FBI Palantir glitch allowed unauthorized access to private data

FBI Palantir glitch allowed unauthorized access to private data
By Ben Feuerherd
August 25, 2021 12:59pm Updated

Palantir buys $50M worth of gold bars, predicting ‘black swan event
Play Video
MORE ON:
FBI

FBI finds little evidence Capitol siege was organized plot
FBI now probing NFL star’s sexual assault case
How an NY robbery crew used Apple Watch to net $500K
FBI dodged Ilhan Omar-‘bro’ wed probe: Devine
A computer glitch in a secretive software program used by the FBI allowed some unauthorized employees to access private data for more than a year, prosecutors revealed in a new court filing.

The screw-up in the Palantir program — a software created by a sprawling data analytics company co-founded by billionaire Peter Thiel — was detailed in a letter by prosecutors in the Manhattan federal court case against accused hacker Virgil Griffith.

Data recovered from Griffith’s Facebook and Twitter accounts, which was obtained through a federal search warrant in March 2020, was accessed on Palantir for more than a year by at least four FBI employees, all of whom work outside New York and were not investigating the case, prosecutors wrote.

The FBI case agent assigned to Griffith’s case was alerted to the unauthorized access earlier this month, when another agent emailed him and said an analyst accessed the search warrant material on Palantir, according to the letter.

“An FBI analyst, in the course of conducting a separate investigation, had identified communications between the defendant and the subject of that other investigation by means of searches on the Platform that accessed the Search Warrant Returns,” the feds wrote in the letter filed Tuesday.

he logo of U.S. software company Palantir Technologies is seen in Davos, Switzerland.
A glitch in Palantir allowed some unauthorized employees to access private data for more than a year.
REUTERS
Federal prosecutors in Manhattan determined the FBI employees — three analysts and an agent — were able to view the material because it was entered in Palantir through the program’s default settings.

“When data is loaded onto the Platform, the default setting is to permit access to the data to other FBI personnel otherwise authorized to access the Platform,” prosecutors wrote in the letter.

The material was accessed at least four times from May 2020 to August 2021, according to the letter.

The employees who accessed the data told prosecutors that they did not recall using the information in their investigations.

Manhattan prosecutors instructed Palantir employees to delete the data on Aug. 17 and said they do not intend on using the information in their case against Griffith, according to the letter.

In a statement, a Palantir spokesperson said the error was caused by the FBI.

“There was no glitch in the software. Our platform has robust access and security controls. The customer also has rigorous protocols established to protect search warrant returns, which, in this case, the end user did not follow,” the spokesperson said.

SEE ALSO

The logo of U.S. software company Palantir Technologies is seen in Davos, Switzerland January 22, 2020.
Palantir buys $50M worth of gold bars to counter ‘black swan event’
The mishap could suggest a wider issue with the FBI’s use of Palantir, said Albert Fox Cahn, the founder of Surveillance Technology Oversight Project, a privacy and civil rights group.

“Since this same issue will happen whenever documents are uploaded with the default settings, and since there doesn’t seem to be any sort of automated notice when they have been improperly accessed, this suggests that it’s happening a lot more than just this one case,” he said.

Griffith is accused of violating international sanctions by traveling to North Korea and delivering a speech about cryptocurrency.

He pleaded not guilty after his arrest in 2019 and was subsequently ordered held in jail pending his trial this year, according to court filings.

An attorney for Griffith, Brian Klein, said he is looking at legal options regarding the error.

“We are very troubled by what happened. We are looking into the legal remedies,” Klein said in an email.