The definition of CDR, even though there's a standard, isn't really standardized between companies, networks, or hardware. The switches actually puke a huge blob of semi-trustworthy data in a long record and internally we called it something other than a CDR, though other companies may call it that. Then we had a bunch of other nicknames for different subsets of the data, the smallest one was referred to internally to the lab as a CDR. The full data record we pulled from the feature phone included any GPS reported. We couldn't get the exact same field from a 3g phone because that network was designed so the switch was kind of brainless about location, other than the direction from the base station. I think it was, at the time the network was built, the laziest possible way to achieve tolerable TCP/IP traffic throughput so that's what they did. Literally PPPoE.
The method described by multiple people in response to my post is how they attempt to triangulate 3g phones for law enforcement, and if a local sheriff from Cracker Barrel, Arkansas or something requests the data that's what they get: the subset of the call record and the estimated location along with a big disclaimer "THIS MAY NOT EVEN BE ACCURATE TO WITHIN 2KM!" We did constant hands-on tests trying to refine it. Statistically it seems like a good idea but when research tried it on specific people (ourselves) we ended up with no confidence it would work accurately even 3/5 times. We tested it in suburbs, cities, rural, all have different weird factors and significant problems associated with the technique. As a basic example you can be near a cell tower, which have directional antennae, standing at a specific angle to a couple tall buildings and the reflected signal will appear to have you standing in two places at once, or even teleporting between two locations on a minute by minute basis, at which point the data is useless. In theory we can model what highway you're driving on, in reality it's a coin flip what area code you're in.
I think this is also critical if you're thinking of law enforcement applications of this: the base station switches do not report the data back instantly or even in the order they receive it. So our fastest estimate if everything worked perfectly was a 3-4 hour turnaround. Sometimes one of the relevant CDRs for triangulation comes back THREE DAYS after the call is made. Incidentally this is the same data that would be collected by the NSA under the Snowden thing, so military applications would also be limited at best. I mean, if they were dumb enough to try to use it that way they might end up hitting schoolbuses or weddings with cruise missiles or something, and no one wants that.
The result of this was a heavy focus on femtocells, which have such a small area they know where you are because you can't possibly be outside the Starbucks or whatever. It turned out to have other smaller problems: femtocells get overpowered by nearby base stations all the time. I don't know how they were trying to use the one in the van when they caught those boston bombers but I expect the idea was the phone only knows to jump to the strongest signal and that way they could just stop any calls they made. In a neighborhood with a close base station this would be a lot less effective even if the femtocell was massively overpowered, the base station stuff is just this blast of signal and it reflects everywhere, the guy would get through or not randomly.
I think the most damning thing here is that no one who participated in the research would ever testify in a court that the method in question definitely places the phone in question at 123 Cherry Lane, or on the same block as Cherry Lane, or in Cherry Village, or if there was a car involved even in Cherry County. On the other hand, when your shiny new LTE phone is reporting back its gps on a millisecond basis with every call and tons of http headers, things will get a lot easier. For them. I won't be doing that kind of work again.
The method described by multiple people in response to my post is how they attempt to triangulate 3g phones for law enforcement, and if a local sheriff from Cracker Barrel, Arkansas or something requests the data that's what they get: the subset of the call record and the estimated location along with a big disclaimer "THIS MAY NOT EVEN BE ACCURATE TO WITHIN 2KM!" We did constant hands-on tests trying to refine it. Statistically it seems like a good idea but when research tried it on specific people (ourselves) we ended up with no confidence it would work accurately even 3/5 times. We tested it in suburbs, cities, rural, all have different weird factors and significant problems associated with the technique. As a basic example you can be near a cell tower, which have directional antennae, standing at a specific angle to a couple tall buildings and the reflected signal will appear to have you standing in two places at once, or even teleporting between two locations on a minute by minute basis, at which point the data is useless. In theory we can model what highway you're driving on, in reality it's a coin flip what area code you're in.
I think this is also critical if you're thinking of law enforcement applications of this: the base station switches do not report the data back instantly or even in the order they receive it. So our fastest estimate if everything worked perfectly was a 3-4 hour turnaround. Sometimes one of the relevant CDRs for triangulation comes back THREE DAYS after the call is made. Incidentally this is the same data that would be collected by the NSA under the Snowden thing, so military applications would also be limited at best. I mean, if they were dumb enough to try to use it that way they might end up hitting schoolbuses or weddings with cruise missiles or something, and no one wants that.
The result of this was a heavy focus on femtocells, which have such a small area they know where you are because you can't possibly be outside the Starbucks or whatever. It turned out to have other smaller problems: femtocells get overpowered by nearby base stations all the time. I don't know how they were trying to use the one in the van when they caught those boston bombers but I expect the idea was the phone only knows to jump to the strongest signal and that way they could just stop any calls they made. In a neighborhood with a close base station this would be a lot less effective even if the femtocell was massively overpowered, the base station stuff is just this blast of signal and it reflects everywhere, the guy would get through or not randomly.
I think the most damning thing here is that no one who participated in the research would ever testify in a court that the method in question definitely places the phone in question at 123 Cherry Lane, or on the same block as Cherry Lane, or in Cherry Village, or if there was a car involved even in Cherry County. On the other hand, when your shiny new LTE phone is reporting back its gps on a millisecond basis with every call and tons of http headers, things will get a lot easier. For them. I won't be doing that kind of work again.