The Silicon Valley data analysis firm Palantir Technologies lacked a comprehensive policy for handling social media data in 2014, when one of its employees helped Cambridge Analytica acquire private information on as many as 87 million Facebook users, BuzzFeed News has learned.
Palantir insiders felt that the company's "ad hoc" approach to handling social media data for customers in general was "becoming unworkable," a senior engineer said in an October 2014 memo not related to Cambridge Analytica. Palantir took steps to develop a social media data policy in early 2015, soliciting input from employees who'd worked on customer accounts involving the use of such data, an email from that time shows.
Palantir has said previously that its employee, Alfredas Chmieliauskas, advised the Cambridge Analytica team in "an entirely personal capacity" from 2013 to 2014, and that Cambridge Analytica was never a Palantir customer. There is no indication in the documents seen by BuzzFeed News that the push by Palantir to develop the social media policy had anything to do with Cambridge Analytica.
Rather, the push was tied to requests by Palantir's customers to mine social data during a time when Facebook’s restrictions on accessing and gathering data were much looser.
"Social media and social media data are very sexy now, and as the number of requests to use, ingest, or even collect social media data increases, we want to come up with a set of principles surrounding the usage of such data so that we can be consistent in dealing with these requests," a Palantir engineer specializing in data protection wrote to colleagues in the January 2015 memo.
Palantir spokesperson Lisa Gordon declined to comment.
Chmieliauskas suggested in May 2014 that the Cambridge Analytica team use a mobile app to gain the data it wanted, the New York Times reported last month. The subsequent collection of that data is at the heart of the privacy crisis Facebook now finds itself mired in.
In general, Silicon Valley took a more relaxed approach to social media data back in 2014. Facebook allowed third-party developers to gather information not only on the people who installed their apps but also on those people's friends — which was how a relatively tiny quiz app built by an academic was able to furnish Cambridge Analytica with data from tens of millions of Facebook accounts. Facebook killed that feature in 2015.
Palantir mines data for the likes of the FBI and the CIA, as well as major corporations such as JPMorgan Chase and the oil company BP. It has, for example, helped retail and consumer goods companies use their data to analyze shopper behavior, and helped banks use their data to catch fraudsters. In these examples, the data analyzed by Palantir was owned by the client; the use of social data is comparatively new for Palantir.
Palantir did not answer questions from BuzzFeed News as to what its current policy entails, what types of social media data it may have accessed prior to Facebook’s rule change, and whether any of that data had been joined with other databases, or otherwise remained accessible.
Palantir was cofounded by the billionaire investor Peter Thiel, who also sits on the board of Facebook. Thiel is an outspoken libertarian and prominently supported President Trump's campaign.
Inside Palantir, the question of developing a social media data policy arose in October 2014 in a meeting with European advisers on privacy issues.
"Having an ad hoc policy on social media use is becoming unworkable (as many of you have told us and we agree)," the senior engineer, who specializes in civil liberties issues, told colleagues in the memo that month about the meeting.
The discussion at this stage was still theoretical. The senior engineer said the advisers, from countries such as Germany, Switzerland, and the United Kingdom, were "generally comfortable with government and private sector monitoring of open-source social media platforms," but that they "did express concern with going beyond basic monitoring to collection and long-term storage as well as repurposing/reselling this data (or analysis derived from it) without an individual's consent."
An "action item" listed by the senior engineer was to raise the issue with Palantir's American privacy advisers and "see if there is a common thread that we can build a policy around."
By January 2015, the effort to build such a policy was still in an information-gathering phase. The engineer specializing in data protection said in the memo that month that Palantir's privacy and civil liberties team was "currently doing a survey of social media requirements seen across our deployments (past and present)." A deployment is Palantir's term for a customer account.
This engineer asked to hear from any Palantir employee who'd worked with social media data in a customer engagement. But he acknowledged that the very concept of social media was hard to define.
"So... what exactly is social media? This is a toughie," the engineer said in the memo. "Apps like Facebook, Foursquare, LinkedIn are easy examples, but one can say the same too about forums. Feel free to err on the side of over-including when thinking about this. We're in the process of coming up with a more useful definition too."