Dallas-based Securus Technologies is one of the leading providers of phone services inside prisons across the nation. And now they could be responsible for what’s being reported as possibly “the most massive breach of the attorney-client privilege in modern U.S. history.”
Investigative website The Intercept is reporting the breach involves records from prisoner phone calls in 37 states, including Texas. The records were leaked by an anonymous hacker on the Intercept’s secure and anonymous contact site SecureDrop.
Reporter Jordan Smith helped break the story for The Intercept. She says the company had recorded and archived more at least 14,000 conversations between inmates and attorneys, in addition to tens of thousands of other calls. In total, over 70 million call records were provided to The Intercept.
”They are calls to everybody they would call: loved ones and attorneys,” Smith says. “That’s the problem. There’s a problem either way, because the attorney-client privilege being breached is a major issue. There’s constitutional protections that assure that you can have effective assistance of counsel and recording those calls breaches that.”
Companies like Securus are not supposed to be recording inmates’ calls, and they’re not supposed to be selling those recordings, Smith says.
“Even beyond that, there’s an issue of how much privacy you give up when you go to prison, or even if you go to jail overnight,” she says.
“The idea that that call has been stored out there in a space that’s obviously vulnerable, and then potentially can open it up to the public to hear, is a little bit disturbing. I don’t think that people necessarily assume that they’re gonna lose their right to privacy forever because they spent the night in jail.”
Securus contracts with county governments and state corrections departments to provide call monitoring. They’ve sold their service as a safety precaution to prevent prison breaks, witness intimidation issues, drug deals and people from generally continuing their criminal enterprises while incarcerated.
“That’s what it was sold as: this is a way to keep your facilities safe, this is a way to keep people on the outside safe,” Smith says. “It’s kind of morphed into a ‘collect everything’ situation, where they also do now sell that information… to law enforcement across jurisdictions saying ‘Hey, this can probably help you in your investigation.’”
The recordings include personal information like the name of the person making the call and the name of the person on the other end of the line. If you have authorized access to the Securus digital database, you can go click on a link and hear the entire conversation. Smith says this creates a breach in attorney-client privilege by the basic recording of the conversation, not to mention the issue of the record hack.
“[These conversations] are not supposed to be recorded,” Smith says. “Their system [is] able to not record several flagged numbers, and so essentially they shouldn’t have been recorded in the first place.”
For the investigation, Smith says she attempted to contact Securus for comment for months, with no response.
“I was trying to reach them,” she says. Then [Wednesday] night, after the story came out, they issued a brief statement saying not only that they don’t believe that they were hacked, they believe that there was somebody who had access and downloaded these calls.”
The following is an excerpt from a statement Securus emailed to The Intercept:
“It is very important to note that we have found absolutely no evidence of attorney-client calls that were recorded without the knowledge and consent of those parties. Our calling systems include multiple safeguards to prevent this from occurring. Attorneys are able to register their numbers to exempt them from the recording that is standard for other inmate calls. Those attorneys who did not register their numbers would also hear a warning about recording prior to the beginning of each call, requiring active acceptance.”
The company also said their recordings don’t breach attorney-client privilege. Smith says she’s not sure what that means in the long-run.
“To be honest with you, their statement at this point seems a little like they’re not that concerned, like they haven’t done anything wrong,” Smith says. “I don’t know how they could necessarily know that at this point, but I think people should be very concerned about that breach.”