Recently in Japanese National ID Category

As I've blogged before, I spent years fighting the Japanese national ID system, pushing for a 3 year moratorium on the bill to allow privacy and security to be fully considered before rolling the system out. Even though our movement had majority support among politicians, the public and even the media, the system rolled out "because it would have caused too much confusion to stop it," according to one senior policy oriented politician. Afterwards, I had a choice of either continuing to protest a running system from the outside, or work on the inside trying to point out issues and watch over the deployment. I ended up on various government oversight committees where I have continued to point out issues and still argue that they should shut the current system down.

To my surprise, my hometown Mizusawa has the second highest proliferation of the national ID cards at 10% and hosted our Ministry of Internal Affairs and Communications study group today. As the local government officials discussed their system proudly, I felt some pain as I pointed out some of the risks. They knew that I was local so they asked my support for their initiative in that local family style... Scenes from The Godfather cross my mind. It reminded me a bit of the scene in Godfather II during Michael Corleone's trial where they bring the brother of key witness Pentangeli from Sicily to the hearing. All it takes is one look from the brother to change the Pentangeli's position. OK. It's wasn't that bad, but it reminds me of the same thing.

My family has been building and running schools in the town for the last three generations and we just rebuilt our nurse school, which at some point I will have to "run". Until recently, our family funded the schools, but now relies partially on government support. As with most semi-public endeavors in small towns, it requires "community support." Thus The Godfather reference above.

After the study group meeting at City Hall, I visited our family grave. I took a look at where my name will at some point be etched as the 19th family head of the Ito family. I took the opportunity to grill my uncle a bit more about the specifics of our history since I'll be the custodian of this information at some point. I also had him collect up various family history documents. It appears that the first Ito, moved into our current home about 400 years ago and was some kind of union of a 25th descendent of Emperor Kanmu, the 50th Emperor (we're on #125 now), and Kawatari Fujiwara. I can't understand the old-fashioned Japanese text to understand the details of the arrangement. I believe Kawatari Fujiwara was from the Fujiwara family that lived in our region until they were defeated around 400 years ago. The only thing left from this period of the Fujiwara estate/castle is a golden pagoda and mummies in Hiraizumi. Anyway, the story I heard from my mother was that after their defeat, the survivors fled and started their own families in the region, and took the character "Fuji" from "Fujiwara" and changed their names to "Saito", "Goto" and "Ito" which all use "Fuji" character for the "To" part of the names. Anyway, I'm not positive about the details so I better find out more before I have to take over the family and my children start asking me all kinds of questions.

As always, staring at the place on the gravestone where my name will be etched along with all of the previous family members makes me feel like a mere blip in history and is humbling and strange.

Today was the City of Yokohama Committee for the Protection of Identification Information Committee meeting. I was appointed to this committee in 2003 in the wake of their decision to allow their citizens to opt out of the Japanese Basic Resident Code database. I was reappointed again today. I joined a number of these government committees to try to help protect rights, prevent stupid decisions and change bad laws, but I am increasingly frustrated by the Japanese bureaucracy and the ability to cause any change through these committees. (Although local government committees are clearly more sincere than central government committees.) I think part of it is because I am spending more and more time outside of Japan where board positions or public debate appear to have more direct effect. Generally speaking, Japanese government committees allow you to say what you feel, but it is very unclear exactly what effect what you say has. (One exception was when I think I did permanent damage in a committee to the stupid idea of Japan trying to do a version of the Clipper chip when it was in vogue in the US.)

The meeting today was open to the public and there was one reporter and two citizen observers. The city officials reported on the status of the system. 836,654 or 23.78% of the people are opted out of the system and only 15,503 people have asked to be issued national ID cards. After the report, we were asked to discuss issues generally.

My opinion was that because of all of the commotion that we made around the security issues of the system, the security of the core system itself is fairly good, but the local government networks that it connects to are still a mess. Also, my main concern has always been the risk of the data being collected and abused OUTSIDE of the core network and these issues have not been addressed. There have been some fraudulent cards, but major crimes have not been committed. I warned that this is because barely anyone is using the network. If the government comes up with some useful application for the ID system, I'm sure fraud will increase. I also pointed out that at this level of usage, it can't be making any financial sense for the local governments who have installed and are running the system. Yokohama is one of the largest cities, but in small towns, there are still only dozens of users. I added rather bluntly that considering the cost and the potential risk because of the ill-conceived architecture, I still think they should shut the whole thing down and start from scratch building something useful using modern privacy technology to address specific needs rather than continue to use this expensive and pointless system. The system was basically a product of the e-Japan initiative to make Japan #1 in IT and fuel it with government spending. Of course building a national ID system would be a great way to spend a lot of money. Anyone who has run a business knows, that you shouldn't invest good money after bad. Just because it cost a lot to build doesn't mean we need to keep investing.

I doubt, of course, that my opinion will change anything, but at least it's on the public record.

Ejovi was prevented from giving his talk by the Japanese Ministry of Internal Affairs and Communications. Ejovi did the security audit on the local government system connected to the Japanese National ID system (Jyukinet) for the prefecture of Nagano. I audited his audit and wrote an opinion for Governor of Nagano last December. It does suck that they blocked is talk, which I think would have been fair and balanced as Ejovi says. However, I can easily imagine the government taking a hard stance on this considering all of the trouble they are having controlling the spin. Anyway, welcome to my world Ejovi. Ejovi, if you really want to give this talk, I think you need to do it with some political backup like Nagano or another local government.

Two years ago I marched in protest against the Japan National ID. Last year, after we failed, a few cities and prefectures resisted. Yokohama took the position that the bill was illegal because it required privacy protection and the privacy bill had not passed. They allowed citizens to opt out and an whopping 24% of their citizens opted out. Now that the privacy bill of the central government is in place, Yokohama is being forced to "normalize" with the central government. Last year, I accepted an appoint to the Yokoyama personal information protection committee which would oversee their integration of the national ID system with the hope that I could help them in their resistance. Today, almost a year after the first meeting, I spent the afternoon in what was basically a rubber stamp session. We voiced our opinions, but at this point there really wasn't much choice. These inquiry committee are constitutionally defined organs for people to interact with the law making process, but I felt more like a cog with a rubber stamp than a participant in a democracy.

The governor of Nagano ordered an security audit of their network with a focus on the Basic Residents Registry system of the central government. I was asked to take a look at the audit and provide a 3rd party opinion. Since I am on the central government panel working on the security of the Basic Residents Registry, my letter has become a bit controversial and apparently my phone is ringing off the hook right now in Tokyo. Lucky for me I'm in the US...

I'm not looking forward to returning to Tokyo.

The central government denies security problems and I am going to have to deal with this when I return to Tokyo...

The audit is not yet completed and my audit of the audit is an opinion based on incomplete information. I will be meeting with both sides when I return to Tokyo and will probably be required to write another opinion after the final results of the audit have been submitted and I have heard the arguments from the central government.

Mainichi reports some of this in English

Here's the letter.

Had a meeting today with Yoshiko Sakurai and and other members of the anti-Jyukinet (National ID) "movement" this morning. I have been working with Sakurai-san and this group since September 2001. A lot has happened since then. We first tried very hard get a moratorium on the deployment before operation began. We got a great deal of support, but in the end operation began. Several local governments and prefectures resisted on the basis that there was a clause that privacy must be assured and the privacy bill had not been passed. A very watered down and poorly written privacy bill was passed and several anti-Jyukinet local governments lead by Yokoyama decided to participate in Jyukinet with a opt-out clause. There are still some local governments which are resisting, but such resistance is getting more and more difficult. Although we were able to raise privacy concerns when we were at the peak of our rallying efforts, people clearly do not feel too strongly about privacy issues generally.

Today we discussed a new angle that appears to be more convincing to many local governments. The cost of deploying the system is very high considering limited benefits. Although the central government says that they only spent $400M or so, it appears that it really cost more like $700M. In addition, there is a fairly substantial burden on the local governments. Although we would like people to think of things in terms of social cost and privacy risk, the more simple message is whether it is worth spending all of this money on a system which is supposed to be used only for receiving local government services. This message may be easier to spread.

I am in a somewhat awkward position right now. After the deployment began, I realized that it would be difficult to stop the system. While Sakurai-san continues to protest Jyukinet quite vocally and support the few local governments who are opposed to Jyukinet, I have started working within the system trying to educate the bureaucrats and trying to head of any new projects that might increase the risk. I am meeting regularly with "both sides" trying to figure out the most effective way to reduce risk. It is important that Sakurai-san continue to be vocal so that people continue to pay attention to the issues, but God is in the details. I am becoming immersed and inundated with the details. For example, early on in the process, I told the central government that they needed to educate the vendors and the local governments about privacy. I was soon presented with an "opportunity" to lecture local governments and vendors about privacy. Thanks... It's becoming physically and mentally quite difficult to continue this effort since it has very little to do with my "day job", but it's also very difficult to disengage since there are so few of "us".

Someone please help me... I wish we had EPIC in Japan. OK I'll stop wining...

Yesterday, I gave a talk to approximately 150 IT vendors who will be installing the national ID systems at the local government offices and will the the "privacy advisors" to the local governments.

Almost a year ago, I was handing out leaflets and protesting with a megaphone in Ginza to try to stop the national ID. Then the bill passed and I joined the oversight committee for the national ID to try to increase their awareness of security and privacy issues. Then I started working with the local governments who "opted out" of the national ID. Now that the system is in place full swing, I am working hard to increase the awareness of the people who will be installing and training the people who are in charge of one of the weakest links in the system, the point of entry into the database. At the same time, I am working on educating the ministry and the awareness in the public so that we can prevent "function drift", or the use of the national ID # beyond the scope of its original intent, which is to use it only for government services.

I am supportive of my colleagues who are still working on protesting the system and local governments resisting it, but I am focusing my attention on future systems that the government is planning to implement and to try to do what I can to improve the security and privacy of those systems that have already been deployed or will imminently be deployed.

Mayor Nakada officially appointing me to committee member. I was one of the people who recommended the Mayor to the WEF to be chosen as a GLT. He became a GLT this year. At 38, he is one of the youngest mayors in Japan.

Today was the first meeting with the Mayor of Yokohama and the committee for personal information protection. I wrote about it before here. I was happy to finally meet the 4 other committee members who turned out to be very smart and a good variety of backgrounds. One human rights expert, one lawyer, one law professor, one computer security professor and me.

Now that the privacy bill looks like it is going to pass, we deliberated about a variety of things, regarding what Yokohama should do after it passes. We also talked about what to do about the 845,000 people who opted out of the national ID. Currently they are going to send a type of deletion record to the central government, but I pointed out that this list is also information about the people who opted out and in fact is maybe even worse if you consider the fact that this list could be used to profile the people opting out. I suggested that we try to come up with some sort of technical option for the people who opted out of the national ID that would let them benefit from Internet enabled local government services without registering for the national ID.

The Yokohama City government also noted that data for the people who opted out was created during the trial and that in fact they all actually had national ID's even though the opted out. The local government has asked the prefectural government and the central government to delete these records, but they have not complied.

This committee will not have a regular meeting schedule or formal output style but will meet as needed on an ad hoc basis as issues arise to deliberate on.

I was just appointed committee member of the Committee for the Protection of Identification Information for the City of Yokohama. I was appointed by Hiroshi Nakada, the mayor of Yokohama. Yokohama is one of the most active opponents of the Japanese Basic Resident Code system and has made it optional for the residents of the City of Yokohama. Mayor Nakada argues (rightly) that the current Basic Resident Code law is illegal because there is not sufficient privacy protection as originally mandated in the law. This argument is quite valid until the privacy bill passes. The privacy bill is being deliberated in the Diet at this moment. I believe, and have said publicly, that this privacy bill currently being drafted is too strong on business and too lenient on bureaucrats and would not constitute strong privacy vis a vis the issue of National ID.

Currently of the 3,450,000 residents of Yokohama, 845,000 people have opted out of receiving national ID's. When the privacy bill passes, it is likely that Yokohama will have to hook its network up to the national network. Yokohama has passed a local bill and created this small committee of five people to advise the mayor who has made it clear in the bill that Yokohama would disconnect their local system from other prefectures and the national system in the event that there was evidence of privacy failures in the system. The bill states that the mayor will seek the advice of the committee to judge whether such privacy breaches have occurred and what they should do about it.

The press conference just ended so there is no press yet, but I will provide links if there is any press coverage.

Mayor Nakada is 38 year old, young for a Japanese mayor. He was selected as a Global Leader for Tomorrow by the World Economic Forum this year.

Recently banks began allowing people to use their basic resident ID code as a method of identification for opening bank accounts. This is exactly the "function creep" that I had been warning against and protesting in my activity against the basic resident ID code. I received a letter a few days ago from the director of local governments in charge of the basic resident ID code reporting that they have contacted the banking community and notified them that their activity was illegal and they should cease. (Sorry about the delay. I contacted him to make sure I could post a copy of the letter he sent me.) Yes! Nice job Inoue-san. If the Ministry of Public Management, Home Affairs, Posts and Telecom and continue to take a strong position to preventing the use of the national ID beyond the original scope and stick to the law that they drafted stating such, it would be a great thing that could let them turn all of the negative publicity of the national ID into positive publicity. I hope they stick to their guns and prevent other Ministries from using the basic resident code.

Many of my skeptical friends warn me to be wary, but I have to applaud positive acts for what they are. This was a great first step.

So here's an update on my activity in protesting the National ID in Japan.

Japan Times

The Japan Times Online Microsoft to reveal source code to Japan, which has eyed Linux

Microsoft Corp. will disclose the source code of the Windows operating system to the Japanese government in line with the government's e-Japan project, company officials said Wednesday.

I recently made a public comment on the record at the oversight committee for the National ID about Microsoft and trying to get them to open up the source code. I wonder if this had any effect. I guess we must all have had an effect. I assume many people have been saying this. It's a great step forward, even if it is just MS trying to keep Linux out.

So yesterday's discussion with Hiroo Yamagata and Lawrence Lessig went well. It was a lot of fun and I think a constructive discussion. Hiroo was in good form. But he usually is... in person. ;-) He had written something negative about Mr. Ikeda in the afterward of translation of "The Future of Ideas" and had gotten in a dispute with Mr. Ikeda. He had just finished the battle and I guess they have both gotten over it now. Maybe Hiroo was just tired from that. I do generally agree with Hiroo's position, although maybe not the way he said it. I think Mr. Ikeda and others had inferred that Larry was against privacy policies. In a mailing list Mr. Ikeda had said that my efforts to stop the National ID were futile and that we didn't have any privacy anyway. The struggle for privacy is a struggle of data structures and can be achieved without destroying the end-to-end nature of the Net. It think it is simplistic to equate privacy with control of the Net. I just finished reading Hiroo's English translation of his afterward. It's quite good. He should post it on the Net.

Hiroo Yamagata

Freedom is supposed to be a good thing. People say Communism died and Freedom prospered, so freedom should be good. But when you ask these people to explain the actual benefits of freedom, hardly anyone can give you a meaningful answer. This isn't (necessarily) because they are stupid. It's because freedom itself doesn't do anything. Freedom is just an environment that allows you to do something.

Roger Clarke, one of my favorite privacy experts and the person I learned the notion of separation of "entities" and "identities" has written a paper about the problems with ENUM. I wrote about ENUM when Australia announced their initiative. I am on a mission to make sure that Japan doesn't try to link ENUM with the national ID...

Roger Clarke

From: Roger Clarke
Subject: Glitterati: ENUM: Case Study in Social Irresponsibility

I've just finished a paper on a proposed Internet scheme that will have extremely serious implications if it's implemented:

ENUM - A Case Study in Social Irresponsibility
http://www.anu.edu.au/people/Roger.Clarke/DV/enumISOC02.html

As always, constructively negative feedback much appreciated.

Abstract

ENUM is meant to provide a means of mapping from telephone numbers to IP-addresses: "today, many addresses; with ENUM, only one", as its proponents express it.

Any such capability would be extremely dangerous, providing governments, corporations, and even individuals, with the ability to locate and to track other people, both in network space, and in physical space. The beneficiaries would be the powerful who seek to manipulate the behaviour of others. It would do immense social, sociological and democratic harm.

The astounding thing is that the engineers responsible for it are still adopting the na・e position that its impact and implications are someone else's problem. With converged computing-and-communications technologies becoming ever more powerful and ever more pervasive, engineers have to be shaken out of their cosy cocoon, and forced to confront the implications, along with the technology and its applications.

Contents

Introduction
Outline Description of ENUM
The Context
Implications of ENUM
Responses by the ENUM WG
Conclusions
References

--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/

Facing off with the bureaucrats..

Sorry I didn't blog anything yesterday. I've been in overdrive this week with Jun (my chairman) in town and a continuous stream of extremely early morning meetings... Jun was mentioned I that I was spending too much time on this non-work-related stuff. He's right... Anyway...

Yesterday, I started the day with a meeting of our anti-national ID group. I reported on my thoughts of how we should connect the privacy movement with the whistle blower protection law. Since I had the second National ID security oversight committee meeting later in the day, I wanted to get an update from everyone on where things were. One of the things that many of the local governments were asking for was the right to allow their citizens to choose whether they use the National ID system to receive local government services. The ministry had been telling them that that this was not possible. Also, there were some comments that the government was planning to use an extended National ID number as a tax tracking number, which currently is not allowed under the law.

Later in the day, I attended the committee meeting. I made several points. Since they are using Microsoft Windows out-of-the-box, I mentioned that the recent ruling by the DoJ against MS had a clause that made me worried that maybe the US government might include some malicious code in Windows. (There is a clause that says, "any API, interface or other information related to any Microsoft product if lawfully directed not to do so by a governmental agency of competent jurisdiction." Dan writes about it.) Even if they do not, I mentioned that Japan should make an effort to get MS allow us to do a security review of Windows and possibly swap some modules that we do not feel good about. I mentioned that China has successfully made demands on Microsoft and that China was working on desktop Linux for the government.

I told them that should not use the local government ID as the taxpayer ID and that it should be a separate, and hopefully a non-human-readable number.

I mentioned the whistleblower protection bill I was working on and that we should consider building in anonymity and pseudonymity into the law. I said that I thought people should be allowed to anonymously receive clarification on laws and procedure and that they should be allowed to pseudonymously receive guidance and counseling on issues before "going public" with their case, for instance.

Finally, I asked why numbers could not be "opt-in" for the local government ID. I did not receive a satisfactory answer and said that I would like them to explain this to me "off-line".

I had asked Gosuke to ghost write a short article for the Tokyo Shimbun (newspaper) based on a discussion with me. It was about the problems with the National ID. (I DID review it.) Then, I was asked to write an blurb in a book about the National ID so I asked Gosuke to add some more of my thoughts to the aritcle and we gave it to the publisher. Before I knew it, with the mere contribution of a 2 page ghost-written article, I was the co-author of the book, my name on the front of the book as if I had done something important. Luckily, the co-author is Yoshiko Sakurai who I respect deepy. All of the royalties go to the protest movement. So, I guess some people are trying to make sure I don't look too co-opted by the government. ;-)

Now I'm sitting on a panel sponsored by the government about security. The panel is focused on the security of government networks. I am sitting on the far left and the guy in favor of the national ID is sitting on the far left. I just talked about the importance of privacy and the fact that privacy is different from security. I talked about how privacy is not only a right of citizens, but a necessary element for demcracy. I talked about how the OECD guidelines for privacy were written before the Internet and that we needed to look at the future. I talked about Roger Clarke's distinction between entity and identity and the fact that Privacy Enhancing Technologies can make the same networks much more robust from a privacy perspective and that this was a different way of thinking about architecture than just security...

Chris Goggans (aka Erik Bloodaxe) spoke yesterday. I wish I could have heard him. I heard it was a good talk. He is the one that got me invited to this panel. Pretty funny. One of the most famous hackers from American invites me to a government sponsored panel in Japan...

The mic cables look shielded... I wonder if I can stay connected even when I talked on the mic...

So here I am sitting in the "Research and Development Venture Project Team" worrying about my Foma card intefering with the microphone again... They call it a team since it probably seems more "venture-like" than a "committee" but it is in fact a government committee. I THINK that this committee was mostly initiated through meetings that I had with the Minister of Education, Science and Technology Koji Omi after I gave a talk at the committee on business, academic and government cooperation. It was a very "high level" committee and I thought that it wasn't practical enough. Minister Omi eventually dissolved the former committee and worked with us to set up a new one. This committee was set up to involve more people actually involved in trying to promote high tech ventures. Minister Omi is one of the smartest and most serious about learning of the senior politicians I know. He actually listens to people like me and acts on what he learns from such meetings. I was able to have some influence over the selection of the committee members and invited David Milstein of Fidelity Ventures and Date-san who is working on university incubation. I think we have a good group.

The committee is a 3rd tier committee which is above a "study group" but below an inquiry committee, so the output from this study group should have some teeth. (The consumer inquiry committee I am on is one tier above, but the police committee on malicious programs I am on is one tier below. This is the minimum level to get air conditioning in the government building. ;-p ) I think it was the most influential committee we could make and still include people like Date-san who are actually doing new stuff.

This is the first meeting of the overview committee of the National ID system. The press were ALL here and I got a lot of TV cameras in my face. I guess I'm going to end up on the evening news. I wonder what the comments will be.

Ishii Takemocho-sensei, a good friend and an very honest person was chosen as the chair. I'm going to go and see him soon. Kazuhisa Ogawa, the military analyst who I also respect highly for his outspoken and thoughtful style is also on the committee.

I pushed very hard to have this committee as open as possible and they agreed and announced that all of the minutes and the agendas will be posted on the web page and that they will have a press briefing after every meeting. I guess this is OK. Having the press actually in the meetings would be difficult to manage. Also, I got approval to blog freely. ;-) So here I am...

Japan has a process where they make boards and inquiry panels to discuss important issues with experts and the public. These inquiry panels are defined by law and are supposed to be an important part of the law making process, but in fact they are often used to diffuse public pressure and just act like they care. I am often asked to join such panels and I find I learn a lot about what is going on and can usually influence the direction ever so slightly. I usually feel this is better than not doing anything, but I am often citied as having been co-opted. In the past, the issues haven't been so important or public so it hasn't really mattered. This time it does.

A month or so ago, the Ministry of Public Management, Home Affairs, Posts and Telecommunications which is in charge of the National ID that I have been protesting approached me and asked me if I could organize a panel to review the privacy issues around the National ID. I consulted with our protest movement we decided that if the results were made public and we could fund some privacy research, this was probably a good thing. We are now in the process of organizing a global survey of privacy technology, privacy commissioners and other things that would be useful in considering how to set up the Japanese government privacy policy. We hope to create a recommendation about what Japan should do in creating new system as well as what we can do to minimize privacy invasiveness in the current system. So far so good.

Now I have been contacted again, but this time the request is to be on the board of the National ID committee and be in charge of privacy! Apparently this is a request from the minister. (Very interesting since I practically called him a liar on a live national news program where we debated against each other and I think he called me something that sounded a lot like "stupid." Anyway...) It is probably a move to try to co-opt me. I replied saying that I have no intention of stopping my anti-National ID activity or becoming "quiet." I said I would consider taking the post if I was allowed to be completely open and public about what we discussed in the meetings and if I were allowed to continue to protest the National ID. I think that if I