Slashdot Log In
Database of All UK Children Launched
Posted by
timothy
on Mon May 18, 2009 03:44 AM
from the can't-help-but-think-of-'em-now dept.
from the can't-help-but-think-of-'em-now dept.
An anonymous reader writes "'A controversial database which holds the details of every child in England has now become available for childcare professionals to access. The government says it will enable more co-ordinated services for children and ensure none slips through the net. 390,000 people will have access to the database, but will have gone through stringent security training.'"
Related Stories
Submission: Database of all UK children launched by Anonymous Coward
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
390,000? Yeah, right (Score:4, Insightful)
Knowing our government, child professionals, council binmen, accounts clerks, councillors, dog catchers and that nasty lady on the front desk who's job is purely to be unhelpful.
Re:390,000? Yeah, right (Score:5, Funny)
and that nasty lady on the front desk who's job is purely to be unhelpful
Computer says noooooo...
Parent
Re:390,000? Yeah, right (Score:5, Insightful)
Parent
My optimistic security predictions (Score:5, Insightful)
390,000 people will have access to the database, but will have gone through stringent security training.
Let's try being a little optimistic.
Let's say that all 390,000 people take their duties and responsibilities as public servants very seriously. They attend the security training and try to remember everything they're taught.
Fast forward two weeks. They all integrate the security training into their work, and form new habits: "when I open the database, I have to $SECURITY_CONSIDERATION, then click on $SAFE_OPTION and always ask IT if something smells fishy". They form habits.
Fast forward four months. An unexpected situation pops up. They have now forgotten what they learned in security training, relying solely on their new habits which have worked perfectly well so far. They try their best to judge the security implications of their choices in an unknown situation, but they're not computer techies, so they get the answer wrong.
As a result, security is breached.
Anyone wants to defend a more optimistic prediction?
Parent
Re:My optimistic security predictions (Score:5, Insightful)
Let's try another route.
The number of IBM worldwide employees is coincidentally also approximately 390,000. [wikipedia.org]
They have allegedly suffered many problems with internal security issues, simply due to the scale of their workforce. Whether through malice, ignorance, or simply bad luck - when you have 390,000 "targets" something will eventually go wrong.
Simply a 1 in 10,000 employee incident ratio for the lifetime of this database would mean 39 breaches..
Parent
Re:My optimistic security predictions (Score:5, Insightful)
They all integrate the security training into their work, and form new habits:
HAHAHAA! Wow, things must really work different on your side of the pond. Because over here, 90% of people would forget all their security training 20 minutes after leaving the meeting. Most of them will suffer through massive regulations and rules, struggling to do their job and then some contractor will walk out with millions of records on a laptop.
Information security in most government offices involves straining out gnats while swallowing camels. Lock down workstations to the point people can barely work, but let contractors bypass all those safeguards servicing the applications. Wrap themselves around the axle stopping people from installing weather bug, and leave massive holes in other areas. The IRS has mountains of data security processes but that didn't stop them from mailing my wife someone else's tax audits. All those docs had a big banner right across the top THIS DOCUMENT CONTAINS SENSITIVE TAXPAYER INFORMATION. Name, address, date of birth, social security number, employer and income going back five years. All the computer security, all the data security processes, thwarted by some twit with an envelope and the post office.
Parent
Re:My optimistic security predictions (Score:5, Interesting)
I don't doubt that would be an issue. Training someone to work securely is complete bunk.
However, managing a massive server farm that processes 7 billion medical transactions per quarter, and stores data for nearly 1/4th of all americans and the entire military, I can say providing data security is actually pretty easy: simply architect the database in such a way as it is impossible to export the entire data set except for a few key system and DB administrators. In our DECADES of processing transactions, we have never had a breach. We're under CONSTANT DDoS and hacking attacks. Half the world is TRYING to steal our data. We have DOD, CIA, and FBI here weekly researching attempts. Not ONCE have we lost data. We ship thousands of backup tapes out of our data center every week. Not on ever lost.
Line level employees can only access a record given the key; SSN plus phone number (via routed caller ID signals, not typed in) plus pin#; SSN plus account number plus pin number; SSN plus DL plus full address, etc. Searching for records by only name, address, or SSN alone is not possible. Dumping more than 1 record at a time is not possible. There's no database app on their machines, only a web portal to an app on a server behind a firewall, that server communicates with the actually application engine on another server, and that server is firewalled off from the DB server. The app on the app server has very limited ability to access the database, only programmed queries that meet minimum validation.
For the child services dept, they would have to do searches occasionally, but even the search should only reply with a simple list, containing only 2 or 3 vlaues foe each returned result, and that list should not be exportable, and should be limited to say 100 results. End-user hacks, or data theft from the client side should be basically worthless.
If the end users can't GET to the bulk of the data, they can't steal it (or get hacked by someone who could).
A 3 tier network architecture prevents direct access to the database. Individualized user password access makes the process auditable. DB dumps can only be perfomed on the DB server directly, logged in as non-root administrators, and even those dumps should never be uses for more than migration, backup, or test lab use. Keep in mind, databases of this saze are NOT hosted on Windows boxes in some closet... They're on massive AIX Oracle clusters, or on Host systems. Those systems are not vulnerable to hacks as they have do direct outside connections, and are hardened UNIX operating environments.
Great, you've got 390,000 users. They can't get to enough of the data to steal it...
Maybe you've got about 100 developers. They use dummy data, or exports of the DB that have run through a name and SSN randomizer (we do that here). they can't steal the data.
You've got 10-20 admins who maintain and back up the server; they're all security minded highly trained IT folk, and are told their actions are audited. They're the only ones who could steal the data, but we'd know if they did and they know that too.
Where big data breaches have happened in the past is when executives have gone plugging around town with dumps from some tool to an Access database. Others have been data tape thefts, but they've been small time shops compareds to this. Even if you can steal some of my TSM tapes, where are you going to load them to get the data off??? The drives cost $25K each, not to mention hundreds of grand worth of licensing and AIX servers to control the drive. These are not some cheapo LTO tapes... and these tapes, they're logged by a librarian, boxed by paid security staff, and a chain of custody in locked tape boxes passes through 3 people before the box gets to the front door, and then it's handled by armored car... 3 of them actually, and tapes from the same tape set are allways divided across the trucks, so even knocking off a tape truck does not get you a data set that can be stolen. Oh yea, the 256bit AES encryption is a bugger too!
Parent
Re:missing tag? (Score:5, Funny)
Parent
Re:missing tag? (Score:5, Funny)
Some drunken bureacrat left it in a taxi.
They left it on a train, but claimed the money for a taxi when they did their expenses.
Parent
Pedobear (Score:5, Funny)
(just a matter of when)
Re:Pedobear (Score:5, Funny)
mysql -u pedobear -p password -P 3306
> SELECT * FROM underage_children ORDERBY date_of_birth DESC;
Parent
TDIUWP (Score:5, Funny)
This Database Is Useless Without Pictures.
Parent
Re:Pedobear (Score:5, Funny)
> SELECT * FROM underage_children ORDERBY date_of_birth DESC;
Error: 1337 (PARTYVAN): Why don't you have a seat over there?
Parent
Re:Pedobear (Score:4, Insightful)
Ever wonder why companies like IBM are involved in the UK ID database, they do have extensive experience in 1939-45 of tracking "undesirable people" for the then Nazi government.
On the bright side, if there is one, private sector schools are refusing to co-operate with building this clandestine ID database. Daily Mail article [dailymail.co.uk]. Only problem is, you have to have your children in private schools for the school to show two fingers at the government.
Private schools are refusing to provide information on their pupils for use in a controversial Government database.
The £224million system, called ContactPoint, aims to hold the details of every school-aged child in England, including GP and parents' mobile-phone numbers, as well as a log of what services they use, such as a school nurse.
It is estimated that this information could be used by more than one million people, from police officers to school administrators.
Now, in the latest blow to the widely criticised database, the Independent Schools Council, which represents the private education sector, has joined critics who fear that data will not be secure and could be used improperly.
ISC chief executive David Lyscom said: 'The only effective way to safeguard our children's data is to scrap the whole ContactPoint system.'
Parent
Get them while they are young. (Score:5, Insightful)
Re:Get them while they are young. (Score:5, Insightful)
Well, there is already a myriad of government databases containing more sensitive information than this about everyone: NI/Income tax registers, Electoral registers, the (shudder) NHS system, Council Tax databases, birth certificates, benefits, criminal records etc.
This database just seems to aggregate a subset of this data together for children in an easily searchable place. I don't think the government is creating and *new* information that will be interesting to search when the children become adults.
Parent
Re:Get them while they are young. (Score:5, Insightful)
There's no "just" about it - that's the problem right there.
Parent
Re:Get them while they are young. (Score:5, Informative)
You do understand the difference between giving information willingly and having it forced out of you?
If people want to tell everyone when they sit on the can, their biz. But don't expect me to tell you.
Parent
not my children (Score:5, Insightful)
if ever their was a reasonable cause to scream think of the children, this is it. and lets not forget that these kids will grow into adults, do we really believe the government will let go of that information once it has it?
Re:not my children (Score:5, Insightful)
if i had kids i'd refuse or give bogus details.
That sort of behaviour would likely to earn you a criminal record, and a marker on this database to indicate that your child is now on the child protection register (one of the groups of people for whom this database is for I'd imagine after the farce over 'Baby P.')
And I'm not being cynical, I only wish I were.
Parent
Re:not my children (Score:5, Funny)
Parent
I work with this database (Score:5, Insightful)
Not directly, but I work daily with the ContactPoint project and a number of others that coincide with it.
First: there is no opt-in or opt-out. The database is populated from a number of existing databases at a Local Authority level, and in most cases the primary source is the central Education database, which is in turn populated by schools' information systems and such. All schools, private schooling parents and similar, have a legal duty to submit this information annually in the Schools Census. It's not 100% accurate or up-to-date, but it's as comprehensive a framework as you'll find. "Refusing" or giving "bogus details" would be both very difficult and illegal.
Second: I hate the database, its supporting systems and the gung-ho approach the DCSF (central govt dept) have employed in its implementation. It is causing more work, problems and morale-breaking long-term consequences than most of the people on this site could conceive, to front-line workers and back-office support staff alike, and I would love nothing more than to see this project and many like it (see "Integrated Children's System") abandoned in favour of implementing some of the more relevant and critical recommendations of the Lord Laming report, which is what triggered the whole debacle, but I don't expect that to happen.
I have suspected for a long time that this was a back-door approach to a national person database, which is why I don't believe the govt will let go in spite of its inevitable breach of the Data Protection Act once the children reach the age of majority.
My biggest criticism of the entire suite of projects is that it completely fails to address - and in fact may exacerbate - the central problem with the Victoria Climbie case that it is supposed to solve. Specifically, she was recorded multiple times on multiple databases due to poorly trained users. Even then, there were several contacts with the child that should have led directly to intervention or at least in-depth investigation, with or without additional case background, but the workers involved failed to act.
Fundamentally, the DCSF does not seem willing or able to accept a simple truth, fundamentally understood by all IT professionals and most of the people on this site: You cannot introduce software to prevent people from making mistakes. At best you can only change the type of mistake they make.
Most social workers are actually insulted by the systems being introduced, because they increase the administrative workload (in spite of DCSF claims to the contrary) while removing the responsibility and flexibility for workers to make qualitative assessments and trained, experienced decisions.
Even if central government are to be taken at their word, this system is a poor implementation of a poor solution to a serious problem, and will hinder as much as it helps. If not, this is - as you suggest - an insidious approach to a wider Big Brother agenda.
Parent
Re:not my children (Score:5, Informative)
You go to jail if you dont register the birth within 30 days.
Parent
Knowing vs practising (Score:5, Insightful)
390,000 people will have access to the database, but will have gone through stringent security training.
That's great, but having people know security through (unspecified) 'stringent training' is no guarantee it will be carried out effectively.
Oh, and at a nearly a quarter of a billion pounds, forgive my curiosity about precisely what value this is expected provide.
Sounds like a rabid white elephant with dangerously sharp tusks.
This Will End Badly (Score:5, Interesting)
Re:This Will End Badly (Score:5, Insightful)
Parent
Surely this can't continue forever? (Score:5, Informative)
http://lpuk.org/ [lpuk.org]
I stumbled across this website last year. It is a very small (at present) political party. As far as I know, the only one who actively states they will scrap this state monitoring nonsense.
Hopefully, some of the other parties will realise that people don't want to be monitored, and there are votes to be had out of it.
Obligatory quote (Score:5, Funny)
Melchett: Now, I've compiled a list of those with security clearance, have you got it Darling?
Darling: Yes sir.
Melchett: Read it please.
Darling: It's top security sir, I think that's all the Captain needs to know.
Melchett: Nonsense! Let's hear the list in full!
Darling: Very well sir. "List of personnel cleared for mission Gainsborough, as dictated by General C. H. Melchett: You and me, Darling, obviously. Field Marshal Haig, Field Marshal Haig's wife, all Field Marshal Haig's wife's friends, their families, their families' servants, their families' servants' tennis partners, and some chap I bumped into the mess the other day called Bernard."
Melchett: So, it's maximum security, is that clear?
Blackadder: Quite so sir, only myself and the rest of the English speaking world is to know.
Entries for English children arrested for racism (Score:4, Interesting)
The others where speaking Urdu and the the assignment was "discuss."
http://www.dailymail.co.uk/news/article-410150/Schoolgirl-arrested-refusing-study-non-English-pupils.html [dailymail.co.uk]
I'd like to see the database entry for the arrested girl.
Re:Entries for English children arrested for racis (Score:5, Insightful)
You can't link to the daily mail and expect to be taken seriously.
Parent
Re:Entries for English children arrested for racis (Score:5, Informative)
http://news.bbc.co.uk/1/hi/england/manchester/6047514.stm
Good enough?
Parent
Appalling (Score:4, Insightful)
This is appalling - the "facepalm" tag is spot on. I have a great fondness for the UK, even though I've only visited once, and the people there have my sympathies for such bureaucratic stupidity. Policies like this and ASBO's of the last few years have had a disastrous effect... government is getting way too intrusive over there.
Sadly, I think Australia is heading in the same direction, though at least the Australia Card/Access Card proposals have been shelved by the current mob (for now)
Think of the children (Score:4, Insightful)
Seriously, doesn't anyone think of the children?! Please?!
Simple solution ! name your child one of these: (Score:5, Funny)
Syntax error
Test ignore
Null value
And my personal favorite:
rm -rf
Re:Simple solution ! name your child one of these: (Score:5, Funny)
If they allow special characters, mine would be named ;drop table *;
Parent
It's the usual political flamebait (Score:5, Insightful)
As far as the cost is concerned, the government just got an influx of unexpected cash from ministers in the form of repayments, so they can afford to splurge a little on some untendered, no doubt proprietary solution provided by an IT company who spend more on lobbying than their solutions, no doubt running on Windows. They will also keep the details hidden behind a commercial confidentiality NDA excuse too.
Labour do seem hell bent on kicked out at the next election with the added bonus of becoming unelectable, good luck to the bastards.
Re:It's the usual political flamebait (Score:4, Insightful)
The other side to this approach is that whatever one the press go for, the other gets a reasonably free ride. If the press stick with the expense abuse / fraud stories, the database / invasion of privacy story goes undetected, and most likely without any opposition; meaning the government can then claim "hey, we did our part legally and announced it, nobody complained." If they go for the database story MPs who have had their feet to the fire over allegations of fraud get breathing time to destroy evidence, practice their excuses and call in favors which may keep them in a job....or at least keep their pensions and be allowed to resign with no charges to face and their reputations intact.
Either way it's a lose / lose for the people. Let's hope the people remember these games at election day.
Parent
Children now, everybody later (Score:4, Insightful)
In roughly 18 years time, these children will be young adults and they'll still have all their information.
Add a few more decades and they'll have complete details over every child and adult simply because the children have grown old.
Why? (Score:5, Insightful)
No, seriously, why?
Are children like some sort of disease that need to be tracked? Of what use is it to these "childcare professionals" to know the name of every child in the UK?
Over time this is going to be a 1:1 census.
What are the benefits of this that outweigh the severe risk of having all of that data in one place? It seems like once a week there's an article on here about some huge privacy violation that the UK is already finished with. And this...I don't know anymore. It's just absurd at this point.
Re:Why? (Score:4, Informative)
Over time this is going to be a 1:1 census.
In conjunction with e-borders [privacyinternational.org], yes.
Parent
One good thing (Score:4, Interesting)
There is only one good thing about this database: it's another cost for the Government to bare and it will require more staff to maintain it. As a UK tax payer you might think I'm mad for saying that but hear me out.
We have a rot in our country that is causing the state to grow almost totally unchecked. The people are broadly split into two camps: those working every hour FSM sends and those sponging of the state. The workers don't have time to try to change the system the spongers don't want to. The only way it's going to get better is for it to collapse under it's own weight and get rebuilt hopefully better (but probably with the same flaws).
Perhaps it seems a little defeatist of me to say this but think about it for a moment. When was the last time the people paying the tax really got a say in anything? I don't have the figures but I would bet that the largest group of non-voters are working people. Not only are they becoming a minority (government workers don't count) they are suffering exclusion problems too.
Same government with an 86% infection rate (Score:4, Informative)
Bear in mind folks that this is the same government who admit to an 86% infection rate *each year* among the 5,000 odd computers used at Westminster:
http://www.theregister.co.uk/2009/05/15/mp_malware_leak_risk/ [theregister.co.uk]
Yes, that's 4,300 infected machines a year, with 400 hit badly enough that they get cleaned manually (and I hope to god manual intervention means wipe and start again, but I doubt it somehow).
So, that's a nigh on certainty that the login details for the database are already well known to 3rd parties then...
Re:Database hits gnutella in 3 ... 2.... 1 (Score:5, Insightful)
390,000 are too many even if they could keep the secret. Because it is almost certain that in such a large group there are some people the information should be secret from.
Parent
Re:Database hits gnutella in 3 ... 2.... 1 (Score:5, Insightful)
I didn't see any mention of 390,000 secure tokens being handed out or anything on the amount of detail being kept in the access logs.
They did implement that ... right?
390,000 is about 1 person in 150. To me that seems far too many. And why would the records of politician's children need special "shielding" if this is secure?
Parent
Re:Database hits gnutella in 3 ... 2.... 1 (Score:5, Insightful)
And why would the records of politician's children need special "shielding" if this is secure?
Bingo! Surely if this is so secure, MP's brats should be the seed data for the list.
Parent
Re:Database hits gnutella in 3 ... 2.... 1 (Score:5, Insightful)
Good idea. Every government database should start out with only politicians' data in it for six months.
Parent
Re:Database hits gnutella in 3 ... 2.... 1 (Score:5, Insightful)
Watch how this plan fails spectacularly...and then they will ask to put a chip in our children...and then the adults will follow...
Parent
Re:Och nooo! UK is not England! (Score:5, Funny)
shhh, ya great jessie, ye'll gee the gam awa'
Parent
Re:will not prevent anything (Score:5, Funny)
A database is worth little unless you implant a small tracking device in all you wish to track, and monitor constantly.
Finally, someone offering a workable solution.
Parent
Re:Already exists? (Score:4, Insightful)
Yes, but the purpose of this project is to put it in a leakier sieve.
Parent