Regarding the following "Publicly available staffing figures from education authorities, the NHS, social services and other organisations show that more than one million government employees will have access to ContactPoint."

Within each organisation the Users who are required to access contactpoint are selected on a strict critiea, its not just going to be given to all staff at a GP's surgery. Probably only the GPs themselves, Office staff and lower level practitioners will not have access.

Not all staff in educatiuon will have access, not all teachers in a school, only the child protection co-ordinator will have (normally just one or two teachers)

To raise this as an issue is missing the point as its not true....

Incorrect.

What you mean is the CP Co. will have access, the IT Manager and tech team will have access when the front end fails and needs to be fixed, and some student will have access when the CP Co. leaves their station unlocked, logged in, and goes to pick up a print out from another room. I've seen and been a part of sorting out the aftermath of all three, albeit with a different system.

Even if this database WAS a good idea, the fact that the people with access to this information are often not technically minded will cause issues that cannot be predicted or protected against. Security will give way to useability, and something will go wrong.

"Not all staff in educatiuon will have access, not all teachers in a school, only the child protection co-ordinator will have (normally just one or two teachers)"

In a primary school at least I'd assume that have to attend interagency case conferences (ie between teachers, social services and medical staff etc) would require access to the database as presumably this is where the rssults of these meetings will be documented and tracked. Even if they don't have to go to the meetings but review and fill in paper work would presumably need access. My wife is a primary teacher and I know that she attends these meetings for the children in her class. Obviously the head and deputy will need access as they too deal with interagency meetings as will the Special Educational Needs coordinator. Optimistically it may be limitted so that class teachers only gain access while they have a pupil on the list but realistically (at least in my wife's school) that is likely to be all the teaching staff. I'm guessing in a secondary school it may 'just' be limitted to heads, deputies, head of years and form tutors.

The current system doesn't work, my wife has only just found out that one of the children in her class is on the At Risk Register (meaning that seeing the child daily she should be watching out for suspicious behaviour, bruising etc and potentially if she failed to spot and report 'obvious signs of abuse' she'll probably be the sacrificial goat after the great newspaper inquisition after a child abuse death). The only reason she found out was through an accidental comment. If this (massively intrusive and over reaching) database existed at the start of each year (and probably throughout it) she'd need to check every child in her class to make sure they weren't on the database, that or risk being on the end of a headline "Teacher failed to protect child".

I don't like it, she won't like it but if we have the database practicioners will have to use it or be accused by the public (and lazy headline writers) that it was them who failed to do their duty and they let the child die.

Just one million? I can see that figure rising personally.

Why is it necessary for ANYONE outside the immediate area where a child lives to have access to that childs data?

The government seems to have a 1960s view of computers - one vast computer that everybody accesses. Far better to distribute the data to locations close to where it will be used.

Access is controlled via Government Gateway. Yes, the one which was partially compromised by the loss of a USB stick a couple of weeks ago.

Hopefully nobody created a bunch of logins and enrolled them into Contactpoint to give them full access to this information whilst bypassing the checks which would normally be part of enrollment.

/ *crosses fingers and hopes*

@What Rubbish

So how many GP's are there? How many teachers? How many Police?

If we were really so foolish as to just take the totals in each category and lump them together we would be being about as foolish as, well, a government spokesperson on the subject.

Official figures suggest around 190k GP's in the UK. Not all in England, so we downweighted those. And you honestly think not a single member of the Practice Admin would have access?

Despite the fact that the legislation apparently allows osteopaths to access ContactPoint we estimated that number would be nil or negligible.

Ditto chiropractors.

Midwives. 40,000. Do you think a significant proportion of THEM would have access to the system?

Police. Another 180,000 or so. We think most of them would have access - but in the absence of a government line, we can't be sure. And ACPO think a fair number of support staff would definitely have access.

Teachers. Almost 800,000. We certainly don't think all of them will have access. Only a very small proportion.

Social Workers. 80,000. We didn't include all of those either.

Now. I know what the government spin is about selected staff having access. The question really is just how selective the access is going to be and, where access is restricted, whether the two people in the office with access will be happy to have their work constantly disrupted by other staff asking them to carry out checks for them.

But please: look at the categories the legislation allows to have access. Tot them up. And then honestly say you believe the government figure of 330k.

Clue: the total number of individuals falling within the categories listed in the legislation is c. 3 million.

What makes you think that only 10% of them will have access, as opposed to a third?

Boffin, cause I'm wearing my statistician hat today.

I work for a certain government agency but am employed by an employment agency.

I have not had a CRB check or any security checks.

All that stops me from using my full access to a very large government database containing huge amounts of very personal (and, to a criminal, valuable) data is my contract, which I would breach if I decided to download it all onto a USB stick and, say, leave it on a train.

Is this the type of security they are talking about?

Judging by previous government records with data, there'll be a whole lot more people able to access the database, and not many of them will be official...

I think it should be compulsary that everyone who 'could conceivably' manage to obtain access to any of this information should first undergo unrestricted and extensive criminal record checks, enhanced disclosure and in depth psychological profiling. The two that make it through this selection process can then each be issued with a CDRom to leave on the train.

Some other child won't get picked up by the system and access to the database will be expanded to include more people, its usage will become easier and security will go out the window.

Finally some novice case worker will leave their laptop on a train with the access to the wifi enabled VPN open to the system for all to access.

The tomb stone marks the last resting place of personal privacy.

it does raise an interesting question, is a system totally secure if one person is prevented from accessing it? you just say that everyone else is allowed...

Oh, and the data cannot be downloaded or exported to a CDROM, USB stick or laptop..

Its all based on line and in most cases accessed via the organisations own case management system.

listening to the sound of everyone jumping on the "invasion of privacy" bandwagon without having any knowledge of how the system will be used or by who. Without any knowledge of the way data on vulnerable children is handled now and without knowledge of child protection procedures and the issues surrounding them"

Does anyone here really believe there is only one database?

What about system test; user acceptance test; and the inevitable full-scale volume test databases. Many of these stay around a lot longer than you would imagine.

Live data also gets recorded in real performance test script executions.

The mere existence of a monolith database inevitable means a single point of failure. I am in agreement with others, when did the idea of decentralised systems cease to become valid?

PH, because her performance gets rated daily !

(1) they don't have it on CD any more....it's on my DVD....err, it's on A DVD; yeah, that's it.

(2) You think your local council isn't already looking at this to make sure you're not abusing your sprog by sending them to the wrong school in the first place?

(3) How will they ever tell one child from another without some form of rock-solid ID...like, say, maybe an ID card...Eureka, what an idea. Each child will have their own ID card for THEIR PROTECTION.

(4) Of course, you will have to have your own ID card just to prove you are the child's parent(s) - no big deal; it's already in the works.

(5) Trust me, I know what I'm doing (this is your government speaking).

Of course as I have spent many years working with IT, Social Services and Education professionals, I know that everything the government says is true and anyone that tries to disabuse that (like this article) is clearly rubbish.

It is inherently safe, there is no need to worry about anyone having access to the information, its not like they could abuse it to take children away from families for some spurious reason....

could they?

It just takes one bad apple or one incompetent to "leak" the data out of this system. Once it's leaked, it's out there for the entire duration of several million childhoods. And it's an absolute goldmine for paedophile predators. If a million people have access, somewhere between ten and a hundred will themselves be paedophiles, and perhaps ten times that number so venal that they'll sell data to anyone who pays without a second thought.

Criminal records checks? No good, they haven't been caught yet so they don't have records. Catching them after the "big leak" event is too late. So for God's sake and our children's safety, kill this database before a single byte is stored in it!

Even if the lowest figure is taken its still far far too many to keep safe ..........the government proves time and again it is incapable of handling computer related projects........

We have to ask ourselves why use a computer at all ??? will it save a life for example ???

well take this recent case of the horrific murder would that child be alive if we had a database....i doubt it....

i can see no good reasoned argument for it being built and as with all computer projects it needs constant upgrading.....going through all the current projects they will cost in the region of £100Bn over the next 10 years i dont think thats money well spent for the stated aims.....

>> No they wont, IT staff will not have access, only working, approved practioners.

Ha ha ha ha ha ha ha ha ha ha ha ha ha ha

How can they fail to protect a child they know about? Easily, because they don't really want to. The Supreme Goal is to keep families together,and if that means the occasional toddler kicked to death, it's a price worth paying.

It's the very lack of knowledge of who will have access and on what basis, allied to the insanely disproportionate scope of inclusion which is the problem with ContactPoint. "The way data on vulnerable children is handled" is barely even relevant to the implementation of a database which will contain records for every single child in the country. It is simply **NOT POSSIBLE** to secure a centralised database which can be accessed by 300,000 people (whether or not they are "working approved practitioners") let alone 1m. If there is no potential for abuse here, why the reprehensible opt-out for the children of MPs?

A good point about why the NuLabour fixation on gigantic national databases. A smidgen of history might help us understand better what's going on:

In the mid-1960s the Rand Corporation published a book proposing ways to use computers and databases in local government, "A Data Processing System for State and Local Government".

In essence it proposed a single comprehensive database with everything connected to everything else, land, people, schools, welfare, you name it. I found this book in a remainder bin somewhere and bought it as a curiosity, but with time I came to the realization that it was proposing a privacy-destroying Big Brother system — about what you'd expect from the Rand Corporation.

One has to wonder if that little book is behind NuLabour's fascination with all-encompassing databases; the parallels are too close for comfort.

PS: Copies of the book seem to be readily available, though not in great numbers. Anyone with a serious interest in the erosion of privacy via IT should familiarize themselves with it, if only so they understand how long the NL attitude has been around.

These are government people, they wouldn't harm us or our children. The government screening programs are safe and never let anyone unsavoury into a position of trust with vunerable youngsters in society.

"Go back to sleep Britain. Go back to your TVs and beer, grow fat and stupid. You are safe. Your government is in charge."

How on earth does this database prevent someone from abusing their own chilldren ? We're not quite in a 24hr domestic surveilance society (yet) and as far as I know there aren't cameras in my home watching me bath my baby checking that I'm not taking /too/ much care washing his bottom...

It'll just be a flag on the record so when the MP loses in the next election his kids can be restored easily.

And who's going to guarantee that the programmers writing reports and DB access routines will always remember to omit the flagged records? Mr. Brown? Ms. Jacqui? Ha ha ha ha!

Britain needs to build a nice big new nuthouse, round up all members of the NuLab government and incarcerate them for "demonstrable madness and disconnection from reality."

PS: I am wrong if NL intends to have a permanent majority, but we know what happened to the political party in the US that tried that little stunt.

Is child protection the only motive behind this? Each child will have a unique ID number. Seems a perfect starting point for a comprehensive national ID card database to me.

This governments record with IT is thoroughly awful and we are a laughing stock when it comes to IT disasters, see this:

http://blogs.zdnet.com/projectfailures/?p=1132

That's 5/16 of the most noted IT failures out of the entire world !

This database is a paedos dream, all the info they want from one nice leaky UK gov IT project.

I was thinking of moving to Australia to avoid this sort of nonsense, but it seems IT stupidity has infected the Aussie politicians too.

That you lot on the other side of the atlantic are in dire need of a change in government. I've been reading about this database, the ID card scheme, etc etc via El Reg and other sources and I have to say some of it is genuinely scary stuff.

I haven't commented thus far because not being over there, these ill conceived schemes being put into place by your government don't necessarily directly affect me. Thus I feel that it's not really my place to weigh in on this. However from a pure human rights standpoint this and some of the other programs being proposed are an affront to basic human and civil rights, and as such I can't help but say, WTF??? I mean seriously anyone who thinks any government can safe guard this kind of database who's access control list seems to be... well just about anyone connected in some way to local or state government, is simply deluding themselves.

As has already been stated it just takes one numpty to leave their laptop on the train or "secure" USB key in a pub and the security of this thing is (at least temporarily) totally and completely fucked. I wish I could be more eloquent about what a phenomenally bad idea this is but when governments start going down this path I can't help but be pissed. I've railed even more strongly against things over here like the "patriot act" etc, but to no avail under Gee Dubya's staz...err regime.... err administration. But I digress.

The cases which spurred these actions are indeed tragic and no one would deny that. However it seems the failing was on the part of the local social service and law enforcement agencies not the lack of something such as this rather Orwellian datase. Or the inevitable ID cards that will soon follow on the heels of this database being forced upon you to "enhance security" of said database, read: government will be able to track and tag anyone they feel is a threat. Wether that threat is real or imagined wont matter at that point because they will have control from the top down.

I feel for those who have expressed genuine concern over this and other schemes which seem designed to do nothing more than erode your privacy and will not only do that but may indeed put people directly in the kind of danger that it purports to protect them against. All the while the government officials, their favored contractors, etc etc will profit and be one step closer to being able to heard the populace into the pens of it's choosing to "protect the unwashed masses from themselves".

The article trumpets the 1 million users figure but conveniently forgets that access to ContactPoint does not mean access to all records.

GPs can only see details of children registered with their surgery; teachers can only see children enrolled in their school; social services can only see children in their "area". And so on.

In other words, ContactPoint users cannot see any more childrens' records than they *already have access to*.

So why have the database if access is so restricted? Because they can see more info. For example a GP almost certainly won't currently know who a child's teacher is. So when the child comes into the surgery with unexplained bruising, the GP can't easily contact the teacher to ask if the parents are lying when they claim the child has been bullied at school, or fell over in the playground or whatever. With ContactPoint access they can.

[Aside: Personally I think this is a "good thing". However, it's all a total waste of money if more "Baby P's" are going to be allowed to happen. There's no point giving those involved with a child easy ways to warn about abuse if social services are going to do fuck all about it.]

There are occasions when a user would want to search for a child that they do not normally have access to. For example, police in one town find a runaway child from the other end of the country. To search for this child they need to invoke "break glass" functionality. Doing so automatically warns that user's supervisor (who may not have access to children's records at all but has access to ContactPoint for management purposes). The supervisor is trusted to determine whether the break glass facility is used legitimately or not. (E.g the duty sergeant may do it ten times a week whereas an ordinary constable may never need to do so.)

Yes, the two of them could abuse this arrangement but that requires collusion.

To the other posters with concerns:

@Ash: users can obviously leave the terminal logged in. However, login is two-factor so the owner of the token that had been (ab)used would get the blame for any accesses carried out. All accesses are audited.

@Nick: ditto the need for a token to log in. So even if Gov. gateway data is out in the open, it can't be used to log in.

@Norman Publicus: You are exactly right and I hope my explanation above goes some way to addressing your concerns.

@John Ozimek: all these people *already* have access to child details by the nature of their jobs.

@AC 14:07: just because the agency you work for is poor at data security, does not mean that ContactPoint will be. From what you say, you should be invoking whistleblower legislation to make a formal complaint.

@AC 14:10: "special" cases include MPs sprogs, celebrities sprogs etc. It is inevitable that some user somewhere will ill-advisedly "test the security of the system" by trying to look up a celeb's kid's details. The user's attempt will be audited, flagged-up and they will be spoken to by a supervisor. It's better that they fail and be warned/disciplined rather than succeed and be warned/disciplined.

@AC 14:51 The test databases are as carefully controlled as the real one in. (Same data centre security, same DBA employment vetting etc.) But no access from the outside world - so actually more secure than the real one.

@Chris Thorpe: two factor authentication is used. That doesn't stop the user leaving their token on the desk with a post-it with their pin on. However they would be effing stupid to do so: all accesses are logged so if a child is kidnapped and abused, for example, the first thing the police will find is that the child was the subject of a ContactPoint search and will be round to that user PDQ.

@AC 15:10

1) The database is not on DVD, trust me. :-)

2) The council already have a legal obligation to ensure that your child is educated so they *must* know whether he/she is enrolled in a school or being educated at home.

3) The same way that schools identify children now: first name, middle name, surname, dob, address etc. No id card required.

@AC 15:26 All access to ContactPoint is audited. A user could always try to add an unfounded allegation onto the system but they would always be traceable.

@Nigel: I would like to say that it is "impossible" for a single person to "leak" all of the data. However that can never be true. Someone could always turn up, shoot the security guards and threaten the DBAs with a pistol until they get the data on a single disk. But a person with the that kind of motivation and access to weaponry is unlikley to want data.

@The Other Steve

It's true. IT staff won't have access. It is perfectly possible to administer a faulty webserver without needing access to the database. If there is a fault on a DB server, the DBA can be supervised by a, well, supervisor, to ensure that he only does DBA things and not look at the data.

Can you cleanse, de-dupe data without looking at it? Of course you can: no single person is going to look at n million records and de-dupe them. Automated matching eliminates most duplicates. Somethings will inevitably be impossible to resolve atuomatically. These are reported back to the local authority of the child in question to resolve. So the person doing the de-duping is a local authority employee who already has access to the records in question.

@AC 16:19 Actually it is relatively easy to secure a *centralised* database. Securing a *decentralised* one is much harder.

Or. if this lot keep up their outstanding record on data security, 6200 million or so.

I see (AC 1930) we have readers in HMG too ...

I refute your impressive looking list of unaccredited justifications with one time-proven statement.

No lock with more than one key is secure.

For the others, it's not the pedos you want to worry about, they are the least sophisticated group drooling over this database.

Think about extreme jihadists looking for impressionable disaffected foot soldiers, or drug traffickers wanting new customers, and more importantly agents who will get their 'product' to new markets. Then of course there is the spy fraternity. Nice convenient selection of future sleepers. All these groups are patient. They don't mind waiting while their 'investment matures.