In Europe, a coronavirus boom for foreign surveillance firms

This article is part of “The age of surveillance,” a special report on artificial intelligence.

For a continent that says it doesn't need help from abroad, European governments have certainly developed a taste for tasking foreign tech companies with monitoring their people.

Whether it’s policing or health care, public bodies across Europe are increasingly entrusting U.S. data analytics firms or Chinese video surveillance companies with the data of European citizens.

The trend has picked up over the last year, with a surge in COVID-19 public contracts, even as the European Union promotes "strategic autonomy" and seeks to cut its reliance on foreign firms through initiatives like GAIA-X — an attempt to provide a European infrastructure for cloud-based data storage.

The prevalence of firms like the United States’ Palantir and China’s Hikvision has caused some to ask how well the private information of Europeans is being protected and how regulators will hold foreign firms to account if things go wrong.

“Why on earth are we talking about strategic autonomy when we hire non-European firms to process our most sensitive data?” said EU lawmaker Sophie in ‘t Veld, who campaigns against corporate interests and surveillance. 

POLITICO maps out the foreign players working in European surveillance.

The Americans

One company that has been particularly successful at plugging itself into the European public administration is Palantir, a data analytics firm established by the PayPal founder Peter Thiel, who was also an early backer of Donald Trump.

Though the U.S. tech company has courted controversy for its embrace of military and border-control contracts in the U.S., that hasn’t stopped European officials from turning to it during the COVID-19 pandemic.

The firm has offered European governments free or extremely cheap deals for high-powered data analytics platforms to help them fight the deadly disease. Palantir’s offerings include help with analyzing the spread of the disease, as well as monitoring how local populations were responding to the vaccine rollout. 

Greece, the Netherlands and the U.K. are among those that have run pandemic-related trials of the technology, according to public records.

France — a country that tussled with Google and Apple over its COVID-19 app and which is Europe’s loudest advocate of strategic autonomy — has also contracted with Thiel’s company (as has the bloc's police agency, Europol, which has used Palantir since at least 2016.)

French intelligence services turned to Palantir following the 2015 terror attacks, and the company’s local representatives have talked up the role they have played in defending France — and indeed bolstering its sovereignty.

“When we help a state like France fight terrorism, I think that is an act of sovereignty, and the nationality of the company is not important,” Palantir’s French chief Fabrice Brégier said at a parliamentary hearing earlier this year. 

Palantir is not the only U.S. tech company that has boosted its presence in Europe with free trials. Clearview AI, another U.S. company, offers facial recognition tech to individual law enforcement officers, who often use it without departmental sign-off.

Sweden’s privacy regulator last year slapped the country’s police authority with a €250,000 fine after several officers illegally used a trial version of Clearview AI’s tech, while earlier this year the Finnish police had also tested the software.

The Chinese

When European parliaments and local governments need help with tracking those who might have the coronavirus, they’ve repeatedly turned to China’s Hikvision.

As the world’s largest manufacturer of video surveillance equipment, the company has scored multiple contracts across the bloc, despite reports that its technology has been used to oppress China’s Uyghur Muslim minority — a charge the company denies.

Though it is on a U.S. sanctions list because of its ties to the Chinese military, Hikvision remains one of the largest providers of surveillance technologies in Europe.

In Brussels, both the European Commission and European Parliament have used the company’s systems to check if people entering EU institutions’ buildings have COVID-19 symptoms, according to EU public procurement documents.

After some European officials balked at the use of Hikvision’s scanners, the Parliament removed them and formally passed a resolution last month to keep them out of the building. The Commission decided to keep the equipment for budgetary reasons.

In the U.K., lawmakers have repeatedly called for stricter restrictions on how Hikvision can operate. And yet, the COVID-19 crisis has been a boon for business after several of the country’s airports bought the company’s thermal sensors to track cases among travelers.

Almost 30 local councils in London have also installed Hikvision’s surveillance technology, including cameras and digital video records, according to freedom of information requests. The councils say that they are not using the Chinese equipment for facial recognition.

Campaigners warn the contracts have given Hikvision and other Beijing-linked firms like Dahua Technology a foothold they will seek to expand. 

“They are everywhere,” said Samuel Woodhams, a digital rights researcher who made the freedom of information requests and shared them with POLITICO. “They’re increasingly making up a larger part of the U.K.’s surveillance system.”

The Israelis

Yossi Carmil, chief executive of the Israeli cybersecurity firm Cellebrite, made a bold claim to investors last month.

“We are the undisputed leader in the investigative digital intelligence space,” he told them. His evidence: nearly 7,000 contracts with government and private groups that included 25 of 27 “European Union member state national police.”

The Israeli firm, which specializes in unlocking digital devices and combining that data with other online evidence, is one of several Israeli firms that is working on Europe’s efforts to track everything from COVID-19 to migrants arriving from Africa and the Middle East.

The spyware provider NSO Group has long been used by European intelligence agencies to track people’s movements and text messages via their smartphones.

Since the pandemic, it has expanded its offering to include software that would access smartphones to monitor the spread of the virus using location data — a tracking tool that privacy campaigners say could fall afoul of Europe’s privacy rules.

NSO Group says its product, which is being used in Israel, is legal and necessary to keep the coronavirus in check. But European governments have yet to bite.

“As a surveillance company with advanced cyber-weapons software, NSO likely has access to private details from infected user devices, beyond simply location data,” said researchers at Goldsmiths, University of London, who analyzed the company’s offering.

In addition to public health, Israeli firms have moved into migration. Last October, Frontex, the EU’s border protection agency, signed a €50 million multi-year contract for drone surveillance in the Mediterranean with Airbus and two Israeli defense contractors, Israeli Aerospace Industries and Elbit.

“I believe this contract will open the door to more civilian markets,” IAI executive vice president, Moshe Levy, said in a statement.

Want more analysis from POLITICO? POLITICO Pro is our premium intelligence service for professionals. From financial services to trade, technology, cybersecurity and more, Pro delivers real time intelligence, deep insight and breaking scoops you need to keep one step ahead. Email [email protected] to request a complimentary trial.