The Government has announced plans to push ahead with the next phase in launch of a controversial child protection database, despite ongoing concerns about the security of data held on the system. The delayed ContactPoint system, which is due to include names and addresses on every child under 18 in England, will be accessed by …
From the site
"How is ContactPoint accessed?
Authorised users can access ContactPoint in three ways, through:
* a secure web link ..."
Oh dear. That alone opens up all kinds of attack vectors, and could have been avoided by developing dedicated clients. Using the web means that unknown variables such as browser security, other sites open at the same time, toolbars, etc, are all in the mix.
Why does this *always* happen with the government and IT?
How can a government that admits over 80% of it's systems have been infected by viruses make any claims as to security?
One virus is enough to give third party access to this database, and if they really are providing remote access, then the security is an absolute joke.
Grabbing the Female Vote .... Softly Softly Carpe Diem
""Based on anecdotal tales from groups who help women abused by partners who use such tech, the husbands tend to have a good grasp of malicious programs, so it's not unreasonable to assume they'll easily find a blackhat who can help them out."
And completely Fail to Miss the White Knight Project which Venus to Mars Generates with AIClimactic Drive. ..... which would Love's CodeXXXX XSS Key Algorithm?
A Question Only to Self Doubters and Game Pretenders/Noble Triers/Country Squires.
Can you Imagine the Force of Transparent Hatted Men Ably Assisting Enabled Women. Sounds Like a Heavenly Quest/Voyage of Immaculate ReDiscovery ..... True BiPolarized ESPatial Enlightenment which is much akin to Total Informational Awareness Systems .... albeit Beta Immaculately Equipped and ReSourced and thus an Improvement for Addition and Incorporation for Parallel Running Multiple CoreStreaming Channels with Virtual Venue XXXXChange.
For a New Breed of CyberIntelAIgent Being .... The Polyamoral Immortal at the ImamfMPortal? .. Or does One Favour the Dream Full Time and to Order with Other Worthy Champions?
How else are they meant to seed the NIDCDB?
They know most people won't willingly give their details, so let's just log everyone as they're born and copy/paste the data over when the NIDCDB is live!
Some more equal than others
I understand that MP's children and those of 'celebrities' will be shielded. Surely it's either secure enough for all children to be listed on or it isn't!
Why this massive waste of taxpayers money hasn't received more coverage that it has is a mystery.
Unless information is secured by role and by purpose, which I gather it isn't, then security will be impossible. CRB checking is irrelevant - its not done every year, its not spot-checked and anyway it doesn't take account of marital status.
All it will take an authorised person with personal problems. Wasn't there a police officer got done recently for trawling some database for his ex's whereabouts not so long ago? Aren't there cases of teachers in court for alleged child abuse? And thats only the ones who got accused / caught.
So with 300,000+ users its guaranteed that somewhere someone will be an as-yet undetected offender, or desperate for money to pay off debts, or desperate to find their old school buddy's kids for him. And every single day someone will do a screen-print or other hardcopy and leave it lying around somewhere. It'll go home in a briefcase, be left on a desk, be dropped while fumbling for keys, be used to scribble on the back of.
Security vs functionality
Building a secure system needn't be hard - I'm sure the gov't has access to resources that would be able to do this. The trouble is that security tends to get in the way of ease of use and unlimited access to information.
If security were the overriding design criterion, there's no reason why a secure system couldn't be delivered. Security problems arise when those responsible for design decisions reject security in favour of other, more important (to them, at least) considerations.
Why are *all* kids on this?
What is the rationale for putting all children on this database? It makes sense to improve communications for children who are in contact with services, and indeed there is a mechanism (the CAF) for doing this. I don't understand why anyone else should be on it.
Wow that sounds crap
"local authorities have shielded the records of children who are potentially at greater risk if their whereabouts were to become known"
Child 'A''s records are of interest to Child 'A' teacher, Child 'A's doctor, Child 'A' parent, Child 'A's social worker. Can those records be seen by doctors that don't treat child A? By teachers that don't teach Child 'A',By police that have not detained Child A? By everyone in a uniform claiming to have authority?
By the sound of the comments in this story, they have not put in proper access rights, simply assumed that all doctors are heros in white cloaks and not Dr Harold Shipmans. That all police are heros and not thugs with batons clubbing newspaper sellers, that all social workers are competent, not Marietta Higgs overzealous idiots.
You would not need to put in special controls for SOME children, if you'd put in proper controls for ALL children. It's practically an admission that the basic controls are insufficient.
So can Dr Shipman Mk II get all kids records? He can't now, but by the sound of it ContactPoint makes free and easy with every childs records to everyone in authority for every reason.
So suppose Dr Shipman Mk II, pediatric doctor wants access to Baby P Mk II's records. What the mechanics of that. a) He gets it automatically, b) His word is enough, c) Some independant permission system, d) other?
Or suppose Dr Hero Shiny Teeth wants access to the records of Junior ShinyTeeth? Is there any special check done to block access where the figure of authority has other links to the child? (e.g. family links, girlfriends daughter, kids of local councillor he doesn't like, MPs children? Jacqui Smiths kids?)
Who will be the first person
... to add Little Bobby Tables to this database?
And of course...
... if anyone on the inside dares to try to "blow the whistle" on security failings of this system in use, no doubt they'll face professional ruin, just as the NHS nurse who videoed the shoddy treatment being given to patients did.
The implicit warning being "Don't rock the boat or we'll feed you to the sharks..."
Well this is going to be cracked
Data cannot be downloaded, that will be interesting, so no one can use it.
This just beggars belief, it is so fundamental that the data has to exist in a form by which it can be reproduced you are sending information over the line it is being downloaded, there is no way around that :)
No this woman is a moron, the idiot in the village, should not let be near anything more complicated than fire, and then only if she is attached to a pole.
The data will flow out, and all the information will be available on the market, if not just published out for nothing and mirrored to hell.
And of course the operators will be targeted as well, and most of them are morons, so hmm what odds shall we give this being cracked and laid bare, probably a week or so, then a few weeks before it becomes common knowledge.
Anyway let's have a look at Beverley Hughes and her vast knowledge of computer systems:
Always good for giggles to look at the source, screw any form of valid markup there Bev, quirks mode ahoy. Oh the page request headers are interesting using IIS 6.0 good luck there Bev.
Now she claims all correspondence treated in the strictest of confidence, she does give an email but how are people to send communications without her public key, strictest of confidence my petuna, she is actively encouraging people to communicate over insecure channels.
One of the most popular cracks in recent times, is the University college crack at enrolment, it is good to get them young, that way you can control the identity better, harder to use an identity of older people, they have a history. So, this is going to be one of the biggest security blunders of all time
I imagine the commercial cracking community is celebrating Beverley Hughes as one of the greatest things to come along since sliced bread. Of course everyone else may be a little miffed at all of this.
"...ministerial assurances on security provisions that will accompany the roll-out of the directory system."
"... social workers, police, schools and health officials will have access to data held on the ContactPoint database."
So, is the database secure, or does world+dog+cat have -official- access to it?
No way to download information?
Also: No case history in the database? A list of names and addresses, with no context? (Oh, except... that children who have been abused will have their contact information blanked out...)
So, in addition to not being secure, it won't be useful? I can write the flowchart for a program which pulls the data out of whatever "Secure" program is being used to view the data, and output to file or remote host. So, "Cannot be downloaded" either means "Can be downloaded" or "System does not work at all".
Actually, the second seems rather likely.
In other news: Garbage in, Garbage out. The database, in addition to being trash, is garbage.
Big brother is watching you, but he thinks I'm a 90-year old pensioner single mother of 10.
Think about the children ....
I was subjected to an unsubstantiated allegation last year. Despite being cleared by Social Services, the police and the family court, will this allegation still be there, accessible to all & sundry?
Who needs a job?
Theres a jobo n the guardian website. As a "Contact Point Data Manager"
Anybody very clumsy and like to lose things?
Youd be perfect for it!
OK, I'll bite.
"to include names and addresses on every child under 18 in England,"
Why? Surely that information, for the vast majority (I'm thinking 7 nines or more), is already safely in the hands of the parent/guardians? And surely it's up the the P/Gs to dole the information out to whatever pseudo-official needs it? And on top of that, why on earth should the details of all the kids in Bude be accessible to people in Glasgow?
The whole thing makes no sense. EXCEPT that it'll raise a whole new generation of people who expect to have their details locked up in a government database.
Enjoy your nanny state. Or get off your arses and FUCKING VOTE!
tainted, in so many ways
Copied (slightly edited) = "Despite serious and widespread concerns about the security, integrity and necessity of this database, minister$ seem determined to bulldoze it through."
It's typical shabby and self-serving behaviour of Nu Liebor to use *child victims, who they have already badly let down, as an excuse for social scheming. Co-ordinating the various services involved where a child is known to be at risk does not require the setting up of a directory of ALL children and their details, unless it is so pedo's can find their ideal victim.
* Scandlous (and IMO criminal) events involving Hodges and Haringey (multiple) are the ones that immediately come to mind if Nu Liebor trolls want some reference.
Easily the most unethical act by this gov...
...since their last unethical act. Anyway, this begs the question, at what age is the 'child' removed from the database? (By the way, if I had children, I would refuse their details to be held in this databsase unless I as a parent had FULL control over the information held.)
What we have here is a government so lacking in comprehension of their station (think Lord Of The Flies by William Golding) that they do not know when they sin nor see the dubious flaws in their actions. Just look at the expenses fiasco.
hmmmm. Not that safe...
My partner works as a health visitor for the NHS and I for one have been able to wonder into her office, wave at the staff on the counter (they're thinking ... it's only him - XXXX's friend) , make a coffee and log in with her details already.
(This was only because we did not then have broadband at home and I wanted to download a new gentoo release).
There are layers of protection for their Novel network but usually you'll find that the user once "in" has saved their passwords. Or in my partners case - has them on post-it notes stuck to the bottom of the mouse mat.
I've done my fair bit of network intrusion in a past life and know for a fact I'd be able to get into this system with nothing but a smile and a wave.
A possible (though unlikely) solution
With systems like this, where a large number of SMEs (with no vested interest) seem to think there is a security problem, and various consultants, suppliers and politicians (with a large financial or political vested interest) think there isn't, the consultants, suppliers and politicians should be forced to assume some liability. How comfortable would they be, if those claiming that there is no problem would have to pay £100,000 for each and every security breach? I would be interested to hear why, when they claim there is no worry of breach, why the wouldn't actually put their own money in it.
If a social-worker has any business knowing any of this information they have the means and authority to collect it. Also, if police have some mysterious need to know what school Child X attends, doesn't it follow that the same need to know adults' place of employment exists? This is a blatant money-wasting make-work project.
We'll also be reading about a copy of this database being stored on a laptop that gets stolen off the seat of someone's car... probably in about 12 months.
Paris because she knows all about getting screwed.
Confusion reigns - what is there to protect
Contact point does not really work like this. It does not have its own independent and autonomous security systems. Access and Authorisation are wrapped up in the Employee Authentication Service and the network security policies come under the auspices of Government Connect. These are fairly difficult to understand even without El Reg making a fairly typical dog's breakfast of reporting the matter.
Running a key logger on my partner's lap top to trace the whereabouts of the children to whom I am forbidden access is going to work if and only if my partner happens also contingently to have ContactPoint, which is possible, but the likelihood that she or he is a professional who also contingently has access to the details of those particular children is fairly low. Parents who do not happen to be designated officers with access through EAS do not have access to ContactPoint. The facts demonstrate that fathers who wish to trace their children usually have far more efficient methods.
My favourite issue is that ContactPoint is a mere directory. It doesn't actually hold any sensitive data beyond names addresses schools etc. However, because it is a high profile project and it will be very embarrassing when a screen dump appears in the Daily Mail, it has been accorded high level security status. Therefore the levels of security being applied to this directory are much higher than those applied to systems which actually contain information which is confidential.
What could possibly go worng?
This wouldn't have helped in 2000 anyway..
in the case that supposedly sparked this system's creation.. the problem wasn't that the agencies didn't know where the child lived.. but that they didn't share their case notes. Which ContactPoint won't do either..
Hooray for government project scope creep... It's probably secure! and it's probably completely useless!
Another timewaster ?
The social workers we have now cannot stop child abuse, even when they already KNOW it's taking place. So what hope is there of them managing any better with even more info to ignore ?
Oh what fun we had, but did it really turn out bad?
"Based on anecdotal tales from groups who help women abused by partners who use such tech, the husbands tend to have a good grasp of malicious programs etc" - I am led to understand that some women, perhaps not all, but at least a substantial minority, are also capable of using computers, and are not frightened of their masculine power.
Do they now have something to fear?
Why is there a problem with this database? If these children have nothing to hide, they have nothing to fear...Right?
I'd like to know what data is kept, why it is kept and who (or how many people) now have access to it. Then compare that to the previous system.
In my eyes, that is as far as the security assessment needs to go because you simply wouldn't be able to trust the system to keep the data secure.
Another Gov IT failure in preperation
"Police, social services and health agencies all noted signs of abuse in the run-up to her death, but each agency acted in isolation"
Something tells me that a database is NOT the solution to this problem, better inter-agency communication is.
Maybe the police, social services and health agencies could have a dedicated Child Menace officer, tasked with keeping other agencies up-to-date on what his agency has discovered ?
But why try to be smart when it is so much easier to throw money at an IT project ? After all, computers are magic, and everyone knows that the solution is always in a database.
The weekest link
in this chain is the user.
Having hundreds of thousands of low paid workers being able to access the system guarantees that some of them will leak the data. Whether due to bribery, or a ‘favour for a friend / family member’ or ‘just because’, the data will be leaked.
And when the first child is kidnapped or killed because of data taken from this system I will blame the ministers and civil servants who forced this through despite security experts’ advice.
A Hacker's Civic Duty
Is to make a mockery of this DB. Let the fun begin.
ContactPoint shielding correspondence
If you write to your Local Authority about shielding your child(ren), you may like to publish your anonymised correspondence via NO2ID's forums, to help others trying to protect their children from the threat ContactPoint poses. See, for instance:
That's one hell of a large MP expense account
Why oh why do these things cost so much to implement.
A database of personal and contact information is about as basic as they get - and it only takes a few ounces of sense to make things reasonably secure. ( not that I agree with the need of keeping a database of children at all in the first place though ).
Lets forgot about the database and just force taxpayers to flush most of their income down the toilet instead - at least loopaper is useful, and doesn't play with the safety and rights of our children.
all y0ur kidz b3long to us...
> I understand that MP's children and those of 'celebrities' will be shielded. Surely it's either secure enough for all children to be listed on or it isn't!
This is an extremely important point. Either the system is secure and fit for use by everyone or it is considered insecure and its purpose, scope and implementation should be reviewed.
> What is the rationale for putting all children on this database?
Capgemeni or some other greedy outsourcing group get a bigger margin by building a bigger database. I suspect the usual government IT incompetance and mis-management rather than creeping surveillance.
Anybody have any further specifics on the technical of this? Any live URLs to be looked at?
Re:all y0ur kidz b3long to us...
>> I understand that MP's children and those of 'celebrities' will be shielded. Surely it's either secure enough for all children to be listed on or it isn't!
>This is an extremely important point. Either the system is secure and fit for use by everyone or it is considered insecure and its purpose, scope and implementation should be reviewed.
In addition to the children, has anyone considered the parents - whose contact details will also be on Contact point?
As I've said before - if you might be targeted, you can withhold your demographics on PDS (Personal Demographics Service - the NHS database of up-to-date information on the whereabouts - and more of everyone registered with a GP in England) but you cannot do this on Contact point - except with the agreement of - who? it would be interesting to find out...
Probably too late to ditch the kids - and it mightn't get your details off the database: better emigrate - taking the kids with you! ;->
If it's secure then why do some children need special shielding?
Seems pretty obvious this thing isn't secure.
Another thing they haven't mentioned is access logs. All access should be via some personalized token (eg. smartcard) and access logs kept so we know exactly who accessed what information and when.
If they'd done this I"m sure they'd be trumpeting the fact so I can only assume they haven't.
I also see no mention of records being destroyed when the child reaches 16. All I see is hot air and a database of tomorrow's citizens being built in the name of "protecting the children".
I give it a few months before an unencrypted CD dump of 1000/0/0/0's (delete as applicable) of childrens details appear in america/on a train/on ebay(delete as applicable) and then bought by daily fail/sun/bbc panorama (delete as applicable).
"The database is designed to give social workers, police and hospital with common access to contact details on children and other professionals working with them, so that care professionals can more easily contact each other and exchange information. Case history files will not be housed on the system."
So £224m (+ £44m a year) for an address book? How is putting technology in the way going to make diverse groups of health and social care professionals suddenly break the habit of a lifetime and start talking to each other?
Spooky kids ?
Offtopic, but what movie/TV show does that picture of the spooky kids come from ?
Glad I live in Wales
Only by half a mile but its enough
Threshold for celebrity
What hurdle to I have to overcome to have my children's detail's removed from this database?
Z-list? B-list? A-list?
I once appeared in a local newspaper, so I'm a celebrity, can I have an exemption?
"in the case that supposedly sparked this system's creation.. the problem wasn't that the agencies didn't know where the child lived.. but that they didn't share their case notes. Which ContactPoint won't do either.."
Partially correct Jeff, but slightly missing the point. The main reason the agencies didn't share case notes is because they didn't know there were any to share. That's the gap ContactPoint aims to fill - if a childcare professional is able to see that others have also had contact with a particular child they can contact those professionals to find out the details. The intention is that it helps them to join the dots and see the bigger picture.
Almost all the posted comments to this article have been negative, and as IT pros, looking at the security concerns, I can understand why. But just ask yourself one or two questions before you continue to slate this project.
First, is the underlying intent behind the project a valid one? I'd argue, from the example given above, that the aims are laudable. Note that the partners in this exercise are not just government agencies, or the Cap Geminis of this world, out to make a fast buck from the taxpayer, but Barnardos and KIDS. No doubt they are not perfect organisations either, but their raison d'etre is child welfare. If they didn't see some benefit from their scheme they wouldn't be involved, would they? (Although I'm sure some conspiracy theorist will leap to contradict me....)
If the answer to the above is"Yes, there is a valid intent underlying the policy", the next question to be asked is "will it do more good than harm"? No policy/system can ever be perfect, there will always be downsides. Do the positives outweigh the negatives? Are the risks valid? The data being discussed already exists in various formats - either in paper in a social worker's filing cabinet or in a local authority computer system. Is the creation of a central database really that much greater a security risk than exists already? The answer is probably yes....but by how much? Do the potential benefits, of preventing another baby P, outweigh the new risks?
I'm not saying I know the answer, but I would like to see responses here that seriously address those issues. Unlike the ID cards nonsense there is (IMHO) a genuinely beneficial public policy initiative underlying ContactPoint. If, as an IT pro, you think it's not being properly implemented wouldn't it be more helpful to make some constructive suggestions on how YOU might go about tackling the problem?
Glum face to reflect my disappointment in the relentless negativity of my fellow Reg readers.
@Well this is going to be cracked
Indeed. If you look at Beverley 'Bev' Hughes website, go to the about page: http://www.bevhughes.co.uk/about.htm
There are three photos, which take an age to download, even over 5MB broadband. Why? Because one of them is 2202.93 kB, and 3297px × 2254px (scaled to 300px × 225px) and the other two are similar!
So this single page is about 5 MB bigger than it needs to be. And the owner of this site is competent to talk about the security of IT systems? Not likely, is it?
@Wokstation,@Topsy, @Vision Aforethought ,@AndrewM,@Optymystic, AC@08:42
"How else are they meant to seed the NIDCDB?"
Quite so. However FYI the official name for this piece of madness is the NIR or National Identity Register. Database sounds *so* encyclopaedic and intrusive.
"I was subjected to an unsubstantiated allegation last year. Despite being cleared by Social Services, the police and the family court, will this allegation still be there, accessible to all & sundry?"
Only on the hidden part of any CRB request a potential employer might make. Hearsay and dropped allegations are in due to the change in the rules. As long as you avoid any jobs needing a CRB check you should be fine. But your kids will be on Contact Point. And as we all know there's no smoke without fire. What was that about you cannot prove a negative?
"Anyway, this begs the question, at what age is the 'child' removed from the database?"
I think you'll find they plan to leave entries on this system till the child is 25. Handy for the Police.
Not that I'm saying they will all become criminals (that would be too much for the government to hope for) but it will help the paper work right along. Who says Labour does not practice joined up government?
"Or in my partners case - has them on post-it notes stuck to the bottom of the mouse mat."
The same scenario that a New York cop used to get the flight details of the plane a women (and IIRC her kid) were travelling. Only guy in the department with access left ID & password on post-it note. I had hoped it might last at *least* a week before someone could do this.
<sarcasm> Still as we know anyone who would want this sort of info is a saddo loner who is so inarticulate and smelly they could not possibly manage to talk their way into such secure offices without being rumbled straight away, so this is not really a worry. </sarcasm>
You're either very trusting, believe in magic, or prone to misunderstanding, or all of the above. Which suggests you're some kind of social worker. The point of the keylogger comment was that at least *some* of the people such children should be shielded from have *shown* both the skills and the *will* to spy on their partners. It is a reasonable inference they *could* work out how to extract this information by for example planting a key logger on some staff members PC. But perhaps none of the clients you deal with have *ever* been left alone in your office and you (and all your colleagues) never do anything as stupid as leave pass words on post it notes. I'd like to believe that. But I have some experience of how gullible some staff are.
"all y0ur kidz b3long to us... "
Says it all on so many levels. But with *all* children on the database consider the potential to upset a *very* large group of voters at one stroke. Of course no one yelped much when they lost all the child payment details a while back but we can hope.
If a complaint was made to the police about the allegation, it will show up on your Enhanced CRB check for the rest of your life. It's already cost people their jobs (google this place for an article on "malicious gossip could cost you your job").
The Juhn Carpenter remake of the Village of the Damned, based upon the book 'The Midwhich Cuckoos' by John Wyndham, better known for 'The Day of the Triffids'. </wikis>
I tell a lie - it looks more like the 1960 original
Re : Spooky Kids
Looks like the Midwich Cuckoos although the IMDB doesn't recognise the title.
Mind you I think a lot of kids look like that now-adays. Their ritalin doesage is obviously too high.
What a waste....
what a waste of money.....
Lets face it, the stated reasons for the creation of hte database is so that difrent agencies can see who has had contact with which child. what a load of crap.... the real reason is so a generation of kids grow up used to the government hoding a file on a database about them.. they say the entry will be removed when they are 18..... yeah, damn right it will be.... right after an entry has been created in a list of adults database....
Most kids know if they are having issues and need to spek to someone, then call childline.... maybe the gov should have donated the 225 million pounds to set it up allong with 44 million pounds a year to childline.... it would me more affective than the little black book of kids names and addresses the govement have made...