Revelations about a spooky-sounding program called
TrapWire caused a ruckus on the Internet last month. Here’s what we know, what
we don’t and why it matters.
In early August, WikiLeaks released another cluster
of the 5 million e-mails it
obtained in late 2011 from Stratfor, a private intelligence agency Barron’s has
called “The Shadow CIA.” The first batch had been made public early this year,
revealing, in the
Guardian’s words, “not simply the military-industrial complex that
conspires to spy on citizens, activists and trouble-causers, but the extremely
low quality of the information available to the highest bidder.” Among the most
intriguing items disclosed in the latest document dump was the existence of a
spooky-sounding company called TrapWire, sparking an online uproar among
surveillance researchers and transparency advocates. The e-mails describe
TrapWire as a surveillance system so advanced, so networked and intelligent,
that it can sniff out threats to critical infrastructure before they
materialize—a ‘pre-crime’ detection technology. Surveillance watchers rang the
alarm: TrapWire, they warned, is the constellation of our greatest fears.
Undermining the excitement were other e-mails,
showing that Stratfor had struck a deal to aggressively promote TrapWire to its
intelligence, military and law enforcement clients, in exchange for an 8
percent cut of any resulting sales. This arrangement appeared to pay off,
particularly in Texas. In one
e-mail, Fred Burton, vice president for intelligence, boasted that he
“wrote the plans for eventual TrapWire roll-out Statewide, in addition to the
Texas State Capital.” In another,
he speculated on the profits his company might reap in the event of a terrorist
attack in Texas. “Positive developments continue with TrapWire in light of the
Texas State Capital shooting,” he wrote, referring to an incident in 2010 that
had prompted the state to increase security. “…We should see the system roll
out fairly soon.” Perhaps most disturbingly, one company employee implored
Burton to deploy TrapWire against activists in San Francisco: “Regarding SF
landmarks of interest—they need something like Trapwire more for threats from activists
than from terror threats. Both are useful, but the activists are ever present
around here,” she wrote.
A central, oft-cited claim put forth to buttress the
worst-case scenario pronouncements about TrapWire comes from an interview with
the founder of the company that produced it, who said the technology is “more
accurate than facial recognition.” A storm of speculation followed the
discovery of this statement, one unproven allegation among many that would fill
a series of articles resting on the claims of other private intelligence
executives with a financial incentive to cast their product as all-powerful.
Headlines included: “Wikileaks: Americans Being Monitored By Top Secret
Surveillance System ‘TrapWire,’” “TrapWire tied to White House, Scotland Yard,
M15 and others,” and “WIKILEAKS: Surveillance Cameras Around The Country Are
Being Used In Huge Spy Network.” Reports warned
that the system had been “installed…across the U.S. under the radar of most
Americans.”
Adding to the intrigue, information on the TrapWire,
Inc. website began mysteriously disappearing, including the page listing the
names and biographies of top executives at the firm. This followed a strange
press release from Cubic Corporation, a defense, intelligence and
transportation services firm that bought TrapWire’s parent company in 2010,
announcing: “Cubic Corporation Has No Affiliation with TrapWire, Inc.” (A true
statement, although the company retained the trademarks for a number of
products related to the sale until June 2011, including TrapWire.) What did the
company have to hide? And why would a billion-dollar company move so quickly to
distance itself from TrapWire?
We don't have answers yet. But those are also not the
most important questions. TrapWire certainly merits further attention and
investigation—but not because it is so exceptional or unique in and of itself.
TrapWire is symptomatic of an alarming transformation we have witnessed over
the past ten years when it comes to Americans’ privacy versus government power.
In a democracy, we should know nearly everything about the government and its
operations—we, after all, pay for them—and the government should know very
little about us, unless it has good reason to suspect we are engaged in
criminal activity. But the past decade has seen a perilous inversion of this
relationship. State secrecy is now the name of the game, from the White House
all the way down to local governments, which have been quietly accepting
federal funding for a variety of
invasive surveillance and identification tools without so much as a basic
public conversation on the associated benefits and risks. Most Americans have
little idea of the extent to which their everyday, ordinary activities are
pervasively monitored by government agencies and private spying outfits like
TrapWire.
TrapWire is the brainchild of Abraxas Applications,
Inc, a subsidiary of the Abraxas Corporation. Founded shortly after September
11 by CIA veteran Richard “Hollis” Helms, the Abraxas Corporation was the first
private intelligence firm to take advantage of the post-9/11 chaos and
navel-gazing in the intelligence community—and Congress’ promises of limitless
funds—to correct “what went wrong.” As one CIA official told the Washington
Post last year: “Hollis is brilliant; he realized there was a huge market
out there to exploit…. He was the first agency guy to figure it all out.” As
Tim Shorrock writes in his indispensable book, Spies for Hire, Helms
“became…notorious for recruiting new employees in the CIA cafeteria,” and was
asked to please stop. By 2008, the company was worth $65 million and had a
couple hundred former spooks on the payroll, according to Shorrock.
Among Helms’ first hires was Barry McManus, who
served as the CIA’s chief polygraph examiner for ten years and became Abraxas’
vice president of “Deception Detection Services”—a dubious but lucrative
product marketed to law enforcement and corporate managers who paid to be
trained in spotting dishonesty during interrogations and interviews. (The same
2011 Washington Post story reported that one of McManus’s first
purchases upon leaving the agency for Abraxas was a $160,000 black Maserati.)
Another notable hire was Richard Calder, a former deputy director of
administration at the CIA, who presided over a wave of outsourcing and
downsizing at the agency in the late 1990s. This trend, and the redirection of
resources away from human intelligence field officers and towards desk-bound
“intelligence analysts,” would lead one long-time CIA operative, Robert Baer,
to leave the agency and write a number of books blasting it as inefficient,
bureaucracy-laden and corrupted by political and monied interests. “Like the
rest of Washington, the CIA had fallen in love with technology,” Baer writes in
See No Evil: The True Story of a Ground Soldier in the CIA’s War on
Terrorism, describing how the agency failed to protect the nation from the
9/11 attackers. “The theory was that satellites, the Internet, electronic
intercepts, even academic publications would tell us all we needed to know
about what went on beyond our borders.”
But instead of heeding Baer’s call for more human
intelligence and better training for field operatives after 9/11, the CIA and
the intelligence community doubled down on outsourcing and technology. Enter
Abraxas—along with Booz Allen, Lockheed Martin, SAIC, and innumerable other
private corporations, which together constitute a shadowy world of
unaccountable and fabulously rich intelligence contractors. Today, nearly 5 million people in the United
States have a security clearance, many of whom are contractors working for the 1,900 or so private intelligence
corporations that collectively rake in billions of dollars of taxpayer money
every year. TrapWire is just one product in a sea of unaccountable, secretive,
private intelligence corporations.
So why the uproar?
TrapWire comprises three products that are marketed
to law enforcement, financial services corporations, the armed forces and
intelligence agencies. Its website lists them: TrapWire Critical
Infrastructure, TrapWire Community Member and TrapWire Law Enforcement.
TrapWire’s Critical Infrastructure program uses
existing surveillance cameras and license plate readers at military
installations, corporate complexes and other “high-value targets” to spot
security weaknesses, providing clients with “threat assessments” and advising
them on how best to plug any gaps in monitoring coverage.
TrapWire Community, according to the website,
“supports the online reporting of suspicious behavior by community members,
such as the iWatch programs in Los Angeles and Washington, DC, and See
Something Say Something in Las Vegas and New York.”
The TrapWire Law Enforcement program is the product
we know the least about. The firm says it “provides the ability to gather,
analyze and disseminate information about surveillance and logistical
activities occurring across an entire geographic region,” including areas
covered by the first two parts of the program. Data from the Critical
Infrastructure and Community programs feed a central TrapWire database, which
is searched for “pre-operational” terrorism indicators and then fed into the
Law Enforcement database. “The beauty of it is that we can protect an infinite
number of facilities just as efficiently as we can one,” Abraxas founder
Richard Helms has said of TrapWire.
But particularly given TrapWire’s reliance on
“suspicious activity reports” culled from cities across the nation, there is
reason to doubt these claims. A lot of the information in the system is
probably junk—and likely racially motivated junk, at that. As one study
by NPR and the Center for Investigative Reporting showed, suspicious activity
reports hardly ever led to useful law enforcement information. More often than
not, the study showed, the information is based on people’s fears of those they
perceive to be Arab or Muslim.
Integrating such unreliable citizen-submitted reports
with information from networked surveillance cameras and other, unknown data
inputs, TrapWire ultimately comes down to data-mining: deploying computer
algorithms to automatically sort through millions or billions of pieces of data
to reveal a pattern or problem so that human beings can investigate.
Data-mining is our information society’s answer to the problem posed by big
data, and it some cases—like in finance and credit card fraud—it works
remarkably well. The ubiquity of credit card fraud allows mathematicians to
develop models based on many diverse examples. So if someone who typically
charges under their credit limit over a couple of months suddenly maxes out a
card in one day, the system will likely flag it as a possible theft.
False-positive risks are low, and if a credit card company calls to say your
card has been stolen and is wrong, no one is hurt. In fact, you’ll probably be
happy to know the company is looking out for you. The company may then make an
adjustment to its algorithm to make it more accurate in the future.
But when it comes to terrorism prediction,
data-mining is an abject failure. Contrary to what the FBI will tell you, there
is simply no ‘playbook’ for terrorist attacks. They are very rare, often unique
events, executed by people from wildly different backgrounds, using wildly
different approaches and tools. And the risks for false-positives are extremely
serious, as any innocent detainee at Guantánamo Bay could tell you. Now that we
know the CIA is killing people in Yemen and Somalia using so-called “signature
strikes” that rely on pattern recognition to identify terrorists enclaves, the
deployment of data-mining for terrorist identification should be taken very
seriously. Here at home, you could end up on a no-fly list simply because you
have unorthodox habits, or bought a one-way ticket a few too many times. The
risks associated with this data-mining do not outweigh the costs, not least of
which is the utterly devastating effect it has on our personal privacy, as even
a 2008 report funded by the Department of Homeland Security concluded.
The most vexing gap in our knowledge about TrapWire
is what kinds of data inputs and back-end technologies it uses. We know that,
in addition to networked surveillance cameras and license plate readers, both
public and private, the company draws information from giant data brokers like
ChoicePoint—a company that sells dossiers on hundreds of millions of people,
you and me included, to whoever is paying. But does TrapWire get data from the
Department of Homeland Security’s databases too? Can the network access state
motor vehicle registry databases, effectively downloading face
recognition-ready “face prints” of every licensed driver in the United States?
Does it have access to the FBI’s criminal or wiretap and electronic intercepts
databases, which contain the private communications of tens of thousands of
people under federal investigation?
The fact that we know very little about how TrapWire
operates—even though most of the company’s clients are taxpayer-funded
organizations—cuts to the heart of the problem of outsourcing intelligence.
Since private corporations are not subject to public records law, there are
limited avenues by which we might learn more about what the firm’s technology
is really capable of. That, like many other thorny issues TrapWire raises, is a
problem that applies to all intelligence contractors. As more secrets are
farmed out to private corporations, the public loses twice: we pay more for the
privilege of being surveilled, and we lose crucial access to the very
transparency mechanisms that are supposed to keep the intelligence agencies in
check and operating within the rule of law.
We don’t need to know every detail about government
spying to know that we are on the wrong track. We are living in an era in which
the federal government claims it doesn’t need a warrant to read our e-mail, in
which the FBI admits to storing personal information on hundreds of millions of
law-abiding Americans in giant databases, just in case. Headlines from past few
months alone provide us with reason to be concerned about the state of
electronic monitoring, quite apart from TrapWire: a Sixth Circuit court
recently decided that we have no reasonable expectation of privacy when it
comes to our cellphones, ruling that the government doesn’t need a warrant to
track our real-time physical location. National Security Agency whistleblowers
say the military spy organization is sucking up all available digital
communications and financial information and storing them in massive databases,
just in case. An appeals court recently decided that we have no legal basis for
challenging this blatantly unconstitutional, “turnkey totalitarian state,” as
NSA whistleblower Bill Binney put it. The NYPD has embarked on its own TrapWire
of sorts, by teaming up with Microsoft to produce a “Domain Awareness System”
that it boasts can monitor vast swaths of Manhattan with cameras, databases,
license plate trackers and digital sensors. And in early September, hackers released
information they say proves the FBI stored the unique user identification
information of 12 million iPhone and iPad users, though the FBI denies it.
There appears to be nowhere to hide, TrapWire or no
Trapwire.
To fix the problem, Congress must bring the Bill of
Rights into the present, to begin to take back our Fourth Amendment rights
against rampant digital surveillance. Congressman Ed Markey (D-MA) has
circulated two draft
bills—one on drones and one on cellphone privacy—that we should all
support. One of them would simply require that police get a warrant to track us
via our mobile phones. The other would impose basic transparency and privacy
requirements on law enforcement agencies as they rush to populate our friendly
skies with surveillance drones—and would ban the use of armed drones
domestically. These are good first steps in what must become a mass movement
for privacy in the digital age.
“We are entering a brave new world,” Congressman
Markey said. “The time to implement privacy protections is now.”
No comments:
Post a Comment