UK.gov opens up delayed child protection database

Secure

There is a government site all about contact point here:

http://www.everychildmatters.gov.uk/deliveringservices/contactpoint/

It contains "ContactPoint Security: Deloitte's independent review

This link contains documents about the scope, findings and Government response to the Deloitte review."

The link itself says "The contents of this page have been removed and the latest information is available from the ContactPoint page."

So we have a ciruclar reference, and no independent security report. Google cache to the rescue:

http://74.125.77.132/search?q=cache:MLPhrVLkDN0J:www.everychildmatters.gov.uk/resources-and-practice/CM00088/+contact+point+security+independent+review&hl=en&ct=clnk&cd=1&gl=uk&lr=lang_en&client=firefox-a

or for short

http://tinyurl.com/ac5lmz

And what do these documents that seem to have been hidden from public view say?

Well the last paragraph of the executive summary says:

"While the ContactPoint team can design strong controls into the system and provide good advice to connecting organisations, there is a limit to their ability to enforce good practice or to monitor incidents and control breakdowns. We recommend that the DCSF participate in government-wide security initiatives to maintain and enhance roles, responsibilities and accountability for the security of systems such as ContactPoint that extend across multiple Departments and other organisations. These initiatives could help to define methods for effective sanctions for non-compliance or incidents."

Or to paraphrase: "We could loose bucketloads of data and never know".

What Happened to there new ICS system?

They did have a new system called ICS a few years ago that was a nicer GUI for a system called Swift.

And they replaced it again wth contact point.

Wonder why ti costs 224M to build a database?

Not such a bad thing

I worked on the development of a similar system to this several years ago, and I have to say I welcome it.

Having read shitloads of whitepapers on child protection and related best practice I can say that what was in place before was well-intentioned but absolutely lacking in cohesion. There was no way to track who was living where, or with whom, and in child protection that's a major thing (and sure, someone's going to bleat about this being a "think of the children" post).

The fact is that many children at risk are in contact with adults who have previously been involved with children at risk, whether they be dodgy relatives getting the children involved in criminal activity or men who are only interested in a single mother that has children in those peoples desired age bracket. And in the case of Victoria Climbie, a couple who had no interest in the child but were quite happy to claim the financial assistance. That was a truly shocking case, one that's been horribly echoed with the Baby P case. If these at risk children can be identified and the responsible people they are in contact with can share information, then I'm in favour - child protection officers in the local police, teachers, social workers, GPs, paediatriacians at the local A&E need to know what each other knows to prevent the abuese we've seen far too often.

Sure, there must be airtight security, something government systems are not known for. It's not impossible though. And there must be assurances that this system is isolated from other data sharing initiatives, which I'm generally against. But on this I'm onside.

FWIW, not getting my take on the system designed, built, finished and operational is still the biggest regret of my career, so a working system is a good thing.

Hand Washing

Asked what forces would use it for, Morgan said: "That's a matter for the police."

Actually, no Baroness, that is a matter for the Government, of which you are a part.

Or at least is should be.

Passwords, PINs and tokens?

No. None of these things stop the 'trusted and screened' users from writing their details down on a Post It, leaving the token thingy on their desk, etc.

The system should require a South Park style anal probing to verify user identity before accessing each record. Now that would keep it secure!

<~~ She probably knows more about secure database systems than the British Government.

They also record where the child is in education....

From here:

http://www.everychildmatters.gov.uk/resources-and-practice/IG00202/

"Statutory Guidance (revised) for Local Authorities in England to Identify Children not Receiving a Suitable Education"

"ContactPoint, to be implemented across England by mid 2009, will help local authorities discharge the duty by recording the place where a child is being educated, where that is known. Where it is known that a child is being educated at home, that would also be recorded. This will enable local authorities to focus their efforts on identifying children who are not receiving a suitable education, and putting in place the necessary support. ContactPoint will also show whether a Common Assessment Framework has been undertaken with a child, and whether the child has a ‘lead professional’ co-ordinating any support required. Further information on ContactPoint is at: http://www.everychildmatters.gov.uk/contactpoint."

This is under consultation (again) currently. http://www.freedomforchildrentogrow.org/pr190109.pdf

I would be interested to see the overall - what else are they recording - for this database.

So much wrong with this

How do they ensure that the personnel working with the database are totally, completely beyond reproach? What happens if (when?) someone with malicious intent towards minors gets in?

Something tells me that the methods for vetting applicants is less than perfect, and I wouldn't trust a child's personal information in a system any less than so.

Bring in the Tories / Libs; Let them get rid of this monstrosity.

@Dave Harris

Fair enough, but why then does EVERY child have to be on the register? By all means add those deemed to be at risk. But considering the very real risk to every child on there from inevitable misuse this raises the risk for children not at risk for no benefit that I can discern.

I am only glad that my own offspring are now grown and will not appear. Having dual nationality I will be advising them not to have and raise children in this country.

Freudian slip?

"Delayed child protection"? Is this just an unfortunate arrangement of the words or is it a freudian slip to the fact that child protection is often either hugely before the horse or waaay after both horse and cart have made it away on an international visa...

224M

It's running on Oracle, obviously.

After all, the per-seat licence alone must be a cool hundred mil.

390,000 people?!!?!

How the hell can a system be called "secure" and "private" if "only" 390,000 people will have access to it?!!!??!?!?!?!?!?!?

Only the UK government would consider this a "sensible" approach. And as someone already said... post it notes will soon have access information doted about all over the shop.

So, what are the odds of a data breach in the next 6 months during the trial?? Or is that such a sure thing no one will be willing?

Guilty, until proven innocent.....

and then you are still probably guilty of *something*, we just haven't caught you yet.

That seems to be the Government's stance on all law and order issues.

While it is eminently sensible to just include vulnerable and 'at risk' children on the database, this goes against the Government's policy of assuming everyone is a suspect until they can prove their innocence.

This thinking carries through in the NIR and ID cards, The national DNA database and the way the Gov't is attempting to force ISPs and telecomms providers to log all of our private communications.

It is merely true to form that they assume all parents are probable child molesters.

@Muscleguy

As far as I know, not every child will be on there. It will only contain details of children that are deemed to be at risk. That is to say, getting a green-stick fracture in the playground or playing football will not land a child in ContactPoint from their time in A&E, but a couple of 'accidents' at home resulting in the same might do.

Similarly, dad, stepdad or just mum's boyfriend getting a talking to outside the local after a couple of sherbets won't matter much, but a 999 call about DV possibly will, especially if it's on the premises and the attending PCs note that the chils is awake and witnessing.

Also of concern is the 'uncles', youth group workers and teachers (not to malign teachers in any way at all - primary school teachers, especially good ones are worth their weight in gold, but an ex-gf of mine was being fiddled with and wisely reported it to her teacher; he promptly decided that the way to deal with it was to abuse her himself).

What I'm saying is that a system that can track patterns of complaints concerning a particular child or individual who has contact with children could be instrumental in preventing such cases as my ex-gf's or that of Victoria Climbie or BabyP.

I'm fully aware of the data protection, potential false allegation and privacy implications of ContactPoint, but, so far, I'm happy with it. I'd rather my own children didn't end up in it, since that might mean I hadn't heard them tell me there was a problem, but, as long as the restrictions I mentioned in my first post are in place, I'm reasonably glad I've got another safety net (in addition to much maligned child services).

@Ash

"How do they ensure that the personnel working with the database are totally, completely beyond reproach? What happens if (when?) someone with malicious intent towards minors gets in?"

Of course you're not going to know whether someone has malicious intent unless they act upon it and get caught. Or do you propose the adoption of some miraculous total brain & character scan technology that can also see into the future?

Anyway, I fail to see why using this database would be a predatory pedo's preferred route for accessing children. Much more straightforward methods are surely available. But then, I'm not a predatory pedo or a paranoid idiot, so what do I know.

@ Muscleguy

You are wrong, every child WILL be on the database. This prevents poor social workers and teachers from having to decide whether or not a child is at risk.

With 390,000 lightly monitored regular users it can be only weeks before the data will be for sale on t'Internet.

I wish it were all a complex Nu Labour plot; but the reality is that all our MPs are brainless self-serving layabouts who care only about making their own way in Westminster and not one jot about the people who put them there.

@Dave Harris

"As far as I know, not every child will be on there"

I'd like to know the source of your supposed knowledge, as the government itself has stated that all UK children will be on it.

Anyway, what happens when the child becomes an adult? Are they removed from it? I doubt it. Much more likely they are then given an ID card, shortly after providing DNA and fingerprints.

@Dave Harris

Actually Dave,

Your children will be on the Contact Point database.

http://www.everychildmatters.gov.uk/deliveringservices/contactpoint/about/

Information held on ContactPoint

==========================

ContactPoint holds the following basic information for all children in England (up until their 18th birthday):

Name, address, gender, date of birth and a unique identifying number.

Name and contact details for a child's parent(s) or carer(s).

Contact details for services working with a child: as a minimum, educational setting (e.g. school) and GP practice.

Contact details for other service providers where appropriate, for example a health visitor or social worker; and whether a practitioner is a lead professional and if they have undertaken an assessment under the Common Assessment Framework. Please note these are not currently held on the system they will be added over time.

Those providing a sensitive service (defined as those in the fields of sexual health, mental health and substance abuse) will be required to seek informed, explicit consent from the child or young person (or their parent/carer where appropriate) before recording their contact details on ContactPoint. Where they are recorded, only an indication of an unspecified service would be visible.

I'd be interested to see what the error rates are going to be.

@Muscleguy

Repeat after Jacqui: "I am just a number. I am just a number"

All Kids?

Well, apart from MPs' kids, those of the Royalty - "think of the security of the children!".

Oh, and probably none of the Travellers kids and none of the kids of illegal immigrants who are 'not even here'.

In short all ordinary people will have to go through all the risks of poor processes, jobsworths, invasion of privacy and data loss, but those on the edges of society will dodge the the very system that is meant to safeguard their kids. And of course 'system failure' will replace 'institutional failure' as a reason why no one will be blamed...

MP's, Celebs and Royalty...

I fail to understand why children of MP's and celbrities get an opt out when there are equally important roles where children may require protection (prison officer, police, etc...). If an MP loses their job do their children then go onto the system? What if the celebrity becomes a Z-lister. Does going on Big Brother/X Factor get your children shielded? If so - then I'll be signing up this year... :-)

I find it staggering that the idea behind the system was from the Victoria Climbié enquiry, yet as I understand it she wouldn't be on ContactPoint if it had been implemented when she was alive. So on that understanding... Surely this is purely about surveilance of all children - nothing more. Its just another cog in the big surveilance system. Once a child gets to 18 what then? If they have every child then it would be so easy to expand that into an adult identity database.

There is an argument that there would be too much information on there now and the vulnerable children and ones at risk may be hidden from the sheer amount of children in the system.

The idea's proposed by the Conservatives then make more sense to just monitor the children at risk or on monitoring plans. This would avoid the risk of children being missed by the system.

Roll on the elections. I'm just surprised with all these measures that people haven't been protesting in the streets.

I'm getting mine and my childrens coats and heading to Scotland...

@AC @17:16

"Anyway, I fail to see why using this database would be a predatory pedo's preferred route for accessing children. Much more straightforward methods are surely available. But then, I'm not a predatory pedo or a paranoid idiot, so what do I know."

Uhm, every single childs information will be on there. The other method only catches a few children and takes a lot more work with more chance of being caught out.

And the "Well, they can't unless they have some magical mind scanner" is WHAT Ash was implying.

Same with CCTV. If you're a paedo and like to watch kiddies play, what better way than to use CCTV to watch the kids without anyone knowing. The best bit is, they'll be quietly made redundant and told not to say anything (and given a wodge to keep them quiet) since if they were caught, the fact that they were using the CCTV government said was protecting us to DO this "horrible act", the CCTV network would be killed off PDQ.

So best keep it quiet.