New software, developed by a government defense contractor, can put all the pieces of one or more social networking sites together to track and profile users and predict their next move. One can envision how this software can be useful for law enforcement, national security, and to locate a missing teenager. In the wrong hands the software can be used to commit crimes from identity theft burglary to murder; and it can be misused by our own government to violate our privacy—the right to be let along.
I often wonder what social networking users are thinking when they post most every personal detail of their life from tagged photos to suggestive and flip comments that impugn their character. Users with no bounds often compromise their own privacy with every click they make. I know where my friends are, what they are thinking, eating, their political views, their likes and dislikes and what they are feuding about with their families or friends. Some of these people aren’t really my friends, just those I befriended by social networking.
It is no surprise that some social media users are using Facebook less because they are too busy, not interested, see it as a waste of time, and see the information posted as drama, gossip and negative. A recent Pew Internet & American Life Project Study, says 61% of the users that have taken a break from Facebook, Only 4% of those said they did so because of concerns about privacy and security. Privacy and security seems to be in way down the list in terms of consumer concerns. Maybe Facebook’s founder Mark Zuckerberg was right 18 months ago, when he announced, “The age of privacy is over.”
Now comes RIOT, the acronym for Rapid Information Overlay Technology, an extreme-scale analytics software system, developed by Raytheon, the world’s fifth largest defense contractor. RIOT can gather information about you from social networking sites including Facebook, Twitter and Foursquare. (Foursquare is a popular smart phone application with over 25 million users that allows users to share and record places they visit with their friends.) And, if you don’t use the GPS feature to share your location with Foursquare, RIOT can extract the Exif metadata from photos taken on a GPS-enabled smart phone to figure out the location where the photos were taken--Gotcha!
In a video obtained by the Guardian (click here to view video), the Raytheon Principal Investigator of RIOT, Brian Urch, demonstrates how RIOT can be used to cyber track a Raytheon coworker, Nick.
The software extracts Nick’s information from four social networking sites and presents a Google Earth Map showing all the different places that Nick has recently visited in in the Mid-Atlantic and Texas. Afterwards RIOT obtains photos and their locations (extracted from the embedded Exif metadata), which are overlaid on Google Earth. One of the pictures taken in Washington, D.C. shows Nick with a blonde-haired woman. Brian Urch says, “Now we know what Nick looks like and where he has gone.”
From all this information RIOT predicts where Nick is going to be in the future through a series of pie charts and bar graphs. The pie chart shows the top place Nick checks into is the gym, and the bar graph shows he would be most likely to be found in the gym at 6 a.m. on Monday. Mr. Urch says, “So if you ever did want to try to get a hold of Nick or to get a hold of his laptop you might want to visit the gym at 6 a.m. on Monday.” Knowing that Nick would be most likely at that location at that day and time no only opens up the possibility of stealing his laptop (to commit identity theft) but also to steal his wallet from the locker, steal his car, break into his apartment to steal personal information, guns, or other booty, or for foul play.
Another feature of the software is the graphical RIOT browser that shows all the associations that Nick has with his social networking friends including some telephone numbers.
This type of data mining is legal in most countries including the United States. Anything we control and we put out on social networking sites is considered public information. However, some privacy watchdogs, such as Ginger McCall of the Washington-based Electronic Privacy Information Center (EPIC) are concerned. “Social networking sites are often not transparent about what information is shared and how it is shared,” McCall said. “Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search.”
In another article, we reviewed seven ways that social media users can avoid identity theft and protect their privacy on Facebook and other social networking sites. Users should be more aware of the information they share through social networking, or at least be aware that there are consequences for posting without bounds.