Attorney-Client Phone Calls Part of Massive Prison Phone System Hack
At least 14,000 recordings of attorney-client phone calls from jails and prisons across the country were leaked from a Dallas-based phone service provider, a year after a group of Austin lawyers sued the company for illegally recording privileged conversations.
The Intercept's November 11 report on the massive data breach is both excellent and scary: the outlet says it obtained "over 70 million records of phone calls" from a hacker who believes that Securus Technologies "is violating the constitutional rights of inmates."
Securus is a major player in what the story calls the $1.2 billion a year business of "prison and jail communications;" its website claims the company "serves more than 2,600 public safety, law enforcement, and corrections agencies" and over a million inmates across the continent. (The Texas Department of Criminal Justice's offender phone system is subcontracted to Securus, according to a TDCJ spokesman).
In response to the Intercept story, Securus issued a statement pledging its cooperation with law enforcement, and suggesting that the breach was an inside job. The company also claimed that "We have found absolutely no evidence of attorney-client calls that were recorded without the knowledge and consent of those parties."
Two organizations say otherwise: a group of defense attorneys called the Austin Lawyers Guild, along with a prisoner advocacy group called Prison Justice League, sued Securus in federal court in 2014, claiming that the company not only records attorney-client conversations, but turns them over to Travis County authorities, including prosecutors. The suit claims that prosecutors have disclosed the recordings to defense attorneys during discovery, and that other prosecutors have used information from the calls "to their tactical advantage."
The suit alleges that Travis county authorities and Securus management have known about the recording practices since early 2013, "but they did nothing to fix it."
Travis County officials denied "knowingly or intentionally" recording privileged calls, as well as "using such recordings for any improper purpose." Securus has sought dismissal of the suit on procedural grounds, while simultaneously arguing that not all attorney-client conversations are privileged, and that even if privileged calls were recorded, there's been no evidence that these recordings have harmed inmates' cases.
The company also claimed, in its November 11 statement, that its system contains safeguards to prevent the recording of privileged conversations, including an option for attorneys to "register their numbers to exempt them from the recording that is standard for other inmate calls."
According to The Intercept, the data breach includes calls placed between December 2011 and spring 2014 and proves the company has failed to measure up to its own promises on security. The report goes on to say:
The more than 70 million phone call records given to The Intercept include phone calls placed to nearly 1.3 million unique phone numbers by more than 63,000 inmates. The original data was contained in a 37-gigabyte file and scattered across hundreds of tables, similar to spreadsheets, which The Intercept merged into a single table containing 144 million records. A search for duplicates reduced this figure to more than 70 million records of individual phone calls.
Further number-crunching allegedly revealed that "Securus recorded more than 14,000 phone calls to at least 800 numbers that clearly belonged to attorneys." (The story suggests that the figure is "likely an underestimate").
As you might guess, the ACLU found the whole thing troubling. David Fathi, director of the group's National Prison Project, told The Intercept, "This may be the most massive breach of the attorney-client privilege in modern U.S. history."
More to chew on, from the story:
The blanket recording of detainee phone calls is a fairly recent phenomenon, the official purpose of which is to protect individuals both inside and outside the nation’s prisons and jails. The Securus hack offers a rare look at this little-considered form of mass surveillance of people behind bars — and of their loved ones on the outside — raising questions about its scope and practicality, as well as its dangers.
Frankly, this mashup of porous security and allegedly overreaching surveillance seems shocking enough to make the NSA blush. We highly recommend you read the Intercept story.