Joi Ito's Web

Joi Ito's conversation with the living web.

So here's an update on my activity in protesting the National ID in Japan.

I've gotten A LOT of negative feedback (All of it indirect. I would be SO MUCH EASIER if they would just talk to me directly, rather than critcize me behind my back.) from the IT community, vendors, peers, professors, etc. about my position to support the anti-National ID campaign. However, the people at the Ministry of Public Management, Home Affairs, Post and Telecom who are in charge of the National ID have actively solicited my involvement in trying to "fix" things. I think part of it is to try to use me as "cover". The Minister frequently refers to the fact that he has a "panel of experts" working on the security and privacy issues. At that level, I've been somewhat co-opted and am criticized by my peers. At the working level, I have spent hours with the bureaucrats convincing them of the importance of privacy and the thinking behind better architecture and software. We are now preparing one of the most extensive reports on privacy with the help of many of our friends in the US, Canada and Europe and will be translating all of the material into Japanese. This may be the first report of its kind in Japanese.

The National ID bill says that the National ID number cannot be used for anything other than the processing of local government paperwork. I asked on the record during the study group whether this number would be used as a taxpayer ID. They told me "no." The media, however, are reporting that banks are using the National ID as an identifier, that the police are thinking of using the National ID, they are thinking of using the National ID in passports and that they are considering using the National ID as a tax payer ID as well. The Minister recently told the banks that they should stop using the National ID.

Yesterday, I had a very frank discussion with the bureaucrat who is in charge of the National ID. I told him that I had heard that "it's starting" and that everyone was starting use the National ID for other things beyond the original intent of the bill. He told me that they were not going to budge from their position and that they would resist expanding the scope of the National ID. He said that they did not HAVE to create a bill for the National ID in order to build the network, but that they did so to try to make sure there was a public debate. I'm not sure if I buy this completely, but it sure did spark a debate. He said that because of the way the bill was written, anyone using the National ID would have to change or amend the bill and that they couldn't do it without permission, which he wasn't going to give. I told him that this would be a great opportunity for the Ministry to show it's credibility by striking down the various proposals to use the National ID for other things if they were sincere. I agreed to try to let them convince me that they were sincere and that if I were convinced I would try to convince others.

After spending time with the folks from the Ministry of Public Management, Home Affairs, Posts and Telecom, I'm starting to get a sense that maybe they're not the "bad guys." They don't understand a lot about technology and are very focused on local government and supporting infrastructure. I think it's actually the Financial Services Agency, the Ministry of Economy Trade and Industry and a variety of other Ministries who are pushing for expanding the scope of the National ID and that the Ministry of Public Management, Home Affairs and Telecom is sort of "in the dark" on a lot of this stuff. Focusing on them may be the wrong approach. Supporting them in holding true to their promise to limit the use and bashing all of the other people trying to piggy back on their ID system may be the more effective approach. I'm going to have to investigate this more.

One of the biggest problems with my position against the National ID is that it continues to grown and morph into things that have negative effects. My position is that a National ID without a method to limit the scope of its use, without a watchdog organization, without an ethical privacy framework including "privacy impact assessments" when building new stuff around it was irresponsible and increased risk. I am not so concerned about the security of the current ID system, which is quite limited in its scope, but rather, the data structures, architectures, and additional systems that might try to use this number scheme in the future.

I do not have a strong position on the current privacy bill as it relates to private enterprise and I don't think that the media's right to investigative journalism should be limited at this point. I am only concerned that the part of the privacy bill that outlines the use of personal information and databases by the government is very weak and without much substance.

My problem is that people seem to think I am against using IT in government, pushing for stronger government control of private enterprise, questioning the security of the National ID system and blowing the risks out of proportion, using ignorant politicians to put undue pressure on the bureaucrats, trying to make money by scaring the public and selling security solutions and generally being stupid and unfair...

So my current action items are:

Sit down with the non-techie activists and make sure that they are focused on the important issues and not on the emotional issues that are not relevant. ("Cows are 10 digit numbers, why are we 11 digit numbers!" or "I don't want to be a number!")

Talk to the vendors who are criticizing me and figure out whether they are confused about my position or whether they are trying to sell some weak system and fear a privacy impact assessment.

Talk the Ministry of Public Management, Home Affairs, Posts and Telecom into taking a strong stand on privacy issues and combating publicly and legally those who attempt to abuse their infrastructure.

Educate the public about privacy enhancing technology, educate MYSELF about privacy enhancing technology, and try to support its development and deployment.

Engage in a global debate about privacy issues in general and make sure Japan is in sych with the rest of the rational world. (If there is any left.)


I can think of several things should be look at:

1. Lack of Privacy Impact Assessment before starting National ID. This might be un-excusable. (but it might be still recoverable if they change.) If the Ministry did assessments, they could have a chance to find other ministries and private sector businesses may be piggy backing on it.

2. This might sound a conspiracy theory but there might be a chance that many Ministries already had obscure mutual agreement for the direction to install national ID scheme. Because Japan's Diet already passed laws regarding to the use of national ID network for government businesses before having privacy law enacted. That agreement might be "e-Japan" plan...

3. Historical view is interesting. Fairly many European countries or even the USA enacted privacy law(s) in '70s. Why Japan still doesn't have such? that might indicate Japanese government's total lack of sense to protect privacy of its people.

I agree with 1. 3 is interesting as well. My current theory that I want to test is that #2 happened without that much involvement of the Ministry of Public Management, Home Affairs, Posts and Telecom and that it was the other Ministries. This is a weird theory, I know, but it makes a bit of sense and no matter how much I talk to Soumusho, it doesn't seem like they know about what the other Ministries are thinking... Maybe the Minister knows though. Anyway, I'm going to try testing this theory.

National ID bill permits prefectural ordinances to expand the usage of National ID. MPHPT cannot stop this.

For example, each local police belongs to prefecture in which it resides, so local police can use National ID without amending the bill when the prefectural ordinance that permits police to use National ID is created. National Police Agency can push each local police to create such ordinances (This is the way that juvenile ordinances were created in most prefectures. Juvenile ordinances have media regulations which may conflict with constitutional values such as freedom of expression, so bills which have similar effects cannot pass the Diet. Most local diets did not check that conflict because Opponent Parties in local diets are far weaker than that in the national Diet). Some governors, including Tanaka-san in Nagano, won't accept such a proposal, but most governors may accept it. Once each local police is enabled to use National ID, data with National ID may be exchanged through the network which NPA has. That is illegal, but no outsiders can audit the network of police.

A question is that is it a accidental loophole or planned loophole? From the national and local police standpoint, that is very practical merit of natinal ID use. Many cannot resist to think of it was planned one. but the ministries might want to avoid to touch the issue.

Then, another question comes to that: who has crafted the wording of the bill?

All good questions and points. Let's try to get the answers. I kind of think that it is an overall lack of understanding or priority setting on privacy and probably not a conspiracy. Having said that, the effect is probably the same. Just harder to combat because there is no central control or "villan". We need to figure out how to get our report summarized and widely disseminated inside of the bureaucracy and the Diet. We should make sure we get it presented at the Governors' meeting as well. They have regular meetings where ALL of the prefectural governors get together and talk.

positive feedback--recommend don't do national ID because it takes the joy out of life

In Sweden we have had exactly this system for about 40 years. That is, the national ID is used by the entire public sector as a "key" to data concerning the citizen (or legal alien). The opposition to this has been very limited. The private sector often also records such IDs in their records but do not have the right to build registers using the ID as a "key". This would by the way not be to smart as customers may belong to other countries as well.

As far as I can see the *real* problem is if you can trust authorities like hospitals to keep massive amounts of computer data private and I don't think this has much to do with the availability of a nation ID or not. There must anyway be some kind of identity information to make sure that you don't handle the wrong person.

For the e-governments the national ID allows cross-communication which may be good or bad depending if you trust authorities or not.