GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
Concerns about civil liberty violations are spreading after an unidentified hacker recently breached Securus Technologies and released the audio of an estimated 70 million phone conversations of USA prisoners -including communications between attorneys and their clients. “It is very important to note that we have found absolutely no evidence of attorney-client calls that were recorded without the knowledge and consent of those parties”, the firm said. Each call record included a link to a downloadable recording of the call. However, it is common practice to monitor prisoner phone calls for the objective of protecting individuals working in the prisons as well as those on the outside. Securus had been previously breached in 2014, the publication additionally revealed, “when someone hacked three calls made by an inmate named Aaron Hernandez, presumably the former player for the New England Patriots, who was awaiting trial for [allegedly] killing a friend”. It’s not the first indication that Securus may have been recording calls with attorneys. In a statement to the press, Securus Technologies officials say the company found no evidence of a hack, claiming its more likely someone with authorized access leaked the records. The cache of phone records was leaked via SecureDrop by an anonymous hacker. “Securus could have built an amazingly secure platform, but poor IT operations processes around that may have exposed it to exploits”, he said. While there have been complaints about Securus in the past recording attorney-client calls, the company says these calls were all recorded with permission. However, the Sixth Amendment grants inmates the right to speak freely and honestly with their attorneys, and so calls between them aren’t supposed to be recorded. “Our calling systems include multiple safeguards to prevent this from occurring”. “It’s kind of morphed into a “collect everything” situation, where they also do now sell that information…to law enforcement across jurisdictions saying ‘Hey, this can probably help you in your investigation'”. The suit claims that prosecutors have disclosed the recordings to defense attorneys during discovery, and that other prosecutors have used information from the calls “to their tactical advantage”. “Those attorneys who did not register their numbers would also hear a warning about recording prior to the beginning of each call, requiring active acceptance”. Tim Erlin director of IT security and risk strategy for advanced threat detection firm Tripwire, told us he doesn’t know exactly how this data was taken, but it’s clear that there was a weakness somewhere. According to The Intercept, the data breach includes calls placed between December 2011 and spring 2014 and proves the company has failed to measure up to its own promises on security. “Quite often in these cases the storing of this data is governed by general rules to protect data as a whole and sadly not all data is equal”, said James. “Some data needs to be protected differently than others, the data is now “in the wild” and nothing can be done about that”. “In these circumstances access to this data could have massive repercussions due to the nature of the content and it should have been better protected”.