No, no, no....
A million people with access to personal information on your child, your home address and whatever else will be required under compulsion?
Lets hope this gets delayed again----permanently
More than three times as many officials will be able to access sensitive information on every child in England and Wales held in the forthcoming ContactPoint database than estimates circulated by the government suggest, research by The Register has found. ContactPoint is now scheduled to launch in January. It will store and …
Regarding the following "Publicly available staffing figures from education authorities, the NHS, social services and other organisations show that more than one million government employees will have access to ContactPoint."
Within each organisation the Users who are required to access contactpoint are selected on a strict critiea, its not just going to be given to all staff at a GP's surgery. Probably only the GPs themselves, Office staff and lower level practitioners will not have access.
Not all staff in educatiuon will have access, not all teachers in a school, only the child protection co-ordinator will have (normally just one or two teachers)
To raise this as an issue is missing the point as its not true....
What you mean is the CP Co. will have access, the IT Manager and tech team will have access when the front end fails and needs to be fixed, and some student will have access when the CP Co. leaves their station unlocked, logged in, and goes to pick up a print out from another room. I've seen and been a part of sorting out the aftermath of all three, albeit with a different system.
Even if this database WAS a good idea, the fact that the people with access to this information are often not technically minded will cause issues that cannot be predicted or protected against. Security will give way to useability, and something will go wrong.
"Not all staff in educatiuon will have access, not all teachers in a school, only the child protection co-ordinator will have (normally just one or two teachers)"
In a primary school at least I'd assume that have to attend interagency case conferences (ie between teachers, social services and medical staff etc) would require access to the database as presumably this is where the rssults of these meetings will be documented and tracked. Even if they don't have to go to the meetings but review and fill in paper work would presumably need access. My wife is a primary teacher and I know that she attends these meetings for the children in her class. Obviously the head and deputy will need access as they too deal with interagency meetings as will the Special Educational Needs coordinator. Optimistically it may be limitted so that class teachers only gain access while they have a pupil on the list but realistically (at least in my wife's school) that is likely to be all the teaching staff. I'm guessing in a secondary school it may 'just' be limitted to heads, deputies, head of years and form tutors.
The current system doesn't work, my wife has only just found out that one of the children in her class is on the At Risk Register (meaning that seeing the child daily she should be watching out for suspicious behaviour, bruising etc and potentially if she failed to spot and report 'obvious signs of abuse' she'll probably be the sacrificial goat after the great newspaper inquisition after a child abuse death). The only reason she found out was through an accidental comment. If this (massively intrusive and over reaching) database existed at the start of each year (and probably throughout it) she'd need to check every child in her class to make sure they weren't on the database, that or risk being on the end of a headline "Teacher failed to protect child".
I don't like it, she won't like it but if we have the database practicioners will have to use it or be accused by the public (and lazy headline writers) that it was them who failed to do their duty and they let the child die.
Just one million? I can see that figure rising personally.
Why is it necessary for ANYONE outside the immediate area where a child lives to have access to that childs data?
The government seems to have a 1960s view of computers - one vast computer that everybody accesses. Far better to distribute the data to locations close to where it will be used.
Access is controlled via Government Gateway. Yes, the one which was partially compromised by the loss of a USB stick a couple of weeks ago.
Hopefully nobody created a bunch of logins and enrolled them into Contactpoint to give them full access to this information whilst bypassing the checks which would normally be part of enrollment.
/ *crosses fingers and hopes*
So how many GP's are there? How many teachers? How many Police?
If we were really so foolish as to just take the totals in each category and lump them together we would be being about as foolish as, well, a government spokesperson on the subject.
Official figures suggest around 190k GP's in the UK. Not all in England, so we downweighted those. And you honestly think not a single member of the Practice Admin would have access?
Despite the fact that the legislation apparently allows osteopaths to access ContactPoint we estimated that number would be nil or negligible.
Midwives. 40,000. Do you think a significant proportion of THEM would have access to the system?
Police. Another 180,000 or so. We think most of them would have access - but in the absence of a government line, we can't be sure. And ACPO think a fair number of support staff would definitely have access.
Teachers. Almost 800,000. We certainly don't think all of them will have access. Only a very small proportion.
Social Workers. 80,000. We didn't include all of those either.
Now. I know what the government spin is about selected staff having access. The question really is just how selective the access is going to be and, where access is restricted, whether the two people in the office with access will be happy to have their work constantly disrupted by other staff asking them to carry out checks for them.
But please: look at the categories the legislation allows to have access. Tot them up. And then honestly say you believe the government figure of 330k.
Clue: the total number of individuals falling within the categories listed in the legislation is c. 3 million.
What makes you think that only 10% of them will have access, as opposed to a third?
Boffin, cause I'm wearing my statistician hat today.
I work for a certain government agency but am employed by an employment agency.
I have not had a CRB check or any security checks.
All that stops me from using my full access to a very large government database containing huge amounts of very personal (and, to a criminal, valuable) data is my contract, which I would breach if I decided to download it all onto a USB stick and, say, leave it on a train.
Is this the type of security they are talking about?
I am surprised that no mention has been made today that the goverment has so little confidence in the security of the database that MP's children will be on a special restricted list.
They are saying that of course it's safe and all database users will be vetted, but just in case it's not then there is a special level of protection for their own children. Shows how much confidence they really have in it.
I think it should be compulsary that everyone who 'could conceivably' manage to obtain access to any of this information should first undergo unrestricted and extensive criminal record checks, enhanced disclosure and in depth psychological profiling. The two that make it through this selection process can then each be issued with a CDRom to leave on the train.
Some other child won't get picked up by the system and access to the database will be expanded to include more people, its usage will become easier and security will go out the window.
Finally some novice case worker will leave their laptop on a train with the access to the wifi enabled VPN open to the system for all to access.
The tomb stone marks the last resting place of personal privacy.
"would require access to the database as presumably this is where the rssults of these meetings will be documented and tracked"
No case notes or documents whatso ever are going to be held, just very basic stuff like name, address, dob, and name of agencies who work with the child.
"the IT Manager and tech team will have access when the front end fails and needs to be fixed, and some student "
No they wont, IT staff will not have access, only working, approved practioners.
.. of child abusers (in all the forms: sexual, psychological, physical, verbal) in the UK population. If we allow for 1 in 1 million that means there are only 55 in the UK. I don't think so !
If we're looking at several thousand or tens of thousands then that means that of the 1 million with access to this database perhaps several hundred to several thousand will be a abusers in some form.
The more I hear about this governments "utopia can be found through technology" plans the more I believe that this asylum (the UK) is being run by the criminally stupid.
listening to the sound of everyone jumping on the "invasion of privacy" bandwagon without having any knowledge of how the system will be used or by who. Without any knowledge of the way data on vulnerable children is handled now and without knowledge of child protection procedures and the issues surrounding them"
Does anyone here really believe there is only one database?
What about system test; user acceptance test; and the inevitable full-scale volume test databases. Many of these stay around a lot longer than you would imagine.
Live data also gets recorded in real performance test script executions.
The mere existence of a monolith database inevitable means a single point of failure. I am in agreement with others, when did the idea of decentralised systems cease to become valid?
PH, because her performance gets rated daily !
(1) they don't have it on CD any more....it's on my DVD....err, it's on A DVD; yeah, that's it.
(2) You think your local council isn't already looking at this to make sure you're not abusing your sprog by sending them to the wrong school in the first place?
(3) How will they ever tell one child from another without some form of rock-solid ID...like, say, maybe an ID card...Eureka, what an idea. Each child will have their own ID card for THEIR PROTECTION.
(4) Of course, you will have to have your own ID card just to prove you are the child's parent(s) - no big deal; it's already in the works.
(5) Trust me, I know what I'm doing (this is your government speaking).
Of course as I have spent many years working with IT, Social Services and Education professionals, I know that everything the government says is true and anyone that tries to disabuse that (like this article) is clearly rubbish.
It is inherently safe, there is no need to worry about anyone having access to the information, its not like they could abuse it to take children away from families for some spurious reason....
You obviously sound like having a vested interest in the system, so your vision is a bit clouded.
Basically, any "privileged" data to which a million people can have access is as good as published in the FT. It does not matter how well do you think you've designed the access procedures they will be circumvented. You cannot enforce a 100% secure access regime among so many people. It's just impossible.
Besides, what is the probability that there will be members of a paedophile ring or two within the million? I'd say - extremely high. This is a generous gift to them pedofils from the control freaks in the Government.
It just takes one bad apple or one incompetent to "leak" the data out of this system. Once it's leaked, it's out there for the entire duration of several million childhoods. And it's an absolute goldmine for paedophile predators. If a million people have access, somewhere between ten and a hundred will themselves be paedophiles, and perhaps ten times that number so venal that they'll sell data to anyone who pays without a second thought.
Criminal records checks? No good, they haven't been caught yet so they don't have records. Catching them after the "big leak" event is too late. So for God's sake and our children's safety, kill this database before a single byte is stored in it!
"No they wont, IT staff will not have access, only working, approved practioners."
I'd be interested to hear just how you worked that out. Is the backend database going to be administered by an AI ? Clue : No. Will the system be so perfect that it will never need any intervention from a technician ? Clue : Not in this or any other lifetime. Given this, is it feasible for technical staff and developers to diagnose failures in complex multi tiered database systems entirely without access to the live data that was in use at the time of the failure ? Clue : No, it sodding well is not. Is it possible for the staff who will be charged with maintaining the database to load, de dupe and otherwise cleanse the data in the system without access to it ? Clue : Also no.
Even if the whole system were designed, implemented and maintained by "approved practioners", (Clue : Cap Gemini is an IT services shop, not a coalition of GPs and social workers who just happen to have 'leet coding and DBA skillZ), this would make them de facto technical staff, would it not ?
""would require access to the database as presumably this is where the rssults of these meetings will be documented and tracked"
No case notes or documents whatso ever are going to be held, just very basic stuff like name, address, dob, and name of agencies who work with the child."
Documented as in "a record that a meeting took place". Unless the database can be used to track each individual time that an agency has interacted with a child then it will be no use as it won't distinguish between a child that was only seen once and is at no risk and a child that has been seen dozens of times and IS at risk. And you don't need hand written notes of every conversation scanned in and attached to the child's record for it to be an invasion of privacy.
""the IT Manager and tech team will have access when the front end fails and needs to be fixed, and some student "
No they wont, IT staff will not have access, only working, approved practioners."
Someone in IT will have to create the logon credentials and so they will have access. Unless you're trying to tell me that a bunch of social workers, teachers and doctors with no IT experience are going to build and maintain this database.
You can't just keep repeating that everything will be fine. Eventually you're going to have to address the points people are raising and explain why this database will be uniquely different to every other database and why the people involved will be immune to human nature.
Even if the lowest figure is taken its still far far too many to keep safe ..........the government proves time and again it is incapable of handling computer related projects........
We have to ask ourselves why use a computer at all ??? will it save a life for example ???
well take this recent case of the horrific murder would that child be alive if we had a database....i doubt it....
i can see no good reasoned argument for it being built and as with all computer projects it needs constant upgrading.....going through all the current projects they will cost in the region of £100Bn over the next 10 years i dont think thats money well spent for the stated aims.....
It's the very lack of knowledge of who will have access and on what basis, allied to the insanely disproportionate scope of inclusion which is the problem with ContactPoint. "The way data on vulnerable children is handled" is barely even relevant to the implementation of a database which will contain records for every single child in the country. It is simply **NOT POSSIBLE** to secure a centralised database which can be accessed by 300,000 people (whether or not they are "working approved practitioners") let alone 1m. If there is no potential for abuse here, why the reprehensible opt-out for the children of MPs?
A good point about why the NuLabour fixation on gigantic national databases. A smidgen of history might help us understand better what's going on:
In the mid-1960s the Rand Corporation published a book proposing ways to use computers and databases in local government, "A Data Processing System for State and Local Government".
In essence it proposed a single comprehensive database with everything connected to everything else, land, people, schools, welfare, you name it. I found this book in a remainder bin somewhere and bought it as a curiosity, but with time I came to the realization that it was proposing a privacy-destroying Big Brother system — about what you'd expect from the Rand Corporation.
One has to wonder if that little book is behind NuLabour's fascination with all-encompassing databases; the parallels are too close for comfort.
PS: Copies of the book seem to be readily available, though not in great numbers. Anyone with a serious interest in the erosion of privacy via IT should familiarize themselves with it, if only so they understand how long the NL attitude has been around.
These are government people, they wouldn't harm us or our children. The government screening programs are safe and never let anyone unsavoury into a position of trust with vunerable youngsters in society.
"Go back to sleep Britain. Go back to your TVs and beer, grow fat and stupid. You are safe. Your government is in charge."
Can someone point me to a formal statement by the government (and/or its contractors) to the effect that this will be a secure database?
I ask because - if such a statement exists - I would argue that we have the basis for a legal suit of criminal negligence and/or fraud (depending who is making the statement) and I for one would be happy to donate a hundred quid to a class action to sue the arse off the bastards.
Surely the number of people who have access to the database is almost identical to the number of people who use it. After all, if you don't use it then why would you be given access.
The most basic data security would seem to say that if you don't use the data, then you shouldn't have access to it.
How on earth does this database prevent someone from abusing their own chilldren ? We're not quite in a 24hr domestic surveilance society (yet) and as far as I know there aren't cameras in my home watching me bath my baby checking that I'm not taking /too/ much care washing his bottom...
It'll just be a flag on the record so when the MP loses in the next election his kids can be restored easily.
And who's going to guarantee that the programmers writing reports and DB access routines will always remember to omit the flagged records? Mr. Brown? Ms. Jacqui? Ha ha ha ha!
Britain needs to build a nice big new nuthouse, round up all members of the NuLab government and incarcerate them for "demonstrable madness and disconnection from reality."
PS: I am wrong if NL intends to have a permanent majority, but we know what happened to the political party in the US that tried that little stunt.
This governments record with IT is thoroughly awful and we are a laughing stock when it comes to IT disasters, see this:
That's 5/16 of the most noted IT failures out of the entire world !
This database is a paedos dream, all the info they want from one nice leaky UK gov IT project.
I was thinking of moving to Australia to avoid this sort of nonsense, but it seems IT stupidity has infected the Aussie politicians too.
That you lot on the other side of the atlantic are in dire need of a change in government. I've been reading about this database, the ID card scheme, etc etc via El Reg and other sources and I have to say some of it is genuinely scary stuff.
I haven't commented thus far because not being over there, these ill conceived schemes being put into place by your government don't necessarily directly affect me. Thus I feel that it's not really my place to weigh in on this. However from a pure human rights standpoint this and some of the other programs being proposed are an affront to basic human and civil rights, and as such I can't help but say, WTF??? I mean seriously anyone who thinks any government can safe guard this kind of database who's access control list seems to be... well just about anyone connected in some way to local or state government, is simply deluding themselves.
As has already been stated it just takes one numpty to leave their laptop on the train or "secure" USB key in a pub and the security of this thing is (at least temporarily) totally and completely fucked. I wish I could be more eloquent about what a phenomenally bad idea this is but when governments start going down this path I can't help but be pissed. I've railed even more strongly against things over here like the "patriot act" etc, but to no avail under Gee Dubya's staz...err regime.... err administration. But I digress.
The cases which spurred these actions are indeed tragic and no one would deny that. However it seems the failing was on the part of the local social service and law enforcement agencies not the lack of something such as this rather Orwellian datase. Or the inevitable ID cards that will soon follow on the heels of this database being forced upon you to "enhance security" of said database, read: government will be able to track and tag anyone they feel is a threat. Wether that threat is real or imagined wont matter at that point because they will have control from the top down.
I feel for those who have expressed genuine concern over this and other schemes which seem designed to do nothing more than erode your privacy and will not only do that but may indeed put people directly in the kind of danger that it purports to protect them against. All the while the government officials, their favored contractors, etc etc will profit and be one step closer to being able to heard the populace into the pens of it's choosing to "protect the unwashed masses from themselves".
The article trumpets the 1 million users figure but conveniently forgets that access to ContactPoint does not mean access to all records.
GPs can only see details of children registered with their surgery; teachers can only see children enrolled in their school; social services can only see children in their "area". And so on.
In other words, ContactPoint users cannot see any more childrens' records than they *already have access to*.
So why have the database if access is so restricted? Because they can see more info. For example a GP almost certainly won't currently know who a child's teacher is. So when the child comes into the surgery with unexplained bruising, the GP can't easily contact the teacher to ask if the parents are lying when they claim the child has been bullied at school, or fell over in the playground or whatever. With ContactPoint access they can.
[Aside: Personally I think this is a "good thing". However, it's all a total waste of money if more "Baby P's" are going to be allowed to happen. There's no point giving those involved with a child easy ways to warn about abuse if social services are going to do fuck all about it.]
There are occasions when a user would want to search for a child that they do not normally have access to. For example, police in one town find a runaway child from the other end of the country. To search for this child they need to invoke "break glass" functionality. Doing so automatically warns that user's supervisor (who may not have access to children's records at all but has access to ContactPoint for management purposes). The supervisor is trusted to determine whether the break glass facility is used legitimately or not. (E.g the duty sergeant may do it ten times a week whereas an ordinary constable may never need to do so.)
Yes, the two of them could abuse this arrangement but that requires collusion.
To the other posters with concerns:
@Ash: users can obviously leave the terminal logged in. However, login is two-factor so the owner of the token that had been (ab)used would get the blame for any accesses carried out. All accesses are audited.
@Nick: ditto the need for a token to log in. So even if Gov. gateway data is out in the open, it can't be used to log in.
@Norman Publicus: You are exactly right and I hope my explanation above goes some way to addressing your concerns.
@John Ozimek: all these people *already* have access to child details by the nature of their jobs.
@AC 14:07: just because the agency you work for is poor at data security, does not mean that ContactPoint will be. From what you say, you should be invoking whistleblower legislation to make a formal complaint.
@AC 14:10: "special" cases include MPs sprogs, celebrities sprogs etc. It is inevitable that some user somewhere will ill-advisedly "test the security of the system" by trying to look up a celeb's kid's details. The user's attempt will be audited, flagged-up and they will be spoken to by a supervisor. It's better that they fail and be warned/disciplined rather than succeed and be warned/disciplined.
@AC 14:51 The test databases are as carefully controlled as the real one in. (Same data centre security, same DBA employment vetting etc.) But no access from the outside world - so actually more secure than the real one.
@Chris Thorpe: two factor authentication is used. That doesn't stop the user leaving their token on the desk with a post-it with their pin on. However they would be effing stupid to do so: all accesses are logged so if a child is kidnapped and abused, for example, the first thing the police will find is that the child was the subject of a ContactPoint search and will be round to that user PDQ.
1) The database is not on DVD, trust me. :-)
2) The council already have a legal obligation to ensure that your child is educated so they *must* know whether he/she is enrolled in a school or being educated at home.
3) The same way that schools identify children now: first name, middle name, surname, dob, address etc. No id card required.
@AC 15:26 All access to ContactPoint is audited. A user could always try to add an unfounded allegation onto the system but they would always be traceable.
@Nigel: I would like to say that it is "impossible" for a single person to "leak" all of the data. However that can never be true. Someone could always turn up, shoot the security guards and threaten the DBAs with a pistol until they get the data on a single disk. But a person with the that kind of motivation and access to weaponry is unlikley to want data.
@The Other Steve
It's true. IT staff won't have access. It is perfectly possible to administer a faulty webserver without needing access to the database. If there is a fault on a DB server, the DBA can be supervised by a, well, supervisor, to ensure that he only does DBA things and not look at the data.
Can you cleanse, de-dupe data without looking at it? Of course you can: no single person is going to look at n million records and de-dupe them. Automated matching eliminates most duplicates. Somethings will inevitably be impossible to resolve atuomatically. These are reported back to the local authority of the child in question to resolve. So the person doing the de-duping is a local authority employee who already has access to the records in question.
@AC 16:19 Actually it is relatively easy to secure a *centralised* database. Securing a *decentralised* one is much harder.
"As well as all police officers and staff covering a geographic area, the system will be available to healthcare professionals and their assistants; officers of local probation boards and youth offending teams; heads, officers and administrators at prisons and secure training centres; and all social-care workers." (http://news.zdnet.co.uk/itmanagement/0,1000000308,39547402,00.htm)
Hmm - secure?
Obviously insider knowledge must be assumed if we are to believe your answers (not to say you shouldn't be believed,just stating observations)
and yet you have to post AC which is surely self-defeating?
If the government doesn't want people to know this much about how secure the DB is and you are posting this then isn't that a security breach? Also raises the question as to why we shouldn't have this information?
Surely the detailed rebuttal of legitimate concerns you posted could easily be handled by the government issuing a release with the details you've given, then no-one would have to worry about their jobs and those with concerns could satisfy their own curiosity?
Or maybe this is just more spin, a bit like leaked documents that serve the establishments interest that just happen...cough....to get left somewhere near a journalist.
I wonder though could you enlighten us as to how this DB has been populated as I left the country earlier this year so wonder exactly what they will hold on my children...maybe my daughter will be flagged as at risk as she's not been registered with a school or a GP after all no one's asked me to verify any information.
I refute your impressive looking list of unaccredited justifications with one time-proven statement.
No lock with more than one key is secure.
For the others, it's not the pedos you want to worry about, they are the least sophisticated group drooling over this database.
Think about extreme jihadists looking for impressionable disaffected foot soldiers, or drug traffickers wanting new customers, and more importantly agents who will get their 'product' to new markets. Then of course there is the spy fraternity. Nice convenient selection of future sleepers. All these groups are patient. They don't mind waiting while their 'investment matures.
"It's true. IT staff won't have access"
It's not, they will, and in fact your following statement contradicts what you've just said, also :
"It is perfectly possible to administer a faulty webserver without needing access to the database"
That very much depends on the nature of the failure. If the webserver is accessing a DB, and there is a data dependent bug, you need access to the data in order to recreate the bug. EOF. Perhaps in la la land where you live this is not the case, those of us who get our hands dirty with this kind of problem every day know different.
"If there is a fault on a DB server, the DBA can be supervised by a, well, supervisor, to ensure that he only does DBA things and not look at the data."
_When_ there is a fault on _one of_ the multiple servers. And again, you are ignoring the classes of failure mode that involve the data, not simply the hardware or software. Also, your notional DBA (in fact, multiples thereof) has indeed got access to the data, quite the opposite of what you suggest above. Sure, some untainted do gooder _could_ stand behind every DBA every minute of the day and make sure they don't peek (perhaps you could could volunteer your services), but they won't.
"Can you cleanse, de-dupe data without looking at it? Of course you can"
I didn't ask if you can do it without _looking_, I asked weather you can do it without _access to the data_, the answer to which is still no.
"@AC 16:19 Actually it is relatively easy to secure a *centralised* database. Securing a *decentralised* one is much harder."
By what metric ? A decentralised data set is inherently more robust in the face of (inevitable) security or trust breaches, since the exposure is limited to the data available, for instance.
And in any case, your suggestion that any data maintenance requiring manual intervention will be kicked back to a local authority means that access control _is_ decentralised.
How, as a parental unit, do I access this data to make sure that (1) the information about ME is correct and that I'm not falsely accused/blamed for x, y, or z. (2) that known information about problems is, in fact being acted upon and that I can follow-up / lead where necessary to make sure my child is safe?
I know...no parental access since by default I'M the problem in the first place.
No thanks; and no thanks. I would just LOVE for one of these do-gooders to have been around when my sprog were young and needed their behinds warmed a bit. I'm afraid a thrashing would be the least of their worries...and that's NOT for the sprog.
so Mr. Govt. Stooge can you explain WHY an MP's child (or celebrity spawn) is less at risk than say the children of Voytek the Plummer from down the street?
The system you propose implements extra safety checks against enquiries on these children. You surely must concede that being on this database is what makes us all safe (as you appear to be chanelling Jacqui Smith), and these special cases have a lesser presence on the database than us normal proles. These children are therefore less protected.
So you must have a reason for this and this must be that you can prove that celebrity children are less at risk and therefore need less protection. This is obviously codswallop, there haven't been ANY celebrity peadophiles at all. Specially not glam rockers.
Mine's the one with the "do not return as search result" flag set to true.
Just a small point, rather late in the day, but....
I was attending a consultants appointment at my local hospital just a couple of weeks ago - at one point I was left in a room for a good 5 minutes on my own.
In the corner was a pc terminal for the hospitals internal systems, blu-tacked to the wall next to it was a sheet of A4 papre with a list of users names and passwords for all the patient record systems.
I asked the nice man in the snazzy tie if he knew that I could have looked at multiple records in the time I was alone in the room, using the PC and the passwords pinned up next to it, his reply...
"Why would you want to?"
Bad things happen to a tiny minority, fact!
This does not mean that the majority needs to be held to account or suffer/be inconvenienced.
Life is sometimes nasty and hard, fact!
The UK really is Orwell's 1984.
When will the telescreens be installed in every home?
When will every citizen start getting their Gin ration?
"2) The council already have a legal obligation to ensure that your child is educated so they *must* know whether he/she is enrolled in a school or being educated at home."
This is not true. I know several home-educated children who are not recorded by the local authority. In general if your child has ever been to school then the LA will know of the child's existence because the head teacher should inform the LA when you withdraw the child from school. If your child has never been to school then the LA may have no record of the child's existence. Under current law there is no obligation on the parents to tell the LA.
I'm guessing you're on the left-hand side of the pond? If so, are you aware that your own government has some scary schemes as well? The level of detail they record about people flying to the US is quite intrusive, and they make no guarantee about what they'll do with it. I'm still looking forward to the day when the EU is organised enough to put in place a reciprocal scheme, just like Brazil did with the fingerprints.
Having said that, yes we do need a change of government. Hanging over the edge of the Police State cliff by our fingertips, hoping that something will change and we'll be able to pull ourselves back up again before falling to the death of freedom.
DCSF and ContactPoint have about as much chance of successfully implementing the protocols you've described as they have of genetically engineering a fleet of winged pigs to fly a mounted air corps of commando social workers around the country to pick up at-risk children. As for penalties for misuse - the CP Security Statement already gives a clue to how that is going to play out: "This does not mean penalising front line public sector staff who, while sharing data for legitimate reasons, make an error of judgement". But since we're in Cloud Cuckoo Land, and assuming CP is actually launched on its iceberg-bound voyage, I'm going to look into my crystal ball....
"Legitimate reasons" will cover more or less any access at any time for which the user can fill in a text box . "Stringent auditing and monitoring controls" will translate as "occasionally sticking a pin in the access log and calling a supervisor for a brief confirmation of the text box contents". Unbreakable 2-token access will be compromised within a week of launch. CP data will be stored and consolidated outside the system, then leaked. A DCSF minister will appear on the 10 o'clock news wringing their hands and repeating the New Labour White Elephant Mantra "We will learn the lessons" until their tongue falls out.
"It's true. IT staff won't have access. It is perfectly possible to administer a faulty webserver without needing access to the database."
So IT staff won't fix databases then?
Oh dear, doesn't bode well for the ability to actually access the database. And a database you can't access is merely a method of siphoning off taxes to a corporation.
Which is nice.
All your arguments boil down to "there may have been problems with all other databases but it will not happen to this one" - the real world does not work like that!
I can see that you *really* want this project to succeed, but you should listen to your conscience about the damage such DB will do to the society. Be honest with yourself at least just this once - you will regret it otherwise for the rest of your life...
I am really interested in learning why do YOU think that keeping information about EVERY child (including yours) on the database is a good idea?
Everyone knows that 99.9999% of children are not abused and those who are come from a high-risk environment. Why do you want to monitor everyone and everything (thereby introducing huge amount of noise which will still need to be investigated and filtered out, using the resources which everyone complains are already insufficient) instead of concentrating on the problem cases?
Every time a case like Baby P comes up, unvariably there is evidence that the child has been known to the authorities, that there were all indicators of the high risk of abuse, yet the authorities took no action.
Clearly, it's not about not having the information - it's about not making the right decisions and/or actions. Surely, a database is not going to help with that, is it?
As another poster pointed out, if supposedly responsible social workers, doctors and others, all human, many with their own children, could fail to spot a problem when seeing the actual child and its parents, even in an area already notorious for a similar case, just how will any number of databases, other records etc. help?
it seems to me that all need to be conscious of their responsibilities as people and workers. I believe there was a great official record trail in the child cases; it was used in the investigation most effectively.
Computers, or indeed any "official" system are insidiously dangerous in that they reduce apparent, personal responsibility and initiative. They distance people from these things. Because even the technically literate do not understand all, it is easy to believe that the mere exisitence of a technology is evidence of its correctness and power. One forgets they are just a tool, not a guarantee. As for security: the more confidently someone asserts this, the more one wonders what real-world experience that person has.
This is not to say that limited systems are not useful and even necessary. But it does mean the systems must be limited in scope and all people concerned must be fully educated and required not to use the existence of systems as a replacement for personal responsibility and intitiative and for the need to work together.
I personally think the posters' intentions and beliefs are genuine. Clearly, a lot of thought goes into these databases.
But the point on test databases is naive. I personally was allowed to go into a Live datacentre with a 160Gb hard drive under my arm, for God's sake, to back up some test data. Forget some puny memory stick. I could have been unscrupulous with the data retrieved, but they were lucky that I wasn't.
Having experienced Cap Geminis standards I hope you will excuse me adding some liberal sprinkling of salt on what you say.
Anonymous posting for obvious reasons.
I knew someone who said she was abused in her childrens home by staff. So yes they do. (Not exactly statistically accurate but I trust that more than gov stats)
Until recently it looked like the authrities had been torturing children to death in a dungen under a Jersey childrens home. Fortunately two years of investigatins into this and all the human remains found are all rubish and no children were tortured to death so it's all OK.
PS, there are a few very evil people in the world and we seem to be giving them the tools to go on to greater attrocities.
*Gravestone for the gaves of the missing Jersey children.
That some people really believe data can be secured.
lol, I guarantee you, you can look over my shoulders when I am working on a system, with the amount of scripts etc, that is fired, off, you blink, and I've created a copy of the data, or have started the process, you would not know, unless you are very sharp, and you are capable of monitoring everything that is happening on such a complex system. It is possible to code a command within other commands in such a way that it would take you a very long time to see what I actually did - eg have a look at the c-obfuscation competition, how many of those programs are obvious ?, and can you see what the program actually did ?
To obtain the data, it is easy, no need for advanced hacker, or the like, there is a small fact that most people in governments forget, every person alive has their price - NB with price I do not mean just money, but threats to kill kids, family, etc, and ofc for some money is enough.
There are ways to steal data from a database of this type, they are too many to list, but one is stealing a backup, another is replicating the data on a DVD.
I have worked on secured systems, and only my personal integrity prevented me from taking the data. IT people who work in the server complex, have total un-restricted access to the systems, when they work on them, otherwise they cannot handle all problems.
A system is only as secure as the locks and the key.
So please drop the BS about the data being safe, and protected and so forth, it is not, even the military who requires the best in security, experience leaks, and they generally restrict access to just a couple of highly trusted people (to their highly secret projects), so if the military with all their funds, and security means experience leaks, then imagine a private system, which has multiple administrators, and millions of users - security forget it, it is a pipe dream.
Though the idea of the database is noble enough, it is too big a risk for the general pouplation, as the information there can be used to ruin careers, lives, and break families, even if these people have done nothing wrong, but some over zealous social worker, or teacher noted something which probably was highly harmless, but read more into it than there, and the information was leaked.
You do not need such databases, what you need is sufficient police that with proper police work catch the criminals. You need teachers that notice child behavour, who cooperate with the police to investigate cases, if the investigation shows that there is nothing happening, the data should be destroyed.
Another ting I've not seen people mention, let's say I had a personal grudge towards my neighbour, and had access to that database, what is there to prevent me from registering information about that family, and then leaking it to the public ? It's easy to argue why the registration was made, and an accidental leak can be virtually impossible to trace - what happens to that family ????
Stop - because most nation are moving towards what is every dictator, police state, or other restrictive political systems, most intimate wet dreams, we (as in the free west) are now doing things that even the SS and KGB couldn't conceive doing (mainly because the lacked the technology).
Someone should start a Downing St petition stating that they won't allow their children's details on the database until it has been properly scoped (i.e. who has access) and exactly what safeguards are in place.
I don't want the thing and don't understand why it is necessary for all children in the UK to be on it (rather than just at-risk ones). Can we raise enough FUD to get it stopped?
Yes, just as I commented on a separate matter - Labour politicians' children are not subject to the same rules and regulations* that govern Labour voters' children.
*Get rid of Grammar Schools, but keep one or two for our own darlings.
In the pocket, I've got a special map of Heaven, with the MPs' area marked in red - hey ho, it appears it's actually the other place....
I knew the filth and NuGov shitrackers would use the Baby P as an example where their magical database could solve all the ills in the world, could it f---.
Lying, stupid, power hungry, corrupt, backstabing, thieving, c---s.
If anything Baby P is a shinning example of just why the database would do nothing, too many chefs in the kitchen. You need one (and only one) case worker for a small group of children/families, along with an assigned GP and a god damn file with paper in it for each child at risk. Not 33 different people, talking over teh interwebs and phones and in pointless meetings. That case worker and GP should then be listened too when they think there is a problem.
Information (and those using it) should be focused, specific and specialised, not another drop of piss in an ocean of piss.
Good they're all so fucking incompetent.
And that's before you get into the blatent insecurity of it all, with the given inaccuracy of CRB checks, if a million people had access at least 300 of those would have commited crimes that should invalidate them from having access (be it child abuse or good old fashioned fraud.) Not including the good 0.5% of the population or more that are just dodgy, so another 5000 people. So 5300 people you wouldn't want knowing your personal details will now have free access to them, good stuff.
Idiots... and so is any idiot who thinks this crap is a good idea.
How reassuring it is to read the post of AC 19:30, to see all of the intimate attention to detail that went into his/her/it's response and his/her/it's complete lack of understanding of the wider issues that is so evident in the many many valid objections and complaints that follow his/her/it's justifications.
I shall not bore you sir/madam/recepticle with my reasons for considering you to be out of your depth, I am sure that your resume looks absolutely spiffing but you have found yourself with the age old dialemma of having obtained a position on the strength of your ability to blag and self promote and not on any inate ability to do the job that is required. You are an administrator, if you are not an administrator then you should be - probably proudly brandishing your MBA (ink just dried has it?). I suggest you consider a new career in accountancy.
So yes, I am reassured. It is evident that with you in such a high profile position this project, like so many before it that were blessed with your type of organisational skills, is not going to work and will end up amounting to no more than yet another embarrasing bill for the taxpayer to cover.
Oh, and to answer that question you forgot to ask... The recommended procedure is to bend over, touch your toes, reach both hands around and behind you until they bump into the fleshy cushion that you normally sit on and deep in the middle of that big crease between your fingers you will find it - the beauty of this procedure is that you don't even need to increase the illumination.
Databases, databases and oh wait, more databases. A Disaster waiting to happen, a rather frightening excuse to control the general population and maybe for good measure, add some sauce to this dish by saving chunks of the database and scattering it over a box of 4 Gig memory sticks, and then proceeding to mail said box and manage to lose THAT in the mail or some similar sensitive data storage device loss method.
And much to our 'surprise' data that matches what was lost will be found by police on a Paedo web ring site. What joy.
Infact this article (especially how the 'secure' bit) took me such surprise that i fell out of my karma tree and exploded into rant mode upon hitting the ground. i'm not having children as long as this pure evil idea of having everyone and everything stored on databases is atomised and then the atoms are atomised into the atoms that made those atoms and so on and so forth until it gets to the point that it could be considered that said atoms have ceased existing all together as atoms, instead becoming true nothingness.
My MP votes 99% with the government - I guess he has to do that to get promoted, this includes the Iraq war, ID cards etc. He worked for BT, he even stood up for them regarding Phorm.
I live in a Labour majority area, people think you need to be really rich to vote Conservative and won't vote LibDem because they won't win (amazing logic). This government will get away with whatever they like, it's only the Lords that can slow things down (and then get overruled).
So what can be done ? I guess I could try and emigrate to the US where they hate central government control when they see it (and they don't see a lot of it because data gathering happens via the FBI, NSA and CIA). There seem to be no other solution to this dire situation. If we're going to have all this centralisation, I think we should reduce the number of MPs drastically.
Yes please, but right now there's no opt-out. It's the law that your LA has to provide the requested info.
This dangerous data about our children is kept "live" until their 18th birthday - unless they have "been involved", in which case their records stay live indefinitely. As for the other 99.99%, their records stay on the system as "archives" for another six years. So they'll be 25 before they drop off the list - except they can be kept on indefinitely if "The Secretary of State for Children, Schools and Families or a local authority is satisfied it is necessary..."
This whole exercise is building a priceless database for Government mining in the years to come. Surely it MUST be stopped? Why is the populace just letting this happen? Even if there's a change of Government soon (please!) and the scheme is scrapped, what if the database is already part-populated? What security will there be for those incomplete records?
Somebody help us!
"It is inevitable that some user somewhere will ill-advisedly "test the security of the system" by trying to look up a celeb's kid's details. The user's attempt will be audited, flagged-up and they will be spoken to by a supervisor. It's better that they fail and be warned/disciplined rather than succeed and be warned/disciplined."
Mmmm. Cos, as you say, it's inevitable that people would try and abuse the system. Ill advisedly of course. And you'd prefer that they couldn't get totally fatuous data about the unknown children of B list celebrities and 'politicians'. What about when these users of the database, who you admit will not be responsible with the information they can access do other things - such as look up a neighbour's child (she's thin, she's got leathery skin, she's a crack ho, she eats babies)?
Where are the Great British public when you need them? Where are the media sources and spokespeople who are willing to make a stand and be counted? Where is the Geek in the Government who can explain data systems to the computer-illiterate fools in charge, honestly, fairly without prejudice or the need to come across like Mr Magic Pants who can solve all your problems with a 'secure database' or f**kin' uploading cr***y f**kin' videos of politicians that no one could give a flying t**s about to Yout**e so we can all congratulate ourselves on how twentieth f**kin' century we are?
I'm pretty sure that you can have the biggest database on a child in the world, but if the parent decides to launch the baby like a football one morning, the database won't do diddly squat to prevent the death. Just like the story in the news today (the mentally ill woman who stabbed her 2 sons), where police were contacted and actually went to her house, although instead of acting upon the call properly, they decided to hang around doing a whole lot of nothing, while the mother was inside the house killing them. Fast forward a couple of hours and OOPS, there was plenty of warning but nobody bothered to get off their ass and do anything about it, and now 2 more babies are dead. At the end of the day it all comes down to what action the police take and we all know that they do nothing, and what they do do is approx 4 hours late. The last thing the police need is more potential cases, they can't even handle what they have just now, so giving them a bigger work load is not going to help matters.
This is completely useless, and whatever happened to the data protection act? This information is clearly excessive, being kept WELL longer than is necessary, and is frankly nobodies business apart from the child, parent, and person in 'contact' with them.
Even if it would prevent a couple of deaths, the intrusiveness (and COST!) cannot be justified on the grounds that it might save a couple of children because someone wasn't doing their job right and paying enough attention to them. Nevermind shouting 'think of the children'. This idea is stupid and pointless enough that none of you even need to copy the government, and start talking about paedophile fears to get the idea dropped.
Shit happens. When are the government going to just accept this and stop coming up with schemes which are the equivalent of wrapping all children in cotton wool ?
Why don't they just chip everybody already....
Oh and WTF was this all about ?
"So when the child comes into the surgery with unexplained bruising, the GP can't easily contact the teacher to ask if the parents are lying when they claim the child has been bullied at school, or fell over in the playground or whatever. With ContactPoint access they can."
Since when did doctors EVER contact teachers to confirm that they have been bullied or fell over when they came in with an injury?
Or is this part of the plan? Assume parents are lying? Log every single thing that ever happens to a child? "Must contact 3 different people to confirm that the child fell over and skinned their knee at 2.15pm on Friday. Hopefully the school has CCTV so we have proof."
Also, there are still perfectly quick and easy ways for people like teachers to be contacted. Here's one simple way. ASK the parents for the details. They refuse? Maybe then you could be suspicious.
Actually, the doctor would not investigate him/herself, so I really don't know WHAT you're talking about. I don't know what kind of superheroes/investigators you think Doctors are, but they don't spend all day on the phone and writing letters, double checking that every minor injury they see on someone was not caused by abuse.
...there are operational systems like ContactPoint already in place? In the city where I work a system like this has been running for a number of years. Regardless of the comments here this database is well thought of by frontline practitioners and it has undoubtedly helped children and young people by simply improving the service they get from the disjointed agencies that exist to support them.
I think in the media frenzy about databases we sometimes lose sight of why we should do this - contrary to some of the misinformed comments above many children (from many different backgrounds) move in and out of varying degrees of vulnerability over their childhood years - this is not just about serious abuse. I agree that we need dialog on the way ContactPoint is being deployed but please let's not forget what it is designed to do - the system in my city has acted as a catalyst - it provided shared information across many diverse organisations enabling the stuff that really makes a difference (i.e. the frontline practice) to be built around it.
There are Children and Young People out there in my city today who now have opportunities and futures they would not have had, simply because a front line worker was given to tools to locate and talk to another worker in another organisation. Yes, by all means, constructively question the mechanics of the system but calls to scrap ContactPoint just because it is a big database without offering realistic alternatives risk missing the points originally highlighted in Lord Lamings Report and will damage children's lives.
Are you sure that you have actually helped people (as in have you seen the results in each case, with your own eyes, and checked up on their progress? repeatedly? Years later?) Or do you just know this becouse your magical wonderbase has told you so?
Things like this lead to institutional apathy and lazyness, one of the reasons my parents got out of Mental health care, too many forms, too many tick sheets, not enough caring about those in need. On more then one occasion geriatric mentally ill people died becouse the housing associations wonderbase said "yes moving them will be fine", 6 month later all the residents had died. My mother had said to her association that those residents shouldn't be moved and if they were they would need intensive help to adjust to Care in the community. Her association listened and tendered their case, the other association just went by their wonderbase.
Also is the shared information in your city focused and specific? Seen as this new wonderbase shall be anything but, it'll be like so many other modern inventions of our NuGov overlords, full of worthless c--p that'll waste the time of thousands of professionals in meaningless box ticking exercises. Whilst at the same time it will increase the pressure on parents to snivle up to whatever policies the politicos are throwing around at the time, parents will no longer be expected to take responsibilty, the database will do that for them.
I hate this database on more or less every level. It's unnecessary and will degrade the already p--s poor care provided by councils.
30% of children in care get 0 gcses, now I think the money that will be wasted on this burocratic exercise may be better spent on improving that figure, but then nobody seems to really care about helping children, they just want to amass more data.
Another interesting thing is that the number of children killed by parents has remained more or less the same for the last 3 decades.
This country really needs to sort itself out, a database isn't going to save anyone, more well trained health care proffesionals in charge of caring for smaller numbers of cases with less burocracy is what is needed coupled with far better care for those removed from their families.
But whatever, bring on the database, lets see how useless it is.
You clearly do not understand what ContactPoint or the existing local databases are or do. The 'wonderbase' as you call it is simply an enabler - it does not hold the sort of details you would need to evaluate its effectiveness in the way you are suggesting - if it did, people like you would scream even more.
The system used in my city is quick and easy use - it is not perfect but it is certainly much faster than spending valuable hours or days attempting to track down the connexions worker or health visitor for a child - or even worse, assuming that no such relationship exists and only finding out later, when you know you could have done so much more if you had worked in collaboration.
All it does is allow two or more professionals working with the same child, possibly from different organisations, to quickly get in touch, that's it, period. What happens then is down to the individuals which is why ContactPoint needs to be only one small part of a much wider practice led agenda. Now, you can argue until you are blue in the face as to the effectiveness of the current wider agenda (the IISaM \ ECM agenda) but the fact remains that ContactPoint or something that fulfils ContactPoints' role is a key element of that agenda, without something that breaks down the inevitable organisational barriers that exist within and between our well meaning support networks there will always be gaps that young people will fall down.
To properly evaluate the effectiveness a detailed longitudinal study would need to be carried out - and I hope this happens but it has to be wider than the technology - on its own the technology is worthless. All current evaluation is (by necessity) anecdotal and therefore very easy to scoff at but I know personally, without any doubt, that the system was instrumental in bringing workers together in a significant number of cases and this in turn led to better outcomes for the child or young person involved - would this has happened without the system?, possibly, we'll never know for sure but I for one am happier that we have an alternative to the existing method which relied almost exclusively on 'knowing someone who might know'.
ContactPoint is indeed a database... but it's a database of contact information (errmmm... hence the name...), not a database of case information. It's a meta-directory. Sure, a certain amount of information can be inferred simply from the existence of other information, but the most sensitive stuff is "cloaked", so that a "cloaked" contact is informed of an enquirer's enquiry about a nominal, without that enquirer being informed about that contact's existence. So a child or young person could be referred to a (say) a genito-urinary specialist medical practitioner because of a sexual health issue, and the latter could use ContactPoint to be informed if there were any later NHS enquiries without the NHS enquirer ever being aware of the sexual health specialist's involvement. The records show contact details only, nothing else.
And the really, really funny part? There is no national case management system for the Child Protection officers in the 43 police forces in England and Wales: some forces use the same type of system, but none have common databases. There were plans for a national system, indeed Recommendation 104 of Lord Laming's enquiry into Victoria Climbie's death was specific about this. But it never happened, the project was cancelled due lack of funding by PITO, the Home Office NDPB that was subsumed into the NPIA in April 2007. So there's no direct access to ContactPoint *at all* by ANY police officer, and specialised Child Protection police officers can only find out if a child or young person is listed on ContactPoint by asking their Social Services colleagues.
Thus, this simple fact also completely debunks about 75% of the utter shite in many of the posts in this thread. Looks like the national Press coverage also overlooked this interesting nugget of information. Never mind folks, you didn't let the facts get in the way of a good dose of paranoid mob-frenzy, did you...?
No one is suggesting that better information sharing between service providers isn't a good idea, AC. It's the idea that data on every single child in the UK should be compulsorily stored in one, multiply-accessible, 300,000 user (at least) database that's alarming. New Labour simply do not listen to anyone other than vested interest kool-aid vendors like CapGemini when it comes to projects of this nature. Deloitte and Touche carried out a DCSF-sponsored security review of CP's protocols which pointed out the real-world impossibility of maintaining data security within CP, despite the well-meaning and seemingly (as far as they go) well-thought-out efforts of the project team:
"The degree of reliance on a hierarchy of self-certifications over a connecting organisation's security processes pose a significant risk to ContactPoint and its assets.."
"While the ContactPoint team can design strong controls into the system and provide good advice to connecting organisations, there is a limit to their ability to enforce good practice or to monitor incidents and control breakdowns"
And therein lies the rub - the system may be substantially brilliant in design but the designers *cannot* control the actions of their vast user base to any meaningful extent and *cannot* claim that CP is secure. That makes it utterly unfit for purpose, however noble its original intention.
The fact that police systems don't have allow direct access to ContactPoint is totally irrelevant to the possibility abusive or speculative access by police or governmental data miners, since the legislation makes ample room for any request they decide to make. The Department for Children, Schools and Families admitted in August 2008 that police could access ContactPoint by "special request":
"To access ContactPoint for the purposes of prevention or detection of crime or for the prosecution of offenders, police would have to make a special request directly to the Secretary of State or Local Authority and make a case for disclosure"
So precisely the kind of "special request" needed today for police or local councils to access private communications data - the kind that was granted on over 500,000 occasions last year on the slightest pretext (or "case for disclosure" in newspeak); the kind that is never turned down under any circumstances, no matter how spurious the reason for the request and the kind was specifically ruled out on several occasions when the underlying primary legislation was debated in Parliament.
As quoted from Stephen Baskerville, American political science professor.
"Not since the overthrow of the Weimar Republic have the leaders of a major democracy used their offices and the mass media to disseminate invective against millions of their own citizens. In fact it was Adolf Hitler who urged that "the state must declare the child to be the most precious treasure of the people" and who explained, in the words of Rabbi Daniel Lapin, that "as long as government is perceived as working for the benefit of children, the people happily will endure almost any curtailment of liberty." Using children to tug on our heartstrings may be not only a weakness of the sentimental. It also may be a ploy by those cynical and unscrupulous enough to exploit children for their own purposes. This is likely to be remembered as one of the most diabolical perversions of governmental power in our history, a time when we allowed children to be used and abused by fast-talking government officials and paid for it with our families, our social order and our constitutional rights."
Stephen Baskerville, writing on fathers' rights in Insight on the News, June 26, 2000
The state wants to start a database of everyone, but using the 'we're helping the children' reason will get everyone ok with it. But what will happen with that information after the child finishes school? Will it be deleted or just moved to 'another system for archiving' which within a few years will start to have lots of adults on it. Let a generation pass and well... you get the idea. They can avoid the cries of paranoid people by just doing it really really slow, and no one will realize whats happening until its too late.
Ever heard of a fileafax it's a pretty revolutionary device, especially when combined with a telephone and actually talking to people, or heaven forbid meet with them face to face. Nothing with all of the advancements has changed in 50 years of health or social care at the front line except more and more of the workers time is wasted on meaningless burocracy and ever less time is spent making a difference and caring for people.
That's why I'm in IT and not health care, my old dear and step dad were example enough of what happens if you spend to much time caring about those in need and not enough time licking ass and form filling.