Friday, 6 August 2010

A silver lining

I'm no great fan of the Con-Dem coalition, but they deserve some credit for hacking back the proliferation of intrusive, costly, insecure, unworkable and unnecessary databases so beloved of New Labour's Stasi Tendency. The ID Card Scheme was the worst offender, but today we can also celebrate the end of an insane project to put the details of every child in the country onto a vast database, accessible to 300,000 users. The last administration's mulish determination to continue with this madness was made all the more infuriating by the fact that plenty of people were patiently explaining in a clear, coherent manner why this was A Really Bad Idea. For example, here was Terri Dowerty, a representative for Action on Rights for Children, being consulted, but not listened to, back in 2007:
“Anyone with a basic knowledge of IT will know that it is impossible to keep a database safe and away from abuse, especially when there are a proposed 300,000 staff being given access to it."

Contactpoint will contain details about every one of the 11 million children in the country. It will list names, addresses and gender and give links and contact details to for schools, GPs, parents and other carers, such as hospital consultants and other professionals. Because it is designed to flag up children at risk, it will also show if the child has been the subject of a formal assessment on whether they need extra help.

The database will be available to an estimated 330,000 vetted users. Some of those allowed to check records, such as headteachers, doctors, youth offender and social workers, are uncontroversial, but critics have questioned why other potential users, such as fire and rescue staff, will have access to the database.

In a memorandum to the House of Lords Select Committee on Merits of Statutory Instruments, Dowerty argued that two-factor authentication does not protect the system from all outside attack, particularly as Contactpoint will be accessed via internet protocols. She pointed out that neither does it prevent careless disclosure or the unauthorised sharing of login information.

"Last year The Leeds Teaching Hospitals NHS Trust reported a 'wholesale sharing and passing on of system log-in identifications and passwords', recording 70,000 cases of inappropriate access to systems, including medical records, in one month," Dowerty said.

Via  Computeractive. Heaven knows, I don't want to see this coalition in power for five years, but if they stay in for just long enough to dismantle a bit of the database state, they'll have proved themeselves useful for something. I just hope the Labour party spend some of its time in opposition getting over its bizarre infatuation with the panopticon.