Security Through Obscurity is now Government Policy

Ian Batten ukcrypto at chiark.greenend.org.uk
Thu, 21 Feb 2008 18:02:01 +0000 

--Apple-Mail-6--176060932
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

On the ContactPoint report:

> Mr Brennan said the report had not been published in full for  
> security reasons.
>
> "The main body of the report necessarily includes information about  
> the security arrangements for ContactPoint.
>
> "We will not, therefore, publish the full report in order to  
> minimise the kind of security risk our procedures are designed to  
> prevent."
>

As the system will be used by tens of thousands of staff in every  
LEA, RHA (or whatever they're called this week) and social work  
department in the country, keeping the security arrangements secret  
seems a trifle unlikely.

I'm in the process of 93C3ing my children's medical records and I  
have as a matter of course data refused sharing consent to their  
schools.  This latter is mostly aimed at the Connexions programme: it  
claims many benefits, but as my children can write their own names  
and count from one to ten it doesn't have much relevance to them  
(*).  But I presume that a refusal to grant DPA permission to the  
school applies to other programmes as well.  I sense subject access  
requests.

ian

(*)  The jobs database is called ``jobs4u'' , in that lower-case,  
text-speak manner of people with good degrees from our better  
institutions of learning attempting to get down wid da kids, etc.    
We have all, I take it, seen the Snoop Dogg `Don't let a mobile phone  
ruin your film' advert, but those that want to see middle-aged men in  
suits humiliating themselves by being down with kids can refer to it  
here.  If you think that `jobs4u' is a dignified name for a careers  
service then you can all, of course,  razzle-dazzle my phantasmagazzle.

ian


--Apple-Mail-6--176060932
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><blockquote type=3D"cite" =
class=3D""><p style=3D"margin: 0.0px 0.0px 11.0px 0.0px"><font =
face=3D"Verdana" size=3D"3" style=3D"font: 11.0px =
Verdana"></font></p></blockquote><div>On=A0the=A0ContactPoint=A0report:</d=
iv><br><blockquote type=3D"cite" class=3D""><p style=3D"margin: 0.0px =
0.0px 11.0px 0.0px"><font face=3D"Verdana" size=3D"3" style=3D"font: =
11.0px Verdana">Mr Brennan said the report had not been published in =
full for security reasons.</font></p><p style=3D"margin: 0.0px 0.0px =
11.0px 0.0px"><font face=3D"Verdana" size=3D"3" style=3D"font: 11.0px =
Verdana">"The main body of the report necessarily includes information =
about the security arrangements for ContactPoint.</font></p><p =
style=3D"margin: 0.0px 0.0px 13.0px 0.0px"><font face=3D"Verdana" =
size=3D"3" style=3D"font: 11.0px Verdana">"We will not, therefore, =
publish the full report in order to minimise the kind of security risk =
our procedures are designed to prevent."=A0</font></p></blockquote><br>
<div>As the system will be used by tens of thousands of staff in every =
LEA, RHA (or whatever they're called this week) and social work =
department in the country, keeping the security arrangements secret =
seems a trifle unlikely.</div><div><br =
class=3D"webkit-block-placeholder"></div><div>I'm in the process of =
93C3ing my children's medical records and I have as a matter of course =
data refused sharing consent to their schools. =A0This latter is mostly =
aimed at the Connexions programme: it claims many benefits, but as my =
children can write their own names and count from one to ten it doesn't =
have much relevance to them (*). =A0But I presume that a refusal to =
grant DPA permission to the school applies to other programmes as well. =
=A0I sense subject access requests.</div><div><br =
class=3D"webkit-block-placeholder"></div><div>ian</div><div><br></div><div=
>(*) =A0The jobs database is called ``jobs4u'' , in that lower-case, =
text-speak manner of people with good degrees from our better =
institutions of learning attempting to get down wid da kids, etc. =A0=A0We=
 have all, I take it, seen the Snoop Dogg `Don't let a mobile phone ruin =
your film' advert, but those that want to see middle-aged men in suits =
humiliating themselves by being down with kids can refer to it=A0<a =
href=3D"http://www.telegraph.co.uk/news/main.jhtml?xml=3D/news/2008/01/31/=
wsnoop231.xml">here. =A0</a>If you think that `jobs4u' is a dignified =
name for a careers service then you can all, of course, =A0razzle-dazzle =
my phantasmagazzle.</div><div><br =
class=3D"webkit-block-placeholder"></div><div>ian</div><div><br =
class=3D"webkit-block-placeholder"></div></body></html>=

--Apple-Mail-6--176060932--