Your Own Smart Phone, Turned Against You

Defense contractor starts RIOT

by , February 19, 2013


My day starts out normally enough: I drop the kids at school and head to the Starbucks, where I use my Smart Phone to pay for my tall Caffé Mocha soy because that’s how I roll: I save one minute not having to reach into my wallet to physically pull out my credit card, it’s logged into the app.

After "checking in" with Foursquare, which tells me a couple of moms from the school have already been there this morning, and then my Facebook, which tells me another "friend" is headed there now, I dash to the Safeway, where I get discounts on my feta cheese, avocados, organic yogurt and Fat Bastard chardonnay because I logged it all in the store’s Just for U program. Again, that’s how we roll.

I Skype with an activist in Australia before she leaves for a fact-finding mission in Iraq. Then I Google the news for the latest Brennan/drone hearings and fire off angry commentaries on Gmail and Twitter to friends, declaring the U.S government fascistic, and worse than the Taliban. I then rush to meet colleagues, including writer Gareth Porter – who just got back from the Middle East and is now writing a story about how Israel may be responsible for leaking fraudulent documents describing Iran’s nuclear capability – at the Lebanese Taverna down the street. I check in two more times with Facebook and Foursquare, because I get extra points when I check into the restaurant. Maybe tomorrow I’ll be the mayor.

I go to the Home Depot to get some material for my son’s science project – he’s going to facilitate electromagnetic energy with batteries and copper coil. I check in again at the Starbucks attached to the Barnes & Noble for my second coffee of the day and buy the book The Perfect Soldiers about the 9/11 hijackers, because I heard it was taken away from one of the 9/11 conspirators at Gitmo, and I wanted to see for myself whether it posed a danger to national security.

Two days later, I am standing at the checkpoint at Dulles Airport heading for Europe. I am flagged for an extra screen. They search my laptop, because, as it were, this happens a lot. I am never told why, though I am eventually cleared to travel. I may never know. Was it my lunching partners and the frequency with which we met, or the diatribes on Twitter? Was it my phone calls overseas, or the purchase of materials that are commonly used to make an explosive devise? My reading habits? My love for feta cheese?

Are one of my friends flagged on the elusive Terrorist Identities Datamart Environment (TIDE) list?

Better yet, am I?

* * *

None of this happened of course –I don’t carry a so-called smart phone, and I am a Facebook resister. Gareth wrote that story in 2010 and I haven’t been to Europe for some time. I don’t drink Caffé Mochas or have a Gmail account or engage in Foursquare, and as for Twitter, I wouldn’t call Washington the Taliban, it’s a clunky comparison.

But I wanted to illustrate that any or all of these things taken together might be of utmost interest to Uncle Sam. As we know, these daily rituals we take for granted are duly recorded and even filed away by increasingly sophisticated corporate monitors who monetize our every online move. But now we have to worry about the government using these very tools to track our every move – in law enforcement investigations, data mining schemes, fusion centers and the latest raison d’etre, cybersecurity.

Sound outrageous? Perhaps, but, as The Guardian reported just recently, the defense industry is already working with Raytheon to build its own application that would map our physical movements, as well as our activity on social networking sites, including Facebook, Google, Twitter and FourSquare, which taken together, can drill down on both the location and buying habits of millions of users a day. According to writer Damien Gayle:

Critics have already dubbed it a ‘Google for spies’ and say it is likely to be used by governments as a means of monitoring and tracking people online to detect signs of dissent.

Raytheon claims it has not yet sold the software – known as Rapid Information Overlay Technology, or Riot – to any clients but admitted it had shared the technology with the U.S. government in 2010.

However, it is similar to another social tracking software known as Geotime, which the U.S. military already uses and was in recent years purchased for trials by London’s Metropolitan Police.

The video, seen here walks the viewer through a typical RIOT search. It’s fairly straightforward and most unsettling, as it’s clear that everything I did in my fictional day about town would have been great fodder for a RIOT search, boiled down to the starkest elements, in pie charts, bar graphs and even photographs. In fact, any picture taken with my smart phone of me, my friends, or my children and posted publicly on any an open social network like Instagram or FourSquare would have become part of my virtual dossier, and would’ve been key to pinpointing my location at any point in time because of their embedded coordinates. Furthermore, if anyone takes a photo of me or my family on their smart phone, we automatically become part of their online portfolio.

According to Guardian reporter Ryan Gallagher, who broke the story on Feb. 10, the video:

reveals how an “extreme-scale analytics” system created by Raytheon, the world’s fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.

Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.

But the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing “trillions of entities” from cyberspace…

When reached by the reporter, Raytheon indicated that the software had not been "sold" to anyone – but it is clearly not "old news."

“Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation’s rapidly changing security needs," said Jared Adams, a spokesman for Raytheon’s intelligence and information systems department, in an email to The Guardian.

“Its innovative privacy features are the most robust that we’re aware of, enabling the sharing and analysis of data without personally identifiable information [such as social security numbers, bank or other financial account information] being disclosed.”

RIOT culls though all open source material, so no, this does not involve cracking passwords or accessing records that would ostensibly require a warrant nor permission to access, like credit card information, health and employment records, or bank statements. However, knowing that the government can pinpoint your exact location, as well as the location of anyone you’ve chatted with in any of these social network apps, what you’ve purchased or shared with them at those locations and when, is a bit creepy – and dangerous.

"The video is frightening. It surely takes stalking and voyeurism to a new level," said Diane Roark, a former House Intelligence Committee aide whose home was raided by the FBI when she was caught up in the warrantless wiretapping leak scandal in 2007. She was never charged with the newspaper leak, but she had been active in warning congress and anyone who would listen that the National Security Agency (NSA) was deploying a surveillance tool that was spying on Americans illegally. Her warnings went unheeded, even as it turned out to be true.

But as Roark pointed in an email to Antiwar.com, that NSA program is one of many post-9/11 government efforts to use current technology to spy on Americans. The proliferation of GPS, social networking sites and massive buying and selling of personal data by marketing and advertising companies is just making their job easier.

Jay Stanley, senior policy analyst at the American Civil Liberties Union (ACLU) takes particular note of RIOT’s ability to formulate the daily routines and travel habits of targeted individuals. The "target" in the video checks in with Foursquare every day at the gym around 6 a.m, allowing the program to map his location. The Raytheon representative in the video notes this would be good to know if one wanted to get a hold of the target, or "get at his laptop."

"The reference to the laptop is certainly jarring," Stanley writes. "Remember, this is an application apparently targeted at law enforcement and national security agencies, not at ordinary individuals. Given this, it sounds to me like the video is suggesting that Riot could be used as a way to schedule a black-bag job to plant spyware on someone’s laptop."

Former NSA senior executive Tom Drake paid the price for blowing the whistle on the National Security Agency’s (NSA) surveillance activities. He was not only raided, but lost his job and his security clearances for his dissent. Since then he has been an arch critic of domestic spying practices.

“The real danger is the state becoming the ultimate digital stalker of anybody it wishes to target, track, monitor and surveil and especially when that person becomes a designated person of interest to the state,” he told Antiwar.com.

“Think of RIOT as a social media version of the panopticon watching all persona level activity posted across the expanse of the digital space we inhabit in our world.”

Meanwhile, networking apps offered by Google or Facebook have not been entirely up front about how much personal information is shared and when. Usually they come clean or reverse course after an uproar or lawsuit, but there is no doubt a lot going on under the radar. That should be taken into consideration when taking advantage of applications that enhance one’s "consumer experience" and/or allow the user to congregate in real time with friends and like-minded users based on geographic location.

Example: last August, Google paid $22.5 million in fines to the Federal Trade Commission on charges it sidestepped Apple security settings to track Safari users’ browsing habits. This was two years after it was forced to pay $8.5 in fees over its now-defunct Google Buzz program, which "inadvertently" exposed Gmail (Google Mail) personal contacts publicly. But these were merely bumps in the road for Google and its quest for total information dominance: last year it announced it would be tracking the browsing and buying habits of all users on its You Tube, Gmail and its ubiquitous search engine. From The Washington Post on the new policies, which went into effect a year ago (emphasis mine):

Google can collect information about users when they activate an Android mobile phone, sign into their accounts online or enter search terms. It can also store cookies on people’s computers to see which Web sites they visit or use its popular maps program to estimate their location. However, users who have not logged on to Google or one of its other sites, such as YouTube, are not affected by the new policy.

As for Facebook, which "obliterates" all other competitors in the social networking market, it’s always finding new ways to exploit its legion of members – including the 604 million who access Facebook on their mobile phones each month. Users, indeed, push back when they feel Godzilla is getting too close to Tokyo: in 2009 it forced Facebook to reverse a new privacy policy that would have given Facebook more rights over their content. More recently, its acquired property Instagram was forced to get rid of a pending policy clause that would have allowed the popular photo sharing site – and in effect the Facebook universe – to sell user images posted on its space to third party advertisers.

But this is merely a pinprick in the vast body of profit-making enterprises starring you! – and going on right under your fingertips. The Atlantic’s Alex Madrigal tried an experiment and found how "Google – and 104 other companies – are tracking me on the web." But that was a year ago – an epoch in Internet time; he may be shocked to find how many, and how, companies are using his information today.

“Social networking sites are often not transparent about what information is shared and how it is shared,” Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre, told The Guardian. “Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search.”

Which brings us back to the government, which has been attempting for years to get at personal content generated by consumers and traversing the social networking universe. "Cybersecurity," one could say, is its new Trojan Horse.

The real smart phone?

The real smart phone?

Programs like RIOT will allow them to do an end-run, and gleam enough about you and me without warrants and messy legal red tape. RIOT, along with evolving White House policy that allows the government to sift, share, peruse and keep personal records on Americans not even suspected of a crime in dossiers up to five years, reanimates the Total Information Awareness project killed off during the Bush Administration. Helping this along are congress’s ongoing attempts to pass new Internet laws like CISPA (Cyber Security Sharing and Protection Act), which would encourage companies – including Big Daddies like Microsoft, Google and Facebook – to share users’ personal information with Uncle Sam without legal recourse or transparency.

“When combined with non-public or protected information (especially in secret) the scope and scale of knowing everything there is to know about a person virtually one click away raises very troubling questions,” said Drake.

So don’t feel ashamed if, like me, you’ve resisted all the bells and whistles of modern telecommunication, content with keeping the antiquated dumb phone in your pocket (yes, they still exist), and the networking face-to-face, and not just byte-to- byte. It just might be the smartest decision you ever make.

Follow Vlahos on Twitter @KelleyBVlahos.

Read more by Kelley B. Vlahos