Joi Ito's Web

Joi Ito's conversation with the living web.

Nobuo Ikeda has recently been attacking me. I wrote about this before. He recently wrote an email to Dave Farber's list attacking me again. This attack seems to have more substance so I have tried to address his points. I wonder if this is the "critical debate" I've been fighting for. ;-p

My comments are in italics.

-----Original Message-----
From: IKEDA Nobuo
To: Dave Farber
Subject: Re: [IP] revolution in Japan
Date: Thu, 06 Feb 2003 20:58:40 +0900

I can't understand what Jo Ito means by "revolution", but I am afraid that he is preventing the evolution of the Internet in Japan. Yesterday we had a symposium titled "E-Governmet for Whom?"

I don't think anyone other than Ikeda-san thinks I'm am preventing the evolution of the Internet so I won't address this point directly. If he would elaborate, I will happily defend my position. (in Japanese)

We discussed the National ID problem, to which Ito is opposing strongly.

His colleague is arguing "I don't want to be a number". We concluded that it was a non-probelm whether people become numbers or not, because they are already numbered and could be searched by their names and addresses. Try Google.

Universal numbers are more dangerous than name/address combinations. Anyone trying to merge databases knows that it is very difficult and much more expensive to merge databases that don't have unique serial numbers. Google is useful, but there is very little information about me on Google that I have not made explicitly available. The government has ID information of whistle blowers, FOIA requesters, people who subscribe to subversive newsletters, face recognition data for blacklists for a variety of government agencies and arrest records (including people who were not charged). This information is often leaked. A universal numbering system will make it much easier for this information to be abused. The numbering system has been passed without clear guidelines about the government use of personal information. Also, privacy enhancing technologies and better architecture could have significantly reduced he risk of personal information being leaked by the government, but such suggestions were ignored and the system set up before thorough public debate. For instance, since the ID cards will be smart cards, why were 11 digit human readable numbers chosen instead of longer non-human readable numbers? Why were static numbers chosen instead of some sort of session key based authentication system?

Ito insists that Japanese govt should strengthen the privacy bill to enforce "self-information control rights" to allow everybody to control all data that contain his/her name. In our symposium, we agreed that it was very dangerous to empower everybody to "censor" the personal data. Even the notorious EU directive is not enforcing such a strong restriction.

I would like to clarify that I think that the privacy bill regulating non-government entities is fine or in some ways too strong. My primary issue with the privacy bill is that it has much weaker restrictions on the use and cross-refrencing of personal information by the government. There is no watch-dog organization which oversees privacy violations by the government, the bill is VERY loose about the government's use of personal information. The Japanese government in notoriously abusive of information about individuals.

Yesterday I discussed it with a Microsoft official, and today I talked about it with an Intel official. They encouraged me to stop such a dangerous "privacy" bill that regulates the Net.

Again, I think that self-regulation and disclosure of privacy policies by commercial enterprises is sufficient. My main concern is the abuse by the government. The government watches us, but who watches them?
Ikeda, Nobuo
Research Institute of Economy, Trade and Industry


Since this is a public forum - and I assume Mr. Ikeda will read this - let me say this as a gaijin, outsider:

I can see why Mr. Ikeda might think that Mr. Ito's complaints to resistance to the existing Government ID initiative might be construed as 'preventing' the evolution of the Internet in Japan. Mr. Ito is an outspoken young man, who steps on many toes and is determined that privacy, security and proper architecture be 'baked' into all technological efforts.

However I would also point out - that Mr. Ito is 'putting his money where his mouth is' (as we say here in the U.S.). Mr. Ito exerts a LOT of energy, time and effort at helping Japan in many ways, and it is his sincere effort to help the Japanese people maintain their privacy and security.

Please read carefully all of the rebuttals and issues Mr. Ito brings up in this conversation and PLEASE let's all sit down, have some Sake and discuss - like men - how to help Japan. I myself think that every citizen should have a persistent digital identity in cyberspace and that technology can help people out in many ways.

As the Cluetrain manifesto says clearly: "markets are conversations" and so also must governemnt and technology be a conversation - as well.

Domo arigato.

"Yesterday I discussed it with a Microsoft official, and today I talked about it with an Intel official. They encouraged me to stop such a dangerous "privacy" bill that regulates the Net."

Ikeda can't possibly be naive enough as to believe that corporations with vested interests as entrenched as Microsoft and Intel would give the commonweal priority over their own bottom lines. Can he?

reading the discussions with great interest, i was wondering what you think about e.g. this article
while the information is given in a bit too dramatic fashion to me,
it seems to illustrate a point i think is quite important in talking about development
and use of technologies in general and in privacy issues specificly

I wonder if Mr. Ikeda knows why Microsoft is opposing privacy. If he - or anyone else - is interested, I recommend reading the EU Data Protection Working Party Document released January 29. It shows that the EU pressured Microsoft effectively to introduce some basic privacy protection for their Passport service.

I think people in the US and Japan don't give the European laws fair consideration. Basically, the European laws apply similar principles for government and private sector. It is based on the premise that you 'own' information that you disclose about yourself.

In practice the European regime works very well. Check your spambox for yourself and see how much spam you get from EU countries compared to the amount you get from the US and Asia.

At the moment, the US has a ridiculous regime whereby the government is very restricted in what it can collect on the one hand, and on the other hand private companies are allowed collect and trade private information (such as bank information, purchases, credit ratings, number of children and political preference). Check out Voterlistsonline to see the basic right to privacy being blatantly twisted and stretched beyond recognition, without any government help whatsoever.

I disagree with the idea of 'self-regulation' and posting policies in the website. These policies are simply not binding and offer no meaningful consumer protection.

Reading further regarding Ikeda's take on privacy - "the extent of the danger in Japan is spam," etc. - I'm stunned at the depth of his naivete, or dissimulation.

I read this very much in the context of the ongoing conversation about whistleblowing and retribution. Instead of talking in the vaguest possible terms about privacy, let's situate this: say you've just gone public with certain uncomfortable facts about your employer, or another powerful institution. Exactly how much information regarding yourself are you going to want freely available and correlatable?

Your home address? The place where your spouse works? The last hundred videos you rented? How about the school your child attends? We all know how such simple pieces of information can be threaded together, by someone with a certain sort of agenda, and used to intimidate, suppress, and constrain.

If anything, this is even more true of Japan than it is of most places. Example: on leaving a previous apartment, I neglected to pay my final month's electric bill. When I moved, neither the new apartment nor the new electric service was in my name - but the month's charge found its way onto the new electric bill, in my girlfriend's name!

Aside from the complete lack of recourse - TEPCO made this rather breathtaking assumption without bothering to seek confirmation, let alone authorization - it's terrifying. The only piece of information linking Person A in Apartment A with Person B in Apartment B was my change of address submitted to the ward office. Which means that a private concern is able to abuse public records for its own ends, in a way that only begins to illustrate the potential for similar mayhem.

This is why I find Ikeda's position so hard to take seriously. So much more is at stake than an inbox full of spam, and he either knows it, or should.

Ito is an important leader of our times, and one of the most foremost thinkers of our times. When it comes to issues of privacy, Ito has the ability to see many of the possible problems, that others cannot see. In the McLuhan sense, Ito is like the artist or philosopher, in that he is (as McLuhan would say) "a probe" or an "antenna" into the future. Others who are more short-sighted might be inclined to think that privacy is obsolete, but I think we should look to great minds like Ito's to warn us of possible dangers.

It saddens me greatly to see that when an artist, philosopher, and leading thinker devotes his life, energy, and ambition to warning us of possible dangers, he is not appreciated for this work.

To so harshly criticize his efforts is like shooting a messenger who warns you of dangers ahead.

I knew that symposium was held, but I did not attend because Ikeda heavily defamed me by calling me a "stalker" after I criticized his opinions several times.

First, Ikeda's description on the symposium seems distorted. His "we" is actually "I". There is a video archive of the symposium(Windows Media Video Format), so Joi, you can make sure what was really discussed.

On the national ID problem, a panelist, Hiroshi Yamada, who is the Chief of Suginami Ward of Tokyo and he refused to deploy the National ID system in Suginami, argued what is similar to what Joi argued above.

Discussion on "self-information control rights" was not good because there were no speakers who support it and Ikeda explained it with distortion.
Civic groups and the Opposition parties really argue that the definition of the "personal information" should be more restricted so as not to interfere freedom of expression, and that that restricted "personal data" should be controlled by the related persons.
There can be a crticism that such a distinction is impossible, but Ikeda continues to distort that argument even though I already pointed out that distortion. Another argument not discussed in the symposium is that non-govenment entities should be regulated by the independent administrative committee, not by the competent authorities as the proposed bill states.

Privacy bill regulating government was little discussed in the symposium, but Ikeda argues that governemt should be able to use personal data freely beyond the purpose which is originally stated. Ikeda also argues that it was not bad that Japen Defense Agency illegally collected personal data of the applicants of the information disclosure by Information Disclosure Law (the linked page is in Japanese).

Other points:
I already notified him of the URL of EU Data Protection Working Party Document in my article criticizing him on a closed list (after the flame war, Ikeda and I was kicked out from that list).
Ikeda really does not want such a regulating power. He thinks that contents and schemas of the databases should be free from governments and consumers.

Sounds like Ikeda-san likes to throw in some low blows by calling people names. This strikes me as subconcious admission that he's on the losing side.

As for a National ID -- we already have enough problems with credit cards. CC companies lose over 1 BILLION dollars thanks to CC theft. ID theft, at least in the states, has also been causing lots of problems. You really think a new number system tagging people is going to make things safer and easier? Yeah right.

Maybe someone should post Ikeda-san's personal information on the internet and see how he likes that. Wasn't that done to someone in the US gov't already?

Yeah, it was convicted felon Admiral John Poindexter. And he didn't like it, not one little bit.

I received a private email from Mr. Ikeda and I think we agree that our positions are not as different as he thought. He is still critical of the anti-National ID "movement" that I helped start because they are asking for the right of people to control the use of their information. I will have to talk to them and make sure I understand what they are pushing for. I think a great deal of this is technical and has a lot to do with architecture. I should make sure that what my "team" are asking for is technically feasible. Anyway, some action items, but a step forward.

Having said that, I wish Mr. Ikeda would be a bit more balanced in the way he presents things and not attack people so personally...

Antoin, maybe the word "self-regulating" is misleading. I mean that privacy issues should discussed in public with industry and experts and that architectural and other issues should be decided and stuck to. I am neutral to semi-negative on the EU directive because I think it is based on 20 year old OECD thinking before computer networks. I think that governments are slow and might not be able to keep up. I think that Japan is MUCH WORSE than the EU in their ability to appoint people with real experience to write these things. That's why I am negative on government control. I do like the Canadian, Privacy Commissioner system where they appoint experienced people to watch over privacy issues province by province.

Yes, most European countries seem to have a 'code of practice' system like what you are talking about within the legislation. The way is works is that a particular industry (such as credit bureaus or dating agencies or direct marketers) can agree a code of practice with the Data Protection Commissioner. Once it is agreed, it becomes law, and the Commissioner can police it.

The 1995 directive does not address network issues, the summer 2002 directive does, however.

True. There is some forward progress Karl-Friedrich, but I find that people still seem to think in terms of networked hosts rather than ubiquitous networks. The focus should not be on data protection or even trans-border data flows, but on the capture of information and identity itself. Once information is created, it will exist forever and it is only the link to the identity and the format of the data that can protect you. It is more about data structures and less about connections and databases. I don't think this philosophy is yet embraced.