Hacker Breaches Database of 70 Million Prisoner Phone Calls
Gregory Alan Bolcer stashed this in Security
This could end up changing the law.
According to data and details provided by the hacker, Securus had improperly stored 144 million phone calls on its server. After removing some of the duplicate data, the actual number was narrowed down to 70 million calls, made to 1.3 million phone numbers, by more than 63,000 inmates in 37 US states.
The whole data amounted to 37 GB, consisted of calls made from December 2011 to the spring of 2014, and the hacker also claims that accessing it wasn't all that difficult.
Out of all these calls, over 14,000 seemed to be private calls made between prisoners and their attorney. The US guarantees client-attorney privilege by law, which Securus broke by recording the conversation.
The data breach has huge legal ramifications.
Logging prison phone calls is not prohibited in the US since inmates have a series of public and private rights revoked when they are convicted.
This recent case is going to have many legal ramifications as there are no procedures in place to let prison administrations know when an inmate is making a private call or when calling the attorney. While the client-attorney law violation is clear, Securus may have a loophole that it could exploit to escape without a fine.
If privacy groups sue, and they will surely do, the case can be a cornerstone in US law, and help launch a restructuring of the entire prison phone call logging system.
Yes, this is a huge story with all sorts of crazy implications. What if the security vendor was actually collecting the calls intentionally for national security purposes? What if there actually is a loophole that you can drive a truck through and the company is actually on the right side of the law, and the hacking is just unfortunate? I'm all for not giving felons the ability to run criminal enterprises inside of prison. The world is ripe with people running terror cells from their cell, http://www.nbcnews.com/id/7140883/ns/nbc_nightly_news_with_brian_williams-nbc_news_investigates/t/jihad-letters-prison-went-far-wide/
or lawyers helping their clients illegally in ways that breach their privilege http://michellemalkin.com/2013/04/10/no-tears-for-lynne-stewart/ , not to mention prisons actually have a right to monitor communications to prevent riots and escapees. http://www.jihadwatch.org/2007/04/australian-super-max-jihadists-were-plotting-escape
I don't think too many people will shed a tear for the prisoner's and attorneys whose rights were violated, but still it's a bizarre, unique situation. I think we'll only see more of these types of leaks going forward.
Geez I had no idea people could run such huge operations from within prison.
I'm not even sure what the policy should be. Hopefully this situation brings public debate.
That's not even scratching the surface either. Gangs and Los Angeles prisons are completely overrun. http://www.theatlantic.com/magazine/archive/2014/10/how-gangs-took-over-prisons/379330/
I'm all for completely monitored communications or even no communications at all. They have technology where they can detect any radio signal within the walls, but even with that, Charles Manson was even able to get a cell phone in his cell.
They're claiming it's a rogue employee now, not a hacker, who provided it to The Intercept using their SecureDrop tattling site. http://www.ibtimes.com/securus-technologies-rogue-employee-not-hacker-exposed-70-million-inmate-calls-2181819
I think a lot of "hacks" involve rogue employees and/or social engineering.