Cautionary Tale: When Data Mining and Analytics Went Wrong at JPMorgan

An investigative report in Bloomberg Businessweek magazine presents a cautionary tale to companies about the dangers posed by rogue specialists using computer algorithms to monitor the behavior of employees and executives.

In the April 19 article, journalists Peter Waldman, Lizette Chapman, and Jordan Robertson wrote about a 2009 project developed by data mining company Palantir Technologies for US investment bank JPMorgan Chase. The software gathered data from emails, browser histories, GPS locations from company-issued smartphones, printer and download activity, and transcripts of digitally recorded phone conversations.

It then aggregated, searched, sorted and analyzed the records and flagged “keywords and patterns of behavior” that the Palantir team, comprising as many as 120 engineers led by former US Secret Service agent Peter Cavicchia III, regarded as indicating potential abuse of corporate assets.

“Palantir’s algorithm, for example, alerted the insider threat team when an employee started badging into work later than usual, a sign of potential disgruntlement,” wrote the journalists. “That would trigger further scrutiny and possibly physical surveillance after hours by bank security personnel.”

Data landfills into gold mines

The software, known as Metropolis, represented Palantir’s first foray into the corporate world. The company, founded in 2004 by PayPal co-founder Peter Thiel and other PayPal alumni, originally made its name working with the US military and the CIA in Afghanistan and Iraq.

That military-grade product was adapted and refined in JPMorgan’s Jersey City office. The investment bank made an equity investment in Palantir, reports Bloomberg Businessweek, “while its executives raved about Palantir in the press.” In 2011, then JPMorgan chief information officer Guy Chiarello told the magazine that Metropolis was transforming “data landfills into gold mines.”

But over time, the data mining turned into a spying operation by Cavicchia, said the journalists. The former Secret Service agent “gained administrative access to a full range of corporate security databases that had previously required separate authorizations and a specific business justification to use. He had unprecedented access to everything, all at once, all the time, on one analytic platform.”

In 2013, JPMorgan’s leadership investigated how the New York Times gained access to a document about a federal investigation involving the bank. The probers found evidence implicating Frank Bisignano, who had resigned as co-COO of the bank to become CEO of payments processor First Data Corp.

Evidence mounted that Cavicchia, who was considered a protégé of Bisignano, had used Metropolis to gain access to emails about the investigation and shared them with the resigned executive. The former secret agent was forced to resign. He is now a senior vice president with First Data Corp., joining Chiarello, the former JPMorgan CIO, who has become First Data president, and Bisignano.

The human element

The parties involved, including JPMorgan and First Data, did not respond to the journalists’ emailed questions for the article, which was the first to tell the JPMorgan-Palantir story.

The software maker declined to answer specific questions, but said in a statement: “We are aware that powerful technology can be abused and we spend a lot of time and energy making sure our products are used for the forces of good.”

The investigative report found sources within JPMorgan, however, who said people in the bank’s security team “were shocked that no one from the bank or Palantir set any real limits” on the scope and activities of the Metropolitan project.

One unidentified JPMorgan executive told the journalists that the bank has now drastically curtailed its Palantir use, partly because “it never lived up to its promised potential.”

For CFOs and other executives embarking on or contemplating the same data-mining journey, JPMorgan’s misadventure highlights the importance of not forgetting the human element in technology deployments – and to remember the truism about absolute power corrupting absolutely.