From the absurd to the incomprehensible: incompetent firms put in charge of ContactPoint

September 12th, 2008

The Telegraph has an astonishing piece on ContactPoint: firms who have already demonstrated their incompetence are now in charge of ContactPoint:

Prisoner data loss firm allowed to work on database of every child in England

The private firm which lost the details of the entire prison population is being allowed to continue working on the controversial project to build a database of every child in England.

By Martin Beckford Social Affairs Correspondent

PA Consulting was branded “completely unacceptable” by ministers and lost its three-year contract with the Home Office after an employee mislaid an unencrypted memory stick containing the names, addresses and expected release dates of all 84,000 prisoners in England and Wales.

Its other contracts with the Home Office, worth £8million a year, are now under review.

But the firm is being allowed to continue working on the highly sensitive £224million ContactPoint scheme to create a computerised record of the names, addresses, dates of birth, parents, schools and GPs of all 11 million children in England, which has already been delayed by security concerns.

Critics said the involvement of PA Consulting – which is also working on the national ID card scheme – in the project should lead to it being scrapped completely, before any serious mistakes can be made.

There is so much wrong with this…..

Firstly, if we are to take the rationale behind the database madness at face value, why on earth are they making an ID database SEPARATE from a database of all children in the UK? It makes far more sense to keep everyone on a single database and then use access control to partition it.

Secondly, it is symbolic of the real reason why this insanity is being done; this is a way for companies to make money. This company is on a contract for ContactPoint. For certain, its contract for the ID card is separate and also worth a fortune. If this was being done efficiently, there would be one contract and not two.

This is a scam from start to finish, and none of it should have been done in the first place.

Terri Dowty, Director of Action on Rights for Children, said: “PA Consulting has been held responsible for one of the most serious data losses yet, after apparently disregarding specific instructions from the Home Office.

“How can the Government – or anyone else – possibly feel confident that children’s ContactPoint data will be safe?”

No one with a single working brain-cell does!

The Liberal Democrat Shadow Children, Schools and Families Secretary, David Laws, added: “Both the Government and now the company responsible for administering this database have proven themselves to be unreliable in safeguarding personal data.

“Serious concerns have already been raised about the security of the database. The revelation that PA Consulting Group are also involved will do nothing to reassure parents that their children’s personal details will be secure. This intrusive and costly project must now be scrapped altogether.”

And if it is not scrapped immediately, what should all the parents in the UK do about it?

This is the question that no one is asking and that no shadow minister will confront. If someone is literally attacking your child, what are you expected to do, just sit back and take it?

ContactPoint was delayed last year for a security review after HM Revenue & Customs lost CD-Roms containing the personal details of 25 million families, which concluded that the risk of a data breach on ContactPoint could never be eliminated.

At last, someone is telling the truth about this. In the light of this it is clear that ContactPoint should never be deployed and all work on it should be stopped.

Its launch was recently put back again after technical “glitches” were discovered in the software, while The Daily Telegraph disclosed that police will be allowed to trawl the database for evidence of crime among young people. ContactPoint, which will be accessible to 330,000 council workers, headteachers and social workers as well as police, had always been portrayed as a way of protecting children by improving links between professionals who work with them.

This is called feature creep. It ALWAYS happens with projects like this, as data by its nature is always valuable for more than one purpose. For example, data collected about any single activity can always be used to produce statistics of some sort; a minimum of two uses always exists. It also means that the data will ALWAYS and INEVITABLY be shared, since in order for it to be used, it has to be transferred somewhere in bulk for analysis.

The Government insists that it still has confidence in the ability of PA Consulting to carry out the sensitive work on the project, which is to include access to children’s data.

They are a bunch of computer illiterate liars who are trying to save face. That is a fact.

A DCSF spokesman confirmed: “PA Consulting is one of a number of client-side partners appointed to deliver service management to the project.

“We have confidence in PA Consulting to provide client-side services to the ContactPoint project.”

You are fools.

PA Consulting said: “PA Consulting remains confident that we can complete our work on ContactPoint.

They are delusional, and fatally over confident.

“We are one of a number of client-side providers whom DCSF has appointed to deliver specialist technical, project delivery and service management services to the ContactPoint project.

“To date no PA Consultant has had access to live ContactPoint data. In the future, access to ContactPoint data may be given to a limited number of named, security cleared and enhanced CRB checked PA consultants to carry out specific key activities (such as user acceptance testing).

And this proves that they cannot and must not be trusted. If the data is given to one named and security cleard and enhanced CRB checked PA consultant and that person has his laptop stolen with the ContactPoint database on it, then the data is out forever, full stop. No number of enhanced ‘security clearances’ or CRB checks can stop an incompetent (or unlucky) person from divulging data. The DVDRs that HM Revenue & Customs lost were lost by a CRB and enhanced security checked person and firm. This is nonsense on stilts and no one with a clue buys it for an instant.

“All access will be conducted within strict departmental audited security procedures and security procedures specific to ContactPoint. These procedures would apply equally to any other organisation who will have access to live data.”

No procedure is perfect. That is why banks still get robbed. This data will be worth BILLIONS, and as we have seen with the criminal German government who paid money to have stolen to order, the private bank details of people in Liechtenstein, there is no end that companies and governments will go to to get at valuable data. I can guarantee you that PA consulting’s offices and computers are less secure than the most secure banks; if their premises are broken into, then the Contact Point data will escape. If a hacker gets into their systems, the ContactPoint data will escape. If a careless employee is blackmailed or bribed, the ContactPoint data will escape. There is no way that they can protect this data, therefor it should not be collected and aggregated in a system like this in the first place.

PA Consulting is one of a number of companies working on ContactPoint, with most of the work being done by the IT firm Capgemini.

The same goes for Capgemini.



The following things must happen immediately with ContactPoint:

  • The database must be purged and all data dropped from all tables.
  • The backups must be destroyed, with certification and verification as far as possible, criminal penalties for failure to destroy.
  • All development contracts to fulfill work should be paid in full.
  • A new law forbidding any government agency from creating a database of children must be enacted, so that this and anything like it cannot possibly be restarted.

    I have stipulated that the development contracts should be paid in full. This needs to be done because the incredible pressure that will be put on ministers to roll ContactPoint out simply for the money will be irresistible to the weak minded ministers who have allowed this abomination to proceed this far. Vendors are the ones who came up with this and who sold this snake oil. They have powerful lobbyists and bribery machinery to make government business happen for them; essentially, they will be bribed to back off of ContactPoint.

    Finally, any firm that had been responsible for the incredible data leaks that have happened recently would be instantly fired in the business world, and there would be hellish compensation to be paid after historic lawsuits for the future damage by identity theft that would result in flagrant negligence and incompetence. Since this is a government contract however, there is no liability at all, and not only do these companies get off scott free, but they get MORE and GREATER responsibility and more money!

    I’m not making this up, as you can see….astonishing!

    The Telegraph is doing a very good job at staying on top of this; well done and thank you to Martin Beckford who is behind all of this good work.

    Leave a Reply

    You must be logged in to post a comment.