Spooks' favourite IT firm tells Reg readers to grow up

Detica managing director Martin Sutherland wants to have a privacy debate with you, but reckons you need to grow up a bit first.

As boss of the UK intelligence establishment's favourite IT contractor - now part of the UK defence establishment's favourite megacorp, BAE Systems - he's well aware of the tension between what's possible and what's acceptable given the glut of communications, identity and surveillance data available, or on its way.

But he says the "immature" privacy debate is too focused on the fact that new databases are being populated. What matters in terms of privacy, according to Detica, is how they're used.

Sutherland, who joined Detica in 1996 and came up through its secret government contracts, took over the reins in October, after long-time CEO Tom Black cashed out shares worth more than £24m in the BAE swoop. El Reg met him at a get-together for national security agencies earlier this month, where he was fresh from hosting Gordon Brown and the national cybersecurity strategy launch at the firm's Guildford HQ.

"The debate should be about how you process the data," Sutherland said. "The best computers can do is find patterns in large volumes of data."

Detica is busily pushing its NetReveal software, which analyses in large datasets and flags unusual or suspicious patterns. Rather than discuss such data mining by MI5, MI6 and GCHQ - his firm's three core clients - in public Sutherland prefers to talk about fraud detection in the insurance industry.

In a simplistic but real example, he said, the software noticed two people separately reported their cars, registered at the same address, had been damaged at the same time. Investigators established they had conspired to defraud the insurance companies, who pool data for fraud detection. Sutherland said detection rates have improved tenfold thanks to Detica's software.

That such techniques could be powerfully applied to to the Interception Modernisation Programme's forthcoming massive databases of communications data is obvious. The Register understands Detica has already won a contract to provide analysis to GCHQ.

Sutherland said the ability to screen massive databases automatically "means less surveillance", because it enables human investigators to work in a more targeted way. "The privacy debate needs to become more sophisticated," he said. "People are too focused on collection."

In a defence of data-mining, he said: "Where investigations are directed in a more focussed way it means members of the public will not be investigated unnecessarily. By identifying potential targets based on anomalies and hypotheses rather than starting with the individual, it helps balance security and privacy concerns."

Not all Detica's government data farming work is secret. It is closely involved in the Home Office's e-Borders programme, responsible for checking passenger lists against domestic and international watchlists - "relatively simple stuff", Sutherland said.

He was more proud that the Prime Minister had chosen Detica to launch the UK government's first cyber security strategy, highlighting its network security work. "The UK does have a world class player in this field," he said.

The firm plans to export its expertise, particularly to the US, a primary reason BAE stumped up £531m. The rapid rise of national cyber security (and attack) up the political agenda this year has been greeted with glee in Guildford, we gather.

Sutherland and his head of security and risk David Porter reported that Detica's R&D department is working on network defence technology - suitable for commercial and government applications - that it says will be able to tackle novel attacks. The "next generation" of security, they said, will be able to deal with viruses, DDoS techniques and trojans that have never been analysed.

It's an ambitious goal, but there's no shortage of ambition at Detica. Asked who his rivals were in the emerging international government cybersecurity market, Sutherland replied "Lockheed. Raytheon." With opposition like that, it's understandable the cries of privacy advocates at home might seem "immature". ®