Don't Just Trust Us

The Privacy and Civil Liberties Team was in Brussels, Belgium, in January for the Computers, Privacy, and Data Protection conference, a three-day meeting of academics, NGOs, government officials, and corporations concerned about legal and technological issues related to the protection of privacy. In addition to a number of interesting panel discussions, the conference was an occasion for conversation. It provided a wonderful opportunity to get a global perspective on privacy and data protection issues from a wide variety of viewpoints. In the course of swapping theories and cases studies with other privacy and technology wonks, I got an opportunity to introduce many people to Palantir for the first time.

But the conference was also an occasion to appreciate the limits of conversation. As I delivered my now well-honed explanation of what Palantir does, and why and how we build technology that can enable better protection of privacy and civil liberties, my interlocutors typically reacted in one of two ways. Some were greatly appreciative of our recognition of and approach to these complex issues, while others were highly skeptical of the authenticity of our commitment and our ability to actually deliver on our promises. Interestingly, both camps often ask some version of the following question: “You have built a very powerful analytic platform and you work with many customers who could do serious damage if they misused it. Why should we trust you when you say you are actively working to protect privacy and civil liberties?”

My response: “You shouldn’t just trust what we say. And we are not asking you to.”

It’s the same response I give to recruits and fellow Palantirians who are similarly committed to protecting PCL. If Palantir were being insincere about its commitment to privacy and civil liberties, we would risk alienating the very people who are most essential to helping us succeed in our mission. Everyone here wants to be proud of what they build, which means that they do not want to see their work misused to violate fundamental liberties. Palantirians, no less than the privacy community, want reassurances about the kind of work we do and the seriousness of our commitment to doing the right thing. A simple profession of our PCL stance isn’t enough. Talk is cheap.

That’s why we continue to take action:

  • We’ve invested in a (growing!) Privacy and Civil Liberties Team, which is dedicated to working with customers to help them implement law and policy designed to protect privacy and civil liberties, and to encourage a higher ethical standard in the use of our product.
  • We have formed the Palantir Council of Advisors on Privacy and Civil Liberties to help us navigate tricky legal and ethical questions and advise us on the future development of the product so that we can address potential privacy and civil liberties issues by “baking in” protective capabilities.
  • We provide financial support to privacy and civil liberties advocacy organizations, and we are proud to sponsor events such as the Amsterdam Privacy Conference and the Privacy Law Scholars Conference.
  • Additionally, Professor Dan Solove, an internationally recognized privacy scholar, has helped us to design the privacy and civil liberties training program that all new Palantir hires will be attending.

We also try to be as transparent as possible in describing the capabilities of our software. Our Analysis blog posts demonstrate the myriad ways in which our technology is being used at deployments around the world. We proactively work to educate policymakers, academics, and advocacy groups about these capabilities and in order to identify the questions that should be asked of us and our customers. Are access controls being used at a granular level to protect information? Are audit logs regularly reviewed for indications of potential misuse? Could a federated system be built instead of centralizing data in a single database? We also seek input on how these capabilities could be improved to better address potential privacy and civil liberties concerns.

These are the actions we have taken and will continue to take to demonstrate the depth of our commitment to protecting privacy and civil liberties—to earn the trust of those who are similarly committed, not only within the PCL community but within our own company.

I can testify to the fact that Palantirians reach out to the Privacy and Civil Liberties Team on a daily basis to seek advice, comment on our work, offer to help, or simply ask us to explain particular issues in the privacy and civil liberties world. Every Palantirian is trained to look out for “red flags” at deployments that might indicate activities that are antithetical to our commitment to privacy and civil liberties. We all have a responsibility to “watch the watchers” (and those who enable the watchers), ask the questions that need to be asked, and demand changes when we see something we don’t like. So, like our fellow Palantirians, don’t just trust us. Look at what we do; don’t just listen to what we say. Question us, criticize us, and challenge us.