Hacked Data Obtained By The Intercept Highlights Wholesale Spying On Inmate, Attorney Privileged Communications

from the institutional-apathy dept

A few months ago the FCC voted to crack down on the ripping off of inmates and their families by prison telecom companies, which for decades now have charged upwards of $14 per minute for services that cost little to nothing to provide. At the time, prison telecom companies like Securus complained hysterically about the FCC's decision, CEO Richard Smith declaring the new price caps would have a "devastating effect" on its business, potentially ending its participation in "services and continuing inmate related programs."

According to a massive new trove of data obtained by the Intercept, one of the "services" Securus was apparently providing was of the wholesale spying variety. Hacker-obtained data examined by The Intercept includes 70 million records of phone calls (and recordings of the phone calls themselves), placed by prisoners in at least 37 different states over a two-and-a-half year period. Of particular note are the estimated 14,000 recordings of privileged conversations between inmates and their lawyers:
"This may be the most massive breach of the attorney-client privilege in modern U.S. history, and that’s certainly something to be concerned about,” said David Fathi, director of the ACLU’s National Prison Project. “A lot of prisoner rights are limited because of their conviction and incarceration, but their protection by the attorney-client privilege is not."
Securus alone provides telecom services and "secure" storage of communications for 2,200 prisons around the United States, processing a million or so calls each day. Securus and other such companies serve a relatively captive and unregulated market, where prisons are paid upwards of $460 million annually in "concession fees" (read: kickbacks) to win exclusive telecom-related prison contracts. Part of Securus' pitch to prisons is that it will offer cutting edge secure storage for these communications, though the Intercept notes this latest hack wasn't the first.

Prisoners obviously don't expect the full historical right to privacy; indeed Securus makes sure to include a message warning inmates that "this call is from a correctional facility and may be monitored and recorded" at the beginning of each call. Waivers of rights and the monitoring and securing of phone communications was originally pushed as a way to prevent riots, witness tampering and generally secure the prison back in the 90s. But as the Intercept points out, that doesn't make the long-term storage of this data any less problematic, and securing the facility certainly shouldn't include recording secure communications between inmates and their lawyers. A behavior, it should be noted, Securus itself claimed it didn't do:
"A review of contracts and proposals completed by Securus in a handful of states reflects the company’s understanding of this right. In a 2011 bid to provide phone service to inmates in Missouri’s state prisons, Securus promised that each “call will be recorded and monitored, with the exception of privileged calls.” But the database provided to The Intercept shows that over 12,000 recordings of inmate-attorney communications, placed to attorneys in Missouri, were collected, stored, and ultimately hacked."
The Intercept's findings are particularly problematic for Securus, since the company is the target of a federal civil rights suit filed in Texas in 2014. That suit, by the Austin Lawyers Guild and a prisoners' advocacy group, alleges that Securus had been recording privileged conversations, and that intrusion into this communications (and the prosecutors' failure to disclose this information during discovery) undermines the legal ability to defend them. This despite Securus contracts explicitly stating that phone calls "to telephone numbers known to belong [to] attorneys are NOT recorded," and that "if any call to an attorney is inadvertently recorded, the recording is destroyed as soon as it is discovered." Or not.

The Intercept's latest findings not only stumble into yet another expansion of our wholesale surveillance state, but exemplify the kind of apathy about the prison industrial complex that allowed Securus to aggressively rip off inmates and families in the first place. "They're in prison so they deserve it" is a common refrain from the apathetic to the rights trampling of the guilty, the innocent, and the millions of Americans serving massive prison sentences for relatively innocuous marijuana offenses. On a positive note the Intercept's latest leak was courtesy of The Intercept's Tor-enabled SecureDrop platform, another sign we're (hopefully) moving past the Assange middleman era into one where the traditional media -- with a little help -- actually does its job.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    avideogameplayer, 11 Nov 2015 @ 12:22pm

    I wonder how much info is passed to DAs...

    And how many people get nailed for it...

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 11 Nov 2015 @ 1:18pm

    A technically accurate statement

    "if any call to an attorney is inadvertently recorded, the recording is destroyed as soon as it is discovered."

    While technically accurate, it would be even more accurate to append . . .

    ". . . as soon as it is discovered that we might get into trouble for this."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Nov 2015 @ 2:01pm

    The Intercept's Tor-enabled SecureDrop platform

    Just wondering, but was Tor ever patched after the FBI's famous Silk Road hack that lead to the subsequent massive bust of that online drug bazaar?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Nov 2015 @ 3:18pm

      Re: The Intercept's Tor-enabled SecureDrop platform

      Tor is patched all the time, and there's a redesign of hidden services being worked on. But do we have any evidence the FBI broke Tor? They claim a misconfigured server revealed itself (although some suspect it's parallel construction).

      The FBI did plant a JavaScript exploit on the Tor Mail servers (not affiliated with the Tor project). The Tor Browser Bundle and Tails projects have patched the bug—in Firefox, not Tor—and there have been some ideas on ways to mitigate such attacks. I'd say turning JavaScript off is a good idea, even when not using Tor.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 11 Nov 2015 @ 5:58pm

        Re: Re: The Intercept's Tor-enabled SecureDrop platform

        There is no evidence that Tor has been fundamentally broken. However, there has been a cat-and-mouse game with Tor from the very start, and weaknesses are periodically found and fixed.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Nov 2015 @ 3:03pm

    "Secure"

    Securus alone provides telecom services and "secure" storage of communications for 2,200 prisons around the United States
    Come on, I'm sure they were following "best practices" (which is to say that their security is about as bad as anyone else's).

    reply to this | link to this | view in chronology ]

  • icon
    art guerrilla (profile), 11 Nov 2015 @ 6:21pm

    i get your point...

    ...but technically, replacing one 'gatekeeper' (assange) with another 'gatekeeper' (the intercept) is not exactly lessening the degrees of separation from us sheeple to the whistleblowers...
    THAT would be if the whistleblower just PUT IT ALL OUT THERE, *blap*: no filters, no amelioration, no redacting, no protecting bullshit national sekurity reasons, etc...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Nov 2015 @ 2:55am

      Re: i get your point...

      The Intercept is also a bit more... image-conscious than Wikileaks. Remember when they reported that an undisclosed country was having 100% of it's telephony stored but wouldn't disclose which one (and then Wikileaks confirmed it was Afghanistan)? The Intercept does do some truly excellent reporting, but they have some limitations that Wikileaks do not.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Nov 2015 @ 3:51am

      Re: i get your point...

      good idea,

      if every hacked database with important private information will be thrown to the open web

      the sheeple could start to get scared of their data

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Nov 2015 @ 6:50pm

    Every time I accept a call from a inmate in prison on my cellphone, the GPS icon on my phone starts flashing. That's what you call guilt by association. I know a convicted person, therefore I must be engaged in illegal activity too and warrentlessly GPS tracked through E911 features built into my phone.

    I admit, there was a recording a few years ago from the local jail stating that by pressing 1 and accepting this call, I was "voluntarily" submitting to location tracking.

    That was years ago. It appears if you give consent once, that means you're giving consent to be location tracked for life.

    reply to this | link to this | view in chronology ]

  • icon
    Whatever (profile), 11 Nov 2015 @ 9:54pm

    Not so simple

    Here's the problem with the story: There is no indication (not even the slightest) that shows that any client attorney priviledge was actually violated. Yes, the calls are records - all calls are recorded. The question unanswered and avoided here is how they handle those particular calls after they are recorded.

    Remember, this is an automated system. I doubt they have hundreds or thousands of live operators sitting listening to every call as it happens and pushing the big "lawyer call" button to delete it. It's way more likely that most calls are filed and never listened to at all, one way or another, and that calls are only actually listened to be a human if there is a specific request made through whatever process. At that point, they can weed out the lawyer calls as needed.

    So hacking (against the law, you know) to get raw phone recordings isn't exactly telling. In fact, it's quite the opposite, suggesting the HACKERS may have violated the privileged communications. Oh, that would sting, wouldn't it?

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 12 Nov 2015 @ 6:36am

      Re: Not so simple

      The calls should not be recorded. Period. Eben if they were not used there's nothing preventing them from being used in the future. Of course, in your rosy land where everybody is happy and nobody is a tyrant you may be right.

      So hacking (against the law, you know) to get raw phone recordings isn't exactly telling. In fact, it's quite the opposite, suggesting the HACKERS may have violated the privileged communications. Oh, that would sting, wouldn't it?

      You may be right but it's yet more evidence these stored records should NOT exist. What if an interested party in the process (ie: the Government) decided to hack into the company and get said recordings? "Hey, look over there, something else!" does not help solve the issue. But it wouldn't be you if you didn't try it, no?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Nov 2015 @ 6:36am

      Re: Not so simple

      Yeah, nothing to see here folks - move along.

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 12 Nov 2015 @ 8:42am

      Re: Not so simple

      According to the company, they determine which calls are exempt based on the phone number involved. That's entirely automatable and can avoid recording the call at all. No later review is necessary (and there'd be nothing to review.)

      The company also says that the attorneys have to proactively inform them that they're attorneys and their phone numbers. It's possible that the recorded calls were with attorneys who failed to do this, I don't know.

      But even if there is no serious violation here, the outright financial abuse the company is engaging in is despicable.

      reply to this | link to this | view in chronology ]

  • identicon
    US Citizen Born and Raised, 12 Nov 2015 @ 9:42am

    Tel Comms Stop

    CEO Richard Smith declaring the new price caps would have a "devastating effect" on its business, potentially ending its participation in "services and continuing inmate related programs."

    GOOD!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Nov 2015 @ 6:58pm

    for profit prisons spying on private calls that could have the potential to send other people involved to prison. How on earth could they possibly profit by colluding with corrupt courts to send more people to prison using information that is obtained illegaly.

    almost as if the justice system is more criminalized than the criminals they fight.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.