GPS tracks or exclude them from evidence.

Finally, because both "Jamming" and "Spoofing" depend on transmitting data over the airways, anyone who attempts to either "spoof" or "jam" risks location and prosecution themselves. Because the equipment is specific, because many agencies can sample the airwaves, and because GPS signals have a national security dimension, it is unlikely in the extreme many would expose themselves by trying to jam or spoof GPS signals.

No comments:

Post a Comment

Comments are always moderated-your comment will not appear unless it is, in the eyes of the author, relevant.