A multinational security firm has secretly developed software capable of tracking people’s movements and predicting future behavior by mining data from social networking Web sites.
A video obtained by the Guardian reveals how an “extreme-scale analytics” system created by Raytheon, the world’s fifth-largest defense contractor, can gather vast amounts of information about people from Web sites including Facebook, Twitter and Foursquare.
Raytheon says it has not sold the software — named RIOT, or Rapid Information Overlay Technology — to any clients. However, the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analyzing “trillions of entities” from cyberspace.
The power of RIOT to harness Web sites for surveillance offers a rare insight into techniques that have attracted interest from intelligence and national security agencies, at the same time prompting civil liberties and online privacy concerns.
Using RIOT it is possible to gain a picture of a person’s life — their friends, the places they visit charted on a map — in little more than a few clicks of a button.
In the video obtained by the Guardian, Raytheon’s “principal investigator” Brian Urch explains that photographs which users post on social networks sometimes contain latitude and longitude details — automatically embedded by smartphones within so-called “exif header data.”
RIOT pulls out this information, showing the location at which the pictures were taken. RIOT can display online associations and relationships using Twitter and Facebook and sift GPS location information from Foursquare, a mobile phone app used by more than 25 million people to alert friends of their whereabouts. The Foursquare data can be used to display, in graph form, the top 10 places visited and the times at which they visited them.
Mining from public Web sites for law enforcement is considered legal in most countries. However, Ginger McCall, a lawyer at the Washington-based Electronic Privacy Information Center, said the Raytheon technology raised concerns about how user data could be covertly collected without oversight or regulation.
“Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the RIOT search,” McCall said.
Raytheon, which made sales worth an estimated US$25 billion last year, did not want its RIOT demonstration video to be revealed on the grounds that it says it shows a “proof of concept” product that has not been sold to any clients.
Jared Adams, a spokesman for Raytheon’s intelligence and information systems department, said in an e-mail: “RIOT is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation’s rapidly changing security needs. Its innovative privacy features are the most robust that we’re aware of, enabling the sharing and analysis of data without personally identifiable information being disclosed.”
In December last year, RIOT was featured in a new patent Raytheon is pursuing for a system to gather data on people from social networks, blogs and other sources to identify whether they might be a security risk.
In April, RIOT is scheduled to be showcased at a US government and industry national security conference for secretive, classified innovations, where it was listed under the category “big data — analytics, algorithms.”