ContactPoint goes live despite security fears

"How can they stop that?"

"The minister states the data cannot be 'downloaded', but what about Trojans that take pictures of your desktop and send those images back to base? If their security precautions don't account for that then there will be lots of people using infected laptops sending data galore on these children to malicious third parties. Not to mention the issue of simply writing the data down. How can they stop that?"

Boyd added that once the system goes live there'll be no shortage of people willing to have a crack at it.

"Two things will likely happen when the database goes live - the first is that hackers will target it simply for the challenge of accessing such supposedly 'unobtainable' data.

"Secondly, desperate ex-partners (the kind that will happily use so-called 'family keyloggers' to monitor their spouse's actions on a PC) could try to jump on this kind of technology in an effort to grab information regarding their estranged family's whereabouts, perhaps by paying blackhats to do the dirty work for them.

"Based on anecdotal tales from groups who help women abused by partners who use such tech, the husbands tend to have a good grasp of malicious programs, so it's not unreasonable to assume they'll easily find a blackhat who can help them out.

"I doubt the creators of this database have prepared for every attack vector imaginative people will come up with - it's just not possible."

Stuart Okin, UK managing director of security consulting Comsec and a foster parent for four years with knowledge of how the system works, also expressed concerns about how to prevent the leak of sensitive information in both the input and output process.

"As data is going to come from multiple sources and a variety of different systems there will be a temptation to use the lowest common transport method, such as non secure channels (e.g. CDs, unencrypted USB sticks etc.) Every input and output channel needs to be as secure as possible. In addition, data leaving the system will need to be examined. There is little that can be done to prevent a legitimate user screen printing - except to educate them in the need to securely dispose of information."

Some data may be hidden or shielded, for example the address and telephone information for those children who have been subject to physical or sexual abuse. Furthermore the database will not store case information, Okin noted.

Okin added that the sheer number of professionals allowed access to the system will become its greatest security challenge over time. Authorised users will include those working in health, education, youth justice, social care and voluntary organisations.

"Commentators have estimated that around 330,000 users could claim legitimate access to the database (upon Criminal Records Bureau check and training)," Okin told El Reg.

"With this large user base, the problem will not be the hacker or malware attack, but more potentially accidental loss or worse intentional data stealing. In addition, if ContactPoint decides to trust the authentication systems with the current local authority Case Management Systems, then the user population could be even larger and audit trails within ContactPoint would be insufficient to help with preventative abuse."

Layered security controls may limit, while not eliminating, the potential risk; but this may itself have drawbacks, Okin explained.

"The only way to secure a system like this, will be to either dramatically reduce the user population or partition the data and access to it (by role) - both of which could affect the usefulness of the system."