Wikileaks uncovers TrapWire surveillance: FAQ

Wikileaks uncovers TrapWire surveillance: FAQ

Summary: Wikileaks' latest trove of leaked Stratfor emails details the breadth and potential impact of the TrapWire surveillance system. What is it, and are you affected?


Where is TrapWire installed?

The leaks suggest the TrapWire system is installed in major cities on both sides of the Atlantic, such as public places in Washington D.C., New York, Los Angeles, Seattle, and privately owned casinos in Las Vegas. 

TrapWire is also implemented in London, U.K., and cities in Canada.

Downing Street, the home and office of the British Prime Minister, would neither confirm nor deny the use of TrapWire despite a leaked email claiming otherwise. However, Scotland Yard, home of London's Metropolitan Police, said it had "no knowledge of any contract or discussion." 

London Stock Exchange (LSX) is said to be protected by "heavy surveillance coverages [sic] (TrapWire)" and other "predictive software" according to one leaked email. 

The LSX did not respond for comment at the time of publication. The White House, also understood to be a TrapWire customer, also did not respond to comment more than a day later.

In another email, claims were made by one British publication that the New York City system was under surveillance by TrapWire. This may have been an exaggeration. 

In one leaked email, although the New York subway is mentioned, it suggests a surveillance officer could acquire human intelligence from the subway -- not from technological means, as the system is not used, according to the NYPD -- which can be transformed into structured data in TrapWire to assist in other subway systems, for example, where the system is implemented.

...a suspect conducting surveillance of the NYC subway can also be spotted by TrapWire conducting similar activity at the DC subway, connecting the infamous dots. An additional benefit of TrapWire is that the system can also be used to help "walk back the cat" after an attack to identify terrorist suspects and modus operandi.

However, The New York Times poured cold water on the suggestions. Speaking to Paul J. Browne, the NYPD chief's spokesperson: "We don't use TrapWire."

Also in the report, the Times said:

TrapWire was tried out on 15 surveillance cameras in Washington and Seattle by the Homeland Security Department, but officials said it ended the trial last year because it did not seem promising.

The report suggests the leaked emails 'boasted' about capabilities and claims some of the links connected by the media are "false."

Do reports collected by TrapWire go to the government? 

Yes. Suspicious reports that may indicate a crime or act of terrorism could be committed are passed to 'the government.'

In one example, reports are passed to the FBI but it is not clear outside of the United States whether these are handed to domestic police and intelligence services, or directly back to the U.S. authorities as per Safe Harbor agreements (see below) for distribution through back-channel intelligence networks.

In another leaked email, TrapWire "suspicious activity reports" (SAR) are fed "directly" and "automatically" to the National SAR Initiative, dubbed NSI. They are also passed to the FBI's eGuardian system when a threat to commit crime is identified. 

For example, it may be that if a person is identified in two high-target places in a certain time period, this may indicate a terrorist could be planning reconnaissance, but equally a tourist visiting the attractive city sights. 

What sort of data can be collected from TrapWire?

The exact details of the data collected by TrapWire are not clear. Video and facial recognition, and human-sourced intelligence, along with automatic license plate reading and other 'points' are collected, but it's safe to assume that vehicle color and a person's ethnicity may be recorded.

In one leaked email, it says:

[Surveillance] footage can be walked back and track the suspects from the get go with facial recognition software (or TrapWire) technology. 

Some news publications suggest there is "no evidence" to suggest facial recognition technology is in use. The email suggests "or TrapWire technology" indicating the possibility -- though not confirmation -- that the software can recognize faces. 

Back to The New York Times' article, it says a "a privacy statement on the TrapWire Web site says the software does not capture 'personal information'." 

However, in a Safe Harbor privacy policy notice, TrapWire may collect:

"Sensitive Personal Information" means personal information that confirms race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union memberships, or that concerns health or sex life." 

It also says:

Once a suspicious activity in entered into the system it is analyzed and compared with data entered from other areas within a network for the purpose of identifying patterns of behavior that are indicative of pre-attack planning.  Generally, no Personal Information or Sensitive Personal Information is recorded by the TrapWire system, and no such information is used by the system to perform its various functions.

"Generally" does not mean "always," however. This often-broad scope definition allows for a wide range of sensitive personal information to be collected, but does not guarantee that it will be. While a person's ethnicity may be collected, a person's sexuality or nationality -- for example -- might be difficult to determine, even by humans.

Does TrapWire scour social networks, such as Twitter or Facebook?

No evidence suggests TrapWire is able to access social media services. There does not appear to be any evidence to suggest TrapWire collects credit or debit card information, cell phone, or Internet-related data.

Next: Who  enables or powers TrapWire?


Topics: Government US, Google, Legal, Microsoft, Privacy,, Security, EU

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Well done research on the issue

    When the work is good, gratitudes should follow.
  • Not bad

    That was a surprisingly investigative report. As a random dude on the Internet, I can say that, generally, when spy-ish IT stuff traces back to the greater DC area, like Reston, Viginia, you can safely assume a few things:

    1) It's not being used "properly" (aka in complete accordance with US and International law.)

    2) It probably doesn't function very well (numerous software and hardware bugs tied in with poor design.)

    3) It doesn't deliver the goods (it's less effective than traditional, heads up investigative work.)

    4) It will be misused for political/personal purposes (and inevitable consequence of "if it can be used this, it will be used for that.)
    • Not for nothing...

      ... were they called the Beltway Bandits when I lived and worked in the area.
  • WoW

    and here I was thinking the TV show Person of Interest was a little far fetched ;-)
    • Yup!!

      Your thoughts are the same as mine as I read through the article - I know London is intermeshed with cameras, but was not aware as to how widespread this was becoming - what limit is privacy stretched to??
  • Zack Is A Trained Criminologist

    That gives him a nose for sniffing out dodgy activities like this.
    • Not quite...

      We're more about 'why' than 'how.' But I appreciate the thought nonetheless.
  • This article is an example of journalism should be

    I've been following the trapwire saga for 3 days and have read every story posted.

    This article has been the best balanced, most thoroughly researched and accurately delivered piece I have come across.
    I can't stress enough how superior it is to everything else I have read. The Times, Salon and MSNBC were too obsessed with downplaying the situation to actually look into what it was about.

    Only some of the raw details that continue to emerge in the #Trapwire twitter stream could possibly add anything of substance. But that info isn't quite ready to weave into the storyline just yet.
    beau parisi
    • Circumstantial and Asumptive.

      All I really see is a lot of circumstantial "evidence" based on hearsay and allegations that may or may not be fabricated. I suspect the major networks remain cautious as they are concerned about the "egg on their face" epidemic that would occur if these claims were found to be falsified.

      It's a conspiracy theorist's dream come true, no doubt, but if you read through the article carefully, you see phrases such as "declined to comment on rumors" and the group "anonymous" was used for the individuals taking credit for the capture of the documents.

      My experience with these type of articles (based on speculation, unofficial transcripts, and guilty until proven innocent) is that they have a 50/50 chance of being correct. To the scope of what is discussed here? Not likely. As one person noted, the software likely over-promises and under-delivers.

      I could make an article based on a few produced documents (I'm sure "anonymous" would be happy to provide them) stating that the government has hidden E.T. in their basement, and imply the guilt of the government through their lack of cooperation on commenting, but it wouldn't make it true.
      • I thought about this a little more...

        And if we trust WikiLeaks and "anonymous" more for providing accurate and non-fabricated/altered news channels than we do the Associated Press, and the target of allegations, then we will believe anything.

        I believe our society has become too engrossed with what "could be" than what "actually is." VERIFIED FACTS should be the foundation and cornerstone of the press (and no, I'm not accusing the Associate Press of being accurate in their reporting).

        Lives are ruined, uprisings are started, and businesses are tarnished by what we "believe" to be true, rather than what we "know" to be true.
      • It makes a lot of effort to gather all of this circumstantial evidence

        Zack gives all the links and quotes, so everyone can harvest primary sources for information and come to different conclusions, if they want.

        So this is real journalism. Journalism is not about articles that have no point, it is about the kind of work that Zack did based on listed sources information.
        • It is a lot of work...

          And it is good for an entertainment piece, but sources based on circumstantial evidence is not necessarily rooted in fact. Therein lies the problem. The masses accept what they are told if it is a well written piece, regardless of the actual facts behind the story (because if there are no actual facts, and everyone declines to comment, it must be true, right?).

          There is a danger behind sensationalist journalism, and it's that the masses don't think for themselves. Most journalism is sensationalist, as that's what sells. It feeds the fear of the masses. That's why roller-coasters are so popular.
  • The Last Enemy

    (TV mini-series 2008) - IMDb

    We are rapidly yielding all personal privacy in this world.

    "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." ~Benjamin Franklin
    David A. Pimentel
  • Brad Thor's new novel "Black List"

    Just read Brad Thor's new novel "Black List". Very interesting and timely given these reports.
  • Question

    Is Abraxas CEO and "former CIA employee" Richard Helms the same one who was CIA director under Richard Nixon? If so, he must be quite old.
    John L. Ries
    • I looked it up

      That Richard Helms died in 2003. I'm guessing that this one is his son or grandson (the CIA connection is unlikely to be a coincidence).
      John L. Ries
  • Excellent article Zack

    An excellent round up of the key details of Trapwire, thank you Zack. As others note, much superior to the dismissive coverage from the NYT (written by Scott Shane, who also wrote "The Moral Case for Drones) and Gawker, which appeared to repeat what they were sent from a Cubic Corp press release.

    You've also done a great job of explaining the concerns over US intelligence services having real-time access to UK CCTV. If footage sent to Trapwire is being stored on centralised US servers, as is believed to be the case as it's a Software-as-a-Service product, then the CIA/NSA have access to it under the Patriot Act. How a private corp is getting away with sending photos and footage of random EU civilians' faces over to the US in breach of Data Protection legislation I do not understand.

    One contentious point, with some MSM articles claiming there's no evidence, is whether TW includes facial recognition tech. As Zack notes, the Stratfor e-mails include references from head honcho Burton to Trapwire's ability to "track the suspects from the get go w/facial recognition software".

    Trapwire Inc's production description page also included (before it was edited in response to the publicity): "Pictures for Identification: Face & Torso, and Full Body .. These will be used for tracking purposes." Abraxas CEO Richard H Helms wrote in 2005: "It can collect information about people and vehicles that is more accurate than facial recognition."

    Trapwire's product brochure states: "To collect and process suspicious event data, TrapWire utilizes a facility's existing technologies (such as pan-tilt-zoom [PTZ] cameras) .. TrapWire records .. PersonPrint, a 10-characteristic description of individuals; .. matches this human-entered data with information collected by sensors [video & photography] and enters the reporting into the TrapWire database."

    None of this conclusive answers whether facial recognition is built into the system, but boy some writers have been quick to dismiss the possibility. Furthermore they fail to consider the fact that even if facial recognition isn't built into TW itself, it is trivial enough for US Intell to run 3rd party FR tools against video stored within TW, which has as identical result.

    All very worrying - thank you Zack for highlighting this as an area for concern.
  • Have you watched Spooks? (UK Spy TV Series)

    On a perahps lighter note - Anyone on the UK side of the pond will be no stranger to this; it was all used on a daily basis by the imaginary team in Spooks. I wonder where the script-writers got the idea?
  • trapwire

    Good article
    Makes a good case for technology bringing unintended consequences to the table
    along with more than a little chaos .
    preferred user
  • we also need to know this:

    We must open all fbi/cia files in order to understand the total corruption of these two groups of homicidal sociopaths and how they blackmail all other branches of gov, including congress & courts.
    Must also understand the threat to the people of the WHOLE world by the assassins & torturers of the fbi/cia/mi6/mossad; start here: