German Court Places Limits On Mass Surveillance Enabled By Peter Thiel’s Palantir Software

Big data has always been big business but, in recent years, it's also become big government business. The stuff advertisers like is also stuff the government likes. Millions of tax dollars have been fed to private companies offering government agencies a wealth of information they've never had access to before. Everyone carries a computer in their pockets these days, and the always-on nature of the internet creates a wealth of data that can be obtained, stored, and analyzed for less than pennies on the byte.

Peter Thiel's Palantir rides the forefront of the government access wave. The CIA-backed data analytics company provides its services to a number of US agencies, including the rightfully reviled ICE (Immigration and Customs Enforcement). Palantir scrapes up everything that isn't nailed down and serves it up to people with the power to stop, arrest, or kill persons of interest generated by proprietary algorithms criminal defendants are often denied access to.

If there's a downside, it's very limited. Private contractors are rarely sued for their contributions to mass surveillance. The directly responsible party is the government agency and a host of immunity options await those sued by those indiscriminately targeted by collect it all" software.

That's the way it works in the United States. In Europe, it's a (slightly) different story. While courts may often defer to the national security concerns of acronymed agencies, they aren't nearly as willing to allow private companies - even if employed by government agencies - to exercise the same amount of subjective discretion.

As Morgan Beaker reports for Ars Technica, a recent German court decision has placed limits on what government agencies can do with their Palantir-enabled surveillance. Handling a lawsuit filed in response to a law passed in Hamburg that granted the government permission to use Palantir's powerful surveillance software, the court arrived at this conclusion:

A top German court ruled the Hamburg law unconstitutional and issued strict guidelines for the first time about how automatic data analysis tools like Palantir's can be used by police, and it warned against the inclusion of data belonging to bystanders, such as witnesses or lawyers like (German attorney Britta) Eder. The ruling said that the Hamburg law, and a similar law in Hesse, allow police, with just one click, to create comprehensive profiles of persons, groups, and circles," without differentiating between suspected criminals and people who are connected to them.

That's always been the problem with bulk collections and the software that enables these collections. Private companies are unwilling (or unable) to place limits on government (mis)use of their software. Private contractors aren't necessarily supposed to understand the laws governing collections and government agencies are often given even more leeway to get things wrong. This results in over-collection which, when combined with an often minimal level of oversight, quickly turns into privacy violations never imagined by lawmakers dozens or hundreds of years earlier. That's where the courts need to step in. And that has happened here.

But this decision doesn't actually prevent German government agencies from utilizing powerful third-party surveillance tools. It simply adds guardrails for use of the data collected by Palantir and its competitors. And it only affects the single German state overseen by this court.

The court decision in Germany affects Hamburg, which was about to start using Palantir and now cannot use the company's software until it rewrites its rules governing the way police analyze big data. Hesse, which has been using Palantir software since 2017, can keep using the platform under strict conditions but must rewrite its local legislation by September.

It's not like it's a loss, though. The decision can be cited elsewhere in Germany in other cases challenging Palantir-enabled data dragnets. And, while the decision did not directly target Palantir, the limitations it imposes means Palantir's offerings can't be used by Hamburg law enforcement until changes are made. In response, the company's reps have offered up a grinning-through-gritted-teeth statement:

We welcome the German Federal Constitutional Court's efforts to provide clarity on the circumstances and ways in which police authorities can process their lawfully collected data to help keep people safe," says Paula Cipierre, head of privacy and public policy in Palantir's Berlin office.

This forced cheeriness is not represented in Palantir's statements to its shareholders. As Meaker reports, its letter to shareholders last November openly complained about the European market and its supposed inability to engage in the sort of regulatory flexibility" that allows Palantir to sell to multiple US agencies without having to fear being sued under local or federal privacy laws.

Grapes it is, then. Some sour. Some incredibly sweet and permissive. Palantir will remain successful, even if it has to stunt its products' effectiveness to comply with local laws. Governments will never stop wanting access to data, especially when utilizing third parties gives them plausible constitutional deniability. Palantir will remain fully operational and profitable. This decision doesn't directly affect it or its competitors. It only affects their customers. Maybe that will be enough to instigate a larger pushback against third-party-enabled surveillance in Germany, if not the rest of European Union. But even if it doesn't, Hamburg residents are now slightly more insulated from government overreach.