08/27/2021 / By Franz Walker
A new court filing states that a glitch in software used by the Federal Bureau of Investigation allowed unauthorized employees to access private data for over a year.
The faulty software was developed by Palantir, a sprawling data analytics company co-founded by billionaire Peter Thiel. The glitch was detailed in a letter sent by Manhattan’s acting federal prosecutor, Audrey Strauss, to U.S. District Judge P. Kevin Castel.
Strauss’ office is prosecuting the federal court case against accused hacker Virgil Griffith.
According to Strauss’s letter, data from Griffith’s Facebook and Twitter accounts was accessed on Palantir’s software for more than a year by at least four FBI employees, all of who were not involved in the investigation. Griffith’s data had originally been obtained by the FBI through a search warrant in March of 2020.
The data was supposed to be segregated so that it would be available only to those prosecuting the case. But the error meant that four FBI employees, an agent and three analysts, unconnected to the case were able to view the data over a 15 month period, from May 2020 to August 2021.
It was only earlier this August that the FBI case agent assigned to Griffith’s case was alerted to the unauthorized access. This happened after another agent emailed him and said an analyst had accessed the search warrant material on the software.
“An FBI analyst, in the course of conducting a separate investigation, had identified communications between the defendant and the subject of that other investigation by means of searches on the Platform that accessed the Search Warrant Returns,” the Strauss’ letter noted.
Strauss’ office determined that the FBI employees were able to view the data because it was entered in Palantir’s software through the program’s default settings.
“When data is loaded onto the Platform, the default setting is to permit access to the data to other FBI personnel otherwise authorized to access the Platform,” explained the letter.
In an email, Palantir spokeswoman Lisa Gordon denied that there was a glitch in the company’s software, stressing that it had strong access and security protocols. She instead blamed the unauthorized access on the users, saying that the FBI “has rigorous protocols established to protect search warrant returns, which, in this case, the end user did not follow.”
According to Albert Fox Cahn, founder of civil rights group the Surveillance Technology Oversight Project, the mishap could suggest a wider issue with the FBI’s use of Palantir’s software.
“Since this same issue will happen whenever documents are uploaded with the default settings, and since there doesn’t seem to be any sort of automated notice when they have been improperly accessed, this suggests that it’s happening a lot more than just this one case,” he said.
The glitch could also have implications for the case against Griffith.
One of the developers behind the Ethereum cryptocurrency, Griffith was charged with violating U.S. sanction law in North Korea by supposedly helping the country circumvent sanctions through the use of crypto. (Related: The IRS wants “reliable” tools to crack crypto wallets.)
Griffith pleaded not guilty after his arrest in 2019 and later filed a motion to dismiss the charges. However, Judge Castel denied the motion to dismiss the charges earlier this year.
Now, Griffith’s legal team is looking to see if he has any legal options regarding the error.
“We are very troubled by what happened. We are looking into the legal remedies,” Brian Klein, an attorney for Griffith, said in an email.
Follow FBICorruption.news for more on unauthorized data access happening inside the FBI.
Sources include:
Tagged Under: Data, data privacy, FBI, Federal Bureau of Investigation, Glitch, hack, North Korea, palantir, surveillance, Virgil Griffith
COPYRIGHT © 2017 INFORMATIONTECHNOLOGY.NEWS