US surveillance company’s involvement with NHS is ‘crossing a red line’, warns civil liberties group

Backdoor Spies


Support us and go ad-free

Jim Killock of the Open Rights Group (ORG) civil liberties organisation has warned The Canary that surveillance and analytics firm Palantir is “not a company you want handling sensitive personal data”. He says that Palantir is already “crossing a red line” by analysing NHS data as part of efforts to combat the coronavirus (Covid-19) pandemic.

Palantir is not permitted to use NHS data unless…

The British government has said in a statement that:

Palantir is a data processor, not a data controller, and cannot pass on or use the data for any wider purpose without the permission of NHS England

Palantir itself responded (sort of) to a list of 10 questions sent to it by Privacy International, Big Brother Watch, Foxglove, medConfidential, and ORG on 6 May 2020. In its response, the company said that “the NHS retains full ownership of NHS data and any analysis derived from this data”. It adds that “any access to customer data under any circumstances would be strictly at the direction of customers”. In this case, that would be the NHS.

A reply from NHSX (an NHS division specialising in digital innovation) confirmed that NHS England, NHS Digital, and NHSX will retain all intellectual property of the data.

But it’s unclear who within the NHS would need to provide permission to Palantir to access patient or other data; to what extent any such permission would become properly reported to the public, or even if the “permission” required is even technologically necessary for Palantir to gain access to or pass on NHS data.

Killock says that the “NHS should assume the temptation may exist” for Palantir to use its access to the NHS, now or in the future, in order to facilitate spying or blackmail of individuals and should “plan to make it impossible”.

Related articles

Read on...

Palantir’s long and sordid history

Killock also confirmed that Palantir’s history of targeting labour unions, journalists, and political organisations, as well as its links to the CIA, has strongly influenced ORG’s position on the company’s involvement with the NHS.

In 2013, Investigative journalist Lee Fang explained that:

Palantir’s rise to prominence, now reportedly valued at $8 billion, came from initial investment from In-Q-Tel, the venture capital arm of the CIA, and close consultation with officials from the intelligence-gathering community, including disgraced retired admiral John Poindexter and Bryan Cunningham, a former adviser to Condoleezza Rice.

In 2010, Palantir, along with firms HBGary Federal and Berico, were solicited by the US Chamber of Commerce to target its critics. The group began “plotting a campaign of snooping on activists’ families and even using sophisticated hacking tools to break into computers”.

As Fang notes:

The tactics described in the proposals are illegal. However, there were no discussions in the leaked e-mails about the legality of using such tactics. Rather, the Chamber’s attorneys and the three contractors quibbled for weeks about how much to charge the Chamber for these hacking services. At one point, they demanded $2 million a month.

The risk of “vendor lock in” is very real

Killock says ORG’s current concerns include the “potential for vendor lock in – leading to simple profiteering”. This is “extremely easy to take place when people are rushing and failing to do due diligence on contracts”, as is currently happening during the coronavirus pandemic.

Killock warns The Canary that, as a result:
Palantir may become impossible to remove [from public service contracts], and increasingly [become] involved with personal data. They have already been granted access to ‘anonymised’ personal data – this is usually data than can be relinked to people in practice, so already promises that they wouldn’t handle personal data have been broken
Palantir’s involvement in government is in the context of wider concern that for-profit organisations with links to the national security state are getting contracts with the NHS and Department of Health and Social Care (DHSC). Former Labour leader Jeremy Corbyn recently argued that for-profit multinationals like Serco and G4S (both with notable histories of poor performance and associations with human rights violations) should not be getting government contracts like the coronavirus track and trace programme.
NHSX responds to concerns

The Canary contacted NHSX and asked about the nature of its relationship with Palantir and the appropriateness of such a company – which has been implicated in human rights abuses – handling NHS data.

A spokesperson for NHSX told The Canary:

To help us confront the unprecedented challenge from Coronavirus, ministers and health leaders need access to real-time information about health services, showing where demand is rising and where critical equipment needs to be deployed.

Strict data protection rules apply to everyone involved in helping in this critical task. The companies involved do not control the data and are not permitted to use or share it for their own purposes.

At the end of the Coronavirus public health emergency their work will either be deleted or returned to the NHS.

‘Surveillance firms have no place in handling sensitive data’
Killock’s position is clear:
when personal data is handled, [Palantir] should be excluded while they have a surveillance business, in much the same way as companies like Lockheed Martin which sell surveillance tech as well as business tech must be treated with caution.

“Even if the companies could be trusted,” Killock said, “there is a huge issue of public perception.”

Palantir failed to respond to repeated requests for comment.

Feature image via EFF/Wikimedia Commons

We know everyone is suffering under the Tories - but the Canary is a vital weapon in our fight back, and we need your support

The Canary Workers’ Co-op knows life is hard. The Tories are waging a class war against us we’re all having to fight. But like trade unions and community organising, truly independent working-class media is a vital weapon in our armoury.

The Canary doesn’t have the budget of the corporate media. In fact, our income is over 1,000 times less than the Guardian’s. What we do have is a radical agenda that disrupts power and amplifies marginalised communities. But we can only do this with our readers’ support.

So please, help us continue to spread messages of resistance and hope. Even the smallest donation would mean the world to us.

Support us
  • Show Comments

    2. Nothings off the table with Big Brother. Not even a Global Pandemic.
      I for one won’t be uploading that app. It’s pointless anyway. Unscrupulous employers will pressure their staff into lying about any symptoms, or ignore warnings, so as not to affect their profits.

      Report comment

    3. A couple of years ago NHS Patients were asked if they wanted an `OPTOUT` for Digitalisation of Patient`s Health Records. The Records were going on a NHS Computer system enabling GP`s and NHS Hospitals all over the UK to access records in case of Car Accidents etc. The NHS National Patient`s Records Database was given to an American Company,who completely screwed it up and the Database shelved. The DVLA Vehicle Licensing body at Swansea have selling UK Motorist`s Data to Crooked Car-Parking Companies for years; in direct breach of Data Protection Laws.

      Report comment

    Leave a Reply

    Join the conversation

    Please read our comment moderation policy here.

Related articles