A Look at Raytheon's RIOT Application

The Rapid Information Overlay Technology or RIOT software application by Raytheon has generated privacy concerns and paranoia. What can this application do, and what can’t it do?

Raytheon’s RIOT software can pull together information about a user from multiple social media platforms to create a composite view of a user’s activities, patterns, associations and beliefs. When does this person typically log onto the computer? Are they accessing social media from work? Are they sharing politically incorrect ideas with people, and how connected are they to radical groups? Unlike Facebook’s data mining into the lives and associations of its members, RIOT draws on every social media platform – Twitter, Facebook, Myspace, Linkedin, the Infowars social media site and others.

RIOT can mine the location information in photos people post to determine when and where the pictures were taken. It can create a map and reveal your route. However, it cannot do this if you turn off the automatic embedding of location information in your photos. And you gain more privacy protection if you turn off apps that automatically upload every picture you take to social media.

RIOT can create lists of user comments and postings online for evaluation. However, it does not read a user’s private emails, though the federal government has been demanding this information from various firms. RIOT cannot mine the data files on your personal computer. However, the federal government has been arguing that data stored on the cloud isn’t “private” like data on a computer in your home, thus exempt from many of the protections granted to private papers. Internet security then only applies to the government itself, though it has a poor record on this account.

RIOT can associate multiple accounts with the same person. This does pose a legitimate concern when it may associate a professional’s account with another profile of someone who is inflammatory. There are growing problems with managers reviewing someone’s social media profile for reasons not to hire them, and applicants have no way of knowing if they didn’t get a job because the manager didn’t like what they saw – even if it was not the applicant’s profile. What happens if the FBI uses RIOT and decides that a defense contractor is associated with politically incorrect groups and revokes their clearance, but the un-PC account actually belongs to someone else?

The threat this application poses is multiplied by the number of high end hackers that already compromise information security and steal information from large companies who hire “cyber warriors” to protect their systems. Do you expect a government that accidentally posts hundreds of thousands of Social Security Numbers on a website and calls the internet security breach a minor incident to protect RIOT software from hackers? The RIOT application is invaluable to those who want to develop intelligence dossiers on individuals, be it Chinese building up patterns of targets in the U.S. or private investigators in high-priced divorce cases. Internet security is then doubly threatened when RIOT is stolen and made available to the dark side of the web.

RIOT cannot at this time mine the deep web, sites like Tor, Silk Road and others. Truly revolutionary folks will move their political discussions to this deep web, while people posting non-PC jokes and sarcastic comments could be investigated by the government. Then there is the risk of hackers and jokers hacking someone’s account and sending text messages and instant messages that trigger government surveillance. Internet security takes on a whole new meaning – and priority - when it is necessary to protect your privacy from the government.

Frightening Recent Extensions of RIOT

The ATF is creating a database to track purchases of items related to guns, build up maps of your relationships to other gun owners and flesh out profiles of people who don't discuss all of their lives online. Do you hang out with gun owners? Did you talk about your ammunition purchases though you don't have a registered gun? The technology behind RIOT can identify likely gun owners. Then there is the problem of creating profiles based off phonetic names; when they misspell one person's name or associate politically incorrect traits with a person's name, the increased scrutiny and restrictions are applied to innocent people. Look at those who are not allowed to fly because a terrorist once used their name as an alias - including a little boy.
The same data mining behind RIOT is being adopted by the IRS. Let's say you report a specific income level. Then you spend more online and buy more affluent items than your income level would support. Here comes the robo-audit. The data mining and information correlation will also be used to identify those selling a large volume of items online but not registered as a business and paying taxes on that income. Many people who are listed as disabled, retired or unemployed are making money online selling crafts and salvaged items. Now the IRS can link up online accounts to social media profiles to personally identifying information and identify those who are making money on the side, shortly before demanding back taxes on that income.
Personal privacy and internet security then become a matter of bucking the trend to post everything online and stay silent. Unfortunately, your digital life is already waiting to be mined by tools like RIOT.