IP network delivers services to max-security prisoners, without having to move them
- By William Jackson
- May 25, 2011
The administrative segregation unit of the Colorado State Penitentiary was designed to hold the worst of the worst. So when a new high-security complex at the department’s East Canon Complex south of Denver was planned, it was designed to bring services to the prisoners rather than move prisoners from their cells.
“These guys are locked up 23 hours a day,” said John Jubic, the Department of Corrections’ end-user solutions manager. “Any time we move these prisoners, it takes two to six guards to do it. That was the driving force behind what we are doing.”
Via an IP network, the department is delivering basic services, such as TV, telephone and visitation services, to hardened kiosks in each cell. Each prisoner is entitled to some privileges, including virtual visits from visitors’ centers outside the prison, tailored to the prisoner's disciplinary status. A high-speed network delivers many of those virtual visits to the cell without the risk or hassle of moving the prisoner, bringing visitors into the complex or delivering materials to a cell.
Maximum security prisoners help lock down prison network
NC city mixes remote access with authentication control
Mississippi controls prison cell phone use without jamming
A server that links the department's Lightweight Directory Access Protocol directory to a prison management system is critical to managing access privileges at kiosks in prisoners' cells. The RadiantOne Virtual Directory Server is “a single access point where the application gets all of its information,” said Ulrich Schulz, a Radiant Logic systems engineer.
The virtual directory server creates a single profile from multiple existing resources, in this case a Novell eDirectory and Informix database used for authenticating prisoners and authorizing their access to in-cell services. “We shield the complexity of different services, protocols and attributes from the application,” Schulz said.
The new maximum security prison is a greenfield environment, designed to accommodate in-cell services and constructed with a built-in network infrastructure. But the prison also is part of a larger enterprise, and its systems draw on existing data from Department of Corrections systems. A virtual directory server enables the new prison to apply those existing enterprise resources in new applications by accessing and merging data on the back end rather than requiring it to be migrated to new systems.
“We are talking about data already in the enterprise,” Schulz said. “It doesn’t make sense to rebuild it from scratch.”
“What Radiant Logic does is allow us to not enter the data twice,” Jubic said. The system knows the cell assignment of prisoners and their access privilege profile. Only a specific prisoner assigned to a cell can log in to the kiosk, and once logged in, the prisoner can access only approved resources.
In-cell services are a compromise between the need for security in what Colorado classifies as a Level V prison and the need to provide essential services to even the worst criminals who are locked down for most of every day.
Security vs. funding
The Colorado State Penitentiary II High-Custody Expansion project was controversial from the start. Many in the state objected to the decision to spend $162 million on the three 320-bed units of CSP II that would be used to segregate prisoners rather than spending the money for services to improve conditions. Because of litigation, construction of CSP II was delayed, and it was not scheduled to become operational until August 2009, more than two years later than originally planned.
But the number of high-security prisoners entering the system was outstripping the number of available cells. The in-cell services project was a compromise to improve security and save money on the long-term operation of the new facility and improve conditions for prisoners in administrative segregation through the use of technology.
“We said that when we build a new prison, we need to make it state of the art,” Jubic said. “This had never been done before.”
The Department of Corrections issued a request for proposals for a service delivery system, but “we didn’t get a response that was a total solution,” Jubic said. As a result, “my team designed it. It was a real challenge.”
The department broke ground for CSP II in 2007, and North Carolina-based networking company CommScope installed more than 700,000 feet of cabling to provide data speeds of 1 gigabit/sec to each cell. The infrastructure can support speeds as fast as 100 gigabits/sec as demand grows.
The in-cell kiosk is enclosed in metal with a clear plate covering the monitor screen, with only the keyboard, mouse and a headset available to the prisoner. The kiosk houses a thin client without a hard drive that gets a new image of the operating system from a Citrix provisioning server every time it boots.
Although some prisoner services are hosted on the Internet, the kiosks do not have a direct connection to the Internet. A reverse proxy server is used to retrieve a preconfigured set of resources for the clients without allowing the client outside access.
After legal challenges to the new facility were resolved, the opening was further delayed by the recession, Jubic said. “Right in the middle of it, we hit the budget crunch,” and it was decided that the new facility would not be occupied at all. But at almost the last minute, funding was appropriated for one third of the facility, and one of the 320-bed units opened in September 2010. It now houses 316 prisoners, Jubic said.
The Department of Corrections is gradually adding in-cell services. The prison now has 22 cable TV channels available, with four in-facility channels. The outside channels come in through the Correctional Cable TV service, which provides the Department of Corrections with satellite links to commercial cable channels. The analog signals are converted to IP for distribution via the in-house network. The amount of time and the channels available to each prisoner depends on his behavior and privileges level, which is stored in the prison management system and used by the Radiant Logic server in allowing access.
In-cell voice-over-IP telephone service also is available through the kiosk. “All it is is a soft phone that was stripped of a lot of the functionality,” Jubic said. With 1 gigabit/sec to each cell, there is plenty of bandwidth for voice, but “we had a little problem with the visitation trying to step on the telephone system.” That was corrected by making a virtual application of the VOIP so it could run independently without running afoul of the visitation system.
When the CSP II facility first opened, friends and family came to a visitors’ center in the East Canon Complex for virtual visits with maximum security prisoners. By using the IP voice and video link, the Department of Corrections does not need to process visitors and escort them to a secure facility or move prisoners from their cells.
Many visitors probably would prefer an in-person visit, Jubic said, but the system saves money on staffing for the department and makes the visits easier to schedule and accommodate. And with a 1 gigabit/sec connection to the cell, “it’s as good a picture as you can get,” Jubic said.
The department is expanding the system to make it more convenient for visitors, too. In April, a remote visitation center was scheduled to open in Denver, where most of the facility’s inmates are from. “Eventually, we would like to get this out into the community through faith-based services,” Jubic said.
“One of the things that people worried about” with networked services “was that it would take away human contact for the inmates,” he said. But although some of the contact is virtual, the inmates are receiving twice as many phone calls as before, and the number of virtual visits was expected to increase when the Denver center opened.
A library catalog system used by the prison is hosted on the Internet, and prisoners can browse and order available books, which are delivered to the cell. “We haven’t started using e-books yet,” Jubic said, but eventually they probably will. The prison’s approximately 3,000-book law library has moved to a hosted site so that online access is available to inmates for scheduled blocks of time, eliminating the need for copying and delivering hundreds of pages of reference materials to prisoners.
The existing paper-based system in which prisoners make administrative requests also is moving to the kiosk. “It’s their way of communicating with any of the staff,” Jubic said, and the process is expected to become simpler and quicker in an electronic format.
Jubic said the in-cell services program eventually will be expanded to in-pod services to provide remote access in other facilities where prisoners are not routinely confined to their cells all day. Kiosks would be located in a unit’s day room where inmates spend time. For now, the system is reducing costs for the cash-strapped corrections system.