Nineteen years later, they are mostly firmly still in place.
Now the U.S government is creating a sweeping, comprehensive coronavirus data platform that will track millions of Americans’ information. Last month, the Department of Health and Human Services (HHS) awarded the contract for this platform to Palantir Technologies, a secretive data-mining firm known for its work with the Pentagon, intelligence agencies and law enforcement during the so-called global war on terrorism. The HHS Protect Now platform will aggregate data from at least 187 different sources, including the federal government, state and local governments, hospitals, and the private sector.
This development should worry all of us. Our existing privacy laws are woefully inadequate to protect the sensitive and personal information that Palantir will analyze. Without adequate protections, we run the risk of massive, ongoing government surveillance of all Americans in the name of public health. Without time limitations, that surveillance could become the norm, and the data collected used for purposes far beyond the protection of our public health.
First, consider the sheer volume of data —potentially including personal health information — that will end up in such a platform. Experts suggest that 750,000 tests per week to millions of tests per day may be necessary before the country can be reopened. HHS states that the current data sets do not include identifiable personal information, but according to recent reports, it plans to include information in the future such as patient data from the CDC and even private companies. We do not know what safeguards, if any, HHS has put place to protect our privacy. Neither it nor Palantir has divulged critical information about what data goes into the system, how it’s used or with whom it can be shared.
Second, there is every reason to worry that sensitive data collected could be co-opted for purposes far beyond the preservation of public health. The Trump administration has previously sought to use HHS data collected for one reason to achieve other, nefarious objectives. In 2018, the agency permitted Immigration and Customs Enforcement (ICE) access to a trove of data it had collected while reuniting the unaccompanied migrant children in its care with their families in the United States. This, in turn, allowed ICE to arrest hundreds of family members and created a chilling effect for countless other families, who were suddenly forced to choose between their children remaining in detention and their own potential arrests.
Third, Palantir’s involvement in the tracking and collection of our public-health data is cause for grave concern, given the entrenchment of its surveillance technology in federal intelligence and law enforcement efforts. Some of the National Security Agency’s most “wide-reaching” global surveillance programs rely on Palantir. Closer to home, Palantir technology has facilitated the separation and deportation of migrant families. In 2017, ICE relied on Palantir technology to arrest more than 400 parents and caregivers of unaccompanied migrant children. Palantir initially said that its technology played no role in separating and deporting migrant families, before its chief executive, Alex Karp, admitted as much this year. Palantir technology also powered the largest immigration raid in a decade, in Mississippi, which led to the arrest of nearly 700 undocumented workers and the separation of parents from their children.
The massive surveillance architecture Palantir created to enable the tracking and arrest of immigrants now risks being turned on all of us.
Although a coordinated, data-driven response to the coronavirus pandemic could play a crucial role in advancing public health, neither the government nor private companies such as Palantir should receive unlimited authorization for unlawful, unnecessary or disproportionate surveillance or intrusive data collection. Nor should that data be used to achieve ends that do not further public health. Any surveillance undertaken in response to the pandemic must be justified by legitimate health needs and limited to only information necessary to respond to the pandemic. Further, such data collection must be completely transparent and should only last as long as necessary to respond to the pandemic.
The potential mass collection of personal health information by the government, facilitated by Palantir, should prompt us all to demand that our representatives in Congress take a close look at the scope and extent of the data the company will be collecting. Lawmakers should place clear limits on how long that data is collected, how it is protected and stored, and with whom it is shared to ensure it is not misused, especially against immigrants and communities of color. The technology we deploy to combat this pandemic cannot sacrifice our human rights in the process.