WRITTEN ON September 3rd, 2008 BY Sir Bonar Neville-Kingdom GCMG KCVO AND STORED IN Data nitwittery, Foundation of Trust, Transformational Government, What do we want?
Sir Bonar writes
I’m facing a blizzard of Freedom of Information requests from the self-appointed (and frankly self-righteous) civil liberties brigade about releasing details of the ContactPoint security review. Of course we’re all in favour of Freedom of Information to a point but there is a limit.
Perhaps I might point out:
The decision not to release any information about the ContactPoint security review was taken by an independent panel. I personally chaired ths panel to ensure its independence from any outside interests. I was of course not directly involved in the original requests, which were handled by a junior staff member.
The security of ContactPoint relies on nobody knowing how it works. If nobody knows what the security measures are, how can they possibly circumvent them? This is simply common sense. Details of the security measures will be shared only with the 330,000 accredited and vetted public servants who will have direct access to the database of children.
We’re hardly going to ask every Tom, Dick and Harry for how to keep our own data secure when, as you’re probably aware, our friends in Cheltenham pretty much invented the whole information security game. To share the security details with some troublemaking non-governmental organisation is merely to ask for trouble with the news media and to put us all needlessly at risk. The Department will not tolerate such risk and it is clearly not in the public interest to do so.
We did consider whether to redact and release any text. We concluded that the small amount of text that would result after redacting text that should not be released would be incoherent and without context. Such a release would serve no public interest.
ContactPoint is both a safe and secure system and I should remind everyone that it is fundamental to its success that it is perceived as such by parents, the professionals that use it and others with an interest in ContactPoint and its contribution to delivering the Every Child Matters agenda. Maintaining this perception of absolute “gold standard” security is why it is so important that nobody should question the security arrangements put in by our contractor Cap Gemini (whom I shall be meeting again in Andorra over the weekend).
We must guard the public mind – and indeed our own minds – against any inappropriate concerns on data security.
All this is set out on the Every Child Matters website, which includes a specific and contextual reference to the ContactPoint Data Security Review. The content has been recently updated and can be found at: http://www.everychildmatters.gov.uk/deliveringservices/contactpoint/security/
Sending out our policy thinking via the medium of a Web Site is a central plank of the “Perfecting Web 1.0” aspect of our Transformational Government strategy, which is due to be complete in 2015. If interfering busybodies have any other queries about how we propose that children in Britain should be raised and protected I would refer them t that
I might add we never get this sort of trouble from the trade association Intellect, and this is why we find them a pleasure to deal with. And on the foundation of that relationship is our track record of success in government IT projects built.
So put that in your collective pipe and smoke it, naysayers. Now is not the time to ask difficult questions. We have to get on with the job of restoring order.
5 Responses to “Security and ContactPoint: perception is all”
Hear hear! I, for one, am both relieved and delighted to hear a common-sense approach to security put forward at long last.
I learned these very same principles as a young whipper-snapper in Uttar Pradesh, trying to get into the gun cabinet which my father used to lock up so assiduously every evening. It had a fifteen-lever lock manufactured by Thrubb and Co. of Ealing, and the resulting key was so enormous the Old Man could hardly fit it into his jodhpurs without causing a social scandal. It made no difference, of course: I simply promised the punkah-wallah a bottle of father’s finest Scotch to retrieve said key from the trousers, and later disposed of a pair of pater’s Purdeys in the bazaar in exchange for a rather spirited pet monkey.
This same common sense approach has stood me in good stead ever since, and is quite good enough for the entire nation’s youth of today.
Sir Bonar,
You make great play of the fact that ContactPoint will be secure becuase no-one knows how it works. I imagine therefore that it is part of the strategy that members of the public do not know about it at all, and teachers (for example) see it only as another piece of recording and reporting for the DCSF that forms the core competence for their position as key workers. Could you outline the sophisticated communications strategy that has been used to make sure so few people have even heard of it?
Sorry, Sir Bonar, but while being a devout supporter of ID Cards etc (so I don’t classify as a self-righteous civil rights troublemaker), I have little sympathy with your complaint.
To say that you need to keep the security details “secret”, and at the same time that “only” 330,000 accredited and vetted public servants will know the details is, frankly, a farcical statement to make, and implies a basic lack of understanding as to how basic security can and should be implemented.
You are, I’m afraid, suffering the fallout from the effect of years of government “trust us…” statements, which have lost virtually all credibility with the public, not just from “troublemaking” NGOs.
This country has a long way to go to fully engage with FoI and begin to appreciate just how much it can make for better, stronger and trusted government(it took 20 years in Canada). FoI is NOT the enemy of “security”. But if the public is not able to see that the job has been done properly, trust will never be achieved.
This doesn’t mean revealing details as to how anyone can access records and personal details.
But it does mean, for starters, demonstrating how those 330,000 “accredited and vetted public servants” do NOT have unnecessarily wide and unrestricted access to ContactPoint data.
Sir Bonar’s is the voice of common sense. We experts in the ICT industry welcome the fresh, honest and rational approach he brings. The cheese-eating sandal wearers (or is that sandal-eating cheese wearers?) need to recognise that the State nationalising all aspects of our children’s personal information is the only way to safeguard our liberties. But this is not only about childen. We should also nationalise all aspects of everyone’s personal information. It is a model that we know works. And is the only way we will stop Crime, Terrorism and Other Nasty Things happening. This is why Intellect and others have long proposed that the guidance given in ISO/IEC 00001984 (author: G. Orwell) become mandatory in UK Government ICT procurement. In the meantime Sir Bonar, we collectively raise our noses from the trough to salute you.
As you say, “our friends in Cheltenham pretty much invented the whole information security game”. Not only did they invent it, they continue to offer advice on security:
Their phone no. is 01242 709 141.
May I ask, Sir Bonar, has the department taken advantage of this resource? If not, why not? If so, what were CESG’s recommendations? And have they been implemented?
A copy of their report made public might stem the flow of civil liberties complaints.
I look forward to an answer from your office soon. Although it will not come from you. It is a shame for such a distinguished career in politics to end in failure but, for you, Comrade, the darkness is at noon. The collective has no pipe. And incitement to smoke is a crime. Members of HSE’s elite commando force are even now abseiling from the roof of your office …