Internet activists have whipped up a storm on Twitter in recent days over TrapWire, which they claim is a secret international facial-recognition and social-media monitoring network for use by governments. It sounds like an outrageous infringement of our rights. Unfortunately—or, perhaps, fortunately—most of it is rooted in hyperbole and misinformation, heavier on fiction than fact.
The hysteria began last week after WikiLeaks published a series of internal emails from Stratfor, a security and intelligence think tank. The emails made reference to software called TrapWire, made by TrapWire Inc., a Virginia-based company fronted by ex-CIA officers. Stratfor’s vice president purportedly hinted that the program was being used at locations in the United States, Canada and London. Before long, Kremlin-backed broadcaster Russia Today was regurgitating activist claims about a widespread TrapWire face-recognition surveillance system. Without a cursory fact-check, some more-respectable outlets like BoingBoing and Salon echoed the same.
So what is TrapWire? Well, it’s not facial-recognition software, it’s not secret, it doesn’t monitor social media, and I’d say it’s a stretch to even describe it as a surveillance system. But that’s not to say it isn’t interesting or notable.
In essence, TrapWire is a kind of intelligent database. Publicly available trademark documents show that it is designed to store information about suspected terrorists at locations where there is critical infrastructure or other potential targets. Security staff at sites where TrapWire is installed can input detailed text reports based on “suspicious activity” they have seen involving vehicles or people. According to the trademark documents, such activity could include “photographing, measuring and signaling.” The software can also be used in conjunction with equipment like video surveillance cameras, with clips logged, saved, and attached alongside the text reports.
What makes TrapWire stand out is what it does with the stored information. Using algorithms, it is designed to automatically identify “patterns indicative of terrorist activity” at a site—and across various sites—before issuing advance warning that outlines the level of threat to a given location. It does this by, with prior approval of each client, aggregating and analyzing event reports from all facilities that are using the system. The underpinning logic is that terrorists who are going to attack a building or buildings will conduct rigorous planning and surveillance of a target before they attack. This type of reconnaissance activity would, in theory, be logged onto TrapWire by security personnel—triggering a pre-emptive alert if a pattern were detected.
It is quite easy to imagine how innocuous citizens snapping pictures of buildings might end up triggering a “suspicious activity” report, stored alongside a CCTV clip on a database somewhere. To this end, TrapWire epitomizes the deep culture of suspicion that has become endemic across the United States and other Western nations since Sept. 11, where anyone behaving the wrong way in the wrong place can be seen as a potential threat. But that in itself is not a new development, and nor are TrapWire’s basic goals.
Since 2003, so-called Fusion Centers in U.S. cities have been gathering, sharing, and analyzing “threat-related information” on a federal and local level. At least 72 Fusion Centers were in operation as of 2010, each of which has access to a selection of surveillance, data mining and analytics tools. Some of the threat-related information is reported by the public through the Suspicious Activity Reporting initiative. Some will come from data entered by security personnel onto databases like TrapWire.
Among those to have used TrapWire: the Metropolitan Police Department of the District of Columbia, according to Police Chief Cathy Lanier; transport authorities in New Jersey and Connecticut, according to a 2011 contract; and law enforcement, several hotels, and casinos across Las Vegas, according to a 2010 Department of Justice report. In 2007 it was reported that Abraxas had won contracts to test TrapWire with police in New York and Los Angeles, plus the Department of Energy and the Marine Corps.
The Stratfor emails—which are hardly a reliable source of up-to-date information—also suggest TrapWire is being used in Canada by the Royal Canadian Mounted Police, and in London by Scotland Yard and the Stock Exchange. RCMP said it couldn’t offer any insight into why it was mentioned in the Stratfor email and wouldn’t comment on technologies it uses or does not use on policy grounds. A representative from Scotland Yard told me that he had no knowledge of the force ever having used TrapWire, while a spokesperson from the London Stock Exchange declined to look into the matter, citing its “strong policy of not commenting on any issue related to security.”
It’s certainly possible, of course, that there are some locations outside the United States where TrapWire is used to keep tabs on people deemed suspicious. The claim that this means there is some kind of sinister international social media monitoring and facial-recognition surveillance network in operation, however, is just wrong and derived from a basic misunderstanding of the technology’s capabilities.