Neema Singh Guliani, ACLU Legislative Counsel & Nathan Freed Wessler, Staff Attorney, ACLU Speech, Privacy, and Technology Project

Securus, one of the country’s largest providers of phone services to incarcerated people, is known for its shady, cruel, and sometimes illegal business practices. It has charged exorbitant rates for prisoners’ calls, limited family and friends to video-only “visits” with incarcerated loved ones, and violated attorney-client privilege by recording phone calls between prisoners and their attorneys

This week, Sen. Ron Wyden (D-Ore.) revealed even more troubling practices that undermine the privacy and civil liberties of millions upon millions of Americans. In letters made public on Friday demanding action from the Federal Communications Commission and several major telecommunications companies, Wyden described Securus’ ability to obtain and share the cell phone location information of virtually anyone who uses a phone. 

The letters report that Securus provides correctional facilities with the ability to access real-time location data for virtually any individual in the country — without making sure that officials have obtained a warrant or proper consent. 

Undermining Safeguards Against Warrantless Cell Phone Tracking

Securus provides what it calls “location based services” to its government clients — typically jails, prisons, and related entities. It appears to be doing so in a manner that may violate federal law. 

As described in one Securus document, the company provides the ability to track “the location of a suspect’s cell phone, in real time, regardless of whether a call is in process.” Securus’ materials state that at the request of law enforcement officials, this service has been used to successfully track criminal suspects, people of interest, and even Alzheimer’s patients. But Securus’ system lacks safeguards against illegal tracking. 

Real-time cell phone location tracking of a suspect requires a search warrant under federal law and, as some courts have held, the Fourth Amendment. Normally, when police want to track a suspect’s cell phone in real time, they provide a warrant directly to the phone service provider, which reviews the warrant to confirm that it is valid before complying with the request. The major cellular service providers have law enforcement compliance teams comprised of trained staff who review warrants and other law enforcement requests and regularly reject or narrow requests that are improper or overbroad. 

However, major phone carriers appear to have allowed Securus to bypass these procedures. Government investigators contracting with the company upload documentation justifying a request for cell phone location data to Securus’ system. Securus, functioning as a middleman, pays other middlemen, who then pay major telecommunications carriers for the location information. 

Securus representatives told Sen. Wyden’s office that the company doesn’t actually confirm that the uploaded file is a valid warrant — or a warrant at all. Instead, publicly available screenshots of its online portal show that the company simply requires the investigator to check a box to “certify the attached document is an official document giving permission to look up the location on this phone number requested.” The investigator “then inputs the cellular number that is to be tracked and within seconds, the approximate location of the cell phone will be displayed on a graphical map of the area.”

That system is ripe for abuse. And as the New York Times reports, it was indeed abused as early as 2014, by a Missouri sheriff who, without valid warrants, used it to track the cell phones of a judge and police officers with the state highway patrol.

That sheriff is now facing state and federal criminal charges and a civil suit by highway patrol officers. But Securus may be in legal jeopardy as well, for violating a federal law that prohibits making false representations to a phone company to obtain confidential customer records. That’s because Securus appears to be claiming that the requests are based on a valid warrant, without confirming that is the case. Alternately, as suggested in the above image from Securus’ system and the New York Times’ reporting, the company may be falsely claiming that location requests are justified by phone users’ consent.

Major telecommunications carriers who ultimately facilitate these abuses also deserve blame. In cases where phone companies provide location information, they have a responsibility to ensure that it is only disclosed in appropriate circumstances. It seems highly unlikely that the phone companies are able to confirm “within seconds” that the uploaded documents are indeed valid warrants. This abdication of their responsibility leaves them potentially liable for violating a multitude of laws, including those that prohibit disclosure of customer records to law enforcement without appropriate legal process.

Exploiting Prisoners and Their Families

It’s bad enough that Securus, with the assistance of major telecommunications carriers, has established this backdoor to private data held by telecommunications companies. But the company’s own documents reveal that they also appear to offer additional “location based services” that exploit incarcerated individuals and their families.  

When a person incarcerated in a jail or prison that contracts with Securus makes a call to a cell phone on the outside, Securus is able to obtain the location of that cell phone from the cellular service provider. It then provides that location data to the jail or prison for its unrestricted use. Securus purports to obtain authorization and consent by playing a prerecorded message at the start of a prisoner’s call that tells the person on the other end that their location information will be collected. It then prompts the person to press “1” to accept the call.

For a spouse or child of an incarcerated person, the “choice” between forgoing contact with a loved one or being tracked by Securus is no choice at all. And that tracking falls disproportionately on people of color and poor people, who are most likely to have a loved one locked up. It may also affect attorneys, who have an ethical duty to take their clients’ calls.

Securus is funding this service by tacking a 4 percent “Location Validation Fee” onto prisoners’ already inflated phone bills. That fee is charged whether or not the location tracking capability is actually used for any particular call.

As we’ve argued at the U.S. Supreme Court and elsewhere, cell phone location information is highly sensitive because of what it can reveal about people’s activities and associations. Federal law prohibits service providers from releasing their customers’ cell phone location information without the “express prior authorization” of the customer or a valid court order.  Nevertheless, Securus’ practices functionally deprive individuals of the privacy protections that these laws were designed to create.  

What’s next?

Major phone carriers, the FCC, state attorneys general, and individual correctional facilities must take steps to remedy these exploitative practices.

The phone carriers must take full responsibility for their role in facilitating — and profiting from — Securus’ exploitative services. They should immediately terminate any contracts that allow Securus or companies that provide similar services to access location information. The phone carriers should also get to the bottom of how Securus was allowed to obtain this data in the first place. They should ensure that all law enforcement requests for location data are submitted to and vetted by them directly and information is only disclosed in other circumstances when appropriate.  

In the meantime, customers have a right to know if their information was improperly disclosed. Phone companies should immediately notify any individuals whose information was improperly shared by Securus and develop transparency mechanisms that allow individuals to easily see who else may have been given access to their data.

The FCC should also immediately investigate Securus and any companies that provide similar services. It should make clear that this conduct, which essentially coerces individuals into “consenting” to location tracking or other surveillance, and which fails to confirm the validity of search warrants before tracking people’s cell phones, raises serious questions under existing federal law and must be halted. Additionally, they must take steps to ensure that telecommunications providers themselves adequately safeguard data from this type of abuse. 

At the same time, state attorneys general should examine Securus and major telecommunications companies to determine whether they are in violation of state privacy laws. While these inquiries are ongoing, facilities should halt their Securus contracts, and ensure that individuals contacting incarcerated loves ones are provided a realistic way to opt out of location surveillance.

We applaud Sen. Wyden for bringing these practices out of the shadows and hope that real reforms follow quickly.  

Stay informed

ACLU of Nevada is part of a network of affiliates

Learn more about ACLU National