Palantir, private industries … Who helped NSA to build Prism?

Palantir Technologies is considered the principal company behind the design of software used for PRISM program, think of it as the work of a single company is truly an understatement.

Palantir Technologies, this is the most popular company name referred when discussing those who have supported the U.S. Government in the development of massive surveillance project Prism. The company, exactly like the principal IT firms involved in the program denied any implication but majority of security analysts are convinced that the truth is different.

I wrote on Palantir in a post just after the publication of mail stolen during the hack to Stratfor firm, in one email published Palantir is expressly indicated as a possible financier of Facebook.  The email between two Stratfor’s analysts states:

“I think Palantir is involved in things less clear, including the financing of Facebook.”

The Palantir is a California company that designs platforms for complex information analysis. It was founded in 2004 and currently offers various solutions for integrating, visualizing, and analyzing the world’s information.

Palantir was founded by Peter Thiel, Alex Karp, Joe Lonsdale,  Stephen Cohen, and Nathan Gettings, the company received investments for $2 million from the CIA’s venture arm In-Q-Tel and $30 million from Thiel and his firm, Founders Fund.

The name of Palantir appeared for the first time during the hacking of HBGary Federal company, when documents were some stolen detailing the involvement of the Palantir to attack and destroy WikiLeaks.

By coincidence Palantir commercialize a product dubbed PRISM that “that lets you quickly integrate external databases into Palantir. Specifically, it lets you build high-performance Data Engine based providers without writing any code. Instead, you define simple configuration files and then Palantir automatically constructs the data provider and database code for you.”

Palantir Prism is a data mining software for banks, that’s the version provided by legal representatives of the company:

“Palantir’s Prism platform is completely unrelated to any US government program of the same name. Prism is Palantir’s name for a data integration technology used in the Palantir Metropolis platform (formerly branded as Palantir Finance). This software has been licensed to banks and hedge funds for quantitative analysis and research,”

Y Combinator partner Garry Tan commented Palantir’s disclaimers with following tweet:

It is still not clear how PRISM works, the slides presented could be not accurate enough to explain how PRISM platform access to the data of IT companies, some specialists sustain that the companies provided direct access to their servers others speculate the companies feed a sort of Dropbox-like system that is accessed by PRISM for surveillance purpose.

In this second scenario it could be involved also Amazon as hosting provided for temporary storage for information provided by companies, Amazon Web Services in fact recently announced that it is set to build a massive cloud for the CIA. IBM.

Despite various hypothesis on PRISM architecture, it is still a mystery I suggest you the post proposed by Robert Graham of Errata Security that tried to propose an original idea of the Debated surveillance program.

In reality the complex machine that in a simplistic way was dubbed PRISM is probably fueled by much more information from various sources, not only IT giants are involved, Digital Net Agency Chief Strategy Officer Skip Graham believes the advertising industry is complicit inducing internet users to provide personal information online.

Who and how manage this data?

“How our industry works has absolutely no correlation to the efforts of the government. Or does it? How much of the data the NSA is using is data we convinced people it was safe to have stored? I’m afraid it’s going to turn out to be most of it,” Graham told ZDNet.

It must be also considered that many other data can concur to profile US citizens, let’s think of information related to their medical history, rather any kind of financial information acquired from banking and other financial institutions.

We are all  under continuous control, think of it as the work of a single company is truly an understatement …. how many other Palantir are operating in the US and elsewhere?

What data handling and on behalf of whom?

Pierluigi Paganini

(Security Affairs – Prism, Palantir)