Slashdot Mirror
Database of All UK Children Launched
An anonymous reader writes "'A controversial database which holds the details of every child in England has now become available for childcare professionals to access. The government says it will enable more co-ordinated services for children and ensure none slips through the net. 390,000 people will have access to the database, but will have gone through stringent security training.'"
Knowing our government, child professionals, council binmen, accounts clerks, councillors, dog catchers and that nasty lady on the front desk who's job is purely to be unhelpful.
Semper en excreta sumus solum profundum
Jackpot!
(just a matter of when)
...Big Brother strikes again...
The article doesn't seem to make any mention of removing that information when they become adults. I can see where this is going... get a database of them now, when less people are likely to complain, and then you still have the info when they are adults. Instant (well sorta) database of all your citizens.
if ever their was a reasonable cause to scream think of the children, this is it. and lets not forget that these kids will grow into adults, do we really believe the government will let go of that information once it has it?
If you mod me down, I will become more powerful than you can imagine....
390,000 people will have access to the database, but will have gone through stringent security training.
That's great, but having people know security through (unspecified) 'stringent training' is no guarantee it will be carried out effectively.
Oh, and at a nearly a quarter of a billion pounds, forgive my curiosity about precisely what value this is expected provide.
Sounds like a rabid white elephant with dangerously sharp tusks.
I bet Bruce Schneier will post on how bad an idea this is any hour now. Some classic Schneier: "Why Technology Won't Prevent Identity Theft" http://www.schneier.com/essay-255.html ...and what about the old-fashioned Law of Large Numbers? If you give 390,000 people access to something, the chance that some of them are criminals is: 100%! (Rounded to the nearest six decimals or so.) Simply because there are 390,000 of them.
390,000 are too many even if they could keep the secret. Because it is almost certain that in such a large group there are some people the information should be secret from.
C - the footgun of programming languages
http://lpuk.org/
I stumbled across this website last year. It is a very small (at present) political party. As far as I know, the only one who actively states they will scrap this state monitoring nonsense.
Hopefully, some of the other parties will realise that people don't want to be monitored, and there are votes to be had out of it.
Carpe Daemon
Here in Denmark, there is the CPR (central person registry), where EVERY person living in Denmark has a unique 10-digit number, and the state+ subscribing entities (such as tax, medical etc etc) has access to relevant data about you.
Yet, that does not stop children from being abused, disappear etc.
A database is worth little unless you implant a small tracking device in all you wish to track, and monitor constantly.
Melchett: Now, I've compiled a list of those with security clearance, have you got it Darling?
Darling: Yes sir.
Melchett: Read it please.
Darling: It's top security sir, I think that's all the Captain needs to know.
Melchett: Nonsense! Let's hear the list in full!
Darling: Very well sir. "List of personnel cleared for mission Gainsborough, as dictated by General C. H. Melchett: You and me, Darling, obviously. Field Marshal Haig, Field Marshal Haig's wife, all Field Marshal Haig's wife's friends, their families, their families' servants, their families' servants' tennis partners, and some chap I bumped into the mess the other day called Bernard."
Melchett: So, it's maximum security, is that clear?
Blackadder: Quite so sir, only myself and the rest of the English speaking world is to know.
The others where speaking Urdu and the the assignment was "discuss."
http://www.dailymail.co.uk/news/article-410150/Schoolgirl-arrested-refusing-study-non-English-pupils.html
I'd like to see the database entry for the arrested girl.
The next pasture is always greener
This only afffects England.
Scotland, Wales and Northern Ireland have their own Devolved governing bodies which have been less interested in these massive Databases to date.
England doesn't have such a body. It was offered but there was a lack of interest.
Indeed. And give them as much training as you like, it still won't stop them flogging the data to private investigators and tabloid journalists.
shhh, ya great jessie, ye'll gee the gam awa'
It pays to be obvious, especially if you have a reputation for being subtle.
This is appalling - the "facepalm" tag is spot on. I have a great fondness for the UK, even though I've only visited once, and the people there have my sympathies for such bureaucratic stupidity. Policies like this and ASBO's of the last few years have had a disastrous effect... government is getting way too intrusive over there.
Sadly, I think Australia is heading in the same direction, though at least the Australia Card/Access Card proposals have been shelved by the current mob (for now)
Seriously, doesn't anyone think of the children?! Please?!
--The knowledge that you are an idiot, is what distinguishes you from one.
Invalid entry
Syntax error
Test ignore
Null value
And my personal favorite:
rm -rf
You can't link to the daily mail and expect to be taken seriously.
This Database Is Useless Without Pictures.
I didn't see any mention of 390,000 secure tokens being handed out or anything on the amount of detail being kept in the access logs.
They did implement that ... right?
390,000 is about 1 person in 150. To me that seems far too many. And why would the records of politician's children need special "shielding" if this is secure?
No sig today...
I was under the impression that the information to be contained within this database already exists in one form or another and this is the problem that they are trying to solve. Currently this information resides in a hundred different systems and only a small proportion of these systems actually talk and exchange information between them. Such a fragmented system surely can't be good for anyone and by collating it we ensure everyone involved has the entire picture rather than just their service/authorities history of the child.
Don't get me wrong I do think the current plan is flawed and needs review. The security/integrity of the system needs an overhaul before going live, the number of people with access reduced, tighter regulation introduced outlining when the information can be accessed and a clear declaration as to when a child's information is no longer required by the state and deleted.
Announced to the media when the government are being hammered in the news over some other scandal. They do this all the time, the Torries before them did it too. Often they announce shit they KNOW is controversial and have no intention of actually doing just to make the press write about something else and forget the scandal they were writing about. It's the equivalent of waving a new flashy toy at a toddler to distract him so you can grab her blanky to get it washed as she won't knowingly let it go.
As far as the cost is concerned, the government just got an influx of unexpected cash from ministers in the form of repayments, so they can afford to splurge a little on some untendered, no doubt proprietary solution provided by an IT company who spend more on lobbying than their solutions, no doubt running on Windows. They will also keep the details hidden behind a commercial confidentiality NDA excuse too.
Labour do seem hell bent on kicked out at the next election with the added bonus of becoming unelectable, good luck to the bastards.
In roughly 18 years time, these children will be young adults and they'll still have all their information.
Add a few more decades and they'll have complete details over every child and adult simply because the children have grown old.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
The view from El Reg http://www.theregister.co.uk/2009/05/17/contactpoint_follow_up/
And why would the records of politician's children need special "shielding" if this is secure?
Bingo! Surely if this is so secure, MP's brats should be the seed data for the list.
Good idea. Every government database should start out with only politicians' data in it for six months.
No sig today...
No, seriously, why?
Are children like some sort of disease that need to be tracked? Of what use is it to these "childcare professionals" to know the name of every child in the UK?
Over time this is going to be a 1:1 census.
What are the benefits of this that outweigh the severe risk of having all of that data in one place? It seems like once a week there's an article on here about some huge privacy violation that the UK is already finished with. And this...I don't know anymore. It's just absurd at this point.
Large parts of the UK fought and bled for the right to not be part of England.
Hey, we bought you fair and square. You're ours now. That's how capitalism works. It wasn't even a hostile acquisition, it was an economic rescue plan.
Quidnam Latine loqui modo coepi?
http://news.bbc.co.uk/1/hi/england/manchester/6047514.stm
Good enough?
390,000 people will have access to the database, but will have gone through stringent security training.
Let's try being a little optimistic.
Let's say that all 390,000 people take their duties and responsibilities as public servants very seriously. They attend the security training and try to remember everything they're taught.
Fast forward two weeks. They all integrate the security training into their work, and form new habits: "when I open the database, I have to $SECURITY_CONSIDERATION, then click on $SAFE_OPTION and always ask IT if something smells fishy". They form habits.
Fast forward four months. An unexpected situation pops up. They have now forgotten what they learned in security training, relying solely on their new habits which have worked perfectly well so far. They try their best to judge the security implications of their choices in an unknown situation, but they're not computer techies, so they get the answer wrong.
As a result, security is breached.
Anyone wants to defend a more optimistic prediction?
Some drunken bureacrat left it in a taxi.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Having worked for a local council as an IT Engineer I can state that I had the ability to re-set everyone's log on passwords including people who worked with child services, If Someone left the machine locked but with the db open I could have easily accessed it. The real problem with that was none of the Local council IT staff was required to have a crb check because they weren't working directly with children.
They fitted George Orwell's coffin with rollers so he could turn over more easily years ago.
Watch how this plan fails spectacularly...and then they will ask to put a chip in our children...and then the adults will follow...
Not directly, but I work daily with the ContactPoint project and a number of others that coincide with it.
First: there is no opt-in or opt-out. The database is populated from a number of existing databases at a Local Authority level, and in most cases the primary source is the central Education database, which is in turn populated by schools' information systems and such. All schools, private schooling parents and similar, have a legal duty to submit this information annually in the Schools Census. It's not 100% accurate or up-to-date, but it's as comprehensive a framework as you'll find. "Refusing" or giving "bogus details" would be both very difficult and illegal.
Second: I hate the database, its supporting systems and the gung-ho approach the DCSF (central govt dept) have employed in its implementation. It is causing more work, problems and morale-breaking long-term consequences than most of the people on this site could conceive, to front-line workers and back-office support staff alike, and I would love nothing more than to see this project and many like it (see "Integrated Children's System") abandoned in favour of implementing some of the more relevant and critical recommendations of the Lord Laming report, which is what triggered the whole debacle, but I don't expect that to happen.
I have suspected for a long time that this was a back-door approach to a national person database, which is why I don't believe the govt will let go in spite of its inevitable breach of the Data Protection Act once the children reach the age of majority.
My biggest criticism of the entire suite of projects is that it completely fails to address - and in fact may exacerbate - the central problem with the Victoria Climbie case that it is supposed to solve. Specifically, she was recorded multiple times on multiple databases due to poorly trained users. Even then, there were several contacts with the child that should have led directly to intervention or at least in-depth investigation, with or without additional case background, but the workers involved failed to act.
Fundamentally, the DCSF does not seem willing or able to accept a simple truth, fundamentally understood by all IT professionals and most of the people on this site: You cannot introduce software to prevent people from making mistakes. At best you can only change the type of mistake they make.
Most social workers are actually insulted by the systems being introduced, because they increase the administrative workload (in spite of DCSF claims to the contrary) while removing the responsibility and flexibility for workers to make qualitative assessments and trained, experienced decisions.
Even if central government are to be taken at their word, this system is a poor implementation of a poor solution to a serious problem, and will hinder as much as it helps. If not, this is - as you suggest - an insidious approach to a wider Big Brother agenda.
Meta will eat itself
We need a database of MP's expenses
now that would be something...
put a chip in our children...and then the adults will follow
Well, duh, of course the children with chips installed grow up to be adults with chips installed. It will only take a couple of generations to include all ages.
There is only one good thing about this database: it's another cost for the Government to bare and it will require more staff to maintain it. As a UK tax payer you might think I'm mad for saying that but hear me out.
We have a rot in our country that is causing the state to grow almost totally unchecked. The people are broadly split into two camps: those working every hour FSM sends and those sponging of the state. The workers don't have time to try to change the system the spongers don't want to. The only way it's going to get better is for it to collapse under it's own weight and get rebuilt hopefully better (but probably with the same flaws).
Perhaps it seems a little defeatist of me to say this but think about it for a moment. When was the last time the people paying the tax really got a say in anything? I don't have the figures but I would bet that the largest group of non-voters are working people. Not only are they becoming a minority (government workers don't count) they are suffering exclusion problems too.
I used to have a better sig but it broke.
Bear in mind folks that this is the same government who admit to an 86% infection rate *each year* among the 5,000 odd computers used at Westminster:
http://www.theregister.co.uk/2009/05/15/mp_malware_leak_risk/
Yes, that's 4,300 infected machines a year, with 400 hit badly enough that they get cleaned manually (and I hope to god manual intervention means wipe and start again, but I doubt it somehow).
So, that's a nigh on certainty that the login details for the database are already well known to 3rd parties then...
This is fallout from the Baby P incident. One tragic case of failure in social services got hammered by the media for weeks, complete with pictures of cute-now-dead toddler, and the newspapers got into full on campaign mode. The government has no choice but to respond. Our IT policy is being dictated by the emotional reaction people have to a small child being beaten to death. Rationality has truly gone out the window.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
What would be better would be a law against politicians' information being treated differently from yours, to give them some incentive to protect you. There is nothing worse you can do to a person than make them live worse than others simply because they are different. By making their personal data more secure than yours they are putting themselves above you and declaring that they are more worthy of protection. Does their office make them more human? I would argue that it makes them less so by isolating them from the public. Further isolation can only result in more ivory tower politics...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
So, you propose to steal the data as it's being entered in remote offices before it's uploaded?
Well, with a web API over SSH that means you're talking about a keylogger, since any other way to steal that data requires you to have access to an application or a local dataset, neither of which exist. I really could give a crap about keyloggers, since you can already steal that data simply by hacking the PARENT'S COMPUTERS. That's nothing new, it is not an ADDED risk.
What you're saying, in a nutshell, is that data in any form is unsafe anywhere, regardless of wether it's centralized or not. There is no answer to that, but it's also UNAVOIDABLE. The data WILL exist somehwere, it simply HAS to. (unless you're suggesting we take the entire government back to paper and secure point-to-point fax machines and throw out all the computers).
We MUST have the data somewhere or the danger is much greater (mishandled children, lack of access to missing persons data, inability to match children to parents, inability to track troubled parents from state to state, inability to centrally documented court interactions with parents, these are all MUCH bigger problems than the risk of data theft of priomarilly useless and invaluable data!)
If the data IS centralized, then we have a single secure repository. This provides multiple advantages. Cost (fewer servers, fewer admins, consolodiated licensing). interoperabilty (everyone's on the same code base). Audit (every access from every point is monitored, further, we can scrutinize the security level of the guest machine logging in). security by scale (big databases are on big iron, and enterprise class systems and security, scattered regional databases are on back offince machines with little or no regulated security.) Reliability (big massively redundant clusters on UNIX or OS390, not simple machines runnin Windows).
Let's not loose sight of this fact: THIS DATA ALREAYD EXISTS, we're simpy securing it centrally under government security regulation and audit. IT'S ALREADY OUT THEiR, UNSECURE TODAY. The security can't be perfect, but it's an order of magnitude better than today. Oh, btw, most common method of access from remote sites: Citrix. go on, install a key logger in my virtual desktop image... Hack the remote PC all you want, it won;t get you into the citrix system, and even from there you still need the account credentials to log onto the internal web server...
Again: my firm processes 7 billion medical transactions per quarter. We have thousands of tapes coming in and out of the building weekly, we have hundreds of throusands of people interacting with the medical records, processing payments, transactions, medical history files, and more, most in real time. We are under CONSTANT attack from viruses, botnets, and hackers. NEVER ONCE have we been breached. DAILY one of our systems is infected, but you can;t get the data by infercting edge systems, you have to infect the core, which is still 3 firewalls and 2 alternating operating systems away.
Name 1 virus that can hack a Windows PC, from there hack a Citrix console, from there Hack a Redhat web server, from there hack an AIX application server, and from there hack a DB2 or Oracle database on a mainframe... and EACH SYSTEM TIER uses seperate administrative credentials! Even the best hackers in the world can't accomplish that in person, no simple bot can do it.
Want to collect the data by infecting 1 million point systems, fine, you can ALREADY do that... We're just making a system that solves otehr BIGGER problems, without increasing the security risk level (in fact, it;s better than it is today by large margins).
There is no contest in life for which the unprepared have the advantage.
Sorry, you should have added a 'Commit;' to your son's name.
Fault tolerance must be less than .00000256% for such a system to be safe. That is a completely unrealistic standard.
One person is enough to compromise secrecy, and just because you can know who that is, doesn't mean you can retrieve what was already stolen.
Some drunken bureacrat left it in a taxi.
They left it on a train, but claimed the money for a taxi when they did their expenses.
You talk as if the only danger is someone exporting a large subset of this data. Why would a pedophile want to do that when they can search the database where it is? Yeah, that data is all out there already, but right now, I have to find which database has the data I want and then find someone with access to it to subvert. This system puts it all in one place. Now, instead of having to hope the person I can subvert has access to the right database, I know they do. Out of 390,000 people, there are going to be a significant number who can be subverted to access that information.
The truth is that all men having power ought to be mistrusted. James Madison