Feeds

Spooks' favourite IT firm tells Reg readers to grow up

Time for mature chat on privacy

Secure remote control for conventional and virtual desktops

Detica managing director Martin Sutherland wants to have a privacy debate with you, but reckons you need to grow up a bit first.

As boss of the UK intelligence establishment's favourite IT contractor - now part of the UK defence establishment's favourite megacorp, BAE Systems - he's well aware of the tension between what's possible and what's acceptable given the glut of communications, identity and surveillance data available, or on its way.

But he says the "immature" privacy debate is too focused on the fact that new databases are being populated. What matters in terms of privacy, according to Detica, is how they're used.

Martin Sutherland

Sutherland, who joined Detica in 1996 and came up through its secret government contracts, took over the reins in October, after long-time CEO Tom Black cashed out shares worth more than £24m in the BAE swoop. El Reg met him at a get-together for national security agencies earlier this month, where he was fresh from hosting Gordon Brown and the national cybersecurity strategy launch at the firm's Guildford HQ.

"The debate should be about how you process the data," Sutherland said. "The best computers can do is find patterns in large volumes of data."

Detica is busily pushing its NetReveal software, which analyses in large datasets and flags unusual or suspicious patterns. Rather than discuss such data mining by MI5, MI6 and GCHQ - his firm's three core clients - in public Sutherland prefers to talk about fraud detection in the insurance industry.

In a simplistic but real example, he said, the software noticed two people separately reported their cars, registered at the same address, had been damaged at the same time. Investigators established they had conspired to defraud the insurance companies, who pool data for fraud detection. Sutherland said detection rates have improved tenfold thanks to Detica's software.

That such techniques could be powerfully applied to to the Interception Modernisation Programme's forthcoming massive databases of communications data is obvious. The Register understands Detica has already won a contract to provide analysis to GCHQ.

Sutherland said the ability to screen massive databases automatically "means less surveillance", because it enables human investigators to work in a more targeted way. "The privacy debate needs to become more sophisticated," he said. "People are too focused on collection."

In a defence of data-mining, he said: "Where investigations are directed in a more focussed way it means members of the public will not be investigated unnecessarily. By identifying potential targets based on anomalies and hypotheses rather than starting with the individual, it helps balance security and privacy concerns."

Not all Detica's government data farming work is secret. It is closely involved in the Home Office's e-Borders programme, responsible for checking passenger lists against domestic and international watchlists - "relatively simple stuff", Sutherland said.

He was more proud that the Prime Minister had chosen Detica to launch the UK government's first cyber security strategy, highlighting its network security work. "The UK does have a world class player in this field," he said.

The firm plans to export its expertise, particularly to the US, a primary reason BAE stumped up £531m. The rapid rise of national cyber security (and attack) up the political agenda this year has been greeted with glee in Guildford, we gather.

Sutherland and his head of security and risk David Porter reported that Detica's R&D department is working on network defence technology - suitable for commercial and government applications - that it says will be able to tackle novel attacks. The "next generation" of security, they said, will be able to deal with viruses, DDoS techniques and trojans that have never been analysed.

It's an ambitious goal, but there's no shortage of ambition at Detica. Asked who his rivals were in the emerging international government cybersecurity market, Sutherland replied "Lockheed. Raytheon." With opposition like that, it's understandable the cries of privacy advocates at home might seem "immature". ®

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.