A software glitch in a controversial data-mining program used by the FBI allowed four employees to access classified data without permission for more than a year, the federal government has admitted.
The breach was quietly disclosed in an August 24 court filing by attorneys prosecuting programmer Virgil Griffith, who was charged in 2019 with conspiring to violate the international emergency economic powers act.
Prosecutors said data from Griffith’s Facebook and Twitter accounts that it legally obtained in 2019 was later uploaded by the FBI to Palantir, a data-mining program that has been accused of using unethical technology to aid Immigration and Customs Enforcement (ICE) raids.
At least four FBI employees – who were not part of the New York City prosecution team – accessed the information between May 2020 and August 2021, the court filing said.
The unauthorized employees were ‘conducting investigations into other matters,’ when they accessed Griffith’s social media files, according to the document.
Prosecutors trying programmer Virgil Griffith with conspiring to violate the International Emergency Economic Powers act say they obtained a search warrant to legally access Griffith's private social media data
Griffith was charged in November 2019 with violating the International Emergency Economic Powers Act by traveling to North Korea to offer advice on how to use cryptocurrency and blockchain technology to evade sanctions
Prosecutors said they became aware of the breach August 12 when an FBI agent received an email from a colleague, indicating an FBI analyst had accessed the private data while conducting an unrelated investigation.
‘Based on communications with FBI personnel and Palantir employees, the government understands that this outside access to the search warrant returns was made possible because, when data is loaded onto the [Palantir] platform, the default setting is to permit access to the data to other FBI personnel otherwise authorized to access the platform,’ the court filing said.
‘When the search warrant returns here were loaded onto the platform, those default settings were not changed to restrict access to the search warrant returns to the FBI personnel actually engaged in reviewing the search warrant returns pursuant to the warrants.’
The revelation didn’t sit well for those in the business of defending consumer rights.
‘Palantir blamed the glitch on FBI misusing the program,’ Jamie Court, president of Consumer Watchdog, told Dailymail.com. ‘But the company really should put better controls in place so that it is not a default that multiple people in an organization as big as the FBI could access data that was meant to be restricted to other employees.’
Prosecutors say FBI agents were able to access the data because it wasn't restricted to those working on Griffith's case
Court cautioned the platform to take measures that would prevent such privacy violations from happening again.
‘Palantir stores some very sensitive data and it needs to take precautions that users don’t make errors that allow widespread access to data that is meant to be classified,’ Court added. ‘Security by design is critical to securing classified information. Palantir needs to adjust its programming so that even user error doesn’t allow sensitive information outside of the circles it is meant for.’
Griffith’s social media data has since been deleted from the platform, prosecutors said.
Palantir, cofounded by billionaire Peter Theil, has been criticized for aiding ICE agents
According to the court filing, a now-retired FBI agent was the first to conduct an unauthorized search on the platform on May 4, 2020. The data was accessed again between August 6 and August 19 by an FBI analyst who viewed at least some of Griffith’s data, the court filing said.
The data later viewed by at least two other FBI employees, the prosecution said.
Griffith was charged in November 2019 with violating the International Emergency Economic Powers Act by traveling to North Korea to offer advice on how to use cryptocurrency and blockchain technology to evade sanctions, the Department of Justice said.
Prosecutors say Griffith's social media data has since been deleted from the platform
‘As alleged, Virgil Griffith provided highly technical information to North Korea, knowing that this information could be used to help North Korea launder money and evade sanctions,’ Geoffrey Berman, then-U.S. Attorney for the Southern District of New York, said in a statement following the arrest. ‘In allegedly doing so, Griffith jeopardized the sanctions that both Congress and the president have enacted to place maximum pressure on North Korea’s dangerous regime.’
While speaking at the Pyongyang conference in April 2019, he talked about how North Korea could use cryptocurrency to 'achieve independence from the global banking system,' according to a criminal complaint.
The conference was attended by 100 people, prosecutors said, including several who appeared to work for the North Korean government.
The criminal complaint Griffith planned to facilitate the exchange of cryptocurrency between North and South Korea and encouraged other US citizens to attend the same conference next year.
Palantir, which was cofounded by billionaire Peter Theil, has been criticized for aiding ICE agents preparing to conduct raids of undocumented immigrants.
Post a Comment