The saga of the Trapwire surveillance system continues to bubble away at the fringes of the mainstream media here and in the US.
Trapwire, the product of a company by the same name, is a software tool designed to analyse multiple CCTV video feeds for certain patterns that might trigger alarms about, well, name your fancy — terrorism, common-or-garden street crime, legitimate political protest. It is one of many such pieces of software developed by IT vendors and the cyber security industry in the lucrative chase for War on Terror contracts.
What distinguished Trapwire recently, however, was the release by WikiLeaks of emails from the intelligence company Stratfor. Company vice-president and former State Department official Fred Burton enthusiastically spruiked the system to clients, colleagues and anyone who would listen for a commission. “We have the Pentagon, Big Army and the USMC on the system now,” Burton boasted in an email last year. And he claimed the system was being used in New York, Los Angeles and in Washington DC.
Much of this was spin for a product from a company trying to distinguish itself from the hundreds of other firms all pushing products to governments ever eager to extend their surveillance of their own citizens. For example, as Wired noted, New York Police Department said the system wasn’t used in New York City (in fact what the NYPD does have is the huge 55 Broadway surveillance operation ostensibly aimed at terrorism but seemingly designed mainly to protect Wall St). But the Stratfor emails unleashed a frenzy among activists, the online freedom community and the outright paranoid about the suggestion of a vast network gathering information from across the US and the world and “recognising” it.
Get Crikey FREE to your inbox every weekday morning with the Crikey Worm.
Some — myself included — immediately connected Trapwire to the US cybersecurity company Cubic, which had acquired the Abraxas corporation in 2009. Cubic has a worldwide presence, including as a defence contractor here in Australia, and as a successful tenderer for a public transport ticketing system in Sydney.
That was the hook that Asher Moses and Dylan Welch took at Fairfax in their piece headlined “Revealed: TrapWire spy cams’ ticket to Australia” last Monday:
“A shadowy private security company with deep links to the CIA – and a parent company awarded hundreds of millions of dollars in Australian government transport contracts – is operating a pervasive global surveillance and facial recognition network on behalf of law enforcement.
“Over the past few days the internet has been abuzz with revelations regarding TrapWire, an analytical system that integrates with surveillance cameras to capture photographs or video evidence of ‘suspicious activity’.
“TrapWire is owned by the multinational conglomerate, Cubic Corporation, which in 2010 signed a $370 million contract with the NSW Government to provide Sydney’s electronic ticketing system for public transport, based on the London Oyster card system.”
The problem was that, as many of us had missed, Cubic doesn’t own Trapwire — or at least claims not to. Welch and Moses had tried to confirm ownership of Trapwire with Cubic but received no response before deadline. But then Cubic released a statement denying any connection.
Fairfax promptly pulled the story offline, although for now it can still be seen via Google Cache.
This prompted its own mini-storm of speculation and criticism about why Fairfax had removed the story rather than correcting it. Given the headline about Cubic, and the focus of much of the story on Trapwire’s Australian connection via Cubic, a mere correction pointing out the lack of a connection with Cubic would have looked fairly silly, but Moses came in for some entirely unjustified criticism online over it, including with suggestions that Gina Rinehart had somehow managed to have the story removed.
But then there’s the issue of just how separate Cubic and Trapwire really are. When Cubic acquired Abraxas Corporation, the company that owned Trapwire, Abraxas Applications, wasn’t included in the deal. It changed its name to Trapwire. Cubic thus has never owned Trapwire. But two days after the Cubic denial, the Cryptome website unearthed that Trapwire shares not merely exactly the same Herndon, Virginia address as two other Abraxas-linked companies owned indirectly by Cubic, but at least one board member, Trapwire CEO Richard Helms, and a company secretary.
People like activist Barrett Brown have been trying to reignite mainstream media interest in the story ever since.
Cubic may not be being entirely forthright about the full nature of its links with Trapwire; that’s not particularly the issue. Nor is the fact that Trapwire itself, far from being an immediate precursor to a global panopticon, looks more like yet another over-hyped piece of security software. The broader issue is that governments and police forces — our governments and police forces — do want this sort of software, the sort that will enable them to convert CCTV in public places from a human-based monitoring and recording tool into a vast real-time addition to the datamining they already conduct.
To take the local example, under the two-year data retention proposal for which Labor is currently “seeking views”, police would be able to not merely track your general movements using mobile phone geolocation data and know who you have called and received calls from, but also know every website you’ve visited; this could eventually be coupled with information gleaned from CCTV via facial recognition software about what you were doing in a specific public place, even if you’d left your phone at home. If it’s not Trapwire it will, at some point in coming years, be another system from a luckier cybersecurity contractor.
And because these companies operate across large areas of government activity in our ever-more outsourced world of public services, the opportunities for connecting information up even if governments are not already predisposed to do it will become ever-greater. That parent company with the “pattern recognition” software for CCTV might indeed have your bus ticket and credit card details and know when and where you use public transport via another company. As these companies know very well, small amounts of personal information aren’t especially valuable, but in aggregate, they’re a vast treasure trove. So do hackers.
That’s why Trapwire is important. That’s why Fairfax’s journalists were right to run the story in the first place, even if the Cubic link was a problem. That’s why systems like Trapwire deserve constant exposure.
Update: Crikey understands that Richard Helms, CEO of Trapwire, is no longer an Abraxas board member.