Palantir glitch allowed unauthorized access to private data

Gunnar Larson g at xny.io
Tue Feb 8 15:34:19 PST 2022


https://nypost.com/2021/08/25/fbi-palantir-glitch-allowed-unauthorized-access-to-private-data/

A computer glitch in a secretive software program used by the FBI allowed
some unauthorized employees to access private data for more than a year,
prosecutors revealed in a new court filing.

The screw-up in the Palantir program — a software created by a sprawling
data analytics company co-founded by billionaire Peter Thiel — was detailed
in a letter by prosecutors in the Manhattan federal court case against
accused hacker Virgil Griffith.

Data recovered from Griffith’s Facebook and Twitter accounts, which was
obtained through a federal search warrant in March 2020, was accessed on
Palantir for more than a year by at least four FBI employees, all of whom
work outside New York and were not investigating the case, prosecutors
wrote.

The FBI case agent assigned to Griffith’s case was alerted to the
unauthorized access earlier this month, when another agent emailed him and
said an analyst accessed the search warrant material on Palantir, according
to the letter.

“An FBI analyst, in the course of conducting a separate investigation, had
identified communications between the defendant and the subject of that
other investigation by means of searches on the Platform that accessed the
Search Warrant Returns,” the feds wrote in the letter filed Tuesday.

Palantir through the program’s default settings.

“When data is loaded onto the Platform, the default setting is to permit
access to the data to other FBI personnel otherwise authorized to access
the Platform,” prosecutors wrote in the letter.

The material was accessed at least four times from May 2020 to August 2021,
according to the letter.

The employees who accessed the data told prosecutors that they did not
recall using the information in their investigations.

Manhattan prosecutors instructed Palantir employees to delete the data on
Aug. 17 and said they do not intend on using the information in their case
against Griffith, according to the letter.

In a statement, a Palantir spokesperson said the error was caused by the
FBI.

“There was no glitch in the software. Our platform has robust access and
security controls. The customer also has rigorous protocols established to
protect search warrant returns, which, in this case, the end user did not
follow,” the spokesperson said.
SEE ALSO
[image: The logo of U.S. software company Palantir Technologies is seen in
Davos, Switzerland January 22, 2020.]
<https://nypost.com/2021/08/18/palantir-buys-50m-worth-of-gold-bars-to-counter-black-swan-event/>
Palantir buys $50M worth of gold bars to counter ‘black swan event’
<https://nypost.com/2021/08/18/palantir-buys-50m-worth-of-gold-bars-to-counter-black-swan-event/>

The mishap could suggest a wider issue with the FBI’s use of Palantir, said
Albert Fox Cahn, the founder of Surveillance Technology Oversight Project,
a privacy and civil rights group.

“Since this same issue will happen whenever documents are uploaded with the
default settings, and since there doesn’t seem to be any sort of automated
notice when they have been improperly accessed, this suggests that it’s
happening a lot more than just this one case,” he said.

Griffith is accused of violating international sanctions by traveling to
North Korea and delivering a speech about cryptocurrency.

He pleaded not guilty after his arrest in 2019 and was subsequently ordered
held in jail pending his trial this year, according to court filings.

An attorney for Griffith, Brian Klein, said he is looking at legal options
regarding the error.

“We are very troubled by what happened. We are looking into the legal
remedies,” Klein said in an email.
-- 
*Gunnar Larson - xNY.io <http://www.xNY.io> | Bank.org <http://Bank.org>*
MSc
<https://www.unic.ac.cy/blockchain/msc-digital-currency/?utm_source=Google&utm_medium=Search&utm_campaign=MSc-Digital-Currency-North-America&utm_term=blockchain%20unic&gclid=Cj0KCQiAyJOBBhDCARIsAJG2h5ctwwMz0MRbVSk-LaYD-GMU5UgDSw7ynxbGr_a7SkaFAZzJc1-pzxEaAi4NEALw_wcB>
- Digital Currency
MBA
<https://www.unic.ac.cy/business-administration-entrepreneurship-and-innovation-mba-1-5-years-or-3-semesters/>
- Entrepreneurship and Innovation (ip)

G at xNY.io
+1-646-454-9107
New York, New York 10001
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 12003 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20220208/5dcb7e46/attachment.txt>


More information about the cypherpunks mailing list