Database of All UK Children Launched

An anonymous reader writes "'A controversial database which holds the details of every child in England has now become available for childcare professionals to access. The government says it will enable more co-ordinated services for children and ensure none slips through the net. 390,000 people will have access to the database, but will have gone through stringent security training.'"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Entries for English children arrested for racism

[XavierItzmann]

So, will they include in the database the 14-yr old Greater Manchester girl arrested for telling her teacher "can I change groups because I can't understand them?"

The others where speaking Urdu and the the assignment was "discuss."

http://www.dailymail.co.uk/news/article-410150/Schoolgirl-arrested-refusing-study-non-English-pupils.html [dailymail.co.uk]

I'd like to see the database entry for the arrested girl.

Re:not my children

[AmiMoJo]

Unfortunately every child gets a birth certificate (unless you do a DIY home birth maybe) so it's pretty hard to avoid.

Re:sigh...

[jimmypw]

Parent says to child: "no honey thats not a tatoo its an identifying barcode, it keeps you safe from undesireables."

One good thing

[squoozer]

There is only one good thing about this database: it's another cost for the Government to bare and it will require more staff to maintain it. As a UK tax payer you might think I'm mad for saying that but hear me out.

We have a rot in our country that is causing the state to grow almost totally unchecked. The people are broadly split into two camps: those working every hour FSM sends and those sponging of the state. The workers don't have time to try to change the system the spongers don't want to. The only way it's going to get better is for it to collapse under it's own weight and get rebuilt hopefully better (but probably with the same flaws).

Perhaps it seems a little defeatist of me to say this but think about it for a moment. When was the last time the people paying the tax really got a say in anything? I don't have the figures but I would bet that the largest group of non-voters are working people. Not only are they becoming a minority (government workers don't count) they are suffering exclusion problems too.

Re:Surely this can't continue forever?

[pjt33]

As far as I know, the only one who actively states they will scrap this state monitoring nonsense.

What about the Lib Dems? I know that one of their stated policies is the repeal of the Identity Cards Act.

Think of the children!!!

[damburger]

This is fallout from the Baby P incident. One tragic case of failure in social services got hammered by the media for weeks, complete with pictures of cute-now-dead toddler, and the newspapers got into full on campaign mode. The government has no choice but to respond. Our IT policy is being dictated by the emotional reaction people have to a small child being beaten to death. Rationality has truly gone out the window.

Re:My optimistic security predictions

[Sandbags]

I don't doubt that would be an issue. Training someone to work securely is complete bunk.

However, managing a massive server farm that processes 7 billion medical transactions per quarter, and stores data for nearly 1/4th of all americans and the entire military, I can say providing data security is actually pretty easy: simply architect the database in such a way as it is impossible to export the entire data set except for a few key system and DB administrators. In our DECADES of processing transactions, we have never had a breach. We're under CONSTANT DDoS and hacking attacks. Half the world is TRYING to steal our data. We have DOD, CIA, and FBI here weekly researching attempts. Not ONCE have we lost data. We ship thousands of backup tapes out of our data center every week. Not on ever lost.

Line level employees can only access a record given the key; SSN plus phone number (via routed caller ID signals, not typed in) plus pin#; SSN plus account number plus pin number; SSN plus DL plus full address, etc. Searching for records by only name, address, or SSN alone is not possible. Dumping more than 1 record at a time is not possible. There's no database app on their machines, only a web portal to an app on a server behind a firewall, that server communicates with the actually application engine on another server, and that server is firewalled off from the DB server. The app on the app server has very limited ability to access the database, only programmed queries that meet minimum validation.

For the child services dept, they would have to do searches occasionally, but even the search should only reply with a simple list, containing only 2 or 3 vlaues foe each returned result, and that list should not be exportable, and should be limited to say 100 results. End-user hacks, or data theft from the client side should be basically worthless.

If the end users can't GET to the bulk of the data, they can't steal it (or get hacked by someone who could).

A 3 tier network architecture prevents direct access to the database. Individualized user password access makes the process auditable. DB dumps can only be perfomed on the DB server directly, logged in as non-root administrators, and even those dumps should never be uses for more than migration, backup, or test lab use. Keep in mind, databases of this saze are NOT hosted on Windows boxes in some closet... They're on massive AIX Oracle clusters, or on Host systems. Those systems are not vulnerable to hacks as they have do direct outside connections, and are hardened UNIX operating environments.

Great, you've got 390,000 users. They can't get to enough of the data to steal it...
Maybe you've got about 100 developers. They use dummy data, or exports of the DB that have run through a name and SSN randomizer (we do that here). they can't steal the data.
You've got 10-20 admins who maintain and back up the server; they're all security minded highly trained IT folk, and are told their actions are audited. They're the only ones who could steal the data, but we'd know if they did and they know that too.

Where big data breaches have happened in the past is when executives have gone plugging around town with dumps from some tool to an Access database. Others have been data tape thefts, but they've been small time shops compareds to this. Even if you can steal some of my TSM tapes, where are you going to load them to get the data off??? The drives cost $25K each, not to mention hundreds of grand worth of licensing and AIX servers to control the drive. These are not some cheapo LTO tapes... and these tapes, they're logged by a librarian, boxed by paid security staff, and a chain of custody in locked tape boxes passes through 3 people before the box gets to the front door, and then it's handled by armored car... 3 of them actually, and tapes from the same tape set are allways divided across the trucks, so even knocking off a tape truck does not get you a data set that can be stolen. Oh yea, the 256bit AES encryption is a bugger too!

Re:Think of the children!!!

[damburger]

You are thinking too rationally. The UK is run on newspapers playing on peoples emotions in order to boost their flagging sales. A database would not help abused children much at all - but the government want a database and the media has given them a pretext. Logic doesn't enter into it.

Security requirements

[v(*_*)vvvv]

Fault tolerance must be less than .00000256% for such a system to be safe. That is a completely unrealistic standard.

One person is enough to compromise secrecy, and just because you can know who that is, doesn't mean you can retrieve what was already stolen.