The financial press is currently celebrating a classic piece of corporate theater. Norway’s 1.6 trillion dollar Government Pension Fund Global—the world’s largest sovereign wealth fund—announced it is backing a human rights review at software developer Palantir. Institutional investors are nodding along in approval. The consensus is clear: this is a victory for ethical investing, a shining example of shareholder activism holding big tech accountable.
It is actually a masterclass in performative governance that completely misunderstands how software works. Meanwhile, you can find other stories here: The Fake Weather Myth and the Failure of Big Box Megastructures.
For years, large funds have treated ethics like a checklist. They hire consultants, draft frameworks, and demand audits. When a company builds predictive analytics software used by defense agencies and border enforcement, the immediate reflex is to demand a "human rights impact assessment."
This approach is fundamentally flawed. It applies 20th-century manufacturing compliance to 21st-century algorithmic systems. Demanding a static human rights review of a dynamic software platform is like inspecting a scalpel to predict every future medical malpractice suit. The tool is not the outcome. To explore the full picture, we recommend the detailed article by The Wall Street Journal.
By focusing on abstract corporate reviews, institutional investors are missing the actual mechanics of algorithmic accountability, wasting capital, and letting tech companies off the hook with PR wins.
The Mirage of the Neutral Software Audit
The core argument driving Norway's fund is simple: Palantir’s software is deployed in high-stakes environments—like immigration enforcement and military intelligence—so an independent review will ensure the technology is not used to violate civil liberties.
This sounds reasonable until you examine the reality of enterprise software.
Palantir does not sell pre-packaged software that operates autonomously. It sells Gotham and Foundry—data integration platforms. These systems allow organizations to connect disparate, messy databases, run analytics, and surface patterns. The software is an environment, not an agent.
I have watched organizations spend millions of dollars trying to audit algorithmic platforms by looking at the source code or demanding high-level policy statements from executives. It never works. Why? Because a software platform's ethical footprint is defined entirely by the data the client feeds into it and the specific operational parameters set by that client.
When Palantir deploys its technology for a government agency, the data belongs to the government. The privacy controls, the access logs, and the operational targets are determined by state officials, not by engineers in Denver. An audit of Palantir cannot evaluate the systemic biases of an immigration agency's underlying database.
By demanding Palantir review itself, investors are asking a vendor to police the sovereign states that buy its products. It is an impossible, contradictory mandate.
The Hypocrisy of Sovereign Wealth Activism
There is a deeper, structural contradiction in this activist push that the financial media completely ignores. Norway’s fund is capital generated entirely by state-owned oil wealth. It is an instrument of a sovereign state. Palantir is a defense contractor that explicitly positions itself as an ideological weapon for Western democracies.
Palantir's leadership has been vocal about this. They do not sell to adversarial regimes. They build tools designed to give the US military and its allies a technological advantage.
When a state-backed fund demands a human rights review of a Western defense contractor, it creates a bizarre geopolitical paradox. The fund is essentially asking a critical defense supplier to compromise its operational secrecy or alter its product capabilities to satisfy an external ethical board.
Consider the practical implications. If a review concludes that a specific predictive policing module used by a European law enforcement agency carries a high risk of bias, what happens next? Does Palantir pull the plug on a government contract? Does a private software company dictate operational doctrine to a democratically elected government?
If the answer is yes, you have effectively outsourced democratic oversight to a tech company's compliance department. If the answer is no, the entire review process is expensive window dressing.
The True Cost of Performative Compliance
The lazy consensus says that even if these reviews are imperfect, they are a step in the right direction. They create "conversations" and "internal awareness."
In reality, they create a dangerous diversion. They allow institutional investors to claim they are doing something about ethical risk while avoiding the hard work of actual structural oversight.
When a company faces pressure over its ethics, the standard corporate playbook is predictable:
- Form a committee.
- Hire an external advisory board composed of academics and former bureaucrats.
- Publish a glossy, 80-page transparency report filled with vague promises.
- Change absolutely nothing about the underlying business model.
This compliance theater actively harms the tech sector. It drains engineering hours away from building better product governance tools and redirects them toward satisfying bureaucratic checklists. It rewards companies that are good at writing reports rather than companies that build secure, auditable code.
True ethical oversight in software does not come from a third-party committee reviewing a company’s mission statement. It comes from hardcoded, immutable product features.
How to Actually Hold Big Tech Accountable
If institutional investors actually want to manage the risks associated with data analytics and defense tech, they need to abandon the compliance checklist entirely. Instead of demanding top-down human rights reviews, they should look at the technical architecture of the products being sold.
The real questions investors should ask do not sound like human rights jargon. They sound like engineering requirements.
- Immutable Audit Logs: Does the software log every single query, data modification, and user action in a way that cannot be altered or deleted, even by system administrators?
- Granular Access Controls: Does the platform allow clients to restrict data access down to the individual cell level, ensuring users only see data they are legally authorized to access?
- Data Provenance Tracking: Can the system trace the origin of every piece of data used in an algorithmic prediction, allowing independent regulators to identify flawed or illegal inputs?
These are verifiable, technical capabilities. A platform built with robust audit logs and strict data provenance controls inherently mitigates human rights risks because it makes abuse traceable and exposes unlawful government overreach to judicial review.
If a software platform has these features, the responsibility for ethical outcomes shifts entirely to the user—where it belongs. If a platform lacks these features, it is a bad product, regardless of how many human rights policies the company signs.
Dismantling the Flawed Premises of Ethical Investing
To fix this dialogue, we have to dismantle the flawed premises that dominate the current conversation about tech and ESG.
Premise: Software companies are responsible for how governments use their tools.
Reality: A software vendor cannot legally or practically police the executive branch of a sovereign nation. Accountability must happen at the ballot box and through legislative oversight of the agencies buying the tools, not through a tech company's investor relations department.
Premise: Independent ethics boards can accurately assess algorithmic impact.
Reality: Outside observers cannot evaluate a system without access to the live, classified, or highly sensitive datasets that the system processes. Since they will never get that access, their assessments are toothless.
Investors love these reviews because they are clean. They fit into an annual sustainability report. They don't require understanding how a database pipeline works or wrestling with the messy realities of national security.
But looking at a defense contractor's high-level policy document won't tell you if its software is being used responsibly in the field. It just tells you they have an excellent legal department.
Stop demanding that software developers act as moral arbiters for the state. If you are worried about how government agencies use data analytics to violate civil liberties, don't lobby the company building the database.
Lobby the government holding the keys.
