Forgot your password?
typodupeerror
Government Privacy

Database of All UK Children Launched 296

Posted by timothy
from the can't-help-but-think-of-'em-now dept.
An anonymous reader writes "'A controversial database which holds the details of every child in England has now become available for childcare professionals to access. The government says it will enable more co-ordinated services for children and ensure none slips through the net. 390,000 people will have access to the database, but will have gone through stringent security training.'"
This discussion has been archived. No new comments can be posted.

Database of All UK Children Launched

Comments Filter:
  • by CantGetAUserName (565692) <(moc.liamg) (ta) (htimsdpa)> on Monday May 18, 2009 @04:49AM (#27992703)

    Knowing our government, child professionals, council binmen, accounts clerks, councillors, dog catchers and that nasty lady on the front desk who's job is purely to be unhelpful.

  • sigh... (Score:2, Insightful)

    by Shivinski (1053538) on Monday May 18, 2009 @04:52AM (#27992725) Homepage
    ...Big Brother strikes again...
  • by Tsuki_yomi (642789) on Monday May 18, 2009 @04:52AM (#27992727)
    The article doesn't seem to make any mention of removing that information when they become adults. I can see where this is going... get a database of them now, when less people are likely to complain, and then you still have the info when they are adults. Instant (well sorta) database of all your citizens.
  • not my children (Score:5, Insightful)

    by timmarhy (659436) on Monday May 18, 2009 @04:52AM (#27992729)
    if i had kids i'd refuse or give bogus details.

    if ever their was a reasonable cause to scream think of the children, this is it. and lets not forget that these kids will grow into adults, do we really believe the government will let go of that information once it has it?

  • by RichardJenkins (1362463) on Monday May 18, 2009 @04:53AM (#27992733)

    390,000 people will have access to the database, but will have gone through stringent security training.

    That's great, but having people know security through (unspecified) 'stringent training' is no guarantee it will be carried out effectively.

    Oh, and at a nearly a quarter of a billion pounds, forgive my curiosity about precisely what value this is expected provide.

    Sounds like a rabid white elephant with dangerously sharp tusks.

  • by Lonewolf666 (259450) on Monday May 18, 2009 @04:57AM (#27992749)

    390,000 are too many even if they could keep the secret. Because it is almost certain that in such a large group there are some people the information should be secret from.

  • 390.000 people (Score:1, Insightful)

    by Anonymous Coward on Monday May 18, 2009 @05:02AM (#27992773)

    I am one of them. But don't worry, I have gone through stringent security training. They will never be able to decrypt my collection of pictures.

  • by RichardJenkins (1362463) on Monday May 18, 2009 @05:02AM (#27992775)

    Well, there is already a myriad of government databases containing more sensitive information than this about everyone: NI/Income tax registers, Electoral registers, the (shudder) NHS system, Council Tax databases, birth certificates, benefits, criminal records etc.

    This database just seems to aggregate a subset of this data together for children in an easily searchable place. I don't think the government is creating and *new* information that will be interesting to search when the children become adults.

  • Re:not my children (Score:5, Insightful)

    by shabble (90296) <qkjj13x02@sneakemail.com> on Monday May 18, 2009 @05:05AM (#27992787)

    if i had kids i'd refuse or give bogus details.

    That sort of behaviour would likely to earn you a criminal record, and a marker on this database to indicate that your child is now on the child protection register (one of the groups of people for whom this database is for I'd imagine after the farce over 'Baby P.')

    And I'm not being cynical, I only wish I were.

  • by Pvt_Ryan (1102363) on Monday May 18, 2009 @05:08AM (#27992793)
    Come on you know our government is great with security. They have never ever lost a latop containing personal details of people, and look at how quiet they kept their expenses.. With security like that what can possibly go wrong..
  • by robably (1044462) on Monday May 18, 2009 @05:09AM (#27992801) Journal

    This database just seems to aggregate a subset of this data together for children in an easily searchable place.

    There's no "just" about it - that's the problem right there.

  • by Armakuni (1091299) on Monday May 18, 2009 @05:09AM (#27992807) Homepage
    And of those criminals, a significant percentage will be precisely the kind of criminals that take an interest in kids. Pedophiles naturally gravitate toward jobs and extracurricular activities where they know that they will have a lot to do with kids. How many of them are now given access to all the info they need to seek out the most vulnerable kids in their neighborhood?
  • by RichardJenkins (1362463) on Monday May 18, 2009 @05:17AM (#27992861)

    Agreed, but whilst it makes me shudder, it also belays any fears that this is a surreptitious plan to start collecting new information about kids which can be sneakily kept to provide useful information about them as adults.

  • by dugeen (1224138) on Monday May 18, 2009 @05:19AM (#27992875) Journal
    Indeed. And give them as much training as you like, it still won't stop them flogging the data to private investigators and tabloid journalists.
  • Appalling (Score:4, Insightful)

    by Fleeced (585092) <`moc.liam' `ta' `deceelf'> on Monday May 18, 2009 @05:21AM (#27992889)

    This is appalling - the "facepalm" tag is spot on. I have a great fondness for the UK, even though I've only visited once, and the people there have my sympathies for such bureaucratic stupidity. Policies like this and ASBO's of the last few years have had a disastrous effect... government is getting way too intrusive over there.

    Sadly, I think Australia is heading in the same direction, though at least the Australia Card/Access Card proposals have been shelved by the current mob (for now)

  • by redhog (15207) on Monday May 18, 2009 @05:24AM (#27992903) Homepage

    Seriously, doesn't anyone think of the children?! Please?!

  • by Timmmm (636430) on Monday May 18, 2009 @05:28AM (#27992919)

    You can't link to the daily mail and expect to be taken seriously.

  • by Joce640k (829181) on Monday May 18, 2009 @05:35AM (#27992959) Homepage

    I didn't see any mention of 390,000 secure tokens being handed out or anything on the amount of detail being kept in the access logs.

    They did implement that ... right?

    390,000 is about 1 person in 150. To me that seems far too many. And why would the records of politician's children need special "shielding" if this is secure?

  • by Anonymous Coward on Monday May 18, 2009 @05:40AM (#27992985)

    God fucking damn it, learn to use the proper fucking form of "lose" already. This fucking site resembles 4chan and Digg ever more as months pass.

  • by AnalPerfume (1356177) on Monday May 18, 2009 @05:41AM (#27992993)
    Announced to the media when the government are being hammered in the news over some other scandal. They do this all the time, the Torries before them did it too. Often they announce shit they KNOW is controversial and have no intention of actually doing just to make the press write about something else and forget the scandal they were writing about. It's the equivalent of waving a new flashy toy at a toddler to distract him so you can grab her blanky to get it washed as she won't knowingly let it go.

    As far as the cost is concerned, the government just got an influx of unexpected cash from ministers in the form of repayments, so they can afford to splurge a little on some untendered, no doubt proprietary solution provided by an IT company who spend more on lobbying than their solutions, no doubt running on Windows. They will also keep the details hidden behind a commercial confidentiality NDA excuse too.

    Labour do seem hell bent on kicked out at the next election with the added bonus of becoming unelectable, good luck to the bastards.
  • by mwvdlee (775178) on Monday May 18, 2009 @05:42AM (#27992999) Homepage

    In roughly 18 years time, these children will be young adults and they'll still have all their information.
    Add a few more decades and they'll have complete details over every child and adult simply because the children have grown old.

  • by AnalPerfume (1356177) on Monday May 18, 2009 @05:48AM (#27993033)
    Sorry to reply to my own post but /. does not have an edit feature so I had to add a new post for further points.

    The other side to this approach is that whatever one the press go for, the other gets a reasonably free ride. If the press stick with the expense abuse / fraud stories, the database / invasion of privacy story goes undetected, and most likely without any opposition; meaning the government can then claim "hey, we did our part legally and announced it, nobody complained." If they go for the database story MPs who have had their feet to the fire over allegations of fraud get breathing time to destroy evidence, practice their excuses and call in favors which may keep them in a job....or at least keep their pensions and be allowed to resign with no charges to face and their reputations intact.

    Either way it's a lose / lose for the people. Let's hope the people remember these games at election day.
  • by Builder (103701) on Monday May 18, 2009 @05:50AM (#27993041)

    And why would the records of politician's children need special "shielding" if this is secure?

    Bingo! Surely if this is so secure, MP's brats should be the seed data for the list.

  • by Joce640k (829181) on Monday May 18, 2009 @05:55AM (#27993063) Homepage

    Good idea. Every government database should start out with only politicians' data in it for six months.

  • Re:sigh... (Score:3, Insightful)

    by noundi (1044080) on Monday May 18, 2009 @05:56AM (#27993073)
    ...UK strikes again...

    Fixed it for ya.
  • Re:Already exists? (Score:2, Insightful)

    by pisto_grih (1165105) on Monday May 18, 2009 @05:58AM (#27993083)

    Such a fragmented system introduces security through obscurity, but by collating it we ensure everyone involved has the entire picture, rather than just what they need to know about the child.

    Fixed that for you.

  • Re:Already exists? (Score:4, Insightful)

    by Anne Thwacks (531696) on Monday May 18, 2009 @06:02AM (#27993101)
    the information to be contained within this database already exists in one form or another

    Yes, but the purpose of this project is to put it in a leakier sieve.

  • Why? (Score:5, Insightful)

    by atraintocry (1183485) on Monday May 18, 2009 @06:16AM (#27993179)

    No, seriously, why?

    Are children like some sort of disease that need to be tracked? Of what use is it to these "childcare professionals" to know the name of every child in the UK?

    Over time this is going to be a 1:1 census.

    What are the benefits of this that outweigh the severe risk of having all of that data in one place? It seems like once a week there's an article on here about some huge privacy violation that the UK is already finished with. And this...I don't know anymore. It's just absurd at this point.

  • Re:not my children (Score:3, Insightful)

    by digitig (1056110) on Monday May 18, 2009 @06:23AM (#27993211)

    every child gets a birth certificate (unless you do a DIY home birth maybe)

    You go to jail if you dont register the birth within 30 days and the authorities find out.

    Fixed that for ya.

  • by Warbothong (905464) on Monday May 18, 2009 @06:26AM (#27993229) Homepage

    As it stands, many database searches require a search warrant, which implies some kind of need for the search. However, the databases are so disparate that a warrant issued for, say, an NHS database will get you medical records for that person. Searching on the police database you can get their criminal record, but you need another warrant to specify why you need such information, and the same goes for the rest.

    The problem with having a centralised system is that every warrant obtained to look someone up in "the database" for reason X will allow access to everything about that person.

    It may be annoying to have paperwork to fill out which can stall legitimate investigations, but that paperwork is there to make sure they are indeed legitimate. Having a centralised system would make it legal for an agency with permission to get one piece of information (say, is this person allergic to penicillin?) to dig up ALL information on someone (criminal record, fingerprints, DNA, tax returns, etc.).

    Scary if you ask me.

  • by AnalPerfume (1356177) on Monday May 18, 2009 @06:32AM (#27993261)
    I don't have any problem with the idea of a central secure database where different agencies can access the parts of it they need to know to carry out their jobs. I think this is a great idea for efficiency.

    What I do have a problem with is that the government have a long history of expensive insecure failed IT systems which don't deliver and inevitably breach to the public via some idiot leaving a laptop on a train etc. Usually it's the same IT firms who get the contracts over and over again to profit from the taxpayer for their failures. These "solutions" are never designed for the public good, they're designed to gain political points for the party who (at least looks like providing) solutions to the Daily Mail's "won't someone think of the children!!!!" ravings.

    Given how close Microsoft are to every government this solution (like every other IT solution) will no doubt be running on Windows, so I hope part of the "training" will include "don't click on pedo.exe". Sarcasm aside, I wouldn't trust ANYTHING to Windows, let alone something which needs to be ultra secure.

    There are plenty of ways to set up databases to show / hide certain fields depending on what group permissions the user has, a lot of software has this functionality built in. Operating systems have this built in with user accounts. With the right aims, this CAN be done, I just don't trust the government or the contractors who get the job to do it right.
  • 390,000 people will have access to the database, but will have gone through stringent security training.

    Let's try being a little optimistic.

    Let's say that all 390,000 people take their duties and responsibilities as public servants very seriously. They attend the security training and try to remember everything they're taught.

    Fast forward two weeks. They all integrate the security training into their work, and form new habits: "when I open the database, I have to $SECURITY_CONSIDERATION, then click on $SAFE_OPTION and always ask IT if something smells fishy". They form habits.

    Fast forward four months. An unexpected situation pops up. They have now forgotten what they learned in security training, relying solely on their new habits which have worked perfectly well so far. They try their best to judge the security implications of their choices in an unknown situation, but they're not computer techies, so they get the answer wrong.

    As a result, security is breached.

    Anyone wants to defend a more optimistic prediction?

  • by master_p (608214) on Monday May 18, 2009 @06:38AM (#27993303)

    Watch how this plan fails spectacularly...and then they will ask to put a chip in our children...and then the adults will follow...

  • by tygerstripes (832644) on Monday May 18, 2009 @06:43AM (#27993317)

    Not directly, but I work daily with the ContactPoint project and a number of others that coincide with it.

    First: there is no opt-in or opt-out. The database is populated from a number of existing databases at a Local Authority level, and in most cases the primary source is the central Education database, which is in turn populated by schools' information systems and such. All schools, private schooling parents and similar, have a legal duty to submit this information annually in the Schools Census. It's not 100% accurate or up-to-date, but it's as comprehensive a framework as you'll find. "Refusing" or giving "bogus details" would be both very difficult and illegal.

    Second: I hate the database, its supporting systems and the gung-ho approach the DCSF (central govt dept) have employed in its implementation. It is causing more work, problems and morale-breaking long-term consequences than most of the people on this site could conceive, to front-line workers and back-office support staff alike, and I would love nothing more than to see this project and many like it (see "Integrated Children's System") abandoned in favour of implementing some of the more relevant and critical recommendations of the Lord Laming report, which is what triggered the whole debacle, but I don't expect that to happen.

    I have suspected for a long time that this was a back-door approach to a national person database, which is why I don't believe the govt will let go in spite of its inevitable breach of the Data Protection Act once the children reach the age of majority.

    My biggest criticism of the entire suite of projects is that it completely fails to address - and in fact may exacerbate - the central problem with the Victoria Climbie case that it is supposed to solve. Specifically, she was recorded multiple times on multiple databases due to poorly trained users. Even then, there were several contacts with the child that should have led directly to intervention or at least in-depth investigation, with or without additional case background, but the workers involved failed to act.

    Fundamentally, the DCSF does not seem willing or able to accept a simple truth, fundamentally understood by all IT professionals and most of the people on this site: You cannot introduce software to prevent people from making mistakes. At best you can only change the type of mistake they make.

    Most social workers are actually insulted by the systems being introduced, because they increase the administrative workload (in spite of DCSF claims to the contrary) while removing the responsibility and flexibility for workers to make qualitative assessments and trained, experienced decisions.

    Even if central government are to be taken at their word, this system is a poor implementation of a poor solution to a serious problem, and will hinder as much as it helps. If not, this is - as you suggest - an insidious approach to a wider Big Brother agenda.

  • by Pvt_Ryan (1102363) on Monday May 18, 2009 @06:49AM (#27993347)

    More than 51,000 children deemed vulnerable will have their identities and information shielded

    Kinda defeats the purpose.. :/

  • MP's expenses (Score:3, Insightful)

    by ionix5891 (1228718) on Monday May 18, 2009 @06:54AM (#27993355)

    We need a database of MP's expenses

    now that would be something...

  • by michaelhood (667393) on Monday May 18, 2009 @06:58AM (#27993375)

    Let's try another route.

    The number of IBM worldwide employees is coincidentally also approximately 390,000. [wikipedia.org]

    They have allegedly suffered many problems with internal security issues, simply due to the scale of their workforce. Whether through malice, ignorance, or simply bad luck - when you have 390,000 "targets" something will eventually go wrong.

    Simply a 1 in 10,000 employee incident ratio for the lifetime of this database would mean 39 breaches..

  • by mangu (126918) on Monday May 18, 2009 @07:19AM (#27993463)

    Most social workers are actually insulted by the systems being introduced, because they increase the administrative workload (in spite of DCSF claims to the contrary) while removing the responsibility and flexibility for workers to make qualitative assessments and trained, experienced decisions.

    That's typical of what happens every time you start automating a bureaucratic process. The problem is that responsibility and flexibility are inversely proportional to security.

    TFA cites the death of a girl named Victoria Climbié as one of the motives for creating this database. Wikipedia has a long article on her. In her first hospital admission people noticed she was badly injured but "Ruby Schwartz, the consultant paediatrician and named child protection doctor at the hospital, diagnosed scabies and decided that it was scratching that caused the injuries. She made the diagnosis without speaking to Victoria alone.[17] Schwartz later admitted that she made a mistake". It's mistakes like that that this database is trying to avoid.

    Although this database seems "big brotherish", I wish people who complain so much about it would propose alternatives. I have often seen cited the fact that children are much more likely to be abused by relatives or people who are close to them. Yet so many people are absolutely afraid of strangers. When you balance two opposite risks, it seems to me that the Cinderella stepmother is a bigger risk than the internet paedophile.

  • by HangingChad (677530) on Monday May 18, 2009 @07:30AM (#27993525) Homepage

    They all integrate the security training into their work, and form new habits:

    HAHAHAA! Wow, things must really work different on your side of the pond. Because over here, 90% of people would forget all their security training 20 minutes after leaving the meeting. Most of them will suffer through massive regulations and rules, struggling to do their job and then some contractor will walk out with millions of records on a laptop.

    Information security in most government offices involves straining out gnats while swallowing camels. Lock down workstations to the point people can barely work, but let contractors bypass all those safeguards servicing the applications. Wrap themselves around the axle stopping people from installing weather bug, and leave massive holes in other areas. The IRS has mountains of data security processes but that didn't stop them from mailing my wife someone else's tax audits. All those docs had a big banner right across the top THIS DOCUMENT CONTAINS SENSITIVE TAXPAYER INFORMATION. Name, address, date of birth, social security number, employer and income going back five years. All the computer security, all the data security processes, thwarted by some twit with an envelope and the post office.

  • Re:Pedobear (Score:4, Insightful)

    by Wowsers (1151731) on Monday May 18, 2009 @07:33AM (#27993539) Journal
    This database is disgusting, I shudder what covert paedophile in the public sector will have access to this data. It has nothing to do with protecting children, it has everything to do with fishing for information to make the ID database the government have been having a 12 year wet dream about, along with the European Union who are creating a unified European ID database. Europe is attempting to force countries without ID cards to have them, so the HONEST population can be tracked.

    Ever wonder why companies like IBM are involved in the UK ID database, they do have extensive experience in 1939-45 of tracking "undesirable people" for the then Nazi government.

    On the bright side, if there is one, private sector schools are refusing to co-operate with building this clandestine ID database. Daily Mail article [dailymail.co.uk]. Only problem is, you have to have your children in private schools for the school to show two fingers at the government.

    Private schools are refusing to provide information on their pupils for use in a controversial Government database.

    The £224million system, called ContactPoint, aims to hold the details of every school-aged child in England, including GP and parents' mobile-phone numbers, as well as a log of what services they use, such as a school nurse.

    It is estimated that this information could be used by more than one million people, from police officers to school administrators.

    Now, in the latest blow to the widely criticised database, the Independent Schools Council, which represents the private education sector, has joined critics who fear that data will not be secure and could be used improperly.

    ISC chief executive David Lyscom said: 'The only effective way to safeguard our children's data is to scrap the whole ContactPoint system.'

  • Re:Pedobear (Score:4, Insightful)

    by Tony Hoyle (11698) <tmh@nodomain.org> on Monday May 18, 2009 @08:52AM (#27994313) Homepage

    The database really already exists - got a national insurance number? It includes your date of birth & address (everyone gets sent an NI card on their 16th birthday). That's tied to the NHS database, from which you can find out medical details (although the hospital records are for the most part still not computerised).

    They're after more information, but it's not going to give anyone any information that they didn't already know. And anyway, useful to a paedophile? Paranoia much? It's far easier for them to wander down to the local primary school than hack into a government database and extract the details one at a time (basic securiy procedure says you won't be able to access more than a single record at a time, and that'll be logged anyway).

  • What would be better would be a law against politicians' information being treated differently from yours, to give them some incentive to protect you. There is nothing worse you can do to a person than make them live worse than others simply because they are different. By making their personal data more secure than yours they are putting themselves above you and declaring that they are more worthy of protection. Does their office make them more human? I would argue that it makes them less so by isolating them from the public. Further isolation can only result in more ivory tower politics...

  • Re:Oh please. (Score:4, Insightful)

    by Sandbags (964742) on Monday May 18, 2009 @09:40AM (#27995175) Journal

    So, you propose to steal the data as it's being entered in remote offices before it's uploaded?

    Well, with a web API over SSH that means you're talking about a keylogger, since any other way to steal that data requires you to have access to an application or a local dataset, neither of which exist. I really could give a crap about keyloggers, since you can already steal that data simply by hacking the PARENT'S COMPUTERS. That's nothing new, it is not an ADDED risk.

    What you're saying, in a nutshell, is that data in any form is unsafe anywhere, regardless of wether it's centralized or not. There is no answer to that, but it's also UNAVOIDABLE. The data WILL exist somehwere, it simply HAS to. (unless you're suggesting we take the entire government back to paper and secure point-to-point fax machines and throw out all the computers).

    We MUST have the data somewhere or the danger is much greater (mishandled children, lack of access to missing persons data, inability to match children to parents, inability to track troubled parents from state to state, inability to centrally documented court interactions with parents, these are all MUCH bigger problems than the risk of data theft of priomarilly useless and invaluable data!)

    If the data IS centralized, then we have a single secure repository. This provides multiple advantages. Cost (fewer servers, fewer admins, consolodiated licensing). interoperabilty (everyone's on the same code base). Audit (every access from every point is monitored, further, we can scrutinize the security level of the guest machine logging in). security by scale (big databases are on big iron, and enterprise class systems and security, scattered regional databases are on back offince machines with little or no regulated security.) Reliability (big massively redundant clusters on UNIX or OS390, not simple machines runnin Windows).

    Let's not loose sight of this fact: THIS DATA ALREAYD EXISTS, we're simpy securing it centrally under government security regulation and audit. IT'S ALREADY OUT THEiR, UNSECURE TODAY. The security can't be perfect, but it's an order of magnitude better than today. Oh, btw, most common method of access from remote sites: Citrix. go on, install a key logger in my virtual desktop image... Hack the remote PC all you want, it won;t get you into the citrix system, and even from there you still need the account credentials to log onto the internal web server...

    Again: my firm processes 7 billion medical transactions per quarter. We have thousands of tapes coming in and out of the building weekly, we have hundreds of throusands of people interacting with the medical records, processing payments, transactions, medical history files, and more, most in real time. We are under CONSTANT attack from viruses, botnets, and hackers. NEVER ONCE have we been breached. DAILY one of our systems is infected, but you can;t get the data by infercting edge systems, you have to infect the core, which is still 3 firewalls and 2 alternating operating systems away.

    Name 1 virus that can hack a Windows PC, from there hack a Citrix console, from there Hack a Redhat web server, from there hack an AIX application server, and from there hack a DB2 or Oracle database on a mainframe... and EACH SYSTEM TIER uses seperate administrative credentials! Even the best hackers in the world can't accomplish that in person, no simple bot can do it.

    Want to collect the data by infecting 1 million point systems, fine, you can ALREADY do that... We're just making a system that solves otehr BIGGER problems, without increasing the security risk level (in fact, it;s better than it is today by large margins).

  • Re:Oh please. (Score:3, Insightful)

    by Attila Dimedici (1036002) on Monday May 18, 2009 @03:27PM (#28001663)
    You talk as if the only danger is someone exporting a large subset of this data. Why would a pedophile want to do that when they can search the database where it is? Yeah, that data is all out there already, but right now, I have to find which database has the data I want and then find someone with access to it to subvert. This system puts it all in one place. Now, instead of having to hope the person I can subvert has access to the right database, I know they do. Out of 390,000 people, there are going to be a significant number who can be subverted to access that information.

Thus spake the master programmer: "After three days without programming, life becomes meaningless." -- Geoffrey James, "The Tao of Programming"

Working...