The head of the Federal Emergency Management Agency urged health officials in “all states and territories” to provide “daily” updates on ventilator availability for the novel coronavirus directly to the data mining giant Palantir, according to emails shared with The Daily Beast and confirmed by FEMA.
Palantir, co-founded by key Trump ally Peter Thiel, signed government contracts last month worth approximately $24.8 million to provide the Department of Health and Human Services with data-management software to track health-infrastructure deficiencies and forecast where future needs will emerge, through a platform known as HHS Protect. The company’s tools integrate a staggering 187 data sets containing information on everything from hospital inventories, medical supply chains, diagnostic and geographic testing data, demographic stats and more.
Those data sets do not include information from identifiable patients, according to HHS, which experts say keeps the arrangement from running afoul of privacy laws. But information on state capacity to meet COVID-19 hospitalization needs, particularly for the predictive purposes the FEMA administrator references and Palantir specializes in, is a potential goldmine for the secretive company.
“If they’re accessing these rich data sets directly from our public health infrastructure, will they exploit that to add economic value to their core data sets? If their AI learns how to infer and predict the patterns of the disease from our public data, then that becomes a hugely lucrative advantage for a private company, especially now when everyone, in every business sector, wants to know where COVID is going and how hard it’s going to hit,” said Shoshana Zuboff, the author of The Age of Surveillance Capitalism and a professor emerita at Harvard Business School.
Palantir has suggested that it doesn’t actually touch the data itself and merely helps the government sort through the data that the government, not Palantir, collects. “We are not mining the data, we are giving them the platform, analytical tools, and supporting data pipelines to enable them to do their own modeling,” its privacy officer, Courtney Bowman, told FedScoop on April 2.
But an email sent by FEMA Administrator Peter Gaynor on April 5 to his regional administrators showed Palantir directly receives ventilator information—information necessary for mitigating the impact of the COVID-19 outbreak that has killed over 92,000 Americans since February.
“The specific ventilator information necessary for modeling and projections are: 1. total ventilators that can be used for COVID-19 patients; 2. total ventilators available for COVID-19 patients; and 3. total ventilators in use,” Gaynor wrote. Receiving that data is necessary “to paint the national picture for critical decisions that will need to be made in this response.”
Gaynor asked the administrators to get U.S. states and territories to provide the data “daily with updates for total ventilators” to both an HHS official and a COVID-specific Palantir email address.
Through a spokesperson, FEMA confirmed the data provision to Palantir and said “all 50 states have provided and continue to provide” ventilator information.
“The request from Administrator Gaynor was for the requested data to be submitted to the data warehouse that was being operated under contract for the Federal government,” a FEMA spokesperson said in a statement to the Daily Beast. “The data warehouse is helping to organize and consolidate a huge amount of information vital for our response decision making. The request was to help make our data as robust as possible.”
Asked if FEMA had requested other data be provided to Palantir, the FEMA spokesperson cited an April 10 letter from HHS Secretary Alex Azar seeking “daily reports on testing, capacity, supplies, utilization, and patient flows” from hospital administrators. The data was “to be submitted to HHS Protect directly or through other specified channels,” the spokesperson continued: “HHS Protect was set up specifically for this response effort by Palantir, a contractor working on consolidating the data.”
The emails were acquired by the watchdog group Accountable.US through the Freedom of Information Act and shared with The Daily Beast. Accountable.US President Kyle Herrig said the emails raised troubling questions about the private company’s direct access to data with implications for both the public health response and for reopening the economy.
“Every American should be concerned about the prospect of a private software and data company with close financial ties to the Trumps and Kushners having access to sensitive government data, while health professionals and the public have been kept in the dark,” Herrig told The Daily Beast. “Right now, there are more questions than answers about the Administration’s response and what safeguards – if any – were put in place to protect privacy and taxpayer funds.”
It is unclear if Palantir is obligated to purge the ventilator data, or whether the company can share it for any purpose. In a statement to The Daily Beast, Palantir said that it would not repurpose the collected data “for commercial uses” and that the company anticipated phasing out its direct data collection.
“The federal government requested data from the states to inform the broader public health response, and a temporary email address was used to facilitate this data sharing in our role as technical agents to the government. Data provided to the temporary inbox is for the government’s exclusive use for its limited purposes, under urgent circumstances, for a limited duration, and will not be repurposed for commercial uses,” a Palantir spokeswoman said in the statement. “This pipeline is in the process of being transitioned fully to HHS, at which point the temporary email inbox will be deprecated. The inbox at issue was established to receive aggregated data (i.e., not including patient level, individual, or PII [personally identifiable information]) from participating states.”
Oregon’s health authority confirmed “we’ve been submitting ventilator data on a daily basis to HHS and Palantir as requested by HHS,” according to spokesperson Philip Schmidt. “The submission contains no personal health information. It’s statewide counts of ventilators and the total number of patients on ventilators for COVID statewide, and which hospitals are reporting.”
Similarly, Colorado’s health authority said it had been providing “a daily report” since April 5, the date of Gaynor’s email, to “HHS, FEMA and Palantir in the form of an email which links to a Tableau dashboard snapshot,” rather than live data. Last week, continued spokesperson Micki Trost, the state’s Department of Public Health and Environment (CDPHE) received a “formal invitation” from a regional HHS official to “participate in the new HHS recovery center portal. We are currently pursuing access, training, and reporting guidance for this federally required reporting system formerly recognized as Palantir.”
Asked why the system was “formerly” recognized as Palantir, Trost said, “initially when CDPHE was invited to join the system it did say Palantir on it, however, now the name has been removed and the official name has changed.”
Scott Amey, the chief lawyer at the Project on Government Oversight, said that it was possible Palantir’s contract was structured to “prevent conflicts of interest and misuse of that data,” it was “difficult to know when contracts are not publicly available and the parties to the deal aren't talking.”
Jim Dempsey, a former member of the government’s Privacy and Civil Liberties Oversight Board and the executive director of the Berkeley Center for Law and Technology, said that as long as Palantir wasn’t collecting personally identifiable information, privacy concerns didn’t apply to Palantir’s acquisition of coronavirus-relevant data.
"So far, the issues here, if any, don't fall under the privacy umbrella,” Dempsey said. “The ventilator data, and as far as I can tell the other data involved in the HHS project, is not data about individuals or that the federal government is trying to link back to individuals and does not pose privacy concerns."
Zuboff saw it instead as the latest example of tech companies gaining the upper hand over governments and using it for private enrichment.
“Will this become a lucrative opportunity for Palantir to monetize public data, and how will we know? Palantir is a black box,” she said.