The Children Act of 2004 is back in the news with the announcement that the database to log the details of every child in the UK will cost £224 million plus another £41 million a year to operate. The Conservative party spokesman on the issue said:
"The government's nanny-state approach will do nothing to safeguard the children most at risk. We should be concentrating on the most vulnerable children who are on child protection registers, in care or in homes with a record of domestic violence.
We opposed this clause when it was proposed in the Children's Act 2004. It is bureaucratic nonsense and ID cards for children by the back door."
What's somewhat remarkable is that this law sailed through without the opposition that the ID card proposal has been facing. It suffers many of the same problems as the ID card system but just acts as another indicator of how difficult it is to politically oppose a plan with the stated aim of improving child protection, no matter how badly the actual details of the plan might, in practice, undermine that aim. The time that already stretched child care workers, police, NHS and others will have to put into bureaucratic processing of details of the vast majority of children who are not at risk, will take away from the already limited time and resources they have to work with the really vulnerable.
Remember Schneier's questions:
What problem are you trying to solve?
How well does your solution solve the problem?
If there is joined up information and communications in the case of victims and tracking those who have abused children it may make a contribution to filling the holes that might have prevented some of the tragic cases we've seen in recent years. I'm not exactly sure that a central database of the type planned will necessarily do this, given the vast array of computing systems the various branches of public services engaged in child protection actually have.
How can the system fail naturally and how can it be made to fail by someone with malign intent?
Big databases have errors. People working with the system will make mistakes. A large number of people need access to the database so it will not be secure - it only takes a small number of malign actors internal or external to compromise a large database of this sort.
What other problems does it cause?
Scarce time and resources are lost in processing details and cases of children who are not at risk. False positive and false negative errors could have serious consequences.
How much does it cost?
£224 million plus £41 million per annum apparently.
Is it worth it?
Well could these resources be more effectively invested and targetted at frontline child protection services?
Setting up a system to assume every child is a victim is similar to setting up a system to assume every citizen is a terrorist. Neither will actively tackle the serious problems to which they are allegedly addressed and may very well end up compounding them.