Two Invisible Risk Scores Control Your Future
Palantir Gotham built yours legally from SSA/IRS/DHS data.
China's Salt Typhoon built theirs from breached US telecoms + Treasury.
Same entity resolution math. Same unified citizen profiles.
Zero audit rights. Different jurisdictions.
I wrote this because security practitioners need to threat model both architectures.
The Core Mechanism
class FederatedProfileComparison:
def authorized_federation(self):
# Palantir Gotham - Legal access
return {
"sources": ["SSA", "IRS", "DHS"],
"method": "contracted API federation",
"output": "risk_score + association_graph"
}
def unauthorized_federation(self):
# Salt Typhoon - Breached access
return {
"sources": ["telecom_metadata", "Treasury", "CFIUS"],
"method": "persistent infrastructure access",
"output": "communication_profile + movement_graph"
}
def shared_properties(self):
return {
"citizen_awareness": False,
"citizen_recourse": False,
"model_contestability": False
}
Both produce the same output type: unified person-objects with derived behavioral predictions.
The Baudrillard Problem
When two competing models of the same person exist:
- Neither contains your context (travel reasons, financial decisions)
- Both drive real decisions (employment, security screening)
- You cannot see either score
- No due process mechanism spans jurisdictions
def what_systems_cannot_hold():
return {
"intent": None,
"context": None,
"relationships_explained": None
}
Complete 3-Post Series Investigation
Full analysis - Zuboff behavioral surplus → Virilio speed math → 8 due process questions practitioners cannot answer:
Read All 3 Parts + Get Detection Rules
What threat modeling questions does this raise for your team?
Top comments (0)