So the UK government has launched the new Child Database, “ContactPoint”
I obviously don’t know the specifics of its implementation (nor the generalities for that matter) but I can bet you that within a month or so, someone will demonstrate how it can be compromised. Let’s hope that someone is a professional and well-intended security expert.
I’m not a fan in principle of the movie Hackers but there is one probable kind of attack that could be carried out: the basic yet sometimes effective “oh my God [some boss] is gonna kill me if I can’t get so and so report in, gimme access to a computer…. remotely.” It’s called social engineering, and it is basically exploiting the weakest link in any security system: the human (I am not making this up – it’s stated at The Register and CNET and other sources… just do a web search)
You actually come to wonder: how much can we trust the Web when it comes to centralized databases of information? Admittedly, no system is perfect. Even without ContactPoint, many children’s lives are at risk from nearby, unscrupulous individuals – however has the government really thought out what making this information accessible on the web will do? (by “making available on the web” I mean “using technologies linked to a public network in some way no matter how seemingly insignificant”)
We already trust the internet with our money – that’s a convenience that the mass of users has accepted, by cause of convenience. Surely the secret services use internet technology to relay information from one point to another. We know for a fact that the FBI’s data centres are available to the outside world: when Gary McKinnon “hacked” various US Defense sites he alleges looking for weak security – namely computers where the password was still just “password” or plain blank.
So how’s the record for the British Government on information security? Grim.
- British tax agency loses files
- List of potential recruits lost by Ministry of Defense
- The British Council loses a few million persons’ worth of info
- A NON-encrypted hard drive from the Ministry of Defense goes missing – oh please!
I might have been generous stating that it would take a month to compromise the data. I might be disappointed in hoping it’s a security expert who exposes this. I am almost certain to be right that the weakest link will be human in nature.