Contactpoint Security Misses the Point

ContactPoint, the government list of children, is live today in test areas. When it's complete, it will hold contact details for every child in the UK, with a NIN and a list of the agencies dealing with the subject.

The rights and wrongs of this are one thing, but there's a gap at the heart of the published security policy (pdf) -- they've left one point out, and it's the hard part that makes the rest work.

They're proud of the access control -- it'll be two factor and the web access won't work from just anywhere (I hope it'll be limited to registered IP addresses). Users will need to be in a role that requires access and have passed CRB checks.

But it fails, it misses the point. Apparently the designers expect there will be three hundred thousand users across the NHS, education authorities, LA social work departments, the police, courts and probation service. It seems on the low side, but just that number gives us around a thousand retirements a month. Add in all the role changes where users no longer need the access, or change employer or reporting line enough to change the origin of their entitlement and I call that around five thousand leaver events a month.

No-doubt ContactPoint has the staff to do it, but however will they hear about the leavers? We have enough difficulty finding the leavers in a few hundred users, and we have access to the payroll. It looks as though ContactPoint is going to be dependent on users or managers volunteering that they no-longer need the acccess. With all the good will in the world -- and social work departments are often very replete with ill-will -- that's never going to be anyone's top priority.

I'm not surprised they left it out. I wonder when it's going to bite.