Sign in / up

back to article Deloitte flags risks of UK child database

A security review by Deloitte of one of the UK government's child databases - ContactPoint, which will contain an entry for every English child under 18 - has found it is generally secure. With some provisos. Deloitte makes a timely reminder to a government convinced that securing databases is simply a technical problem: "Risk …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. analyzer
    Flame

    Yeah right

    So that's no CD/DVD glued up USB and FireWire slots, no floppies no card reader/writer, no insecure OS' and competent civil servants.

    Yeah I can just see that happening :(

    0 0
  2. Duncan Hothersall
    Heart

    Quite wrong

    No no, Deloitte has it wrong. I distinctly remember Blunkett's pronouncement that the government's ID database would be impregnable because of "biometrics". Oh yes. No worries there.

    0 0
  3. Anonymous Coward
    Thumb Down

    I don't believe it.

    "More positively, the review found information security had "been ingrained" within people, processes, policy development, requirements definition and architecture."

    So this *particular* Government department has security "ingrained" while the rest (and HMRC in particular) appear to be clueless.

    Unlikely!

    0 0
  4. Anonymous Coward
    Anonymous Coward

    What you forgot to mention...

    ...is that the government is refusing to publish the detailed findings of the Deloitte report on the grounds that if they did so people might use that information to target the database.

    Clearly someone in Whitehall thinks that security through obscurity is still a reasonable argument.

    0 0
  5. Anonymous Coward
    Anonymous Coward

    Surely children have nothing to hide?

    So they've nothing to fear?

    0 0
  6. Eponymous Cowherd
    Thumb Down

    @ Mike Richards

    More to the point, their refusal to publish the detailed findings on those grounds is a tacit admission that security is far from being "ingrained".

    0 0
  7. Solomon Grundy

    @security through obscurity is still a reasonable argument.

    I can't believe you rehashed that old argument. It's been proven that Open Source products are just as vulnerable as anything else. Some people just won't let it go,

    0 0
  8. Anonymous Coward
    Linux

    Numpties with the keys to the door

    It doesn't matter how secure the database is, the data centre it's lccated in is or the network it's connected to is, if they give every numpty Tom, Dick or Harriet the keys to the door and the last I heard, they pretty much are.

    Paris 'cos even she's likely to get access to the data.

    0 0
  9. Duncan Hothersall
    Heart

    @ Solomon Grundy

    Haha. Nice one. You're joking, right? Friday afternoon, have a laugh... no?

    "It's been proven". Oh well that's alright then.

    0 0
  10. Phantom Wibbler
    Unhappy

    oh well

    Speaking as one who works in the children's services arena, I was hoping Deloitte would kill Contact Point. The concept is good and beneficial, but I fear the execution will lead to a major disaster.

    Of course that's supposing Deliotte were totally impartial!

    0 0

  11. This post has been deleted by its author

  12. MGJ
    IT Angle

    Compare It To The Paper

    What Deloitte's should be comparing the system to is the current paper and unconnected databases that cover children's details. What are the controls on access to paper files in SW offices like? Does every access get logged and monitored and could it be controlled? Who has access to the relevant SW, police, education databases and can do searches across them for proper data matches to identify risks to children from the sort of patterns that professionals recognise? Do the benefits of that in catching abuse and risks to young people outweigh the downsides which presumably Deloitte's did identify (unauthorised use or access, elevated access, fishing exercises) that can't happen at the moment, or was this just a White Hat penetration test

    0 0
  13. Christoph

    What's the problem?

    Of course it's perfectly secure. Deliotte has firmly assured us that it is entirely safe for the government to pay lots and lots of money to implement the system. Most of the money going to consultants such as ... oh look, guess who.

    0 0
This topic is closed for new posts.