12Ajv2kg3o8zMbv4kKKcuA9CA
Palantir is a mission-driven company, and this mission orientation is reflected in the institutions we support, the products we develop, and the internal culture we foster. Our commitment to privacy engineering has been a cornerstone of our operations for the past 20 years. From addressing the challenges faced by our earliest customers in the Intelligence Community, we have steadfastly believed that enabling critical national security mandates should not come at the expense of privacy and civil liberties — the fundamental rights most directly impacted by such work.
This ethos is why Palantir has long invested in a Privacy and Civil Liberties Engineering team, why Palantir champions a privacy-by-design engineering approach, and why Palantir advocates for effective privacy legislation around the world.
In this blog post, we dive into the fundamental right of privacy and how Palantir interprets it within a software context. By providing an overview of privacy and its enduring and multifaceted connection to Palantir’s business and operations, as well as detailing how Palantir respects and protects privacy through our engineering approach, we aim to illustrate how technology companies can embed respect for fundamental rights in their practices and impact. Additionally, we hope this blog post, including the operational and engineering methods described, lay the groundwork for future writings on human rights themes.
Privacy is a recognized fundamental right with broad scope and applicability, especially within the context of technology systems. To live without undue interference with their privacy, individuals should have the ability to control what information is available about them, who can access it and why, how it is stored and distributed across physical or online systems, and, ultimately, what outcomes it influences.
Privacy is also highly complex as a right, partly due to its sweeping and subjective nature in the context of technology and data. While there are privacy norms that most people agree on — like the right not to be monitored in your home — we live in an era where highly sensitive personal data is collected, stored, shared, and monetized in staggering volumes. Individuals are constantly faced with the dilemma of choosing to interact with basic public or private goods and handing over their data for some disclosed or undisclosed use.
Recent legislation, such as the European Union’s General Data Protection Regulation (GDPR), provide templates for breaking down informational privacy and other data protection concepts into actionable policy. However, these regulations still may face the uphill battles of enforcement and keeping pace with the rapid development of new technologies, such as advances in artificial intelligence.
Human rights, while universal, are recognized as not always maximally exercisable. The states and institutions responsible for protecting these fundamental rights often face situations where individual rights and liberties can come into conflict or tension, necessitating prioritization or tradeoffs. Privacy is no exception, as it frequently exists in tension with security. To effectively protect people and thereby fulfill one of the most bedrock tenets of their social contract, states may sometimes need — within reasonable limits — to collect information on and in some cases even monitor certain activities of their citizens. This creates a complex challenge: ensuring the information required to protect security does not lead to an unacceptable infringement on the right to privacy.
Particularly in the wake of 9/11, these tensions came to the fore in the form of novel information collection regimes intended to augment gaps in national security and intelligence operations that were found to have contributed to allowing the attacks to go undetected. Expansive programs were put in place to gather data on wide swathes of U.S. domestic communications, aiming to ensure that no crucial information for investigating and interdicting major threats to national security was missed.
At Palantir, we have tended to challenge the underlying presumption that privacy and security interests must be thought of as mutually exclusive or zero-sum. While there are instances where tradeoffs may be unavoidable, we find it more constructive to start from a premise that rejects this false dichotomy. Instead, we seek to build security capabilities that simultaneously respect and defend privacy interests through a range of policy and engineering solutions to support data integration and analysis. And while we were not a party to the post 9/11 efforts mentioned above that pursued security at the expense of privacy, we do regularly engage with customers in the defense space to advocate for privacy safeguards and rails that preserve the balance between these two fundamental rights without sacrificing efficacy.
We recognize that effectively navigating this fine line requires a constant prioritization of privacy in system design. This necessitates careful consideration of impacts across various domains, including infrastructure, access, design and UI, proportionality of data use, intended outcomes of workflows, and designing rails to ensure that when things fail, they fail safely. If a software company decides to deprioritize or even adopt an agnostic stance on privacy concerns, it risks developing systems that fail to meet their obligations to the privacy of impacted communities.
As outlined in our human rights policy, Palantir embraces the complexity of creating systems that respect and enable important institutions to protect fundamental rights of privacy and security. By examining the role that privacy plays in Palantir’s work and products, we hope to provide greater transparency on how we operationalize due diligence and also offer a framework and best practices for human rights advocates and other companies seeking to understand and incorporate respect for privacy in technology.
Privacy has long been a cornerstone of Palantir, reflected in our founding mission statement to preserve privacy while protecting the security of liberal democratic societies. Since our inception over 20 years ago, Palantir has pioneered a privacy-centric engineering approach. As Palantir has grown, privacy continues to be integral in our various roles and responsibilities as a software company. We are privileged to work with some of the world’s most significant public and private institutions, where our approach to system design and respect for data subjects must consistently meet the highest of standards. Privacy informs our mission and guides our decisions regarding where, with whom, and how we work.
Palantir views respecting privacy as a core obligation in our work around the globe, regardless of industry or customer. As laid out in the UN Guiding Principles on Business and Human Rights and detailed in Palantir’s human rights policy, we embrace our responsibility to respect privacy, and other fundamental rights in our work. Furthermore, we view respecting privacy as just the baseline. As a company that partners with global institutions, we aim to assist them in meeting their responsibilities to protect privacy and other rights. By delivering our products to essential institutions — ranging from healthcare systems to governments and defense agencies — our software is intended to help them perform their duties more effectively and responsibly, thereby enabling them to continue protecting the rights of the communities they serve.
While we have teams who focus on these themes more extensively, namely the Privacy and Civil Liberties engineering team, and formal due diligence processes across our organization, privacy engineering is an ethos championed by everyone at Palantir regardless of their role. We view respecting privacy as a shared responsibility, both internally within our organizational operations and in how we partner with clients. In the technology, and indeed all sectors, the moment a single team is solely assigned to ensuring positive ethical alignment for the whole of operations, there is a risk that rights concerns are dismissed in favor of attending to other business priorities, essentially compartmentalizing ethics as ‘someone else’s problem.’ By contrast, Palantir promotes a broad culture of responsibility that ensures respect for privacy is ingrained in our operations, products, and business strategy.
Given the reach of our technology and our role as a data processor for global institutions leveraging data they legally control, reactive considerations of privacy impacts are inherently less effective. Across big tech, we regularly see the detrimental results of products being launched before their privacy and other implications are fully considered. As we analyze how our work impacts privacy, we strive for proactive mitigation wherever possible.
As detailed in our human rights policy, our risk assessment and mitigation framework is designed to address a variety of considerations, including customers/partners with whom we work, product use cases (how customers use our products), and internal product development to ensure our processes align with privacy best practices. In our framework, we examine multiple dimensions of privacy risks, such as compliance with current legal standards, protecting the fundamental rights of impacted communities, respect for rule of law and political and social stability, promoting fairness and equity, preventing discrimination, and adhering to societal norms and ethical standards. We strive to understand the intersection of our privacy views with our customers’ missions, reputations, intended workflows, and use cases. This involves identifying the data required to achieve those operational goals via our software and mapping out a combination of Palantir and customer-implemented controls to ensure privacy remains a central focus. By analyzing these factors, we aim to create a robust framework that not only meets regulatory requirements but also upholds the highest standards of privacy and ethical responsibility.
We are committed to meeting our corporate responsibility to respect privacy through our longstanding engagement with civil society groups, policymakers, regulators, other technology companies, and internal customer stakeholders focused on privacy issues. As detailed on our thought leadership page, we regularly meet with external stakeholders and publish technical whitepapers, regulatory responses, books, blog posts, and case studies to broadcast our lessons learned in the privacy and software space. These efforts are intended to share our informed perspective on privacy and software, promote best practices for organizations striving to meet their privacy obligations while embracing new technology, and lobby for effective legislation worldwide. As we increasingly engage in the human rights space, we intend to apply our privacy outreach approach to this field as well.
In the software industry, privacy legislation often struggles to keep pace with rapidly emerging and evolving technologies. This inherent lag places the onus back on technologists to not only meet current legal standards, but to anticipate future privacy protection needs in the next five or ten years. At Palantir, we have long adopted this mentality.
Initially, this involved developing robust data access controls, auditing functionalities, and mechanisms for data minimization and anonymization well before the GDPR mandated these capabilities in the EU. Today, our focus includes building solutions for novel and evolving privacy and risk considerations, such as those presented by the proliferation of AI, including large language models, across industries.
Currently, our products bring privacy-enhancing technology to customers across industries. These applications enable organizations to readily deploy the highest standards of privacy controls within their operations, including scanning for sensitive data, robust encryption and obfuscation, retention and deletion, detailed auditing logs for transparency, and controls around data access and checkpoints on sensitive interactions. These features are foundational within our products, integrating privacy-protective technology with the value of data integration, analysis, and AI on a single platform. Our commitment to privacy is also evidenced by our patent portfolio which signifies a recognized body of novel privacy-enhancing technology achievements.
Our privacy-centric product development is complemented by a forward-deployed model of engagement. We collaborate closely with organizations to understand their unique needs and context, providing them with the best tools and frameworks to protect privacy and prevent harmful outcomes.
Through our institutional and product engineering approaches to privacy, we instill a deep respect for this fundamental right across our operations and help our customers meet their privacy needs, as well as protect the privacy of their data subjects effectively.
As companies, organizations, policy makers, and advocacy groups strive to further the respect and protection of human rights principles in the use of technology, we encourage adopting a comprehensive policy-to-product approach to help maximize efficacy and impact. Companies should ensure that their human rights due diligence is integrated across all policies and teams, rather than being confined to a single policy or department. Policymakers should advocate for both a granular understanding of technology and regulation that considers the practicalities of implementation and enforcement.
In future blog posts on the intersection of fundamental rights and technology, we aim to explore case studies and best practices for respecting and protecting human rights in new and emerging systems, from data analytics to AI.
Human Rights and Technology was originally published in Palantir Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
This post is co-written with Steven Craig from Hearst. To maintain their competitive edge, organizations…
Conspiracy theories about missing votes—which are not, in fact, missing—and something being “not right” are…
Researchers have developed AI-driven mobile robots that can carry out chemical synthesis research with extraordinary…
In recent years, roboticists have introduced robotic systems that can complete missions in various environments,…
Overwhelmed by manual tasks and data overload? Streamline your business and boost revenue with the…
In real life, the machine learning model is not a standalone object that only produces…