The recent publication of a leaked video demonstrating American security firm Raytheon’s social media mining tool RIOT (Rapid Information Overlay Technology) has rightly incensed individuals and online privacy groups.
In a nutshell, RIOT – already shared with US government and industry as part of a joint research and development effort in 2010 – uses social media traces to profile people’s activities, map their contacts, and predict their future activities.
Yet the most surprising thing isn’t how RIOT works, but that the information it mines is what we’ve each already shared publicly.
Getting to know you
In the above video, RIOT analyses social media accounts - specifically Facebook, Twitter, Gowalla and Foursquare – and profiles an individual.
In just a few seconds, RIOT manages to extract photographs as well are the times and exact location of frequently visited places. This information is then sorted and graphed, making it relatively easy to predict likely times and locations of future activity.
RIOT can also map an individual’s network of personal and professional connections. In the demonstration video, a Raytheon employee is surveyed, and the software shows who his friends are, where he’s been and, most ominously, predicts that the most likely time and place to find him is at a specific gym at 6am on a Monday morning.
The RIOT software quite rightly raises concerns about the way online information is being treated.
Since privacy rules and regulations around social media are still in their infancy, it’s hard to tell if any legal boundaries have been crossed. This is especially unclear since it appears, from the video at least, that RIOT only scrutinises information already publicly visible on the web.
The usefulness of some social media tools for mapping a person’s activity are abundantly clear. Foursquare, for example, basically produces a database of the times and places someone elects to “check-in” to specific locations.
Checking-in allows other Foursquare users to interact with that individual, but the record is basically a map of someone’s activities. Foursquare can be a great service, allowing social networking, discounts from businesses, and various location-based activities, but it also leaves a huge data trail.
Foursquare, though, has a (relatively) small user base (around 30 million) compared to Facebook (more than one billion) – although Facebook, as we know, also allows users to check-in by specifying a location in updates and posts. But the richest source of information we tend to share publicly, but not even think about, is our photographs.
Every modern smartphone, whether an iPhone, Windows or Android device, by default saves certain information every time you take a photograph. This information about the photograph is saved using something called the Exchangeable image file format, or “exif” data.
Exif data typically includes camera settings, such as how long the camera lens was open and whether the flash fired, but on smartphones also includes the exact geographic location (latitude and longitude) and time that each photograph is taken.
Thus, all of those photographs of celebrations, birthdays, and our kids at the beach all include a digital record of where and when each and every event occurred.
Given that so many of us share photographs online using Facebook or Twitter or Instagram or Flickr, it’s not surprising that RIOT might be able to build a picture of where we’ve been and use that to guess where we might be in the future.
Yet we don’t have to leave this trail. Most smartphones have the ability to turn geographic location information off so that it’s not recorded when we take photographs.
Most of us never think to turn these options off because we don’t think about our social media persisting, but it does. Our social media fragments - our photos and posts - have no expiry date so it’s worth taking a moment when we set up a new phone or account and tweak the settings to only share what you really want to share.
If RIOT demonstrates anything, it’s the fact that information shared publicly online will likely be read, shared, copied, stored and analysed in ways we didn’t immediately think about.
If we take the time to adjust our privacy settings and sharing options, we can exercise some control over the sort of profile RIOT, or any future tool, might build about us.