ContactPoint - misleading details about the alleged security of the data
The Labour Government still seems to be floundering and failing to properly reassure the public about their flawed centralised database schemes.
Here is another Written Answer to a Question published on Tuesday, about the ContactPoint national centralised database of children, re-iterates most of the points, with the same failings, as in the previous Answer on which we commented - see ContactPoint centralised national child database = Single Point of Failure - who guards the audit trail ?
The newly appointed junior Parliamentary Under-Secretary, Department for Children, Schools and Families Keith Brennan, provided some more misleading details about how the scheme is allegedly "secure", against data loss and abuse, which do not impress us very much.
4 Dec 2007 : Column 1142WKeith Brennan:
In line with best practice, ContactPoint will be routinely backed up. This will be done only by specifically identified system operators within Capgemini, with whom we have contracted for the build and initial host of ContactPoint. Two Capgemini staff will have to be present when back-ups take place. This dual control is considered best practice. The backup tapes will be encrypted, protected with a strong (complex) password and stored in a fire-proof safe in a secure room. The limited number of Capgemini staff who do have access to this data must have enhanced CRB clearance.
This implies that the backup tape fire-proof safe in a secure room is in the same physical building as the ContactPoint computer.
That might be "best practice" adequate disaster recovery resilience for, say, this blog, but not for a national scale system on 12 million children and their parents or guardians (i.e. about half the population of the country) , which is theoretically supposed to provide timely information which may be crucial in saving a child's life.
Can the Department for Children, Schools and Families really not afford off-site backup tape storage and / or off-site electronic encrypted backup copies via fast telecommunications links ? What exactly are they being charged £244 million by Capgemini for ?
There is no facility that would allow users to copy personal identifiable information to a file, other than when files need to be backed up as indicated in the last paragraph. The vast majority of users will only be able to view child data on the screen—they will not be able to extract files in a personally identifiable form.
So what ? That is not sufficient to prevent sensitive data on children from being abused or put at risk.
Is the Department for Children, Schools and Families going to pay for dedicated thin client PCs or dumb data terminals, connected via a secure ContactPoint only infrastructure, which specifically do not have any standard Screen Capture or Screen Printing capabilities ?
Back in the days of mainframe or mini-computer dumb terminals in Government offices, it was not unusual to see lots of local printers attached to such terminals to provide hardcopy screen dumps of the information from such "secure" screens - especially where the users were deliberately not given the facility to save the data to a disc or to print it out properly as part of the software application.
Today, you can buy, very cheaply, even from supermarkets, an optical scanner or combined printer / scanner with sophisticated and powerful Optical Character Recognition software, which could be used, even by amateurs, to convert screen dump printouts from ContactPoint into searchable, cross-referenced computer files.
The same technology can be used to process images of screenshots captured by dedicated digital cameras or by the increasingly high quality cameras built into the ubiquitous mobile phones, which almost all of the 330,000 users of the ContactPoint system are likely to be carrying.
Until the system is built, and has been repeatedly penetration tested, there cannot be any assurance that, like other Government systems, it is not vulnerable to rogue SQL injection attacks, or to having the unencrypted plaintext data traffic generated by legitimate users being captured, and analysed by computers sharing the network infrastructure, with standard tools used for systems adimistration purposes or from machines which have been infected with computer viruses or Trojan horse remote control software.
If the ContactPoint system is made user unfriendly enough not to allow standard M$ Windows Copy and Paste, then there are going to be lots of clerical errors as the details are scribbled onto paper by hand or mistyped into other computer systems.
As there are potentially at least 330,000 users of the system, in hundreds of organisations, in thousands of physical locations, with lots of different, multi-functional, mostly Microsoft Windows desktop or laptop PC desktop security configurations, which are not under the direct control of the Department for Children, Schools and Families, we do not believe this claim by the junior Minister Kevin Brennan who is therefore misleading Parliament and the public.