How the gov's child protection database fails to add up

Risk-averse authorities likely to treble access

Providing a secure and efficient Helpdesk

Comment A day after yet another case of a child brutalised in its own home, despite massive intervention from a range of support services, hits the headlines, The Register takes a closer look at what the government has led the public to believe in respect of the ContactPoint database.

One "fact" that has been repeated ad nauseam by government ministers – and apparently swallowed hook line and sinker by the press – is that ContactPoint is likely to allow just 330,000 officials across England to "use" the contact details for children on the system. That total is already too high for many critics.

So we wonder what the reaction will be to the revelation that the number with "access" could top the million mark? Pay close attention to the choice of words here: government ministers have drawn a distinction between "use" and "access", which could be no more than careless use of language, or a much more deliberate misleading of the public over the scope of an increasingly unpopular project.

We have looked closely at the categories of individual that the DCSF claims will be able to access ContactPoint. These are set out in the Children Act 2004, refined by regulations published in 2007 and repeated by the Minister last week.

Using even conservative estimates of the proportion of each of the categories listed that will have access to ContactPoint, The Register comes up with a figure of just over one million. If the Department of Children, Schools and Families wishes to take issue with us, we are more than happy to share our spreadsheet model with them.

Ah yes, but surely access will only be on a "need to know" basis? We think not. There are three reasons for this.

The government case for ContactPoint is based on two arguments: first that tragedies such as the Victoria Climbié case would not have happened, had all the agencies that could have intervened been able easily to note that the child was already of concern to other agencies. The fact that this argument is wholly fallacious in the case of Victoria Climbié, who was subject to multiple interventions before her death, has never prevented ministers from repeating it.

However, the fear that this argument introduces into the equation is real enough. Managers of any body that might end up carrying the can for future failures will do all in their power to prevent being stuck with the blame. So the likelihood is that managers will err on the side of caution or (personal) risk minimisation. Better to have as many people in your department as possible able to access a child's details, than to perhaps one day have to explain why a particular child could have been saved had access been more widely distributed.

Earlier in the year, The Register looked at the numbers behind the government's proposed vetting database and came up with figures significantly higher than those put forward by government. The difference? We used the same approach, but counted those who were likely to end up being vetted in today's blame-averse culture, as opposed to those who needed to be vetted.

Second, as the government is at pains to point out, ContactPoint will pay for itself many times over in time saved by practitioners at every level. Such benefit is likely to be reduced significantly if teams have some individuals with access, and some without.

Finally, a factor that might add slightly to the final tally, is the way in which authorisation to use the system is managed. When an individual leaves their place of employment, the government guidelines suggest they should be stripped of their access to ContactPoint. We suspect, however, that where individuals are simply moved sideways, human nature will lead to some continuing to have access long after they strictly no longer need to know.

Where did the original figure of 330,000 come from? We have asked the DCSF, but at time of writing have had no answer. Our guess is that when the estimate was first drawn up, some use was made of responses to questionnaires sent out to local councils. An original survey was sent out last year, with a follow-up apparently due to be completed in September 2008.

If that is the case – and without DCSF confirmation we cannot be sure – then the estimation method may be badly flawed. Asking councils about their likely take-up of a new system nearly two years before it goes live is akin to product research that asks consumers about buying intentions for a non-existent product. It doesn't work.

Matters may be further complicated by suggestions that some individuals may need more than one log-on. This is because the system is designed so that users can only see data appropriate to their current role, which could be an issue for users with multiple roles.

Apart from the implications such an increase in numbers might have for security, there is the slight technical matter of whether the database has been designed with scaleability in mind. A system designed for 330,000 users is a very different beast from one designed for one million, and could suffer accordingly. ®

News: UK's 'secure' child protection database will be open to one million

How we reached our numbers

Our model starts with the categories that may have access to the new ContactPoint database and simply counts up from there. Before we hear cries of “that’s unrealistic”, we have also applied some very serious downward weightings on some groups, on the grounds of common sense.

We suspect our approach is different from that of the DCSF, as they will have started with Local Authority intentions – which, as experience of the Vetting Database shows, can very quickly be overtaken by events.

From the model:

Category Source UK Figure Access Assumption
General practitioners s 2 of the appropriate regs 196,814 157,451 Downweighted for England and some non-takeup – but assume about 80 per cent in total
Chiropractors As above n/a 0 We cannot believe any significant number of chiropractors will access the database
Police s.3 184,710 166,239 Slight downweight – but do we believe, in the long run this base will not be available to all officers? Also, no count included for other employees, who are included in this section
Teaching Staff s.9 767,050 153,410 Significant downweight, but given the number of categories intended to be allowed access, not unrealistic

The categories listed above are just examples of the categories drawn from our model. We have of course also included some nursing staff, social workers, midwives, health visitors - and more besides.

Where our model may actually be far too conservative is over the question of administrative staff who will have access to ContactPoint. These are included in the government guidelines, but are much vaguer than the above categories.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.