So that's no CD/DVD glued up USB and FireWire slots, no floppies no card reader/writer, no insecure OS' and competent civil servants.

Yeah I can just see that happening :(

No no, Deloitte has it wrong. I distinctly remember Blunkett's pronouncement that the government's ID database would be impregnable because of "biometrics". Oh yes. No worries there.

"More positively, the review found information security had "been ingrained" within people, processes, policy development, requirements definition and architecture."

So this *particular* Government department has security "ingrained" while the rest (and HMRC in particular) appear to be clueless.

Unlikely!

...is that the government is refusing to publish the detailed findings of the Deloitte report on the grounds that if they did so people might use that information to target the database.

Clearly someone in Whitehall thinks that security through obscurity is still a reasonable argument.

Speaking as one who works in the children's services arena, I was hoping Deloitte would kill Contact Point. The concept is good and beneficial, but I fear the execution will lead to a major disaster.

Of course that's supposing Deliotte were totally impartial!

So they've nothing to fear?

More to the point, their refusal to publish the detailed findings on those grounds is a tacit admission that security is far from being "ingrained".

I can't believe you rehashed that old argument. It's been proven that Open Source products are just as vulnerable as anything else. Some people just won't let it go,

It doesn't matter how secure the database is, the data centre it's lccated in is or the network it's connected to is, if they give every numpty Tom, Dick or Harriet the keys to the door and the last I heard, they pretty much are.

Paris 'cos even she's likely to get access to the data.

Haha. Nice one. You're joking, right? Friday afternoon, have a laugh... no?

"It's been proven". Oh well that's alright then.

I can see clearly now, the brain has gone..

Now, let's just imagine the National Audit Office asks for an extract. I know it's fanciful as a scenario, but just imagine some git decides that's too much like hard work and sends the whole database.

Could be quite hot property for your average pedophile, no?

WHich reminds me, I heard this rumour about another couple of CDs. If I recall correctly this was identifying addresse where children reside. Nothing to worry about then, I guess. It will just take one hell of a good day to bury that bad news..

/// P ///

What Deloitte's should be comparing the system to is the current paper and unconnected databases that cover children's details. What are the controls on access to paper files in SW offices like? Does every access get logged and monitored and could it be controlled? Who has access to the relevant SW, police, education databases and can do searches across them for proper data matches to identify risks to children from the sort of patterns that professionals recognise? Do the benefits of that in catching abuse and risks to young people outweigh the downsides which presumably Deloitte's did identify (unauthorised use or access, elevated access, fishing exercises) that can't happen at the moment, or was this just a White Hat penetration test

Of course it's perfectly secure. Deliotte has firmly assured us that it is entirely safe for the government to pay lots and lots of money to implement the system. Most of the money going to consultants such as ... oh look, guess who.