> The Caldicott recommendations placed restrictions on the use of the
> tracing service - why are they not enough?
(1) the experience of large databases to which many people have access
(e.g. criminal records, vehicle registrations, bank statements) is
that access to them is corruptly sold by insiders, and this corruption
is extremely hard to prevent.
Even where Caldicott-style controls are attempted (e.g. make all a
police station's criminal record enquiries go through the custody
sergeant) it doesn't work (so many people call the sergeant on the
phone or the radio for an enquiry that proper records can't be kept).
(2) computer security awareness and discipline is very much poorer in
the NHS than in the police. I just found out yesterday that at a local
hospital, people routinely log on using the passwords of junior
doctors who moved on six months ago. Also, there are no mechanisms to
perform regular penetration testing, and there's no system of security
clearances for non-clinical staff.
(3) the NHS Tracing Service database will be the only database of all
adults and children in the UK - the NI database is incomplete as it
doesn't include children and many addresses are out of date; the DVLA
ditto and omits recent immigrants; the electoral register is similar
but doesn't even have your date of birth. Other government departments
will ask for and get access - the obvious ones are the police,
customs, MI5, the immigration and naturalisation service, the social
security fraud squad, the child support agency, and the register of
sex offenders. The number of people with lawful access will snowball.
(4) It will also be immensely valuable to debt collectors, solicitors
seeking to issue writs and anybody else who needs to trace people
(from the Iranian secret police to the IRA and the Mafia). So there
will be a huge incentive for private eyes to bribe NHS staff and get
access. The number of people with unlawful access will also snowball.
I predict that once the NHS Tracing Service is taken online, we will
see one or two murders a year, and several hundred cases of serious
assualt and stalking, due to people being found through it.
I also predict that once the public understands this, a lot of people
will either give false names or dates of birth; others will simply
avoid seeking treatment. These will include not just the
`undeserving' such as delinquent dads and fly-by-night company
directors, but `deserving' cases such as battered women and people on
witness protection programmes, and `borderline' cases such as sex
offenders with psychiatric problems. If you start thinking in public
health terms, of course, the distinction between deserving and
undeserving goes away (you don't want your daughter to catch TB from
an illegal immigrant who was too scared to see a doctor).
If the government wants Britain to have a central population register
then let's see a proper public debate. This would likely result in its
not being built; if it were, it might be somewhere like the Passport
Office and under much tighter control than Caldicott proposes. We
might even follow the German model, in which the population register
for each town is kept in the `Ordnungsamt' in the town hall, and these
systems are not allowed to be networked. After all, if even the
Germans can get by without a central register, why do we need one?
Ross
PS: the tracing service also appears to be illegal as it contravenes
section 33 of the Human Fertilisation and Empryology Act. The whole
Caldicott thing is a mess. Why didn't they have anybody on the
committee who knew about computer security, or even about the law?
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|