Joi Ito's Web

Joi Ito's conversation with the living web.

Had a meeting today with Yoshiko Sakurai and and other members of the anti-Jyukinet (National ID) "movement" this morning. I have been working with Sakurai-san and this group since September 2001. A lot has happened since then. We first tried very hard get a moratorium on the deployment before operation began. We got a great deal of support, but in the end operation began. Several local governments and prefectures resisted on the basis that there was a clause that privacy must be assured and the privacy bill had not been passed. A very watered down and poorly written privacy bill was passed and several anti-Jyukinet local governments lead by Yokoyama decided to participate in Jyukinet with a opt-out clause. There are still some local governments which are resisting, but such resistance is getting more and more difficult. Although we were able to raise privacy concerns when we were at the peak of our rallying efforts, people clearly do not feel too strongly about privacy issues generally.

Today we discussed a new angle that appears to be more convincing to many local governments. The cost of deploying the system is very high considering limited benefits. Although the central government says that they only spent $400M or so, it appears that it really cost more like $700M. In addition, there is a fairly substantial burden on the local governments. Although we would like people to think of things in terms of social cost and privacy risk, the more simple message is whether it is worth spending all of this money on a system which is supposed to be used only for receiving local government services. This message may be easier to spread.

I am in a somewhat awkward position right now. After the deployment began, I realized that it would be difficult to stop the system. While Sakurai-san continues to protest Jyukinet quite vocally and support the few local governments who are opposed to Jyukinet, I have started working within the system trying to educate the bureaucrats and trying to head of any new projects that might increase the risk. I am meeting regularly with "both sides" trying to figure out the most effective way to reduce risk. It is important that Sakurai-san continue to be vocal so that people continue to pay attention to the issues, but God is in the details. I am becoming immersed and inundated with the details. For example, early on in the process, I told the central government that they needed to educate the vendors and the local governments about privacy. I was soon presented with an "opportunity" to lecture local governments and vendors about privacy. Thanks... It's becoming physically and mentally quite difficult to continue this effort since it has very little to do with my "day job", but it's also very difficult to disengage since there are so few of "us".

Someone please help me... I wish we had EPIC in Japan. OK I'll stop wining...


Privacy issues need addressing first. BTW, what technologies are they planning to implement the National ID? Photo IDs, Smartcards, RFID, Biometric?

Joi, what about working to start a chapter of EPIC (or an NPO with similar goals) in Japan? Gather others around who are interested in the same goals. Delegate, etc. Or is there already such an organization out there that is underfunded and underutilized?

Mr. Kanai, Joi is already one of officials of CPSR/Japan (Japan Chapter of Computer Professionals for Social Responsibility). I'm also a member of CPSR/Japan.

Members of CPSR/Japan include several computer professionals and a few law experts, and we worked hard in this area. But, actually we were too busy with our own business and failed to do enough lobbying and lecture, I think. We'll need experts who can work full-time in this area, and a well-funded nonprofit organization which supports them.

Just an idea here but ...

Does Japanese government have a slightest idea/hints to test out Jyuki net's vulnerability against intruders/crackers or viruses( as in the case of Setqagaya-ward's Jyuki-net halt incident a couple of days ago) to their system ?

I am sure I heard this before somewhere that some government (I forgot which country) would exercise emergency drill/tests by simulating attacks from outside, and do this in "unnoticed" way so that no one inside their system knows when or how to be attacked.

Maybe joi can hint Soumu-sho or propose a plan for this kinda stuff.... but maybe too hard to even come up with any definitive plans for Somu-sho at all since they would no way wants to admit how vulnerable their current system is.

The jyuki net proposal reminds me of the construction of Narita and the new Kansai airport. An immense initiative that the government seems determined to undertake regardless of public opinion.

Some of us used to burn our draft cards. This became the focus of well-publicized mass non-violent protest because the maximum fine was $10,000 and the time was five years for just about any draft offense, and of course it was a federal case. It didn't help much to stop the Vietnam war, but we lost anyway and military service eventually changed to all-volunteer.

On Sunday morning, there was a chap on TV talking about the infrastructure of Jyuki, reassuring the audience that there are IDS and firewalls deployed, to defend against intruders.

Many people, like this presenter and a poster above, tend to forget, that a large portion of threat (if not the largest) is the one posed by authorised users of the system, or its owner.

I was surprised when the guy on TV said, that there is now an ongoing project implementing the logging of access. Frightening practices indeed...


In the few years that I've lived in Japan, I've become less and less inclined to believe that any organization here, especially the government can admit to or address flaws in a proposed system. There is an old saying in which goes something like "if the pot smells bad, put a lid on it", essentially meaning that problems are to be ignored and whistleblowers are not to be heard.

Network security is treated as a checklist type system here. "Have we purchased products lableled firewall and IDS? Yes? Check. Job done". Penetration testing is often treated the same and is only done in controlled situations. In my experience the government is far less prepared than any companies are here. Walk around Hibiya Park where all the beurocracies are or Nagatacho where the govt offices are with a WiFi sniffer sometime to see what I mean.

IMNSHO, the government here is still stuck in the mentality of the Tokugawa era and the social concept of group responsiblity does nothing to help the situation.

Best of luck Joi. Its going to be a long and hard fight.

August 25 - official date to launch Jyuki-net.
Electronic National ID cards will be available upon requests.

I just saw a Japanese news now and mostly talked about how useful it will be for citizens who require "proof of residence" since now you can get it from any city hall in Japan, etc.
The news briefly mentioned some cities has been voted against the law due to "SOME" security concerns, and the government went ahead with its implementation any way.

Opposition to such programs, which seem to be done deals, can be quite difficult. I'm not familiar with the history of "grass roots" activism in Japan, but the sight of thousands burning their cards does have a nice ring to it... Maybe organize it as a swarm? Beware -- there will undoubtedly be legislation introduced (if it hasn't already) to criminalize the destruction of the cards. Fight that law! Is there a well-established "right to privacy" in Japan?

These types of programs in the US seem to have a life of their own, and continue forward beyond all reason and over all opposition. (For example, if you read between the lines, you'll see that Total Information Awareness is not actually dead... it's just sleeping.) The source of that irrational life can often be found in the figures -- $700 million is a lot of money. Just as the recent recommendation for a "smart mail" system in the US bears the fingerprints of the major contractors who would get paid to build the system("Major high-tech companies, including Canon, Hewlett-Packard, IBM, Lockheed Martin, Pitney Bowes, Symbol Technologies and, are pushing the Postal Service to adopt intelligent mail systems. Each participates in a special committee on intelligent mail run by the Mailing Industry Task Force, a cross-industry group formed in 2001 with the support of Postmaster General John Potter." (see, you can bet there are major contractors helping the Japanese government write up the specs for the national ID card. The push for national ID in the US has huge support amongst the mainline contractors -- Lockheed, Honeywell, Northrup Grumman foremost among them. They know how the system works, and they recirculate huge amounts of money back into the political process keeping it flowing. Given my limited exposure to Japanese governmental affairs, I have to assume that the revolving door, and other features of government contracting/corruption, are not out of the question in Japan.

In the US, a 3-prong strategy works pretty well -- legislation/activism (fight them in the legislature through grass roots activism and their competitors); litigation (probably not as effective in Japan, where there is not a lawyer behind every bush); and technology (beat them at their game -- show how their systems are insecure and subject to abuse, AND come up with a better solution).

Finally, what problem is this system purported to solve? One post above indicates that it's being pitched to the public as a network security measure. People will buy into that, and shrug it off as "necessary." Even if it's presented as "keeping track of foreigners and terrorists" they may get the same reaction. More likely, it's a huge, opportunistic pork barrel program that is looking for some justification. That's a tough one to fight, because such revelations ALWAYS get a shrug... But you can frame the issues the way YOU want to frame them. It's not about network security -- you know and they know it. If you can get a forum in which to be heard, YOU frame the issues as you see them. (Then watch carefully, they'll change their justifications....)

Fighting such battles can be hard on a person -- they can steal your energy with anger and frustration. Take good care of yourself and your allies... it will be a long road.

Thanks for the comments everyone.

Dirk, you make a VERY good point. I think most of the abuse will be legal abuse. That's what so scary. The "privacy bill" actually in many ways relaxes what the government can do with your information. They wil most likely continue to pass bill after bill making the government more and more opaque and people less and less free... Unless we can "wake people up", but I'm not confident about it.

I keep saying this, but there are just so few of "us". When I visit the US or Europe I'm surrounded by activists. Here, being an activist is so "fringy"... >sigh

2 TrackBacks

Listed below are links to blogs that reference this entry: Meeting with Yoshiko Sakurai and others about Japanese National ID - Jyukinet.

TrackBack URL for this entry:

Lies and Secrets, part 2 The days after the official launch of Japan's national ID network by Gohsuke Takama Tokyo, Aug 13, 2002 The Day of Official Launch On Aug 5, Japan's government officially forced to activate the controversial Basic Read More

Lies and Secrets, part 2 The days after the official launch of Japan's national ID network by Gohsuke Takama Tokyo, Aug 13, 2002 The Day of Official Launch On Aug 5, Japan's government officially forced to activate the controversial Basic Read More