back to article Deloitte flags risks of UK child database

A security review by Deloitte of one of the UK government's child databases - ContactPoint, which will contain an entry for every English child under 18 - has found it is generally secure. With some provisos. Deloitte makes a timely reminder to a government convinced that securing databases is simply a technical problem: "Risk …

COMMENTS

This topic is closed for new posts.
Flame

Yeah right

So that's no CD/DVD glued up USB and FireWire slots, no floppies no card reader/writer, no insecure OS' and competent civil servants.

Yeah I can just see that happening :(

0
0
Heart

Quite wrong

No no, Deloitte has it wrong. I distinctly remember Blunkett's pronouncement that the government's ID database would be impregnable because of "biometrics". Oh yes. No worries there.

0
0
Thumb Down

I don't believe it.

"More positively, the review found information security had "been ingrained" within people, processes, policy development, requirements definition and architecture."

So this *particular* Government department has security "ingrained" while the rest (and HMRC in particular) appear to be clueless.

Unlikely!

0
0

What you forgot to mention...

...is that the government is refusing to publish the detailed findings of the Deloitte report on the grounds that if they did so people might use that information to target the database.

Clearly someone in Whitehall thinks that security through obscurity is still a reasonable argument.

0
0
Anonymous Coward

Surely children have nothing to hide?

So they've nothing to fear?

0
0
Silver badge
Thumb Down

@ Mike Richards

More to the point, their refusal to publish the detailed findings on those grounds is a tacit admission that security is far from being "ingrained".

0
0
Silver badge

@security through obscurity is still a reasonable argument.

I can't believe you rehashed that old argument. It's been proven that Open Source products are just as vulnerable as anything else. Some people just won't let it go,

0
0
Linux

Numpties with the keys to the door

It doesn't matter how secure the database is, the data centre it's lccated in is or the network it's connected to is, if they give every numpty Tom, Dick or Harriet the keys to the door and the last I heard, they pretty much are.

Paris 'cos even she's likely to get access to the data.

0
0
Heart

@ Solomon Grundy

Haha. Nice one. You're joking, right? Friday afternoon, have a laugh... no?

"It's been proven". Oh well that's alright then.

0
0
Unhappy

oh well

Speaking as one who works in the children's services arena, I was hoping Deloitte would kill Contact Point. The concept is good and beneficial, but I fear the execution will lead to a major disaster.

Of course that's supposing Deliotte were totally impartial!

0
0
Gold badge
Coat

On how many CDs does this DB fit?

I can see clearly now, the brain has gone..

Now, let's just imagine the National Audit Office asks for an extract. I know it's fanciful as a scenario, but just imagine some git decides that's too much like hard work and sends the whole database.

Could be quite hot property for your average pedophile, no?

WHich reminds me, I heard this rumour about another couple of CDs. If I recall correctly this was identifying addresse where children reside. Nothing to worry about then, I guess. It will just take one hell of a good day to bury that bad news..

/// P ///

0
0
MGJ
IT Angle

Compare It To The Paper

What Deloitte's should be comparing the system to is the current paper and unconnected databases that cover children's details. What are the controls on access to paper files in SW offices like? Does every access get logged and monitored and could it be controlled? Who has access to the relevant SW, police, education databases and can do searches across them for proper data matches to identify risks to children from the sort of patterns that professionals recognise? Do the benefits of that in catching abuse and risks to young people outweigh the downsides which presumably Deloitte's did identify (unauthorised use or access, elevated access, fishing exercises) that can't happen at the moment, or was this just a White Hat penetration test

0
0
Silver badge

What's the problem?

Of course it's perfectly secure. Deliotte has firmly assured us that it is entirely safe for the government to pay lots and lots of money to implement the system. Most of the money going to consultants such as ... oh look, guess who.

0
0
This topic is closed for new posts.

Forums