The Corona Contracts: Public-Private Partnerships and the Need for Transparency

No Tech For Tyrants, a UK grassroots organisation, is explaining Palantir's involvement with the UK government, including their partnership with the NHS. They explore the concerns public-private partnerships between Palantir and governments raise , and what this means for our rights.

Key findings
  • Palantir’s contract with the NHS provides an example of how partnerships between governments and technology businesses can go wrong
  • Under pressure from both civil society and parliamentarians, the UK government released some of the documents for its contract with Palantir. The documents raise more questions than answers.
  • The bar for justifying contracts that grant private entities potential access over personal data ought to be exceptionally high.
  • The UK government must cut ties with businesses that actively facilitate violence against migrants, Black people, and other oppressed communities.
Long Read

What Do We Know?

In late March, the NHS quietly announced that it would give technology businesses access to unprecedented quantities of patient data for processing and analysis in response to COVID-19. One of those businesses is CIA-backed Palantir Technologies. Palantir’s software is allegedly “mission critical” to US Immigration and Customs Enforcement’s (ICE) mass raids, detentions, and deportations. Despite trusting Palantir with patient data, the NHS has been tight-lipped about the scope of the partnership. 

Critically, this is not an NHS-specific problem. Palantir reportedly holds opaque contracts with the Cabinet Office, Home Office, Ministry of Defense, and dozens of Police Departments. The UK’s increasing engagement with Palantir and other technology businesses should be understood as part of a larger move away from robust and transparent public services. The hollowing-out of the state makes room for the privatisation of critical government services. 

The government positively frames these engagements as mutually beneficial public-private partnerships (PPPs). But when states transfer more power to private entities, the public loses. The government becomes a body designed to service the needs and interests of profit-seeking private entities rather than its citizens. Worse, citizens lose much of their power to hold governments accountable: the government abdicates and transfers responsibility to private actors against which citizens have fewer rights.

Palantir & the NHS

Palantir’s contract with the NHS provides an example of how partnerships between governments and technology businesses can go wrong. There is the familiar threat of leakage: should data get into the wrong hands, it could be used to target and discriminate against UK residents. But even without leakage, that data can potentially be used to train algorithms and produce software that will do harm. Civil society organizations aware of this risk are demanding transparency and an end to the partnership. 

Under pressure from both civil society and parliamentarians, the UK government released some of the documents for its contract with Palantir. The documents raise more questions than answers: for example, The documents are unclear on the conditions limiting Palantir’s access to data after the partnership ends. Palantir is permitted to any processing activities it deems useful. Further, the contract and its DPIA (Data Protection Impact Assessment) are contradictory about whether Palantir can access patients’ race/ethnicity details, criminal history, employment details, biometric data, and political affiliation (see attachments). These irregularities call into question Palantir’s ability to uphold its contractual obligation to safeguard data.

This feast of potentially available patient data illuminates why it might make good business sense for Palantir to license its product, Foundry, to the NHS for just £1. The datasets Palantir might covet most are accessible only through partnerships with public entities like the NHS. Every new £1 contract signed can be a “power-up” for Palantir, expanding its technical capabilities, prospects for future business, and entrenchment into public services.

The very model of PPPs gave rise to technologies, like the ones provided by Palantir, designed with surveillance and governance capabilities in mind. The NHS is functionally bankrolling the development of Palantir’s future products, many of which could be used violently—as has been the case in the past.

Given Palantir’s questionable human rights record, the threat of function creep should concern us all.

What You Don’t Know About Palantir in the UK

The NHS is not the only UK authority that holds contracts with the company. Since 2015, the Cabinet office has paid a total of £1.4 million for Palantir services; £741,000 have been disclosed as related to “IT services” (with little to no clarity on what this entails), while £660,000 remains unaccounted for.

The Ministry of Defence is by far Palantir’s largest UK-based customer with contracts totaling no less than £28 million as of 2019.

Several police constabularies have historically had undisclosed ties with Palantir. The Metropolitan Police Service (MPS), for instance, trialed Palantir's predictive crime-mapping products between May 2014 and April 2015. More recently, Palantir has been listed as one of the ICT (Information Communication Technologies) projects in the MPS’ Digital Policing IT Capital Programme (covering the periods 2016/17 - 2020/2021).

At least 14 other police constabularies in the UK have alluded to commissioning the kinds of predictive policing products Palantir provides.

The Home Office has invested £5 million in the Police Transformation Fund, which includes data analytics and predictive policing, without disclosing prospective suppliers.

Steps We’re Taking

In response to these concerning partnerships, PI, together with other organisations, submitted questions to Palantir. Together, No Tech For Tyrants (NT4T), an org that works on severing links between higher education, violent tech & hostile immigration environments, and PI have written petitions to have the issue discussed in Parliament and submitted further questions to relevant government entities about the nature of the UK’s partnerships with Palantir. 

NT4T has also focused on unveiling and severing links between Palantir and UK Higher Education Institutions (HEIs). HEIs in the UK not only serve as recruitment grounds for businesses like Palantir, but also facilitate research and development through grants, sponsorships, and dissertation prizes. 

The Way Forward

The bar for justifying contracts that grant private entities potential access over personal data ought to be exceptionally high. In the case of Palantir, the company’s reach is especially worrisome. The NHS has begun to detail some of its ties to Palantir, but the public is still being denied the full transparency it deserves. Moreover, the small window into the Palantir contract that we have been given demonstrates the need for other authorities to follow suit. The Cabinet Office, the Home Office, the Ministry of Defense, and all the Police constabularies engaging with Palantir must also come clean. 

Noting the urgent need for transparency and clarity, we are calling for immediate, and thoroughly conducted DPIAs, risk assessments, and human rights impact assessments. Anything less continues to jeopardize the safety and privacy of the public. 

The UK government must cut ties with businesses that actively facilitate violence against migrants, Black people, and other oppressed communities. Palantir is already reportedly involved in the surveillance, detention, and deportation of migrants in the US, as well as discriminatory policing against Black and other minority communities in the US and UK. Civil liberties and privacy rights advocates on both sides of the Atlantic are rightly concerned about Palantir’s growing international reach. 

In light of these concerns, the UK Government’s COVID-19 response must not position Palantir’s activities as logical, technical solutions to the problems at hand; doing so sets up PPPs as a dangerous default response to complex crises.

This article was written by No Tech For Tyrants - an organisation that works on severing links between higher education, violent tech & hostile immigration environments.