Laudator: Rolf Gössner
The BigBrotherAward 2018 in the “Authorities & Administration” Category goes to
the Interior Minister of the Federal State of Hesse, Peter Beuth (CDU).
He receives the negative award for
1. Acquiring an analysis software from Palantir, a company close to the CIA, the first purchase of this kind in Germany,
2. the fact that via the deployment and operation of this software, this controversial US company is given access to Hessian Police data networks,
3. the use of a software with which mass data from police and external sources can automatically be interrelated, analysed and evaluated within seconds – with disastrous effects on basic rights, data protection, and on the rule of law.
Yes, it was just last year when we decorated the conservative–green government coalition in the State of Hesse with a BigBrotherAward, for its then plans to tighten up the laws on the state’s police and its domestic intelligence agency (Verfassungsschutz).1 Despite all protests, these laws were adopted in July 2018 and have been in force since then. This now enables Hessian Police to take up new surveillance measures far ahead of actual suspicion or of a possible threat – for example, state trojans can be installed or people can be shackled with electronic tags only because the Police assumes that they might commit crimes in the future.
And there is more: to carry out these new preventive tasks and deal with the flood of data that is generated in the process, the Police has even got Palantir involved, a controversial company that is close to the CIA. Therefore, for the first time in German BigBrotherAwards history, we have no choice but to give the second successive punitive award to a data sinner in the same governing coalition of the same Federal State.
The Hessian interior minister Peter Beuth is responsible for commissioning the US company Palantir to install and activate its “Gotham” analysis software in the Hessian Police IT system. This software is named after the fictitious city, riddled by criminality and corruption, where Batman hunts perpetrators and ensures that law and order are upheld. After the “Gotham” software was adapted to the needs of Hessian Police, it was named “Hesse Data” (Hessen-Data). Paragraph 25a of the tightened Hessian Police Law (Hessisches Sicherheits- und Ordnungsgesetz, HSOG, literally “Hessian Security and Order Act”) gives the Police permission to use this software, which is why it has mockingly been called the “Palantir Enabling Paragraph”.2 Via this paragraph, comprehensive analyses may be conducted to take preventive action against more than forty crimes listed in § 100a section 2 of the Criminal Procedure Code (on telecommunications surveillance) and to avert certain threats.
What, then, makes this software for relating and analysing data by the US company Palantir so problematic and damaging to fundamental rights?
“Palantir” is named after the “Seeing-stones” in “Lord of the Rings”, and according to German newspaper Süddeutsche Zeitung it is “one of the most controversial companies in Silicon Valley”. The US civil rights organisation ACLU calls them a “key company in the surveillance industry”.3 The US “star investor” and billionaire Peter Thiel, who also co-founded the online payment service Paypal, founded this company in 2004 with financial support from the US Central Intelligence Agency (CIA). The company’s customer list reads like a “who is who” of the US military and security bureaucracy: CIA, FBI, NSA, Pentagon, Marines, and Air Force.4 To put it another way: As the in-house supplier of these institutions, the company is deeply entangled with the US military-digital complex, and its business model is: Big Data for Big Brother.5 Peter Thiel is also on the Facebook board and he supported Donald Trump’s election campaign with over a million US dollars.6
So Hessian Police commissioned this highly controversial surveillance company to analyse its police databases and interrelate them with social media data and other external documents. There is no way to rule out that confidential police data from Hesse was allowed to flow to the United States – particularly as up to six software developers employed by the company installed the software using their own laptops, operated it for Hessian Police and have maintenance access. As a US company, Palantir is subject to the notorious “Foreign Intelligence Surveillance Act” (FISA). That means that all information on non-US citizens to which Palantir can gain access, in whatever way, must be shared with US secret services if warranted.7 And in the view of the opposition in the Hessian parliament, the FDP and Left parties, there are no reliable control mechanisms to prevent this.8
The hope with “Hesse Data”, the data interrelation and analysis software, is that threats can be recognised more easily and so-called terrorist “endangerers” can be identified and tracked down – in other words, people who have not committed a crime but whom police believe to be capable of doing so on the basis of some evidence or behaviour. Modern police work has long gone beyond averting concrete threats towards police “reconnaissance” far ahead of presumed threats, as has been legalised in the latest tightening of the Hessian Police Law. Police are thus entering the domain of intelligence agencies, which is none of their business as a matter of principle. And if the new conservative–green coalition treaty of December 2018 is to be believed, the analysis software could even be used below the threshold of fighting Islamist terrorism and organised crime – and therefore to a much larger extent as initially intended.9 Meanwhile a mobile version of “Hesse Data” also exists, for example to track target persons or coordinate police observers.10
“Hesse Data” opens floodgates for police IT operations: Police data for criminal investigation used to be separate from those for threat defence, because data protection principles mandate that personal data must only be used for the purpose for which they were acquired – either for criminal investigation or for threat defence. This principle of purpose limitation is abolished with the use of “Hesse Data”.11 What is more, not only various police databases but also metadata as well as content from telecommunications surveillance are linked and trawled through, as well as from diverse information systems held by other institutions such as registration authorities and the central database on foreigners. But it doesn’t end there: another floodgate opened by “Hesse Data” is the use of information from social media such as Facebook, Twitter, WhatsApp, Instagram or YouTube, which for the first time can be automatically retrieved, linked and matched with police data in no time at all.
Through this fast-paced data linkage and analysis, Palantir’s software delivers complex movement and contact profiles, relationship networks, personal dossiers as well as anomalies or patterns of behaviour to the police, in exciting graphical forms.12 Who communicates or meets whom? Who is behaving in an unusual or suspicious way? You only have to be a contact or companion, witness, informant, or injured party to become the target of police attention, even if your connection to a supposed suspect is distant or coincidental.
The objective no longer is hard evidence but more or less arbitrary results from the analysis of these automatically amalgamated data pools. Imagine that your everyday activities, which create innumerable digital traces, suddenly can turn you into a suspect because they are taken away from their original source and put into a new, completely different context. Maybe the Hessian Police will “track you down” just because you happened to be in the wrong place at the wrong time, live near a crime scene or you were simply confused with another person. This analysis tool might seem very powerful – but it is also quite vulnerable to manipulation and caprice.
Through the new surveillance powers given to Hessian Police, the fallout from such an analysis can have particularly grave consequences for the affected persons. If the data linkage and analysis should filter someone out as conspicuous, an alleged risk or a so-called endangerer, these people may have to expect secretive and preventive surveillance through state trojans, and they could be subject to restrictions regarding movement or contacts, compelled to report to police, be electronically tagged, or put under preventive or punitive arrest.
Exactly how the “Hesse Data” software conducts its analysis remains a trade secret of the Palantir company. Thus the algorithms behind any potential police “findings” are beyond public and democratic scrutiny.13
What is also remarkable is how this cooperation between Hessian Police and Palantir was contrived.14 An inquiry in the Hessian parliament deliberated over several months last year on whether the commission to Palantir had been awarded in violation of the law and what the role of the Interior Minister had been. These questions have not been clearly answered to this day. In any case, the contract was awarded in an intransparent way, the requirements were specifically tailored to Palantir and their software, so that competitors had no equal chance to bid even though alternatives were available.
On top of that, if the public is left in the dark about the price paid for the Palantir software there is clearly a reason for suspicion. According to an official statement, the product’s value is “€ 0.01 excluding VAT”. The Hessian Interior Ministry admits to German news site Spiegel Online15 that this was “not the actual price”, but does not want to disclose that price “due to public safety interests of the State of Hesse”. How can such an information put public safety at risk – do they actually fear street riots or even attacks? Hessian Interior Minister Peter Beuth clearly prefers to let speculations run wild rather than to work transparently, which should be a matter of course in a democracy.
Conclusion: The use of the Palantir software “Hesse Data”, presumably at a cost of millions, takes data processing to a new level – in fact the Hessian Police enthuses about “a quantum leap in police work”. To put it in another and clearer way: With “Hesse Data” the conservative–green government of Hesse is taking another large step towards a control and surveillance state.
The “Hesse Data” analysis platform is in a continual conflict with the right to informational self-determination, which is an expression of common personality law (Article 2, Paragraph 1 of the German Constitution). The use of the Palantir software also demolishes an important pillar in data protection, that is, the limitation of the use of personal data to the purpose for which it was acquired. And all of that largely without effective scrutiny and in an unholy alliance with one of the main actors of the US military–intelligence complex. The only possible response is for us to say:
Congratulations, Interior Minister Peter Beuth, for the BigBrotherAward 2019.
2 Palantir-Ermächtigung, an allusion to the Enabling Act (Ermächtigungsgesetz) of 1933 that was a cornerstone of Hitler’s seizure of control over the German state. https://police-it.org/palantir-in-hessen-vereint-daten-von-facebook-und-co-mit-polizeilichen-datenbanken
3 Oliver Voss, Glaskugel der Geheimdienste, in: Tagesspiegel 5 Jun 2018: https://www.tagesspiegel.de/wirtschaft/start-up-palantir-glaskugel-der-geheimdienste/22636184.html
5 Palantir employees are also suspected to have maintained contacts with Cambridge Analytica, who are said to have used illegally obtained Facebook data to try to influence the 2016 US presidential election. German media reports about this include Spiegel Online and Zeit Online on 6 Apr 2018: https://www.zeit.de/digital/2018-04/palantir-software-hessen-kriminalitaet-islamismus-cambridge-analytica; https://netzpolitik.org/2018/whistleblower-ueberwachungskonzern-palantir-hat-cambridge-analytica-bei-illegalen-methoden-geholfen/
8 Frankfurter Rundschau on 11 Jan 2019, D4: https://www.fr.de/rhein-main/fdp-org26312/schwarz-gruen-setzt-palantir-11415221.html
10 Hessen-Data, in: FR 5.04.2019, D2 f.: https://www.fr.de/rhein-main/agenten-thriller-12113844.html
11 Tobias Singelnstein, Big Data bei der Polizei: Hessen sucht mit US-Software nach Gefährdern, in: Grundrechte-Report 2019, Frankfurt/M. 2019
13 The CTO of the Hessian Centre for Data Processing (Hessische Zentrale für Datenverarbeitung, HZD), where the Palantir servers were set up under police watch and now operated, declared in the parliamentary inquiry that he has no insight whatsoever about which data are processed, what the scope of information processing is and who has access. This would be the sole responsibility of the Police and the Interior Ministry. https://www.fr.de/rhein-main/agenten-thriller-12113844.html
14 In May 2016 a Hessian delegation visited the US company in Silicon Valley, among the visiting party was the (CDU) Interior Minister and BigBrotherAwards winner, Peter Beuth. The original intention was to find a software to combat cyber crime. Returning from Silicon Valley, the group changed its objective to the fight against terror and the protection of the state. Palantir was exclusively considered as a potential software supplier. https://police-it.org/palantir-in-hessen-vereint-daten-von-facebook-und-co-mit-polizeilichen-datenbanken