ATTORNEYS AND ADVOCATES for people incarcerated in local jails in Austin, Texas, have settled a federal lawsuit against telecommunications company Securus Technologies, with an agreement ostensibly designed to ensure that privileged legal communications between defense attorneys and their clients are not improperly recorded.

The suit, originally filed in April 2014 by the Austin Lawyers Guild, the Prison Justice League, and several individually named defense attorneys, alleged that Securus recorded confidential and privileged communications between lawyers and detainees that were then accessed and listened to by prosecutors. Local prosecutors’ offices and the Travis County Sheriff’s Office — which manages the county’s jail facilities — were also named as parties to the suit.

The Intercept first reported on the Austin lawsuit in our November 2015 story about an unprecedented hack of a recorded calls database belonging to Securus. An anonymous hacker provided the data via SecureDrop, including records related to more than 70 million individual calls placed by inmates to 1.3 million unique phone numbers over a 2 1/2-year period. In a follow-up story published last month, we reported finding within that data at least 57,000 calls made by detainees to lawyers, including calls that individual attorneys confirmed had been set up in advance to be privileged — and therefore unrecorded — communications.

The Austin lawsuit was unrelated to the revelations resulting from the leaked Securus database, but lent context to the hack, as well as credence to claims by prisoners themselves, who often insist that all of their communications are recorded.

The settlement requires the Travis County Sheriff’s Office to establish within 90 days — with Securus’s assistance — an online system that allows defense attorneys to place their phone numbers on a “private do not record list,” along with an “access log” to flag any privileged calls that are, in fact, listened to by law enforcement. The log must contain the name of the inmate, the phone number he or she called, the name of the person who listened to the call, and information about when the breach happened. The settlement also requires local prosecutors to provide defense attorneys with a written “access of call” letter notifying them of each breach. (Exempt from the requirements are calls accessed by law enforcement pursuant to a court order, subpoena, or search warrant.)

Securus never responded to repeated requests for comment for either of our stories on the hack, though in the wake of the November report, the company issued a press statement insisting that there was “absolutely no evidence” that any attorney-client calls had been recorded “without the knowledge and consent” of the parties to each call.

In its 2014 challenge to the Austin lawsuit, Securus noted that government intrusion into the attorney-client relationship could be a violation of the Sixth Amendment right to effective counsel. But the company insisted that it has abided by its policy of not recording privileged phone calls — while at the same time maintaining that any existing recordings were voluntarily turned over by the state to defense attorneys during discovery in individual criminal cases. What’s more, Securus argued that the plaintiffs had not proven that “such recordings” had any adverse effects on their cases. “Securus acknowledges that Plaintiffs have alleged that recorded attorney-client calls have been shared with prosecutors, but they have failed to articulate a single instance where they have been harmed or prejudiced,” the company said.

Prior to the release of the hacked Securus data, the company was likely best-known for the exorbitant rates and fees it charges prisoners and their families for phone calls — a circumstance highlighted by an ongoing challenge to those charges (and charges by the company’s competitors), which for years has been pending before the Federal Communications Commission. The FCC took action to set interim rate curbs for interstate calls in 2013; in October 2015, it went further, curbing rates and fees for both interstate and intrastate calls. Securus and industry leader Global Tel*Link have sued to block provisions of the FCC rulings from taking effect, and earlier this month, the U.S. Court of Appeals in D.C. blocked the new rate caps from taking effect until the lawsuit is settled.

The mass recording of inmate telephone calls is a fairly recent practice, sold by private telecom companies like Securus as a security measure — a means to monitor potential jailbreak plots, for example, or curb the introduction of contraband into a facility. But this blanket recording, and long-term storage, of untold millions of routine communications raises serious concerns about the privacy rights of inmates and their loved ones.

Even more concerning is the recording of privileged communications between attorneys and their detained clients. The ability of defense lawyers to communicate privately with their clients is a cornerstone of the criminal justice system; monitoring and/or recording such conversations chills the attorney-client relationship and may also run afoul of constitutional protections — including the right to effective assistance of counsel and of access to the courts.

The Intercept found no records of calls made to any of the Austin defense attorneys named in the federal lawsuit within the hacked data. All of the calls contained within the database originated from prison facilities in Missouri, and the majority of the attorney calls were made to attorneys in Missouri. Yet, as the Austin lawsuit shows, there is nothing to suggest that the problem of recording privileged calls is unique to Missouri. Indeed, Securus serves more than 1.2 million inmates in 3,450 facilities throughout the U.S., Mexico, and Canada. As of 2012, the company was processing 1 million calls per day. In Austin, some lawyers who were a party to the federal suit had received recordings of their privileged calls during the evidence discovery process.

Defense attorney George Lobb, one of the lawyers representing the plaintiffs in the lawsuit, is skeptical that all the ongoing problems will be fixed, although he points to the importance of implementing the access log, which “will show who’s cheating, when, and how.” But otherwise, the Austin settlement mainly reiterates safeguards that should already have been in place to ensure that privileged calls are not recorded.

And even then, there is no guarantee: Lobb cited a local defense attorney who abided by the county’s previous procedure for placing his phone number on a do-not-record list only to find records of his privileged calls with clients through the discovery process. Mere days before the settlement was reached, the lawyer found that he had been “improperly removed” from the do-not-record list, Lobb said. When Lobb tried to find out why the defense attorney had been kicked off the list, he got no answers. To him, this suggests that the “Securus system just hasn’t been fixed.” It “still has flaws,” he said. “They won’t admit those flaws and won’t fix them — and they won’t tell us why.”

Nevertheless, the settlement includes a stipulation by both parties that there was “no evidence of intentional misconduct” by Securus or its codefendants. Securus will pay $20,000 in attorney fees to the plaintiffs and Travis County will pay $800 in mediation fees.

“I would not call this a victory,” said Lobb. “I would call it a temporary fix to a chronic problem.”