Feeds

Spooks' favourite IT firm tells Reg readers to grow up

Time for mature chat on privacy

Security for virtualized datacentres

Detica managing director Martin Sutherland wants to have a privacy debate with you, but reckons you need to grow up a bit first.

As boss of the UK intelligence establishment's favourite IT contractor - now part of the UK defence establishment's favourite megacorp, BAE Systems - he's well aware of the tension between what's possible and what's acceptable given the glut of communications, identity and surveillance data available, or on its way.

But he says the "immature" privacy debate is too focused on the fact that new databases are being populated. What matters in terms of privacy, according to Detica, is how they're used.

Martin Sutherland

Sutherland, who joined Detica in 1996 and came up through its secret government contracts, took over the reins in October, after long-time CEO Tom Black cashed out shares worth more than £24m in the BAE swoop. El Reg met him at a get-together for national security agencies earlier this month, where he was fresh from hosting Gordon Brown and the national cybersecurity strategy launch at the firm's Guildford HQ.

"The debate should be about how you process the data," Sutherland said. "The best computers can do is find patterns in large volumes of data."

Detica is busily pushing its NetReveal software, which analyses in large datasets and flags unusual or suspicious patterns. Rather than discuss such data mining by MI5, MI6 and GCHQ - his firm's three core clients - in public Sutherland prefers to talk about fraud detection in the insurance industry.

In a simplistic but real example, he said, the software noticed two people separately reported their cars, registered at the same address, had been damaged at the same time. Investigators established they had conspired to defraud the insurance companies, who pool data for fraud detection. Sutherland said detection rates have improved tenfold thanks to Detica's software.

That such techniques could be powerfully applied to to the Interception Modernisation Programme's forthcoming massive databases of communications data is obvious. The Register understands Detica has already won a contract to provide analysis to GCHQ.

Sutherland said the ability to screen massive databases automatically "means less surveillance", because it enables human investigators to work in a more targeted way. "The privacy debate needs to become more sophisticated," he said. "People are too focused on collection."

In a defence of data-mining, he said: "Where investigations are directed in a more focussed way it means members of the public will not be investigated unnecessarily. By identifying potential targets based on anomalies and hypotheses rather than starting with the individual, it helps balance security and privacy concerns."

Not all Detica's government data farming work is secret. It is closely involved in the Home Office's e-Borders programme, responsible for checking passenger lists against domestic and international watchlists - "relatively simple stuff", Sutherland said.

He was more proud that the Prime Minister had chosen Detica to launch the UK government's first cyber security strategy, highlighting its network security work. "The UK does have a world class player in this field," he said.

The firm plans to export its expertise, particularly to the US, a primary reason BAE stumped up £531m. The rapid rise of national cyber security (and attack) up the political agenda this year has been greeted with glee in Guildford, we gather.

Sutherland and his head of security and risk David Porter reported that Detica's R&D department is working on network defence technology - suitable for commercial and government applications - that it says will be able to tackle novel attacks. The "next generation" of security, they said, will be able to deal with viruses, DDoS techniques and trojans that have never been analysed.

It's an ambitious goal, but there's no shortage of ambition at Detica. Asked who his rivals were in the emerging international government cybersecurity market, Sutherland replied "Lockheed. Raytheon." With opposition like that, it's understandable the cries of privacy advocates at home might seem "immature". ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.