The Palantir story Part Three of this series traced — CIA seed money, an analytical platform deployed against domestic populations, a corporate footprint that overlaps with most of the Anglosphere intelligence ecosystem — is, in the corporate-architecture sense, derivative. It is what the model looks like at scale, twenty years into its maturation. It is not what the model looked like when the model was first built.
The template was built in a different decade, by different people, in different rooms.
Between November 2005 and March 2013, in a sequence of contracts, acquisitions, ethics waivers, and federal appointments that the contemporary press largely reported as discrete events, a former senior officer of the Central Intelligence Agency rotated out of the federal government, took the chief executive position at a McLean, Virginia firm that ran the U.S. national watchlisting infrastructure, sold that firm to a Luxembourg-incorporated holding company controlled by a former British Royal Marine, oversaw a contractor breach of the United States presidential candidates' passport records, joined the new administration's national security council on a special ethics waiver, led the federal investigation into intelligence failures whose primary contractor was the firm he had just departed, and returned to the Central Intelligence Agency as its director.
The man's name was John O. Brennan. The firm was The Analysis Corporation. The Luxembourg holding company was Global Strategies Group. The British Royal Marine was Damian Perl.
The template they established between 2005 and 2013 — federally chartered watchlisting work running through a foreign-controlled corporate structure, with a revolving door between the federal government and the contractor that returned the contractor's chief executive to a more senior federal position than the one he had left — is the operating model on which every contractor mapped in this series, including Palantir, runs.
Brennan was not, in 2013 or now, an isolated figure. He was, and is, the canonical example of how the model operates. Part Four of this series describes how the canonical example was assembled.
The setup (1999–2005)
By the early years of the post-9/11 reorganization, John Brennan had been a career officer of the Central Intelligence Agency for two and a half decades.
Brennan joined the CIA in 1980 as an intelligence officer in the Directorate of Operations through the Career Trainee program — the agency's standard recruitment-and-training pipeline for officers intended for long-term operational careers. Over the following twenty years, he rose through a sequence of senior positions in the Directorate of Operations and the agency's leadership offices. Under Director of Central Intelligence George Tenet, Brennan served as Tenet's Chief of Staff from 1999 to 2001 and as Deputy Executive Director of the CIA from March 2001 to March 2003.
In March 2003 — the same month the United States invaded Iraq — Tenet appointed Brennan to head a new federal coordinating body called the Terrorist Threat Integration Center, or TTIC. TTIC's mandate was to consolidate, into a single multi-agency facility, the threat-assessment work that had until then been scattered across the CIA, FBI, NSA, State Department, Defense Department, and Department of Homeland Security. The center became operational on May 1, 2003. Brennan was its founding director.
In August 2004, Congress passed and the President signed legislation reconstituting TTIC as the National Counterterrorism Center — NCTC — under the newly created Office of the Director of National Intelligence. NCTC absorbed TTIC's functions, its personnel, and its operational facility at Liberty Crossing in McLean, Virginia. Brennan, with the approval of the President, was appointed by the Director of Central Intelligence to the interim directorship of the new NCTC in October 2004. He held the post until August 2005.
In those years — 2003 to 2005 — Brennan was, in operational terms, the senior federal official who built the post-9/11 watchlisting and threat-assessment apparatus of the entire U.S. intelligence community. The terrorist screening database, the no-fly list, the integrated watchlisting protocols that the FBI's Terrorist Screening Center would later operate against U.S. and foreign travelers — all of these were architected, in their first operational form, under Brennan's directorship.
In August 2005, Brennan stepped down from the NCTC and announced his intention to leave the federal intelligence community.
He did not leave it for long. He did not, in any meaningful sense, leave it at all.
The acquisition (November 2005)
Three months after stepping down from the NCTC, in November 2005, John Brennan was named President and Chief Executive Officer of The Analysis Corporation — a private firm in McLean, Virginia, that had been performing federal watchlisting and counterterrorism analysis work since 1990.
The Analysis Corporation, by its own corporate description on its website during Brennan's tenure, was "the Intelligence Solutions business of Global Defense Technology & Systems, Inc. … working on projects in the counterterrorism and national security realm by supporting national watchlisting activities as well as other CT requirements."
The firm had been founded in 1990 by Cecilia Hayes, a former owner and partner in Analytic Methods, Inc. In 2004, TAC was acquired by SFA, Inc., a federal contractor headquartered in McLean. Hayes remained president of TAC into 2005. When Brennan was named CEO in November 2005, the firm was already a wholly owned subsidiary of SFA and had federal watchlisting contracts active across multiple agencies of the U.S. intelligence community.
Brennan's compensation at TAC, according to documents later filed with the Securities and Exchange Commission, included a 2008 package totaling more than $750,000.
This is the structural fact of the template that the press, when it noticed at all, largely treated as a routine post-government rotation. It was not routine. The man who had spent the previous two years inside the federal government architecting the watchlisting and threat-assessment apparatus of the U.S. intelligence community had, within three months of leaving the federal government, become the chief executive of a private firm that held federal watchlisting contracts. He was now selling, back to the agencies he had just left, the systems whose design he had directly supervised.
The conflict of interest, by any conventional standard, would be plainly visible. It was not addressed by any ethics review, contracting integrity audit, or congressional inquiry of which there is a public record. Brennan continued to serve as TAC's CEO for the next four years.
In 2007, while Brennan was still running TAC, the structural picture of the firm changed in a way that the contemporary press did notice — but only briefly.
The Luxembourg acquisition (2007)
In 2007, The Analysis Corporation was acquired, through its parent SFA, by a London-based private military contractor called Global Strategies Group.
Global Strategies Group, formerly known as Global Risk Strategies, had been founded in 1998 by two British military veterans: Damian Perl, a former Royal Marine, and Charlie Andrews, a former officer in the Scots Guards. The firm had begun operations as a two-man security consultancy. By 2003 it had a small footprint in Afghanistan, providing security services for non-governmental organizations and media personnel. By 2004, following the U.S.-led invasion of Iraq, the firm had become one of the largest private military contractors operating in the country.
A March 2004 Economist feature, quoted in subsequent academic and journalistic sourcing, captured the trajectory: "Global Risk Strategies was a two-man team until the invasion of Afghanistan. Now it has over 1,000 guards in Iraq — more than many of the countries taking part in the occupation — manning the barricades of the Coalition Provisional Authority." The firm also won, in the same period, what The Economist described as a $27 million contract to distribute Iraq's new currency, the dinar, across the country following the U.S.-led de-Baathification.
By 2007, the firm was operating with approximately 1,500 mercenaries, predominantly Fijians and Gurkhas, providing security for the Coalition Provisional Authority headquarters, the Iraqi Transportation Ministry, Baghdad International Airport, and a range of other CPA, U.S. military, and Iraqi government clients. The margins on those contracts, by the accounts of former employees recorded in subsequent reporting by CNBC and CorpWatch, were what one former employee described as "outrageous."
Damian Perl, by 2007, was a multi-millionaire on the proceeds of Iraq security contracting. Former colleagues told CNBC he owned multiple Ferraris, homes in several locations around the world, and a permanent residence in a Swiss mountain village.
By 2007 he also wanted out of what Iraq-contractor industry insiders called the "Guns, Gates, and Gurkhas" business. The Iraq mercenary work was lucrative, but it carried reputational and operational risk — particularly after the 2007 Nisour Square massacre by Blackwater contractors brought intense international scrutiny to the private military contracting industry. Perl wanted to diversify into higher-margin, lower-public-profile work in U.S. national security technology.
He bought The Analysis Corporation.
The acquisition was structured through what CNBC's 2013 investigation, written by Eamon Javers, described as "a convoluted corporate structure." The North American holding company through which Global Strategies Group acquired and controlled TAC was registered in Luxembourg. The acquiring entity was not the London operating company; it was a Luxembourg-domiciled holding structure that owned the London firm.
Brennan stayed on as CEO. He was now, in his private-sector capacity, an employee of a McLean, Virginia subsidiary of a Luxembourg holding company controlled by a London-based private military contractor founded by a former British Royal Marine. The federal watchlisting systems he had directly architected inside the U.S. intelligence community were now being sold, back to the same intelligence community, on behalf of a foreign-incorporated corporate structure.
The CNBC investigation, when it was eventually published in February 2013, captured one specific concern raised by former TAC employees: that Perl's broader corporate ambitions for Global Strategies Group had included exploring contract work for the Chinese government. "Damian Perl wanted to go global," one former employee told CNBC. "And all the people like John Brennan were going: 'What the hell? We can't sell this stuff to the Chinese.'" No sources contacted by CNBC suggested that Global Strategies Group had actually sold sensitive intelligence software from The Analysis Corporation to Chinese firms. The administration official who spoke to CNBC said that "it seems like John Brennan did the right thing at the time — objected to any conflicts."
What the public record demonstrates, regardless of the resolution of that specific conflict, is the structural shape of the arrangement. By 2008, the man who had architected the U.S. watchlisting apparatus inside the federal government was the chief executive of a privately held federal contractor that ran the apparatus, on behalf of a Luxembourg holding company controlled by a private military entrepreneur whose previous business had been Iraq mercenary contracts, who at one point was reportedly considering business in China.
The breach (March 2008)
In March 2008, the Department of State publicly disclosed that the United States passport records of three sitting United States Senators — Barack Obama of Illinois, Hillary Clinton of New York, and John McCain of Arizona — had been improperly accessed by contractors with privileged database access. All three Senators were, at the time of the breach, candidates in the United States presidential election then underway.
The State Department's initial public disclosure named four contractors as the entities whose employees had performed the unauthorized accesses. The contractors were not identified by name in the initial press conference; they were described as "two State Department contractors." Subsequent press reporting and congressional inquiry identified two of the contractors. One of them was The Analysis Corporation.
The TAC contractor responsible, according to the press reporting and the firm's own subsequent statements, was a retired State Department employee who had been hired by TAC to perform consular records review work and who had retained, in his capacity as a private-sector consultant, the same privileged database access he had held as a federal employee. The contractor was, according to the State Department, "disciplined." He was not, according to public records, criminally charged. TAC itself faced no public sanction beyond the disclosure.
The breach was framed in the contemporary press as a story about State Department contracting integrity rather than about the firm doing the contracting. The press cycle on the story ran for approximately three news cycles. The campaign-season political angle — the impropriety of accessing presidential candidates' personal records — overshadowed the structural angle of the firm responsible.
The structural angle, in retrospect, is the important one. The Analysis Corporation, the firm whose contractor had improperly accessed the passport records of all three remaining candidates in the U.S. presidential election, was simultaneously the firm running the national watchlisting database against U.S. citizens and foreign travelers, simultaneously the firm whose CEO had architected that watchlisting apparatus inside the federal government, simultaneously the firm whose ultimate corporate parent was a Luxembourg-registered holding company controlled by a foreign private military entrepreneur.
No federal investigation of TAC's corporate structure, ownership, or systemic database-access controls was conducted in the aftermath of the breach that has been made public. The contractor was disciplined. The firm continued operations. Brennan continued as CEO.
Eight months after the breach, in November 2008, the candidate whose passport records his firm's contractor had accessed was elected to the presidency.
The waiver (January 2009)
In January 2009, with the new administration not yet inaugurated, the President-elect's transition team announced that John Brennan had been named Homeland Security Adviser and Deputy National Security Adviser for Counterterrorism in the incoming administration. Brennan would, according to the announcement, "join the Obama-Biden Transition Team as a Team Lead for the Intelligence Community Review."
The Analysis Corporation, on its own corporate website at the time, posted the announcement in its News & Events section, beginning the post with: "John O. Brennan to join the Obama-Biden Transition Team."
Brennan's connections to TAC were sufficiently extensive that, upon entering the new administration, the White House ethics office required him to obtain a special waiver to lead the federal investigation into the intelligence failures surrounding the Christmas Day 2009 Underwear Bomber attack. The investigation's scope included review of the performance of the federal watchlisting infrastructure that had failed to flag the bomber, Umar Farouk Abdulmutallab, despite warnings from his own father to the U.S. Embassy in Nigeria.
The federal watchlisting infrastructure under review was, in its operational design and in its day-to-day software deployment, the system Brennan himself had architected at the NCTC and that his own former firm, The Analysis Corporation, was at that moment under contract to maintain. The investigation was, in effect, an investigation of the work product of TAC. It was being led by TAC's most recent CEO, on a special waiver from the federal ethics rules that would have otherwise prohibited his participation.
The investigation, when it concluded, made a series of structural recommendations about watchlisting protocols and threat-evaluation workflows. It did not, in any portion of the public report, recommend any structural change to the contractor architecture under which the watchlisting infrastructure operated. The federal contracts continued. TAC's revenue continued.
The succession (2012–2013)
In 2012, four years after the Luxembourg acquisition and three years into Brennan's tenure at the White House, The Analysis Corporation was formally dissolved. Its operations were absorbed into Sotera Defense Solutions, the renamed successor of Global Defense Technology & Systems — the U.S. holding company that Global Strategies Group had taken public on the NASDAQ in 2009.
The Luxembourg corporate structure remained.
The federal watchlisting contracts were re-papered under the new Sotera Defense Solutions corporate identity. They did not change in scope or operation. The contractor was, in operational terms, the same contractor. Only the letterhead had changed.
In March 2013, John O. Brennan was confirmed by the United States Senate as the Director of the Central Intelligence Agency.
He served as CIA director for the next three years and ten months, until January 2017.
What the template established
This is the template.
CIA seed money into a Silicon Valley analytical company through a chartered venture vehicle — that part is Palantir's contribution, established in parallel in 2005 by In-Q-Tel.
But the older, more foundational half of the template, established three months later in November 2005 and matured through 2013, is the Brennan-and-TAC architecture. A foreign-incorporated corporate structure — in this case a Luxembourg holding company — controlling a McLean, Virginia firm that runs U.S. national watchlisting systems. A former senior CIA officer rotating from agency to contractor to White House and back to agency, with the architecture he helped build continuing to operate, untouched, across every rotation. A contractor breach of presidential candidates' personal records that produced no federal investigation of the contractor's corporate structure. A special ethics waiver that permitted the contractor's former CEO to investigate the contractor's own work product. A formal absorption of the contractor into a publicly traded successor entity with the foreign holding structure preserved. And a return of the contractor's former CEO, three administrations later, to the senior federal intelligence office for which he had first joined the federal workforce twenty-five years before.
By 2013, the model was no longer novel.
By 2025, it was the operating system.
Every contractor mapped in this series — Palantir, Barbaricum, Carahsoft, Zignal, Giant Oak, and the contractors Parts Five and Six of this series will name — operates inside the architectural envelope the Brennan / TAC / Global Strategies Group sequence established. Foreign-controlled holding structures at one or more layers of the corporate stack. Federal contracts running through firms whose ultimate beneficial owners are not, in any meaningful sense, accountable to U.S. domestic law. Senior federal personnel rotating freely between the agencies and the contractors that serve them. No structural ethics review of the rotation. No structural integrity review of the contractor architecture.
The Brennan template is not unusual.
It is the model.
It is what success in the federal national-security contractor estate looks like.
The lineage continues
The Brennan template, established 2005–2013, did not stop with Brennan. The men who built the Bush-era federal national-security contractor ecosystem rotated, in the same years and after, into a constellation of private-sector vehicles that are now operating at scale across the federal government.
One of those men ran the post-9/11 Treasury financial-intelligence regime — supervising FinCEN, OFAC, and the entire Office of Terrorism and Financial Intelligence — and left government to co-found a fintech sitting on top of the same algorithmic technology that, eighteen months ago, ICE began deploying on American Facebook posts.
Another man, in the same Bush administration, served as Chief of Staff to the Commissioner of U.S. Customs and Border Protection, then moved to a Defense Department-funded research role at DARPA where he worked on a classified Afghan war-zone counterinsurgency surveillance program, then commercialized the methodology of that program as the founder of the firm — Giant Oak — whose software ICE has now paid more than ten million dollars to deploy against visa applicants and the social media speech of American citizens, with the targeting algorithm tuned, in DHS's own internal documents released under court order, to filter Arabic naming conventions.
Both men are still active. Both men are still inside the architecture. Both men are the subject of Part Five of this series.
The template is not historical. It is the current operating system. It is operating on you, right now, through licenses your tax dollars have purchased on your behalf.
What's coming
Part Five — The Seam
The story that resolves the agency list from Part One. Where the DHS surveillance pipeline meets the Treasury financial-intelligence regime. Two men. Two firms. One algorithm. Many vulnerable populations. The CBP Chief of Staff who became a DARPA Afghan war-zone counterinsurgency researcher who founded Giant Oak. The first-ever Assistant Secretary of the Treasury for Terrorist Financing, the architect of the Office of Terrorism and Financial Intelligence, the man who supervised FinCEN and OFAC for the Bush administration, who left government and co-founded the fintech sitting on top of the same algorithmic technology that ICE now uses on American Facebook posts. The "federated learning" model. The Coinbase loop. The Vatican Financial Authority. The seam is where the architecture is the most exposed and the least reported.