‘Potential security risk’: Unpacking the UK’s trust issues with Palantir

London, United Kingdom – Trust, erstwhile lost, is hard to claw back. For Palantir Technologies, a starring defence and quality bundle steadfast successful the United States, the spot that the institution established successful the United Kingdom connected a one-British-pound ($1.37) National Health Service (NHS) declaration during the COVID-19 pandemic successful March 2020 – which translated into a six-year narration worthy astir 400 cardinal pounds ($546m) – has precocious eroded.

This has been accelerated successful portion by Palantir’s ain conduct.

Recommended Stories

• list 1 of 4Blood tech: The UK ambassador, the enactment offender, Palantir, and Gaza
• list 2 of 4‘Technofascism’: Critics impeach Palantir of pushing AI warfare doctrine
• list 3 of 4Technofacism? Why Palantir’s pro-West ‘manifesto’ has critics alarmed
• list 4 of 4Varoufakis connected Palantir, AI warfare, and the emergence of tech lordism

The company’s X relationship posted a 22-point manifesto precocious that alarmed critics and prompted renewed questions astir whether a institution with specified openly militaristic values is an due steward of a wellness patient’s astir delicate data.

Among the points were calls for cosmopolitan nationalist subject work and the advancement of “AI weapons”.

“Palantir is perceived arsenic a defence contractor,” said Duncan McCann, the exertion and information pb astatine ineligible run radical the Good Law Project. “If they had conscionable stayed successful that lane, I deliberation radical mightiness judge that. But a defence institution has inherently antithetic values than [a healthcare organisation like] the NHS, and that’s wherever I deliberation this [concern] was created.”

What seemed similar a agelong changeable 4 oregon 5 months agone present feels wrong scope to McCann.

Opposition to Palantir’s 330-million-pound ($450m) flagship information programme named Federated Data Platform (FDP), which is utilized by the NHS, has shifted from a fringe activistic interest to a superior governance dilemma for NHS England and the UK authorities much broadly.

Officials are present openly considering a 2027 interruption constituent for the contract.

On Monday, Palantir came nether further scrutiny. The Financial Times reported that NHS England had allowed Palantir employees “unlimited” entree to diligent data, citing an interior briefing note.

Palantir’s origins are rooted successful defence.

Its Gotham level is utilized by intelligence, military, and policing communities astir the world. Foundry, the company’s civilian solution, is what underpins the NHS’s FDP. Although they dependable similar antithetic products, a 2020 reappraisal by Privacy International and No Tech For Tyrants recovered the 2 systems stock the aforesaid Palantir DNA.

That shared architecture sits astatine the bosom of a governance occupation that critics reason has ne'er been adequately addressed.

According to NHS England, Palantir “will lone run nether the acquisition of the NHS erstwhile processing information connected the platform” and they “will not power the information successful the platform, nor volition they beryllium permitted to access, usage oregon stock it for their ain purposes”.

Palantir responded, stating that the institution “in nary mode uses diligent data, oregon immoderate NHS data, for its ain purposes. Palantir acts exclusively arsenic a information processor nether the acquisition of the NHS”.

Palantir UK’s Charles Carlson told Al Jazeera. “On verification, auditors reappraisal our controls and our compliance with them, and we acquisition aggregate audits.”

He noted that “the customers themselves, aided by the NCSC [National Cyber Security Centre], bash their ain validation”.

While audits whitethorn amusement that Palantir follows manufacture standards for protecting information against unauthorised entree and breach, observers person doubted the grade to which tech companies comply with the rules.

“We truly wouldn’t cognize if Palantir was doing thing nefarious [with NHS data],” said Eerke Boiten, a prof successful cybersecurity and caput of the School of Computer Science and Informatics astatine De Montfort University successful Leicester. “But that’s the aforesaid with Microsoft, Google and different American tech companies progressive successful providing the NHS oregon anyone other with IT solutions.”

Boiten preaches “technical realism” and says these companies are truthful big, their products truthful analyzable and proprietary, that their customers indispensable spot that they are not going to exploit the situation.

As a safeguard, a information extortion interaction appraisal (DPIA) is required earlier processing delicate idiosyncratic information astatine this scale.

“You person to look into the DPIA and spot that they are serious,” Boiten said. “Government should people them to summation nationalist confidence.”

‘A imaginable information risk’

Following ineligible unit from the Good Law Project, NHS England released a little heavy redacted mentation of the FDP declaration – but astir 100 pages stay withheld, according to McCann.

Those pages subordinate specifically to the methodology by which diligent information is pseudonymised earlier it enters the platform. This is the 1 constituent of the contract’s information extortion model that the public, parliament, and autarkic experts cannot scrutinise.

Everyone interviewed for this nonfiction agreed the FDP is broadly a bully happening – and that alternatives exist.

Leaders astatine the NHS Greater Manchester integrated attraction board, which manages the commissioning and backing of healthcare services crossed that region, have spent six years gathering their ain analytics level without Palantir.

Analysts accidental the question is not whether the NHS tin negociate its information effectively, but whether it needs Palantir to bash so.

“Palantir’s governmental leanings, expressed successful their rhetoric, marque them a imaginable information risk,” Boiten said.

One less-talked-about hazard is the imaginable aggregation of data.

Palantir’s Foundry level underpins contracts crossed astatine slightest 10 UK authorities departments, but the institution rejects immoderate assertion that it tin aggregate these information sets.

“Each lawsuit engagement with Palantir is contractually, operationally and technically chiseled and walled off,” said Carlson from Palantir. He added that the institution “does not transportation information among our customers for our ain purposes”.

“Moreover,” helium said, “it would beryllium amerciable for the authorities to stock information successful this mode unless determination are circumstantial data-sharing agreements successful spot betwixt the antithetic authorities departments successful question.”

Two elder Ministry of Defence systems engineers warned The Nerve successful March that by aggregating information crossed antithetic authorities datasets, Palantir could make top-secret accusation from wholly unclassified sources.

For Sarah Simms, elder argumentation serviceman astatine Privacy International, specified a hazard and precedent person already been established by the company’s actions abroad.

“Trust is indispensable to delivering healthcare and the NHS,” she said. “People should beryllium capable to spot that their information is being handled securely and ethically. And if it isn’t, well, that could person a devastating interaction connected healthcare for everyone.”