Critical cell site information often missing from search warrant returns


This article presents an issue in the discovery process relating to Call Detail Records and Historical Cell Site Location Information in criminal cases. Provider search warrant returns almost never include the cell site database, even when the language in the search warrant requests it. I suspect the reason is because the providers regularly upload cell site lists to law enforcement-only portals, and thus, they assume law enforcement has access to them. A combination of a disclaimer and misunderstanding causes issues for the defense in its analysis of the records.  

UPDATED: 2/8/2026

Cell site lists not provided with discovery

The use of historical cell site location information (CSLI) is commonly used in criminal cases and increasingly more in civil cases. CSLI is information provided by Mobile Network Operators (MNO) (e.g. T-Mobile, AT&T, Verizon) and Mobile Virtual Network Operators (MVNO) (e.g. Boost Mobile, Cricket Wireless, Tracfone).  I'll refer to them collectively as the providers.

Search warrant returns include several or many files, as shown in the graphic below.  The returns often include informational or interpretation documents, a certification for the records, and the actual call detail records (CDR).  What you typically do not see are files containing the location, azimuth, vendor, etc., for all of the neighboring cell sites which existed at the time of the incident.
 

Now, if you are a member of law enforcement, you're in luck.  The providers regularly upload the cell site location databases to a law enforcement-only web portal called NDCAC, or in T-Mobile's case, their LRS site. Law enforcement analysts can access the cell site location data they need to perform cell site analysis (CSA) and generate trial exhibits.
 
Message shown at the NDCAC LE Portal: https://ndcac.fbi.gov/le-portal

Since the providers typically do not include the cell site lists with the search warrant returns, and since defense experts cannot access the law enforcement-only portal, the defense team is left with two options:

OPTION 1: Ask the prosecution for the cell site lists their analyst is using.

If asked by the Defense, some agencies will provide the cell site lists to defense counsel so that the defense expert can conduct their analysis using the same evidence that law enforcement used.  Frequently, however, the agency pushes back on providing the list due to a disclaimer on the NDCAC website, which, according to one law enforcement analyst, states, 

All Information should be verified with the service provider before use in investigative leads. The Carrier Cell Site information provided is for Law Enforcement Use Only and is not authorized for distribution outside of law enforcement.

So, I get that a criminal intelligence analyst trying to do their job does not want to violate the terms of service for an FBI-sponsored web portal.  I'm not a lawyer, so I'm not going to comment on the legality how to interpret this disclaimer. But, in the 10+ years I've been working on criminal cases, I've seen a lot discovery material turned over to the Defense which is significantly more sensitive than a list of cell sites. You can literally see the cell towers, even the ones disguised as trees.

After noticing this trend, I contacted NDCAC, I and asked them if they could add some verbiage to the disclaimer that would clarify to law enforcement that it is permitted to provide the lists to the Defense, by way of the prosecution, through discovery in the case it pertains to. Counsel from the FBI called me back and explained that this requirement is set by the providers.  The representative told me that the only way to get it was from the prosecution. It would be great to have that in writing so the Defense could hand that free pass over to the prosecution.

OPTION 2: Ask the provider for the cell site lists from the time of the incident. 

The other option is to get the cell site lists directly from the provider. I've had success going this route on occasion by calling their compliance center and providing them their case number. More often than not, I'm told by the provider that they will only provide the data to the original requesting agency.

Defense counsel can also subpoena the provider for the records. 

Now, the problem with this is that the providers do not keep the cell site lists forever.  In homicide cases, in particular, the retention period has usually passed by the time a defense expert is involved, and the provider no longer has the records from the time of the incident. I've also seen the provider respond to the Defense subpoena by including the earliest list of cell sites that they do have.  This is essentially worthless, other than to demonstrate to the prosecution why the lists from the time of the incident are needed.

UPDATE 2/8/2026: The T-Mobile LRS allows attorneys to Request Access to the cell site lists through this site. Non-LE defense experts cannot access this site as of this time. For a short time, T-Mobile did allow defense experts to request access to the site, but they revoked that access some time in 2024-2025 when they migrated to a new system which required re-apply for access. When I tried to re-apply, I was unable to check any boxes for approval (i.e. LE, attorney, etc.).

So what normally happens?

The Defense receives the call detail records from the prosecution, but it does not have a list of the cell sites from the time of the incident.  The Defense cannot perform analysis.  

In my experience, the Government ends up providing the lists to the Defense.  I've had at least one case, which didn't go to trial, where the prosecution and the Defense counsel simply never resolved the issue.

Even when it is resolved, there is a lot of back and forth between the attorneys and the experts before the lists are provided. This can delay a trial or keep a case from resolving by a plea agreement. In a perfect world, the prosecution would be aware of this issue, and they would gather the cell site lists for the Defense when preparing the discovery package.

Key Takeaways

  • Attorneys should try to identify whether they have the cell site lists upon receipt of the search warrant returns.  They can take a look through the file names and see if they any contain the words "cell site". It's not fool proof, but the cell site list files typically have those words in the filename. If there is an existing relationship with an expert, the attorney can ask the expert to take a look and see if the returns include the cell site lists. This way, if they were not provided, the Defense can start the conversation with the prosecution (or subpoena the provider) to get them.

  • Some providers do include cell tower locations in some types of the CDRs, but the locations in these records are not sufficient.  The most simple reason is that an analyst needs to be aware of the neighboring tower locations in the area.

  • This article is very limited in its scope, so below you'll find additional resources related to this topic.

Additional Resources

Popular posts from this blog

Preservation of YouTube videos

Image
YouTube is a video-sharing platform which allows users to easily and quickly upload videos taken on their phones.  An attorney or investigator might see a video on YouTube relevant to their case or subject, which they want to download and preserve before YouTube or the video's author removes it.  This article demonstrates a tool which is free and easy to use to preserve YouTube videos and content from hundreds of other sites. Background As a digital forensic consultant, I've been asked by attorneys numerous times to preserve a video that is on YouTube.  While anyone can screen capture a video or install any number of browser extensions that can make a copy of an online video, these methods do not provide logging or metadata that is sufficient for litigation.  Years ago, I discovered a tool which is easy to use and provides logging and metadata capture.  While some may not consider it to be a "forensic tool", I consider that testing and validating this tool on a ...
Read more

A discovery process used in child pornography cases

Image
In criminal cases involving Child Sexual Abuse Material (CSAM), the prosecution rarely produces forensic reports or source data to the defense due to the timely redaction process required to exclude CSAM media from the production.  Software applications, commonly used by digital forensic analysts to process and examine sources of digital evidence, have started to include methods for generating reports with the contraband redacted or to export data in a format which excludes all image or video files completely.  While this may not replace the need for an on-site forensic examination by a defense expert, it can save time and expenses for both sides during the discovery phase, and subsequently, the examination phase.  This article provides one technique using Magnet Axiom software, an application commonly used by law enforcement, for accomplishing such an export.   Background Discovery is the legal process of one party turning over evidentiary material it has in it...
Read more