Feeds

Spooks' favourite IT firm tells Reg readers to grow up

Time for mature chat on privacy

Combat fraud and increase customer satisfaction

Detica managing director Martin Sutherland wants to have a privacy debate with you, but reckons you need to grow up a bit first.

As boss of the UK intelligence establishment's favourite IT contractor - now part of the UK defence establishment's favourite megacorp, BAE Systems - he's well aware of the tension between what's possible and what's acceptable given the glut of communications, identity and surveillance data available, or on its way.

But he says the "immature" privacy debate is too focused on the fact that new databases are being populated. What matters in terms of privacy, according to Detica, is how they're used.

Martin Sutherland

Sutherland, who joined Detica in 1996 and came up through its secret government contracts, took over the reins in October, after long-time CEO Tom Black cashed out shares worth more than £24m in the BAE swoop. El Reg met him at a get-together for national security agencies earlier this month, where he was fresh from hosting Gordon Brown and the national cybersecurity strategy launch at the firm's Guildford HQ.

"The debate should be about how you process the data," Sutherland said. "The best computers can do is find patterns in large volumes of data."

Detica is busily pushing its NetReveal software, which analyses in large datasets and flags unusual or suspicious patterns. Rather than discuss such data mining by MI5, MI6 and GCHQ - his firm's three core clients - in public Sutherland prefers to talk about fraud detection in the insurance industry.

In a simplistic but real example, he said, the software noticed two people separately reported their cars, registered at the same address, had been damaged at the same time. Investigators established they had conspired to defraud the insurance companies, who pool data for fraud detection. Sutherland said detection rates have improved tenfold thanks to Detica's software.

That such techniques could be powerfully applied to to the Interception Modernisation Programme's forthcoming massive databases of communications data is obvious. The Register understands Detica has already won a contract to provide analysis to GCHQ.

Sutherland said the ability to screen massive databases automatically "means less surveillance", because it enables human investigators to work in a more targeted way. "The privacy debate needs to become more sophisticated," he said. "People are too focused on collection."

In a defence of data-mining, he said: "Where investigations are directed in a more focussed way it means members of the public will not be investigated unnecessarily. By identifying potential targets based on anomalies and hypotheses rather than starting with the individual, it helps balance security and privacy concerns."

Not all Detica's government data farming work is secret. It is closely involved in the Home Office's e-Borders programme, responsible for checking passenger lists against domestic and international watchlists - "relatively simple stuff", Sutherland said.

He was more proud that the Prime Minister had chosen Detica to launch the UK government's first cyber security strategy, highlighting its network security work. "The UK does have a world class player in this field," he said.

The firm plans to export its expertise, particularly to the US, a primary reason BAE stumped up £531m. The rapid rise of national cyber security (and attack) up the political agenda this year has been greeted with glee in Guildford, we gather.

Sutherland and his head of security and risk David Porter reported that Detica's R&D department is working on network defence technology - suitable for commercial and government applications - that it says will be able to tackle novel attacks. The "next generation" of security, they said, will be able to deal with viruses, DDoS techniques and trojans that have never been analysed.

It's an ambitious goal, but there's no shortage of ambition at Detica. Asked who his rivals were in the emerging international government cybersecurity market, Sutherland replied "Lockheed. Raytheon." With opposition like that, it's understandable the cries of privacy advocates at home might seem "immature". ®

SANS - Survey on application security programs

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.