Technology developed by controversial CIA-funded data-miner to run NHS data programme

Technology developed by US data-miner Palantir – owned by billionaire Peter Thiel – is to be used to manage a pilot of the new NHS Faster Data Programme.

This is controversial because many of the company’s contracts are intelligence or military related. They include: the CIA, the FBI, NSA, the Marine Corps, the US Air Force, Special Operations Command, and West Point (US military academy).

The NHS/Palantir deal

Papers from a November 2022 NHS Digital board meeting revealed that NHS England is directing NHS Digital to use Palantir’s ‘Foundry’ technology to:

collect patient level identifiable data pertaining to admission, inpatient, discharge and outpatient activity from acute care settings on a daily basis.

Patients will not be allowed to prevent the transfer of their data to the new platform, because the data will be “pseudonymized”. However, that process is queried by the Information Commissioner’s Office.

The papers predicted there would be media criticism of the deal:

The use of Palantir to collect and process data by NHS Digital is likely to be perceived by some privacy campaigners as contentious and therefore there is a relatively high risk of media coverage and adverse comment about this.

Contract “unlawful”?

The instruction to NHS Digital was given despite a 2021 legal challenge by campaign group Foxglove and openDemocracy. Consequently, the government agreed not to extend Palantir’s 2020 contract beyond the coronavirus pandemic without public consultation.

That original contract was to run the NHS datastore, worth £23m. A government blog provided a summary of the project. It encompassed a range of sources, including: 111 and 999 logged data; supply chain data; shielded patients list; Public Health England negative test results; patients listed as frail; NHS electronic staff records; coronavirus (Covid-19) related death information; coronavirus hospitalisation in England; surveillance systems; care home beds, and more.

According to Big Brother Watch, datasets also included “racial or ethnic data”, “political affiliations, religious or similar beliefs”, “criminal offences, proceedings and sentences”, and data on “physical or mental health conditions”, as well as:

• personal contact details (including name, personal email address, home address, home telephone numbers, emergency contact details),
• personal details (including gender, nationality and place of birth)
• work contact details (including work email address, work department, work telephone number, user IDs, work location details)
• employment details (including job title, job duties, manager/sponsor, working hours, employee number)
• any other personal data that might be useful for the nature and purposes of the Agreement

This new instruction from NHS Digital is being justified as an amendment to the original contract. However, Foxglove director Cori Crider told the Register:

We’re very concerned that this latest move to force more patient data into Palantir has been done with zero public input or consent. That’s not what we were told would happen in our case, and we’re seriously concerned it’s unlawful. The government will be hearing from us shortly.

Controversial technology: tracking immigrants

In 2016, it was revealed that Palantir was awarded a $34.6m contract with US Immigration and Customs Enforcement (ICE). ICE used Palantir software to allow:

agents in the field to search through a fusion of law enforcement databases that include information on people’s immigration histories, family relationships, and past border crossings.

Palantir also helped the Customs and Border Protection Agency create the Analytical Framework for Intelligence that “tracks and assesses immigrants” by gathering and analysing:

biographical information, personal associations, travel itineraries, immigration records, and home and work addresses, as well as fingerprints, scars, tattoos, and other physical traits.

In 2018, Palantir took in:

more than $4.9 million from ICE on May 30, part of a $39 million contract that began in 2015. According to a government database search, the contract goes toward “operations and maintenance” of Falcon, Palantir’s proprietary intelligence database that tracks immigrants’ records and relationships.

In August 2019, Palantir was awarded another contract with ICE worth $49.8m. Palantir’s software was used “to target and identify the families of unaccompanied children crossing the [US-Mexico] border in 2017”.

Controversial technology: predictive policing

The Verge reported that since 2012 Palantir – “founded with seed money from the CIA’s venture capital firm” – had been working with the New Orleans police department on predictive policing projects. Palantir used:

an intelligence technique called social network analysis (or SNA) to draw connections between people, places, cars, weapons, addresses, social media posts, and other indicia in previously siloed databases.

Palantir also provided predictive policing and related technology with:

• The Los Angeles Police Department via the application of algorithms to target crime “hot spots” and “chronic offenders” (Wired reported how Palantir undertook similar deals with numerous US police departments).
• The Danish national police and intelligence services to track potential terrorists.
• California’s “fusion centers” – including the Joint Regional Intelligence Center – whose “databases would ultimately stretch far beyond terrorism, including everything from parking tickets to maps of schools”.
• US Health and Human Services to detect medical fraud, and Homeland Security to monitor people as part of the ‘War on Terror’.
• US special operations, including storage and analysis of a range of information, such as “cultural trends and roadside bomb data”.

And back in the UK, the Metropolitan police also ran a trial of its predictive software.

NHS admits risk

Palantir technology was also used for a GCHQ project that sought to improve the agency’s ability to collect “tweets, blog posts, and news articles”. So perhaps it’s not surprising the NHS Digital board papers admitted that:

This project does present reputational risk for NHS Digital, due to the sensitivity both of national data collections following the response to the GP Data for Planning and Research Programme last year, and previous negative media coverage surrounding NHS England’s use of Palantir for the COVID-19 Data Store.

Indeed, the papers raise questions about privacy issues and why the government selected a surveillance technology company to manage patients’ data in the first place.

Featured image via Flickr / Cory Doctorow cropped 770×403 pixels