The Shadow Files - How New York Responded to Investigative Reporting and Activists - Palantir Removed from Hospitals

Under the title The Architecture of Control: How Peter Thiel’s Data Power and the Political Network Rockbridge Undermine Democracy, we published our investigation into Palantir and the Rockbridge network on August 26, 2025.

It began with a click. A digital lock that opened - against the will of a judge, against every rule of security. On March 20, 2025, federal judge Ellen Lipton Hollander of the U.S. District Court in Maryland had issued an unmistakable order: the dubious special unit DOGE was not to have any access to the systems of the Social Security Administration SSA. It was a legal barrier intended to protect the most sensitive data of more than 300 million Americans - names, birth dates, social security numbers, life histories. But less than 24 hours later, that barrier was broken. Secretly, in the night, administrators were instructed to lift the blocks. An act that not only mocked the authority of a federal judge, but marked the beginning of one of the greatest data scandals in the history of the United States.

From then on it was as if a floodgate had been opened: databases with the most private information of millions of people were released, access expanded, rights created that should never have existed. Device logins that erased any traceability. Write permissions that made data manipulable. Forty new profiles, approved without protocol. In one stroke, Pandora’s box was thrown wide open.

And then came June. With the blessing of the Supreme Court, the DOGE personnel not only regained their access - they created a complete copy of NUMIDENT. That enormous file that contains the intimate lives of every American: birthplaces, addresses, phone numbers, names of parents, citizenship, ethnic origin. The DNA of a nation, shifted into a cloud environment that operated without independent security controls.

It was the Supreme Court that opened the door on June 6, 2025. By a narrow 5-to-4 majority, the conservative justices - Roberts, Thomas, Alito, Gorsuch and Barrett - overturned Judge Ellen Lipton Hollander’s injunction from March. This removed the protection that the district judge had so emphatically imposed. The liberal justices - Sotomayor, Kagan, Jackson and Brown - warned in an unusually sharply worded dissent that “irreversible risks to privacy and the rule of law” would arise. But their voices faded away. From that day on, the most intimate data of 300 million Americans lay in the hands of a unit that had already defied a federal court - and was now backed by the highest court in the land. Internal experts sounded the alarm. They rated the project as “very high risk,” warned of catastrophic consequences. They documented that NUMIDENT must never be transferred into a test environment. They explained that unauthorized access to this data would amount to “catastrophic damage.” And they recommended leaving it alone. But the DOGE team did not listen. Michael Russo, one of their own, wrote on June 25 in response to the transfer request simply: “Approved…” One word was enough to breach the security bulwark of an entire agency.

A few weeks later, Aram Moghaddassi, a former DOGE official with far reaching powers, signed a document that is difficult to surpass in its audacity: a “Provisional Authorization to Operate.” It states verbatim: “I have determined that the business need outweighs the security risk associated with this implementation, and I accept all risks associated with this implementation and its operation.” With one sentence, he placed “business need” above security risk - and declared that he personally accepted all risks. Not the public, not independent bodies, not the experts decided - he did. In reality, however, it was American society that had to bear the consequences. Because a full authorization to operate is normally granted only after a standardized review process with documentation, risk analysis and independent controls by the responsible security division. Moghaddassi seized this process, created facts without oversight, and thereby allowed the most sensitive data of over 300 million people to exist in a cloud environment without independent security mechanisms. What began as a breach of rules became an act of betrayal in digital form. A scandal that did not only undermine the authority of individual judges, but shook the foundations of the rule of law and data protection in the United States.

And now Palantir could really unfold. The mirroring of a national database like NUMIDENT into a cloud environment, the creation of parallel access systems, the ability to search profiles of millions of people in real time - all this corresponds exactly to the deployment scenarios of Palantir software. The company of Trump confidant Peter Thiel has for years been the closest partner of the security and intelligence apparatus in the United States, from ICE to the Pentagon to the NSA. Palantir specializes in bringing together heterogeneous data streams from various sources, normalizing them and transforming them into searchable control systems. That is exactly what happened here: millions of data sets, which were originally stored in separate, strictly protected architectures, were mirrored into a single field of analysis.

The processes are always the same: first, raw data is extracted from agency servers and transferred into so-called data lakes. There it is cleaned, standardized and enriched with additional variables. Then the Palantir interface - whether Gotham or Foundry - is placed on top so analysts can search in real time for people, patterns or networks. A name, a telephone number or a birth date is enough, and the software pulls the entire environment onto the screen within seconds: relatives, addresses, movement profiles, contact traces. In the case of NUMIDENT, this means: a society broken down into analyzable segments at the push of a button. Particularly sensitive is that Palantir environments traditionally operate with extended permission levels that promise granular monitoring but in practice allow bypasses. Those with administrator rights can make search queries invisible or export entire data packages without the designated control bodies registering it. This is exactly where the suspicion lies: that DOGE not only had access to the mirror, but with the help of Palantir technologies created its own largely uncontrolled ecosystem - a “shadow archive” of the American people.

Palantir’s invisible power: the “Raptor Search Engine”

The leaked schema from internal Palantir documents shows how the so-called Raptor Search Engine works - an add-on module that turns Palantir’s platform into a universal search engine over government data holdings. At its core is the Dispatch Server, which receives search queries and forwards them to the Raptor Engine. This in turn distributes the queries to several search nodes that can comb through huge amounts of data in parallel. Crucially, the data itself remains in the original databases - for example at Oracle or other government archives. Palantir only creates indexes that allow access and updates them via a “revisioning database.” This enables Palantir to pull off a decisive trick: the company does not have to own the data to control it. It is enough that Palantir forms the interface through which officials or analysts make their queries. Every search, every link, every pattern runs through Palantir’s infrastructure - making the software the switchboard of information sovereignty.

What at first glance looks like technical efficiency has political explosiveness. States believe they retain data sovereignty because they do not physically hand over their archives to Palantir. But in fact, agencies become dependent on an architecture that can only be understood, operated and expanded by Palantir. This shifts the balance of power: away from state institutions, toward a private actor with close ties to Silicon Valley - and to political heavyweights like Donald Trump or Peter Thiel. Especially in Europe, where authorities are enthusiastic about Palantir’s federated search systems, there is often little awareness of this dependency. German security agencies advertise Palantir as a “technology partner for federated data analysis” - overlooking the fact that this creates an entry point through which not only data can be searched, but state sovereignty itself can be eroded.

That Palantir is predestined for this has already been shown in the past. In U.S. intelligence operations in Iraq and Afghanistan, the systems were used to bring together huge amounts of data from phone surveillance, drone footage and informant reports - often without a clear legal basis, but with maximum operational impact. In counterterrorism, Palantir provided the platform with which the CIA and NSA conducted pattern recognition in communications data - a technique that did prevent attacks but at the same time dragged millions of innocents into digital grids. It is the same logic now applied internally: total transparency for the state, total powerlessness for the citizen. It is a picture from the digital darkness of war: a balloon, 72 meters long, filled with cameras, sensors and technology, floats over the Afghan district of Zhari. Below crouches a man with a purple hat in a field. Is he just a farmer, or a bomb-layer burying an IED? In the container of the American outpost Siah Choy, analysts stare at monitors while Palantir sorts data streams, links images, generates patterns in the background. “Pattern of life” they call it: forming an overall picture from the smallest gestures that decides over life and death.

Palantir, that software from Silicon Valley, financed with CIA money and led by Peter Thiel, gave the Pentagon what generals had been demanding for years: order in the data chaos. Millions of hours of video footage from drones, airships and surveillance cameras had piled up in archives - too much for any human eye. Palantir turned it into a searchable memory of war. Searching for a “man with purple hat” was suddenly possible. Observations became patterns, patterns became suspicions, suspicions became authorizations for airstrikes. The logic was as simple as it was merciless: anyone observed three times handling cables, pressure tanks or explosives received the status “429 package” - a code meaning he was henceforth a legitimate target, anytime and anywhere. The machine saw, the machine counted, the machine classified. But that morning a farmer on a tractor almost died, just because his hat appeared purple in the first sunlight. An analyst doubted, recognized the deception and prevented the strike. Had an algorithm decided alone, an innocent life would have been extinguished.

This is precisely where Palantir’s dangerous power lies. The platform draws lines between people, connects faces, actions, places. Traces become profiles, profiles become predictions. Who talks to whom, who goes where, who prays at what time - everything is recorded and stored in the digital memory. “You are what you do” was the credo. But the next stage was: “We know what you did, so we know what you will do.” The present was calculated into the future - a future that some did not survive. These methods, born in the Afghan war, have long since returned to the West. In 2017, ICE used Palantir to track down and arrest hundreds of relatives of migrant children. In 2020, the Department of Health used the software to merge the movements and data of millions of Americans during the pandemic - from test results to locations. A technology that once promised to prevent attacks became a tool of state total surveillance. The central question, however, remains: who decides what is stored and what is deleted? Who controls the buttons that secure data as evidence - or make it disappear forever? In Afghanistan, an analyst knew he had just saved an innocent life. But in a system controlled by algorithms and secret databases, responsibility and truth blur. What Palantir delivers is total transparency for the state - and total powerlessness for the citizen.

New York: Palantir removed from hospitals

Palantir is losing access to a politically and socially sensitive area. New York’s public health system is not extending its contract with the U.S. company. This ends a partnership that since 2023 has cost nearly four million dollars and reached deeply into sensitive domains. The company’s software was used to make billing with Medicaid and other government programs more efficient. This included the automated processing of patient notes. Data from people’s everyday lives, handled by a company that otherwise works with the military, intelligence services and security agencies.

The decision does not come out of nowhere. In recent weeks, the deal had sparked protests. Investigative journalists presented their findings, and together with activists, local groups and organizations raised the question of whether a company whose technology is used in airstrikes, surveillance and deportations should be operating in hospitals at all. The criticism was not aimed at individual functions, but at the fundamental role of the company. The sentence repeated again and again was clear: “They have no place in our hospitals, our pension funds or our government.” The investigations, however, go further.

Mitchell Katz, head of NYC Health + Hospitals, now confirms before the city council that the contract will expire in October and will not be renewed. At the same time, he defends the past cooperation. There had been a clear separation between patient data and Palantir’s government clients, such as ICE. There had been no issues. And yet the partnership is ending. The investigative findings were too clear. Data analysis will in the future be handled internally.

The conflict over the financing and use of such systems goes further. Palantir has been criticized for years because its technology is used in areas that directly affect people’s lives. Kenny Morris of the American Friends Service Committee states it openly: “Palantir profits from enabling mass violence in the United States and worldwide. They have no place in our hospitals, our pension funds or our government.” His organization made the contract documents public. For him, the end in New York is only one step. The campaign against the company is to be expanded, with the goal of pushing other cities, institutions and political decision makers to cut ties.

At the same time, this case also shows how much the debate has shifted. It is no longer only about individual programs, but about the architecture of the systems themselves. Automated processes designed to accelerate operations and reduce costs reach deeply into personal data. Hospitals are a particularly sensitive place. Trust is not optional here, it is a requirement. As soon as doubts arise, the entire system is affected.

The decision in New York is therefore more than the end of a contract. It marks a boundary. A public health system draws a line and states that certain technologies and their providers should have no place there. Whether other cities will follow this example remains open. What is clear is that the conflict does not end here. It is only just beginning.

And while in the United States at least a bitter dispute about data protection and civil rights is raging, Europe, and especially Germany, shows a dangerous naivety. German authorities, from the Federal Criminal Police Office to state police forces, are scrambling for the technology. They praise the “efficiency,” the “speed” and the “clarity” - and at the same time have hardly any idea what it means when the entire data sovereignty over citizens’ movements, communication patterns and social data lies in the hands of a company that is closely intertwined with U.S. intelligence.

There are enough examples. In Hesse, the “Hessendata” program has been running since 2017, considered a showcase project - but in truth the model for the systematic expansion of state surveillance with Palantir technology. There investigators can link data from cell site queries, police databases, registration registers and even social media in real time. The Federal Criminal Police Office wants to introduce a similar system nationwide, despite massive criticism from data protectors and jurists. In the Bundestag there were debates about fundamental rights, but the warnings went unheeded - the prospect of a universal weapon in the fight against terror and crime is too tempting. In Bavaria, North Rhine-Westphalia and Berlin, state authorities are already examining deployment.

It is the double tragedy: while the USA undermines its own protective mechanisms, German authorities blindly rush into dependencies. They see in Palantir the solution for overburdened police structures and stalled investigations, but do not realize that they are thereby giving up part of their sovereignty. Whoever engages with Palantir not only delivers data - they deliver the keys to the future of the rule of law.

The wall of silence - Palantir’s fight against transparency

As our leaked documents show, in August 2025 Palantir addressed a letter to the Texas Attorney General - and in it defended its data networks with a wall of silence that reaches deeper than the public suspects. It is a letter, inconspicuous in tone but explosive in content. Sender: Palantir Technologies Inc., that data empire from Denver, founded with CIA money and today one of the closest partners of police, intelligence and health authorities. Addressee: Ken Paxton, Attorney General of Texas. Reason: a request for disclosure of information under the Texas Public Information Act. A citizen, Ed Vogel, had requested documents concerning the use of Palantir at the M.D. Anderson Cancer Center in Houston. Palantir reacted immediately - with a letter full of legal arguments, threats and warnings. The tenor: everything Palantir touches is a trade secret. Contracts, invoices, price lists, technical implementations, even the names and signatures of employees - everything must remain secret. Any disclosure, the company claims, would mean “immediate and significant competitive disadvantage” and allow competitors to copy its software or push customers in price negotiations.

What is presented here is more than just a protective request. It is a window into the inner workings of a corporation that has become synonymous with state data power like few other companies. The letter to the attorney general makes clear: Palantir does not just deliver software, it builds complete control architectures for critical infrastructures and fights with all means to ensure that no one outside finds out how these systems work. This becomes particularly clear in the way Palantir defines trade secrets. Pricing methods, internal cost breakdowns, payment terms - all of this is placed under this term. The justification: if customers like M.D. Anderson found out how the calculations looked, they could immediately demand new negotiations, which would cost Palantir “hundreds of millions of dollars.” Secrecy thus becomes the business model, it allows premium prices, it creates a lack of transparency that itself has become a central value for the company.

Added to this is the protection of its own employees. Palantir declares names, job titles, email addresses and even signatures to be sensitive data whose publication would endanger the physical safety of employees. The company points to protests against its role in deportations by ICE, to public criticism and to security risks such as phishing, vandalism or even violence. Thus Palantir turns its employees into a legal shield - whoever demands transparency, the implicit threat goes, endangers lives. Even more sensitive are the technical details: IP addresses, hostnames, system architectures, configurations - all of this must remain secret because it could supposedly be used by “malicious actors” to attack critical infrastructures such as hospitals. The message is clear: if you force us to be transparent, you endanger patients. But what this argument above all reveals is the depth to which Palantir is already embedded in the networks of one of the largest cancer centers in the United States.

The explosiveness of this case becomes all the clearer in the European context. In Germany, courts up to the Federal Constitutional Court have set strict limits on Palantir. Under the name “Hessendata,” the police in Wiesbaden had already been using the Gotham platform since 2017 to bring together data from various sources and map networks. But the software made no distinction between suspected criminals and their lawyers, family members or casual contacts. With one click, complete personality profiles could be created - without concrete suspicion of a crime. The Federal Constitutional Court stopped its use in Hamburg completely and forced Hesse to drastically change its laws. The warning from Karlsruhe was clear: Palantir endangers fundamental rights, turns innocent citizens into data objects and opens the door to preventive mass surveillance.

And yet German authorities are pushing ahead with its use. Police unions promote the software, state interior ministers praise Palantir as the key to “modern hazard prevention.” That they are importing a technology that itself operates behind closed doors in the USA and blocks any disclosure with legal walls does not seem to frighten them. This is precisely where the real danger lies: a private company that evades public control has direct access to the most sensitive data of millions of people.

The letter to the Texas Attorney General therefore shows with complete clarity how Palantir operates: absolute intransparency as a system. Everything that could be disclosed is defined as a threat - to competition, to employees, to patients, to national security. Everything that remains secret secures power, influence and billions in revenue. For the public, this document is proof of how closely a private corporation has intertwined itself with state structures and how dangerous this dependency can become. Because if Palantir is already blocking any disclosure at a cancer center like M.D. Anderson, what happens at intelligence agencies, police or the military? Germany provides the answer: only through the intervention of the highest court was it prevented that Palantir became the standard tool of the police in several federal states. And yet the pressure from security authorities shows that the fight for transparency is far from won.

Palantir itself has made the rules clear: we are not allowed to know anything. And it is precisely in this that lies the wall of silence that protects the corporation - and weakens democracy.

Charles “Chuck” Borges, Chief Data Officer of the Social Security Administration SSA, recognized the scope. He wrote memos, sent urgent requests, warned his superiors. He spoke of the worst-case scenario: that all Americans might have to be issued new social security numbers because the old ones were compromised. His investigations confirmed the worst fears: self-managed cloud accounts without oversight, access to live data without control, missing protocols, ignored security standards.

But instead of answers he received silence. The legal department instructed employees not to respond to his questions anymore. Borges stood alone, cut off, while in the background an unsecured shadow realm of data grew - so large that it threatened the core of American identity. The list of broken laws is long: the Privacy Act, the Federal Information Security Management Act FISMA, the Computer Fraud and Abuse Act. But in a climate where political loyalty counted more than adherence to the law, paragraphs faded away like empty words.

Today we know: over 300 million Americans are hostages of a project that should never have existed. It began with a mouse click, a nighttime operation to circumvent a court order. It ended with the copy of a nation - in a cloud whose security no one can guarantee.

Charles “Chuck” Borges has decided not to remain silent. He is ready to testify before Congress, to reveal the full extent. A courageous man. He warns: if action is not taken now, the greatest data fiasco in the history of the United States threatens. A nightmare no longer playing out in Hollywood scripts, but in the heart of Washington, in the engine room of the American state.