Feeds

Spooks' favourite IT firm tells Reg readers to grow up

Time for mature chat on privacy

SANS - Survey on application security programs

Detica managing director Martin Sutherland wants to have a privacy debate with you, but reckons you need to grow up a bit first.

As boss of the UK intelligence establishment's favourite IT contractor - now part of the UK defence establishment's favourite megacorp, BAE Systems - he's well aware of the tension between what's possible and what's acceptable given the glut of communications, identity and surveillance data available, or on its way.

But he says the "immature" privacy debate is too focused on the fact that new databases are being populated. What matters in terms of privacy, according to Detica, is how they're used.

Martin Sutherland

Sutherland, who joined Detica in 1996 and came up through its secret government contracts, took over the reins in October, after long-time CEO Tom Black cashed out shares worth more than £24m in the BAE swoop. El Reg met him at a get-together for national security agencies earlier this month, where he was fresh from hosting Gordon Brown and the national cybersecurity strategy launch at the firm's Guildford HQ.

"The debate should be about how you process the data," Sutherland said. "The best computers can do is find patterns in large volumes of data."

Detica is busily pushing its NetReveal software, which analyses in large datasets and flags unusual or suspicious patterns. Rather than discuss such data mining by MI5, MI6 and GCHQ - his firm's three core clients - in public Sutherland prefers to talk about fraud detection in the insurance industry.

In a simplistic but real example, he said, the software noticed two people separately reported their cars, registered at the same address, had been damaged at the same time. Investigators established they had conspired to defraud the insurance companies, who pool data for fraud detection. Sutherland said detection rates have improved tenfold thanks to Detica's software.

That such techniques could be powerfully applied to to the Interception Modernisation Programme's forthcoming massive databases of communications data is obvious. The Register understands Detica has already won a contract to provide analysis to GCHQ.

Sutherland said the ability to screen massive databases automatically "means less surveillance", because it enables human investigators to work in a more targeted way. "The privacy debate needs to become more sophisticated," he said. "People are too focused on collection."

In a defence of data-mining, he said: "Where investigations are directed in a more focussed way it means members of the public will not be investigated unnecessarily. By identifying potential targets based on anomalies and hypotheses rather than starting with the individual, it helps balance security and privacy concerns."

Not all Detica's government data farming work is secret. It is closely involved in the Home Office's e-Borders programme, responsible for checking passenger lists against domestic and international watchlists - "relatively simple stuff", Sutherland said.

He was more proud that the Prime Minister had chosen Detica to launch the UK government's first cyber security strategy, highlighting its network security work. "The UK does have a world class player in this field," he said.

The firm plans to export its expertise, particularly to the US, a primary reason BAE stumped up £531m. The rapid rise of national cyber security (and attack) up the political agenda this year has been greeted with glee in Guildford, we gather.

Sutherland and his head of security and risk David Porter reported that Detica's R&D department is working on network defence technology - suitable for commercial and government applications - that it says will be able to tackle novel attacks. The "next generation" of security, they said, will be able to deal with viruses, DDoS techniques and trojans that have never been analysed.

It's an ambitious goal, but there's no shortage of ambition at Detica. Asked who his rivals were in the emerging international government cybersecurity market, Sutherland replied "Lockheed. Raytheon." With opposition like that, it's understandable the cries of privacy advocates at home might seem "immature". ®

3 Big data security analytics techniques

More from The Register

next story
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
APPLE FAILS to ditch class action suit over ebook PRICE-FIX fiasco
Do not pass go, do cough (up to) $840m in damages
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.