back to article ContactPoint goes live despite security fears

The Government has announced plans to push ahead with the next phase in launch of a controversial child protection database, despite ongoing concerns about the security of data held on the system. The delayed ContactPoint system, which is due to include names and addresses on every child under 18 in England, will be accessed …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    From the site

    "How is ContactPoint accessed?

    Authorised users can access ContactPoint in three ways, through:

    * a secure web link ..."

    Oh dear. That alone opens up all kinds of attack vectors, and could have been avoided by developing dedicated clients. Using the web means that unknown variables such as browser security, other sites open at the same time, toolbars, etc, are all in the mix.

    Why does this *always* happen with the government and IT?

  2. myxiplx
    Stop

    Incompetent.

    How can a government that admits over 80% of it's systems have been infected by viruses make any claims as to security?

    One virus is enough to give third party access to this database, and if they really are providing remote access, then the security is an absolute joke.

  3. amanfromMars Silver badge
    Alien

    Grabbing the Female Vote .... Softly Softly Carpe Diem

    ""Based on anecdotal tales from groups who help women abused by partners who use such tech, the husbands tend to have a good grasp of malicious programs, so it's not unreasonable to assume they'll easily find a blackhat who can help them out."

    And completely Fail to Miss the White Knight Project which Venus to Mars Generates with AIClimactic Drive. ..... which would Love's CodeXXXX XSS Key Algorithm?

    A Question Only to Self Doubters and Game Pretenders/Noble Triers/Country Squires.

    Can you Imagine the Force of Transparent Hatted Men Ably Assisting Enabled Women. Sounds Like a Heavenly Quest/Voyage of Immaculate ReDiscovery ..... True BiPolarized ESPatial Enlightenment which is much akin to Total Informational Awareness Systems .... albeit Beta Immaculately Equipped and ReSourced and thus an Improvement for Addition and Incorporation for Parallel Running Multiple CoreStreaming Channels with Virtual Venue XXXXChange.

    For a New Breed of CyberIntelAIgent Being .... The Polyamoral Immortal at the ImamfMPortal? .. Or does One Favour the Dream Full Time and to Order with Other Worthy Champions?

  4. Wokstation
    Thumb Down

    How else are they meant to seed the NIDCDB?

    They know most people won't willingly give their details, so let's just log everyone as they're born and copy/paste the data over when the NIDCDB is live!

  5. why oh why oh why
    Stop

    Some more equal than others

    I understand that MP's children and those of 'celebrities' will be shielded. Surely it's either secure enough for all children to be listed on or it isn't!

    Why this massive waste of taxpayers money hasn't received more coverage that it has is a mystery.

  6. MarkMac
    Black Helicopters

    Impossible

    Unless information is secured by role and by purpose, which I gather it isn't, then security will be impossible. CRB checking is irrelevant - its not done every year, its not spot-checked and anyway it doesn't take account of marital status.

    All it will take an authorised person with personal problems. Wasn't there a police officer got done recently for trawling some database for his ex's whereabouts not so long ago? Aren't there cases of teachers in court for alleged child abuse? And thats only the ones who got accused / caught.

    So with 300,000+ users its guaranteed that somewhere someone will be an as-yet undetected offender, or desperate for money to pay off debts, or desperate to find their old school buddy's kids for him. And every single day someone will do a screen-print or other hardcopy and leave it lying around somewhere. It'll go home in a briefcase, be left on a desk, be dropped while fumbling for keys, be used to scribble on the back of.

  7. Chris Miller

    Security vs functionality

    Building a secure system needn't be hard - I'm sure the gov't has access to resources that would be able to do this. The trouble is that security tends to get in the way of ease of use and unlimited access to information.

    If security were the overriding design criterion, there's no reason why a secure system couldn't be delivered. Security problems arise when those responsible for design decisions reject security in favour of other, more important (to them, at least) considerations.

  8. Pat

    Why are *all* kids on this?

    What is the rationale for putting all children on this database? It makes sense to improve communications for children who are in contact with services, and indeed there is a mechanism (the CAF) for doing this. I don't understand why anyone else should be on it.

  9. Anonymous Coward
    Anonymous Coward

    Wow that sounds crap

    "local authorities have shielded the records of children who are potentially at greater risk if their whereabouts were to become known"

    Child 'A''s records are of interest to Child 'A' teacher, Child 'A's doctor, Child 'A' parent, Child 'A's social worker. Can those records be seen by doctors that don't treat child A? By teachers that don't teach Child 'A',By police that have not detained Child A? By everyone in a uniform claiming to have authority?

    By the sound of the comments in this story, they have not put in proper access rights, simply assumed that all doctors are heros in white cloaks and not Dr Harold Shipmans. That all police are heros and not thugs with batons clubbing newspaper sellers, that all social workers are competent, not Marietta Higgs overzealous idiots.

    You would not need to put in special controls for SOME children, if you'd put in proper controls for ALL children. It's practically an admission that the basic controls are insufficient.

    So can Dr Shipman Mk II get all kids records? He can't now, but by the sound of it ContactPoint makes free and easy with every childs records to everyone in authority for every reason.

    So suppose Dr Shipman Mk II, pediatric doctor wants access to Baby P Mk II's records. What the mechanics of that. a) He gets it automatically, b) His word is enough, c) Some independant permission system, d) other?

    Or suppose Dr Hero Shiny Teeth wants access to the records of Junior ShinyTeeth? Is there any special check done to block access where the figure of authority has other links to the child? (e.g. family links, girlfriends daughter, kids of local councillor he doesn't like, MPs children? Jacqui Smiths kids?)

  10. Christoph
    Pirate

    Who will be the first person

    ... to add Little Bobby Tables to this database?

  11. Graham Marsden
    Thumb Down

    And of course...

    ... if anyone on the inside dares to try to "blow the whistle" on security failings of this system in use, no doubt they'll face professional ruin, just as the NHS nurse who videoed the shoddy treatment being given to patients did.

    The implicit warning being "Don't rock the boat or we'll feed you to the sharks..."

  12. Anonymous Coward
    Anonymous Coward

    Well this is going to be cracked

    Data cannot be downloaded, that will be interesting, so no one can use it.

    This just beggars belief, it is so fundamental that the data has to exist in a form by which it can be reproduced you are sending information over the line it is being downloaded, there is no way around that :)

    No this woman is a moron, the idiot in the village, should not let be near anything more complicated than fire, and then only if she is attached to a pole.

    The data will flow out, and all the information will be available on the market, if not just published out for nothing and mirrored to hell.

    And of course the operators will be targeted as well, and most of them are morons, so hmm what odds shall we give this being cracked and laid bare, probably a week or so, then a few weeks before it becomes common knowledge.

    Anyway let's have a look at Beverley Hughes and her vast knowledge of computer systems:

    http://www.bevhughes.co.uk/

    Always good for giggles to look at the source, screw any form of valid markup there Bev, quirks mode ahoy. Oh the page request headers are interesting using IIS 6.0 good luck there Bev.

    Now she claims all correspondence treated in the strictest of confidence, she does give an email but how are people to send communications without her public key, strictest of confidence my petuna, she is actively encouraging people to communicate over insecure channels.

    One of the most popular cracks in recent times, is the University college crack at enrolment, it is good to get them young, that way you can control the identity better, harder to use an identity of older people, they have a history. So, this is going to be one of the biggest security blunders of all time

    I imagine the commercial cracking community is celebrating Beverley Hughes as one of the greatest things to come along since sliced bread. Of course everyone else may be a little miffed at all of this.

  13. Dan

    Magic database!

    "...ministerial assurances on security provisions that will accompany the roll-out of the directory system."

    "... social workers, police, schools and health officials will have access to data held on the ContactPoint database."

    So, is the database secure, or does world+dog+cat have -official- access to it?

  14. Dan

    No way to download information?

    Also: No case history in the database? A list of names and addresses, with no context? (Oh, except... that children who have been abused will have their contact information blanked out...)

    So, in addition to not being secure, it won't be useful? I can write the flowchart for a program which pulls the data out of whatever "Secure" program is being used to view the data, and output to file or remote host. So, "Cannot be downloaded" either means "Can be downloaded" or "System does not work at all".

    Actually, the second seems rather likely.

    In other news: Garbage in, Garbage out. The database, in addition to being trash, is garbage.

    Big brother is watching you, but he thinks I'm a 90-year old pensioner single mother of 10.

  15. Topsy
    Stop

    Oh .....

    Think about the children ....

    I was subjected to an unsubstantiated allegation last year. Despite being cleared by Social Services, the police and the family court, will this allegation still be there, accessible to all & sundry?

    Topsy

  16. Anonymous Coward
    Heart

    Who needs a job?

    Theres a jobo n the guardian website. As a "Contact Point Data Manager"

    Anybody very clumsy and like to lose things?

    Youd be perfect for it!

  17. jake Silver badge

    OK, I'll bite.

    "to include names and addresses on every child under 18 in England,"

    Why? Surely that information, for the vast majority (I'm thinking 7 nines or more), is already safely in the hands of the parent/guardians? And surely it's up the the P/Gs to dole the information out to whatever pseudo-official needs it? And on top of that, why on earth should the details of all the kids in Bude be accessible to people in Glasgow?

    The whole thing makes no sense. EXCEPT that it'll raise a whole new generation of people who expect to have their details locked up in a government database.

    Enjoy your nanny state. Or get off your arses and FUCKING VOTE!

  18. Pat

    tainted, in so many ways

    Copied (slightly edited) = "Despite serious and widespread concerns about the security, integrity and necessity of this database, minister$ seem determined to bulldoze it through."

    It's typical shabby and self-serving behaviour of Nu Liebor to use *child victims, who they have already badly let down, as an excuse for social scheming. Co-ordinating the various services involved where a child is known to be at risk does not require the setting up of a directory of ALL children and their details, unless it is so pedo's can find their ideal victim.

    * Scandlous (and IMO criminal) events involving Hodges and Haringey (multiple) are the ones that immediately come to mind if Nu Liebor trolls want some reference.

  19. Vision Aforethought
    Flame

    Easily the most unethical act by this gov...

    ...since their last unethical act. Anyway, this begs the question, at what age is the 'child' removed from the database? (By the way, if I had children, I would refuse their details to be held in this databsase unless I as a parent had FULL control over the information held.)

    What we have here is a government so lacking in comprehension of their station (think Lord Of The Flies by William Golding) that they do not know when they sin nor see the dubious flaws in their actions. Just look at the expenses fiasco.

  20. AndrewM
    Thumb Down

    hmmmm. Not that safe...

    My partner works as a health visitor for the NHS and I for one have been able to wonder into her office, wave at the staff on the counter (they're thinking ... it's only him - XXXX's friend) , make a coffee and log in with her details already.

    (This was only because we did not then have broadband at home and I wanted to download a new gentoo release).

    There are layers of protection for their Novel network but usually you'll find that the user once "in" has saved their passwords. Or in my partners case - has them on post-it notes stuck to the bottom of the mouse mat.

    I've done my fair bit of network intrusion in a past life and know for a fact I'd be able to get into this system with nothing but a smile and a wave.

  21. Ian
    Thumb Down

    A possible (though unlikely) solution

    With systems like this, where a large number of SMEs (with no vested interest) seem to think there is a security problem, and various consultants, suppliers and politicians (with a large financial or political vested interest) think there isn't, the consultants, suppliers and politicians should be forced to assume some liability. How comfortable would they be, if those claiming that there is no problem would have to pay £100,000 for each and every security breach? I would be interested to hear why, when they claim there is no worry of breach, why the wouldn't actually put their own money in it.

  22. Paul S. Gazo
    Paris Hilton

    Truly disgusting

    If a social-worker has any business knowing any of this information they have the means and authority to collect it. Also, if police have some mysterious need to know what school Child X attends, doesn't it follow that the same need to know adults' place of employment exists? This is a blatant money-wasting make-work project.

    We'll also be reading about a copy of this database being stored on a laptop that gets stolen off the seat of someone's car... probably in about 12 months.

    Paris because she knows all about getting screwed.

  23. Optymystic

    Confusion reigns - what is there to protect

    Contact point does not really work like this. It does not have its own independent and autonomous security systems. Access and Authorisation are wrapped up in the Employee Authentication Service and the network security policies come under the auspices of Government Connect. These are fairly difficult to understand even without El Reg making a fairly typical dog's breakfast of reporting the matter.

    Running a key logger on my partner's lap top to trace the whereabouts of the children to whom I am forbidden access is going to work if and only if my partner happens also contingently to have ContactPoint, which is possible, but the likelihood that she or he is a professional who also contingently has access to the details of those particular children is fairly low. Parents who do not happen to be designated officers with access through EAS do not have access to ContactPoint. The facts demonstrate that fathers who wish to trace their children usually have far more efficient methods.

    My favourite issue is that ContactPoint is a mere directory. It doesn't actually hold any sensitive data beyond names addresses schools etc. However, because it is a high profile project and it will be very embarrassing when a screen dump appears in the Daily Mail, it has been accorded high level security status. Therefore the levels of security being applied to this directory are much higher than those applied to systems which actually contain information which is confidential.

  24. Winkypop Silver badge
    Alert

    eBritain

    What could possibly go worng?

  25. Jeff
    Thumb Down

    This wouldn't have helped in 2000 anyway..

    in the case that supposedly sparked this system's creation.. the problem wasn't that the agencies didn't know where the child lived.. but that they didn't share their case notes. Which ContactPoint won't do either..

    Hooray for government project scope creep... It's probably secure! and it's probably completely useless!

  26. John Murgatroyd

    Another timewaster ?

    The social workers we have now cannot stop child abuse, even when they already KNOW it's taking place. So what hope is there of them managing any better with even more info to ignore ?

  27. Anonymous Coward
    Paris Hilton

    Oh what fun we had, but did it really turn out bad?

    "Based on anecdotal tales from groups who help women abused by partners who use such tech, the husbands tend to have a good grasp of malicious programs etc" - I am led to understand that some women, perhaps not all, but at least a substantial minority, are also capable of using computers, and are not frightened of their masculine power.

  28. Anonymous Coward
    Unhappy

    Do they now have something to fear?

    Why is there a problem with this database? If these children have nothing to hide, they have nothing to fear...Right?

    I'd like to know what data is kept, why it is kept and who (or how many people) now have access to it. Then compare that to the previous system.

    In my eyes, that is as far as the security assessment needs to go because you simply wouldn't be able to trust the system to keep the data secure.

  29. Pascal Monett Silver badge

    Another Gov IT failure in preperation

    "Police, social services and health agencies all noted signs of abuse in the run-up to her death, but each agency acted in isolation"

    Something tells me that a database is NOT the solution to this problem, better inter-agency communication is.

    Maybe the police, social services and health agencies could have a dedicated Child Menace officer, tasked with keeping other agencies up-to-date on what his agency has discovered ?

    But why try to be smart when it is so much easier to throw money at an IT project ? After all, computers are magic, and everyone knows that the solution is always in a database.

    Blech !

  30. Anonymous Coward
    Stop

    The weekest link

    in this chain is the user.

    Having hundreds of thousands of low paid workers being able to access the system guarantees that some of them will leak the data. Whether due to bribery, or a ‘favour for a friend / family member’ or ‘just because’, the data will be leaked.

    And when the first child is kidnapped or killed because of data taken from this system I will blame the ministers and civil servants who forced this through despite security experts’ advice.

  31. Greg

    A Hacker's Civic Duty

    Is to make a mockery of this DB. Let the fun begin.

  32. Anonymous
    Alert

    ContactPoint shielding correspondence

    If you write to your Local Authority about shielding your child(ren), you may like to publish your anonymised correspondence via NO2ID's forums, to help others trying to protect their children from the threat ContactPoint poses. See, for instance:

    http://forum.no2id.net/viewtopic.php?p=104829#104829

  33. spam

    That's one hell of a large MP expense account

    Why oh why do these things cost so much to implement.

    A database of personal and contact information is about as basic as they get - and it only takes a few ounces of sense to make things reasonably secure. ( not that I agree with the need of keeping a database of children at all in the first place though ).

    Lets forgot about the database and just force taxpayers to flush most of their income down the toilet instead - at least loopaper is useful, and doesn't play with the safety and rights of our children.

  34. Anonymous Coward
    Alert

    all y0ur kidz b3long to us...

    > I understand that MP's children and those of 'celebrities' will be shielded. Surely it's either secure enough for all children to be listed on or it isn't!

    This is an extremely important point. Either the system is secure and fit for use by everyone or it is considered insecure and its purpose, scope and implementation should be reviewed.

    > What is the rationale for putting all children on this database?

    Capgemeni or some other greedy outsourcing group get a bigger margin by building a bigger database. I suspect the usual government IT incompetance and mis-management rather than creeping surveillance.

  35. Anonymous Coward
    Flame

    URL?

    Anybody have any further specifics on the technical of this? Any live URLs to be looked at?

  36. Anonymous Coward
    Anonymous Coward

    Re:all y0ur kidz b3long to us...

    >> I understand that MP's children and those of 'celebrities' will be shielded. Surely it's either secure enough for all children to be listed on or it isn't!

    >This is an extremely important point. Either the system is secure and fit for use by everyone or it is considered insecure and its purpose, scope and implementation should be reviewed.

    In addition to the children, has anyone considered the parents - whose contact details will also be on Contact point?

    As I've said before - if you might be targeted, you can withhold your demographics on PDS (Personal Demographics Service - the NHS database of up-to-date information on the whereabouts - and more of everyone registered with a GP in England) but you cannot do this on Contact point - except with the agreement of - who? it would be interesting to find out...

    Probably too late to ditch the kids - and it mightn't get your details off the database: better emigrate - taking the kids with you! ;->

  37. John Stag
    Thumb Down

    If it's secure then why do some children need special shielding?

    Seems pretty obvious this thing isn't secure.

    Another thing they haven't mentioned is access logs. All access should be via some personalized token (eg. smartcard) and access logs kept so we know exactly who accessed what information and when.

    If they'd done this I"m sure they'd be trumpeting the fact so I can only assume they haven't.

    I also see no mention of records being destroyed when the child reaches 16. All I see is hot air and a database of tomorrow's citizens being built in the name of "protecting the children".

  38. jeffrey
    Thumb Down

    No doubt

    I give it a few months before an unencrypted CD dump of 1000/0/0/0's (delete as applicable) of childrens details appear in america/on a train/on ebay(delete as applicable) and then bought by daily fail/sun/bbc panorama (delete as applicable).

  39. Jon
    Thumb Down

    impressive

    "The database is designed to give social workers, police and hospital with common access to contact details on children and other professionals working with them, so that care professionals can more easily contact each other and exchange information. Case history files will not be housed on the system."

    So £224m (+ £44m a year) for an address book? How is putting technology in the way going to make diverse groups of health and social care professionals suddenly break the habit of a lifetime and start talking to each other?

  40. Anonymous Coward
    Anonymous Coward

    Spooky kids ?

    Offtopic, but what movie/TV show does that picture of the spooky kids come from ?

  41. john.w
    Thumb Up

    Glad I live in Wales

    Only by half a mile but its enough

  42. StooMonster

    Threshold for celebrity

    What hurdle to I have to overcome to have my children's detail's removed from this database?

    Z-list? B-list? A-list?

    I once appeared in a local newspaper, so I'm a celebrity, can I have an exemption?

  43. Alex Osmond
    Unhappy

    @Jeff

    "in the case that supposedly sparked this system's creation.. the problem wasn't that the agencies didn't know where the child lived.. but that they didn't share their case notes. Which ContactPoint won't do either.."

    Partially correct Jeff, but slightly missing the point. The main reason the agencies didn't share case notes is because they didn't know there were any to share. That's the gap ContactPoint aims to fill - if a childcare professional is able to see that others have also had contact with a particular child they can contact those professionals to find out the details. The intention is that it helps them to join the dots and see the bigger picture.

    Almost all the posted comments to this article have been negative, and as IT pros, looking at the security concerns, I can understand why. But just ask yourself one or two questions before you continue to slate this project.

    First, is the underlying intent behind the project a valid one? I'd argue, from the example given above, that the aims are laudable. Note that the partners in this exercise are not just government agencies, or the Cap Geminis of this world, out to make a fast buck from the taxpayer, but Barnardos and KIDS. No doubt they are not perfect organisations either, but their raison d'etre is child welfare. If they didn't see some benefit from their scheme they wouldn't be involved, would they? (Although I'm sure some conspiracy theorist will leap to contradict me....)

    If the answer to the above is"Yes, there is a valid intent underlying the policy", the next question to be asked is "will it do more good than harm"? No policy/system can ever be perfect, there will always be downsides. Do the positives outweigh the negatives? Are the risks valid? The data being discussed already exists in various formats - either in paper in a social worker's filing cabinet or in a local authority computer system. Is the creation of a central database really that much greater a security risk than exists already? The answer is probably yes....but by how much? Do the potential benefits, of preventing another baby P, outweigh the new risks?

    I'm not saying I know the answer, but I would like to see responses here that seriously address those issues. Unlike the ID cards nonsense there is (IMHO) a genuinely beneficial public policy initiative underlying ContactPoint. If, as an IT pro, you think it's not being properly implemented wouldn't it be more helpful to make some constructive suggestions on how YOU might go about tackling the problem?

    Glum face to reflect my disappointment in the relentless negativity of my fellow Reg readers.

  44. Mike Street

    @Well this is going to be cracked

    Indeed. If you look at Beverley 'Bev' Hughes website, go to the about page: http://www.bevhughes.co.uk/about.htm

    There are three photos, which take an age to download, even over 5MB broadband. Why? Because one of them is 2202.93 kB, and 3297px × 2254px (scaled to 300px × 225px) and the other two are similar!

    So this single page is about 5 MB bigger than it needs to be. And the owner of this site is competent to talk about the security of IT systems? Not likely, is it?

  45. John Smith Gold badge
    Happy

    @Wokstation,@Topsy, @Vision Aforethought ,@AndrewM,@Optymystic, AC@08:42

    @Wokstation

    "How else are they meant to seed the NIDCDB?"

    Quite so. However FYI the official name for this piece of madness is the NIR or National Identity Register. Database sounds *so* encyclopaedic and intrusive.

    @Topsy

    "I was subjected to an unsubstantiated allegation last year. Despite being cleared by Social Services, the police and the family court, will this allegation still be there, accessible to all & sundry?"

    Only on the hidden part of any CRB request a potential employer might make. Hearsay and dropped allegations are in due to the change in the rules. As long as you avoid any jobs needing a CRB check you should be fine. But your kids will be on Contact Point. And as we all know there's no smoke without fire. What was that about you cannot prove a negative?

    @Vision Aforethought

    "Anyway, this begs the question, at what age is the 'child' removed from the database?"

    I think you'll find they plan to leave entries on this system till the child is 25. Handy for the Police.

    Not that I'm saying they will all become criminals (that would be too much for the government to hope for) but it will help the paper work right along. Who says Labour does not practice joined up government?

    @AndrewM

    "Or in my partners case - has them on post-it notes stuck to the bottom of the mouse mat."

    The same scenario that a New York cop used to get the flight details of the plane a women (and IIRC her kid) were travelling. Only guy in the department with access left ID & password on post-it note. I had hoped it might last at *least* a week before someone could do this.

    <sarcasm> Still as we know anyone who would want this sort of info is a saddo loner who is so inarticulate and smelly they could not possibly manage to talk their way into such secure offices without being rumbled straight away, so this is not really a worry. </sarcasm>

    @Optymystic

    You're either very trusting, believe in magic, or prone to misunderstanding, or all of the above. Which suggests you're some kind of social worker. The point of the keylogger comment was that at least *some* of the people such children should be shielded from have *shown* both the skills and the *will* to spy on their partners. It is a reasonable inference they *could* work out how to extract this information by for example planting a key logger on some staff members PC. But perhaps none of the clients you deal with have *ever* been left alone in your office and you (and all your colleagues) never do anything as stupid as leave pass words on post it notes. I'd like to believe that. But I have some experience of how gullible some staff are.

    AC@08:42

    "all y0ur kidz b3long to us... "

    Says it all on so many levels. But with *all* children on the database consider the potential to upset a *very* large group of voters at one stroke. Of course no one yelped much when they lost all the child payment details a while back but we can hope.

  46. Wokstation

    @Topsy

    If a complaint was made to the police about the allegation, it will show up on your Enhanced CRB check for the rest of your life. It's already cost people their jobs (google this place for an article on "malicious gossip could cost you your job").

  47. Ed Blackshaw Silver badge

    @Spooky kids

    The Juhn Carpenter remake of the Village of the Damned, based upon the book 'The Midwhich Cuckoos' by John Wyndham, better known for 'The Day of the Triffids'. </wikis>

  48. Ed Blackshaw Silver badge
    Thumb Up

    @@Spooky Kids

    I tell a lie - it looks more like the 1960 original

  49. Anonymous Coward
    Coat

    Re : Spooky Kids

    Looks like the Midwich Cuckoos although the IMDB doesn't recognise the title.

    Mind you I think a lot of kids look like that now-adays. Their ritalin doesage is obviously too high.

  50. Anonymous Coward
    Coat

    What a waste....

    what a waste of money.....

    Lets face it, the stated reasons for the creation of hte database is so that difrent agencies can see who has had contact with which child. what a load of crap.... the real reason is so a generation of kids grow up used to the government hoding a file on a database about them.. they say the entry will be removed when they are 18..... yeah, damn right it will be.... right after an entry has been created in a list of adults database....

    Most kids know if they are having issues and need to spek to someone, then call childline.... maybe the gov should have donated the 225 million pounds to set it up allong with 44 million pounds a year to childline.... it would me more affective than the little black book of kids names and addresses the govement have made...

  51. hognoxious

    Acting in isolation?

    Victoria Climbié didn't die because the agencies acted in isolation. She died because they didn't act at all.

    Call it humint, call it the MKI eyeball, call it common sense. Technological solutions can't solve people problems.

  52. Anonymous Coward
    Black Helicopters

    @ That's one hell of a large MP expense account

    Things get expensive for a number of reasons:

    1 - size. This stuff has to work for a large number of people. Granted, suppliers don't always get it right but I've worked with CapGem - the people I had the pleasure to work with knew what they were doing. There is little competition at that sort of volume, you've got CapGem, Capita, EDS - I don't think there are more than 10 who handle this.

    2 - support. Train them or support them? In this case I'd suggest you need both (even if for no other reason than to tell anyone who screws up that they should have known better), but support costs money too. Especially if they're supposed to talk and understand English..

    3 - risk. Doing stuff at political level is incredibly difficult to keep straight. Granted, I've seen the public purse milked in a fantastic fashion, but the honest guys don't even get a look in because they cannot afford the insurance. When someone screws up it's usually the supplier who gets the bad press first, even if they did a good job. That is partially why especially the current government has taken so enthusiastically to very costly consulting: anything blowing up is thus never their fault (didn't work for expenses now, did it? :-)).. It gives them someone else to blame, even if specs and contract management are actually the government's responsibility to manage anyway. Risk represents IMHO the main body of costs, and is the prime excuse to hit the taxpayers for a lot of extra dosh.

    4 - for the conspiracy theorists: jobs for the boys. Cosying up to the decision makers costs quite a bit of money, especially since it all has to be kept under wraps for a few years until they can "retire" into a cosy job towards pension. If they really want to clean up UK government it would be interesting to analyse where all the buyers go up to 5 years after leaving civil service. But that would obviously harm their own shot at retirement.. No idea if this really still happens, but I have seen some real oinks employed in implausible places. This appears to be teh only possible explanation.

    So there.

  53. Anonymous Coward
    Pirate

    @ Alex Osmond:

    ". Note that the partners in this exercise are not just government agencies, or the Cap Geminis of this world, out to make a fast buck from the taxpayer, but Barnardos and KIDS."

    Anyone caring to look up the annual reports of Barnados and KIDS can see how much money they get from the taxpayer and their announced targets for getting more. The words 'producer capture' mean nothing to anyone?

  54. Anonymous Coward
    Alert

    Gov IT is crap, already had to complain to them!

    There is a national system that allows parents to recieve info and updates on their kids school progress, I forget the name right now. I noticed my Missus fire it up the other and noticed there was no SSL on the site. This site allows you to find out exactly what class school your children are at and what they will be studying and their teachers details.

    I told my Missus to go straight in to the school and complain that "there is no padlock on the website". She did and she was told by the local authority IT boffin, I quote:

    "Oh that old thing, you only need a padlock when you have financial transactions. You have a password so it's encrypted and your details are safe."

    WTF!!?!?!

    She said that was rubbish and she demanded to be put up higher to someone who had a clue. After 8 days, she was told it was sorted and indeed it was. The site was SSL enabled. Why did someone have to notice it and complain? Why wasn't this factored in from day one?

    This is the sort of thing we are fighting against, utter cretins of the first and highest order in charge of government IT. Give it 3 months before details from ContactStore/Point whatever, are hacked or left on a USB key on a train somewhere!

  55. Anonymous Coward
    Anonymous Coward

    The biggest vulnerability

    Is the fools who conceived it, why in Gods name do they have to register every child on it?

    & why are some more equal than others in terms of security?

    & how long before the data is lost or hacked?

    What prize tossers.

  56. MinionZero
    Stop

    Children grow up, its eventually everyone's database.

    "I understand that MP's children and those of 'celebrities' will be shielded. Surely it's either secure enough for all children to be listed on or it isn't!"

    It shows they consider their own children more important than the children of their powerless minions. It also shows their lack of empathy for everyone but themselves. Oh they can use excuses of kidnap fears due to their wealth, but everyone's children can be at risk from the minority of hostile people in this world. But once again, the political elite show up their key core behaviour of lack of empathy for everyone but themselves.

    As for this being just a children's database, it over looks the fact children grow up. So its effectively a growing centralized database of everyone in the UK, which is their real goal. Give it just a decade and its a database of everyone under 28 years old. At that point they cover the majority of politically active protesters, because beyond that age there will be less protesters, due to factors such as becoming more restrained and with more responsibilities in life like jobs, settling down and starting their own families etc.. Plus each year it grows to cover ever more of the population.

    Also its one more political step in educating the population into acquiescence over centralized databases and constant state monitoring into peoples private lives. (Plus how long before this data is leaked to other governments and businesses via info leaks).

    Plus its all sold to us on the basis of it will protect a minority against crime and so the majority have to give up their rights to freedom because of that minority. If they brought in criminal punishments to stop the minority, then the majority wouldn't have to suffer being lumped into the growing police state. But then the rich and political elite consider us all below them and so must all be watched, while they shield their own young.

    The solution to protect everyone is to bring in stronger laws to punish Narcissistic Personality Disordered behaviour where ever they cause harm to others, but then the political elites own kind would get caught in that net, as demonstrated by the current arrogant, Narcissistic greed and fraudulent contempt for tax payers money shown by the current political elite. That's why they will never bring in laws to clamp down on Narcissistics and its why we live in such a unfair unsafe hostile world.

  57. Alex Osmond
    Go

    @ Pirate AC, 11:50

    I now claim the gift of second sight.

    You were prepared to quote my sentence about Barnardos and KIDS, to make way for your own cynical comment, but ignored my words only 2 sentences later :

    "Although I'm sure some conspiracy theorist will leap to contradict me...."

    What a sad bunch you seem to be, all lining up to knock the concept without any attempt at constructive criticism.

    1. It would be a plus if childcare professionals had some means of identifying others who had had contact with a child they have some responsibility for, so they can cross reference with other proffesionals where they have grounds for suspecting abuse etc.

    2. Technology might be able to provide an enabler - not a solution in itself, but something which will help facilitate the above happening.

    3. ContactPoint is an attempt to provide that enabler. Maybe it's the wrong answer - but if you think it is then do you have a better idea? Could technology provide some help with this problem, and if so then how?

    Anyone up for the challenge? Anyone ready to be positive.....?

    On your marks, get set, Go.

  58. Anonymous Coward
    Black Helicopters

    Data Protection Act?

    It's a computer database. What happens if all parents file a subject access request on behalf of their children to check the accuracy of the data being held? Of course, every single request would have to be checked to make sure the parent in question wasn't a danger to the child, so the process couldn't be automated.

    Where is the seed information for this database sourced? School records (not every child goes to school)? Health records (if you're not sick you might not have seen a doctor for some time)? Birth records (doesn't give current address)?

    Are they going to ask parents to confirm basic details or is it going to be a big work of fiction cobbled together from a patchwork of possibly-suspect information?

    I'd follow the example of Tom on the No2ID forum and generate some paperwork with my local authority, but due to personal circumstances there's a chance that they don't have much, if any, information on my family and I don't want to raise a profile until they confirm that we're known.

  59. Cameron Colley

    Every child, Surely that makes it harder to use

    How will they tell John Smith from John Smith from John Smith... ? You don't get an NI card until you're 16, and not all kids have passport numbers -- so how do they know which child is the one who is being seen by which social workers?

    Not that they care, of course, since there is no real point to this other than earning a few backhanders for those involved.

  60. Anonymous Coward
    Stop

    330,000 Authorised users

    None of whom will, of course, be divorcee parents looking for their own children...

    There is no need to access addresses on this system, beyond, perhaps the city or borough - the various authorities using this system will already have their address, or if not can contact whichever other party (doctor, social sevice, police etc) is listed in the child's database entry if they have a legitimate need for it.

    Sheesh. Two minutes thought solves half the problems here.

  61. John Robson Silver badge

    Easier to spot kids at risk if they're the only ones there...

    Surely?

    I mean if we're looking for this to be useful then police/protection agencies should be able to search/add details of people with whom they have contact.

  62. MinionZero
    Stop

    Records all parents in the UK as well...

    Cameron Colley: "How will they tell John Smith from John Smith from John Smith... ? You don't get an NI card until you're 16, and not all kids have passport numbers -- so how do they know which child is the one who is being seen by which social workers?"

    The answer to this is easy. They just record the parents as well as they are listed as the legal guardians. But the government line is that its really just a database for children, honest! ... yeah right, after all, it will only have every parent in the UK on the database along with their contact addresses and other details! ... in one centralized database, accessible by 390000 people!!!

  63. ElFatbob

    Re: Alex Osmond

    'But just ask yourself one or two questions before you continue to slate this project.

    First, is the underlying intent behind the project a valid one?'

    I'd suggest that a prior question should be 'is this the right solution to the problem?'. A large number of us are still not convinced that a centralised database is the solution to the problem, let alone one with details of all children (in England & Wales) and accessible to 300,000+ people.

    'Glum face to reflect my disappointment in the relentless negativity of my fellow Reg readers'

    There is a reason for this. The government and public servants in general have shown themselves incapable of looking after the centralised data they already harvest.

    Add this to the government obsession with projects, policies and initiatives that require them to monitor just about every aspect of out lives, the unnacountable mission creep of existing system and it seems quite reasonable that people react negatively.

  64. W

    Save £43.95m.

    "...annual running costing of around £44m a year. Contact details on an estimated 52,000 at-risk children will be shielded."

    So ~ £850 per year for each of the 52,000 sets of contact details?

    Sounds a bit steep to me.

    Details for 52,000 kids? You could stick that onto an Excel spreadsheet on a non-networked 486 machine with no USB, no floppy drive, no CD/DVD drive and no mem card reader, running Win3.1, in a well padlocked room, and give just one or two dedicated staff access to it via the padlock key.

    You want some of the info? You have to go through one of the two folk with access.

    I'll donate the hardware, software, and padlocks. Gov can pay the two staffers 25k each. Remove security issues. Save £43.95m.

    Simples.

  65. Anonymous Coward
    Go

    @Alex Osmond

    Oh do grow up Alex.

    So anyone who does not agree with YOU is therefore a conspiracy theorist? I now claim the gift of second site, you sir are an idiot!

    You seriously think this CP DB will be used for the purposes, lying cheating MP's tell you do you? Given there is NO casework or even school records entered into this system...if a lax social worker were to 'forget' to enter date and time they saw a child...how does that fix the issue?

    I have not read, heard, or otherwise, rules or regulations for people with 'access rights' to this system that state they 'must' enter a diary date...as purpotedly that is only what will be recorded.

    As you extol the virtues of this system, please then explain, by Cambridshire LA own admission that shielding a child will reduce the effectiveness of provision of service - it is an oxymoron. Go look at the link provided above for NO2ID and read again the response from that LA. Understand this...most normal children or those without needs of services will apparently just sit there...but those that are in need and thus sheilded will have provision of service reduced - they admitted this!!

    You need to try harder...

  66. Anonymous Coward
    Anonymous Coward

    @Alex Osmond

    "That's the gap ContactPoint aims to fill - if a childcare professional is able to see that others have also had contact with a particular child they can contact those professionals to find out the details. The intention is that it helps them to join the dots and see the bigger picture."

    Wouldn't it be simpler and cheaper for childcare professionals to simply presume that any child they have contact with may have previously been contacted by other agencies, and then simply contact those agencies to see if they have any active cases?

    A couple of extra 'phone calls and some sharing of case notes doesn't cost £44m a year.

  67. William Boyle

    How much time?

    My guess (bet) is that it will take about 2 weeks before it is either hacked, or leaked to the wild. This is just a SWAG, since it might already have been done.

  68. Pat

    Alex Osmond

    You really don't seem interested in constructive solutions at all, just in pushing the idea of this shiney-wonderful database and 'won't someone think of the children'.

    As has already been pointed out more than once, the only children that may need to have their details on such a system (for the purposes of co-ordinating services from different organisations) are the one that have been identified as being at risk.

    Your take on this appears to be that ALL children must go on the database, so IMO choices appear to be:

    - you think ALL children are at risk (makes you a fool!);

    - you think ALL children must go on the database so that when a 'John Smith' is identified by one agency as being at risk little Jonny can be confused by the same and other agencies with 40 other 'John Smiths' (makes you a management consultant);

    - you think ALL children must go on the database, apart from the children of the rich, the famous and the politically connected of course, so the government can do their job by compiling a list of children to go on the NIR at some point regardless of increasing the risk to these children (makes you a sick political creature).

    Tell us Alex, specifically what is your reason for putting ALL children on this database?

  69. Dark Horse

    okiedokie

    I'll have no problems with this database as long as I personally receive the following information:-

    The names, addresses, telephone numbers, photos, and fingerprints of every person that has access to the database information collected about my children.

    Hmmm...

  70. Pat

    @Alex Osmond

    Who is it you expect us to trust with this unnecessary level of intrusion Alex?

    A little reminder how our political elite actually value and care for the vulnerable over whom they have power.

    'Hodge apologises to abuse victim'

    Extract = "Mrs Hodge led Islington Council from 1982 to 1992, when it emerged that children in the council's care had been abused.

    She has been accused of failing to act, despite receiving warnings - an allegation she denies."

    http://news.bbc.co.uk/1/hi/uk_politics/3270149.stm

    Extract = "Mrs Hodge was in her final year at Islington when, on October 6 1992, under the headline The Scandal at the Heart of Child Care, London's Evening Standard newspaper alleged that young people in Islington care homes had "descended into a life of degradation and exploitation". It said suspected pimps were having sex with children and that youngsters in care were being seduced into drugs, homosexuality and prostitution."

    http://www.guardian.co.uk/politics/2003/jul/04/uk.schools

  71. Matt

    @Alex Osmond

    I take your challange.

    "1. It would be a plus if childcare professionals had some means of identifying others who had had contact with a child they have some responsibility for, so they can cross reference with other proffesionals where they have grounds for suspecting abuse etc."

    Does the database actually improve upon the situation? Or could the situation be better improved by increasing the number of care workers instead of squandering resources on irrelevant technology?

    Would it not be more efficent to have dedicated case workers who manage only a small number of case workers along with a crash team? If something is suspected you refer it to the crash team who should be able to work on a problem immediatly (have people available to interview and having internal systems that keep information on active and past case loads).

    Does such a database simply provide a "tickbox" mentality where if there's nothing of note in the database then there's no problem? Such systems often lead to a certain degree of lazyness.

    "2. Technology might be able to provide an enabler - not a solution in itself, but something which will help facilitate the above happening."

    Is it the right technology? How does it really help? Does it help anymore then good care workers with reasonable work loads? Do the benefits of such a scatter gun beat the benefits of having a few dozen more professionals? Could money be better spent on counselling and training for workers in the sector?

    What are the downsides? Lots have been listed by others, more then I can be bothered to browse through.

    "3. ContactPoint is an attempt to provide that enabler. Maybe it's the wrong answer - but if you think it is then do you have a better idea? Could technology provide some help with this problem, and if so then how?"

    I have a great number of better ideas,

    Improved training.

    Increased numbers of social workers with specialised training.

    A change in culture towards the social care and mental health care teams.

    A redirection of funds from police to social care (as a number of criminal problems seap from social care problems.)

    Increased community awareness of what can be done to help those in trouble.

    A reduction in the peadophile mania where people with an interest in caring for children and teenagers are viewed with a quiet distrust by society and the media.

    Improved localised systems for cases.

    Improved cross departmental communications (not a list of numbers but face to face communications, people in all branches need to know that there are central numbers to call in case of incidents - such as a local specialist team possibly with members from multiple proffesions (medical/social/psychiatric/criminal/educational) that is always on call (yeah you'd need more then one person per discipline).

    Counselling and support for those in the profession so that they don't end up leaving after a year or two due to the stress and horror of the job.

    However most of those things are a bit to expensive (kids arn't that important apparently just good for a few news stories and a bit of propaganda) and the powers that be much prefer to look as though they're doing something as opposed to actually doing something helpful, and yes sometimes it's far better to do nothing at all then do something stupid - contactpoint is pretty damn stupid. For a number of reasons, however it's a pretty awsome elephant.

  72. Anonymous Coward
    Thumb Down

    if it's so insecure will somebody please crack it and delete all the data

    It's the only way we can be safe.

  73. This post has been deleted by its author

  74. Dennis
    Thumb Down

    @Pat

    "specifically what is your reason for putting ALL children on this database"

    I don't think the database will be secure.

    I don't think it wil adequately address the original problem.

    But, there is a reason to include all children on the database. It is possible to highlight exceptions. A child registered with a GP but not with a school. I could be that they are being abused and they don't want teachers noticing the bruises.

    While it is possible to include every child that is born in this country what happens about those that arrive by planes, boats and trains. Unless you include every child who arrives in this country as immigrant or tourist the database won't include every child. Remember Victoria Climbie arrived in this country aged 7 and on a false passport. Until she was first taken to hospital she wouldn't have appeared in the database despite haveing been in the country for eight months.

    Insecure and a waste of money.

  75. Matt

    well

    To further Pat's comment

    http://news.bbc.co.uk/2/hi/uk_news/wales/south_east/8055067.stm

    This highlights that even now our systems are fundementaly broken and it needs something radically different to a database.

  76. sleepy

    idea

    How about if the 300,000 users only had write access the database, and a single professional responsible for each given child's database record has read access? The 300,000 can send a message to that person to voice their concerns, but can't automatically discover who it is before such message is sent?

    Wouldn't that provide auditable accountability, together with the possibility to automatically identify statistically at-risk children and focus attention on them? Or is it too much like responsibility for politically correct jobsworths?

  77. John Smith Gold badge
    Flame

    Why a bigger haystack?

    It just makes the needle harder to find.

    52 000 in how many millions of ordinary needs children, who have no need to be on there.

    "Might be the wrong John Smith." You're kidding me. This was not addressed in the design from day one? Same identifier, different kids. Or is this where they first issue the NIR unique ID #?

    Adopted and foster children might be known by different names. Quite right. Same problem in reverse. So what did the designer do about it? Did they consider most foster children will be know by their *current* foster parents as that last name, with previous last names deprecated? But more correctly did they talk to someone who could set a *policy* on what to do that would stick and which everyone knew.

    I'm sorry in advance for what is about to happen to some parents. So *many* unnecessary names on this database makes at least 1 *very* nasty incident a virtual certainty within no more than say the next 12 months. I wonder what the Government's excuse will be? The bottom line is this system *enables* a great deal of access to a very large group of children, who would not be readily accessible at all, to some characters with *very* questionable motives. It is another case (RIPA, ID cards) where the *stated* scope and goals have very little to do with what's been delivered. If this government were a child I'd say they had poor impulse control and some fairly clear signs of antisocial personality disorder. The sort of child who should be on this database. The sort most parents would not want their kids playing with.

  78. Bryn Evans
    Thumb Down

    i'm glad -

    that my children have grown up and my grandkids will probably escape this due to the usual

    bungling and delays in Gov. IT .

    I give it less than a month of going live before the first data "escapes", assuming it is not already in the wild.

    Then listen to the well practiced "sorry" line and the lo-oooooo-ng wait for heads to really roll.

    And, Oh yes, what a waste to delete the entries when the kids are 18+ when we have the start

    of a ready made, unverified, National ID system.

  79. Alex Osmond

    Good news, bad news....

    Good news - my previous posting (12:21) has attracted several responses, which was what I asked for after all.

    Bad news - not one of them has attempted to provide the sort of constructive viewpoint I was asking for. And at least one (yes Pat, I mean you) doesn't appear to have sufficient command of English to understand anything I was saying.

    Actually there was one suggestion - thank you to AC 13:37 - but it misses the whole point.

    "Wouldn't it be simpler and cheaper for childcare professionals to simply presume that any child they have contact with may have previously been contacted by other agencies, and then simply contact those agencies to see if they have any active cases?"

    In a simpler world that might be feasible, but, rightly or wrongly, there are numerous local agencies which might have contact a child (do you ring round every GP and A&E in the area to see if they've had the child in to deal with injuries?), and social workers and the like, whatever you may think of them, have very busy workloads. Can you see why this isn't an option?

    To AC 13:27 who claims the gift of "second site" (sic) and wants me to grow up, well, what can i say? My views on the problem ContactPoint is attempting to address are not derived from "lying, cheating MPs" (does it occur to you that you may be confusing your issues a bit?) but from other (and in my view more reliable) sources. Of course the system will only be as good as the use that is made of it, it's only a tool like any other. But perhaps you were taught to think this way at the Universtiy of the Bleedin Obvious?

    You suggest I "extol the virtues of this system". Emmm.....where? I actually say that CP may be the wrong answer. If you want to comment on my posts can I suggest you try not to make stuff up as you go along.

    ElFatbob - You suggest the prior question is to ask if CP is the solution to the problem. Emmm....I take it Business Analysis isn't one of your strong points? You have to define the problem before looking at solutions. i was trying make sure that we were all talking about the same problem.

    You also, along with many many others here, want to condemn all government IT projects out of hand. <sarcasm>Because, as we all know, all public IT projects are total failures whereas the private sector is a shining example of success every single time.</sarcasm>.

    Blinkers off please. Some IT projects, public and private, fail, some succeed, most muddle through. Why doesn't the media report on successful government IT projects? Do you really need me to answer that question?? Can I suggest you seek your views on the world from sources beyond the Daily Fail.

    BTW, I am open minded about these things. I do not believe that personal data should be captured and held unless there is a demonstrable reason for doing so. For which reason I am vehemently opposed to the NIS and ID cards, and I pay my subscription to NO2ID because of that belief. Equally I find this obsession with government IT systems bewildering. The big Credit Reference Agencies hold scary quantities of data about each and every one of us, and are not subject to the sort of external scrutiny that government departments are. You'd do well to be worried about them too.

    And then there's Pat. Oh Pat, thank you, you gave me the best laugh I've had all day.

    I'm guessing that I'm quite a bit older than you. When I was at school we had to do something called comprehension tests. To prove that when we read something we'd taken it all in and understood the message within the text. You didn't have them, did you? Or if you did your poor teachers must have despaired.

    Read my post again. Try - really try - to understand what the words mean. Maybe you'll find a grown-up to help you. Then look at your response again. And tell me, in simple terms, which bit of my text says that I believe all children must go on the database.

    And that's why I won't be able to tell you what my reason is for wanting all children on CP - because I don't think that and I've never said it. Once.

    OK guys, I'll have one more go. In nice simple language that (maybe) even Pat can understand.

    Victoria Climbie and Baby P (and many other less high profile cases) have shown there is a business need for childcare professionals to be aware of the contacts a child has with other services. Does anyone want to dispute that?

    If that's accepted there are two basic choices - do nothing, and leave things as they are, or do something.

    Personally I don't think doing nothing is an option. Doing 'something' probably involves several strands, many of which are not technology related - better training, structural reorganisation within local authorities, changes to working practices etc. Each may make some improvements, but none is a definitive 'solution'.

    So can technology also play a part in building up these improvements? DCSF have said yes to that and ContactPoint, rightly or wrongly, is part of their answer (there are other systems too). It's easy to point out the flaws in CP, as so many above have done. But does anyone have a positive suggestion for how technology could be used more benificially?

    I will tell you one thing - the concept of ContactPoint is actually welcomed by a large number of local authority staff working in this field. Whether that welcome lasts when faced with the reality of the system remains to be seen. But the need for what CP is trying to do, as opposed to the CP system itself, should not be doubted.

    Can we have a "I'm fed up explaining the same thing over and over to morons" icon please?

  80. Cameron Colley

    @MinionOne

    While I'm certain that parent's detail will be phished for, that still doesn't identify a child.

    We all know that the only way this works is with cross-matched DNA records. I'm a tinfoil hat afficionado, but I don't think the morons thought it through that far.

  81. Pat

    @Alex Osmond

    Approx 1000 words for evasion, misdirection and ad hominem attacks; IMO that make you a political troll.

    Evasion - CP is intended to contain details of ALL children; I got that from the Reg story - comprehension, innit? You support CP and are unwilling to be specific about this particular requirement.

    Misdirection - Before being killed Victoria Climbie HAD been seen by social workers, police and medical staff, and there HAD been interaction between them. The same applies for Baby Peter. Yet here you are trying to make out your CP would have made a difference - from what political party have we heard that lying propaganda before?

    http://www.telegraph.co.uk/news/uknews/1385396/12-opportunities-missed-to-save-Victoria.html

    http://www.telegraph.co.uk/news/uknews/baby-p/5270053/Baby-P-could-have-been-taken-into-care-months-before-he-died-claims-Panorama.html

    ad hominem - Well thanks for the condescending attack - again a familiar methodology. I thought if I mentioned Hodge's past I would get a rise from the usual suspects. Political-fish in a barrel.

    For anyone who wants to argue with this guy I recommend you also make an effort to write (on paper, not email) a letter to your MP about it - IMO Alex won't want that, but chances are that at the moment your MPs will be eager for anything significant to take the heat off them.

  82. James
    Stop

    Charities??

    Am I right in saying they are allowing CHARITIES access? What the fuck?

    Charities?

    Aren't charities just concerned members of the public? (albeit more organised and better funded)

  83. FoolD
    Alert

    Re: Alex Osmond

    No-one is saying nothing needs doing - just that this is not the correct solution.

    The majority of complaints on here relate to there being no good cause (and plenty of concerns over) the details of *all* children being on this database. I'm certain, where it's justified, no-one is seriously saying departments shouldn't have a methods of sharing data better. However, data should only be kept when & for as long is is justified and, considering the sensitivity of such cases, restricted to people - at least remotely - active in the children concerned. Things lacking from this system.

    As it stands the whole scheme reeks of an en-masse data-grab, pushed through against objections, and that has nothing to do with protecting children - however, it is *almost* amusing to see the "think of the children" lot being hoisted by their own pitard in response to this.

    Maybe common sense is back on the rise ... we can but hope.

  84. jake Silver badge

    @FoolD

    "Maybe common sense is back on the rise ... we can but hope."

    We can hope.

    I find it quite amusing that "Alex" chose not to reply to mine ;-)

  85. Anonymous Coward
    Thumb Down

    @Alex Osmond

    You might get further with commentators on here if you weren't such a condescending prick!

    Saying things like: "OK guys, I'll have one more go. In nice simple language that (maybe) even Pat can understand."

    Who TF put you in charge?

    The BIG problem with CP is mission creep - the point is we, as parents simply do not trust whitehall to use and safegaurd our and our children's information in the manner in which it is gathered, stored and used. It is as simple as that. The argument for having all children on this system is based on 'just in case'.

    Well, as a parent, and an IT professional that is not good enough for me to protect the most precious aspect of my life - my child. From the way in which you Alex are talking, it does not appear you are a parent - for if you were, you would know where we are coming from, if you are a parent and I very much doubt it, you appear from your arguments to be putting state ahead of love.

    My child has never had the need, nor do I foresee that they will have a need for 'contact' with anyone other than perhaps, optician, school, college, dentist, Uni. That to me is normal - and I for one simply do not want my child indoctinated into a NIR by the back door for the purposes of just in case.

    If a glorified address book is the answer to all the Victoria and Baby P problems of this country, then our servant ministers are either delusional or blind.

    I would look for another icon to describe you Alex, but there is not one. Please go back to your parliamentary research or spend your time looking through 51,000 entries in google of 'condescending attitude gets you nowhere'.

  86. Matt

    @ Alex Osmond

    Actually you appear to have missed my laundry list of suggestions.

  87. Robert Harrison

    In summary

    Before CP: My 2 kids are known to me, my wife, some friends and family, GP, local hospital, local school, HMRC, child benefit office.

    After CP: Any one of 300,000+ dullards who fancy an idle trawl of the database today/tomorrow.

    Hmm, which one is more secure? Which one do I have at least some sort of idea of how/where my data is/being used? But then I'm just 1 out of millions of people right? Security through anonymity in that sense, nothing to hide nothing to fear right?

    The great social conditioning experiment rolls on...

  88. Alan Parsons
    Thumb Down

    Bet it's full of wrongness too

    My kids were born at home, and we declined the health polic^H^H^H^H^H visitor 'service'. (They don't advertise it, but you have that right, at least for now.) We have little to no contact with GPs as wer'e a healthy bunch, personally I've only used the NHS when I've woken up in their care! My point is my kids haven't seen a doctor since I can remember and we moved house some time ago.. We've not registered at a new GP, cos they've not yet been sick, and neither of them are at school yet - so how does anyone know where we are? If we're on there at all, it'll all be wrong, how many others could this be the case for?

  89. Anonymous Coward
    Anonymous Coward

    @Alan Parsons

    I'd bet that'd raise a few red flags on their systems

  90. chris kelsey

    @Alex Again

    "In a simpler world that might be feasible, but, rightly or wrongly, there are numerous local agencies which might have contact a child (do you ring round every GP and A&E in the area to see if they've had the child in to deal with injuries?), and social workers and the like, whatever you may think of them, have very busy workloads. Can you see why this isn't an option?"

    Heaven forbid that taking care of children might involve making a few 'phonecalls. A simpler system would one which centralises the information only of children who have had contact with the police or GPs or A&E or social workers etc - rather than *every* child in the country. Smaller database, faster searches, more efficient use of technology. It limits information held to only those children who are actually at risk or already in bad situations; it limits access to the people in the local area who might have a legitimate reason to access the information; it curtails the tendency towards mission creep inherent in all of these government IT projects.

    The money saved could be used for better training, more social workers, implementation of better information sharing protocols. Basically, spent on anything other than a needless (and needlessly expensive) address book of kids.

  91. Anonymous Coward
    Thumb Down

    ContactPoint is a disaster waiting to happen

    ContactPoint has been live in some parts of the country for months. This has been described as a "trial" but used real peoples' data. All the bugs and security holes we tested on that data. Teachers in Kent have had access for ages.

    The ContactPoint manager for my council denied that children of MPs and celebrities would have their details shielded. She even said it with a straight face. It brought a tear to my eye because I honestly think she believed it.

    There is no central guidance on how records can be shielded and most councils are formulating their own rules. This means its postcode lottery time for your personal details!

    If your child's details are shielded you have to renew it every 6 months. If you have a genuine need for your details to be shielded (ie your child is adopted) you now have the burden of stacks of paperwork every 6 months ... with no guarantee that it will be processed properly.

    ContactPoint is a disaster waiting to happen. The clock is now ticking ...

  92. Anonymous Coward
    Thumb Down

    @Alex Osmond

    One further point Alex...

    This CP system has had it's information input, we are told from various sources, but do not explain what those sources are. I have, yesterday made a SAR (Subject Access request) to the DCSF and my local council to provide me with all the information they hold about CP.

    I have done that because neither me nor my wife have been asked, nor has my child (and any official should ask my permission if questioning my child) for the information which CP holds. So where has this information come from, who has verified it as accurate - I have not nor has my wife, nor has my child.

    So 'extolling' the virtues and legitimacy of this sytem which you do, so blinkered in your approach, how can you say the information it holds is correct to say it's a starting point. you see that is one of our many issues with this system - even the information it holds we have not verified, which puts this system in the position of untrustworthy.

    Garbage in, garbage out is the mantra.

  93. John Smith Gold badge
    Flame

    How many people does it take to kill a child?

    In the UK quite a lot.

    Police officers who can't arrest parents.

    Teachers scared of being accused of being racist or nosey or both.

    Doctors who can't spot broken bones.

    Health visitors who don't see the children they are meant to be visiting.

    Social workers who believe parents excuses.

    Social workers who are basically contractors.

    Social workers who had a 2 day training course to teach them a totally different way to manage problem families.

    How many people would it have taken to save Peter or Victoria's life?

    1.

    Who cared and had the authority to act. Who could spot f%$%£d up parents were f%$king up their children. Note that word "authority".

    On average 1-2 children a week die in the UK. This figure has stayed at that level for the last 10 years. Almost anything which lowered it would be a good idea. I *strongly* doubt this will be it

    Intelligent comment making will resume when I calm down.

  94. Anonymous Coward
    Anonymous Coward

    Security holes

    @Robert Harrison

    "Any one of 300,000+ dullards who fancy an idle trawl of the database today/tomorrow."

    I put this to my local ContactPoint manager and she dismissed it for the following reasons :

    1) All users are security checked

    2) All users are 'Professionals'

    3) The system can spot fraudulent activity

    4) Users would lose their job if they abused it.

    Therefore there will never,ever, ever be a single person mis-using the system. The end.

    However the truth is :

    1) Security checks will not prevent someone using the system as a favour for their mates.

    2) Cops and MET Pathologists are 'Professionals' so it is clearly no guarantee of their honesty.

    3) The system may be able to spot trends or "out of area" searches but is never going to spot a single dodgy search for a local child as it will simply not look strange

    4) That is true for most criminal acts but clearly is a weak deterrent. Working people commit crime all the time and don't worry about losing their jobs.

    The ContactPoint people are placing all their security hopes on mechanisms that have proved to be ineffective in stopping mis-use.

    And 300K users is just the start. I bet by next year this will be 500K ...

  95. ElFatbob

    Alex...

    Alex,

    I started to address the errors in your postings again, but decided that it was a waste of my time.

    Pat has summed you up perfectly: identifying your use of evasion, misdirection and personal attacks. Only thing i'd add is misrepresentation of what others have said.

    Your attempts at sarcasm are also very poor.

    Can we have a "I'm fed up explaining the same thing over and over to morons" icon please?

  96. Alex Osmond
    Happy

    @.....well, everyone who responded to Alex

    Firstly, to the AC who described me as a “condescending prick”.

    It’s a fair cop guv. I deliberately set out to be provocative about this subject to see what ideas were out there. At times I did go a bit OTT, so apologies to anyone I upset. (With the exception of ‘Pat’….)

    To date I’ve tried to take a neutral position and not stated my own point of view on ContactPoint, so the following may come as a bit of a surprise to a few people. I am opposed to CP. I’m delighted that one of my kids is too old to be included, and sorry there’s no way I can get my youngest off it (he’s getting near to 18 so might not be on there too long). DCSF won’t remove him, and the legislation allows them to take that line. I know, I’ve tried.

    The reasons for opposition have been stated ad nauseam in previous posts so I won’t go there, but I particularly liked the posts of John Smith and FooID.

    But I still believe the fact that CP has come into existence indicates a problem needing to be solved, and was interested in those suggestions which did emerge.

    Matt, sorry, I didn’t ignore you consciously, our posts crossed in the ether. You are absolutely right. Our wonderful government is, for reasons which continue to bewilder me, obsessed with bright shiny IT projects. Much of the money being poured into CP could be spent on the sort of basic suggestions you make, but it’s almost as if they think such things aren’t dramatic enough and therefore can’t succeed. In part that’s media driven (e.g. the ‘paedophile on every corner’ obsession you mention), in part I think it derives from ministers feeling that they have to be doing something BIG. (To be fair, maybe some of us would be the same – when you reach those exalted heights maybe there is a lot of pressure to be seen to be doing things – do we get the political system we deserve?)

    I think your only tech-related suggestion suggested improvements to local case handling systems. I’d be interested to hear you expand on that one and how it could help with the problem.

    The other ideas which intrigued me were those put forward by Sleepy (15:52, 18th) and Chris Kelsey (10:32, 19th). The former is still prey to accusations of unnecessary data capture, and both could have security concerns – but those will always exist. Does anyone think Chris’ suggestion has legs?

    Now - is anyone in DCSF following this?

    PS - Final add-on, as I just noticed query raised by AC @ 10:44 about the data sources for CP. As far as I know, and my knowledge is imperfect on this, the initial database is compiled using NHS records, birth registrations, DWP records (presumably child benefit claims?) and internal DCSF data (presumably schools etc.). It can then be modified at a local level by authorised users who have (theoretically) contact with the children concerned. Hope that helps.

  97. Anonymous Coward
    Go

    @All

    As I stated above, I have made a SAR to my local council and the DCSF. If it helps anyone out wishing to make a similar request, I paste below the body of my letter.

    You are legally allowed to make the request by email or snail mail. However, as you are most likely to need to send a cheque for £10, you are best using snail mail.

    I have made this request for two reasons - to see what is there, who has used it....and to check it's accuracy. I moved house in October last year. I have not been asked at my previous address or my new one for my details or my childs details for CP. Ergo, in my request, I only give my current address - this should be telling. When I get the info back, I will then decide how to proceed - but if it contains wrong info, I will be making a complaint to my MP again. I have been writing to my MP for over 3 years about this CP thing...and you would not believe the b*llsh*t that has come back to me from ministers responsible for this intrusive DB.

    Anyway, here is my letter, please feel free to copy paste and ammend to your own circumstances.

    "

    Dear Sir/Madam

    Under Section 5 of the Data Protection Act 2002 (“the Act”), I hereby make a Subject Access Request in relation to ContactPoint and request copies of all the information held about us and our daughter, together with a description of the purposes for which information is, or has been, processed and to whom the information can be, or has been, disclosed.

    I understand under section 7(2) (b) of the Data Protection Act 1998 a fee of up to £10 is payable; I enclose a cheque to that value made payable to Sunderland City Council. If this amount is not sufficient, please let me know, and I will send a cheque to cover the additional cost. If my cheque exceeds the amount you normally charge, please consider the leftover funds a donation.

    If there is a specific SAR form to be completed by ourselves, I would be grateful if you could forward that to us. Otherwise, you should promptly pass this request to your Data Controller. You have 40 days in which to comply with the Act.

    "

    Cheers.

  98. John Smith Gold badge
    Boffin

    How many calls is that.

    Guidelines for social workers recommend about 12 case per worker. Harringey staff had 25. Depending on the scale of a local area it might have several hospitals, possibly over more than 1 site. If it has none and you know a child has had substantial medical attention then include every hospital in the surrounding area. Say 3? If the child is on the PNC then 1 call to them, but perhaps 1 to each station to talk to the officers concerned. Say 6 stations if you cannot get the info out of the PNC. 1 to the school. 1 to the Health Visitors service if they are of age. Then multiply by the number of missed calls, re-directs to other staff, telephone tag. 11 calls / child. But each case might have several children. Assume an average of 2 children. That's 264 calls to ring round for 12 cases. Maybe 550 in a Haringey workers case. For comparison the normal benchmark for a telemarketing firm is 100 calls per day.

    A database might *look* a good idea at this point. Giving everybody a common, secure view of *cases* involving 1 or more children. Perhaps with automatic notification of changes. Less polling, more interrupt driven, to use an IT idiom. Management by exception.

    If only that was what was delivered.

  99. Anonymous Coward
    Anonymous Coward

    @Alex Osmond

    There are few "technical" solutions becouse the problem with our child care services is not one of technology, a few small parts of the system can be improved with better technology but as a whole the problem will only be solved by investing in staff, structure, culture and social awarness of reality as opposed to a sustained social panic.

    Attempting to apply a technical solution to a human and institutaional problem makes little sense, while new systems could be helpful in assisting a functioning institution the child care system as a whole does not function as it should.

    In reference to a case database (off the top of my head), each Local social care authority in reference to a case database it should contain case data/history for all archived, resolved, and active cases. A contact team for each authority should have minimal access to read which team is in charge of which cases and raise notes (maybe notes not attached to any current case or attached to a given record) this first point of contact should also have direct contact with a muilti disipline rapid responce team who can go to immediate cases (would only respond to Police or Hospital requests) may refer to police is it is an incident in process (domestic violence).

    Every case is assigned to a team who assign a lead case worker to the case, there will also be a reviewer whose responsibility is making sure all the case workers are filling in their reports correctly. The reviewer has overall responsibility for record maintenance and ensuring procedures are followed, the lead case worker is the main point of contact and has overall owner ship and responsiblity for that case, the rest of the team is there as support (they will all have their own active cases.) The team of course shall have a manager (who should be different from the reviewer), the manager has overall responsibility for their team, and their case load.

    At the end of the day it's a structural and staffing issue, fancy computers wont solve that.

  100. John Smith Gold badge
    Joke

    The shape of things to come...

    Citizen

    Under Section 4 of The Regulation of Investigatory Powers Act 2011 (The Jobsworth provision as it is popularly know) one of our analysts have monitored the following behavioural anomalies.

    1)You have failed to use the local NHS child birthing facilities, thus helping offset the investment in them in the first place.

    2)You have failed to accept the offer of the NHS visitors service, thus helping offset the investment in them in the first place.

    3)You have failed to register with any GP within you neighbourhood, thereby breaching your families duty of care.

    You are therefore required to bring all your children along to a Deviancy Assessment Panel, where the effects on your children may be determined.

    The Panel is fully CRB checked and consists of members from the Police, Teaching, Social Services and Health sectors who will investigate every detail of your children's development.

    Rest assured that although previous suspects have commented that many members are childless or unmarried, or both, all have been formally passed by the Government as being safe for children. This is usually more than their parents can claim.

    Please also note that on occasion the Panel may call in lay experts to further examine your children for more subtle conditions. They may have to take photographs and in some cases forward them to specialists abroad, or even specialist websites for group consultations. This is all perfectly normal.

    Your assistance in this matter is unnecessary but appreciated. You are reminded that failure to comply is an arrestable offence. Your children will be returned to you as soon as necessary.

    In the process of our investigation we have noted you have failed to volunteer for Identity cards for your or your family. We have notified the IPS accordingly.

    Office of the Child Finder General.

    A wholly independent agency of the Department of Health.

    “All of your children safely in our hands.“

  101. Andrew Duffin
    Thumb Down

    Because THAT worked so well before

    Health officials and schools?

    Oh God, please no.

    I have seen at first hand how careful they are (not) with passwords and such.

    This data will leak faster than a leaking thing.

    What this means basically is that anyone who wants to can find out all about your children.

    Fortunately (a) I have no children under 18 any more and (b) I don't live in England.

This topic is closed for new posts.

Other stories you might like