SHARE



ABOUT THE AUTHOR


Martha Buyer
Martha Buyer is an attorney whose practice is limited to the practice of telecommunications law. In this capacity, she has...
Read Full Bio >>
SHARE



Martha Buyer | December 15, 2016 |

 
   

Hacked Recordings Put Inmate Calling Systems on Trial

Hacked Recordings Put Inmate Calling Systems on Trial The twists and turns that occur in the telecom legal world are varied and fascinating.

The twists and turns that occur in the telecom legal world are varied and fascinating.

Most telecom litigation doesn't make for great cocktail party patter (and it is that season), but the case I read about last week is not only interesting, but appropriate for all audiences. Most importantly, it shines a bright light onto an oft-ignored regulatory realm for communications law junkies. Prepare to be captivated.

Aaron Hernandez was a member of the New England Patriots from 2010 through 2012. Over the course of his three-season career, he played in 38 games and had a total of 175 receptions for gain of 1,956 yards, 11.2 yards on average per reception. That's where the good news for him ends. In 2015, Hernandez was convicted in the 2013 shooting death of a friend in North Attleboro, Mass., and sentenced to life in prison without the possibility of parole. He is awaiting trial in another murder, reportedly the result of a 2012 drive-by shooting that occurred because Hernandez believed he had been disrespected by a patron in a Boston nightclub.

In 2016, Hernandez sued inmate calling provider Securus Technologies, claiming that the company's records had been hacked and three of his phone conversations exposed. Apparently, however, none of the hacked Hernandez calls were with his attorneys, and as an incarcerated person, he has no expectation of privacy on any calls but those made to or received from his attorneys. Much more troublesome is the hack and exposure of the contents of Securus call recordings between other clients and their attorneys.

First, a bit of a primer on the inmate call hacking problem, which was initially published by The Intercept, an online publication started in 2014 by First Look Media, the news organization created and funded by eBay founder Pierre Omidyar. In its own words, the publication is a platform to report on the documents released by Edward Snowden in the short term, and to "produce aggressive, adversarial journalism across a wide range of issues" in the long term. The original piece on the Securus security breach ran in November 2015. The article made public that an anonymous hacker believed Securus's operations violated the constitutional rights of inmates, and leaked via SecureDrop not only information covering more than 70 million records of phone calls made from prisoners to others located in 37 states, but included at least 14,000 actual recordings of calls between inmates and attorneys.

This breach has created a number of problems for Securus, not to mention those imprisoned customers whose attorney-client privileges were breached in clear violation of the law. Recording of inmate calls is a relatively recent thing, as prisons seek to find new ways to monitor who's saying what to whom. Certainly, prisoners are made aware that calls may be recorded and monitored. However, calls between attorneys and clients have always been sacrosanct, with attorneys registering their phone numbers so that the system provider can -- should -- block recording of such calls.

Compounding the number identification issue is that attorneys often call prisoners on mobile devices that may not be registered with the prison's phone system, thus not triggering the "no recording" obligations. This particular problem is not limited to Securus, and creates challenges for its competitors as well. But no other provider has been hacked with its records breached in such a significant -- and harmful -- way. As a provider, Securus has claimed that it meets high standards for the security of its information. For the past year, however, Securus has been aware of its exposure. Nonetheless, it's still selling systems.

Providers of inmate calling systems have long imposed costly user fees, making calls from prisoners to the outside world ridiculously expensive. Within the past few months, the FCC has taken action to cap most per-minute call fees, but litigation brought by the providers of these systems has put the newly proposed caps on hold. Instead, and until the courts can find an equitable solution, current price caps apply only to interstate long-distance calls -- rates for neither in-state long distance nor local calls are protected from price gouging. The rates are 21 cents a minute for debit/prepaid interstate calls, and 25 cents a minute for interstate collect calls. Since the average cost/minute for non-operator assistance calls is less than 20% of these rates, everyone except the vendors of these services, along with the facilities that receive revenue streams used to fund other programs on the backs of those people making calls, look forward to the day when rates are capped at reasonable rates across the board.

The bottom line is this. Making calls into and out of correctional facilities is not only costly, but despite strong claims to the contrary, vendors of these services are vulnerable if the records they claim to be secured from outside access are hacked and accessed. Although prisoners do not have a guaranteed right to privacy, they are guaranteed an absolute attorney-client privilege, which has been clearly violated with this massive breach on two levels. First, attorney calls should never be recorded. Period. Secondly, if they are illegally recorded, and if confidential communication between attorneys and clients is no longer confidential, the service providers that have sold their systems as meeting required standards have failed miserably, which will result in significant costs to inmates, correctional facilities, attorneys, and the judicial process as a whole.

As for Aaron Hernandez, he's got much bigger problems than the fact that three of his calls -- none to his legal representatives -- were hacked and the contents of those calls accessed. However, to his credit, his lawsuit against Securus, which was moved to federal court in Massachusetts in November, should serve to draw additional attention to the vulnerabilities of inmate call recordings.





COMMENTS



May 31, 2017

In the days of old, people in suits used to meet at a boardroom table to update each other on their work. Including a remote colleague meant setting a conference phone on the table for in-person pa

April 19, 2017

Now more than ever, enterprise contact centers have a unique opportunity to lead the way towards complete, digital transformation. Moving your contact center to the cloud is a starting point, quick

April 5, 2017

Its no secret that the cloud offers significant benefits to enterprises - including cost reduction, scalability, higher efficiency, and more flexibility. If your phone system and contact center are

May 24, 2017
Mark Winther, head of IDC's global telecom consulting practice, gives us his take on how CPaaS providers evolve beyond the basic building blocks and address maturing enterprise needs.
May 18, 2017
Diane Myers, senior research director at IHS Markit, walks us through her 2017 UC-as-a-service report... and shares what might be to come in 2018.
April 28, 2017
Change isn't easy, but it is necessary. Tune in for advice and perspective from Zeus Kerravala, co-author of a "Digital Transformation for Dummies" special edition.
April 20, 2017
Robin Gareiss, president of Nemertes Research, shares insight gleaned from the firm's 12th annual UCC Total Cost of Operations study.
March 23, 2017
Tim Banting, of Current Analysis, gives us a peek into what the next three years will bring in advance of his Enterprise Connect session exploring the question: Will there be a new model for enterpris....
March 15, 2017
Andrew Prokop, communications evangelist with Arrow Systems Integration, discusses the evolving role of the all-important session border controller.
March 9, 2017
Organizer Alan Quayle gives us the lowdown on programmable communications and all you need to know about participating in this pre-Enterprise Connect hackathon.
March 3, 2017
From protecting against new vulnerabilities to keeping security assessments up to date, security consultant Mark Collier shares tips on how best to protect your UC systems.
February 24, 2017
UC analyst Blair Pleasant sorts through the myriad cloud architectural models underlying UCaaS and CCaaS offerings, and explains why knowing the differences matter.
February 17, 2017
From the most basics of basics to the hidden gotchas, UC consultant Melissa Swartz helps demystify the complex world of SIP trunking.
February 7, 2017
UC&C consultant Kevin Kieller, a partner at enableUC, shares pointers for making the right architectural choices for your Skype for Business deployment.
February 1, 2017
Elka Popova, a Frost & Sullivan program director, shares a status report on the UCaaS market today and offers her perspective on what large enterprises need before committing to UC in the cloud.
January 26, 2017
Andrew Davis, co-founder of Wainhouse Research and chair of the Video track at Enterprise Connect 2017, sorts through the myriad cloud video service options and shares how to tell if your choice is en....
January 23, 2017
Sheila McGee-Smith, Contact Center/Customer Experience track chair for Enterprise Connect 2017, tells us what we need to know about the role cloud software is playing in contact centers today.