Deal will see tech company given access to data from a range of government departments

Credit: Danny Howard/CC BY 2.0

The government will spend up to £20m with big data firm Palantir to deliver a “border flow service”.

Newly published procurement information reveals that the Cabinet Office has awarded an initial one-year deal that will be worth £7.85m to the US firm. Two optional one-year extensions – worth £6.125m each – could take the value of the contract past £20m.

The aim of the deal is to use Palantir’s technology to bring together – in near real-time – data from a range of departments to provide “key indicators on the flow and throughput of goods at and around the border to support wider government understanding of flow at the border”.

The first phase of work includes a “technical feasibility evaluation” of the use of Palantir’s Foundry platform. This will be offered by the company on a “free trial” basis, according to the government.

Foundry is described by Palantir as tool for “removing the barriers between back-end data management and front-end data analysis”.

The goal of phase one of the programme of work is to “evaluate the feasibility of using the Palantir Data Connector to extract information from the participating departments’ systems”.  The first departments to undergo this phase will be the Home Office and HM Revenue and Customs.

Related content

• Digital services central to plans for post-Brexit border
• Government launches digital tools to help importers and exporters navigate post-Brexit trade
• HMRC border IT systems given £100m boost

Within the first year of the contract, the goal is for these departments to move into a second phase, in which they will implement the Foundry tool. Concurrently, Department for Transport, the Department for Environment, Food and Rural Affairs, the Driver and Vehicle Standards Agency, Highways England and local authorities representing areas housing a port will be invited to begin their feasibility evaluations.

If and when the contract moves into its second and third years, these agencies – and any others the government subsequently decides should be connected to the Foundry platform – will move into phase two.

For each department whose data is connected to Foundry, Palantir will need to establish an “access agreement” that sets out the department’s needs and the responsibilities to be placed on the IT company.

The contract stipulates that all the data “will be hosted in the UK in a separate dedicated partition of the Palantir Foundry System… for the exclusive use of Her Majesty’s Government… and hosted in the Amazon Web Services London region”.

The document imposes a range of other security and data-protection measures on the company, including that, at its own expense, it must assess its systems against guidelines set out by the National Cyber Security Centre, and provide the Cabinet Office with documentation of that assessment. 

“Palantir must not process any government data outside the UK without written authorisation from the Cabinet Office, which may impose conditions on that permission,” the contract states. “Palantir must ensure that all government data is encrypted at rest and in transit. Palantir must securely erase any or all government data held by Palantir when requested to do so by the Cabinet Office. Prior to any such deletion, [it] will notify the [the Cabinet Office] of its intention to delete and the means through which it will achieve such deletion.”

The contract also requires the company to “ensure that only the minimum number of staff required have access to the Border Management System and a written list must be maintained of all staff having such access along with their clearance levels”.

This list must be provided to the Cabinet Office.

The contract added: “Palantir must ensure that any staff with administrative access permissions, which means such persons who have access to the bulk data provided for or generated by the Border Flow Service, obtain Security Check clearance in order to process government data.”

The full 109-page contract quoted from in this story was originally attached in PDF form to the award notice published online last week. However – in a data breach discovered and exclusively revealed by PublicTechnology – the document had not been correctly redacted, and included the names, email addresses and mobile phone numbers of representatives of the Cabinet Office and Palantir. The department’s data-protection officer was informed of the leak on Friday afternoon, but the contract was not removed from the award notice until late morning on Tuesday – a couple of hours after the press office had also been alerted and asked for comment.

Contracts and controversies
Palantir was founded in 2003 by Peter Thiel, the billionaire founder of PayPal. One of its earliest funders was In-Q-Tel – effectively the venture capital arm of the US Central Intelligence Agency, which invests in technologies aimed at the national-security sector.

At one point, In-Q-Tel is understood to have held a shareholding of as much as 10% of the firm; it is still listed on the investor’s website as being among its portfolio of investments, although it is not clear how big a stake it now holds.

US intelligence agencies and other federal bodies were among the first adopters of Palantir’s data analytics tools, and the firm has since expanded into other parts of the public sector in the US and overseas, as well as the private sector.

The firm has run into various controversies over the years, most notably over its much-criticised work with the US Department of Homeland Security and the Immigration and Customs Enforcement unit.

Last month, Amnesty International published a report titled: Failing to do right: the urgent need for Palantir to respect human rights.

“Through Palantir’s contracts with DHS/ICE… Amnesty International has determined there is a high risk that Palantir is contributing to serious human rights violations of migrants and asylum-seekers by the US government,” the report said.

Included in the report is a response from Palantir’s director of privacy and civil liberties Courtney Bowman, who addresses Amnesty’s criticisms

“Palantir as a company remains extremely concerned about protecting human rights, privacy rights, and civil liberties in general,” he wrote. “Our work has been intentionally scoped to a specific division of ICE – Homeland Security Investigations [HSI] – with a distinct transnational criminal investigative mission set.”

He added: “We nevertheless appreciate that HSI’s mandate includes areas of law enforcement, such as worksite activities, that have been directed under the current administration to include an expanded focus of both criminal and civil enforcement. While these changes are limited in scope, they are nevertheless cause for concern for many Palantir employees (myself included) who believe that HSI’s efforts and resources are better reserved and applied exclusively for addressing violent crimes and the criminal organisations that present a clear and direct threat to national security, undermine the integrity of our essential institutions, and exploit the most vulnerable.”

“Through Palantir’s contracts with DHS/ICE… Amnesty International has determined there is a high risk that Palantir is contributing to serious human rights violations of migrants and asylum-seekers by the US government”
Amnesty International report

While the privacy head claimed that the policies of Donald Trump’s administration have been concerning for many Palantir employees, Thiel – who serves as the company’s chairman – donated $1.25m to the president’s 2016 election campaign, and publicly spoke in support of the then Republican candidate. However, as this year’s election draws closer, numerous reports in recent weeks have suggested that the tech billionaire’s support for Trump has waned.

In the Amnesty report, Bowman went to say that Palantir “accept that there are moral implications for how our technology may be used in immigration enforcement”.

“HSI’s broad law enforcement authorities and organisational proximity to civil immigration enforcement conducted by ERO (Enforcement Removal Operations) under the current administration raises legitimate and important questions for us about our complicity in activities that, while lawful, may nonetheless conflict with norms and values that many of us hold,” he said. “This is not a tension that we regard lightly and is something that we continuously evaluate against the entirety of the mission set that our software supports for HSI. We have continued to support HSI because we understand the totality of their work and its importance to protecting the security of our nation and its bedrock institutions. We are a company that serves the core institutional missions of our partners, not any political or ideological agenda or individual elected official.”

A search of the UK government’s Contracts Finder database reveals that the border flow deal is the fourth – and by far the largest – contract that Palantir has won in the UK public sector. 

In 2015 the firm was awarded a two-year, £735,000 deal to provide an “enterprise analytical platform and intelligence service” to the Government Digital Service. In June 2018, meanwhile, it won a £1.67m deal with the Ministry of Defence to deliver a “data science services pilot for decision support to naval personnel management”.

Earlier this year, Palantir signed a short-term deal with NHS Arden and Greater East Midlands Commissioning Support Unit to “support Covid-19 response management”. This contract was worth £1.5m.