An EXTENSIVE COLLECTION of phone records, leaked via SecureDrop by an unidentified hacker who thinks Securus Technologies is disregarding the rights of inmates, was acquired by The Intercept. This aggregation is made up of over 70 million documents of calls which were dialed by prisoners to at least 37 states, and also include links to accessible recordings of the calls. The calls cover a period of almost two and a half years, from December 2011 to the spring of 2014.
The phone records gathered by the investigation include numerous conversations between inmates and their lawyers, which indicates that some of the recordings must have been confidential and privileged communications. This action of recording and saving these conversations could have broken constitutional laws that guarantee legal counsel and access to the court system.
David Fathi, director of the ACLU’s National Prison Project, voiced his worry about what could be the most extensive violation of the attorney-client privilege in recent U.S. history. He highlighted that, even though numerous rights of prisoners are restricted because of their imprisonment, their protection by the attorney-client privilege remains intact.
The tracking of detainee phone conversations is a fairly new practice, with the aim to safeguard those within and beyond the nation’s detention facilities. The Securus breach provides an uncommon glimpse of this not often thought of type of surveillance of those in custody – along with those close to them on the outside – raising issues about its range and viability, and its potential hazards.
Securus advertises to government clients that their Secure Call Platform is the most advanced phone system available, allowing for extensive monitoring and recording of calls which are then securely stored and only accessible to authorized personnel within the criminal justice system. The company’s Integrity Pledge states that they are dedicated to providing a highly secure audio and video communications platform, and will always abide by Federal, State, and Local laws in their operations.
It is evident that Securus’ data storage system is not nearly as secure as they make it out to be, as a hacker was able to access more than 70 million prisoner call records.
The Securus leak shows the amount of personal data the business keeps on prisoners and everyone connected to them. This data, while not seen as private in the realm of incarceration, has far-reaching implications regarding the civil liberties of people whose lives cross paths, even briefly, with the criminal justice system.
Securus, a telecommunications company based in Dallas, Texas and owned by a private equity firm, is mainly in the business of providing phone and video visitation services to those who are incarcerated. This is so they can stay in contact with their family and lawyers. It is notorious for the exorbitant fees it has charged for phone calls, which are usually paid for by those who are struggling financially. The Federal Communications Commission recently voted to put a limit on the calling rates and fees, a decision which Securus and other industry players have claimed would be damaging to their businesses.
The business model of Securus, as well as other industry players such as Global Tel*Link, is one that depends on taking advantage of people involved in the criminal justice system. The prison telecom industry generates $1.2 billion in income yearly from an immovable customer base. As stated in its public relations information, Securus provides communication services for more than 1.2 million inmates in over 2,200 facilities across the country, and processes more than 1 million calls per day. In 2014, Securus had a total revenue of $404 million.
Securus provides local and county governments (which operate jails) and state departments of correction (which run prisons) with phone systems at no or minimal cost. The company also offers its clients “site commissions,” which are kickbacks from revenue generated by inmate calls, usually amounting to 42 percent of the revenue from state contracts, according to Prison Legal News. The FCC rate caps could challenge the ability of the industry to sustain its kickback system, as lower rates and fees could put companies in a position where they must use their own funds to fulfill contracted payments, unless they renegotiate existing contracts. It is unclear how the new rate caps will affect these payoffs.
Securus promotes the Secure Call Platform as an advantageous offering for its clients. It boasts that the technology permits the recording and monitoring of almost all prison calls, safeguarding its database against unauthorized access. Law enforcement is a key part of its services, as Securus claims that it can provide recordings quickly to investigators in different jurisdictions, thus offering a potent crime-fighting tool.
The Securus hack demonstrates that the firm has not met its own security assurances. The Intercept obtained more than 70 million phone call records associated with almost 1.3 million distinct telephone numbers and 63,000 prisoners. The initial data was saved in a 37-gigabyte archive, which The Intercept combined into a single table with 144 million entries. After removing duplicates, this number was reduced to more than 70 million individual phone call records.
The database included the full name of each prison inmate, the numbers they contacted, the date, time, and duration of the calls, the Securus accounts of the inmates, and other related details. In addition to the metadata, a “recording URL” where the audio recordings of the conversations could be retrieved was provided for each phone call record.
The bulk of the calls seem to be of a private nature; audio files that were leaked together with the larger data set of recordings illustrate a couple having a close dialogue; in another, family members talk about someone whose diabetes is deteriorating. In a third, two people are discussing Dancing With the Stars, TV dinners and the amount of money available to pay for their ordinary phone calls as opposed to what should be spent on food. On the other hand, a subset of the recordings – at least 14,000 – were made by detainees to lawyers, in calls that range from a minimum of one minute to over an hour.
The Intercept evaluated the 1.3 million phone numbers dialed by inmates and discovered that over 14,000 of these calls were directed to attorneys. This figure is likely to be lower than the actual number of attorney-client calls that were intercepted, as it does not include calls to mobile phone numbers of attorneys. In sum, the total number of attorney-client calls that were hacked is probably much higher than 14,000.
In summary, Securus does not seem to be as secure as it claims.
It appears that Securus’ supposed invulnerability has been breached before. According to details presented to The Intercept by a Texas attorney, the system was infiltrated on July 18, 2014. The individual responsible was able to gain access to three calls made by Aaron Hernandez, the former New England Patriots player who was on trial for the murder of a friend. In an email thread from July 21, 2014, two Securus staff members spoke of the breach. It was discovered that the person had been located in South Dakota, yet their identity was not known. One email stated, “OMG……..this is not good! The company will be called to task for this if someone got in there that shouldn’t have been.”
No records show that the 2014 hack was exposed to the public. Despite multiple requests, Securus failed to comment on this article. [ Editor ‘s note: See update below for a statement from Securus in response to the release of the story.]
It is generally accepted that inmates do not possess a right to privacy while in prison, and this is reflected in virtually all forms of communication with the outside world. Securus, like other jail and prison telecom systems, plays a recorded message at the start of each prisoner-initiated phone call, informing the recipient that the call is from a correctional facility and may be monitored and recorded. Those on either side of the line likely do not expect their conversations to be stored and potentially made available to the public; however, this is what happened due to Securus’ failure to prevent hackers from accessing the calls.
Fathi, from the ACLU, expressed concern about “waivers of rights,” noting that they should only be as extensive as needed to accomplish the goal. If recording and monitoring detainee phone conversations is meant to improve safety in and outside a facility, then conversations should not be kept forever after it’s been determined that they hold no intelligence that would benefit the institution.
The practice of recording calls made by detainees was initially justified on the basis of ensuring safety in the facility, preventing the introduction of contraband, averting escape attempts or potential violence, and preventing witness tampering or harassment. However, according to Fathi, if the purpose is to examine if someone is in possession of drugs or planning an escape, it does not imply that both the detainee and the person they are speaking to outside have surrendered all their privacy rights, and that any use of the recording is permissible.
The consequences of Securus’ phone systems not correctly being able to exempt certain numbers from being recorded and stored are especially worrisome. The systems are meant to be able to recognize and mark calls coming from certain phone numbers, making them exempt from the rule that requires all calls to be logged.
The criminal justice system is based on the principle that an accused or incarcerated individual should be able to communicate openly and honestly with a lawyer, which is an essential part of the Sixth Amendment’s right to competent and effective legal representation. This was demonstrated in Securus’ 2011 bid to provide phone service to prisoners in Missouri’s state prisons, which stipulated that all calls with the exception of privileged communications would be monitored and recorded. However, according to data given to The Intercept, over 12,000 recordings of inmate-attorney conversations in Missouri were collected, stored, and eventually hacked.
The Intercept was given data that includes a minimum of 27 recordings of telephone conversations with lawyers in Austin, Texas from 2011 to 2013. This is especially important due to a federal civil rights trial that began in 2014 against Securus, a corporation that provides phone service to the county jails. The lawsuit is centered around the accusation that conversations with legal counsel are and have been recorded despite the agreement that says calls to identified attorneys are not to be recorded and any recordings that are made unintentionally are to be deleted when detected.
The Austin Lawyers Guild, four lawyers, and a prisoner advocacy group have filed a lawsuit claiming that privileged conversations between attorneys and inmates of the county jail have been monitored, stored, and accessed by prosecutors. According to the complaint, some prosecutors have handed over copies of recordings to defense attorneys as part of the discovery process, however, others have kept the recordings to themselves and used them to gain a “tactical advantage” in court without admitting that they had heard them. (None of the recordings given to The Intercept are related to the Austin attorneys mentioned in the suit.)
Austin attorneys argue that intruding into their conversations with clients weakens their capacity to represent them properly. Clients who cannot afford bail and must wait in jail while awaiting prosecution are particularly affected. Scott Smith, an Austin defense attorney, noticed an intern in the prosecutor’s office had been listening to part of a call he had with an imprisoned customer in the summer. He pointed out that it gives the state an unfair advantage in the adversarial legal process. “It’s like one team having a microphone in the huddle of the other team at the Superbowl,” Smith highlighted.
Securus is contesting the lawsuit, asserting that any interference with the attorney-client relationship would breach the Sixth Amendment. They assert that they have abided by their policy of not recording privileged conversations and that the tapes that are present are the result of the state voluntarily giving them to defense attorneys during discovery. Furthermore, the company claims that the plaintiffs have not proved any damage or harm due to the recordings. They said, “Plaintiffs have alleged that certain attorney-client calls have been shared with prosecutors, but they have been unable to show any damage or prejudice from this.”
Uncertainty looms over who is accountable for the taping of lawyer conversations. In areas such as Austin, the onus of offering phone numbers to prison authorities for them to add to a no-recording list lies with the lawyers or their customers. If these numbers are not supplied in a timely manner, then any unintended recordings become the fault of the attorney or the inmate. However, it is the duty of the government to record such numbers properly. And the secure maintenance of these is entirely up to Securus — particularly since they promote themselves as giving a service to do just that.
Martin Horn, a lecturer at John Jay College of Criminal Justice in New York, previously served as commissioner of the New York City Department of Correction and, before that, as secretary of corrections in Pennsylvania. He notes that RECORDING DETENTION CALLS IN BULK WASN’T ALWAYS THE CASE, but the practice really gained traction in the 1990s. This was due to the fact that there were many stories of inmates perpetrating crimes or continuing criminal operations while incarcerated, as well as advancements in telephone technology that made monitoring and storing call data feasible.
In the mid-1980s, AT&T provided inmate telephone services, which consisted of operator-assisted collect calls from pay phones. However, after the breakup of AT&T, the market became more competitive and less regulated, giving way to companies such as Securus (previously known as the Tele-Matic Corporation) to enter the market and offer advanced monitoring systems alongside equipment.
Horn currently deems call monitoring as a significant correctional technique. He maintained that during his years with the corrections organization, he was not informed of any recordings of conversations with legal counsel. However, he commented that if a privileged dialogue was eavesdropped on or recorded, it was not necessarily detrimental– “if one is tuning in to the discussion and recognizes that it is a privileged communication with an attorney, then the monitoring should be stopped,” he stated. “So, the fact that it was documented is regrettable, but not necessarily damaging.”
Furthermore, the hacked database also included logs of conversations between inmates and representatives of the judicial system, such as 75 contacts with the U.S. attorney’s office in Missouri.
The data given to The Intercept strongly indicates that the system’s surveillance capabilities transcend the original objectives. In 2012, a contract between Securus and the Illinois Department of Corrections illustrated the optional product Threads, which was labeled “one of the most powerful tools in the intelligence community.”
Securus has a dominant platform in the industry, with an estimated 1,700 facilities installed and over 850,000 inmates served. The company claims that it processes massive amounts of intelligence data and over a million calls daily. This data is integrated into Threads and could be accessed by both the [Department of Correction] and the [Department of Juvenile Justice].
At the present time, the figures are even greater. According to Securus’ website, their Threads database includes the contact details of more than 500,000 people who are not in prison plus info about 950,000 inmates from 1,900 prisons. Moreover, there are more than 100 million call records. The quantity of data sold to law enforcement and prison investigators “continues to rise daily.”
Adina Schwartz, a professor at John Jay College, has expressed concerns that the capacity to save audio recordings “forever, with no supervision” can lead to potential abuse. According to Schwartz, any criminal defense attorney who is not worried by this prospect is not doing their job properly.
The recordings of conversations between inmates and lawyers extend beyond those of defense attorneys. The hacked database also contains records of 75 calls between prisoners and prosecutors in a U.S. attorney’s office in Missouri. These are especially concerning since they may involve confidential conversations with witnesses who could be at risk if the particulars of their relationship with the government were made public.
Fathi noted that the attorney-client privilege is “the oldest privilege of confidentiality known in our legal system,” which means that defense attorneys cannot reveal, nor prosecutors use, any confidential details of the case. Despite this, keeping conversations between attorneys and their incarcerated clients confidential is quite difficult. According to experts, phone calls initiated from jails and prisons are recorded, so there is no expectation of privacy. Michael Cassidy, a professor of law at Boston College Law School, explained that if a client makes an out-of-prison call to an attorney, the attorney-client privilege may not be applicable. However, the Sixth Amendment right to counsel still applies, and so the government cannot interfere with it despite the lack of privilege. As such, monitoring, recording, or using information from attorney-client calls would be a violation of the Sixth Amendment.
The Secure Call Platform from Securus is an example of a prison calling system that is designed to log numbers which should not be stored. According to Cassidy, even though it is a technological issue, this system does not always work effectively.
Schwartz believes that logging attorney phone numbers is a sign that the government understands attorney-client privilege and must take steps to protect it. There is a lot of concern from attorneys when they discover that their conversations were recorded, as it threatens the basis of trust, which then affects the Sixth Amendment. To summarize, Schwartz posed the question: “How can you trust that it won’t happen again if you know it happened before?”
In Fathi’s view, the potential damage of the Securus data breach is clear. He shared, “Prisoners may now be uncertain if their conversations with their legal counsel are secure, which could essentially nullify the entire purpose of the attorney-client privilege – allowing individuals to be open and honest with their lawyer about their legal matters.”
Cassidy notes that even if there is proof of taped conversations, it is still hard to dispute the recordings. If a call was recorded due to a lack of a phone number on the do-not-record list, the state will not be held accountable, as the prisoner cannot demand damages or have their charges dropped (though the government must not hear or use the content). However, if it can be demonstrated that there is a recurring practice of recording such calls, the Sixth Amendment rights of numerous prisoners could be infringed upon, which could create more of an impact and potentially lead to systemwide reforms.
According to Fathi, there could be a constitutional issue with recording and storing non-attorney calls. He suggested that “prisoners and people on the outside who are talking to them still retain privacy rights”, and that even though they may be passively consenting to the monitoring of their calls for security reasons, it doesn’t mean they are consenting to all possible uses of the recordings. He believes that this could potentially be deemed “spectacularly overbroad” and therefore unconstitutional.
Scott Smith, an attorney in Austin, is firmly convinced that the recording of all phone calls in the U.S. jails should be prevented. It should be remembered that most of the prisoners in those places are still awaiting trials and haven’t been convicted of anything. If there are any inmates whose conversations must be monitored, that can be done using a less intrusive method, Smith argued. “The question of how much civil liberties should be given up in order to ensure safety is an age-old debate,” he said.
Fathi is of the opinion that the practice of logging detainee phone conversations should be curtailed. “It’s yet another example of the huge increase of the surveillance state. This is something that has been commented on in other circumstances, but if we take into account [over 70] million [calls], even if some of those are between the same people, that constitutes a big number of people, including non-detainees, whose privacy has been violated by a private business employed by the government,” he declared.
On November 12, 2015, an update was released.
After the release of this narrative, Securus sent a response in the form of an email that read as follows:
Securus is in close contact with law enforcement following media reports that inmate call records were leaked online. Though the inquiry remains active, the evidence so far seems to suggest that an individual with authorised access to certain records shared them inappropriately. We are committed to working with law enforcement to prosecute any persons found guilty of unlawfully disclosing information.
Data safety is of the utmost importance to the criminal justice organisations that we serve, and we have implemented stringent protocols to protect our data against digital and physical breaches.
It is crucial to note that there have been no indications of attorney-client calls that were taped without the knowledge or agreement of those involved. Our telephone systems have numerous safeguards in place to prevent such occurrences. Lawyers can register their numbers to be exempt from the usual recording. If they fail to do so, they will be alerted of the recording prior to the call, which they must actively accept.
We are collaborating with law enforcement and will provide updates as the investigation continues.
The work of Margot Williams and Joshua Thayer was the focus of a research project.
Before you go on your way, take a moment to think about this: If The Intercept didn’t exist, would the story you just read have been reported on by some other news source? Without The Intercept, who would make sure political elites are held to the standards they present? How many wars, injustices and tech advancements would be kept secret without the work of our journalists? Investigative reporting is not easy, cheap or profitable, but The Intercept is a non-profit organization and does not have ads, so we depend on our 35,000 and counting members to continue our mission. It’s easy to become a sustaining member with only $3-$5 a month, and that is all it takes to support the news you rely on.
Most Recent News
A photograph can be found at this website, which appears in a compressed and formatted manner with an image quality of 90%.
The widespread use of the internet has made it easier than ever for people to access information and communicate with one another. People can now obtain data and communicate with one another over the internet with relative ease. This has made it easier for people to stay connected, regardless of their physical location.
Leave a Reply