THINK OF THE CHILDREN!
UK Scouts database 'flaws' raise concerns
Serious concerns have been raised over the security of the Scout Association's database, which holds the contact details of 450,000 young people and volunteer adults, The Register can reveal. A Scout leader contacted the Register to express grave concerns that the association's Compass database is not secure, despite the …
COMMENTS
-
Friday 23rd January 2015 11:43 GMT Anonymous Coward
UK Scout Database
I'm Currently a scout leader and all the leaders i know are having major problems with being able to access the new compass system. we keep getting told "It will be sorted" but nothing seems to change. the system i feel is totally floored and they don't seem to care and just keep telling us it will be sorted.
no a happy Scouter
-
Friday 23rd January 2015 11:52 GMT Baldie
Re: UK Scout Database
Floored or Flawed? This worries me. As does the unpredictability of your shift key.
no a happy parent
I think I would be less worried about having my kids' data stored on a system where people could look up their birthdays than putting them in the charge of people with such little command of their language.
But I do realise I am old fashioned like that.
-
-
Friday 23rd January 2015 12:13 GMT djack
Probably not allowed to do a full test
Whoever did the testing (if any) was probably only engaged to look at the underlying Of layer and not the application itself. Or expected to test the system without being permitted to actually log in to the application.
I am faced with this quite often and am amazed by some customers' opposition to me doing the job properly.
-
Friday 23rd January 2015 12:16 GMT 0laf
Re: Probably not allowed to do a full test
They'll have panicked at the though of proper pen testing actually costing money and or the worrying prospect it might find something which would then need to be fixed.
Far better to get the developer to run an out of date, unlicensed copy of Nessus at it for 10min.
-
-
Friday 23rd January 2015 12:17 GMT Anonymous Coward
Define Accessible...
"Compass is not a publicly accessible system"
https://compass.scouts.org.uk
OK, so you shouldn't be able to sign up without a valid membership number, etc. but given the quality of the some of the data in the system it wouldn't surprise me in the least if some people have logins who shouldn't have...
-
Friday 23rd January 2015 13:56 GMT Tim Jenkins
Re: Define Accessible...
"...some people have logins who shouldn't have...."
and some people are scout leaders who shouldn't be.
(although my own unfortunate experiences were as a cadet with the St John Ambulance back in the 80s, which seemed to attract an even weirder bunch of 'leaders' than the Scouts did. Something to do with the black paramilitary uniform with silver Maltese Crosses, and the regular bandaging and CPR practice, perhaps. Yuch.)
-
-
Friday 23rd January 2015 12:18 GMT A Non e-mouse
Data Protection
"We have engaged highly regarded contractors and security experts to ensure that we comply with data protection legislation."
"We are looking to remove the ability for our managers to see data that is not directly relevant to their role"
Someone needs to re-read the basics of UK data protection law: ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/ - and fire their consultants.
Proper access control is a fundamental part of data protection and should have been baked in at the drawing board.
-
Friday 23rd January 2015 13:15 GMT NogginTheNog
Re: Data Protection
I expect the software will have the ability to provide full access control to whomever you wish. The failure will have been during the implementation something along the lines of this:
Implementers - "Right, we'll need to create access control groups with suitable granular levels of access and carefully audited membership"
Scouts people - "oh just set up the one group and bung everyone in that, that'll be ok won't it?"
-
-
Friday 23rd January 2015 12:22 GMT A Non e-mouse
CRB
Every adult using the system will have been thoroughly vetted via a criminal records disclosure check
1 - It hasn't been called CRB for several years. It's now DBS. (Disclosure and Barring Service) Something the Scouts should plainly know.
2 - A clean CRB/DBS check does NOT mean the person is not a ne'er do well. All it means is that the person hasn't been noticed and recorded by the authorities yet. Ian Huntley anyone...?
-
Friday 23rd January 2015 12:36 GMT Terry 6
Re: CRB
Absolutely, I've never though of CRB/DBS/Whatever they will call it next as being anything but a protection for the authorities, not the kids, other than as a by product of the main purpose. Which is the usual one of the people with suits making sure that they don't get blamed for stuff that goes wrong.
All DBS/... means is that the person hasn't been caught yet.
It's a good idea to have background checks. But these are really no more than a minimum.
-
Friday 23rd January 2015 12:59 GMT Lusty
Re: CRB
It has nothing to do with protecting the authorities, the authorities would do just fine with or without the checks. The purpose of the checks is to allow the service (scouts, schools, whatever) to continue functioning after a bunch of morons get in the papers saying "something MUST be done!" without fully thinking through the practicality and privacy issues of actually doing something. These checks are as far as you could go without being overly invasive and costing so much as to shut down the whole system - they do, however, nicely deal with responding to those whose words would otherwise close everything down.
The reality is that some people will always get into positions they shouldn't ideally get into. There is nothing practical that can be done to stop that aside from a weak deterrent. Our society is full of such weak deterrents - CCTV for instance, or the locks on your front door/windows at home. Neither stops the crime, they just deter the less determined from trying.
-
-
Friday 23rd January 2015 13:26 GMT Anonymous Coward
Re: CRB
Every adult using the system will have been thoroughly vetted via a criminal records disclosure check
1 - It hasn't been called CRB for several years. It's now DBS. (Disclosure and Barring Service) Something the Scouts should plainly know.
1.1 - They never called it "CRB"? It hasn't been called "I'm a pompous pedant" for several years either. Something the Scouts should plainly know.
-
Saturday 24th January 2015 03:13 GMT Anonymous Coward
Re: CRB
> A clean CRB/DBS check does NOT mean the person is not a ne'er do well.
And whether it is or not is a rubbish predictor of how good or bad they might be at working with children. I can think of a couple excellent parents and educators I know of with criminal records the size of a small library. Their experience¹ is something that children can learn from too.
¹ Well, some bits of their experience. Preferably not the parts about dodgy cheques or fake driving licences; although then again, you never know when that might come in handy.
-
-
Friday 23rd January 2015 12:47 GMT Pen-y-gors
No shit sherlock!
"UK Scouts database 'flaws' raise concerns - System holds records of ALL scouts in the country"
Wow, how could that be allowed to happen? Next we'll hear that the Upper Chudleigh Campanology Society database holds records on all members of the Upper Chudleigh Campanology Society. Shameful!
Out of interest, what would be the point of a UK Scouts database that DIDN'T hold records for all UK scouts?
-
-
Friday 23rd January 2015 14:24 GMT TallPaul
Re: No shit sherlock!
Quite so, that's the question that I've been asking myself. Historically groups held their own records, on paper. All headquarters required was an annual head count as they charged a capitation fee for providing their services to the groups. Seemed to work out OK for everyone.
-
Saturday 18th April 2015 09:02 GMT rnorman345
Re: The way we used to do it ....
I agree that by far the most secure way was when we used to keep records locally and only completed the census with numbers and no details; then HQ started to ask for names etc. I refused for years citing lack of security but it was inevitable as soon as OSM (OnLine Scout (and Guide) Manager) started up that the little green eyes at HQ would see their opportunity. As to testing: I am sure that the contractors hated it but we leaders were involved though I am not sure that results/suggestions, even from pros were taken into account. The testing process was flawed as was, I guess, the design. In the final analysis 'they' tried to do too much too soon; a 'start simple' system (and KISS) would have been better - say a membership system and then add the badges and then, if that works, link the two? Big smile.
-
-
-
-
Friday 23rd January 2015 12:47 GMT Anonymous Coward
Its horrid
It probably was secure on the day they did the security testing - it was probably in it's usual broken state and therefore inaccessible.
Of course they could have just arranged to come to a suitable arrangement with the system that the vast majority of Scouters use called OSM (built by scouters with a IT background for scouters) and had them add the extra functions the association wanted much like some other countries have. Instead they went and spent vast sums of time and money starting from scratch to create something that nobody I've spoken to likes.
-
-
Friday 23rd January 2015 13:17 GMT Owain 1
Re: Dib dib dib
I'd been a cub assistant leader for about 8 years before I realised that 'dib dib dib' should be 'dyb dyb dyb' and it stands for 'Do Your Best'. I assume the response was 'dob dob dob'. Note, this short term isn't used any more in Scouting. At our starting ceremony the leading cub shouts out "Cubs do your Best!". Then the Cubs all shout out "We Will do our best!"
-
-
Friday 23rd January 2015 13:26 GMT Valerion
Data Aquisition
We recently got sent a form from Cubs that we had to fill in with out son's and our details on it. I presume it was to get the data into this database.
The form itself was ridiculous. Mainly because instead of allowing space to write a Title, they had a list of titles that you had to pick from when frankly "Mr/Mrs/Ms" would have done. I have never seen such a huge list of titles, ever*
For the record, I selected myself as a Rear Admiral and my wife as a Duchess. It will be interesting to see if we get any correspondence addressed as such.
*And yet they missed out Sheik.
-
Friday 23rd January 2015 14:56 GMT Peter Simpson 1
Re: Data Aquisition
Funny about title choices on forms -- we went on a cruise recently. My son paid for his own cabin, and consequently, filled out his own form. Being of a certain nature (wonder where he got that from?), and noticing that one option for title was "Captain" (and having been a Captain in the Army), he selected that. All his mails from the cruise company were addressed to "Captain..."
-
-
-
Friday 23rd January 2015 15:26 GMT the spectacularly refined chap
Re: "Compass is not a publicly accessible system"
Somebody probably pointing metasploit at it right now.
So it isn't publicly accessible then. Entrance to our offices is protected by swipe card and/or getting past the receptionist if she buzzes you in. That's enough for us to generally consider the place not publicly accessible, the fact that anyone on the street outside can physically wander up as far as the front door does not alter that.
-
Saturday 24th January 2015 10:35 GMT Anonymous Coward
Re: "Compass is not a publicly accessible system"
Publicly accessible in IT terms means the system can be interacted with by any member of the public. Whether the interaction requires a login to proceed further is irrelevant in this regard. The system is publicly accessible for attacking which may provide access to the secure area.
A system that is not publicly accessible is not contactable in any way online, it is hosted on a private network behind firewalls.
To go with your analogy, in IT terms, your building is publicly accessible because the public can walk up to it and attempt to social engineer your receptionist or exploit your door access system. Were you in a truly private building - think underground military bunker with armed guards at a gate far from the door security systems and receptionist (the firewall), then you could consider your building private.
-
-
-
-
-
Saturday 18th April 2015 09:16 GMT rnorman345
Re: details of 450,000 young people and volunteer adults,
One of my ex ACSLs used to say of me 'you are a 9 year old Cub that just allows a few other 9 year olds to join in your game'; I am now 71 - just led my last meeting as BSL:( going deaf and it was not fair on the others; BP was a 9 year old Cub and he lived to 84; something in this Cubbing. :-)
-
-
-
Friday 23rd January 2015 14:27 GMT Anonymous Coward
A Spokesman Telling Porky Pies?
“Every adult using the system will have been thoroughly vetted via criminal records disclosure checks”, he said.”.
Well, that’s just an outright lie. Maybe an unintentional lie, by a misinformed spokesman, but it's not true.
Some roles and adult appointments in The Scout Association don't require a criminal records disclosure.
Moist notably, the role of "Group [/District / county] Administrator" doesn't have to have one.
*Parents* are also given a “membership number”, when they are entered against their child’s information. As I understand it, the “membership number” is the unique ID used for the database.
Provide the parent has an e-mail address entered as well, they can also access the system – albeit only to see their child’s data, and nobody elses – but they are an “adult using the system”.
-
-
Friday 23rd January 2015 19:12 GMT Anonymous Coward
Re: A Spokesman Telling Porky Pies?
Re: A Spokesman Telling Porky Pies?
Dsenior wrote:
"You can not be given a group admin role in compass unless you are a full appointed member , ie DBS / PVG done and Safe guarding modules completed".
That's not true either.
Policy, Organisation and Rules [of The Scout Association], January 2015 edition has a table of roles and appointments that need, or do not need, a Disclosure. Group, District and County Administrators are listed as not requiring a Disclosure.
This forum is messing about, and won't paste the link properly, so I've had to split it into two parts. Cut-and-paste-and-join these two lines to get a sensible link:
http://members.scouts.org.uk/documents/DocumentUpload/
Jan2015/POR_Jan_2015%20(All).pdf
Look at page 166 onwards - there are actually a lot of appointments that don't require a disclosure.
Indeed, if "Administrator" is their *only* appointment, and they don't have any other role that would mean they are engaging in "Regulated Activity", obtaining a Disclosure for them would be illegal.
Now it's possible, of course, that the implementation of Compass doesn't recognise that there are some adult appointments that don't need a disclosure...
-
-
-
Friday 23rd January 2015 14:34 GMT Keith 21
Compass has been an absolute unmitigated disaster right from the outset.
It is cumbersome, insecure, hard to use, and should have been abandoned.
To give you an idea - all Scout leaders are required to transfer all details of all their beavers / cubs / scouts / explorers into the Compass database before the end of this month. So far, so good.
They can do it using a bulk upload. Sounds reasonable.
Only, thing is, you can do ONE SINGLE bulk upload and that's all. Which is pathetic!
What if you want to do a small test bulk upload to ensure you get everything right, then do a full bulk upload afterwards of everything?
Tough luck, you can;t, the morons who designed the system won't let you do it.
Some fields are marked as compulsory, even though they make no sense and don't always apply - for example, the Compass database requires full contact details of TWO parents for any member - so if you are a single parent then screw you, clearly your sort are not worthy.
The system itself is cumbersome. To create an event, you must create the event, then you must invite yourself to the event, then you must accept that invitation, then you must approve that acceptance, and only then can you edit the event! To add attendees, one invites them, waits for them to accept, THEN one must accept their acceptance before they are actually fully accepted as attending the event.
The system is designed and implemented by people who have no knowledge or understanding of how to actually run a scout troop.
The Scout organisation have wasted millions of a worthless, insecure, useless system, and refuse to do anything other than continue to throw good money after bad.
Their original plan last year was to develop Compass and do a phased rollout, such that everyone was gradually added over several months, with the database fully populated n time for this year's "census".
Alas, as early groups were forced to use it, more and more bugs and instabilities came to light. The Scout organisation's response? To press ahead anyway, so that now the entire organisation are required to rush their members into a not-fit-for-purpose system which falls over under medium loads and doesn't actually do what is required.
Now, the pathetic thing is that a great number of troops already use an existing perfectly good system, designed, developed and actively maintained by a ScoutMaster who knows what he is doing. It is used by a great many local UK scout troops, as well as a few international Scout organisations, and works beautifully.
ScoutsUK, meanwhile, refuse to even consider using it.
Why?
"Not Invented Here".
So instead, they continue to force their volunteers to use a system which doesn't work, which is insecure, and which causes more problems than it ever solved.
The individual scout troop leaders? The majority put the bear minimum into Compass, and continue to use the existing excellent system for general running of their troops.
Well done, ScoutsUK, your pathetic shortsighted approach is causing major problems for your volunteers, all because you are too arrogant and proud to admit that given the contract to your mates was not the wisest decision.
-
Tuesday 10th February 2015 17:47 GMT Andy Miller
Most of what you say is true, the bulk upload was a bloody nightmare. Kept failing, no message about why. Took me most of Christmas to nail the damn thing.
However, one point. Two parents aren't compulsory. I thought that at the start, however I discovered the small print that says IF you enter a name for the second parent THEN all the fields for that parent become compulsory. Missing out the second parent completely is valid.
-
-
Friday 23rd January 2015 16:06 GMT YetAnotherLocksmith
"There is no evidence at all to suggest that there are any security bugs present in Compass that could grant access to data to non-registered users. We work with security experts to test the security of our systems on a regular basis to keep our data safe."
So if *you* haven't looked, they don't exist. Good one.
Funny, that doesn't actually work in the real world, any more than in the virtual - 'Ignore those trees, the map says that's a wood.'
-
-
Friday 23rd January 2015 17:15 GMT fourlights
ICO Anyone?
So anyone else around here think this should be an issue for the ICO? Surely a breach on such a system would constitute contravention of the DPA?
The guidelines are quite clear around information classification standards and governance of access to said information, whether the system is any good or not performance wise is irrelevant, granting of access to information of the highest classification can result in fines and prosecutions...
They'll even come to you for a chat about it https://ico.org.uk/for-organisations/charity/
Just sayin'.
-
Friday 23rd January 2015 17:20 GMT Anonymous Coward
Useless System
I have to agree with the other leaders who are being forced into using this "system", it is not fit for purpose and totally non-intuitive.
I have been using OSM for just over two years and it does exactly what I need it too - but along come the "management" who tell the leaders - the actual volunteers who enable the movement to exist - that they have to use more of their own time to update & maintain a sub-standard system.
Still I guess its the management tree, those who look down see monkeys and those who lookup see arseholes!
-
Friday 23rd January 2015 17:45 GMT Anonymous Coward
The Scout Association's (no)support forum for Compass, where hundreds of negative comments by increasingly frustrated and angry volunteers are being posted, has just gone private i.e. only visible to anyone in the world who wants to register on the forum site with a random username and email address.
Security geniuses.
http://compassuserguide.scouts.org.uk/forum
-
Saturday 24th January 2015 03:33 GMT Anonymous Coward
Some Questions
* Why is a database needed at all?
* Are its sponsors aware of the implications and potentially nefast consequences of hoarding personal data?
* Who is legally responsible for it and answers with his own neck if any of the data is in any way misused?
* Finally, why this unhealthy fixation with databases in the UK? Just because you can do something it doesn't mean it's a good idea.
-
Saturday 24th January 2015 09:53 GMT Dsenior
Designed by UK Gov ????
Let's think about this
Delivered late
Slow, virtually unusable at some points
cost the the earth
traps load of info it doesn't need
data entry deadline extended from the 30 of Jan to Mid Feb
is just me or are there glaring similarity with the hmrc website and entering personal tax returns online a couple of years ago
-
Saturday 24th January 2015 12:22 GMT GS Leader
Understanding the financial costs
Using the number of actual members (children and leaders) as a guide I would like to work out a per head cost of this system, based on its planning, development, delivery to date and likely future costs including any over-run and extra consultant costs (made necessary by the very defensive comments of the Scout Spokesperson). At a high level can anyone reading this forum help please?
As we are a charity we have to account to our members and also understand that we are getting value for the capitation fees we pay.
Thank you.
-
Monday 26th January 2015 10:47 GMT Qu Dawei
How often?
We hear many stories about such deficiencies in computer systems. What is the proportion of these out of the likely number of systems installed? Has the concept of testing adequately been thrown out of the window by too many, or is this some half-baked implementation of some perversion of Agile software development that is really a way of saving money on testing? Why are there no penalty clauses that penalize companies that get so much wrong, or don't go back to see if a prototype system was what the customer really wanted?
-
Wednesday 28th January 2015 12:49 GMT Anonymous Coward
It's been pulled...
At ease, everyone. Looks like common sense has prevailed.
An email was sent out today to members regarding a security issue raised by a member. As a result the system has been pulled pending an investigation by a "global provider of information security that has the world's largest security testing team at their disposal". This provided has apparently not been involved with the security work to date.
For the record, as a scout leader, I'm not a fan of the new system as it does not permit me as a volunteer to effectively manage my group in a time-efficient manner. My time as a volunteer is precious.
This will of course cause issues for our group and Scouts as we're now unable to process disclosure checks and are unable to submit our census data, which is due.
Anyway, I'll continue to use the other system that does work in the meantime!