Five journalists reported critically on the US corporation Palantir with the WAV research collective and “Republik” – and Palantir is now demanding a right of reply at the commercial court. This could prove to be a boomerang.

Lorenz Naegeli is a member of the WAV research collective in Zurich. It works collaboratively and acts as a partner for media outlets, civil society organisations, and non-profits. His areas of focus are migration, internal security, and armaments.

On the company’s blog, Palantir says it is “not a surveillance company”. Is that correct?

That is a matter of interpretation – but if you look at what the software is actually used for, particularly by law enforcement agencies and militaries, it clearly has surveillance aspects. Palantir software processes as much data as possible and uses it to create situational pictures intended to assist operations.

Palantir is now suing the Swiss online magazine “Republik” because you reported there on attempts to sell to the Swiss army. How did you come to investigate this?

When Palantir announced a European base in Altendorf in the canton of Schwyz in 2021, there was a great deal of favourable coverage – and then things suddenly went quiet. We asked ourselves what Palantir was actually doing in Switzerland and, drawing on the Freedom of Information Act, submitted 59 requests to 41 federal offices. One of the central documents we received was an approximately 20-page internal report by the army staff – an evaluation of whether Palantir products should be procured, triggered by a meeting between Palantir’s European head Louis Mosley and Swiss army chief Thomas Süssli at the Shangri-La Dialogue in Singapore, a security policy forum attended by defence ministers.

Over seven years there were at least nine approaches to Swiss federal agencies. You call that “persistent”; Palantir calls it “normal market sounding”.

What matters less is the number of contacts than the form they took. Alongside formal channels there were informal conversations – at the World Economic Forum, for instance – and offers during the Covid pandemic to test services pro bono. Palantir attempted to market its products in a variety of ways.

In what areas can Palantir software actually be deployed?

On one hand, for militaries and intelligence services, where the focus is on creating situational pictures and – in the case of Israel – on gathering information in a wartime context. A Palantir representative stated that the products help to optimise the “kill chain”. On the other hand, for police authorities such as ICE in the United States, where vast amounts of data are collected in a migration context to locate, detain, and deport individuals. And then there is the civilian sector: companies such as Swiss Re, Ringier, and Novartis use Palantir software to analyse business data.

During the pandemic, Palantir promoted its product “Foundry” in Switzerland for use in combating Covid. What would that have looked like?

According to the email correspondence we were able to view under the Freedom of Information Act, and according to statements from the authorities, Palantir offered to assist with tracing using “Foundry” – presumably meaning the identification of infection chains: which individuals had been in contact with whom? The Federal Office of Public Health ultimately opted for a competitor, partly because the communications department considered a collaboration with Palantir too sensitive.

In the area of anti-money-laundering, the Swiss reporting office reportedly classified the use of Palantir software as “probably illegal”, according to your investigation. Why?

The Swiss state money-laundering reporting office said there was insufficient legal basis for using the software – that is, for the linking of data points that it would have entailed. There are parallels here with Germany, where the question is equally being raised as to whether the extensive data linking carried out by Palantir is compatible with existing law and fundamental rights requirements.

In Germany, criticism has been levelled at Palantir platforms for searching the internet and combining findings with real-time data. The company dismisses this as “easily correctable technical misunderstandings”.

The software can aggregate both information already held in government databases and publicly available data – and that data may well include real-time information. It is about combining as many digitally available sources as possible – and the conditions here can shift in such a way that ever more data can not only be linked, but lawfully so.

What exactly is the criticism of what Palantir calls its “responsible technology ecosystem”?

First, the lack of clarity around data sovereignty and data security – who can access the aggregated information? Second, data protection: it cannot be ruled out that uninvolved individuals are inadvertently caught in the net. Third – and I consider this particularly important in the current debate – the lock-in effect: once the software has been introduced, it is almost impossible to move away from, because it takes on such far-reaching functions. We can see this in the United States, where ICE noted in its ImmigrationOS tender that only Palantir was able to meet its requirements.

Palantir says no data is passed on to US authorities. But what if local police present a court order, or intelligence services come knocking?

That is a crucial question. Palantir has signalled that it would resist such orders. Over recent months, however, we have seen how other US tech corporations have responded to government pressure – Microsoft, Google. There are certainly examples where data has been handed over to US authorities.

Can such back doors not be ruled out if the software is installed on the customer’s own servers – as is reportedly the case with the German police?

Palantir says it is a self-contained system in which the customer retains absolute sovereignty. The Swiss army report took a different view and identified a risk that data could flow to US government agencies – explicitly citing open-source options as alternatives for mitigating that risk, albeit without having tested the products in any depth. Even so: the defence department that produced the report also employs cryptologists and recognised experts. That makes their assessment significant.

Some critics are calling for European alternatives, which could in some cases even be developed by government agencies themselves. What is your view of that?

European alternatives address one aspect of the problem – the potential for US influence and data leakage. But they do not resolve the fundamental rights questions. The issue is whether one wants such software to enable far-reaching surveillance missions at all – regardless of whose hands it is in. I am therefore sceptical of that demand when fundamental rights concerns are not central to it.

On the lawsuit: what is Palantir demanding from you, and in which court is the case being heard?

Following our investigation, Palantir twice demanded a very detailed right of reply and is now seeking to enforce this through the courts. We rejected the demands because we do not consider the individual points to be well-founded. The case is now before the Zurich commercial court.

And how do you view that? It would be rather interesting if there were ever a tribunal dealing with criticism of Palantir.

Politically, I see the lawsuit as an attempt to exert influence over journalistic reporting. I am convinced that we worked in a factual and thorough manner. The fact that one of the 40 most powerful listed companies is suing an independent research collective and a relatively small, reader-funded journalistic outlet like “Republik” is, in my view, an attempt at intimidation.

But it is also a good opportunity to talk publicly about what kind of company this is, who stands behind it, how its products are used – and what that means from a fundamental rights perspective. This debate must take place before any contracts are signed.

Published in German in „nd“.

Image: Rathfelder, Palantir 2022, CC BY-SA 4.0.