Feeds

UK parents to get online check of 8m child workers records

Monumental security and privacy disaster ahoy...

Top three mobile application threats

The UK Government today announces plans for a massive data, security and privacy own goal, in the shape of the Safeguarding Vulnerable Groups Bill. The Bill, which is intended to widen and centralise the vetting of people working with children (approximately 8 million individuals), will allow (indeed, compel) employers, including parents hiring nannies and childminders, to check the records of potential employees online.

The production of the centralised (with "real time" updating) list will be a mega IT challenge of itself. Several overlapping lists (including List 99 for education, the Sex Offenders Register and the Protection of Children Act lists) currently exist, and the task of merging them leaves plenty of scope for the usual delays and disasters. And there are legal considerations which we'll go into shortly.

The big sales point for the Bill, however, is the reassurance that fast checking of an up to date central database of teachers, nannies, care and youth workers can offer to parents. Secure online access for schools is perhaps just about conceivable, given that the location of terminals and the authorised users of the system can at least in theory be severely restricted (in, erm, schools and education administration offices throughout the country - no, we don't really believe that either), but how do you handle nannies? Children's Minister Beverley Hughes (last seen in these parts letting large numbers of fraudulent visa applicants through a huge Home Office security hole) assures us that "parents for the first time will be able to check online when they're employing a nanny or a music teacher [for example]", so we have here a vast widening of both the population that is to be vetted and of those with a right and requirement to access the records. Online, instantly.

The precise extent of this widening is not yet entirely clear. According to the Department for Education "individuals, parents and families" will be "able to make an instant online check" of the "barred status" of "nannies, music teachers, care workers, personal tutors". Parents will not however be committing an offence "if they employ someone who has not been through the central vetting process". So although failing to check will be a criminal offence, this will not apply to parents, who can view the system as voluntary. Those they employ, however, may well be committing a criminal offence if they have not put themselves forward for vetting; it will be an offence to put oneself forward for work with children "or vulnerable adults" if barred from doing so, and an offence to apply for such work without already being the subject of monitoring.

Given the size and complexity of the system it will probably (inevitably?) be possible for virtually anyone to obtain information on a vetted worker quite easily, possibly without risk (as policing and auditing accesses will be a massive task). It's possible that the information that's widely available will be confined to "barred status" (i.e. it may simply report whether or not the subject is cleared for work), but that's not necessarily wholly helpful; vigilantes, for example, might conclude that being barred, or simply not registered as available, meant "paedophile".

The precise status of those on the list also has some relevance. Earlier this year Education Secretary Ruth Kelly came close to being forced to resign after the discovery that registered sex offenders can and do work in British schools. The specific difficulty here was that those on the Sex Offenders Register are not necessarily on List 99, and those on List 99 are not necessarily registered as sex offenders. List 99, which bars unsuitable candidates from work in the education sector, has a rather wider catchment area than this, while some of those on the Sex Offenders Register will be there for fairly minor offences (ill-advised sex while mutually teenage might do the trick, as might a bit of drunken mooning or flashing) which do not necessarily involve children. Nor are people always put on the register for life - some are simply there for a fixed period, after which they are removed.

The usual public outcry, however, demanded that anyone who had been on the register should never be allowed to work with children, and (subject to our being able to check the small print) Kelly appears to have bravely given in. One fairly common example scenario however serves to indicate that the small print will need to have some fancy footwork in it. In some cases (including one of the ones which caused Kelly her recent problems) suspects have elected to accept a caution and being added to the Sex Offenders Register for a period. The police view is that acceptance of a caution is effectively an admission of guilt, but cautions are frequently offered by the police in cases where they may find it difficult to prove charges conclusively. So, someone perfectly legally (we make no moral judgment, and nor does the law) accessing adult porn on the Internet could find police claiming there are traces of child porn on their computer, and do they really want to be dragged through the courts and the newspapers while protesting their innocence? So they should take the caution rather than fight the case? Particularly if, as was the situation before the baying started, that did not necessarily bar them from working. But now it does. So does the new system just hang these people? And if it does, how loud might they shout?

Some considerable time will however elapse before the new converged, real-time register of everything ships. The DfES tells us that would be employees "will apply to the CRB [Criminal Records Bureau] for a vetting and barring report. The police will provide the CRB with relevant information, including convictions and cautions so that the new independent body can make a barring decision... Applications will start the process of continuous monitoring of police information about the individual, allowing the barring decision to be changed if any new information comes to light."

The "new independent body" will be a panel set up to take the blame, er, make the decisions over who is on the list and who is not. Its ability to do so, however, hinges on the police's ability to supply the "relevant information" and to keep it up to date in real time. In order to do this, the police need to have the IMPACT (Information Management, Prioritisation, Analysis, Co-ordination and Tasking) police information sharing programme fully implemented, and this (see Spy Blog for analysis) was recently put back from 2007 to 2010. This delay was spun by the Home Office as being a consequence of the planned strengthening of the system as a response to the Bichard Enquiry into the Soham murders (where you're recall systemic failures led to the employment of a child murderer by a school). And the new Safeguarding Vulnerable Groups measures announced today, Beverley Hughes told us this morning, will deal with "all of Michael Bichard's recommendations". So conceptually it all hangs together, but they'll be stringing it together for years, and don't go putting any money on it working by 2010. ®

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.