DHS Secretly Grants Palantir Control of Federal Biometric Data

On February 12, 2026, the Department of Homeland Security (DHS) finalized a $1 billion Blanket Purchase Agreement (BPA) with Palantir Technologies. The deal effectively establishes Palantir’s Gotham and Foundry platforms as the primary operating system for the United States’ domestic security apparatus. While the headline figure represents a massive transfer of taxpayer wealth, the mechanism used to award it—and the data it centralizes—reveals a calculated erosion of federal oversight and market competition.

To bypass the Competition in Contracting Act, which requires federal agencies to solicit multiple bids for major projects, DHS procurement officers utilized a regulatory loophole known as a 'Justification and Approval' (J&A). [Justification and Approval (J&A)] is a formal document used by federal agencies to bypass the requirement for full and open competition when a single vendor is deemed uniquely capable. In the J&A documents signed by officials from Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP), the government argued that Palantir’s data integration capabilities are 'unique and proprietary,' claiming that no other vendor could successfully integrate the agency’s fragmented legacy databases. By designating Palantir a 'sole source' provider, DHS eliminated the possibility of a lower-priced or more transparent alternative.

The money trail suggests this outcome was not merely a matter of technical necessity. According to Palantir’s 2025 SEC 10-K filings, the company saw a 40% increase in government revenue over the previous year, driven almost entirely by sole-source renewals and expanded BPA scopes. To secure this growth, Palantir reinvested $5.8 million into federal lobbying in 2025 alone, according to OpenSecrets data. These funds specifically targeted members of the House Committee on Homeland Security, the body responsible for overseeing the very department that authorized the $1 billion award. The investment paid off: the BPA structure allows DHS to issue individual task orders that fall below the threshold for a formal Government Accountability Office (GAO) review, effectively shielding the details of the contract from public scrutiny.

Beyond the financials, the technological reach of this contract represents a fundamental shift in domestic surveillance. DHS Privacy Impact Assessments (PIA) confirm that Palantir-hosted datasets now cross-reference biometric data, social media scrapes, and private financial transaction records. For the first time, these disparate data points are being unified under a single proprietary umbrella. [Blanket Purchase Agreement (BPA)] is a simplified method of filling anticipated repetitive needs for supplies or services by establishing 'charge accounts' with qualified sources. Under this BPA, ICE and CBP can now use the 'Foundry' platform to automate the deportation pipeline, linking local law enforcement arrest records with federal immigration databases in real-time. This occurs without the need for a specific warrant for each data pull, as the integration is treated as a routine administrative function of the software.

This level of integration creates what economists call 'Vendor Lock-in.' [Vendor Lock-in] is a situation where a customer becomes dependent on a vendor for products and services, unable to use another vendor without substantial switching costs. Because Palantir’s code is proprietary, the cost of migrating DHS data to a different platform in the future would be so high as to be functionally impossible. This grants a private corporation, led by CEO Alex Karp and Chairman Peter Thiel, de facto control over the government’s data architecture. Thiel, a prominent political donor, has long advocated for the privatization of core government functions, and this contract represents the successful realization of that goal.

Mainstream coverage of this deal has largely echoed DHS press releases, focusing on 'modernizing border security' and 'using AI to combat the fentanyl crisis.' What these reports leave out is the lack of third-party auditing for Palantir’s algorithms. These 'black box' systems now determine 'risk scores' for travelers, visa applicants, and residents within the 100-mile border zone—a region where CBP has expanded its reach and where two-thirds of the American population resides. When a Palantir algorithm flags an individual for surveillance or a travel restriction, there is no public mechanism to challenge the underlying logic of the score.

For ordinary people, this deal means their taxes are paying a premium for software that was never tested against competitors in an open market. It also means that their digital lives—from bank transfers to social media posts—are now accessible to an automated system that prioritizes 'administrative necessity' over constitutional privacy. As the revolving door between DHS and Palantir-linked lobbying firms continues to spin, the line between public service and corporate profit has become indistinguishable.

At Gen Us, we believe in following the money to its final destination. You can check our Gen Us Politician Tracker to see which members of the House Committee on Homeland Security received contributions from Palantir’s PAC or its executive board. You can also explore our archive on 'The 100-Mile Zone' to see how this technology is being deployed in your city.