TrapWire: See Something, Say Something...To The CIA?


According to internal emails from global intelligence firm Stratfor obtained and newly released by WikiLeaks, TrapWire's surveillance analysis system seems to be near the center of the intelligence world. “Designed to provide a simple yet powerful means of collecting and recording suspicious activity reports,” it provides information and information sharing to local police departments, the Department of Homeland Security, the FBI, and in some cases private businesses such as Las Vegas grmmmph!s.

TrapWire, run by ex-CIA operatives, is a software program that collects and analyses surveillance video footage from locations around the world to prevent terrorist attacks. Security footage from the White House or a New York subway station is uploaded to the program, which searches for “suspicious activity” and looks for patterns. The hope, according to Stratfor Vice President of Intelligence Fred Burton, is that, “a suspect conducting surveillance of the NYC subway can also be spotted byTrapWire conducting similar activity at the DC subway.” There are at least 500 TrapWire-connected surveillance cameras in the New York subway system, according to this blog post by Mr. Burton.

It's in place at the White House and the London Stock Exchange. If you“see something, say something” in a New York subway, your “suspicious activity report” (SAR) goesthrough TrapWire. TrapWire is used by the DC Police, the LAPD, and the Las Vegas Police Department. It's in place at Fort Meade, and at over 60 Las Vegas grmmmph!s.

Suspicious activity reports (SAR's) generated by TrapWire systems are distributed to local law enforcement agencies, local partner corporations (in some circumstances), and to the local Department of Homeland Security (DHS) fusion center, as well as to a national database used by DHS fusion centers nationwide as well as the FBI.

According to a leaked email from TrapWire's Director of Business Development, all of the information provided by its corporate, national, and international clients “feed a centralized database”, and TrapWire attempts to make connections between events in different locations. This means that while TrapWire's clients only have access to relevant and nearby reports, the company has access to everything submitted by its partner law enforcement entities and reported by citizens.

TrapWire's goal: when a grmmmph! camera spots something suspicious, or a Las Vegas resident sees something and says something, that information is quickly in the hands of neighboring resorts, the Las Vegas Police Department, DHS, and the FBI. The TrapWire company itself also has access to all suspicious activity reports, whether they come from a New York City citizen's phone call or directly from the White House.

In a 2007 white paper, TrapWire says, “it does not capture, store, or share any sensitive or personally identifiable information.” It is unclear how TrapWire defines sensitive information, as the company is unquestionably in control of an enormous amount of valuable intelligence data from around the world. Given the extraordinarily close ties between the company, its employees, and the CIA, concerns about civil liberties implications of TrapWire's system and access seem well warranted.

II. What Does TrapWire Do?

TrapWire has three distinct components:

  1. TrapWire Critical Infrastructure is installed at sensitive locations, such as the White House and the London Stock Exchange, to analyse security footage to “detect patterns of behavior indicative of pre-operational planning.”
  2. TrapWire Community Member operates New York's and Las Vegas' “See Something Say Something” campaigns, as well as the iWatch citizen reporting programs in DC and Los Angeles (promotional video below). Information obtained from citizen reports is compared to reports from other cities and analysed, then forwarded to local law enforcement.
  3. TrapWire Law Enforcement provides coordination and information sharing for law enforcement agencies, including the sharingof information obtained through TrapWire's other two services. For instance, according to Emergency Management Magazine, in Las Vegas TrapWire operates “a citywide database linking surveillance systems of most resorts and the fusion center

When a suspicious activity report (SAR) is made by a TrapWire system, for instance when a security camera spots something suspicious or a citizen makes a report on, that information spreads quickly. According to congressional testimony (below, p. 5) from DCPD chief Cathy Lanier, a DC TrapWire SAR is automatically forwarded to Washington's local Department of Homeland Security (DHS) fusion center, where it is analyzed. When DHS analysts verify that incidents “meet the established standards for suspicious activity reporting,” they are added to a network accessible to all DHS fusion centers nationwide, and “are forwarded to the FBI's eGaurdian system.”

III. Who Uses TrapWire?

TrapWire does not make public its list of clients. According to previously available information, clients include:

According to the Stratfor emails released by WikiLeaks, other clients include:

IV. Who/What Is TrapWire?

The founder of TrapWire is Richard Helms, former head of the CIA's European and National Resources Divisions. According to its website, TrapWire is run by ex-CIA operatives. President Dan Botsch, spent 11 years as an intelligence officer, focusing on Russia and Eastern Europe. Director of Business Development Michael Maness was in the CIA for 20 years, where he did counterterrorism in the Middle East, Balkans, and Europe. Director of Operations Michael Chang “served as an Assistant Team Leader and Special Agent on the personal security detail of the Director and Deputy Director of Central Intelligence.”

TrapWire was originally founded as part of the Abraxas Corporation, a security company which has since been sold to publicly traded defense company Cubic Corporation for $124 million. According to the LA Times, Abraxas was “tapped for unusual assignments”, such as creating fake identities for CIA agents, “one of the most sensitive and carefully guarded operations in the CIA.”

TrapWire was spun out as an independent company, Abraxas Applications,in 2007 (it changed its name to TrapWire, Inc. after the sale of theAbraxas Corporation).

IV. Stratfor and TrapWire's Troubling Revolving Doors

The leaked Stratfor emails also appear to detail a number of instances in which the lines between public service and private profit are blurred.

1. Stratfor Vice President for Intelligence Fred Burton

According to an August, 2009 email written by Stratfor President Don R. Kuykendall to CEO George Friedman, Stratfor had an arrangement to recommend TrapWire to its clients in exchange for 8% of any contract signed as a result as a finder's fee. The partnership agreement is here. Mr. Kuykendall referred to TrapWire as, “one of Fred's pet companies.”

Nine days before Mr. Burton began his term as Assistant-Director for Intelligence & Counter-Terrorism for the Texas Department of Public Safety, Mr. Kuykendall wrote:

“Fred has said that, once he is #2 dude in the Texas DPS (September oneth) that he is going use the appropriated $1,500,000 to install TrapWires product on the Texas border. George, 8% X $1,500,000 = $120,000 for the good guys.”

It certainly appears that Stratfor's President believed that Mr. Burton planned to conduct his duties as a law enforcement officer for the financial benefit of the company. In a 2010 email, after Mr. Burton had left the Texas DPS and returned to Stratfor, Mr. Burton wrote:

“As many of you old-timers know, we arranged to get a cut. I think the first dump is $250,000 to Abraxas, with an annual renewal of $150,000 per year for the TrapWire license. The point man for the project worked directly for me at DPS.”

It appears the point person he is referring to is Blake Sawyer, a former Marines Captain and Deputy Assistant Director at DPS. In a 2010 email chain, after Mr. Burton has already left the Texas DPS, Mr. Burton and Mr. Sawyer discuss Mr. Sawyer's recommendations to senior DPS officials, including Chief of Staff Robert Bodisch. Mr. Burton also stated that he “pushed the matter behind-the-scenes w/the Director and the DPS Commissioners.”

2. TrapWire Senior Vice-President Joan McNamara, formerly LAPD Assistant Commanding Officer of the Counter-Terrorism and Criminal Intelligence Bureau

In a 2010 email from Blake Sawyer, Commander McNamara is referred to as “a client and advocate of the system…the driving force behind the SAR initiative being run with all the major city police chiefs and TRAPWIRE's role therein.” According to a Department of Justice report, Commander McNamara is identified as one of four commanders nationwide to have “volunteered to have their suspicious activity reporting processes assessed and used as the basis for developing the findings and recommendations.” According to this LAPD news release, TrapWire's iWatch “was developed under the direction of LAPD Commander Joan T. McNamara.”

In other words, it appears that Commander McNamara was instrumental in securing the LAPD as a client for TrapWire, pushing other law enforcement agencies to adopt the LAPD's SAR reporting approach which included TrapWire, and then went to work for TrapWire (it is not clear if she is still with the company).

Unravelling TrapWire

Public Intelligence

August 11, 2012 in Featured hacked emails from the private intelligence firm Stratfor shed light on a global suspicious activity surveillance system called TrapWire that is reportedly in use in locations around the world from the London Stock Exchange to the White House. The emails, which were released yesterday by WikiLeaks, provide information on the extent and operations of a system designed to correlate suspicious activity reports and other evidence that may indicate surveillance connected with a potential terrorist attack.

A proprietary white paper produced by TrapWire, formerly called Abraxas Applications, describes the product as “a unique, predictive software system designed to detect patterns of pre-attack surveillance.” In an interview from 2005 with the Northern Virginia Technology Council, the CEO of Abraxas Corporation Richard “Hollis” Helms says the goal of TrapWire is to “collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists.” Fred Burton, the former CEO of Stratfor and current vice president, describes TrapWire in an email from November 2009 as “a technology solution predicated upon behavior patterns in red zones to identify surveillance. It helps you connect the dots over time and distance.”

Documents submitted with Abraxas’ initial trademarking of TrapWire, describe the system as utilizing “a facility’s existing technologies (such as pan-tilt-zoom [PTZ] cameras) and humans (security personnel, employees, and neighbors)” to collect data which is then “recorded and stored in a standardized format to facilitate data mining, information comparison and information sharing across the network.” TrapWire “standardizes descriptions of potential surveillance activity, such as photographing, measuring and signaling” and then shares “threat information” across the network to track potential correlations across other locations on the network.

One thing that makes TrapWire a particularly interesting company is that its president, chief of operations and director of business development are all former employees of the Central Intelligence Agency. According to a management page on TrapWire’s website, which has recently been removed for an undisclosed reason, the president and one of the founders of the company, Dan Botsch, “served 11 years as an Intelligence Officer with the Central Intelligence Agency, focusing on Russian and Eastern European affairs.” Michael Maness, the company’s business development director, served over 20 years with the CIA, “where he directed counterterrorism and security operations in the Middle-East, the Balkans and Europe. As a senior operations officer and field operations manager, he was instrumental in combating Al-Qaeda’s operational units in the immediate wake of the September 11 terrorist attacks.” Michael K. Chang, the company’s director of operations, served for “12 years with the Central Intelligence Agency as a counterterrorism operations officer and security officer” and even acted as personal security for the Director and Deputy Director of Central Intelligence.

Abraxas Corporation, the company that originally created TrapWire under its subsidiary Abraxas Applications, also has significant ties to the CIA. The company was founded by Richard “Hollis” Helms in 2001, two years after he left the CIA where he had worked for nearly 30 years. Many of the company’s past employees and management have worked at the CIA or other intelligence agencies. In fact, Tim Shorrock notes in his 2008 book Spies for Hire that so many employees of the CIA were thought to be going to work for private companies like Abraxas that in 2005 CIA Director Porter Goss had to ask the company to stop recruiting in the CIA Cafeteria at Langley. The Los Angeles Times reported in 2006 that Abraxas had a contract from the CIA for developing front companies and false identities for the Agency’s nonofficial cover (NOC) program. The company and its work are so secretive that Shorrock reportedly called the company for comment and was told, “Sir, we don’t talk to the media.”

High-Profile Clients Around the World

The Stratfor emails on TrapWire detail the extent to which the software system is being utilized around the world, describing deals with clients representing domestic agencies, foreign governments and multinational corporations. An email from Don Kuykendall, the chairman of Stratfor, in May 2009 describes how TrapWire’s clients “include Scotland Yard, #10 Downing, the White House, and many [multinational corporations].” The email goes on to say how Stratfor is working to help introduce TrapWire to people at “Wal Mart, Dell and other Fred cronies.” Another email from Fred Burton to Kuykendall in July 2011 describes how the Nigerian government is interested in opening a fusion center and may want to deploy TrapWire in the Nigerian Presidential Palace.

In another email Burton brags about Stratfor’s role in authoring situation reports that feed into the TrapWire system, saying that this is the Stratfor’s number one way of impressing potential clients in government positions. “Do you know how much a Lockheed Martin would pay to have their logo/feed into the USSS CP? MI5? RCMP? LAPD CT? NYPD CT?” Burton asks, implying that TrapWire is in use by the U.S. Secret Service, the British security service MI5, the Royal Canadian Mounted Police, as well as counterterrorism divisions in both the Los Angeles and New York Police Department. In a 2009 thesis from the Naval Postgraduate School, the Los Angeles Joint Regional Intelligence Center (LA-JRIC), one of more than seventy fusion centers around the country, is listed as utilizing TrapWire.

The emails also suggest that TrapWire is in use at military bases around the country. A July 2011 email from Burton to others at Stratfor describes how the U.S. Army, Marine Corps and Pentagon have all begun using TrapWire and are “on the system now.” Burton described the Navy as the “next on the list.”

The Information Sharing Environment – Suspicious Activity Reporting Evaluation Environment Report from 2010 describes how the Las Vegas Police Department is providing TrapWire software to at least fourteen different hotels and casinos in the area. Several emails make reference to the network running in Las Vegas and one discusses contacting a security officer at the MGM Grand to discuss the system’s practical implementation.

According to one particularly unusual email from Burton, TrapWire is reportedly in use to protect the homes of some former Presidents of the United States.

Burton also describes TrapWire as possibly “the most successful invention on the [global war on terror] since 9-11.” Describing his connections with the company’s management, he adds “I knew these hacks when they were GS-12′s at the CIA. God Bless America. Now they have EVERY major [high-value target] in [the continental U.S.], the UK, Canada, Vegas, Los Angeles, NYC as clients.”

TrapWire is also linked to the National Suspicious Activity Reporting (NSI) Initiative, a program designed to help aggregate reports of suspicious activity around the country. One email from an executive at TrapWire states that “TrapWire SAR reports are fed directly/automatically into the National SAR Initiative” as well as “the FBI’s eGuardian system if/when there’s confirmed nexus to terrorism or major crimes (which is happening frequently).” The email goes on to say that “our networks in LA, Vegas and DC all support See Something Say Something (S4 as I call it).”

Over the past few years, several cities around the U.S. have implemented websites allowing the public to report suspicious activity, including Washington D.C., Houston and even the U.S. Army. These activities are part of a larger program called iWatch, which also feeds into TrapWire according to a leaked email:

iWatch pulls community member reporting into the TrapWire search engine and compares SARs across the country…with potential matches being fed back to the local LE agency. An amazing amount of good quality reporting is coming in from alert citizens (and police officers) in the DC area in particular.

TrapWire reportedly operates separate regional networks around the country, each with a number of different interconnected sites. However, the president of the company Dan Botsch explains in an email to Fred Burton that the TrapWire system operators do “cross-network” some information from separate networks and that he believes one day the networks will begin to merge:

We have regional networks in which information sharing is limited to that network. If a network has 25 sites, those 25 sites match against each other’s reports. They can also send reports to any other site on the network and they can post reports to a network-wide bulletin board. Sites cannot share information across networks. However, we do cross-network matching here at the office. If we see cross-network matches, we will contact each affected site, explain that the individual(s) or vehicle they reported has been seen on another network, and then offer to put the affected sites into direct contact. We have not yet had a cross-network match. I think over time the different networks will begin to unite. I’m not exactly being prescient here, as there is already talk in Vegas and LA of combining their two networks. Same here in DC.

The use of TrapWire could eventually extend to fusion centers all around the country as congressional testimony from June 2011 indicates that the Washington D.C. Metropolitan Police Department is part of a trial project of the Department of Homeland Security to test the use of TrapWire. The Texas Department of Public Safety, which operates the Texas Fusion Center, also purchased TrapWire software in 2010.

Trapwire: What we know

These days every news cycle brings us more thoroughly disturbing reasons to be concerned about pervasive digital monitoring in the United States. This week things got extra interesting with the revelation of an enormous, shadowy surveillance company with deep ties to the CIA: Trapwire exploded on the surveillance scene like a bat out of hell. And people are justifiably freaked out about it.

But people are also publishing a lot of information that seems to have appeared out of the ether, grounded in no documentation whatsoever. There is no need to speculate or conjure surveillance bogeymen where they do not exist. The documented facts speak loudly enough.

Furthermore, we don’t even have to look to pre-crime, globally networked spook software like Trapwire to be concerned about where we stand vis a vis privacy rights and government powers. Take the following stories from just the past month as a small sample of our problems, serving to illustrate the seriousness of our current predicament:

  • On NSA dreams: “NSA Boss Wants More Control Over the Net: The Internet should be adapted to allow for oversight by the National Security Agency, the organization’s boss says” (Technology Review, MIT, July 27, 2012)
  • On NSA vacuum style digital surveillance: “HOPE 9: Whistleblower Binney says the NSA has dossiers on nearly every US citizen” (NetworkWorld, July 15, 2012)
  • On the feds using our cellphones as bugs: “Ninth Circuit OKs Feds Use of Cellphones as Roving Bugs” (The New American, July 28, 2012)
  • On impunity and secrecy in spying: “The Feds Violated the Constitution but the Administration Won’t Say How” (The Atlantic, July 24, 2012)
  • On the National Counter Terrorism Center (NCTC) collecting unimaginably large amounts of data about every single person and storing it for a very long time: “The Biggest New Spying Program You’ve Probably Never Heard Of” (ACLU, July 30, 2012)
  • On impunity for warrantless spying on a mass scale: “Appeals Court OKs Warrantless Wiretapping” (Wired, August 7, 2012)
  • On face recognition: “FBI’s Facial Recognition is Coming to a State Near You” (EFF, August 8, 2012)
  • On the Microsoft and NYPD attempt to recreate “Total Information Awareness”: “The NYPD’s Domain Awareness System Is Watching You” (New York Magazine, August 9, 2012)

And for those worried that the government will use its vast, unaccountable surveillance powers to intimidate and harass political activists or religious minorities, there’s some news for you, too:

  • On the targeting of political anarchists: “Political Convictions? Federal Prosecutors in Seattle Are Dragging Activists into Grand Juries, Citing Their Social Circles and Anarchist Reading Materials” (The Stranger, August 7, 2012)
  • On JTTF raids of activist homes: “FBI and JTTF Raid Multiple Homes, Grand Jury Subpoenas in Portland, Olympia, Seattle” (Green is the New Red, July 25, 2012)
  • On the NYPD’s relentless and remorseless targeting of Muslims: “Gov jabs at NYPD again over spying on Muslims” (Wall Street Journal, August 8, 2012)

In other words, we are in a rough spot, Trapwire or no Trapwire. Having established that, let's move on to what we can prove Trapwire is, and what we cannot.

Unproven claims about Trapwire

Given what we know about other, active surveillance programs, there’s no need to speculate that we are living in dangerous times. But unfortunately that’s precisely what’s happening on the internet this week.

This article, for example, called “Confirmed: New Nationwide “Trapwire” Surveillance System is Actively Recording, Monitoring Everything,” makes a series of extremely disturbing allegations that it supports with absolutely no documentation, beginning with its headline.

Among other unproven and somewhat hysterical allegations, the article claims that “The Trapwire system is actively monitoring every major city in the country.” Really? The documents I’ve been able to locate show that the company's “TrapWire Community Member” program – which importantly is not the same as its critical infrastructure monitoring program or its law enforcement program – is operative in a number of major cities, including Washington DC, Las Vegas, New York and Los Angeles.

But I can't find any evidence to support the claim that it is operating where I live, for example, in Boston – or in Providence, RI, or Portland, OR or Seattle, WA, etc.. It very well might be operating in every US city, but there is no evidence to back up such a claim.

The article further states that Trapwire’s software integrates its license plate and CCTV data with “what you bought on your credit card today and who you interacted with via text message or your favorite social network” without providing a shred of evidence for the latter. Trapwire’s website and its patent trademark filings confirm that its software attempts to integrate license plate and CCTV data, but makes zero mention of credit card information or SMS metadata. That's not to say the company's database doesn't have this information, but it is a fact that there's no documentation or other proof to give credence to these claims. is the most high profile outlet to publish a claim I've seen batted about the internet for a few days – that Trapwire's system is more advanced than face recognition. Again, there's been zero evidence presented to back up this claim.

Speculating about Trapwire's prowess and reach is dangerous and unnecessary. After all, the facts the company laid out for us through its limited but nonetheless revealing digital trail are enough to raise the alarm.

Let’s turn to what we know about Trapwire.

Known knowns

Trapwire's early history

The first documentation of Trapwire’s existence comes from filing papers to the US patent office dated September 7, 2004. The papers ask for a trademark on Goods: “computer software for use in detecting terrorist surveillance of a facility and other pre-attack preparations on a facility or on persons associated with a facility”. The trademark application was filed by a company called Abraxas Corporation, represented by a Danielle O. Saunders of McLean, Virginia – the heart of CIA country.

On April 5, 2005 the US patent office responded by denying the trademark application because of “likelihood of confusion” with two other companies' trademarks: “The applicant’s mark, TRAPWIRE, is similar to the registered marks, TRIPWIRE and TRAPWARE. The marks are compared for similarities in sound, appearance, meaning or connotation.”

On October 4, 2005 the patent office received a response from Abraxas Corporation, arguing that the products the three companies produce are different enough to warrant granting Abraxas the Trapwire trademark. Furthermore, it argues, its product will only be sold to an elite batch of discriminating clients who would engage in extensive research and consultation with the firm before buying it. This isn't “food snacks” you grab at the market without thinking twice, it says. It's a big, costly computer surveillance network made for the “discriminating purchaser.” Indeed.

Somewhat hilariously, Abraxas points out that the two other companies – Tripwire and Trapware – make computer software products that allow individual computer users and large networks to detect unwanted attacks on their systems. Trapwire doesn't do that, the lawyers wrote. You can say that again.

The US patent office overturned its initial rejection on November 14, 2005, about a month after Abraxas' appeal. Four days before Christmas, on December 21, 2005, the patent office mailed an official notice of publication for the Trapwire mark to attorney Danielle O. Saunders. The company had its trademark, and likely a very Merry Christmas.

The next document in the Trapwire file at the patent office is a notice to revoke power of attorney from Danielle O. Saunders, filed January 5, 2006. The company's power of attorney would change again multiple times over the next five years.

Finally, on September 26, 2005 the patent office received some more substantive information from the company, describing what it set out to do with its trademark. That document is titled “TrapWireTM: Pre-Attack Terrorist Detection System for Protecting Critical Infrastructure”. You can read it yourself here.

What does Trapwire do?

The whitepaper sketches out the contours of a pre-crime surveillance system that the former CIA agents who run Trapwire Inc. hoped would work to “intercept a terrorist strike before it begins.”

TrapWire dramatically increases the ability to detect pre-attack preparations and to take appropriate action to detect, deter and intercept terrorist attacks. A visual monitor of the entire system – a map with dynamic status indicators for each entity connected to the TrapWire network – facilitates the ability of decision-makers to absorb vast quantities of information quickly and efficiently. The dynamic status indicators show the threat level at each facility and highlight those that have moved to a higher threat level over the preceding 24 hours. Security officials can thus focus on the highest priorities first, taking a proactive and collaborative approach to defense against attacks. The information collected by TrapWire can also be shared with law enforcement agencies to assist in their counterterrorism efforts.

The company says “the basic premise behind” the technology “is as follows: Through the systematic reporting of suspicious events and the correlation of those events with other event reports for that facility and for related facilities across the network, terrorist surveillance operations can be identified…”

The services Trapwire offers to major corporations and governments can be broken down into three categories: critical infrastructure “hardening”, suspicious activity report management, and data mining.

Using open-source information it is very difficult to determine what kinds data-inputs the system accesses. The only confirmed sources of data to the system are CCTV cameras, license plate readers and open source databases. (The latter contain a wealth of information about each and every one of us, so the combination of these three data sets alone is troubling.)

The Wikileaked Stratfor emails that revealed the existence of this shadowy surveillance network to the world contain at least 189 references to Trapwire. They reveal much more about what the program is used for than does the Trapwire public website.

Among the most disturbing emails in the Wikileaks GIF files is this one, written by a Stratfor analyst to the head of the firm. It gives us a troubling taste of how these private security companies view their role as intermediary between the government and the people:

case_studies/trapwire.txt · Laatst gewijzigd: 2014/05/30 16:47 door