Cross-posted from Just Security
News that the New York Police Department (NYPD) is in a fight with Palantir Technologies over access to analytic data the company produced, raises a host of troubling questions. The dispute over the information stems from NYPD’s plans to cancel its contract with the data mining company as NYPD transitions to a new system —“Cobalt”— which it developed in partnership with IBM, as BuzzFeed recently reported. The most troubling revelation so far is that neither the public nor the City Council had any idea this was going on. New Yorkers have learned more about the NYPD’s relationship with Palantir through this dust-up over a contract dispute than after years of public records requests and a lawsuit. It shouldn’t be this way.
First, some background. Palantir is a secretive tech company founded in part with funds from In-Q-Tel, the venture capital arm of the CIA. Immigrations and Customs Enforcement (ICE) is one of dozens of government agencies with multimillion-dollar Palantir contracts, fueling fears that the technology could be used to enforce President Donald Trump’s aggressive immigration agenda. The NYPD has also had a contract with Palantir for years, but the specifics are still unknown.
All we know is that the NYPD was licensing Palantir software to produce analysis from data collected by the police, such as arrest records, license-plate reads, and parking tickets. According to BuzzFeed, Palatir’s software “graphs this data in a way that can reveal connections among crimes and people.” The NYPD’s continued use of this analytic data is at the center of the ongoing contract dispute. Palantir has declined to hand over a readable version of the data to the NYPD, claiming that doing so would threaten its intellectual property.
All of this begs the question: Why are New Yorkers just learning about this now, and where is the public oversight?
We know who’s not being kept in the loop: the New York City Council. On June 14, the Council held a hearing on the Public Oversight of Surveillance Technology (POST) Act, which would require the NYPD to publicly report on the surveillance tools it uses and the rules for using them. (For more on the hearing and the POST Act, see here.) The NYPD has opposed the bill, but revelations like this one only underscore how necessary it is.
Consider, for example, the exchange between NYPD Deputy Commissioner of Legal Matters Larry Byrne and Councilmember James Vacca at the June hearing. Vacca was concerned about private access to NYPD data, asking whether New Yorkers should “be concerned about these private companies having access to their information.” Byrne assured Vacca that the information obtained by the technologies being used “remains within the confidential protection of the NYPD and is not shared with outside vendors.” But the NYPD’s new fight with Palantir tells a different story, suggesting not only that Palantir has access to NYPD data, but also that it considers some information derived from that data to be its private intellectual property.
Byrne’s statement to Vacca also contradicts the terms of the NYPD’s contract with Vigilant Technologies, the company the NYPD uses for its automatic license plate reader database. The contract places no limit on how long Vigilant can keep location data obtained by NYPD license plate readers. And like virtually all tech companies, Vigilant makes money from that personal data. It is in their interest to keep and sell data, including more than 2.2 billion location records, which they tout as a feature when negotiating contracts with other law enforcement clients.
Palantir is no different. The contract between Palantir and the City of New York’s Department of Finance gives a sense of the kinds of terms the NYPD may have agreed to. It asserts that Palantir “retains all rights” to the products and documentation they are licensing to the NYPD. It also prohibits the NYPD from transferring, transmitting, or exporting any product or any Palantir “technical data.” In short, Palantir has a financial interest in keeping the analysis their platforms generated based on New Yorkers’ data, and that is likely the crux of the dispute. Palantir trains its software on this information, and it could have a hard time selling its services to other police departments without a legal right to the underlying data. But unlike the data Palantir analyzes for private companies like Walmart, this is data that the NYPD collects about New Yorkers with New York City funding. There are already serious doubts about whether the NYPD should be collecting such information in the first place, let alone giving a private company rights to use it.
These revelations add urgency to efforts to force the NYPD to be more transparent about its use of surveillance technology. New Yorkers’ personal information is in the crosshairs of a legal fight between the NYPD and Palantir, a battle that is currently unfolding behind closed doors. We, the public, are left to speculate about the details of this contract. We are also left to speculate about Palantir’s legal claims and whether the intelligence products they produced from NYPD data are now commercial intellectual property. And finally, we are left wondering about the taxpayer dollars being allocated to all of this. (According to public purchase orders, the NYPD paid Palantir at least $2.5 million over the past five years. But according to an internal 2015 email, the NYPD was actually paying Palantir $3.5 million a year. That means the NYPD may have actually paid Palantir a whopping $17.5 million over five years, seven times the amount reported publicly.)
So, what can be done? The New York City Council should pass the POST Act. The bill would, among other things, compel the NYPD to release information about its practices and vendor contracts like the one it has with Palantir. It would give the police a chance to inform the public and the City Council about the technologies it uses, and it would give the public and our elected officials a chance to hold the NYPD accountable.