Privacy & Civil Liberties Engineering
Palantir is a mission-focused company. Our team is dedicated to working for the common good and doing what's right, in addition to being deeply passionate about building great software and a successful company.
Palantir was founded on the conviction that it's essential to preserve fundamental principles of privacy and civil liberties while using data. Our earliest work in counter-terrorism required us to ask whether we could meaningfully strengthen national security in the US without weakening constitutional privacy protections. In response, we invested financial and intellectual capital to build technology that is now trusted by the world's most stringent — and skeptical — data protection regimes.
Our culture of open and critical discussion around the implications of our technology ensures that we remain true to that initial conviction, even as the nature of data and the environments where we operate evolve. From their first day, new Palantirians are trained to ask: "Do I want to live in the kind of world that the technology we're building would enable?"
To help our engineers and business leaders answer this question affirmatively, we:
As we build and implement technology to answer questions of increasing significance and complexity, we follow a set of principles that help us ensure we are doing so responsibly.
Privacy and civil liberties engineering is an evolving field, and every organization is subject to unique requirements and concerns. The ways in which these principles are realized will differ among products and organizations. But the end goal should be the same: developing and implementing technology with a full understanding of its potential effects on fundamental rights and incorporating technical capabilities that can support responsible data handling policies.
At Palantir, we build software platforms that help our customers integrate and analyze their own data in ways that are consistent with legal and ethical considerations. As a company, we do not collect data, sell data, or facilitate unauthorized sharing of data among customers or any other parties.
Over ten years of building products to enable responsible use of data, we've developed several privacy-enhancing technologies that are now core to the Palantir platforms. These features let organizations control and oversee access to their data in increasingly sophisticated and flexible ways.
Our platforms provide highly granular access restrictions with subtle and flexible access permissions, such as temporal and purpose-based limitations. This allows for precision data management - even, at times, across multiple, independent databases - that closely aligns access with purpose specifications. A user sees only the specific information necessary for a defined task (e.g., investigating a specific crime or determining whether to extend credit to an individual), and only long enough to complete the task.
Federation allows users to search and analyze data from multiple, independent databases without duplicating and centralizing data in a single place. Our platforms provide intelligent query interfaces that abstract away the complexity of federation so users can access the information they need without requiring that its source be integrated directly into their organization's Palantir instance.
User actions within a system must be recorded to ensure that authorized oversight entities, both internal to an organization and external, can confirm that data is being used appropriately and in conformity with applicable law. Our platforms maintain audit logs and make them accessible to (and readable by) authorized users to help them proactively identify misuse of systems.
Our platforms track the provenance and version history of all data in the system as it is, allowing users and data subjects alike to assess the reliability of the data and where necessary review and correct inaccuracies. Providing users with well-curated, up-to-date data reduces the risks of erroneous conclusions that might lead to anything from mild inconvenience to serious and costly legal ramifications for an individual.
System users must be able to implement flexible and auditable retention policies and verify that data flagged for deletion has truly been purged from the system. Our platforms allow organizations to ensure that old or irrelevant information is removed as required by data management best practices or even regulations backed by significant fines for noncompliance.
Every Palantirian plays a role in our commitment to protecting privacy and civil liberties. In addition, we employ an interdisciplinary team of engineers, lawyers, and philosophers who take the lead. The Privacy and Civil Liberties Engineering team shares a broad range of responsibilities, including:
Our government, commercial, and philanthropic customers around the world are at the cutting edge of some of the most challenging privacy and civil liberties questions of our time. When should usage of open source data such as social media information be curtailed in the interests of protecting privacy and freedom of speech? What data should law enforcement information systems generate to enable effective oversight and ensure accountability to governments and to the public? How do you ensure that sensitive medical information is only available to researchers who need to see it and only used for the purposes for which a patient gave consent?
Our Privacy and Civil Liberties team leads us in navigating these questions thoughtfully, with their broadest implications in mind. The following examples describe how we've responded to some of these challenges:
In 2012, we created the Palantir Council of Advisors on Privacy and Civil Liberties (PCAP), a group of independent experts in privacy law, policy, and ethics who help us understand and address the complex issues we encounter in the course of our work. In 2014 we expanded the PCAP include a group of international advisers to help us navigate the European and broader International data privacy landscapes.
The Palantir PCL team meets with the US and International PCAP groups regularly for discussion and exchange, including on such topics as:
In addition to our regular meetings, the PCL team often consults members of the PCAPs on an ad hoc basis to consider issues as they arise.
Bryan Cunningham – The founder of Cunningham Levy LLP, Bryan is a privacy, cybersecurity, and data protection lawyer and long-time senior counsel to Palantir. Bryan serves as the Executive Director of the PCAP.
Alex Deane – Managing Director at FTI consulting. Alex was a founder of Big Brother Watch, a prominent U.K. privacy and civil liberties advocacy organization. Alex previously served as Chief of Staff to David Cameron and Tim Collins during their respective terms as Shadow Secretaries of State for Education.
Susan Freiwald – A law professor at the University of San Francisco who frequently participates in electronic surveillance legislation and litigation efforts.
Robert Gellman – A privacy and information consultant who worked for nearly two decades on privacy issues in the U.S. Congress.
Chris Hoofnagle – Chris holds dual appointments as adjunct professor in the University of California Berkeley School of Law and the School of Information (where he is resident).
Nancy Libin – Co-Chair of the Privacy, Security & Technology practice at Davis Wright Tremaine, former Chief Privacy and Civil Liberties Officer of the U.S. Department of Justice, and former Counsel to then-Senator Joseph Biden on the Senate Judiciary Committee and at the Center for Democracy and Technology.
Sylvain Métille – Partner at the Swiss law firm HDC where he specializes in data protection, surveillance, and IT law. Sylvain also lectures on computer crime at Lusanne University.
Stephanie Pell – A private consultant specializing in privacy and civil liberties issues who formerly served in the Department of Justice as an Assistant US Attorney and later as Senior Counsel to the Deputy Attorney General.
Alexander Pretschner - Software Engineering Chair in the Department of Informatics at Technische Universität München, where his research focuses on testing and distributed data usage control.
Priscilla Regan - Professor in the Schar School of Policy and Government at George Mason University where she focuses on the analysis of the use of new information and communications technologies. Pris is the author of Legislating Privacy: Technology, Social Values, and Public Policy among many other scholarly works.
Dan Solove – A law professor at George Washington University, author, and founder of TeachPrivacy, a company that designs privacy and security training programs.
Tim Sparapani - Former Senior Privacy and Immigration Rights Counsel at the American Civil Liberties Union and he was the first Director of Public Policy at Facebook. Tim now runs his own privacy consultancy firm, SPQR Strategies.
Nico van Eijk – Professor of Media and Telecommunications Law and the Director of the Institute for Information Law at the University of Amsterdam. Nico is an expert in legal and technical topics related to privacy and civil liberties.
Daniel Weitzner – Founding Director, MIT Internet Policy Research Initiative, former White House Deputy Chief Technology Officer for Internet Policy and Co-founder of the Center for Democracy and Technology.
The PCAP is advisory only, and members are compensated for their time. The PCAP is neither asked nor expected to agree with and/or endorse decisions made by Palantir.
Discussions with PCAP members are confidential.