The Alex Murdaugh trial will have closing arguments this afternoon, and then the double homicide case will go to the jury who will have to override unanswered questions to return a guilty verdict. Some of these questions were answerable. And both defense and prosecution spent hours trying to answer them with the wrong experts.
Some things will remain unknowable. What exactly happened, the order and angle of the gunshots. Crime reconstructionists and forensic pathologists went head-to-head in subjective narratives. Old-school experts from traditional forensics disciplines seeming now fusty and bordering on junk science. Ballistics. Tool mark comparisons.
The three knowable unknowns I’m thinking of all concern digital forensics. Data, gathered by consumer technology, that could better nail down the crucial, short, timeline between 8:44 and 10:06 of June 7 2021 during which the murders occurred:
- OnStar data for Alex Murdaugh’s company-owned Mercedes SUV
- Screen sleep, wake, and orientation data for Maggie Murdaugh’s IPhone, found the following day about a mile away on the side of the road
- GPS data for Maggie Murdaugh’s IPhone during the crucial time
The OnStar data, providing exact GPS coordinates, was a tragic farce within the trial. An FBI electronic engineer testified early on at the trial that the car’s infotainment system was proprietary and that OnStar had responded to a subpoena there was no responsive data. So he had spent an entire year extracting and attempting to reconstruct partial telemetry: when the car was in park or drive or the door was opened or the like. In order to do this the FBI purchased an identical Mercedes SUV and drove it around in approximately Murdaugh’s stated route and timeframe, and then compared that data to known events to the extracted data and then the agent wrote his own software to parse the data.
His testimony was long. There were a lot of events he had no clear explanation for. He had a detailed table by minutes and seconds, and from that data the prosecutor attempted to extrapolate a story of driving and stopping, overlaid on the murder timeline.
Then, three weeks into the trial, OnStar contacted the prosecution. They did in fact have the OnStar data. The path and timing that the FBI engineer had spent a year approximating were in fact knowable, known, and dormant in some lonely server. My guess would be that someone senior at OnStar was watching coverage of the trial and went ballistic “Find that data!” I’d also imagine they’re rewriting their internal protocol about cooperation with law enforcement.
The screen sleep and wake data testimony has been equally farcical. Maggie Murdaugh’s phone had been removed from the crime scene and thrown to the side of a road about a mile away. When exactly this happened, and by which route and mode of transportation, could help pinpoint the exact time of the murders and also potentially conclusively identify the killer.
The phone had locked for the final time at 8:49 pm. The prosecution puts time of death right around then. But there are an array of post-lock activities that include several short intervals where steps are registered, multiple times the screen lights up when the phone is receiving a text or a call, orientation changes, and several times the phone seems to exhibit “raise to wake” behavior, where the screen lights up because the phone is being lifted or moved.
Two witnesses have struggled through charting these events on the timeline and attempting to map the phone’s activity to what was likely happening to it. It did not help that the data was so granular and divorced from narrative, with sufficient uncertainty that the defense easily raised doubt just by pointing at data points and saying “what’s happening here?”
The evidence veered into absurdity. The defense asked whether you could possibly jettison a phone while driving at speed through the passenger window to the opposite side of a road. The testifying law enforcement officer said he could easily. It was all very scientific.
Once the OnStar data was received into evidence and annotated onto the timeline the prosecution had a problem: Alex’s car passed the point where Maggie’s phone was found but there was no corresponding event on Maggie’s phone. No raise-to-wake, seemingly indicating it wasn’t thrown from the car.
To remedy this, yesterday the state called a rebuttal witness. He was a phone data expert on detail at the Secret Service so the defense acceded to his expertise. Once on the stand he testified that over the past weekend he conducted “experiments” in his office in which he determined that “raise-to-wake” often did not activate if a phone was picked up or thrown with sufficient force.
On cross he admitted he had no idea of the threshold of the force, the statistical validity or parameters of his experiment, no documentation. The defense had a field day with “you don’t know any more about this than you could find in a google search” and “so you threw your phone around alone in your office and came here to tell us about it.” The defense attempted to disqualify him as an expert and strike his testimony but the judge pointed out they had not timely objected. But of course this was a bait-and-switch, a Trojan Horse. The prosecution had introduced an expert in one thing and had him testify outside his expertise to pure anecdote.
Like most cell phone data experts I’ve ever seen testify, this witness had knowledge purely in extracting and parsing data, but not in the actual engineering or software of the phone itself. These law enforcement officers are trained to use a commercial platform (that they pay a lot for) such as Cellebrite that extracts and organizes consumer data and various log files from cell phones. They also get training from Verizon and other carriers on which data they retain for both call records and location via cell tower pings. The carriers have distinct sets of data they retain and may provide upon subpoena.
The common thread in all of the above trial hijinx is the spector of earnest law enforcement officers with impressive resumes attempting to scry events from data like reading entrails. Approximation and divination.
Meanwhile, actual definitive data, that admits of only one interpretation, is held hostage by the private companies that collect our data, based on the internal logic of their software and business objectives.
The exact conditions under which an iPhone’s lock screen lights up, and for how long. The correlation of what the user sees as “steps” with various triggering events that could register as a step. These do not have to be extrapolated: they are immutably programmed, given the model of phone, the version of iOS, and user settings.
In other words, the correct experts to testify to how raise-to-wake works and to how and when a “step” is recorded, are Apple employees. I’d think that the product owner or requirements engineer or user experience lead for the raise-to-wake feature might be able to definitively solve this murder.
What force, what torque, what parameters — these are exact, and programmed in.
My point in a larger sense is that, increasingly, private companies own the means to adjudicate disputed reality. While law enforcement officers argue with the defense about what a “step” really means, Apple engineers actually know. But it’s a trade secret.
I wonder if we will see a sort of hybrid expert. Company subject-matter experts who explain what features mean and how to interpret the data they generate. Currently companies only provide the raw data and also “records custodians” who come to court and validate that these are authentic records kept “during the normal course of business.” Then law-enforcement experts, who have attended workshops, interpret the records. But technology is so complex, specific, and evolving, that this model is breaking down, before us, in the Murdaugh trial.
The final tech snafu is simply sad. Maggie Murdaugh’s actual phone could have told us where it was and where it went and when. Via its GPS data. After all, they found the phone (via Find My Friends), and it was on, and family members knew the passcode.
But the law enforcement officer who collected it put it in airplane mode.
Airplane mode is intended to preserve the phone as it was discovered; that no data can be transmitted to it, or erased from it remotely.
But, as two witnesses testified, airplane mode does not prevent the phone from recording other data, such as location and orientation. And by the time they extracted the phone’s data the GPS coordinates for the night of the murder had been overwritten. Or so they guessed. How that works, within what timeframe, or at what amount of data, may only be knowable by Apple.
