Wikileaks uncovers TrapWire surveillance: FAQ

Summary:Wikileaks' latest trove of leaked Stratfor emails details the breadth and potential impact of the TrapWire surveillance system. What is it, and are you affected?

Who in the technology world  enables or powers TrapWire?

Despite the recent news that Microsoft and New York City were partners in a new system that on the face of it appears similar to TrapWire, the two systems are not connected or related.

New York Mayor Michael Bloomberg announced this month the Domain Awareness System, a system developed with Microsoft, which performs " data aggregation and analysis," according to sister-site CNET.

CNET's Elinor Mills wrote:

"We're finding new ways to leverage already existing cameras, crime data, and other tools to support the work of our investigators, making it easier for them to determine whether a crime is part of an ongoing pattern," Bloomberg said. For example, the system can alert analysts to the presence of suspicious packages and cars while police search for suspects using smart cameras and license plate readers.

Microsoft was not mentioned any of the The Global Intelligence Files leaks as far as we can tell.

Another leaked email suggested Salesforce may have been interested in TrapWire, and Google had some "relationship" with the firm. 

Salesforce Hqs in San Fran is interested in TrapWire after I briefed them on their wonderful capabilities

Salesforce said it does not comment on "rumors". 

Regarding Google's connection to TrapWire, claims were made that Google had some connection with the company following the search giant's pulling out of China in 2010 over the government's alleged hacking.

I think the timing is right to revisit our relationship w/GOOGLE and sense growing frustration (and chaos) on their part in light of the Chinese penetrations and intellectual property theft. I've been playing constant phone tag w/their security director, who I believe is traveling.

Google did not comment on the claims. 

PC maker chief executive Michael Dell is also mentioned in a number of emails, but the connection is not clear from the context. 

If TrapWire is 'centralized,' does it breach EU data protection laws?

The Safe Harbor framework allows for U.S. companies to comply with strict European Union data protection laws. Companies must be certified by the U.S. Department of Commerce.

Because TrapWire Inc. is a U.S.-based company, to operate within the EU, it must comply with the EU's laws. While a Safe Harbor agreement does not prove that TrapWire is used within the 27 member states of Europe, but it does strongly suggest that it is. 

From TrapWire's Safe Harbor privacy policy:

This Policy outlines our general policy and practices regarding personal information entered into our United States based systems by European Economic Area (“EEA”) subscribing customers, and personal information entered into our EEA based systems which may be accessed from the United States.  

Having said that, under the Patriot Act, it is technically possible for the U.S. government or judiciary to force a wholly owned EU subsidiary of a U.S. parent company to hand over data across the Atlantic, Safe Harbor notwithstanding, without the data subject from being informed, such as the person whose data is collected.

The U.S. Department of Commerce's Safe Harbor certification pages says TrapWire was verified "in-house" -- a valid form of compliance under the rules -- in 2008, and is scheduled for its next certification in 2013. 

The certification page says that the United Kingdom comprises the only named "relevant countries from which personal information is received." This suggests a U.K. headquarters or a primary client in the U.K., such as Downing Street, as previously mentioned.

ZDNet's Michael Lee  reports that on Wednesday, Sen. Scott Ludlam will ask the Australian Senate to force the Australian government to confirm or deny whether or not it uses TrapWire, and what it knows about the surveillance system.

If TrapWire networks are decentralized, can they communicate with each other?

In one leaked email from Abraxas employee, R. Daniel Botsch explains that:

If a network has 25 sites, those 25 sites match against each other's reports. They can also send reports to any other site on the network and they can post reports to a network-wide bulletin board.

He notes: "Sites cannot share information across networks." However, there was suggestion back in 2010 that some networks, such as the Las Vegas and the LAPD networks, could eventually merge:

However, we do cross-network matching here at the office. If we see cross-network matches, we will contact each affected site, explain that the individual(s) or vehicle they reported has been seen on another network, and then offer to put the affected sites into direct contact. We have not yet had a cross-network match. I think over time the different networks will begin to unite."

How did Wikileaks end up with this information? 

In late 2011, it was revealed that 'hacktivist' collective Anonymous had stolen a vast cache of emails from Stratfor. These were handed to Wikileaks for analysis and ultimately distribution. Anonymous claimed to have accessed more than 200 gigabytes of data.

In February 2012, Wikileaks said it would begin publishing the 5 million emails. Stratfor founder and chief executive George Friedman described the release as 'deplorable," but warned, "some of the emails may be forged or altered to include inaccuracies."

In similar vain to the Wikileaks' "Spy Files" and "Syria Files," the leaks were published incrementally. Anonymous is thought to have also been  behind the theft of the Syria Files .

Wikileaks down: Was it under attack? 

It's possible, and highly likely. Sister-site CBS News reported that Wikileaks said it had suffered a denial-of-service attack that saw the whistleblower's website swamped with visitors that pushed the servers over capacity. The attacks "intensified" earlier this month and expanded to include sites affiliated with Wikileaks. 

A group dubbed 'Anti Leaks' said the attacks will "continue and widen," but noted the assault does not relate to the latest TrapWire leaks. Despite the tight timing, the supposed 'leader' of the group claims they are not part of the U.S. intelligence community, such as the CIA, FBI, or NSA, or even Wikileaks themselves. 

Wikileaks' Twitter account said: "The attack is well over 10Gbps/second," adding: "the rage of IPs used is huge. Whoever is running it controls thousands of machines or is able to simulate them." 

The site was back online late Monday after CloudFare, a private cloud provider, stepped in to assist the whistleblowing organization to mitigate the week-long downtime.

Topics: Government : US, EU, Google, Legal, Microsoft,, Security


Zack Whittaker is a writer-editor for ZDNet, and sister sites CNET and CBS News. He is based in the New York newsroom. His PGP key is: EB6CEEA5.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.