SALT LAKE CITY — Banjo, a Utah tech firm at the center of controversy last year over its founder's alleged white supremacist past, mischaracterized its software to the Utah Attorney General's Office but didn't improperly use sensitive personal information when it contracted with the agency, a state audit found.
Utah State Auditor John Dougall's office conducted an audit of Banjo's Live Time software, which had the capability of scanning millions of social media posts to identify when and where criminal activity is happening. Dougall's office announced the findings of the audit in a Tuesday news release.
Utah Attorney General Sean Reyes' office awarded a $20.7 million contract to Banjo in 2019. But the deal fell apart last year after details surfaced about Banjo founder Damien Patton's alleged involvement with a chapter of the Dixie Knights, a Ku Klux Klan group, active in the Nashville area in the late 1980s and early 1990s.
Banjo suspended all data collection efforts with the state of Utah in April 2020, and Patton resigned from the company in May. The company appears to have disbanded since then; Banjo's website is no longer active, and its LLC is expired, according to Utah Division of Corporations and Commercial Code records.
The audit of Live Time's artificial intelligence found that its actual capabilities didn't match the claims made by Banjo when the company responded to the attorney general's office's request for proposals.
"Many of the claims made in the (request for proposals) that would have been of most interest to (Reyes' office) did not appear to exist in the currently available product," the audit said.
In one example, the company claimed its software could help solve a simulated child abduction. The attorney general's office didn't verify the software's ability to do such a thing, instead taking Banjo representatives at their word, the audit said.
But because Live Time wasn't as sophisticated as originally advertised, it is less likely that the system would have been able to access, transfer or use Utahns' personally identifiable information than auditors initially feared, according to the audit. The Live Time artificial intelligence "appeared to lack the algorithmic sophistication that would have posed the risk of inappropriate discrimination," the audit said.
Other competing vendors may have been able to do what Banjo ultimately did for the state, the audit concluded.
Additionally, the lack of vetting of key Banjo personnel, including Patton, was a "significant concern" for the auditing commission, the audit said.
"The lack of a rigorous background check process is heightened when one has the potential to access sensitive (personal information) as well as the capability to steer law enforcement investigatory resources," the audit said.
In a letter responding to the audit's findings, Reyes said Banjo was still building out the Live Time software when the company's contract was suspended last year. The attorney general's office was aware that the company planned to integrate more privacy measures into the system, but had not done so yet.
"Throughout the contracting and fulfillment process, it was well understood by both Banjo and the State that more privacy-safe inputs would come online before we realized the full capabilities of the Live Time system," Reyes wrote.
The attorney general also said that there are currently no requirements for his office to investigate companies or their employees during the request for proposals process. Despite that, the office conducted interviews with people who knew Patton, including colleagues, tech experts and leaders of other companies.
But the details about Patton's past that came to light were found in sealed records that wouldn't have been available to the attorney general's office even in a robust criminal background check, Reyes said.
"Based on our first-hand experience and close observation, we are convinced the horrible mistakes of the founder's youth never carried over in any malevolent way to Banjo, his other initiatives, attitudes, or character," Reyes said.
Reyes added that he will continue to protect Utahns and seek out new technology to do so.
"The Attorney General's Office is committed, as always, to protect all the rights of Utah citizens. This includes civil liberties as well as freedom from predatory violence and other crimes," he wrote. "I will continue to use cutting-edge technology to keep Utah safe and will do so within the guidelines recommended by this Commission."
As part of the audit of Banjo, the Commission on Protecting Privacy and Preventing Discrimination, spearheaded by Dougall's office, came up with 12 recommendations that government entities should consider before contracting with a tech company that offers artificial intelligence or machine learning technology.
The commission announced the 12 recommendations last month:
- Limit sharing of sensitive data
- Minimize sensitive data collection and accumulation
- Validate technology claims, including capability review
- Rely on objective, repeatable metrics
- Assess threat models
- Perform in-depth review of artificial intelligence or machine learning algorithms
- Demonstrate privacy compliance: privacy-specific items and protection
- Review steps taken to mitigate discrimination
- Determine ongoing validation procedures
- Require vendor to obtain consent of individuals contained within training datasets
- Vet key vendor personnel
- Evaluate vendor corporate management and vendor solvency
"I recognize the challenges of finding innovative ways to better perform critical government functions. I also understand the complexities of translating one's vision into operational tools," Dougall said Tuesday. "I commend government entities who continually strive to strengthen operations while saving money, despite the hurdles encountered pursuing those objectives."
More information is available at auditor.utah.gov.
The full Live Time audit is available at reporting.auditor.utah.gov/servlet/servlet.FileDownload?file=0151K0000042i9lQAA.