by Pratap Chatterjee
Raytheon, a U.S. military manufacturer, is selling a new software surveillance package named “Riot” that claims to predict where individuals are expected to go next using technology that mines data from social networks like Facebook, Foursquare and Twitter.
Based just outside of Boston, Massachusetts, Raytheon sells $25 billion worth of equipment a year to military clients like the Pentagon. Some of its most famous products include Sidewinder air-to-air missiles, Maverick air-to-ground missiles, Patriot surface-to-air missiles and Tomahawk submarine-launched cruise missiles.
Raytheon’s Rapid Information Overlay Technology (Riot) software extracts location data from photos and comments posted online by individuals, and then analyzes this information to create a variety of spider diagrams to show where the individuals like to go, what they like to do and whom they communicate with.
A video demonstration of the software was recently published online by the Guardian newspaper. In it, Brian Urch of Raytheon shows how Riot can be used to track “Nick” – a company employee – to predict that the best time and place to steal his computer or put spy software on it.
“Six a.m. appears to be the most frequently visited time at the gym,” says Urch in the video, which is dated November 2010. “So if you ever did want to try to get a hold of Nick – or maybe get a hold of his laptop – you might want to visit the gym at 6:00 a.m. on Monday.”
“Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation’s rapidly changing security needs,” Jared Adams, a spokesman for Raytheon’s intelligence and information systems department, told the Guardian.
Adams says that nobody has bought the software – which is still under development – yet. However, company filings indicate that Riot is classified as an “Export Administration Regulations 99″ item which allows it to be sold or exported to any client.
But it is certainly true that a number of U.S. government agencies have been eagerly pursuing surveillance software to exploit the vast quantities of data that individuals are posting online about themselves. In January 2012 the Federal Bureau of Investigation posted a request for an application that would allow it to “provide an automated search and scrape capability of social networks including Facebook and Twitter … and (i)mmediately translate foreign language tweets into English.”
Last month the U.S. Transportation Security Administration asked contractors to propose applications “to generate an assessment of the risk to the aviation transportation system that may be posed by a specific individual” using “specific sources of current, accurate, and complete non-governmental data.” The initial plan is to use it to screen volunteer flyers who will be offered the benefits of “expedited screening lanes … leave on their shoes, light outerwear and belts, as well as leave laptops and … compliant liquids in carry-on bags.”
Privacy activists say that the Riot package is troubling. “This sort of software allows the government to surveil everyone,” Ginger McCall, the director of the Electronic Privacy Information Center’s Open Government program, told NBC News. “It scoops up a bunch of information about totally innocent people. There seems to be no legitimate reason to get this.”
“(T)he government has no business rooting around people’s social network postings—even those that are voluntarily publicly posted—unless it has specific, individualized suspicion that a person is involved in wrongdoing,” writes Jay Stanley, a senior policy analyst at the Speech, Privacy and Technology Project of the American Civil Liberties Union. “Among the many problems with government “large-scale analytics” of social network information is the prospect that government agencies will blunderingly use these techniques to tag, target and watchlist people coughed up by programs such as Riot, or to target them for further invasions of privacy based on incorrect inferences.”
Indeed, it would also be possible for a tech-savvy malcontent to lead security officials on a wild goose chase, or even deliberately frame anyone they wanted.