The latest WikiLeaks release has shone a spotlight on an alleged domestic and foreign surveillance program run with cloud-based software provided by Virginia company TrapWire, many of whose top leaders and employees are former members of three-letter American intelligence agencies.
WikiLeaks tweeted about it today, and the story quickly became a trending topic on Twitter:
TrapWire produces software that is currently in use by Homeland Security, the military, U.S. intelligence agencies, and local police forces including the LAPD and the Metropolitan Police Department in Washington, DC (whose chief recently praised the software). Private sector clients include major corporations in the energy, chemical, and financial industries.
TrapWire does three things: protect critical infrastructure by analyzing CCTV footage with face and pattern recognition algorithms to detect pre-attack patterns, provide online reporting systems for citizens to report suspicious behavior, and gather and analyze many sources of information to allow law enforcement to make sense of the masses of collected data.
If TrapWire does what it is intended to, it’s potentially a critical innovation that can help protect the U.S. from terrorism. Tying together disparate facts from multiple sources across geographies might have prevented 9-11. On the other hand, the secrecy, the integration with government, and the thought that a private corporation could have access to huge amounts of private citizens’ data is concerning to say the least.
The data WikiLeaks released was taken from more than five million emails allegedly stolen from a company with close ties and inside information about TrapWire, security information company Stratfor. Stratfor had a contract with TrapWire in which each company agreed to promote the other company’s products, and Stratfor agreed to feed its intelligence reports into the TrapWire system.
Then Stratfor was hacked by Anonymous in 2011, and Anonymous provided the emails to WikiLeaks.
In those emails, Stratfor says that TrapWire is in use in “Scotland Yard, #10 Downing, the White House, and many [multinational corporations].” One email talks about the Nigerian government being interested in TrapWire, and others imply that organizations as diverse and powerful as the Secret Service, MI5, and the Canadian RCMP are all clients.
And yet another leaked email from Fred Burton, Stratfor’s VP of Intelligence, says “God Bless America. Now they have EVERY major [high-value target] in [the continental U.S.], the UK, Canada, Vegas, Los Angeles, NYC as clients.”
TrapWire was not always so secretive about its software. Company founder Richard Hollis spoke about the software in 2005, say that it:
… can collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists. The application can do things like “type” individuals so if people say “medium build,” you know exactly what that means from that observer.
And in 2007, the company elaborated on how TrapWire works:
… the TrapWire rules engine analyzes each aspect of [reported security incidents] and compares it to all previously-collected reporting across the entire TrapWire network. Any patters detected — links among individuals, vehicles, or activities — will be reported back to each affected facility. This information can also be shared with law enforcement organizations …
The question becomes: Where does national security start and the public’s right (or need) to know end? And, to what extent should private companies be embedded in public surveillance?
Even tougher: does our security depend, at least in part, on our ignorance? Because if we learn about anti-terrorism methodologies, you can bet the bad guys do too.
There is as yet no statement from Stratfor, TrapWire Inc., or any of the named public security agencies.
Image credit: ShutterStock/Steven Finn
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.