FC: Japan's national ID network -- already live, a week early

From: Declan McCullagh (declanat_private)
Date: Wed Jul 31 2002 - 21:41:47 PDT

  • Next message: Declan McCullagh: "FC: Brad Templeton on terror probes, and grocery discount cards"

    Previous Politech message:
    
    "Japan's networked national ID system will go live on Aug. 8"
    http://www.politechbot.com/p-03502.html
    
    ---
    
    Date: Wed, 31 Jul 2002 10:29:15 -0700
    To: declanat_private
    From: gtat_private (Gohsuke Takama)
    Subject: Japan's national ID network has gone live already
    
    Hi, another FYI. I thought some of Politech readers may be interested to
    know an update.
    
    gt
    
    ---------------------
    
    Lies and Secrets
    
    Japan's national ID network has gone live already
    
    by Gohsuke Takama
    Tokyo, Jul 31, 2002
    
    It's Up and Running Already
    
    Rhetorics and politics are good friends. Almost everyone in Japan including
    politician has been believing that Japan's national ID network system, the
    Basic Residents Registers Network, would go live on Aug 5 of this year. But
    the truth is that it is already live since more than a week ago,
    technically. And it has gone without privacy protection laws which left
    behind in Japan's diet for more discussions after summer.
    
    A news appeared on Jul 19 said that the Ministry of Public Management, Home
    Affairs, Posts and Telecommunications would start testing of the network
    from Jul 22, using actual Basic Resident Registry's record update data
    including newly issued Resident Number. It also noted that transfer of the
    Resident Registry data from local government owned computers to the
    National server and the Prefectural servers would be completed by Jul 20.
    
    This clearly means that all the residents in Japan already numbered and
    huge databases that holding whole Japan's 125 million residents' data are
    already up and running. If so, what the difference between before and after
    Aug 5? A: Deleting the data of moving out people from the record. That's
    all. And that sounds more likely just a little change in Local Government
    staff's operation procedure at the request counter than launch of nation
    wide computer networks.
    
    Now this is the beginning of activation for Japan's national ID systems: 11
    digit number national ID, networked resident record system based on the ID
    numbers, and national ID card that based on contactless radio transaction
    smartcard, with 32 bit CPU and co-processor supposed to handle crypto and
    digital signature, which will be issued from 2003.
    
    This status makes computer security specialists worried. If organized
    crimes or foreign spy agents get access to one of these, that could be a
    disaster. Clear and present danger is here now. World class crackers might
    be difficult to ignore temptations to try their penetration skills on this
    network because it is built on Windows NT/2000 servers and possibly MS SQL.
    You got the idea?
    
    Databases and National ID Networks
    
    Japan has nearly 3300 cities, towns and villages and until a few month ago
    their residents' records were all separated. But now the Basic Residents
    Registers Network connected them all.
    
    But this network has strange design structure. Data of residents' records
    at cities, towns and villages in a prefecture are copied to the Prefectural
    server. Then data of whole Japan's 125 million residents' records are
    copied to the National server. So the records of Japan's every resident -
    name, birth date, address, gender and ID number - are sitting in these
    servers.
    
    Also there is another strange structure. the National server which is
    locating at Local Authorities Systems DEvelop Center, LASDEC for short, has
    an additional offers residents' data for the administrative bodies of
    central government. A funny thing is that the data once transferred to
    administrative bodies would not be covered by Basic Residents Registry Law
    which regulates the residents registry.
    
    Japan's Privacy Bills
    
    Japan would be having two privacy laws, the Personal Data Protection Law
    and the Law Concerning Access to Information Held by Administrative Organs.
    However, both are still in discussions and far from passing the diet,
    because the diet ended today, Jul 31, even with 40 days extension to normal
    schedule.
    
    Many pointed out both bills have problems. For the Personal Data Protection
    bill, which originally designed as EU/OECD style protection of personal
    information bill. But it had too many modification. And all the news media
    are now opposing to strong consent requirement with data subjects and
    punitive provisions of the bill.
    
    More problematic is another. The bill for Law Concerning Access to
    Information Held by Administrative Organs. This bill is supposed to be for
    protection of personal information collected and held by government
    administrative organs. However, many words set in the bill already
    crippling the law itself. The bill does not have clear set of rules on
    "collection limitation" of personal information. It also permits the
    government to use anyone's personal information if needed and "Change of
    Use Purpose" without notifying to data subject person. Plus, no penalty for
    government stuff upon duty violations. If this bill was passed, the
    government can use anyone's personal information for almost in any way, any
    purpose, legally.
    
    Missing Information and Secrecy Lovers
    
    What do Japanese people have in mind about this national ID network? That
    is another side of the problems. A poll done by Kyodo Communications on
    June 30 brought up that 83.2% of Japanese did not know about this Basic
    Residents Registers Network and they would be given numbers. Is this a
    result of secrecy or just a lack of PR?
    
    Since that time, news media started having more reporting. On Jul 22, Asahi
    Newspaper did another poll and the result was drastically different. 59%
    answered they heard the name of Basic Residents Registers Network, 86%
    showed concern on privacy information leaks, and 76% answered that they
    prefer to postpone the launch of the network.
    
    The allies of four minority parties brought a bill to the diet that repeal
    the Basic Residents Registers Network. (Japan has seven political parties.)
    But it dead in a water without a discussion. A group of politicians in
    leading conservative majority the Liberal Democratic Party tried to make up
    another bill that postpone the launch. But it also dead even before
    proposed on the last day of the diet by time constraint and their slow
    action. And on Jul 31, the Prime Minister Junichiro Koizumi is still saying
    the launch date is Aug 5 and go ahead.
    
    
    
    Ministry of Public Management, Home Affairs, Posts and Telecommunications
    http://www.soumu.go.jp/english/index.html
    
    Prime Minister's office
    http://www.kantei.go.jp/foreign/index-e.html
    
    LASDEC
    http://www.lasdec.nippon-net.ne.jp/
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    -------------------------------------------------------------------------
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 00:45:03 PDT