Wikileaks uncovers TrapWire surveillance: FAQ

Summary:Wikileaks' latest trove of leaked Stratfor emails details the breadth and potential impact of the TrapWire surveillance system. What is it, and are you affected?

Where is TrapWire installed?

The leaks suggest the TrapWire system is installed in major cities on both sides of the Atlantic, such as public places in Washington D.C., New York, Los Angeles, Seattle, and privately owned casinos in Las Vegas. 

TrapWire is also implemented in London, U.K., and cities in Canada.

Downing Street, the home and office of the British Prime Minister, would neither confirm nor deny the use of TrapWire despite a leaked email claiming otherwise. However, Scotland Yard, home of London's Metropolitan Police, said it had "no knowledge of any contract or discussion." 

London Stock Exchange (LSX) is said to be protected by "heavy surveillance coverages [sic] (TrapWire)" and other "predictive software" according to one leaked email. 

The LSX did not respond for comment at the time of publication. The White House, also understood to be a TrapWire customer, also did not respond to comment more than a day later.

In another email, claims were made by one British publication that the New York City system was under surveillance by TrapWire. This may have been an exaggeration. 

In one leaked email, although the New York subway is mentioned, it suggests a surveillance officer could acquire human intelligence from the subway -- not from technological means, as the system is not used, according to the NYPD -- which can be transformed into structured data in TrapWire to assist in other subway systems, for example, where the system is implemented.

...a suspect conducting surveillance of the NYC subway can also be spotted by TrapWire conducting similar activity at the DC subway, connecting the infamous dots. An additional benefit of TrapWire is that the system can also be used to help "walk back the cat" after an attack to identify terrorist suspects and modus operandi.

However, The New York Times poured cold water on the suggestions. Speaking to Paul J. Browne, the NYPD chief's spokesperson: "We don't use TrapWire."

Also in the report, the Times said:

TrapWire was tried out on 15 surveillance cameras in Washington and Seattle by the Homeland Security Department, but officials said it ended the trial last year because it did not seem promising.

The report suggests the leaked emails 'boasted' about capabilities and claims some of the links connected by the media are "false."

Do reports collected by TrapWire go to the government? 

Yes. Suspicious reports that may indicate a crime or act of terrorism could be committed are passed to 'the government.'

In one example, reports are passed to the FBI but it is not clear outside of the United States whether these are handed to domestic police and intelligence services, or directly back to the U.S. authorities as per Safe Harbor agreements (see below) for distribution through back-channel intelligence networks.

In another leaked email, TrapWire "suspicious activity reports" (SAR) are fed "directly" and "automatically" to the National SAR Initiative, dubbed NSI. They are also passed to the FBI's eGuardian system when a threat to commit crime is identified. 

For example, it may be that if a person is identified in two high-target places in a certain time period, this may indicate a terrorist could be planning reconnaissance, but equally a tourist visiting the attractive city sights. 

What sort of data can be collected from TrapWire?

The exact details of the data collected by TrapWire are not clear. Video and facial recognition, and human-sourced intelligence, along with automatic license plate reading and other 'points' are collected, but it's safe to assume that vehicle color and a person's ethnicity may be recorded.

In one leaked email, it says:

[Surveillance] footage can be walked back and track the suspects from the get go with facial recognition software (or TrapWire) technology. 

Some news publications suggest there is "no evidence" to suggest facial recognition technology is in use. The email suggests "or TrapWire technology" indicating the possibility -- though not confirmation -- that the software can recognize faces. 

Back to The New York Times' article, it says a "a privacy statement on the TrapWire Web site says the software does not capture 'personal information'." 

However, in a Safe Harbor privacy policy notice, TrapWire may collect:

"Sensitive Personal Information" means personal information that confirms race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union memberships, or that concerns health or sex life." 

It also says:

Once a suspicious activity in entered into the system it is analyzed and compared with data entered from other areas within a network for the purpose of identifying patterns of behavior that are indicative of pre-attack planning.  Generally, no Personal Information or Sensitive Personal Information is recorded by the TrapWire system, and no such information is used by the system to perform its various functions.

"Generally" does not mean "always," however. This often-broad scope definition allows for a wide range of sensitive personal information to be collected, but does not guarantee that it will be. While a person's ethnicity may be collected, a person's sexuality or nationality -- for example -- might be difficult to determine, even by humans.

Does TrapWire scour social networks, such as Twitter or Facebook?

No evidence suggests TrapWire is able to access social media services. There does not appear to be any evidence to suggest TrapWire collects credit or debit card information, cell phone, or Internet-related data.

Next: Who  enables or powers TrapWire?


Topics: Government : US, EU, Google, Legal, Microsoft,, Security


Zack Whittaker is a writer-editor for ZDNet, and sister sites CNET and CBS News. He is based in the New York newsroom. His PGP key is: EB6CEEA5.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.