A major security incident at a leading provider of phone services may prove to be the largest breach of attorney-client privilege in history. Securus Technologies provides phone services inside prisons and jails throughout the country. The Intercept has provided details of a massive information leak released by an unidentified hacker that believes the company has violated the constitutional rights of inmates. Representing a period between December 2011 and the spring of 2014, the trove includes the records of more than 70 million phone calls placed by prisoners in a minimum of 37 states. Additionally, various downloadable recordings of these calls have been made available.
The leaked data is described as containing the first and last names of prisoners, the phone numbers they called, the date, time, and duration of the calls, the Securus account numbers belonging to the inmates, and other information. This metadata was just the beginning, as each each phone call record includes a “recording URL” where the actual audio recordings of the calls can be downloaded.
More than 14,000 recorded conversations between inmates and their attorneys are now floating around on the Internet. These conversations are supposed to be of a privileged legal status, highly confidential, and possibly should not have been subjected to recording in the first place. In addition to capturing the conversations, the implications of storing the calls makes the incident a very significant legal matter that will likely run afoul of constitutional protections.
Big Promises, Big Business
Securus is the Dallas-based company that was the subject of this breach. It sells a product known as Secure Call Platform. For lack of a better term, the company has a captive market in the prison and jail system. With more than 1.2 million inmates in more than 2,200 facilities across the country, their systems process over one million calls daily. This has proven to be a very profitable line of business, as illustrated by the company’s 2014 revenue of $404 million.
Secure Call Platform is designed to monitor, records, and store the calls that are made by prisoners. It is marketed towards investigators and law enforcement as a means of solving crimes. The platform is also sold with the promise of superior technology, meaning the data is allegedly well-protected, and the management of call access is limited to those that are authorized. Apparently, the calls that are made from within the system are pre-empted by the type of message that indicates the calls might be monitored and recorded. There are supposed to be exemptions for certain kinds of calls, however, a regular practice of disregarding these notices have resulted in situations where the legality of calls made to attorneys have come into focus.
Not so Secure
The biggest problems for Securus are both the scope and duration of the information breach. 70 million prisoner phone call records is by, any standard, a significant data leak. Apparently, this was not the only recent hack of their systems. The article alludes to documents regarding an incident where someone in South Dakota accessed three calls that were likely made by the convicted murder and former New England Patriots, Aaron Hernandez. Communications records were a major part of the evidence in the prosecution’s case in Hernandez’s trial earlier this year. Sprint Telecommunications Record Custodian Ricardo Leal exposed the technical details of Hernandez’s cell phone texts on the night of the murders in question, placing him at various locations and times central to the crime.
The Securus matter echoes many of the issues that the public wrestles with in regards to privacy. Thanks to the Edward Snowden revelations and the constant stream of privacy information, many people have some knowledge that their own calls, internet, email, and personal information is collected and accessible by someone, somewhere. The question of whether that collection of information is vulnerable has now emerged as another element for the public to consider. Regardless of advanced notices, regardless of where the calls take place, such as a jail or on your own phone, any expectation of privacy should by now be completely eroded.
- Ring rolls out end-to-end encryption for video to all customers
- What is Signal? How to use the encrypted messaging app
- How to protect your smartphone from hackers and intruders
- Signal app tips and tricks
- How to secure your Alexa device