« UK Biobank - where are the privacy and security safeguards ? | Main | RIPA Public Consultations formally close today »

Common Assessment Framework (in)Security Architecture - would you trust this to protect sensitive data about your children ?

There is a much bigger threat to your children than even the current furore over the fingerprinting of children at school, as highlighted by the Leave Them Kids Alone
campaign, and picked up by Guido Fawkes, and some of the mainstream media.

How safe will your children's personal details and sensitive educational, medical, socia services, criminal and other records, in the hands of the bureaucracy under the forthcoming "E-enablement of the Common Assessment Framework" ?

See Action on Rights for Children's Database Masterclass blog for details of #9 The Common Assessment Framework (CAF) and the numerous other Child Databases (plural) currently under development.

This published document:

eCAF Security Architecture. Version 1.0 (.pdf)

is fundamentally flawed.

Some obvious weaknesses:


  • This may only be version 1.0 of the document, but there are huge fundamenatal mistakes or deliberate distortions, and it is nowhere nearly detailed enough.

  • The fact that even this document is not mandatory, so it does not impose a minimal set of standards on all the users and systems which will be connected to the scheme, is a huge weakness in itself.

  • It seems to gives the impression that the existing Athens system is the preferred solution, even before any proper risk assessment has been done.

  • All security measures need to be in response to a particular threat model of which there is no mention in this document.

  • Everything seems to be either at "Level 3" or at zero .
  • The no identification required for "developeres" is utterly wrong. They should at least be identified to the level of a Basic Check security clearance (not much more than the HR department of an
    approved Government contractor vouching for their name,address and employment status), but it should not be "zero".

    Is this part of a plan to allow the outsourcing of all this
    development to, say, India, like Capital plc tend to do ?

  • "Level 3" is meant to correspond with the lowest level of UK Government Protectively Marked Material classification of "RESTRICTED", which is what the Government Secure Intranet (GSI) is accredited to work at.

    This specifically means no unencrypted (using Government approved cryptographic systems only) internet access, so that blows away the "public" access via the internet handwaving, for a start.

  • Conversely, the ban on any Mobile or Working from Home access, is insane and unworkable in the 21st Century- there are ways of doing this as securely as in a Government office, but they cost money.

  • The Department for Education is wrong to think that this highest level of classification in their scheme is appropriate for "sensitive names and addresses".
    Even the Department for Work and
    Pensions and the discredited Child Support Agency, for all their other incompetence, recognises that names and addresses of battered wives and sexually
    molested children cannot simply whizz around their systems at RESTRICTED - such data needs to be at the stricter and more expensive CONFIDENTIAL level or above.

  • Even if it were true that RESTRICTED applies to most of the data on an individual record basis, it does not do so where there is the risk of bulk snooping or data copying of millions of records e.g. via a lost or stolen laptop computer. This bumps up the security requirements at least by a couple of levels.

  • The reliance on "hardware tokens" is a myth , these do not encrypt data, they only add another level of (ever changing password) - if there is a packet sniffer on the network (either run as part of their standard network monitoring tools by curious or corrupt systems
    adminsitrators) or systems are infected with viruses or trojan horse software which also sniffs out sensitive details, then the bulk of the data being transferred as plaintext will still be at risk.

  • The numbers of people mentioned in this document who will be given access to this sensitive data is truely frightening.

    Relying on "audit trails" has never prevented sensitive data held by the Government from being stolen, or copied, or leaked, or sold to newspapers or private investigators, or from being handed over to terrorists or to foreign intelligence agencies.

Would you trust the safety, security and privacy of your childrenand your family to a Database Scheme scheme like this ?

Posted by on August 29, 2006 8:22 AM |

Comments

The CAF and the Every Child Matters agenda of which it is a part, suffer from an even more fundamental flaw.

Following the Victoria Climbie inquiry and other similar tragedies there was a push to improve data "sharing" between agencies dealing with children. This, the theory goes, will prevent similar attrocities taking place in the future.

The problem is, as became clear during a debate on "Teachers TV" a few weeks back it doesn't matter how much data you're sharing (assuming, of course, it's accurate) if there's no money to pay anybody to act on it.

The Children's Index and related projects will cost hundreds of millions of pounds. How many social workers could that have paid for? How many teachers?

This is the classic example of a technicratic fix to a human problem.

Posted by: Disillusioned kid | August 29, 2006 7:48 PM

Post a comment