The Catalog of Carceral Surveillance: Monitoring Online Purchases of Inmates’ Family and Friends
by Cooper Quintin and Beryl Lipton
This article was first published by the Electronic Frontier Foundation on September 7, 2021. It is reprinted here with permission.
Prison wardens and detention center administrators have, for years, faced what they believe to be a serious problem. While they can surveil every aspect of the lives of the people imprisoned in their facilities, they typically have no ability to violate the privacy and civil liberties of the friends and family of incarcerated people. Fortunately for prison administrators, Securus, notable for overcharging inmates for the privilege of communication with their loved ones, has done some thinking on the problem.
Earlier this year, Securus received approval for a patent describing a method of “linking controlled-environment facility residents and associated non-resident telephone numbers to ... e-commerce accounts associated with the captured telephone number” and “information about purchases made by a non-resident associated with the accessed e-commerce account.”
In other words, the patent imagined a way to capture the phone numbers of everyone a prisoner talks to, including friends and family, and to use that information to scrutinize their e-commerce purchases. (Note: After EFF published this post, Securus told EFF that it will not build the system described in the patent. The company’s full statement is below.)
The patent application provides the following example of how prisons might use this invasive and dangerous technology.
“[I]nmate call records may show that an inmate made calls to their girlfriend before escaping. Investigators question the girlfriend, but she provides no help. However, investigators employ embodiments of the present systems and methods, using the DTN [Dialed Telephone Number] used by the inmate to call the girlfriend, to find that the girlfriend had purchased skiing equipment through an e-commerce app associate with the DTN and made a reservation through another (or the same) e-commerce app (such as a homestay app) for a house in a remote area in the Colorado mountains. Investigators find the escaped convict and the girlfriend at the house using the data obtained through the invention.”
If implemented, the patent would be a massive civil liberties violation and a dangerous expansion in the powers of prison administrators to surveil people not under their carceral control. One may wonder, though, how Securus would implement this patent in practice. Not many people would willingly give a prison administrator access to their Amazon or other online shopping account.
Luckily for wardens, the patent has suggested a workaround: an end-user license agreement.
In their patent application, Securus suggests that prison officials could obtain a waiver from anyone wishing to communicate with an incarcerated person, which would allow prison officials to then root around in the proverbial sock drawer of that person’s e-commerce purchases. Understanding that very few people would knowingly agree to this waiver, Securus helpfully suggests: “Such a waiver may be part of an end user agreement associated with use of controlled-environment facility communication services, including, such as by way of example, a controlled-environment facility communications app.” The patent continues: “the waiver may allow the resident’s controlled-environment facility, a controlled-environment facility communication vendor, law enforcement, and/or the like, to garner passwords from the non-resident’s mobile device, computer, etc. to use for such access.”
It is not clear that this demand would be legally permissible, at least without a warrant. As an initial matter, most e-commerce sites prohibit sharing passwords. For example, Amazon’s Conditions of Use say “You are responsible for maintaining the confidentiality of your account and password and for restricting access to your account.” The envisioned waiver agreement does not change the restrictions of the e-commerce site, and could put the non-resident in an impossible position. Moreover, the system envisioned would give investigators access to the content of communications between the non-resident and the e-commerce site, which requires a warrant. While a service provider can voluntarily disclose with the customer’s consent, as envisioned in the patent, the service provider is not being asked to disclose voluntarily, and may not even be initially aware of the access.
In a statement sent to EFF after publishing this post, Aventiv, the parent company of Securus, said it would not be developing the technology described in the patent. The company’s statement in full:
We at Aventiv are committed to protecting the civil liberties of all those who use our products. As a technology provider, we continuously seek to improve and to create new solutions to keep our communities safe. The patent you reference is 10904297, which was filed in June 2019, prior to our company publicly announcing a multi-year transformation effort. The patent is not currently in development as it was an idea versus a product we will pursue. Our organization is focused on better serving justice-involved people by making our products more accessible and affordable, investing in free educational and reentry programming, and taking more opportunities—just like this one—to listen to consumers. To ensure there is no additional misunderstanding, we will be abandoning this patent and reviewing all open patents to certify that they align with our transformation efforts.
We agree that Securus should withdraw this odious idea rather than coerce a Faustian bargain upon people who love someone in prison: give us the power to monitor your online purchases, or wait to talk to your loved one only after we let them go.