Feeds

DfES to build index of the UK's kids - all 11 million of them

How do you secure a multi-disciplinary information exchange system?

High performance access to file storage

Government plans for an "Information Sharing Index" identifying every child in England will be subject to trials early next year, with a full scale system intended to be live by the end of 2008. The Index, which is intended to help a wide range of workers in education, health, social services and youth offending exchange information about children, was first mooted in 2003 via the Every Child Matters Green paper, in the wake of the death of Victoria Climbié.

The Index is not an ID card scheme as such, although, as under 16s won't qualify for National ID Cards, it could be said to be helpfully mopping up the ones the ID scheme will miss. And bear in mind that all schoolchildren have unique IDs and records already. The Index does however look rather like a privacy (or worse) disaster waiting to happen, and it's not entirely obvious how the Index described by the Department for Education & Skills this week can achieve its stated purposes. According to Secretary of State for Education Ruth Kelly, it is a key part of the Every Child Matters "programme to transform children's services by supporting more effective prevention and early intervention. Its goal is to improve outcomes and the experience of public services for all children, young people and families." Kelly says that better information sharing is "essential for early and effective intervention", and adds that the Index "will provide a tool to support better communication among practitioners across education, health, social care and youth offending. It will allow them to contact one another more easily and quickly, so they can share information about children who need services or about whose welfare they are concerned."

So far, so clear. In the specific case of Victoria Climbié, failures (including communications) on the part of several organisations made a substantial contribution to the child's death. And in the broader case of children in general it is, says the DfES, important to ensure that all children have access to services such as education and health care, and to identify early "those children with additional needs which should be addressed if they are to achieve the Every Child Matters outcomes." The DfES estimates that 3-4 million children have such needs at any one time, but as we don't know which these are, that's why all 11 million children in England have to be on the Index.

The Index itself will house information relating to children in all 150 local authorities in the country, and will consist of "minimal identifying information for each child; name, address, date of birth, gender, and contact details for parents or carers... contact details for their educational setting and GP practice and for other practitioners or services working with them; and where a practitioner judges it appropriate and necessary, an indicator showing that they wished to be contacted by other practitioners because they have relevant information to share, are taking action, or have undertaken an assessment in relation to that child."

That Index will not be a casework system or provide access to individual case data, which makes that last section particularly interesting. In essence, social workers, teachers, doctors, probation officers et almay flag the fact that they have taken action or opened a case of some kind, and then other interested parties will be expected to contact them to exchange information. Therefore it will not be the case that all such actions will be flagged, nor that flagging a child's record will result in an alert being issued to all other associated professionals who may have an interest in the child. A considerable measure of proactiveness would therefore seem to be necessary for the system to work, and that would seem to leave plenty of scope for the kinds of failures the system is intended to address.

The people who have access to the Index will certainly find it helpful in that it will provide a reference of address, and contact details for all of the other people concerned with a particular child - but how many people is that, and how will access be secured? Almost certainly the DfES is not yet in a position to say how many people will be allowed access, but it will inevitably be very many indeed. Local education authorities will need access, so will teachers and social workers, yet to be identified numbers of youth workers, health workers, probation officers and, according to the DfES, the parents and children themselves, so that they can check the record's accuracy. The DfES doesn't seem to mention police access, but the police were involved both in the case of Victoria Climbié and the subsequent enquiry, so it would seem logical that they too join the list.

Access "will be through the practitioner’s existing case management systems, via a web link or, where an approved practitioner has no access to appropriate IT facilities, via another approved user who does have IT access. Clear and secure arrangements will be in place to guard against access by unauthorised users, or inappropriate use of the index by authorised users."

So large numbers of people from numerous organisations throughout the country will be able to obtain basic information about any child in the country from the Index, which will make the system extremely difficult to secure and police, even if mobile and/or remote access isn't allowed. If (or should we say "when"?) security is compromised, then it would be possible for someone to get a child's home address and phone number, and to obtain more detailed information by spoofing the contact details of the professionals who know lots more about the child, or indeed the child's parents. We trust that the DfES will provide a detailed explanation of why all of this will be impossible, before the system goes live. ®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.