Powering the phones in our pockets are telecommunication service providers. They provide services for transmitting voice, data, text, sound, and video across long distances using a combination of wired connections and wireless technologies. While most people focus on the technology within their mobile phone handsets, the technology surrounding sending our voices around the globe at the speed of light is truly amazing. From a law enforcement perspective, the evidence that can be collected from telecommunication service providers is just as marveling. This article focuses specifically on T-Mobile, how their tech works, and writing T-Mobile search warrants.
T-Mobile is the brand name used by the mobile communications subsidiary of the German telecommunications company Deutsche Telekom AG. Offering wireless services across the United States, Europe, Puerto Rico, and the U.S. Virgin Islands, T-Mobile has established themselves as one of the top three providers with the second largest in the United States. In April of 2018, T-Mobile and Sprint announced a merger deal, with the resulting company operating under the name T-Mobile. Due to this merger, T-Mobile has also absorbed Sprint’s Metro PCS customers.
T-Mobile is headquartered in Parsippany New Jersey and search warrants must be addressed to:
Attn: Custodians of Records
4 Sylvan Way
Parsippany, NJ 07054
Phone: (866) 537-0911
Fax: (973) 292-8697
Additionally, T-Mobile requests that search warrants be served via email: firstname.lastname@example.org
Drafting T-Mobile Search Warrants
A well-drafted search warrant for T-Mobile requires a base understanding of telecommunications networks and those aspects unique to T-Mobile. As with any telecom, the bulk of available records are Call Data Records (CDR). Simply put, CDRs are logs that document the details of a telephone call or other telecommunications transactions that passes through the telecom. They were originally created to track calls for billing purposes and some CDR returns still how cost per minute charges. T‐Mobile uses a tool named Digger to produce Call Detail Records (CDR) which consist of:
- Incoming & outgoing calls (phone numbers included)
- Sent & received SMS & MMS (no content)
- IMEI & IMSI numbers (if present)
- Service codes that indicate call actions (ie. call forwarded, sent to voicemail, etc.)
- Duration of the call and completed or answer status.
- Cell tower(s) that the handset connected to during the call. (beginning, ending and in between)
- Mobile data usage as bytes uploaded / downloaded.Location data known as PCMD
Although T-Mobile does not store text message content, California law enforcement should still be aware that anything beyond subscriber information must comply with the California Electronic Communications Privacy Act (CalECPA)
Per Call Measurement Data & Location
Per Call Measurement Data (PCMD) is used to determine the distance of a mobile phone from a specific cell tower during a call. T-Mobile uses a Timing Advance system known as Time Difference On Arrival (TDOA) for E911 services to pinpoint a subscriber’s location with a reported accuracy of about 10 meters. TDOA achieves this by measuring the time it takes for a signal to travel from a mobile device to three or more network antennas, thereby determining a more precise position of the device. T-Mobile’s PCMD records were known as “TrueCall” data, but they have since retired that name. The accuracy of TDOA locations can vary widely based on a variety of factors, often environmental. Some TDOA locations are as good as 6 meters, unfortunately some are as poor as 1,000 meters.
T-Mobile’s Time Difference On Arrival (TDOA) is similar to a bat’s echolocation. The signal is sent from the tower like a bat squeak. Instead of the sound bouncing back from an object, the mobile phone which responds to that signal. T-Mobile knows exactly how long it take for a signal to travel. Remember though, that signals radiate from a tower in a circular shape so the phone can be anywhere in a 10 meter wide arc within the connected azimuth.
Through triangulation, T-Mobile a determine where these arcs cross and may be able to identify where within the arc that the mobile phone is located. Potentially, this could place the mobile phone in an area about the size of a semi-truck.
Mobile Virtual Network Operator (MVNO)
A Mobile Virtual Network Operator (MVNO) is a wireless communications service provider that does not own the wireless network infrastructure over which it provides services to its customers. Instead, MVNOs lease network capacity from established Mobile Network Operators (MNOs) and sell it to their customers, often with their own branding and value-added services. They are responsible for their own marketing, customer service, billing, and operations while utilizing the network services of larger carriers. T-Mobile is the service provider for 25 MVNO; after merging with Sprint, T-Mobile now provides service to over 150 MVNOs including Consumer Cellular, Ting Wireless, Amazon, Google and TextNow.
Because the company active as a MVNO is the entity selling the service, they are responsible for maintaining basic customer records while T-Mobile maintains information like CDRs and PCMD records. T-Mobile does not have subscriber information for a MVNO customer.
T-Mobile, as a part of the revered “Big Three” alongside AT&T and Verizon, holds a vast expanse of data that could be pivotal in legal investigations. The merger with Sprint and their position as a top MVNO servicer has further broadened their impact on investigations, making the process of drafting a T-Mobile search warrant a more nuanced endeavor.