Web software designed by the defense firm Raytheon can scour Facebook, Twitter and check-in sites such as Foursquare to create an instant dossier covering a suspect's likely geographic locations and activities.
Raytheon calls it Rapid Information Overlay Technology (RIOT), and privacy advocates think it goes too far. "This sort of software allows the government to surveil everyone," Ginger McCall, attorney and director of the Electronic Privacy Information Center's Open Government program, told NBC News Monday.
"It scoops up a bunch of information about totally innocent people. There seems to be no legitimate reason to get this, other than that they can."
While some "terrorists," or those who might be threats to national security, use social networking, it's doubtful many of them show check-ins at local clubs or coffee shops, said McCall.
"The likelihood of this actually pulling in actual terrorists is low — it seems to be a lot of white noise," she said.
NBC News contacted Raytheon about RIOT. In an emailed statement Monday, the company would only say this:
Raytheon, as a leader in cybersecurity, offers advanced capabilities to government customers. We're focused on providing them the best available solutions that meet their constantly evolving requirements.
A report about RIOT was first published Sunday by The Guardian, which shared a video it obtained about how RIOT works. (We can't embed the video, but you should have a look at it on The Guardian's site.)
In the video, Raytheon's Brian Urch, principal investigator for RIOT, shows how easily the software can track one of Raytheon's employees, named Nick. The system combines Nick's Foursquare check-ins with the GPS data encoded automatically on his posted photos. The system creates a pie chart of Nick's most favorite spots to visit, and reveals without question what time he likes to hit the gym.
"6 a.m. appears to be the most frequently visited time at the gym, so if you ever did want to try to get a hold of Nick — or get a hold of his laptop — you might want to visit the gym at 6 a.m. Monday," Urch says ominously.
A Raytheon spokesman said in an email to the Guardian that RIOT is not being used right now, but rather is "a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation's rapidly changing security needs."
And just because this software neatly packages information in ways that can prove awkward or even incriminating, it is not breaking through privacy barriers to get it. Instead, it uses what people have voluntarily posted for public consumption. The key is, therefore, knowing what you're posting.
Users need to be careful, said privacy lawyer McCall. Social networking sites "work very, very hard to push more data into the public realm, and often users have no idea how much data is being made publicly available, and the companies make it very difficult for users to control their own information."
For example, she said, "other people can check you in" at a location, even though "it may not be data that you put out there. On Facebook, it allows your friends to check you in, and if your friends don't set their privacy setting" so that others can't see that, "you can be tagged and checked in."
"I went to a concert with a friend a month ago, and she likes to publicize those things on Facebook," McCall said. "So it was on there that she was at a certain club with Ginger McCall."
"When (most users) sign up for sites like Facebook or Foursquare," she said, "they never would guess that their information is about to be aggregated," and perhaps even "used to track them down" with software such as Raytheon's RIOT.
— Via Gizmodo