Joi Ito's Web

Joi Ito's conversation with the living web.

joipamph.jpg speak.jpg gaitomedia.jpg

Today I will be on the news at 5:30pm on TBS and 10:30pm (thanks Sakiyama-san) on Fuji TV protesting the National ID. From 1pm to 3pm today, Yoshiko Sakurai, her team and I held a rally passing out pamphlets and giving speeches in the middle of the busy shopping district of Ginza. The media was around in force today, but it is really too little too late. We've been doing this since September of last year and the day before it goes live, the media is finally focused. We will continue our struggle, but it will be harder now that the law is officially running. At least now almost everyone I meet says that they have been protesting this all along instead of threatening me that I will lose everything if I continue...

I have been interviewed several times by TV. It seems that the media is focused very much on the security of Jyukinet. I believe, that although this is very important, the bigger risk is the use of the 11 digit number in databases in the bureaucracy and the effect that this will have on the ease in which lists can be created, cross references and leaked.

The media is also discussing quite a bit, the storage on the IC card. This is practically irrelevant. What is relevant is the IC card being using to link real world transactions to databases.

The other big risk is that 11 digit number can be written down, read and distributed easily. Why didn't they use digital signatures or some sort of hash function that is not human readable?

Everyone wants me to talk about the security of the Jyukinet, and the cut the sections where I talk about the nature of identity and the concept of privacy underpinning democracy. Oh well.

With respect to the security of the network, it is important to note that the Somusho is saying that it is safe because they have firewalls and leased lines, but anyone who knows anything about computer networks know that this is not true. No network is safe. Having said that, I think it is important to focus, not on the technical issues such as firewall security, but on the fact that the safest network is a small network with the least number of users and terminals.


The news on Fuji TV will be at 10:30pm.

Thanks Sakiyama-san. I missed it. How was it? It was mostly about Yamada-san, right? Was he persuasive?


I did see a Japanese news report regarding this issue, but I did not see you, Joi. I probably saw a different report. (Seen on Japanese TV - KTSF 26 in San Francisco, Sunday evening) From what I gathered from the report, the new database stores personal data, names, addresses, dates of birth, gender and the new ID numbers for every citizen, apparently making it easier for them to obtain documents for a variety of public services and benefits.

The report did acknowledge the opinions of those who protest the scheme, but seemed to select only the most radical and paranoid of views in what seemed like an effort to marginalize those who disagreed with the plan:

"The Nazis assigned numbers to Jewish people in exactly the same way. It is extremely dangerous."

"This system treats individuals as things, not people."

Am I wrong in assuming that this system merely consolidates data that is already available to the government and to other unauthorized groups that are committed to getting it? If this is true, what security obstacles do such groups currently face? Is it possible that the new system might fortify and improve current protection of personal information?

"At least now almost everyone I meet says that they have been protesting this all along instead of threatening me that I will lose everything if I continue..."

Yes, stick by your guns. As you know, you are in very good company. Have you spoken at all to Mayor Yoshimura of Yamagata? Your technical background and knowledge, combined with his political clout and notoriety could be quite a force!

My apologies for all the devil's advocacy. :)

Best wishes.

Thanks for your comments Mike.

The media in Japan is finally covering this issue too little, too late, to small. And you're right. It is standard practice to make the opposition look extreme and trivialize it.

As you know, consolidating and matching databases that don't use the same format is very difficult. The current system will allow the government to add the national ID as a tag on all government databases including medical, criminal, FOIA requests, whistle blowing, etc. These databases are currently kept separately, but with the national ID information that is leaked (it often is in Japan) can be much more easily consolidated by government officials, organized crime or foreign governments.

Also, since the ID card will have the number on it, it is likely that there will be widespread use by commercial businesses.

This is a battle over data formats more than anything else. If I don't need to give someone my name and address when I am renting a video, borrowing a book, buying liquor, walking down the street, I would rather not.

My point is that you can have a variety of ID cards and numbers and we should use digital signatures or something so that it requires effort and approval for databases to be matched or cross referenced. Otherwise, it is likely that such data will be used to profile people in ways that damage the functioning of democracy.

The example I use is Mizuho Bank. They spend several billion dollars to merge several banks together. The still haven't gotten the system working. Of course it is "possible" to match databases, but it is so expensive and difficult that it is only done in cases where it is absolutely necessary and by people with big budgets. With an 11 digit national ID on all of the lists, any nosy person with Excel will be able to profile people.

Actually, I don't know Mayor Yoshimura. I'll try to meet him sometime...

Some coverage on
About 70 people demonstrated against the system Monday morning in front of Japan's Public Management Ministry in downtown Tokyo.

"Although we are not against the registry system in principle, we believe there are some privacy and security issues that still have not been dealt with," said spokesman Satoshi Arai of the national bar association, which has formally lodged its concerns with the government.

link text

Also a thread on slashdot . I posted a response...

And some coverage from the New York Times, by James Brooke Japan in an Uproar as 'Big Brother' Computer File Kicks In, starts with this sentence: "Japan put into operation a national computerized registry of its citizens today, provoking two un-Japanese responses: civil disobedience and a widespread feeling that privacy should take priority over efficiency." I was talking with Jane about this quote, she pointed out that Japan has some ready historical examples of civil disobedience in spite of this image of a uniform group of docile people. Anyhow, nice to see the protests are getting more coverage than the system. And I'm glad you are posting your firsthand accounts Joi, and engaging in arguments here.

But wait!
After all, this new National ID in Japan does not seem much different from the Social Security # they have in the US. And, although I am not very familiar with the US situation, it never seemed to have caused major problems to Americans so far. So what's the big deal if the same is done in Nippon?

Secondly, to me, the problem is not that the Government creates a National ID (it seems very difficult to prevent anyway). IMHO the problem is more of HOW and for WHAT this National ID will be used. If, in the future, you have to give your National ID when you buy a train ticket, book a hotel, a flight etc... then it puts your privacy at risk in that 'THEY' can know where you are at any moment in time. But if its use is limited to Social Security, welfare payments, ward office business, unemployment registration etc... then it seems it could actually be beneficial for everyone, and limit the amount of paperwork on both sides. So depending on how you look at it (how it is being used), a National ID could be a terrible or a really positive thing.

ok just my humble view on the subject. Great blog Joi, and many thanks for this site!

Hi Oliver. There are several major differences between the Japanese national ID and the SS# situation in the US.

1) The SS# was originally supposed to be used for tracking social security. It became more widely used and recently has been pushed back a bit. In the 70's congress stopped a movement to make ID cards with the SS# on it. There is a deliberate effort in the US trying to keep SS#'s from being used widely. (Mostly failing.) Japan already has plans to use their national ID widely and from next year, physical ID cards with the number on it will be distributed which will cause the number to proliferate more quickly. There are already draft plans for the ID card to be used in hospitals, libraries and many other paces. Did you know that some hospitals have begun genetic testing on donated blood?! As you know, the national ID in the Homeland Security Bill in the US was scrapped and a privacy officer recommended by the House. Also, there appears to be resistance to linking drivers licence DB's. Obviously, people don't like this. Japan is trying to build a system that other countries are trying to work their way out of...

2) The SS# is also a bad idea, but I think it was started way before computers and before people worried about these things. Today, we have technologies such as digital signatures and hash functions that would not be human readable, but could achieve much of the same functionality.

3) There is no law in place or a watchdog group to watch the Japanese government. In the US, congress and other entities watch over the privacy issues of its citizens. Japan is notorious for leaking information and abusing power. Currently, they track FOIA requestors, whistle blowers, subscribers to radical newsletters, etc. Much of this information leaks and is abused by gangster and commercial enterprise as well as government. The 11 digit national ID will make such databases much more liable to be compromised.

4) Japanese citizenship registry is much more secure and accurate. In the US SS#'s are not trusted THAT much and you don't automatically get one. In Japan, my registry can trace me back all the way for many generations and we have been in the same home for 800 years or so. People are much more tracable and family backgrounds have much more impact on your freedom. Very different from US birth certificates. Also SS#'s are not given to infants like the Japanese National ID.

5) The Japanese privacy law that is being contemplated does not give any privacy rights to dead people. Therefore, profile can be done aggressively for your ancestors and dead family. A departure from the EU privacy directives....
So, I'm not against neworks or digitizaton of government processes. The problem is, there is no privacy law, privacy commissioner, privacy technology educated developers or even a basic understanding of privacy on the part of the politicians or the bureaucrats. I want a to freeze the project until we can have a public debate and a thorough technical review of the architecture.

I will be repeating myself, but privacy underpins demcracy, especially as we get more and more networked. We should be moving AWAY from centralized databases, not towards them...

PS Thanks for commenting. This blog is much more interesting with debate. ;-)

Justin, true, civil disobedience is not very Japanese. The media and the government are pretty good a marginalizing civil disobedience as noted above. Even though this is quite a complicated matter and difficult to explain, I think that the spate of scandals recently and the variety of people currently protesting is giving our movement strength. We have former police, defense, left-wing, right-wing, artists, journalists, etc. all protesting.

I want to add to comments of Joi-san.

6) In the next stage, the Japanese government wants to create Public Personal Certification Service. This is a X.509 PKI service. Each prefecture has a certificate authority for all citizens, and prefectural cerificate authories are linked by a bridge CA. The Japanese goverment and local governments come to identify all citizens online.

I don't say that X.509 PKI is generally bad. Many administrative services will need to identify the user over the Inetrnet. But Japanese governments and local governments will overuse it.

Taku Kajiwara, Governer of Gifu Prefecture said on TV on the same day that Joi-san apeared on Fuji TV,

"When Public Personal Certificate Service starts, I can discuss with citizens of our area online. Members of `Civic groups' often come from elsewhere."

Here, if he want to exclude people not in the prefecture, he should only verify that one lives there, but he wants to know who says what.

That's interesting Sakiyama-san. Thanks. Gifu is protesting against the protests, right?

I don't know whether there are active protesting groups in Gifu, but Mr. Kajiwara supported Soumusho and the usage of Jyuki-code as National ID.

Most (not all) governers welcome Jyuki-net, because prefectures did not have Basic Residential Registry data before Jyuki-net starts.

But Gifu is special. Mr. Kajiwara was a member of Basic Residential Registry Network System Conference held by Ministry of Home Affairs in 1996. After the conference published its report, he was eager to create a trial version of Jyuki-net in Gifu, and it was achieved in 1998. More details are described in
"Privacy Crisis" written by Takao Saito in 1999. In Privacy Crisis, Mr. Kajiwara said that the discussion on the National ID issue could not achieve a consensus forever and he simply ignored a need for a consensus.

Format still very rough, but we just launched a National ID protest blog in English.