impACT urges UK Government to reconsider dangerous Palantir/NHS deal

impACT urges UK Government to reconsider dangerous Palantir/NHS deal
Palantir win lucrative, worrying, NHS data contract

In March 2023, it was reported by openDemocracy that US spy-tech firm Palantir was a “front runner for the NHS’s biggest ever contract”. It laid out a number of concerns regarding the suitability of Palantir’s involvement in UK healthcare, particularly, given their history of involvement in software development that has aided the US Immigration and Customs Enforcement (during the Trump presidencies hardline deportation policies), the CIA, the NSA and the wider intelligence community.


Today, impACT has urged the UK government, NHS officials and civil society groups to raise their voices over concerns about the presence of the spy-tech firms applying for NHS contracts after yesterday, it was revealed that Palantir had won the £330m contract to build and operate the “federated data platform” (FDP). The FDP software would allow “individual health services trusts, as well as, the NHS’s 42 integrated care systems to ‘talk’ to each other digitally and share data in an effort to improve care”. Officials from NHSX, the digital transformation arm of the service has suggested that the technology would give ministers and officials “real-time information … showing where demand is rising and where critical equipment needs to be deployed”. Whilst officials suggest that this will enable the NHS to operate more efficiently, for the most part, the same concerns which characterised the March openDemocracy report remain. Data privacy campaigners have raised significant and undeniable concerns, such as Sam Smith, a healthcare and privacy campaigner at MedConfidential, stated in an interview with openDemocracy: 


“The NHS has given Palantir the green light to suck in their information without asking the public or telling them how it is being used or protected. Once trust is lost, it’s hard to win back.”


For most, the details of their health is a particularly private and confidential form of information. Concerns regarding access to such sensitive data, and the affect that this may have on the trust in our system are wholly warranted. Well-oiled healthcare systems allow people to feel safe and secure enough to reveal accurate and detailed information, which, in turn, is vital for a capable national healthcare service. Already, people in Britain have illustrated an unwillingness to allow for their data for be centralised. In 2021, over a million people in the short space of a month, opted out of pooling their health data after plans were publicised to centralise data and share with private companies by the government. We at impACT suggest that allowing Palantir to centralise such sensitive information via the FDP is in clear opposition to the views of many in Britain.


Perhaps in light of this, NHS England have reportedly told patients that they will not be allowed to opt out of the FDP software, but, have suggested that all information will be “anonymised” before it is shared and will not be used for “direct care”. 


However, Palantir do have a history of allowing for sensitive information to be accessed by unauthorised personnel. In 2021, sensitive information of accused hacker Virgil Griffin, was accessed for more than a year by “at least four FBI employees, all of whom work outside New York and were not investigating the case”. With the material being accessed at least four times from May 2020 to August 2021, the FBI blamed a software glitch, whilst Palantir claimed there “was no such glitch in the software” and was related to user error. Nonetheless, no matter the reason, sensitive information was accessed illegally by law enforcement officials. 


Further, data from the Department of Health and Social Care shows that NHS England had created more than “339 purposes for which the firm [Palantir] already processes NHS information … including patient data on mental health, cancer screening, and vaccines for STIs”. Access to records in their datastore had been used more than “60 000 times by users across the health services, government, and private sector” including consultancy firms like Deloitte, KPMG, McKinsey and PwC. NHS England declined to answer which datasets were used when asked by openDemocracy. 


impACT also would like to stress concerns that a private company with “monopoly over vital NHS infrastructure”, places Palantir in an incredibly powerful position. This concern is only compounded when considering Peter Thiel’s recently publicised views on the NHS. At an Oxford Union debate in January, the Silicon Valley billionaire owner of Palantir told the audience that “the NHS makes people sick” and should be privatised. Going onto suggest that British attachment to the service exhibited “Stockholm Syndrome”. It is incredibly worrying to many data privacy experts, healthcare experts, civil society groups and human rights organisations, including impACT, that someone with such open disdain for the NHS now holds significant power over the service is run. Certainly, this places the democratic decision-making in Britain over how we are cared for as a society, in significant danger.


Palantir’s links to the global intelligence community also has raised eyebrows. The company has worked closely with a number of agencies and military organisations around the world, including the CIA and the Ministry of Defence. The groups original funding first came from the CIA, and much of it’s business since then has been to provide the US military, security, intelligence and police agencies with software. In the United States, data privacy and digital surveillance campaign group STOP Spying has consistently criticised Palantir’s links to policing contracts and relationships with Police Foundations across the US. Palantir representatives often gift sums to Police Foundations, like the Los Angeles Police Foundation, STOP Spying suggests that the company “earns back their donations and millions more” through winning lucrative contracts where their software “amplifies the impact of biased policing data to support further over-policing of BIPOC communities”. 


STOP Spying have also condemned Palantir’s work with Immigration and Customs Enforcement. Stating that there are “no legal or technical safeguards to prevent Palantir from using newly-acquired health data” to assist ICE. In an article published in May 2019 by Mijente, it was reported that the tech firm “played a key role in federal immigration efforts to target and arrest” those ‘illegally’ crossing the US/Mexico border. Explaining that “Palantir’s software was used throughout”, ICE were able to build “profiles of immigrant children and their family members for the prosecution and arrest of any undocumented person they encountered in their investigation”. 


The intelligence community in the US is, as illustrated, inherently linked to Silicon Valley. In efforts to acquire new tech and fund research on cybersecurity, they are regular investors in new companies, and regularly push intelligence veterans to pursue careers on company boards. Their tight-knit links were, of course, publicised by Edward Snowden in 2013. In the proof provided by Snowden, it illustrated that Palantir had helped “expand and accelerate the NSA’s global spy network” in particular to “facilitate, augment, and accelerate the use of XKEYSCORE”, the most intrusive tool in the NSA toolbox. Certainly, this history of clandestine, rather macabre, involvement in intelligence has not inspired much hope that such sensitive healthcare data will be handled in the manner expected by NHS customers. 


Moreover, their lack of experience in healthcare does not indicate suitability to the central role they have now taken up within the NHS. Critics have already illuminated various, more suitable, national data platforms for health research and management, such as “openSAFELY”. The opensource flagship software developed by Ben Goldacre and others at Oxford University was used for vital COVID-19 research. It’s development indicates the existence of safer alternatives that also “cost a fraction of what Palantir does”. impACT suggests that NHS and government officials consider more risk-averse projects, developed at home, if they truly wish to better the health service. 


impACT cannot understate the risks that this new contract represents the people within the United Kingdom. Palantir’s history in intelligence not only indicate it’s unsuitability to the role in healthcare data management, but also it’s foundational imperatives to spy on civilians and use centralised data for myriad purposes. This represents an unprecedented risk to data privacy and healthcare in the UK. 


The NHS relies on interpersonal trust, where people are able to tell GPs, doctors and nurses incredibly private personal details in order to adequately treat people. As stated by Mr Smith, the existence of a centralised platform, that is feasibly accessible to a number of law enforcement agencies (including the Ministry of Defense, who’ve had contracts with Palantir since 2018) and other parties, only serves to degrade trust that is hard won back. Whilst some officials have lauded the opportunity to increase efficiencies, which are yet to be proven, the deal primarily illuminates the serious risk to civil trust which could further endanger the already burdened NHS. 


impACT, joining Big Brother Watch, openDemocracy, and numerous other organisations, urges the Government and NHS officials to oppose this new contract and reverse any deals that would allow such a company access to such important, sensitive, private information. 


Legal Framework for Establishing of Human Rights Groups in Saudi Arab...

Saudi government frequently bans meetings and closes down associations

Impact of Private Sectors in times of conflicts and crisis situations...

In times of conflicts and crisis situations, private sector has a key role in recovering and developing national economy

Guidance for business: Preserving human rights while combating COVID-...

As health and government officials work relentlessly to curb the spread of the novel coronavirus (COVID-19) around the world, businesses also must do thei...