Company That Handles Prison Phone Calls Is Surveilling People Who Aren鈥檛 in Prison
Securus, one of the country鈥檚 largest providers of phone services to incarcerated people, is known for its shady, cruel, and sometimes illegal business practices. It has charged for prisoners鈥 calls, limited family and friends to with incarcerated loved ones, and violated attorney-client privilege by .
This week, Sen. Ron Wyden (D-Ore.) revealed even more troubling practices that undermine the privacy and civil liberties of millions upon millions of Americans. In letters made public on Friday demanding action from the and several major , Wyden described Securus鈥 ability to obtain and share the cell phone location information of virtually anyone who uses a phone.
The letters report that Securus provides correctional facilities with the ability to access real-time location data for virtually any individual in the country 鈥 without making sure that officials have obtained a warrant or proper consent.
Undermining Safeguards Against Warrantless Cell Phone Tracking
Securus provides what it calls 鈥溾 to its government clients 鈥 typically jails, prisons, and related entities. It appears to be doing so in a manner that may violate federal law.
As described in one Securus , the company provides the ability to track 鈥渢he location of a suspect鈥檚 cell phone, in real time, regardless of whether a call is in process.鈥 Securus鈥 materials state that at the request of law enforcement officials, this service has been used to successfully track criminal suspects, people of interest, and even Alzheimer鈥檚 patients. But Securus鈥 system lacks safeguards against illegal tracking.
Real-time cell phone location tracking of a suspect requires a search warrant under federal law and, as some courts have held, the Fourth Amendment. Normally, when police want to track a suspect鈥檚 cell phone in real time, they provide a warrant directly to the phone service provider, which reviews the warrant to confirm that it is valid before complying with the request. The major cellular service providers have law enforcement compliance teams comprised of trained staff who review warrants and other law enforcement requests and regularly reject or narrow requests that are improper or overbroad.
However, major phone carriers appear to have allowed Securus to bypass these procedures. Government investigators contracting with the company upload documentation justifying a request for cell phone location data to Securus鈥 system. Securus, functioning as a middleman, pays other middlemen, who then pay major telecommunications carriers for the location information.
Securus representatives told Sen. Wyden鈥檚 office that the company doesn鈥檛 actually confirm that the uploaded file is a valid warrant 鈥 or a warrant at all. Instead, of its online portal show that the company simply requires the investigator to check a box to 鈥渃ertify the attached document is an official document giving permission to look up the location on this phone number requested.鈥 The investigator 鈥渢hen inputs the cellular number that is to be tracked and within seconds, the approximate location of the cell phone will be displayed on a graphical map of the area.鈥
That system is ripe for abuse. And as the reports, it was indeed abused as early as 2014, by a Missouri sheriff who, without valid warrants, used it to track the cell phones of a judge and police officers with the state highway patrol.
That sheriff is now facing state and federal criminal charges and a civil suit by highway patrol officers. But Securus may be in legal jeopardy as well, for violating a that prohibits making false representations to a phone company to obtain confidential customer records. That鈥檚 because Securus appears to be claiming that the requests are based on a valid warrant, without confirming that is the case. Alternately, as suggested in the above image from Securus鈥 system and the New York Times鈥 reporting, the company may be falsely claiming that location requests are justified by phone users鈥 consent.
Major telecommunications carriers who ultimately facilitate these abuses also deserve blame. In cases where phone companies provide location information, they have a responsibility to ensure that it is only disclosed in appropriate circumstances. It seems highly unlikely that the phone companies are able to confirm 鈥渨ithin seconds鈥 that the uploaded documents are indeed valid warrants. This abdication of their responsibility leaves them potentially liable for violating a multitude of laws, including those that prohibit disclosure of customer records to law enforcement without appropriate legal process.
Exploiting Prisoners and Their Families
It鈥檚 bad enough that Securus, with the assistance of major telecommunications carriers, has established this backdoor to private data held by telecommunications companies. But the company鈥檚 own documents reveal that they also appear to offer additional 鈥渓ocation based services鈥 that exploit incarcerated individuals and their families.
When a person incarcerated in a jail or prison that contracts with Securus makes a call to a cell phone on the outside, Securus is able to obtain the location of that cell phone from the cellular service provider. It then provides that location data to the jail or prison for its unrestricted use. Securus purports to obtain authorization and consent by playing a prerecorded message at the start of a prisoner鈥檚 call that tells the person on the other end that their location information will be collected. It then prompts the person to press 鈥1鈥 to accept the call.
For a spouse or child of an incarcerated person, the 鈥渃hoice鈥 between forgoing contact with a loved one or being tracked by Securus is no choice at all. And that tracking falls disproportionately on people of color and poor people, who are most likely to have a loved one locked up. It may also affect attorneys, who have an ethical duty to take their clients鈥 calls.
Securus is funding this service by tacking a onto prisoners鈥 already inflated phone bills. That fee is whether or not the location tracking capability is actually used for any particular call.
As we鈥檝e argued at the U.S. Supreme Court and elsewhere, cell phone location information is highly sensitive because of what it can reveal about people鈥檚 activities and associations. Federal law prohibits service providers from releasing their customers鈥 cell phone location information without the 鈥溾 of the customer or a valid court order. Nevertheless, Securus鈥 practices functionally deprive individuals of the privacy protections that these laws were designed to create.
What鈥檚 next?
Major phone carriers, the FCC, state attorneys general, and individual correctional facilities must take steps to remedy these exploitative practices.
The phone carriers must take full responsibility for their role in facilitating 鈥 and profiting from 鈥 Securus鈥 exploitative services. They should immediately terminate any contracts that allow Securus or companies that provide similar services to access location information. The phone carriers should also get to the bottom of how Securus was allowed to obtain this data in the first place. They should ensure that all law enforcement requests for location data are submitted to and vetted by them directly and information is only disclosed in other circumstances when appropriate.
In the meantime, customers have a right to know if their information was improperly disclosed. Phone companies should immediately notify any individuals whose information was improperly shared by Securus and develop transparency mechanisms that allow individuals to easily see who else may have been given access to their data.
The FCC should also immediately investigate Securus and any companies that provide similar services. It should make clear that this conduct, which essentially coerces individuals into 鈥渃onsenting鈥 to location tracking or other surveillance, and which fails to confirm the validity of search warrants before tracking people鈥檚 cell phones, raises serious questions under existing federal law and must be halted. Additionally, they must take steps to ensure that telecommunications providers themselves adequately safeguard data from this type of abuse.
At the same time, state attorneys general should examine Securus and major telecommunications companies to determine whether they are in violation of state privacy laws. While these inquiries are ongoing, facilities should halt their Securus contracts, and ensure that individuals contacting incarcerated loves ones are provided a realistic way to opt out of location surveillance.
We applaud Sen. Wyden for bringing these practices out of the shadows and hope that real reforms follow quickly.