Wikileaks uncovers TrapWire surveillance: FAQ

Summary:Wikileaks' latest trove of leaked Stratfor emails details the breadth and potential impact of the TrapWire surveillance system. What is it, and are you affected?

Wikileaks has released as part of its The Global Intelligence Files series another vast cache of leaked emails from private intelligence firm Stratfor. Brought to the public eye is a system called TrapWire. This previously little known technology may have the ability to impact our everyday lives in the U.S. and abroad.

This serves as an FAQ to what we know so far. 

It's worth noting -- as described below -- Wikileaks has been under a sustained denial-of-service attack, which has left the site unable to load for days, so some links below may not be available at the time of publication.

Here's what you need to know.

What is TrapWire?

In short, TrapWire is surveillance software used by both private industry and the U.S. government and its allies oversees, allowing both public and private sector users to help in counter-terrorism and anti-crime efforts.  The software uses algorithms and data from a variety of surveillance sources -- including CCTV and human-input from spotted 'suspicious' behavior -- to, in essence, 'predict' potentially criminal activity.

One leaked Stratfor-owned document, describes it as follows:

There are a variety of new tools, such as TrapWire, a software system designed to work with camera systems to help detect patterns of pre-operational surveillance, that can be focused on critical areas to help cut through the fog of noise and activity and draw attention to potential threats.

While ordinary CCTV cameras are often 'passive' and monitored by humans, TrapWire-connected cameras, such as 'pan-tilt-zoom' cameras, are able to track people, along with license plate readers, called Automatic Number Plate Recognition (ANPR) from place to place.

A U.S. Patents and Trademark Office filing says the system is "centralized" and information flows in and out of its global office to 'regional' distribution centers.  Despite being owned by a private company, the information collected by the system "can also be shared with law enforcement agencies."

As with any data mining software, the more data that is plugged into the system the greater its effectiveness.

Why such a recent controversy?

Wikileaks' latest release on August 10 of emails from private intelligence group Stratfor suggests the system is global, rather than limited to just the United States.

Simply put: it became increasingly clear how wide and far the extensive use of this software is. If one person is deemed to be acting suspiciously in one TrapWire covered area of the U.S., for example, the software may pick them up elsewhere by a different TrapWire network. 

It also means that the surveillance once thought to be relatively passive is instead pre-emptive and sophisticated in its methods. It uses a "10-characteristic description of individuals," human activity, or "8-characteristic description" of vehicle information -- such as license plates and other identifiable marks -- which is then correlated with other information collected elsewhere.

The 'TrapWire Threat Meter' means threats can be passed on through the network while vulnerabilities are not, though nevertheless remains a far more extensive breach of citizen privacy than first considered or understood.

The system appears to be 'for hire' in that it can be bought and used by private industry. For example, in a 2005 interview with former CIA employee (since removed from his corporate profile) and Abraxas founder and chief executive Richard Helms, he says:

...the nuclear industry has 104 civilian owned and operated nuclear power plants, and yet they don’t collect or share pre-attack information. TrapWire can help do that without infringing anyone’s civil liberties.

In a 2007 whitepaper, Abraxas describes TrapWire's ability to determine "suspicious activity in less than 60 seconds."

Who owns TrapWire, and how does it connect with governments?

The TrapWire software is now owned by TrapWire Inc., a Reston, VA company. But it wasn't always.

(Comment was sought from TrapWire Inc. regarding this story, but no reply had been received at the time of writing.)

Abraxas Corp. created TrapWire under its subsidiary firm Abraxas Applications Inc., according to Public Intelligence, a respected research site. Abraxas Corp. trademarked the TrapWire software in a filing with the U.S. PTO in 2006. 

But Abraxas Corp. is now owned by Cubic Corporation, which bought the firm in November 2010 for $124 million in cash

According to one report, Cubic acquired Abraxas Corp., TrapWire's former parent company, after TrapWire was spun out as a separate entity. One of the terms of the acquisition was to "cause the corporate name of Abraxas Applications, Inc. to be changed to a name that does not include 'Abraxas' or any variation thereof."

Abraxas, in a statement released on Monday, said: "Abraxas Corporation then and now has no affiliation with Abraxas Applications now known as TrapWire, Inc." 

Abraxas is based in Northern Virginia, according to the trademark filing. Many of its employees -- there are around 60 listed on LinkedIn, but thought to be in the low hundreds -- come from the U.S. military or other public sector organizations, including the U.S. intelligence community. 

The U.S. government has given both TrapWire and Abraxas more than $1.6 million in the past 12 months from the Dept. of Homeland Security, Dept. of Defense, and the General Services Administration.

In one leaked email, former Stratfor chief executive and current vice president Fred Burton claims:

Do you know how much a Lockheed Martin [defense contractor] would pay to have their logo/feed into the USSS CP? MI5? RCMP? LAPD CT? NYPD CT? 

This suggests that the NYPD and LAPD counter-terrorism divisions, the U.S. Secret Service, Canada's Royal Canadian Mounted Police and the U.K.'s domestic intelligence agency MI5 are all clientele of the TrapWire service.

Next: Where is TrapWire installed?

 

Topics: Government : US, EU, Google, Legal, Microsoft, Privacy, Salesforce.com, Security

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.