Hacked Recordings Put Inmate Calling Systems on Trial
Most telecom litigation doesn't make for great cocktail party patter (and it is that season), but the case I read about last week is not only interesting, but appropriate for all audiences. Most importantly, it shines a bright light onto an oft-ignored regulatory realm for communications law junkies. Prepare to be captivated.
Aaron Hernandez was a member of the New England Patriots from 2010 through 2012. Over the course of his three-season career, he played in 38 games and had a total of 175 receptions for gain of 1,956 yards, 11.2 yards on average per reception. That's where the good news for him ends. In 2015, Hernandez was convicted in the 2013 shooting death of a friend in North Attleboro, Mass., and sentenced to life in prison without the possibility of parole. He is awaiting trial in another murder, reportedly the result of a 2012 drive-by shooting that occurred because Hernandez believed he had been disrespected by a patron in a Boston nightclub.
In 2016, Hernandez sued inmate calling provider Securus Technologies, claiming that the company's records had been hacked and three of his phone conversations exposed. Apparently, however, none of the hacked Hernandez calls were with his attorneys, and as an incarcerated person, he has no expectation of privacy on any calls but those made to or received from his attorneys. Much more troublesome is the hack and exposure of the contents of Securus call recordings between other clients and their attorneys.
First, a bit of a primer on the inmate call hacking problem, which was initially published by The Intercept, an online publication started in 2014 by First Look Media, the news organization created and funded by eBay founder Pierre Omidyar. In its own words, the publication is a platform to report on the documents released by Edward Snowden in the short term, and to "produce aggressive, adversarial journalism across a wide range of issues" in the long term. The original piece on the Securus security breach ran in November 2015. The article made public that an anonymous hacker believed Securus's operations violated the constitutional rights of inmates, and leaked via SecureDrop not only information covering more than 70 million records of phone calls made from prisoners to others located in 37 states, but included at least 14,000 actual recordings of calls between inmates and attorneys.
This breach has created a number of problems for Securus, not to mention those imprisoned customers whose attorney-client privileges were breached in clear violation of the law. Recording of inmate calls is a relatively recent thing, as prisons seek to find new ways to monitor who's saying what to whom. Certainly, prisoners are made aware that calls may be recorded and monitored. However, calls between attorneys and clients have always been sacrosanct, with attorneys registering their phone numbers so that the system provider can -- should -- block recording of such calls.
Compounding the number identification issue is that attorneys often call prisoners on mobile devices that may not be registered with the prison's phone system, thus not triggering the "no recording" obligations. This particular problem is not limited to Securus, and creates challenges for its competitors as well. But no other provider has been hacked with its records breached in such a significant -- and harmful -- way. As a provider, Securus has claimed that it meets high standards for the security of its information. For the past year, however, Securus has been aware of its exposure. Nonetheless, it's still selling systems.
Providers of inmate calling systems have long imposed costly user fees, making calls from prisoners to the outside world ridiculously expensive. Within the past few months, the FCC has taken action to cap most per-minute call fees, but litigation brought by the providers of these systems has put the newly proposed caps on hold. Instead, and until the courts can find an equitable solution, current price caps apply only to interstate long-distance calls -- rates for neither in-state long distance nor local calls are protected from price gouging. The rates are 21 cents a minute for debit/prepaid interstate calls, and 25 cents a minute for interstate collect calls. Since the average cost/minute for non-operator assistance calls is less than 20% of these rates, everyone except the vendors of these services, along with the facilities that receive revenue streams used to fund other programs on the backs of those people making calls, look forward to the day when rates are capped at reasonable rates across the board.
The bottom line is this. Making calls into and out of correctional facilities is not only costly, but despite strong claims to the contrary, vendors of these services are vulnerable if the records they claim to be secured from outside access are hacked and accessed. Although prisoners do not have a guaranteed right to privacy, they are guaranteed an absolute attorney-client privilege, which has been clearly violated with this massive breach on two levels. First, attorney calls should never be recorded. Period. Secondly, if they are illegally recorded, and if confidential communication between attorneys and clients is no longer confidential, the service providers that have sold their systems as meeting required standards have failed miserably, which will result in significant costs to inmates, correctional facilities, attorneys, and the judicial process as a whole.
As for Aaron Hernandez, he's got much bigger problems than the fact that three of his calls -- none to his legal representatives -- were hacked and the contents of those calls accessed. However, to his credit, his lawsuit against Securus, which was moved to federal court in Massachusetts in November, should serve to draw additional attention to the vulnerabilities of inmate call recordings.