LeRoy Nellis

Contact

Request for Independent Security Review — NCIC Jail Communication App (Public-Interest Inquiry)

security@eff.org,
info@eff.org,
tips@propublica.org,
security@themarkup.org,
tips@theintercept.com,
disclosures@citizenlab.ca,
contact@citizenlab.ca,
security@aclu.org,
tips@wired.com,
security@mozilla.org,
bugcrowd@bugcrowd.com,
disclosures@hackerone.com,
security@torproject.org,
press@torproject.org,
security@wikimedia.org,
info@openprivacy.ca,
contact@privacyinternational.org,
security@openrights.org,
tips@bellingcat.com

Good afternoon,

I am reaching out to request an independent, good-faith security and privacy review of the NCIC jail communications platform (mobile application and associated backend services) from a public-interest and civil-liberties perspective.

The concern is straightforward and narrow:

Whether the NCIC application engages in surveillance, data harvesting, tracking, or secondary data use that impacts innocent Americans, specifically:

  • family members communicating with pre-trial detainees,
  • individuals who have not been convicted of any crime,
  • and contacts whose data may be collected incidentally through jail communication systems.

This inquiry is not about facilitating wrongdoing or evading lawful monitoring. It is about ensuring that:

  • data collection is limited to what is legally authorized,
  • permissions are proportional and transparent,
  • third-party SDKs, analytics, or AI tooling are not being used to profile or surveil non-incarcerated individuals,
  • and no data is being repurposed beyond stated correctional or billing functions.

Given the increasing integration of AI, voice analytics, metadata analysis, and behavioral modeling into correctional technology, independent verification is critical. These platforms sit at a sensitive intersection of government authority, private vendors, and constitutional rights—particularly for pre-trial detainees who are presumed innocent and their families.

If your organization or community is able to:

  • review the mobile app (permissions, network traffic, SDKs),
  • analyze publicly accessible infrastructure or patents,
  • assess privacy policies versus actual behavior,
  • or advise on responsible disclosure pathways,

your guidance would be invaluable.

This request is made in good faith, for public accountability, and with respect for lawful security research norms. Any findings would be handled responsibly and with appropriate coordination.

Thank you for the work you do in protecting privacy, civil liberties, and technological accountability.

Respectfully,

LeRoy Nellis
Austin, Texas
LeRoyNellis2@gmail.com

Comments

Leave a comment