Jim Killock of the Open Rights Group (ORG) civil liberties organisation has warned The Canary that surveillance and analytics firm Palantir is “not a company you want handling sensitive personal data”. He says that Palantir is already “crossing a red line” by analysing NHS data as part of efforts to combat the coronavirus (Covid-19) pandemic.
Palantir is not permitted to use NHS data unless…
The British government has said in a statement that:
Palantir is a data processor, not a data controller, and cannot pass on or use the data for any wider purpose without the permission of NHS England
Palantir itself responded (sort of) to a list of 10 questions sent to it by Privacy International, Big Brother Watch, Foxglove, medConfidential, and ORG on 6 May 2020. In its response, the company said that “the NHS retains full ownership of NHS data and any analysis derived from this data”. It adds that “any access to customer data under any circumstances would be strictly at the direction of customers”. In this case, that would be the NHS.
A reply from NHSX (an NHS division specialising in digital innovation) confirmed that NHS England, NHS Digital, and NHSX will retain all intellectual property of the data.
But it’s unclear who within the NHS would need to provide permission to Palantir to access patient or other data; to what extent any such permission would become properly reported to the public, or even if the “permission” required is even technologically necessary for Palantir to gain access to or pass on NHS data.
Killock says that the “NHS should assume the temptation may exist” for Palantir to use its access to the NHS, now or in the future, in order to facilitate spying or blackmail of individuals and should “plan to make it impossible”.
Palantir’s long and sordid history
Killock also confirmed that Palantir’s history of targeting labour unions, journalists, and political organisations, as well as its links to the CIA, has strongly influenced ORG’s position on the company’s involvement with the NHS.
In 2013, Investigative journalist Lee Fang explained that:
Palantir’s rise to prominence, now reportedly valued at $8 billion, came from initial investment from In-Q-Tel, the venture capital arm of the CIA, and close consultation with officials from the intelligence-gathering community, including disgraced retired admiral John Poindexter and Bryan Cunningham, a former adviser to Condoleezza Rice.
In 2010, Palantir, along with firms HBGary Federal and Berico, were solicited by the US Chamber of Commerce to target its critics. The group began “plotting a campaign of snooping on activists’ families and even using sophisticated hacking tools to break into computers”.
As Fang notes:
The tactics described in the proposals are illegal. However, there were no discussions in the leaked e-mails about the legality of using such tactics. Rather, the Chamber’s attorneys and the three contractors quibbled for weeks about how much to charge the Chamber for these hacking services. At one point, they demanded $2 million a month.
The risk of “vendor lock in” is very real
Killock says ORG’s current concerns include the “potential for vendor lock in – leading to simple profiteering”. This is “extremely easy to take place when people are rushing and failing to do due diligence on contracts”, as is currently happening during the coronavirus pandemic.
Palantir may become impossible to remove [from public service contracts], and increasingly [become] involved with personal data. They have already been granted access to ‘anonymised’ personal data – this is usually data than can be relinked to people in practice, so already promises that they wouldn’t handle personal data have been broken
NHSX responds to concerns
The Canary contacted NHSX and asked about the nature of its relationship with Palantir and the appropriateness of such a company – which has been implicated in human rights abuses – handling NHS data.
To help us confront the unprecedented challenge from Coronavirus, ministers and health leaders need access to real-time information about health services, showing where demand is rising and where critical equipment needs to be deployed.
Strict data protection rules apply to everyone involved in helping in this critical task. The companies involved do not control the data and are not permitted to use or share it for their own purposes.
At the end of the Coronavirus public health emergency their work will either be deleted or returned to the NHS.
‘Surveillance firms have no place in handling sensitive data’
when personal data is handled, [Palantir] should be excluded while they have a surveillance business, in much the same way as companies like Lockheed Martin which sell surveillance tech as well as business tech must be treated with caution.
“Even if the companies could be trusted,” Killock said, “there is a huge issue of public perception.”
Palantir failed to respond to repeated requests for comment.
Feature image via EFF/Wikimedia Commons
We need your help to keep speaking the truth
Every story that you have come to us with; each injustice you have asked us to investigate; every campaign we have fought; each of your unheard voices we amplified; we do this for you. We are making a difference on your behalf.
Our fight is your fight. You’ve supported our collective struggle every time you gave us a like; and every time you shared our work across social media. Now we need you to support us with a monthly donation.
We have published nearly 2,000 articles and over 50 films in 2021. And we want to do this and more in 2022 but we don’t have enough money to go on at this pace. So, if you value our work and want us to continue then please join us and be part of The Canary family.
In return, you get:
* Advert free reading experience
* Quarterly group video call with the Editor-in-Chief
* Behind the scenes monthly e-newsletter
* 20% discount in our shop
Almost all of our spending goes to the people who make The Canary’s content. So your contribution directly supports our writers and enables us to continue to do what we do: speaking truth, powered by you. We have weathered many attempts to shut us down and silence our vital opposition to an increasingly fascist government and right-wing mainstream media.
With your help we can continue:
* Holding political and state power to account
* Advocating for the people the system marginalises
* Being a media outlet that upholds the highest standards
* Campaigning on the issues others won’t
* Putting your lives central to everything we do
We are a drop of truth in an ocean of deceit. But we can’t do this without your support. So please, can you help us continue the fight?