Not what you thought

November 29, 2007

Some useful clarification about the independent review of Contactpoint security on Ideal Government:

The security review announcement was already planned before the HMRC debacle, I’m told. The Minister referred to HMRC in his statement to da House but the media suggestion it is a reaction to the lost CDs is misleading.



November 28, 2007


The LibDems have added their voice to the growing clamour for Contactpoint’s plug to be pulled:

The Liberal Democrats have called for a security review of the ContactPoint database, announced today, to be expanded to investigate whether the entire project is ‘fit for purpose’.

On Monday, the Liberal Democrats called for a review of the security of the controversial online database that will hold personal details of every child in the UK.

Commenting, Liberal Democrat Children, Schools and Families Spokesperson, Annette Brooke MP said:

“It is a shame that it has taken the disastrous loss of HMRC data to convince ministers to reconsider this vast database.

“The announced review of security should be expanded to ask whether ContactPoint will actually help to coordinate children services better rather than creating another expensive bureaucratic mess.

“The ease with which local government employees can access personal details of any child in the country is only one reason why this database simply isn’t fit for purpose.”

Don’t forget to join in the chorus here.

And in all the protest about Contactpoint, let’s hope that the other national database, eCAF, doesn’t quietly slip through. A national system containing the in-depth personal assessments of 50% of children is even more dangerous.

Telling it like it is

November 28, 2007

Brian Gladman talking about the Contactpoint ‘security review’ on the No2ID message boards:

It is not possible to build a database of 15 million children’s names and addresses accessed by 330,000 users whilst also protecting the safety, security and privacy of this data. And since the minister even said: “The fundamental design of ContactPoint will not change”, we know that the only changes that could make this work are precluded from consideration already.

And if you’re asking “Who is Brian Gladman?”, he’s just another security expert whom the government ignores.

Contactpoint delayed

November 27, 2007

The latest news:

Ministers are postponing a new database on every child in England, pending a security review and changes to the system including its access controls.

Children’s minister Kevin Brennan told MPs there would be a five-month delay to the £224m system, ContactPoint.

It’s a shame the PA Newswire couldn’t get this bit right:

The database came out of the inquiry into the death of Victoria Climbie and is designed to make it easier to co-ordinate the work of different child protection agencies.

Just to reiterate the Government’s own words:

Is ContactPoint all about child protection?

No, ContactPoint is principally about supporting early intervention for the 30-50% of children who at some point in their lives need additional services to ensure they achieve good outcomes. But it will also aid communication about children identified as being at risk of significant harm.

Nevertheless the myth persists. This has to be one of the most successful pieces of spin ever devised: even when the government makes perfectly clear what some of us have been saying all along, journalists keep right on parroting the original mantra.


November 26, 2007

We’ve just remembered the report of the Lords’ Merits of Statutory Instruments Committee following scrutiny of the regulations to bring Contactpoint into being:

However, the Government have not in our view conclusively demonstrated that a universal database is a proportionate response to the problem being addressed. While the Government have taken the need for security seriously, the scale and importance of the scheme increase the risk that any accidental or inadvertent breach of security, or any deliberate misuse of the data, would be likely to bring the whole scheme into disrepute.


Moving forward

November 26, 2007

After writing about the lack of commitment from the Conservatives to scrapping Contactpoint, It’s heartening to read this:

But the Tories are calling for the scheme to be ditched. Tim Loughton, the Conservative spokesman for children, said it should be replaced by a smaller, more tightly controlled database.

There’s certainly a case to be argued for a restricted system to communicate with other authorities when a child genuinely at risk of ‘significant harm’ moves areas, especially if it’s without warning, and it makes it more likely that such a child will be noticed if the wires aren’t crowded with trivial chatter. The challenge would be to maintain security on a system that contained the details of the most vulnerable children in the country.

Now we need to hear David Cameron confirm that he would scrap the Contactpoint/eCAF schemes and dismantle all of the other systems that invade children’s privacy.

Contactpoint petition

November 25, 2007

You might want to sign this e-petition:

We the undersigned petition the Prime Minister to abandon plans to create the Information Sharing Index, a national database of all children aged between birth and eighteen.

The Information Sharing Index is the original name for Contactpoint before its re-brand.

Fake your own biometric ID

November 24, 2007


Are you serious?

November 24, 2007


Good to see this:

The Conservatives have demanded the immediate suspension of a new government electronic database containing personal details of all 11 million children in England.

Tim Loughton, Shadow Children’s Minister, has written to the Children’s Minister Beverley Hughes asking her to put the whole project on ice, amid fears about the security of the information.

But it’s not enough. The Conservatives have already said that they will scrap the ID card scheme. Now we need to hear them making the same commitment to scrapping the children’s ID scheme as well, because that’s all that Contactpoint is: it’s an identity management system.

It’s a list of basic personal information, plus public services used and the numbers that identify a child within each agency system. The details will be kept updated by feeds from the Child Benefit system, the NHS and the National Pupil Database (yes, yet another national database).

If the £multi-billion National Identity Register is unsafe for adults, then Contactpoint (with its measly little £224m budget) is not safe for children. Work has already begun on Contactpoint and by the end of 2008 the government intends to have every under-18 on it. The Conservatives need to make a decision fast about whether their stated opposition to this children’s identity register is merely rhetoric.

Recommended reading: Privacy and Data-Sharing, the way forward for public services. It’s not a difficult read, and by the end of it you will understand exactly how all the apparently different initiatives – the National Identity Register, NHS system, children’s services – link together and the rationale behind them.

Security assessment of Contactpoint

November 24, 2007

We’re not holding our breath, but:

An independent security check is to be carried out on a Whitehall database carrying details of every child in England after the loss of discs holding personal data on 25 million people, it was revealed today.

The children’s secretary, Ed Balls, ordered an external assessment of the ContactPoint system on Tuesday, as the loss of child benefit data by HM Revenue and Customs was made public.

So far, interesting. And then we get the same old mindless cut’n’paste:

The £224m computer system was set up following a recommendation of the inquiry into the death of Victoria Climbié to better coordinate work by different agencies involved in child protection.

Come on, get with the programme. Even the government has stopped pretending this is about Victoria Climbie. From their Contactpoint Q&A sheet (pdf):

Is ContactPoint all about child protection?

No, ContactPoint is principally about supporting early intervention for the 30-50% of children who at some point in their lives need additional services to ensure they achieve good outcomes. But it will also aid communication about children identified as being at risk of significant harm.

A child identified as at risk of significant harm will, of course, already have been referred immediately to social workers, as per the government’s ‘Working Together to Safeguard Children’ guidance.

I’ve just tracked down a briefing I prepared on the early plans for Contactpoint, back in 2003 when I did some work for the Children’s Rights Alliance for England.

CRAE recommends that a fully independent body be commissioned to undertake a thorough risk assessment of the data-matching system that the Government proposes to use, and that the findings are made public, before there is any further development of plans for the electronic storage and sharing of children’s information.

It’s been a long four years. At some point my hair turned grey.

Still waiting

November 23, 2007


No sign yet of the evaluation of the Integrated Children’s System.

Tick tock…14 months since it was submitted to DfES… Hmmm. They really must have hated it.

Toxic leak

November 23, 2007


Fantastic bandit cat courtesy of Kim Cameron, who also has trenchant comment on what he calls the HMRC’s Identity Chernobyl:

Meanwhile, in parliament, Prime Minister Gordon Brown explained that security measures had been breached when the information was downloaded and sent by courier to the National Audit Office, although there had been no “systemic failure”.

This is really the crux of the matter. Because, from a technology point of view, the failure was systemic.

…Isn’t it incredible that “a junior official” could simply “download” detailed personal and financial information on 25 million people? Why would a system be designed this way?

To me this is the equivalent of assembling a vast pile of dynamite in the middle of a city on the assumption that excellent procedures would therefore be put in place, so no one would ever set it off.

Meanwhile, in a parallel universe…

November 22, 2007

Proving the adage that there’s none so deaf as those who don’t want to listen, from yesterday in the Lords:

Baroness Morris of Bolton: My Lords, a basic right for a child is their right to privacy. Along with many influential voices, we have been critical of the Government’s determination to hold details, sometimes sensitive details, on every child in the country. We were told that the data would be safe in the Government’s hands but, in the light of yesterday’s announcement of the appalling loss of the child benefit details, how can parents and children have confidence in that? Is it not time for an urgent review of ContactPoint and would not the money be better spent on those children who are most in need?

Baroness Crawley: My Lords, in the context of the Question that was asked of me on the UN Convention on the Rights of the Child, one of the areas in which even critics say that we have not done badly at all as far as children are concerned is privacy and family life.

Mind the Gap

November 21, 2007


From Nick Robinson’s blog:

However, what interests me much more than any of that is the yawning gap that has opened up between what we’re told about the protection of our personal data and the reality. What is clear to me is that the public would like to see the information they provide guarded like a dangerous virus in a lab (or, after the events of this summer perhaps rather better than that). In reality, there is clearly a culture of casualness toward it which allows one man, apparently, to copy 25 million names and details onto two discs and chuck them in the post.

Except, of course, the gap isn’t new at all; it’s the noticing that’s different.

Children worry about data security

November 21, 2007


From a report released today by the Children’s Rights Director (the person responsible for all children in public care):

Children and young people are concerned that personal information held on the government’s ContactPoint database could fall into the wrong hands.

Good heavens.

If you don’t know what Contactpoint* is, it’s the children’s version of the National Identity Register with the addition of the names and contact details of every practitioner working with a child. The government has started work on building it, populating it with data from, er, the Child Benefit database (if they’ve still got any left, I guess)

*Not to be confused with the eCAF database, the National Pupil Database, the Integrated Children’s System, the Connexions Customer Information System, YIPMIS, YISPMIS… more about the full, exciting range of children’s databases on our website. If you think yer ‘ard enough, you can tackle the 2006 FIPR report to the Information Commissioner.