One of the UN's largest aid programmes just signed a deal with the CIA-backed data monolith Palantir
Last week, the UN's World Food Programme (WFP) announced a partnership with Palantir, the controversial US-based data analytics company with deep links to US intelligence agencies. This is a deal that has serious consequences for the privacy and security of the 90-million-plus recipients of WFP aid each year. The reaction to the news that WFP and Palantir have entered into this partnership, amongst many in the data and development community was immediate, and visceral. After all, Palantir has a far-from savoury reputation in this field: from it's development of intelligence platforms for the US military to its facilitating human rights abuses by US immigration authorities, this is a company with a deeply concerning history.
Part of the reason for this reaction might be that the deal hits against some of the principles of humanitarian action. One of the key principles of humanitarian action is that the agencies are netural. Yet Palantir is a company that is closely associated with a nation state that is a party to many of the conflicts in which the World Food Programme operates. As we've said before, it's hard to overstate the cosy nature of Palantir’s relationship with the US government. This is not to criticise US foreign policy, in whichever way it may develop in the coming years; rather, it is to recognise the conflict with neutrality that operating with a company such as Palantir presents.
The World Food Programme responded to the criticism of their relationship with Palantir in a statement. But much reamined unclear, prompting a response from civil society. An open letter to the WFP from civil society organisations and experts, organised by the Responsible Data community, was signed by 65 organisations and individuals, including Privacy International. The letter outlined the concerns surrounding the partnership between Palantir and the WFP.
Yet the deal also highlights broader issues with in the humanitarian sector: the vast amount of data now being gathered and collected by the sector. As the research conducted by Privacy International and the International Committee of the Red Cross highlights, the risks from this data is huge. There is danger in the analysis of the "data trails" - the data that individuals produce from an individual's activities , for example who they communicate with, and how they use social media. The risks of new digital technologies - from communications tools to social media and tools for aid distribution - is one that is only just beginning to be approached by some humanitarian agencies.
The dangers that the data produced by these technologies, particularly if they get into the 'wrong' hands, is huge. As General Hayden, the former head of the CIA and NSA, put it, "We kill people based on metadata". But the risks go beyond an individual being targeted for a drone strike: as we've seen with the previous analysis of WFP data in Lebanon shows, the data from WFP programmes is revealing about things like how a population is moving about a country. All potentially devastating in the wrong hands. Further to that is the risk of forms of exploitation: fintech companies, for instance, targeting a population that is a vulnerable position to exploit them with payday loans.
We also have to see this in the light of the World Food Programme's own record when it comes to its use of data. The WFP has massive ambitions when it comes to its data use - for example, it's SCOPE biometric database that currently contains the data of 30 million WFP aid recipients. The WFP has ambitions to not only increase the size of this to include their 90 million beneficaries, but also to extend this to other organisations: essentially becoming one of the key identity providers in the humanitarian sector. However, the WFP's record on protecting the data of its beneficiaries is sloppy: a 2017 audit found that the system needed "major improvement" in its governance and risk management procedures.
WFP expresses its ambitions in another way: as the recording of the press conference to mark the launch of the World Food Programme-Palantir partnership reveals, the WFP's chief intelligence officer compared the work of the WFP to companies in the private sector, including Palantir itself. "Why can’t we take the models of companies that have been disrupted by technology - think of Netflix, think of Uber... - how do we ensure that us humanitarians consider our business, our area of work, with the same rigour and the same focus on what the users will want...?" Given the track record of a company like Uber - and their history of tracking, profiling, and the problematic use of data, it is a sad proposition that an organisation like WFP would consider comparing itself to Uber.
The "Do No Harm" imperative is at the heart of humanitarian action, and new digital technology requires new learning and protections to be in place. That the World Food Program would enter into a deal with the likes of Palantir must place their commitment to this ideal in question.
It's become essential that the World Food Programme clearly and unambiguously demonstrates what assessments it undertook before entering into this arrangement, and the results of these. We also need to know what mitigation measures are in place, and how they will enforce them in their partnership with Palantir. The WFP has to monitor whether harms have emerged for their beneficiaries, and enforce relevant enforcement mechanisms in cases of violations. They have to demonstrate that this relationship, to quote the WFP's position on humanitarian protection, will "contribute to the safety, dignity and integrity of vulnerable people".
Image credit: US National Archives