[iw] - FBI Palantir glitch allowed unauthorized access to private data
rforno at infowarrior.org
Wed Aug 25 14:11:19 EDT 2021
FBI Palantir glitch allowed unauthorized access to private data
A computer glitch in a secretive software program used by the FBI allowed some unauthorized employees to access private data for more than a year, prosecutors revealed in a new court filing.
The screw-up in the Palantir program — a software created by a sprawling data analytics company co-founded by billionaire Peter Thiel — was detailed in a letter by prosecutors in the Manhattan federal court case against accused hacker Virgil Griffith.
Data recovered from Griffith’s Facebook and Twitter accounts, which was obtained through a federal search warrant in March 2020, was accessed on Palantir for more than a year by at least four FBI employees, all of whom work outside New York and were not investigating the case, prosecutors wrote.
The FBI case agent assigned to Griffith’s case was alerted to the unauthorized access earlier this month, when another agent emailed him and said an analyst accessed the search warrant material on Palantir, according to the letter.
“An FBI analyst, in the course of conducting a separate investigation, had identified communications between the defendant and the subject of that other investigation by means of searches on the Platform that accessed the Search Warrant Returns,” the feds wrote in the letter filed Tuesday.
Federal prosecutors in Manhattan determined the FBI employees — three analysts and an agent — were able to view the material because it was entered in Palantir through the program’s default settings.
“When data is loaded onto the Platform, the default setting is to permit access to the data to other FBI personnel otherwise authorized to access the Platform,” prosecutors wrote in the letter.
The material was accessed at least four times from May 2020 to August 2021, according to the letter.
The employees who accessed the data told prosecutors that they did not recall using the information in their investigations.
Manhattan prosecutors instructed Palantir employees to delete the data on Aug. 17 and said they do not intend on using the information in their case against Griffith, according to the letter.
The mishap could suggest a wider issue with the FBI’s use of Palantir, said Albert Fox Cahn, the founder of Surveillance Technology Oversight Project, a privacy and civil rights group.
“Since this same issue will happen whenever documents are uploaded with the default settings, and since there doesn’t seem to be any sort of automated notice when they have been improperly accessed, this suggests that it’s happening a lot more than just this one case,” he said.
Griffith is accused of violating international sanctions by traveling to North Korea and delivering a speech about cryptocurrency.
He pleaded not guilty after his arrest in 2019 and was subsequently ordered held in jail pending his trial this year, according to court filings.
An attorney for Griffith, Brian Klein, said he is looking at legal options regarding the error.
“We are very troubled by what happened. We are looking into the legal remedies,” Klein said in an email.
Palantir reps did not respond to requests for comment from The Post. A spokesperson for the New York FBI office declined to comment.
More information about the Iw