backtop


Print 45 comment(s) - last by lexluthermiest.. on Feb 16 at 2:41 AM

Software was pitched to the U.S. government, but not yet sold

Raytheon Comp. (RTN) has created a social networking tracking program called Rapid Information Overlay Technology -- or "RIOT", for short -- which is building a database of trillions of pieces of data on millions of users' social networking profiles.  The software digs into the usual suspects -- Facebook, Inc.'s (FB) ubiquitous social network, popular microblogging site Twitter, and FourSquare, whose location-aware apps boast 25 million users.

I. RIOT is Watching You

The idea of RIOT is to allow government agents to in a click or two examine both your behavior history, and more interestingly (or alarmingly) predict your potential future actions.

Today, mobile client use has finally overtaken desktop use for Facebook, the world's largest network.  But hidden in most mobile posts by Facebook's over 1 billion users is an information is an "exif" information tag, a special string that identifies the latitude and longitude the user posted from.  By mining exif data publicly available posts (or alternatively creating Facebook softbots to friend users and lure them into RIOT's circle of friendship), RIOT is capable of tracking citizens' daily movements.

In a video, Brian Urch, principle investigator on the RIOT project at Raytheon describes, "We're going to track one of our own employees."


By mining the publicly available information, the demo shows how the client determined that "Nick" commonly frequents Washington Nationals Park.  It even shows off a photo of a blonde whom Nick posed with at the park.

But RIOT's most powerful capability is trying to analyze the future.  Its spidery webs of information spread out, assessing the trends in Nick's behaviors.  It makes a discovery --  Nick goes to the gym each day at 6 a.m.

Mr Urch comments, "... So if you ever did want to try to get hold of Nick, or maybe get hold of his laptop, you might want to visit the gym at 6am on a Monday."

He encourages users with questions to shoot him an email at brian.urch@raytheon.com.

II. Raytheon Fights to Keep Video Demo Secret

The video was never meant to be seen by the eyes of the public.  Raytheon asked Guardian, the top UK newspaper who obtained the video, not to post it.  Comments Raytheon's spokesperson:

Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation's rapidly changing security needs.

Its innovative privacy features are the most robust that we're aware of, enabling the sharing and analysis of data without personally identifiable information [such as social security numbers, bank or other financial account information] being disclosed.

But Raytheon's argument that the product was "proof of concept" was not enough to convince Guardian not to post the video.  But even before the video, clues about RIOT were leaking out.  A patent application filed by Raytheon in December -- -- contained details relating to the data mining technology in the software.

Watchful eye
[Image Source: Alex's Archives]

In an interview with Guardian, Ginger McCall, an attorney at the Washington, D.C.-based Electronic Privacy Information Center (EPIC), complains, "Social networking sites are often not transparent about what information is shared and how it is shared.  Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search."

III. RIOT is Even Better at Playing Big Brother Than Perfect Citizen

Raytheon, whose sales accounted for $25B USD in revenue last year, has reportedly not sold the software to any nation state clients -- yet.  It reportedly demoed the software to the U.S. government at a trade show in April.

President Obama has committed $200M USD to "big data" spending -- including efforts to track citizens online.  The Obama Administration has stated multiple times publicly that it seeks to protect citizen rights/expectations of privacy, but internally it's often fought to step up intrusive monitoring, arguing that such procedures are necessary to fight the shadowy ambiguous "terrorist" threat.

Raytheon is also authorized to export the software to foreign nations/corporations interested in using the "stalking software" on their targets, acccording to the "EAR99" designation in trade documents obtained by Guardian.  EAR99 indicates that the software can "be shipped without a [government] licence to most destinations under most circumstances."

The company already has one lucrative $100M USD counterterrorism contract from the U.S. National Security Agency (NSA).  Dubbed "Perfect Citizen", the NSA software aims to deploy digital "sensors" (scripts) to detect impending cyberattacks on U.S. networks.  Some privacy experts have complained that Perfect Citizen was a guise for "Big Brother" style tracking.

Obama Big Brother
President Barack Obama has pushed for $200M USD in "big data" spending.
[Image Source: Fits News]

The NSA claims "Perfect Citizen" is a research and development project, and not fully deployed.  But EPIC obtained documents that “suggest the program is operational and confirmed, and that Raytheon was contracted to develop and deploy certain components."

By contrast RIOT takes a narrower aim at popular civilian internet activities.  That means it will likely serve little use in combatting terrorists (who are unlikely to post, tweet, or "check-in" during their evil escapades).  However, it does make the perfect tool for companies -- or governments -- to stalk citizens, and Raytheon is eager to turn that interest into sweet cash.

Sources: Guardian, YouTube



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Public Data
By JasonMick (blog) on 2/11/2013 4:34:51 PM , Rating: 4
quote:
'm not intending this to in any way defend or justify what the software does; however, it is using mining publicly available data. In other words, there is nothing preventing any other person, government, corporation or other organization from analyzing the exact same data and drawing the same trending conclusions. So, if you're uncomfortable with the information being analyzed and the conclusions that can be drawn from it, it would be best to limit the information you make publicly available in the first place.

I'm not aware of any way in which U.S. law could be reasonably expected to prevent a foreign entity from doing this, so in my mind the issue isn't limited to the U.S. government and the perception of it becoming a "police state." The implications of what can be done with all of the data we throw out there goes far beyond just that.

By mining exif data publicly available posts (or alternatively creating Facebook softbots to friend users and lure them into RIOT's circle of friendship),

...now again, if you're extremely cautious you can avoid that, but there is substantial risk.

I get the argument "Raytheon is a free company, it's obstructionism to stop them from selling their snooping/stalking product."

But remember, you are PAYING for that stalking product in affect, by allowing agencies like the NSA to paying hundreds of millions to Raytheon for its other spying programs...

Ask yourself whether you're comfortable with that.


RE: Public Data
By IS81 on 2/11/2013 4:47:08 PM , Rating: 2
Agreed. As I said, I'm not defending this in any way. I'm not comfortable with it myself. The point I was trying to make is that so long as the data is out there, anyone with sufficient time, resources, and motivation could do the same thing; e.g. foreign entities over which we (the U.S.) have no control.


RE: Public Data
By JasonMick (blog) on 2/11/2013 5:09:34 PM , Rating: 3
quote:
Agreed. As I said, I'm not defending this in any way. I'm not comfortable with it myself. The point I was trying to make is that so long as the data is out there, anyone with sufficient time, resources, and motivation could do the same thing; e.g. foreign entities over which we (the U.S.) have no control.
I gotcha. And I agree, users are too free with their data.

That said, I think you're missing the point a bit.

The KEY thing here is that the kind of tracking is pervasive and focuses on low level targets. High level targets (e.g. politicians, etc.) are going to have handlers and aren't going to let this kind of info carelessly leak out (in most cases).

To that extent, I think the key thing you're missing is that it does not matter what foreign governments do.

Because foreign governments are NOT going to be terribly interested in tracking low-level U.S. citizens.

Interest in such a tool is almost certain to solely come primarily from entities like:
+ Domestic spying programs
+ Nosy companies
+ Stalkers

...I agree, it's good not to post private information. But to a degree meaningless private details are somewhat safer for most citizens to post, in that hostile foreign sources would have little or no interest in them. However, that makes the important assumption that your government isn't trying to spy on you and that you aren't being stalked by one or more people online.

The greatest threats, in this case, are the threats near to home.


RE: Public Data
By Spuke on 2/11/2013 5:53:35 PM , Rating: 2
I think you're missing his point Jason. He's not even talking about foreign governments specifically. You or I could gather this information also which he mentions. It's freely available. Raytheon and any other US entity could collect and use this info and sell it to whoever. You could collect and sell it. I do wonder how the NSA can purchase this info (if they really are) legally as it violates the spirit of a certain law that prohibits them from doing so without a warrant. Although there is a time delay before they have to stop collecting. Loophole perhaps?


RE: Public Data
By JasonMick (blog) on 2/11/2013 6:20:22 PM , Rating: 1
quote:
I think you're missing his point Jason. He's not even talking about foreign governments specifically. You or I could gather this information also which he mentions. It's freely available. Raytheon and any other US entity could collect and use this info and sell it to whoever. You could collect and sell it. I do wonder how the NSA can purchase this info (if they really are) legally as it violates the spirit of a certain law that prohibits them from doing so without a warrant. Although there is a time delay before they have to stop collecting. Loophole perhaps?
And that's why my data is private (at least what I want to keep private). :)

I wasn't sure quite what his central focus was, but he did talk quite a bit about foreign governments, so I figured that was the main point.

As to domestic monitoring, I agree this is dangerous from a "stalking tools" perspective, but I think the danger from the government is far greater, as they're pouring hundreds of millions into this.

One thing to remember too, is that you or I could certainly on a small scale go out and monitor certain profiles' exif info, etc., but most users lack the technical sophistication to realize they can do so.

A full-fledged commercial option for the less tech savvy would require finding enough creeps to finance buying hardware to store and continuously monitor millions of domestic users -- a tenuous business model. Convincing an increasing Orwellian federal government to buy that hardware is a far easier pitch.

Of course smaller scale "sleuthing" will occur so to speak, but someone could always hire a PI to just tail someone IRL, so that's nothing new or different.

What concerns me more is the ubiquitous/pervasive nature of this monitoring, which is only possible via the gov't dumping massive amounts of money into defense companies who do these kinds of projects.


RE: Public Data
By IS81 on 2/11/2013 6:36:20 PM , Rating: 2
quote:
I wasn't sure quite what his central focus was, but he did talk quite a bit about foreign governments, so I figured that was the main point.


Well, yes and no. I guess the point I was trying to make underneath it all is that if you're going to write your congressman about this or something, you'd likely do more good in the long run by focusing on protecting the data at it's source (facebook, twitter, etc.), than you would by trying to terminate Raytheon's specific snooping endeavors.

Expecting the average user to know how to protect themselves, or that there's a risk in the first place, is probably unrealistic at best. Attempts to increase awareness (like this article) are still worthwhile, but I don't think we'll see these types of big data efforts go away until/unless the sources of the data (facebook, twitter, etc.) are required to improve their privacy practices in such a way as to make them sufficiently impractical for any entity, foreign or domestic, private or public.


RE: Public Data
By IS81 on 2/11/2013 6:23:35 PM , Rating: 2
quote:
Because foreign governments are NOT going to be terribly interested in tracking low-level U.S. citizens.


In general, this is true. Recent events involving the NYT and WSJ, as well as other incidents, would suggest that there are those among the "low-level" U.S. citizenry that foreign governments might be interested in (notably former citizens of said country and otherwise ordinary U.S. citizens with access to classified data.) This is admittedly a relatively small number of people.

That said, I do appreciate your point regarding domestic spying. Personally, I'm more paranoid about nosy companies than I am about the government in this particular case - and the odds of me ever having a stalker are as close to zero as possible - but I can certainly understand why others might rank these differently.


RE: Public Data
By Schrag4 on 2/12/2013 8:16:59 AM , Rating: 2
quote:
By mining exif data publicly available posts (or alternatively creating Facebook softbots to friend users and lure them into RIOT's circle of friendship),
...now again, if you're extremely cautious you can avoid that, but there is substantial risk


If you have to be extremely cautious not to add a softbot to your friend list then you're using FB wrong. That's like saying that people who text have to be extremely cautious not to fall into uncovered manholes or fountains in malls. You'd think it would be common sense to only add people that you know on FB, or to watch where you're going when you walk, but millions of people apparently lack common sense.

Oh, and I also don't want to pay for our govt to spy on us, but I agree that them going over the info that we post online, where there is no expectation of privacy, is pretty much the least of our concerns. How about if you don't want someone seeing something you don't post it on FB, m'kay?


RE: Public Data
By Ammohunt on 2/12/2013 11:23:07 AM , Rating: 2
if i were the NSA i would just write or piggy back on an innocuous Facebook application that everyone wants or uses with the permissions needed to access users friends lists. Its much easier than adding a bogus NSA friend most people blindly click when apps prompt them for access. I would do the same for Smartphones as well to broaden my data collection.


RE: Public Data
By Schrag4 on 2/12/2013 12:39:58 PM , Rating: 2
My point is that crying foul over the govt mining FB data is incredibly naive. There's absolutely no expectation of privacy for anything you submit to FB, or to anywhere on the web, really. That, and the NSA and other agencies are ALREADY doing FAR "WORSE" things, from a privacy-intrusion standpoint. I wouldn't waste time complaining about how Mr. Z. and others handle the FB data that you submit (it's no longer your data anyway) when there are things like warrentless wiretaps, warrentless planting of GPS trackers, and such going on.

Or to put it another way, those in power are positively elated that you would choose to waste your attention on such a relatively trivial intrusion and forget about the much bigger ones occurring all around you.


RE: Public Data
By Ammohunt on 2/12/2013 12:49:56 PM , Rating: 2
That is a very valid point the tools you really need to worry about are the ones that don't get leaked to the public. I agree! if you post a rant online and the authorities come down hard on you its your own stupid fault.


RE: Public Data
By MrBlastman on 2/12/2013 2:41:09 PM , Rating: 2
quote:
using FB is wrong


Correction.

I'm 100% Facebook free and I love it! You can't be tracked if there is no account to begin with.

People are fools to put their entire personal life online. Leave it to photo albums, phonecalls and meetings over coffee. Or how about getting together with family over the holidays? What happened to all that?

The only thing that is relevant is Facebook is irrelevant.

But, I guess social media makes some people feel important. Hope they enjoy being important enough to be monitored by their lovely, friendly, always on the lookout to protect them Federal Government.


RE: Public Data
By Schrag4 on 2/13/2013 1:22:04 PM , Rating: 2
quote:
I'm 100% Facebook free and I love it! You can't be tracked if there is no account to begin with .


Perhaps not having a FB account puts you on some list. Didn't they say a while back that not having a FB account was a red flag?

*adjusts tin-foil hat*


RE: Public Data
By lexluthermiester on 2/16/2013 2:41:06 AM , Rating: 2
Seriously? Making your online presence minimal is a good ideal! Period!


"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki