Hacker News new | comments | show | ask | jobs | submit login
Why is Larry Lessig plugging Palantir? (labels-kill.blogspot.com)
61 points by detcader 1607 days ago | hide | past | web | 36 comments | favorite

Ah, is this where the hacktivists start eating their own for no better reason than that they don't sufficiently hate the infidels?

This is a notable example of killing the messenger in fact; Lessig talks about using tech proactively in order to aid privacy and accountability, references a company that happens to have the technology to do it already.

Even if you don't like the company (Oh no, their board member knows this other board member! Oh no, the CIA was indirectly involved years back!), that doesn't invalidate the message. It's this kind of intellectual dishonesty that I didn't even dream computer hackers could actually fall victim to, before my rude awakening. Or I don't know, maybe it's the chemtrails eating my brain and Dr. Lessig was really a CIA plant all along, who knows?

Actually, it's not just the company but rather Lessig's message itself that bothers me. Read my other comment here for details.

Nobody is suggesting any direct link between Lessig and the CIA, but the ties between Palantir and the surveillance program is becoming obvious.

Use Occam's razor.

  * Palantir was funded by the CIA
  * Palantir is exactly what the NSA PRISM program needs
  * Palantir also had a PRISM product
  * Palantir had been associated with the surveillance program in recent Anonymous leaks (right? during the HBGary scandal)
  * Facebook (which is known to participate with PRISM) & Palantir share Sean Parker
  * Facebook/Google/etc have already denied association with PRISM by factually true but evasive statements. Same with Palantir's recent statement.
More debate here: http://www.dailykos.com/story/2013/06/23/1218189/-HBGary-Pal...

This article conveniently left out Palantir's reply to the HBGary email leak. http://www.thetechherald.com/articles/Firm-targeting-WikiLea...

They can't even do what Aaron Barr was asking of them.

Please approach this article with some level of skepticism. Especially after the last round of discussions[1] we had surrounding the bogus connection Palantir was alleged to have with the NSA. (Due the naming of an internal project which shared the name "Prism").


>They can't even do what Aaron Barr was asking of them.

For that matter, they can't even do what Lessig was gushing about:

>>there's a company called Palantir who's built a technology to make it absolutely, make you absolutely confident that a particular bit of data has been used precisely as the government says it's supposed to be used. You can find out exactly who's looked at it and for what purpose it's been used at. So the point is there's a way to build the technology to give us this liberty back, this privacy back. But it's not a priority to think about using code to protect us.

Wha? There's always been code that can tell you who accessed what and when: the problem is trusting it to be set up right, not the technology.

Anyone know what the actual Palantir accomplishment is?

Palantir is tool for doing link analysis and importing structured, semi-structured, and unstructured data. It has a great UI for exploring data and a great UI for manual tagging of data. It has excellent logging capabilities, but I'd argue "data has been used precisely as the government says it's supposed to be used" this is impossible since once a person knows a piece of information they can use it in anyway that they'd like.

>Anyone know what the actual Palantir accomplishment is?

Gaining Government contracts?

They do have a connection to the NSA, just not that connection.

Also, that reply was after the leak, in PR disaster recovery mode, so its value is rather diminished.

The point is you can't condemn Palantir for something Aaron Barr asked of them. You can't condemn Google for something I ask of them. Even in the event they were able to do what he requested, you can only fault them if they carried that action out.

I'd challenge you to show that they did carry Aaron Barr's request out.

Barr seemed to think the CEO of Palantir was the kind of person he could share a plot to disrupt/destroy a journalist's career with, didn't he? (That journalist being Glenn Greenwald, now the Snowden leak publisher)

> Barr seemed to think the CEO of Palantir was the kind of person he could share a plot to disrupt/destroy a journalist's career with, didn't he?

So, what? Now it's not even guilt by association, but guilt by one party stating a desire to associate with the other?

Palantir stores an audit trail that shows exactly where each piece of data comes from and who has accessed it. This allows citizens, courts, regulators, etc. to see precisely how data is being used.

These features are a deep part of the platform (i.e. they can't be turned off) that powers a lot of the other features (entity resolution / de-resolution, for example). Say what you want about the people collecting the data and the data they are collecting, but civil Liberties and privacy protections are an inseparable part of Palantir.

>> Palantir stores an audit trail that shows exactly where each piece of data comes from and who has accessed it. This allows citizens, courts, regulators, etc. to see precisely how data is being used.

What are you blabbering about? What you suggest is impossible.

Are you talking about this "immutable audit log" technology? (http://www.palantir.com/wp-content/static/pg-analysis-blog/2...) That's nothing more than marketing speak powered by research papers that have proven to be insufficient. See: http://www.informatik.uni-freiburg.de/~accorsi/papers/imf09....

Also, see slide 11 and 12 here: http://www.slideshare.net/Nbukhari/audit-trail-protection-av..., and then read this: http://www.std.com/~cme/non-repudiation.htm

Immutable audit trails and non-repudiation without specialized devices (blackboxes) are a lie. It is impossible to create a bulletproof auditing system for access to sensitive data, especially when you're talking about the kind of surveillance that the NSA is doing with PRISM.

I suspect that when government officials cite the "transparency" and "auditability" of NSA PRISM, this is what it all boils down to -- marketing talk from Palantir etc.

It is really too bad people are criticizing Lessig, or he thinks he is being critisized, because "Palantir is a bad company, or that it has done bad things, or that it has been funded by bad people".

That's not the first thing that comes to mind when I read "technologies that could give us, and more importantly, reviewing courts, a very high level of confidence that data collected or surveilled was not collected or used in an improper way."

That's incredible!

More people need to know about this. I think people get lost in his prose and lose the gist of what he's really trying to do.

What do you mean by "what he's really trying to do"?

Anyway, I'm pointing out that he's making/repeating a technically incredible claim. I'm ever so slightly surprised and saddened that scrutiny of that claim isn't the focus here.

He's using the issue of copyright to condone the current direction of the surveillance state, and he is offering red herrings as "balancing" compromises.

Yes, I agree with you. I think it is because we are among the first to find it, sparked by that blog post. This seems to be the technical crux of the debate.

I doubt his aim is to condone the current direction of the surveillance state, but perhaps pursuit of "balance" plus technical credulity helps achieve the same.

Jeff Jonas has implemented similar systems at IBM...

Sensemaking on Streams – My G2 Skunk Works Project: Privacy by Design (PbD) (2011) http://jeffjonas.typepad.com/jeff_jonas/2011/02/sensemaking-...

Found: An Immutable Audit Log (2007) http://jeffjonas.typepad.com/jeff_jonas/2007/11/found-an-imm...

Immutable Audit Logs (IAL’s) (2006) http://jeffjonas.typepad.com/jeff_jonas/2006/02/immutable_au...

Yesterday’s Technology Review Story: Blinding Big Brother, Sort of (2006) http://jeffjonas.typepad.com/jeff_jonas/2006/01/yesterdays_t...

How can I check my data's audit trail to ensure my it wasn't misused?

>>civil Liberties and privacy protections are an inseparable part of Palantir

Other than the whole 4th Amendment thing. Everything you just described is at the very least the bare minimum for chain-of-custody.

So cheers, they aren't apparently "just making stuff up."


Throwing more light on the controversial use of police license plate readers, a new report from the Center for Investigative Reporting reveals the development of a new California database under development with the help of Palantir, a Silicon Valley firm whose data analysis technology is in wide use by the US intelligence and defense communities. According to the report, the company is party to a $340,000 contract to build the new infrastructure. The project is being spearheaded by the Northern California Intelligence Research Center — an office set up after the 9/11 terror attacks to enable police and intelligence agencies to share data.

The new database will collate records coming in from 14 counties across the state, will be able to handle at least 100 million records, and will be accessible to both local and state law enforcement, according to the report. It also notes that license plate records will be held by the new database for two years, regardless of the data retention policies of local law enforcement agencies. The database's total size is unknown, as is the identity of the government organization that administers it. However, LA Weekly wrote last year that a precursor to the new California-wide database in use by Los Angeles police had logged more than 160 million data points.

Despite their undeniable effectiveness at identifying stolen vehicles ("100 times better than driving around looking for license plates" in the words of one San Leandro police officer), license plate scanners have come under sharp criticism from privacy groups like the EFF and ACLU, which sued the LAPD and County Sheriff’s Department in May for access to a week's worth of records from its license plate readers. Since the devices permit automated scans of some 14,000 plates during a single shift, privacy advocates argue that strict data retention policies need to be put in place to stop a useful law enforcement tool from turning into a comprehensive database of citizens’ movements. And while the Supreme Court ruled last year that warrantless GPS tracking violates the Fourth Amendment against unreasonable search, automated license plate readers don't face the same legal restriction.

What is the significance of Barrett Brown being a young white male? I didn't see any obvious reason for the author to mention either his sex or race.

Subtext: "Yes, a young white male, just like Constant Reader probably is. Yes, that's right. You. What happened to him could have happened to you. This wasn't racism, or sexism, or any other form of institutional oppression. Be afraid."

It worked on me, I have to say.

"That's right. You." ?!

This is such a saddening comment.

How so? Someone asked about the dog whistle, and I translated it. Opinions expressed do not necessarily reflect those of the poster, etc. etc.

I see. The dog whistle hadn't registered with me until I read your comment, so I probably attributed some of my distaste of it to you. Sorry.

The similarities to Aaron Swartz were being noted.

I think it was done more as a literary flourish than anything else.

Yes, certainly no dog whistling here... :P

To suggest that Palantir systems are not used in all kinds of defense, law enforcement, and counter-terrorism operations is to deny reality. Lessig, being of such stature in his field, surely knows who they are and what they do. Why he mentions them by name not only in the Moyers interview but also in an article one can only speculate. Via twitter he says he plugs "ideas, not companies" but didn't address if he knew what other business Palantir gets up to.

Can anybody show evidence of the "audit trail" Palantir uses to ensure citizens know what's being done with their data by NCTC, FBI and others?

The the government's claims of transparency and audibility of the NSA's PRISM program is analogous (if not directly related) to the claims of Palantir's. Search for "immutable auditing" below:


But even with such an audit trail to the core, it is known that it isn't sufficient:


I wager that for any given system that touts immutable audibility, there is a way to hack around it. Privacy through automated means is impossible. At best it is a kind of DRM that the NSA can easily work around secretly if it wanted it. What we should be advocating instead is Perfect Forward Secrecy in our internet architecture, and the dismantling of PRISM and related data centers.

Let me try to phrase that in a way a politican would say that:

"Those on the extreme ends, commonly referred to as conspiracy nuts, would say: That's exactly what we expect Lessig to do after attending Bilderberg Conferences. But to those I say: Lessig is a honorable citizen, with strong believes in freedom and democracy. Somebody who would never shill as a pseudo credible mouthpiece for defending questionable public-private partnership."

Ah I have a thought about this. I have noticed for some time that Lessig walks a strange line on the issue of IP (intellectual property) and freedom & privacy.

Lessig believes IP is necessary & requires architectural changes to the internet to protect it. He is in favor of government monitoring to protect IP as long as it is done in accordance with the law, and he proposes a flawed mechanism (P3P) to protect your privacy.


Disclaimer: I haven't had the time to scrutinize this guy. I'm merely writing down the ideas that have been crystalizing in my head the past year or so while encountering his books, talks, and such. I'm all ears to criticism.


First, consider his stance on IP. There is no denying, as evidence in reading over his book "Free Culture" ($16.00), that while he sees existing IP laws as having gone too far, IP must exist in order to protect the monetary incentive of the creator. While many people blindly agree with this justification for IP laws, it's worth mentioning that many disagree, and also that he fails to weigh the evidence of whether IP laws actually promote progress in art and science. For Lessig, it is an assumption.

Second, consider his book "Code".

Page 140 under "Choices" he writes, "I've argued that cyberspace will open up at least two important choices in the context of intellectual property: whether to allow intellectual property in effect to become completely propertized..., and whether to allow this regime to erase the anonymity latent in less efficient architectures of control. These choices were not made by our framers. They are for us to make now". Here, I am paraphrasing, he is saying we have to choose between having complete trusted computing in handling our internet activities in order to prevent piracy, or we have to monitor internet activity and lessen our anonymity. His solution, on the same page, is to ensure pseudonymity, which is exactly what the NSA claims. Yet any hacker worth a dime knows the flaw in claiming that the NSA's methods ensure pseudonymity.

Next, page 158 he writes, "It might be said that the principle ... is to ban all of these inoffensive and invisible searches. Perhaps that should be done. But ... imagine substitutions that protect the same value without sacrificing the benefit these technologies might bring." Here he is defending blanket monitoring, as long as it is modified in some way. His idea of this modification is on page 160: "What is needed is a way for the machine to negotiate our privacy concerns for us, a way to delegate the negotiating process to a smart agent." and the mechanism that he proposes is "P3P, ... an architecture within which users can express their preferences and negotiate the use of data about them".

Sure he admits that P3P has unresolvable problems. But his next sentence doesn't sit well either. "... Imagine an architecture, tied to a market, that protects privacy rights" ...

The problem with all of his suggestions is that they simply don't work. Either Lessig is ignorant about the nature of information, or he is deliberately suggesting red herrings to problems of the kind of NSA surveillance. You can't fix that with a P3P or a market. You can't even fix it well with encryption unless you're using Perfect Forward Secrecy. I'll give him the benefit of the doubt, but still... if you connect the dots, you may find that at worst Lessig is an apologist for the surveillance state, and at best offers no real solutions to the problem of internet privacy.

It's also worth noting that while Lessig associates with Aaron in many ways, their roots could not be any more different. Aaron started within the law, helping creating things like RSS and Creative Commons, but over time he became more of an activist, and condoned more aggressive tactics of information freedom, as evidenced in his Guerilla Open Access Manifesto (2008)... "We need to take information, wherever it is stored, make our copies and share them with the world. We need to take stuff that's out of copyright and add it to the archive. We need to buy secret databases and put them on the Web. We need to download scientific journals and upload them to file sharing networks. We need to fight for Guerilla Open Access." On the other hand, Lessig staunchly supports the IP system, and fails to propose a system that Aaron would agree with.



Thanks for an informative post, but this bit is a little irritating:

" ... While many people blindly agree with this justification for IP laws, it's worth mentioning that many disagree, ..."

Would you also agree that many people agree with the justification and many people blindly disagree with it? Or is anyone who agrees necessarily blind and all who disagree farsighted?

Oops you're right! Of course there are intelligent justifications for IP. Blindness goes both ways.

One major unintended consequence of strong IP is that it provides the backbone behind copyleft projects like GNU. With weak IP it would be as if all software had BSD-alike licenses. To give people the freedom to have the source to the software that drives their essential computing gear requires some type of strong IP regime to enforce the requirement to share-alike.

As technology becomes more important, the availability of source code correspondingly becomes more important. Right now there's a fairly strong social pressure to open the source, but it won't always have to be that way either.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact