Hackers Steal 70M Prisoners Phone Calls, Exposing Private Inmate Lawyer Conversations
An anonymous hacker has published records of 70 million phone calls made by inmates within US prisons and jails, suggesting that attorney-client privilege has been routinely violated on a mass scale.
On Wednesday, The Intercept’s Jordan Smith and Micah Lee published a story saying tens of millions of recorded prisoners phone calls had been sent to them using SecureDrop, along with links to download the call contents. The data stolen apparently comes from Securus Technologies, a company that supply communication technology to US prisons and jails.
What’s even more shocking is at least 14,000 of calls included in the trove of data are between prisoners and lawyers. According to The Intercept, this “a strong indication that at least some of the recordings are likely confidential and privileged legal communications — calls that never should have been recorded in the first place.”
The actual numbers of phone calls between prisoners and attorneys could be far higher than estimated, due to the initial 14,000 coming from cross-checking the hacked calls with known landlines of lawyers, not even accounting for mobile numbers.
The entire point of attorney-client privilege is for the individuals being prosecuted to safely speak with a lawyer off-record, or not recorded by law enforcement. It is very hard to plan an effective legal strategy if the opposing client is on the other side listening word-for-word to what you’re saying.
During a handful of calls, Securus does warn “this call is from a correctional facility and may be monitored and recorded.” However, in states including Missouri and Texas, there have been alleged safeguards that Securus put in place to not record the attorney-client call or will delete them as soon as they take place. Despite promises, The Intercept says the hacked phone calls include call records from both states.
Texas-based Securus Technologies is a company that supplies communication technology to United States prisons and jails, including phones and other forms of technology. The company takes a cut of the cost it takes for inmates to use their products.
The Intercept has not released any information on the hacker, apart from stating they were able to gain access to the records, rather than an insider stealing information. The hacker allegedly hacked the company because “Securus is violating the constitutional rights of inmates.” What’s even more startling is the fact the hacker was able to breach the company and steal some 70 million calls, raising questions on the company’s security practices.
“This may be the most massive breach of the attorney-client privilege in modern U.S. history, and that’s certainly something to be concerned about,” said David Fathi, director of the ACLU’s National Prison Project. “A lot of prisoner rights are limited because of their conviction and incarceration, but their protection by the attorney-client privilege is not.”
Even more shocking, is this doesn’t appear to be the first time Securus supposedly impenetrable system have been hacked. According to documents supplied to The Intercept by a Texas attorney, the company’s systems were apparently breached last year in July 2014, when a third-party hacked three calls made by inmate Aaron Hernandez, presumably the former New England Patriots player who was awaiting trial for murdering a friend. In emails supplied, Securus employees discuss the breach, writing “OMG……..this is not good!”
Recordings obtained by the hacker didn’t stop at inmates and lawyers, they went as far as recorded calls between prisoners and prosecutors. This could pose problematic if conversations include cooperating witnesses who could be vulnerable if this private information got exposed.
Following The Intercept breaking the startling news, Securus published the following statement:
Securus is contacting law enforcement agencies in the investigation into media reports that inmate call records were leaked online. Although this investigation is ongoing, we have seen no evidence that records were shared as a result of a technology breach or hack into our systems. Instead, at this preliminary stage, evidence suggests that an individual or individuals with authorized access to a limited set of records may have used that access to inappropriately share those records.
We will fully support law enforcement in prosecution of any individuals found to have illegally shared information in this case. Data security is critically important to the law enforcement and criminal justice organizations that we serve, and we implement extensive measures to help ensure that all data is protected from both digital and physical breaches.
It is very important to note that we have found absolutely no evidence of attorney-client calls that were recorded without the knowledge and consent of those parties. Our calling systems include multiple safeguards to prevent this from occurring. Attorneys are able to register their numbers to exempt them from the recording that is standard for other inmate calls. Those attorneys who did not register their numbers would also hear a warning about recording prior to the beginning of each call, requiring active acceptance.
We are coordinating with law enforcement and we will provide updates as this investigation progresses.