The CIA knows when you're hitting the gym
Raytheon's RIOT software makes it easy for spooks to follow your trail across Facebook, Foursquare, and other social networks. Paranoid yet?
You know those thousands of stories people like me have written about how Facebook, Twitter, Foursquare and their various social media cousins are like a gift that keeps on giving for the International Surveillance Industrial Complex?
Turns out we were right (of course). Yesterday, the UK’s Guardian published a video created by Raytheon, one of the world’s largest defense contractors, showing a tool it developed that could mine multiple social networks and “gain an entire snapshot of a person's life – their friends, the places they visit charted on a map – in little more than a few clicks of a button.”
The tools is called Rapid Information Overlay Technology – RIOT for short. The video shows Raytheon principal investigator Brian Urch giving an online demo showing RIOT’s ability to track a Raytheon employee named Nick across the country using just the photos he’s posted to social networks.
Essentially, RIOT scans Nick’s posts for the longitude and latitude data embedded within photos to map his trail across the southern US. It also tracks his Foursquare check-ins. For example, we know Nick likes to hit the gym early most mornings. "So if you ever did want to try to get hold of Nick, or maybe get hold of his laptop, you might want to visit the gym at 6am on a Monday," Urch says in the video.
The $25 billion defense contractor denies selling RIOT to any clients, and says it’s just a “proof of concept.” On the other hand, Raytheon just received a patent for RIOT. According to a June 2010 company press release:
… Raytheon's rapid-information overlay technology for extreme-scale analytics is being shared with industry and government in an effort to create an interoperable service platform for developers and analytics suppliers… [the company] is leading efforts with industry, national labs and commercial partners to build a new analytics system that readily scales to trillions of entities.
Because the video tracks a Raytheon employee – who presumably knew about it and gave his permission – it’s unclear how much data the spooks could gather about another citizen who’s unaware of the tracking, how much RIOT relies on publicly available information, or whether the spy needs to be within your circle of friends to obtain this level of detail.
Raytheon responded to the Guardian’s story thusly:
"Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation's rapidly changing security needs.
"Its innovative privacy features are the most robust that we're aware of, enabling the sharing and analysis of data without personally identifiable information [such as social security numbers, bank or other financial account information] being disclosed."
Well, maybe, but that’s not what that video showed. And really, the notion that a) spooks will use RIOT to identify potential terrorists and other threats via their social media activity but b) someone fail to obtain their personally identifiable information? The technical term for that is bullshit.
Mining social media to identify actual people is the entire point. Claiming otherwise is absurd. The problem with using data mining like this -- aside from the fact it may well violate our Constitutional protections against unlawful search and seizure -- is that it’s too easy to make the wrong inferences from data and come to dangerously inaccurate conclusions.
It doesn’t matter if you’ve got nothing to hide and don’t care if some three-letter government agency knows when and where you go to the gym or what photos you took on your last vacation. It matters how they interpret this data. If the NSA decides you’re hitting the treadmill not to lose the beer gut but to chat up Abu Nazir, who happens to hit the exercise bike next to you two days a week and also happened to be traveling to the same cities you were just in -- you’re totally screwed. And that applies to all of your friends as well.
Is this the bargain we struck when we signed on to social media networks? I don’t think so. But it’s the reality we appear to be stuck with.
Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld onTwitter and Facebook.
Now read this: