With “Gotham”, the US data company Palantir offers an extremely interesting tool for the German police authorities. The Bavarian State Criminal Police Office acquired a license, and data protection officers warn against overly careless use. the star talked to both sides.
The Bavarian State Criminal Police Office (BLKA) is being digitally upgraded: The authority is receiving a completely renewed “cross-procedure research and analysis system”, also known as “Vera”. This system is based on software called “Gotham” from the US data company Palantir. This is a platform that is able to pull together data from various sources and databases and structures it in such a way that you can search and filter it effectively. The manufacturer states that it offers numerous security mechanisms that the search engine can be equipped with to prevent unauthorized access.
In Bavaria, that’s exactly what the police need: “Vera” should make it possible to access personal data more quickly in an emergency and to sort the almost endless treasure trove of data in police databases in a useful way. So far, according to the police in their press release, analysts have had to query the police data sources individually and manually compare the information obtained. The President of the Bavarian State Criminal Police Office, Harald Pickert, explained that this was an investment of time that one no longer wanted or could afford against the background of serious crimes. “We have a particular focus on combating terrorism, organized crime and serious forms of crime such as sexualized violence against children,” the BLKA said. From the point of view of data protection officers, however, there is a reason for the previous way of working, Prof. Dr. Thomas Petri, State Commissioner for Data Protection star. He warns against misuse of the software.
Significant encroachment on fundamental rights possible
“These are all examples where I can understand that the police want to gather information from different databases as quickly and effectively as possible and, given the extremely high-ranking items to be protected, they are allowed to do so,” counters Petri. “But: It is also clear that depending on how “Vera” is designed, its use can significantly interfere with fundamental rights. And: The media information only mentions these forms of crime as examples. If all conceivable forms of use – as previously thought – are based on a general processing clause , apart from the principle of necessity, there are no specific requirements that would expressly prevent the police from using Vera in completely different contexts.”
This is exactly what has been prevented by the many databases so far. “From a legal point of view, it is no coincidence that the police set up various databases (Bavaria Art. 64 Para. 1 Police Tasks Act). This procedure is intended to ensure the proportionality of the processing and compliance with the so-called earmarking: the police should only use personal data that actually needs them in the respective context.There is, for example, a significant difference between whether the police process data to fight organized crime – or whether they collect data from citizens in completely different contexts that have nothing or only marginally to do with fighting crime have,” explains Prof. Peter.
“In addition, there are different protection requirements: the police have to deal differently with data from suspects than with data from non-suspects. And there are various fundamental rights that develop different degrees of protection (inviolability of the home and the fundamental IT right: very strong; telecommunications secrecy : strong; general personality rights: very different, sometimes strong, sometimes less strong). Depending on how Vera is designed, all these differences could be leveled out.”
Organized crime, not pickpocketing
That is not the goal for the police, according to a statement that the BLKA dem star sent. “The focus is on recognizing criminal and extremist networks and also on approaches to be able to defuse security threats more quickly. Every access to Vera is logged and evaluated.” Data protection and the correct handling of data are top priorities for the authority. dr Jürgen Brandl, BLKA project manager “Vera”, explained the star the procedure over the phone: “Only experts who have received the appropriate approval from us may access data on the server. This only affects a very small group of people, who are also only allowed to work on site on the premises of the BLKA. The Vera servers do not have any connection to the Internet, before using the software and before each update, an independent research institute checks the source code for malware and backdoors, and even maintenance only takes place locally, not over the Internet.”
With Hesse and North Rhine-Westphalia, two other countries already rely on “Gotham” from Palantir. Chief inspector Udo Rechenbach from the State Criminal Police Office of North Rhine-Westphalia explained to him star: “The DAR system is based on Palantir’s Gotham software and has been in test operation since October 5, 2020. DAR supports the police in the evaluation and analysis of police data. Its use is limited to the prevention and prosecution of serious crimes, including of criminal offenses against sexual self-determination and the distribution of child pornography as well as to avert dangers to high-ranking legal interests such as life, limb, freedom of the person and the existence of the state.
The situation is similar in Hesse: “The analysis platform hessenDATA from the provider Palantir is used to combat state security crimes and serious and organized crime. By merging various data sources, links between crimes and perpetrators can be identified more quickly and investigators, analysts and operational staff can work together of the Hessian police can be significantly improved”, police chief inspector Virginie Wegner informed the star on request.
However, it is too early to provoke the end of the rule of law: “Against the background of talks with representatives of the police leadership, I am reasonably confident that a solution can be found that reconciles the requirements of the rule of law with the needs of the police,” said the data protection officer -State representative Prof. Dr. Peter den star know at the end of the interview.
Don’t worry about spying
However, no authority is concerned about access by the US group Palantir. Also Prof. Dr. Petri is confident: “Palantir is a company whose corporate headquarters are in the USA and which has a reputation for maintaining very close relationships with the US secret services. If police data were to flow to this service provider, there would be a risk that foreign secret services in the US access German police data on a large scale. The measures taken by the BLKA would of course have to be checked, but they do not appear to be unsuitable from the outset.”
Palantir Technologies was founded in 2004 by Peter Thiel, Alex Karp, Joe Lonsdale, Stephen Cohen and Nathan Gettings. The company got its name based on the “Palantíri” from JRR Tolkien’s fantasy saga “Lord of the Rings”. In Middle-earth, “seeing stones” serve as a means of long-distance communication and are considered powerful and dangerous objects there. Palantir borrowed the name “Gotham” for the software from the Batman series, the capital of the comic universe famous and infamous for its criminal villains (and heroes).