Dear Friends,
Be Well.
David
Software that tracks people on
social media created by defence firm
Exclusive: Raytheon's Riot program mines social network
data like a 'Google for spies', drawing ire from civil rights groups
Email
- Ryan
Gallagher
- The Guardian, Sunday
10 February 2013 15.20 GMT
A multinational security firm has secretly
developed software capable
of tracking people's movements and predicting future behaviour by mining data
from social networking websites.
A video
obtained by the Guardian reveals how an "extreme-scale analytics" system created
by Raytheon, the world's fifth largest defence contractor, can gather vast
amounts of information about people from websites including Facebook, Twitter
and Foursquare.
Raytheon says it has not sold the software – named
Riot, or Rapid Information Overlay Technology – to any clients.
But the Massachusetts-based company has acknowledged
the technology was shared with US government and industry as part of a joint
research and development effort, in 2010 , to help build a national
security system capable of analysing "trillions of entities" from
cyberspace.
The power of Riot to harness popular websites for
surveillance offers a rare insight into controversial techniques that
have attracted
interest from intelligence and national security agencies, at the same time prompting civil liberties and
online privacy concerns.
The sophisticated technology demonstrates how the same
social networks that helped propel the Arab Spring revolutions can be transformed
into a "Google for spies" and tapped as a means of monitoring and
control.
Using Riot it is possible to gain an entire snapshot
of a person's life – their friends, the places they visit charted on a map – in
little more than a few clicks of a button.
In the video obtained by the Guardian, it is explained
by Raytheon's "principal investigator" Brian Urch that photographs
users post on social networks sometimes contain latitude and longitude details
– automatically embedded by smartphones within "exif header data."
Riot pulls out this information, showing not only the
photographs posted onto social networks by individuals, but also the location
at which the photographs were taken.
"We're going to track one of our own
employees," Urch says in the video, before bringing up pictures of
"Nick," a Raytheon staff member used as an example target. With
information gathered from social networks, Riot quickly reveals Nick frequently
visits Washington Nationals Park, where on one occasion he snapped a photograph
of himself posing with a blonde haired woman.
"We know where Nick's going, we know what Nick
looks like," Urch explains, "now we want to try to predict where he
may be in the future."
Riot can display on a spider diagram the associations
and relationships between individuals online by looking at who they have
communicated with over Twitter. It can also mine data from Facebook and sift
GPS location information from Foursquare, a mobile phone app used by more than
25 million people to alert friends of their whereabouts. The Foursquare data
can be used to display, in graph form, the top 10 places visited by tracked
individuals and the times at which they visited them.
The video shows that Nick, who posts his location
regularly on Foursquare, visits a gym frequently at 6am early each week. Urch
quips: "So if you ever did want to try to get hold of Nick, or maybe get
hold of his laptop, you might want to visit the gym at 6am on a Monday."
Mining from public websites for law enforcement is
considered legal in most countries. In February last year, for instance,
the FBI
requested help to develop a social-media mining application for monitoring "bad actors or groups".
However, Ginger McCall, an attorney at the
Washington-based Electronic Privacy
Information Centre,
said the Raytheon technology raised concerns about how troves of user data
could be covertly collected without oversight or regulation.
"Social networking sites are often not
transparent about what information is shared and how it is shared," McCall
said. "Users may be posting information that they believe will be viewed
only by their friends, but instead, it is being viewed by government officials
or pulled in by data collection services like the Riot search."
Raytheon, which made sales worth an estimated $25bn
(£16bn) in 2012, did not want its Riot demonstration video to be revealed on
the grounds that it says it shows a "proof of concept" product that
has not been sold to any clients.
Jared Adams, a spokesman for Raytheon's intelligence
and information systems department, said in an email: "Riot is a big data
analytics system design we are working on with industry, national labs and
commercial partners to help turn massive amounts of data into useable information
to help meet our nation's rapidly changing security needs.
"Its innovative privacy features are the most
robust that we're aware of, enabling the sharing and analysis of data without
personally identifiable information [such as social security numbers, bank or
other financial account information] being disclosed."
In December, Riot was featured in a newly published
patent Raytheon is pursuing for a system designed to gather data on people from
social networks, blogs and other sources to identify whether they should be
judged a security risk.
In April, Riot was scheduled to be showcased at a US
government and industry national security conference for secretive, classified
innovations, where it was listed under the category "big data – analytics,
algorithms."
According to records published by the US government's
trade controls department, the technology has been designated an
"EAR99" item under export regulations, which means it "can be
shipped without a licence to most destinations under most circumstances".
No comments:
Post a Comment