CEO Perspective: CSO Todd McDermott – “Trust is the Essence of Security”

Privacy protection, security, and serving the needs of diverse “masters” ranging from the communications service provider (CSP) subject to CALEA compliance, to the law enforcement agency (LEA) relying on rapid response to a lawful intercept court order — all fall within the domain of Subsentio’s Security Department.

Subsentio President and CEO Steve Bock examines this broad array of responsibilities with our new Chief Security Officer Todd McDermott, whose career spans lawful intercept technology development and engineering, close liaison with LEAs and CSPs, and international standards-setting as an honored member of the Royal Canadian Mounted Police.

Bock: I’m well familiar with your work at Subsentio, but for the benefit of our readers please re-cap your job responsibilities as Chief Security Officer.

McDermott: As CSO my major role is responsibility for the Law Enforcement Liaison Division at Subsentio. Our work relates to the targeted surveillance activities that Subsentio undertakes as a Trusted Third Party to ensure that our clients meet their CALEA compliance requirements, and that Subsentio responds in a timely fashion to meet the needs of LEAs investigating criminal and terrorist activities. My background, and that of our expert team, come into play every day.

Our success hinges on understanding the needs of our clients, a working knowledge of law enforcement – from local police departments up to the FBI – and thorough familiarity with current technology solutions as well as those in development that might dramatically change the face of this business. The work is exciting and challenging. I feel that I am able to continue my contribution to Law Enforcement and assisting in investigations.

Bock: That’s a huge job. Is there one part of it that you consider your top priority?

McDermott: No question — Job #1 is setting up lawfully-authorized intercepts and liaising with service providers and LEAs quickly and accurately to meet the needs of law enforcement.

Bock: Your commitment to supporting law enforcement provides a natural transition to talking about your background. You spent many years as a member of the Royal Canadian Mounted Police. What did you do there and how did it help shape your career?

McDermott: My last job with the “RCMP” was as Officer in Charge of the Engineering Branch, Technical Operations. It was a fantastic opportunity that exposed me to nearly every aspect of the communications intelligence field. I managed seven units, with full responsibility for R & D, and support for technical aspects of all electronic surveillance solutions conducted by the RCMP throughout Canada. Before that I managed the development of new electronic surveillance tech spanning communications intercept, recording systems and devices, listening devices, tracking devices and video surveillance systems.

Among the most valuable experiences was my work in understanding CALEA standards and how they impact Canada. The work involved close liaison with U.S. law enforcement, as well as with equipment manufacturers such as Nortel, formerly one of the largest network switch manufacturers in the world. In other words, it meant understanding not only what the standards were meant for, but how they were put to work in network hardware of all types. Given the time spent in this assignment I was chosen to represent the Government of Canada in the development of LAES standards such as the original J-STD-025. Quite an honor!

Bock: So that even as a Canadian “Mountie,” you weren’t exactly a stranger to CALEA?

McDermott: Far from it, in fact, just the opposite on at least two fronts. Canada has long enjoyed a very tight relationship with U.S. law enforcement that benefits both nations. Even though CALEA is U.S. law and Canada has its own lawful intercept legislation, the capabilities associated with CALEA were very influential north of the border. Furthermore, the two countries’ telecommunications systems are also closely aligned on network technologies and architecture, and have been for decades. To Canadian law enforcement, a deep understanding of common network knowledge and CALEA is almost second nature.

Bock: Let’s jump back for a moment. Your comment on video surveillance caught my attention. Here in the States, public interest in lawful intercept tends to focus on interception of “voice and data” communications content and metadata. In your view, how important is video in the lawful intercept arena?

McDermott: When you consider that 64 percent of global consumer Internet traffic is video and the number is expected to climb to 80 percent in 2019, it is extremely important, and interception of the right video can be a real plus to an investigation. But there are challenges. Commercial broadcast video such as the traffic from Netflix is embedded in broadband by CSPs, consumes huge amounts of bandwidth, yet provides limited to no value to the LEAs’ investigations. Trying to capture every bit of data — and we’re talking terabytes here — places an overwhelming cost and resource burden on LEAs from the standpoints of storage and analysis.

For these reasons I have long been a proponent of allowing filters that separate commercial broadband video from peer-to-peer video traffic which can be used for criminal enterprise.

Such filters would single out targets by, for example, source IP address, and include a toggle that allows the user to switch the system on or off for the capturing of this information. The UK has laws that permit such filtering, and they are an absolute boon to law enforcement investigators. The U.S. should follow suit and relieve the strain on LEAs’ capacity to keep pace with today’s indiscriminate flood of commercial video, and help them isolate only the video data they want and need.

Bock: Speaking of capacity, let’s turn to our own for a moment. How do CSPs’ ramp-up of network capacity, growth and speed create fresh challenges for lawful intercept solutions and TTPs?

McDermott: As far as Subsentio is concerned, the surge in network speeds and new broadband services is totally manageable. We have a robust product portfolio that includes equipment designed to operate at the network’s core, or at the edge. We are also looking at cloud-based solutions that offer new economies of scale. Whichever route the client goes and however demanding the court order or circumstance of the target, Subsentio strives to ensure there is no impact to the lawful intercept as an offshoot of faster network speeds. Furthermore, as mentioned previously, if the laws change to allow filtering it will help address the complexities associated with higher speeds and higher bandwidths. The technology and capabilities that Subsentio has will be able to deal with these challenges and, if allowed, take advantage of filtering.

Bock: Let’s turn to a subject on everybody’s mind these days: security versus cyber intrusion. What is your take on this issue?

McDermott: It goes without saying that cybersecurity is paramount to a company in our business. In that regard, Subsentio’s record on maintaining strict confidentiality of sensitive data, including both lawful intercept and staff data, is without peer. For obvious reasons, we can’t disclose all the methods that Subsentio uses to maintain comprehensive security around this data. Suffice it to say that we deploy significant safeguards including encryption, restricted access and other measures. Just how strict are the rules? Even I, the CSO, do not access this data.

For a Trusted Third Party such as Subsentio, there are always at least two main drivers of cybersecurity. One objective is to protect the integrity and confidentiality of lawful intercept data so that it can used by investigators and shown that it has not been compromised, and also ultimately be entered in court as valid evidence. The second, equally important goal is to always to protect the privacy of the individual.

Bock: I’m glad you mention that. Isn’t privacy a mainstay of CALEA — albeit one that is commonly overlooked in the media and by privacy advocates?

McDermott: Privacy protection is a cornerstone of CALEA. Even in 1994 when the law was enacted, well before cyberattacks became common front page news, the U.S. Congress had the wisdom to include a special section outlining rules and guarantees of privacy protection.

The most fundamental protection is that lawful intercepts are strictly confined to the target, and the data intercepted must remain confidential in the hands of the LEA. Trusted Third Parties are allowed to reference a lawful intercept only in “generic format,” without naming the individual target involved, the communications service provider, the location or the LEA. The rules do not allow exceptions. So, as odd as it might sound, CALEA even protects the privacy of suspects and potential terrorists under investigation by court order.

Bock: That focus on privacy is a key platform in Subsentio’s philosophy of building trust. How does this characteristic play out with Subsentio’s clients and their customers?

McDermott: Trust is implicit to the role of the TTP. If we couldn’t demonstrate our integrity by stressing a strong commitment to privacy in all our relationships, we wouldn’t belong in this business. Trust is the essence of security and the heart of Subsentio’s value proposition.