The Chain of Custody Nobody Authorized

The story begins with a dataset that was never supposed to leave the health system. In January, officials at the Centers for Medicare and Medicaid Services shared data on millions of Medicaid recipients with Immigration and Customs Enforcement — improperly, according to the more than 20 Democratic state attorneys general suing over the arrangement. New court filings reveal what happened next: ICE passed that data to Palantir, the data-analytics contractor, where it fed an application called ELITE that displays the addresses of noncitizens who may be subject to deportation.

Health records collected to administer medical coverage, in other words, became targeting data — for an app.

"It Was Shared Over a Teams Chat"

The filings' most striking details concern how casually the data moved. Asked what federal officials did to ensure the improperly shared data was purged, the government's answer was that it had been shared over a Microsoft Teams chat, and deleted from the chat. Then came the admission that undercuts even that reassurance: the Justice Department acknowledged that CMS had inadvertently reshared the same multimillion-name dataset with ICE — again.

This lands in front of a judge who saw it coming. In an April hearing, Judge Vince Chhabria warned the government that continued improper sharing of citizens' and legal immigrants' data would jeopardize its ability to use Medicaid data in deportation efforts at all. The new filings ask the court to act on that warning.

Why This Is a Technology Story

The privacy failure here isn't hypothetical — it's architectural. Modern government datasets are interoperable by design, and contractors like Palantir exist precisely to fuse them. That fusion is the product. When a health-coverage database can flow through an enforcement agency into a contractor's targeting application via a chat thread, the traditional walls between government functions — health, immigration, policing — have effectively ceased to exist as technical controls. They survive only as legal ones, enforced after the fact, in litigation like this.

For the millions in the dataset — including US citizens and legal residents — there is no notification, no opt-out, and no way to know whether their address now sits in a deportation-targeting tool. That asymmetry, more than any single violation, is what the attorneys general are asking the court to confront.

What Happens Next

The court must now decide whether the government's repeated "inadvertent" sharing triggers the consequences Judge Chhabria outlined. Watch three things: whether the court orders verified deletion with independent auditing rather than accepting chat-thread cleanup; whether Palantir itself faces discovery about what ELITE ingested; and whether Congress — which has held hearings on government data-sharing before — treats this as the systemic design failure it is, rather than a one-off breach.

The case continues in federal court in California.