If you were trying to attract the attention of every conspiracy-minded, government-suspecting cyberactivist on the planet, you couldn't have done a better job with sky-writing and billboards. A previously unknown hacker group calling itself Anti-Leaks stages an impressively powerful and extended distributed denial of service attack against WikiLeaks, even while improbably claiming to represent "young adults, citizens of the United States of America" and targeting WikiLeaks founder Julian Assange as "a new breed of terrorist." And what was WikiLeaks doing during this assault? It was attempting to release documents about a creepy-sounding, high-tech surveillance system called TrapWire. It's all very interesting — even if many of the documents have more to do with price tags than paranoia.
The documents came from Stratfor, a private intelligence firm with close ties to the U.S. government. The hacker group, Anonymous, broke through the spook firm's security in 2011, and WikiLeaks has been posting documents since. Among those documents were emails detailing Stratfor's relationship with TrapWire, a surveillance system and company of the same name that seems to be far-reaching, tied into public and private data-gathering, and predictive of terrorist threats. What that actually means, though, is obscured by the fact that Stratfor personnel were conversing among themselves about a product they understood and didn't need to explain, and which actually belonged to another organization.
In a 2009 email, Stratfor's Fred Burton, now Vice President of Intelligence, wrote, "TrapWire is a technology solution predicated upon behavior patterns in red zones to identify surveillance. It helps you connect the dots over time and distance." He wrote in 2011 that "TrapWire is in place at every [high value target] in NYC, DC, Vegas, London, Ottawa and LA."
On its Website, TrapWire, Inc. describes its system as "a unique, predictive software system designed to detect patterns indicative of terrorist attacks or criminal operations. Utilizing a proprietary, rules-based engine, TrapWire detects, analyzes and alerts on suspicious events as they are collected over periods of time and across multiple locations."
And a 2006 Patent and Trademark Office Filing reads:
To collect and process suspicious event data, TrapWire utilizes a facilities existing technologies (such as pan-tilt-zoom [PTZ] cameras) and humans (security personnel, employees, and neighbors). The coollected data is recorde and stored in a standardized format to facilitate data mining, information comparison and information sharing across the network. TrapWire records descriptions in two standard formats: PersonPrint (TM), a 10-characteristic description of individuals; and VehiclePrint(TM), an 8-characteristic description of vehicles. TrapWire also standardizes desriptions of potential surveillance activity, such as photographing, measuring and signaling. TrapWire matches this human-entered data with information collected by sensors and enters the the reporting into the TrapWire database.
But many of the Stratfor emails related to TrapWire reveal more about the business side of the operation than about the technological capabilities of its "predictive software." For instance, in 2010, Burton wrote:
TrapWire for the Great State of Texas is a go. Cash should begin to flow to Abraxas within 10 days. As many of you old-timers know, we arranged to get a cut. I think the first dump is $250,000 to Abraxas, with an annual renewal of $150,000 per year for the TrapWire license. The point man for the project worked directly for me at DPS. Abraxas has done work already pro-bono as good will. TrapWire may be the most successful invention on the GWOT since 9-11. I knew these hacks when they were GS-12's at the CIA. God Bless America. Now they have EVERY major HVT in CONUS, the UK, Canada, Vegas, Los Angeles, NYC as clients.
So we know that TrapWire is pretty damned lucrative, and that Stratfor is good at working its connections (Burton briefly worked at Texas Department of Public Safety) to market products that turn a buck for the company. What else do we know?
Well, as Stratfor's networking-savvy VP pointed out, TrapWire is top-heavy with former CIA personnel. The company very bluntly yanked online information about its officers (and it's definitely not answering my queries), but that's not hard to backtrack in this Internet age of ours. With a peek online, we see that President Dan Botsch once boasted of "11 years as an intelligence officer with the Central Intelligence Agency," and that Michael Maness, Director of Business Development, claimed "20 years of service with the Central Intelligence Agency." Of course, leveraging the skills you learn in government service in a better-compensated private sector career is a time-honored tradition around the world, and often less sinister than...well...potentially expensive for taxpayers.
And then TrapWire's parent company, Cubic Corporation, denied it knew anything about TrapWire, or had even met it in passing in a hotel bar. And that's something you really ought not do, if it's not true, in this often shockingly transparent era.
You'll notice, once again, that the coverup is worse than the crime—or even the not-crime, but sleazy, creepy revelation. But we still know remarkably little about TrapWire's real-world capabilities.
And so, the reaction began. Playing the role of jaded old-timer, Technolog's Paul Wagenseil called me—and others—out as alarmist for bothering to find this little kerfuffle worth covering because, after all, "Brochures describing the system can be found online." And Slate's Ryan Gallagher promised us all that "[t]he software program TrapWire is not a global conspiracy to photograph your face," based on the company's public statements and aging documents and filings.
In truth, though, Wagenseil and Gallagher have a good point. While the paranoid in me wants to believe that TrapWire execs are working with their cronies at Stratfor and their old comrades in government positions to turn the world into a Panopticon, the realist in me recognizes that they're more likely to be over-promising and under-delivering for that healthy annual take from Texas than they are to be remaking Enemy of the State with all of us as walk-ons. After all, the security firm, G4S, is still making amends for failing to live up to its promise to deliver an army of security guards for the London Olympics. And, while facial-recognition technology may or may not be approaching usefulness, vendors have been pocketing tax dollars based on promises of the stuff at least since Super Bowl XXXV.
If leveraging skills learned in government service is an old tradition, so is selling moonbeams and bullshit to your former employers.
And yet...TrapWire does have government connections that raise some red flags about who is perusing the data it collects. In August 2011, Michael Maness wrote to Burton:
TrapWire SAR reports are fed directly/automatically into the National SAR Initiative (NSI) that Scott mentions...as well as the FBI's eGuardian system if/when there's confirmed nexus to terrorism or major crimes (which is happening frequently). Additionally, our networks in LA, Vegas and DC all support See Something Say Something (S4 as I call it), with TrapWire actually acting as the analytic tool behind the scenes. Pentagon, Ft. Meade and USMC (which is pushing to get TrapWire deployed globally for their bases) all feed their own military-centric S4 type programs. ("Eagle Eyes" at Quantico for instance).
As the ACLU put it, "Some of the Wikileaks-fueled swirl of stories about the TrapWire program appear to have been overhyped. ... Beyond the details, all the 'hype' online over the TrapWire story is a reflection and implicit recognition that such a system is now technologically possible, and we are barreling full speed toward a surveillance society."
We're almost certainly not yet living in the Panopticon. But any step in that direction—even if it's well-spun marketing-speak—is worth watching.