Loss of Privacy

Despite ever growing concerns over security details, the UK has gone ahead and entered the details on 11 million children into ContactPoint’s database. The database has been delayed several times over security and privacy concerns, however, after claiming the pilot project a success, every local council authority will soon have the project.

They say the long-delayed £224 project will make England’s 11million young people safer by providing a single register that can be used by all child protection professionals.

But there are concerns that the sensitive data could fall into the wrong hands, after an official review concluded that it could never be completely secure.

The program was delayed after officials admitted that the database could never be fully secured. Then, ContactPoint had some glitches over the summer and new loopholes were found, making the system vulnerable to attacks.

Children were being listed in the database under their real and adopted names, making it easier to track them down and eliminating the “shielding” that was supposed to take place to protect them. The database itself proved to be helpful to anyone who would hack the system to find out where the children lived, leaving many children at risk again.

It is also feared that police or council workers will use it to search for evidence of crime or pry into family arrangements, rather than safeguarding children.

Tim Loughton, the shadow children’s minister, said: “We are determined to protect vulnerable children from abuse, but ContactPoint would put them risk.

“Every IT system the Government touches turns into a disaster – we cannot afford to let them mismanage the personal details of 11 million children. It would be irresponsible to implement something that is such a danger to our children.”

David Laws, the Lib Dems’ children’s spokesman, added: “When it comes to child protection, professionals need to be talking to one another and not relying on simply putting data into a massive database.

“The Government has shown it can’t be trusted with sensitive data. Parents have every right to demand that their children’s personal details are not put at risk.”

The computerised database contains a record for each of the 11m under-18s living in England, containing their name, address, gender, date of birth and a unique identifying number.

It also holds information on their parents, their nursery or school, their GP and whether they have a social worker, health visitor or probation officer assigned to them. If the young person consents, it will also give details of sexual health or drug abuse counsellors.

After politicians claimed the pilot program a success, at least 390,000 people will have access to the database. These include, social workers, teachers, police officers and health care workers. They will use the database to track children in a variety of different ways.

A nurse said: “A child came into A&E [who] lied about his address as he had run away from home. I went onto ContactPoint and was able to find his correct contact details.”

Noting is noted about why the child ran away from home or why he was in the emergency room. Instead, the nurse “helped” by contacting his parents and letting him know where he was. This isn’t helpful. This is detrimental. A nurse should not be determining this information. If she knew the child had run away from home, she should have contacted the police and the right child advocate authority. Common sense should have told her this. Instead, the nurse has already relied on a database to solve the problem.

If you live in the UK, The Open Rights Group (UK EFF) has a series of 28 questions for you to answer and find out how likely it is the government has lost your private data.

Given the recent revelations, it’s likely you have some data that is now missing.

Three unencrypted laptops containing the data from over 7,000 patients were stolen in Birmingham.  What seems as a common, careless occurrence today, one of the laptops was left behind in a car, where it was promptly stolen.  Letters of apology, which do no good, were sent out to those affected.

The first laptop went missing at the premises of a Birmingham hospital in March 2006, a second was stolen in a mugging in March 2007 and the third was stolen after being left in a Trulife employee’s car in February last year.

Isn’t it nice that they are getting around to sending out letters of apology three years after the first incident?

A Trulife spokeswoman said although the laptops were password protected they had not been encrypted, and only contained “basic information” of name, address, date of birth, hospital number and orthotics appliance prescription.

That’s still enough for identity theft and to do some damage.  It’s also easy to get around passwords in the 21st century.

“The laptops did not contain any other information about patients’ personal circumstances – medical, financial, personal or social,” she added.

A thief does need this information.  They already have the person’s name, address and date of birth to find out where the person lives.  This alone would give a thief a sizable amount of information about the patient and how they could further steal from the person.

“Although the laptop in question was reported stolen on the February last year, Trulife did not discover that the laptop held data about Sandwell and West Birmingham Hospitals NHS Trust patients until October.

“After a police investigation into these thefts, the police characterised the risk of subsequent access to and use of the data as low and suggested it was more likely than not that the laptops would simply be sold for their hardware value rather than for any interest in the data that the laptops contained.”

The stupidity of the officials involved is astounding.  It takes eight months to figure out what data is on a particular laptop?  Did they not question the person who was actually responsible for the laptop what might be contained on the hard drive?  The police also haven’t a clue.  They conclude that, because something is considered a low risk that no one would attempt to use the data.    I’m sure they did sell the laptops afterward, but automatically assuming that the data hasn’t been accessed is incompetence at its worst.

Just in case you forgot, the Times Online is here to remind you of one very important fact if you live in Europe.

Every e-mail you send is stored on not only your computer but also the recipient’s machine; your internet service provider (ISP) will have one too, as will the many servers that have handled your message in its travels across cyberspace. And the government is allowed, under a European commission directive, to dip into some of that data.

Interception of Communications Commissioner, Paul Kennedy, has compiled figures for the United Kingdom in which he states that more than 500,000 requests were made last year to spy on individuals via private email and telephone records.

Each request allows public bodies to access data – which includes telephone records, email and text message traffic – but not the actual content of conversations or messages.

“It doesn’t allow you to see the content of the message or conversation. It’s about the who, where and when – the time element essentially in directed surveillance,” a Home Office spokesman said.

The vast majority of requests to snoop on people’s records were made by the police and security services.

But the report found that some were granted to council officials investigating trivial offences like dog fouling, fuelling concern that the act is being misused.

While the report is new, the stories in them aren’t.  It has been discussed many times over the past year that UK officials are abusing the system, yet little has been done.  Unfortunately, too many people believe that individual privacy needs to be sacrificed for the illusion of security.  The government is supposed to work for us, but we continually allow them to walk all over us and do as they please as they set in motion more and more controls to keep us in our place.