The internet has been freaking out
all weekend over
an ominously-titled surveillance program called «TrapWire,» after it showed up in some leaked Wikileaks emails. If you’ve listened to the hype, you might think TrapWire was an evil omniscient spy robot that runs off the fumes of our burning Constitution. But What is TrapWire, really? Here is your guide:
So what is TrapWire, some sort of government spying program?
TrapWire is a surveillance system sold by a Virginia-based firm of the same name, which is meant to thwart terrorist attacks before they happen. TrapWire works by collecting data from thousands of security cameras and reports of suspicious activity from security teams at potential terrorist targets (known as «high value targets») and analyzing them for patterns that indicate planning of a terrorist attack. (Or other criminal activity.) It’s used by some government agencies to safeguard their buildings, but it’s not a government project.
So TrapWire is basically a data-mining company?
Yeah. Like any data-mining operation, they’re trying to automate the search for meaningful patterns in huge databases that would be missed by someone just combing through it manually. But instead of the data being the purchases of Target customers
, it’s suspicious people or vehicles spotted near potential terrorist targets. TrapWire also assembles a big database of suspicious reports from all its clients, which can then be used to cross-reference threats among different facilities.
But TrapWire is super-secret, right? That’s why everyone’s freaking out?
TrapWire isn’t secret at all. A 2006 patent application
lays the whole thing out in detail. (It also offers the single best explanation of what TrapWire does.) And TrapWire’s website
offers a helpful description of how TrapWire ideally works:
Through the systematic capture of… pre-attack indicators, terrorist or criminal surveillance and pre-attack planning operations can be identified — and appropriate law enforcement counter measures employed ahead of the attack.
TrapWire has many government and private clients, including government buildings, military installations, casinos, and hotels. The VP of security firm Stratfor claimed that «TrapWire is in place at every [high value target] in NYC, DC, Vegas, London, Ottawa and LA,» in an email leaked by Wikileaks.
If TrapWire has existed publicly since 2006, why is everyone talking about it all of a sudden?
TrapWire turned up in a bunch of emails leaked recently by Wikileaks. If you remember, Wikileaks has been slowly publishing
a cache of five million emails that Anonymous hackers stole from the private security firm Stratfor. Last week, they released some that revealed Stratfor had a partnership with TrapWire, where they both agreed to promote each other’s products to clients and in turn shared commissions if anything came out of the deal. The emails also included some discussion of TrapWire’s capabilities.
So you’re saying there’s nothing to worry about TrapWire?
There is certainly something to worry about in the pervasive post-9/11 mentality that TrapWire represents: The obsession with preventing terrorist attacks through constitutionally dubious profiling and surveillance. But TrapWire on its own doesn’t seem to be anywhere near the level of, say, the NSA’swarantless wiretapping program
The ACLU of Massachusetts, no slouch when it comes to privacy issues, compiled a fact sheet on Trapwire meant to bat down
some of the crazier myths, suggesting the freakout was conjuring «surveillance bogeymen where they do not exist.»
For example, there is no evidence that TrapWire uses facial recognition, or plugs into any databases that contain your personal information, web history or purchases—some of the more outlandish claims. In fact TrapWire specifically does not «capture, store, or share any sensitive or personally identifiable information» according to a 2007 white paper.
«If it’s essentially an automated supplement for what human guards already do at [High Value Targets], it’s not anything SUBSTANTIVELY new,» tweeted Julian Sanchez
, one of the best thinkers on privacy and security.
Come on, there must be something creepy about TrapWire. It’s called freakin’ «TrapWire!»
The most troubling aspect of TrapWire is the massive database of suspicious incidents it collects from all its clients on the «TrapWire Network».
TrapWire uses this database to correlate suspicious incidents across different facilities, «thereby [converting] a group of isolated facilities into an information collection and dissemination network that significantly enhances each facility’s ability to detect terrorist surveillance,» according to the patent application. For example, if security personnel from a hotel in Houston enters a suspicious incident into TrapWire, the program might bring up a similar one from a casino in Nevada.
However, the TrapWire databse isn’t only built on the suspicious reports from its clients. It also takes reports from various municipal suspicious activity reporting systems like the «iWatch» program that’s active in LA
and other big cities, according to the leaked emails.
Not only that, TrapWire reports are also given to the government.
«TrapWire Suspicious Activity Reports are fed directly/automatically into the [National Suspicious Activity Report] Initiative… as well as the FBI’s eGuardian system if/when there’s confirmed nexus to terrorism or major crimes» wrote a TrapWire executive in one of the leaked emails
. Even if these suspicious reports just amount to recording the appearance and activities of a person or vehicle in public, this effectively means the FBI, and Department of Homeland Security have an eye on you, by proxy, whenever you’re in the vicinity of a high value target. This kind of private-government partnership should always raise eyebrows.
Does TrapWire actually work?
Perhaps. A TrapWire executive claimed in an email
that a TrapWire report had led to the arrest of Yonathan Melaku, who caused a bomb scare in June 2011 by leaving his car parked near the Pentagon and was later charged
with an earlier spree of shooting at military buildings.