New UN deal with data mining firm Palantir raises privacy concerns

CIA-linked software firm Palantir will help the UN’s World Food Programme analyse its data in a new partnership worth $45 million, both organisations announced Tuesday, drawing immediate flak from privacy and data protection activists.

The California-based contractor, best known for its work in intelligence and immigration enforcement, will provide software and expertise to the UN’s food relief agency over five years to help WFP pool its enormous amounts of data and find cost-saving efficiencies.

At a press conference in Geneva, WFP’s chief information officer Enrica Porcari said the plan was to launch a data integration effort that would include records of distributions to beneficiaries but, she stressed, not personally identifiable data. “Can all the data pour into one lake?” she asked, rhetorically. The system would then, she explained, work like a bank whose algorithms flag unusual credit card activity, picking up “anomalies” in beneficiary locations and behaviour that might signal misuse.

“WFP is jumping headlong into something they don’t understand, without thinking through the consequences, and the UN has put no frameworks in place to regulate it.”

In future, if multiple aid agencies connected to the WFP’s SCOPE beneficiary management system and used it as the basis for recording what people received, a powerful overview could be achieved, Porcari said.

Palantir executive vice president Josh Harris said WFP’s 92 million aid recipient “customers”, its more than 30 data systems, and its difficult operating environment represented a “complex data landscape”, but something his company’s software was built for. The opportunity to provide support to WFP is a “dream combination” that fits “mission-driven” Palantir’s philanthropic goals, Harris added.

Palantir has already worked with WFP on a pilot project on food procurement in Iraq that has produced over $26 million (or about 10 percent) in savings, the two organisations said.

‘This data is highly sensitive’

Privacy and data protection activists cried foul at the new tie-up, questioning if WFP understood what it was getting itself into and if proper safeguards had been put in place.

“The recipients of WFP aid are already in extremely vulnerable situations; they should not be put at additional risk of harm or exploitation,” a spokesperson for activist NGO Privacy International told IRIN. “This data is highly sensitive, and it is essential that proper protections are put in place, to limit the data gathered, transferred, and processed.”

Asked for the legal basis for any data-sharing with Palantir, Porcari said: “there is no data-sharing”. She insisted that all data instead would rest under WFP’s control, with personal data being kept separate and secure.

But Privacy International, which recently analysed the (unintended) risks of humanitarian data misuse, warned: “We’ve seen examples of systems that are produced in agreements such as the one between WFP and Palantir increasing risks to the people the systems are aiming to benefit. There are risks to both individuals and whole populations from the gathering and processing of data from humanitarian activities.”

Read more