Doubt cast over ContactPoint security assurances A UK government minister has issued assurances about the security of the government's child protection database ContactPoint, but the minister's assurances are incomplete, if not misguided, says one expert. The ContactPoint system is designed to give social workers, police and NHS staff access to case files on children, so …
The contactpoint admins don't even know how the partner agencies are going to get a look at the data (ie. ID card authentication? Username/Password?) so how can they say that pen tests have been done?
In any case it makes no difference this is a waste of money, in reality only the cops want access to the database so they can snoop on the kiddez and such.
Hopefully this one will soon end up on the heap.
So ... that will be another policy which will be in conflict with the GCSX security policy (of which two versions exist whether you are in the DWP or cengral government) ... how can one hardwired close optical system which links all governmental departments together, be able to handle multiple policies at the same time?
It's the firewall, Capn' ... we just ain't got the rules power!
Oh, the GCSX thing was supposed to end the days of CD's and documents going missing by keeping data in-house. Obviously that's working well then!
"Furthermore users of the database will be unable to save data onto USB keys or other forms of removable media, Hughes added."
So what about the local hard disk? Is that still OK? They didn't say that users could not export data at all (which is what should be the case), so what the hell is stopping someone exporting to an already authorised machine and then oh, I dont know... dragging and dropping the file onto a removeable drive via Explorer... or uploading it to an FTP server or...
Considering the level of incompetence in government IT I can only hope that this is scrapped before the details of any vulnerable children are shared on it. Seriously this has the potential to be an all you can eat buffet for the paedos. The problem is not one of security of the application itself, more that there is no overriding mandate which means that people doing dumb things can be sacked on the spot and have their cushy civil service pension taken away. Once you start giving access to networks you have no control over there is a small risk of fuck ups. Once you start giving access to people you have no control over there is an absolutely massive risk of fuck ups.
Even if they manage to prevent copying of data on users' computers, there's still the old analogue hole. Point a digital camera (such as a camera phone) at the screen, and take a photo. Quick and easy.
The best way to close such security holes is simply not to have such databases in the first place.
Juniper SA device
Setup to scan for keyloggers and remote control apps before logon prompt
All traffic over SSL
SA device sets up a secure workstation session which prevents print screens
Client application runs in Citrix accessed via Juniper SA device
users logon using RSA Smart Card and 8 char PIN that changes monthly
Ta da!
Obviously someone malicious could just take a picture with a camera phone, but that's not the point. Scaliable, highly avaliable infrastructure to run it all on. Nothing stored locally at all, no way to bulk exports, all encrypted.
Oh you are so erudite...
The thing about paper records in the public service is that are not unsupervised, you have to take control of them, and then of course there's the paper trail, and then, however, there's the fact that random record access will take you a month of sundays to undertake a phishing exercise, by which time any anonymity you think you are keeping will be up there with the 25 million records that went missing on 2 CDs.
Apart from that I thought you made a good point.
Dear Mr Brown
Pentesting does not involve putting a pen in the CD drive and seeing what happens.
"Hughes said that penetration tests on the system had taken place, results of which she didn't intend to make public, before answering questions about security of remote access to the system."
Dont want to make public. Are you afraid that someone may print the list of vuln's off and be wasting so many trees doing it that their "enviroment" policies will be blown out of the window?
Let me guess. There using Windows/Linux(At a push) servers. Using propitiery software. (A bit of their own backend coding)
Pentesting with public out of date exploits (Looks at metasploit and slax on usb drive......)
Fawning supplications to the PM's discontent dispersal mechanism will get what every other petotioner has got: a mailshot to all who sign explaining that they are wrong, ministers are rights and they shouldn't worry their pretty little heads about it. If you enjoy being patronised the No.10 petitions site is the place for you.
More to the point, the opposition parties have actually undertaken to scrap ContactPoint.
Believe it or not contact point holds very little data on kids, just name, address, and some contact details. Thats it. If your really worried about data security, worry about school databases or local authority databases, contact points very secure, much more secure than the afore mentioned systems and holds a lot less sensitive data! Most of the money spent is to pay companies to upgrade their systems to talk to the contact point database. If you believed the press and above comments you'd think it was a search engine for paedo's, why are so many people wanting to stop a system designed to protect children and save lives, this is the only way agencies will know about each agencies involvement. People are playing party politics by stirring up the usual hysteria rather than the facts.
"Believe it or not contact point holds very little data on kids, just name, address, and some contact details. Thats it. ... this is the only way agencies will know about each agencies involvement."
Not if, as you say, it holds "just name, address, and some contact details. Thats it." It must contain more data if it is to be a way "agencies will know about each agencies involvement." It would actually have to contain data about various agencies' involvement, which indeed it will. That's obviously more than "just name, address, and some contact details."
What's more, for the most vulnerable children, those most in need of protection, there is something called "shielding". It's where most of the details are hidden, almost as if such children are kept off ContactPoint. That means agencies won't be able to know about each other's involvement when children have been "shielded". It contradicts the whole, purported point of ContactPoint in the first place.
The reason for "shielding" is to protect such vulnerable children from ContactPoint, and from those who have access to ContactPoint. Such "shielding" wouldn't be necessary if ContactPoint was safe and secure. This "shielding" isn't just the elephant in the kitchen. It's an elephant that comes complete with flashing lights and neon signs advertising its presence in the kitchen.
ContactPoint isn't going to be safe and secure. It isn't for the protection of children. It is, instead, for another purpose. "Shielding" is the proof of this. It really couldn't be more obvious.
These are kids might be at severe risk of violence, there will still be details about the child just not their address details etc. and the agency is informed that the person that they are searching for is shielded hence a high risk. These are things which another agency would not be aware of before contact point - this is a massive improvement. Please stop embarrassing yourself with this, children will die when the torys cancel this who wouldnt otherwise have.
Well if it is a massive improvement for the shielded children then why not just have a database for the shielded children. Why have a database for everybody else? There is no need for it, unless you are a statist who thinks that it's good for the Government to monitor everybody's activities.
This is about professionals being able to communicate with each other to protect children, why so paranoid? I just think that people want it both ways, they want social workers etc. just to be able to magically save vulnerable children without knowing all the stuff thats going on about that child, sorry there has to be some compromise on everyones privacy for this. To answer your question children won't become shielded unless they are on the system and the various agencies are communicating, if they can't communicate .. see Victoria Climbie. By the way it is just contact info, they have to communicate with the contact for any more info, further more each search is traced so it can be investigated.
Why have shielding at all? What's the point of it?
Those who are defending ContactPoint really do have to address that point. It's no good quickly dismissing the issue with a bit of "think of the children!" rhetoric and hand-waving. The question really does have to be properly answered: why have shielding?
Shielding is where at least some of the details of a child are kept hidden from those with access to ContactPoint. But it's not for all children, just the most vulnerable - those most in need of protection. Of course, the use of such shielding therefore obviously, tacitly concedes that those children most in need of protection, the most vulnerable children, need to be protected from ContactPoint itself. The cat is well and truly out of the bag.
If such shielding doesn't compromise efforts to protect such children, then such details don't need to be on ContactPoint in the first place. Why have such details for other children if they aren't even necessary? It's storing personal details unnecessarily. And since it's unnecessary, there's no justification for it.
If there is no risk in storing such details on ContactPoint, then what is shielding for? What does shielding achieve? If there is no risk in having such details on ContactPoint, then shielding doesn't add any extra protection. Shielding itself would be unnecessary. Yet shielding exists, and exists to protect vulnerable children who might otherwise be at increased risk if they're not shielded.
Those who defend ContactPoint can't have it both ways. Either there's no harm in having such details on ContactPoint, in which case there's no need for shielding, or shielding doesn't hamper protection efforts, in which case those kinds of details don't need to be included on ContactPoint in the first place. Either way, shielding shows there's something wrong with ContactPoint.
And for those who want to keep on playing the "think of the children" card: until you actively campaign for CCTV to be installed in every room of every home, you're going to have to accept that the ends of child protection do not automatically justify whatever the State's favoured means might be. You either accept privacy-based limits to child protection efforts, or you oppose privacy altogether, since privacy can always be abused by child abusers.
We either have privacy, even though some will abuse it, or we live in a truly Orwellian state with no privacy at all. What sort of future do we want for today's children?
Only I thought Contactpoint was meant to go live around this time *last* year.
So she's slow if she's just telling us it was done then. If it was done more recently then it sounds like it was tacked on. So they did not think it necessary in the first place.
BTW. £44m to process 55000 children. £800 / child a year. How many hours will it take to update this DB per year?
If shilding is to protect the vulnerable children then why do the children of all politicians need to be shielded? Is it because they are at risk or because the parents (politicians) do not trust the security of the system?
Re Victoria C and Baby P both these cases ended the way they did because of the failure of people in the same authority, and even in the same office, to talk to each other. How is a national database going to help that? Why does expensive and complex IT need to be deployed to correct a problem that is caused by people not being able to communicate at the most basic level - speech?
I know from personal, front line, experience with abused children many so called professionals in this field could not give a rats arse about the children until the wheels come off the wagon and then it's all scrabble 'round to protect their own arses. The few dedicated care professionals in child care are driven out of the job by the constantly increasing workload and management's only interest in "performance" figures. Those that stay are either masochists or could not get a job flipping burgers in the real world.
So this childrens version of the ID database will still not save lives, it is just there to show that this gov.uk is "doing something for the children".
/rant.
You're grossly mischaracterising the arguments against ContactPoint. But I note you're on message when it comes to New Labour's current party line of painting the Tories as the "do nothing" party. By the way, I vote Lib Dem.
The arguments against ContactPoint include (but are not necessarily limited to) the following:-
1. The ends do not automatically justify the means.
2. ContactPoint might do more harm than good.
3. "Shielding" is a dead give-away. See AC, 24th April 2009 14:08 GMT.
4. There are better ways to invest the time, effort and money being spent on ContactPoint when it comes to protecting children.
5. Children are not the only people with rights. Adults have rights too.
Would you accept CCTV in every room of every home, so as to ensure that child abusers have no privacy with which to hide their abuse of children? After all, if you've got nothing to hide...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
