One of the ironies that popped up on the Today Programme this morning was a press release from the UK data protection commissioner, warning teenagers about the dangers of exposing personal data online and announcing a probe of Facebook (which also has other issues elsewhere., more on that later).
Wahaha. You have to laugh. In a week when the government lost the personal details of millions of Britain’s children, that’s a bit rich.
There might be worse to come though,. HM Reveniue and Customs’ (former proprietor Gordon Brown) current problems with IT could pale into insignificance when it comes to some of the cockups over children’s private data that’re waiting in the wings.
Take the government’s long planned child information policy for instance. Called ContactPoint, it’s touted as an integrated information sytem that will enable schools and other oganisations to work together to protect at-risk children. No more Victoria Climbies – who could be against that?
ContactPoint was previously known by the working title of the ‘information sharing index’. It is a key element of the Every Child Matters programme to transform children’s services by supporting more effective prevention and early intervention.
ContactPoint is one of a range of tools that will help services work together more effectively on the frontline to meet the needs of children, young people and their families.
It sounds innocuous enough, if well-meaningly vague. So what is it and what does it do? It’s it a massive database of every single child in Britain, containing:
- Basic identifying information for all children in England (aged up to 18): name, address, gender, date of birth and a unique identifying number.
- Basic identifying information about the child’s parent or carer.
- Contact details for services involved with the child: as a minimum, educational setting and GP practice, but also other services where appropriate.
- A means to indicate whether a practitioner is a lead professional and if they have undertaken an assessment under the Common Assessment Framework.
[My emphasis.]
This database includes fingerprints, already being taken from children nationwide,encouraged and subisdised by the central government, and is to be accessible only to ‘practitioners’:
Access will be restricted to authorised users who need it as part of their work. This will include those working in education, health, social care, youth offending and some voluntary organisations
Some voluntary organisations? Who? Where? Why? And who the hell is an authorised user? A doctor? a nurse? Someone who helps at the local playgroup? Some anonymous, low-paid clerk in your local council’s social services department? The one who lives down the road fron you and gossips with the bloke in the newsagents on the way to work?
From the text it seems a ‘practitioner’ is an ‘authorised user’ – but I note the government is careful not to specify what an ‘authorised user’ actually is.
Who are they? Who authorises them? The document promises criminal records checks – but remember what a dog’s breakfast they made of the crimnal records database? It does not inspire confidence.
When you start to think through just how many people could potentially access this information you realise just how many potential points of leakage there are (and although it does not contain casefiles files still will be flagged) the heart sinks. It’s an accident just waiting, no, itching to happen:
Authorised users will be able to access ContactPoint in three ways – through:
- A secure web link
- Some existing case management systems
- Another authorised user (where appropriate IT is unavailable)
Wherever possible ContactPoint will be automatically updated from existing systems, avoiding the need for practitioners to enter information on a separate system. It will not be possible for an authorised user to access case management systems or to see case data held by another agency on ContactPoint.
[My emphasis again]
That hardly matters when the minor functionaries of local authorities and a range of unaccountable quasi-autonomous agancies have been given the power to snoop into our bank acoounts, email traffic, car and electoral registrations, credit cards, medical records, library use and all manner of other personal data virtually at will.
ADDITIONAL RELEVANT PUBLIC AUTHORITIES FOR THE PURPOSES OF SECTION
25(1) OF THE REGULATION OF INVESTIGATORY POWERS ACT 2000Government departments
1. The Department for Environment, Food and Rural Affairs.
2. The Department of Health.
3. The Home Office.
4. The Department of Trade and Industry.
5. The Department for Transport, Local Government and the Regions.
6. The Department for Work and Pensions.
7. The Department of Enterprise, Trade and Investment for Northern Ireland.Local authorities
8. Any local authority within the meaning of section 1 of the Local Government Act 1999.
9. Any fire authority as defined in the Local Government (Best Value) Performance Indicators Order 2000.
10. A council constituted under section 2 of the Local Government etc. (Scotland) Act 1994.
11. A district council within the meaning of the Local Government Act (Northern Ireland) 1972.NHS bodies in Scotland and Northern Ireland
12. The Common Services Agency of the Scottish Health Service.
13. The Northern Ireland Central Services Agency for the Health and Social Services.Other bodies
14. The Environment Agency.
15. The Financial Services Authority.
16. The Food Standards Agency.
17. The Health and Safety Executive.
18. The Information Commissioner.
19. The Office of Fair Trading.
20. The Postal Services Commission.
21. The Scottish Drug Enforcement Agency.
22. The Scottish Environment Protection Agency.
23. The United Kingdom Atomic Energy Authority Constabulary.
24. A Universal Service Provider within the meaning of the Postal Services Act 2000.RIPA 2000 allows for authorisations (as distinct from warrants for telephone-tapping) and the serving of notices by “a person designated” include the following grounds:
a) “in the interests of national security”
b) “for the purpose of preventing or detecting crime or of preventing disorder”
c) “in the interests of public safety”
It wouldnt take much to marry up the data. Think of what an abusive ex-husband or stalker would give to get their hands on that.
But apparently Gordo doesn’t think that the safety of the natiion’s children is worth its own secure stand-alone system, built from the ground up and inaccessible to all but those most closely involved directly with the child.
No, that would cost money more usefully spent pursuing pointless wars, so what we’re getting is another cobbled-together mongrel of a thing, full of bugs and holes.
The blithe assertion that they can successfully integrate and update a patchwork of different systens in national and local government, independent trusts and charities would be have been laughable even without this week’s events, given the government’s abysmal record with IT projects and data security. The thing that really worries me about ContactPoint is off in the future, though: this system is supposed to track and protect children, defined as those under 18. But what happens to their data when they’re 19? Does it get destroyed? Somehow I doubt it…
It’s too easy to get sucked into looking at just the nuts and bolts of the project, though those are interesting and shocking enough. The real question is what is ContactPoint actually for, and why?
All this past week, despite having had the evidence of their own incompetence staring them in the face, the government has still insisted that it’s not the end for the ID card scheme. Why are they so sanguine?
There’s a reason: they know damned well that it doesn’t matter a jot if Brown has to shelve current plans, because our children are having an ID card sytem imposed upon them by stealth, under the guise of their own protection.
When viewed in that light, it’s difficult not see the loss of the CDs containing the personal details of 25 million parents and children as less of a bureaucratic bungle and more of a policy decision, a deliberate and cynical softening up exercise. Those with little trust in New Labour might even see it as an act of information terrorism against its own electorate.
The HMRC debacle could actually work in Gordon Brown’s favour. If their childrens’ current identity details are compromised, how much more likely are parents, perfectly understandably wanting to protect their children from fuure fraud or personal harm, to turn to a verified fingerprinted government ID as the defintive proof of their children’s identity? There, conveniently, is ContactPoint, ready to fill the void.
No, surely not. Surely a British government wouldn’t be so cynical as to make all curent forms of identification worthless so it could bring in ID cards by the back door, would it? Would it?
JoeBuddha
November 24, 2007 at 9:58 amSo, you’re saying you’ll have most of the population tagged with fingerprints, names, complete history, and ID’s, and possibly DNA (you never know) within the next fifty years or so? Sounds like a potential dictator’s wet dream!