Category: data loss

A juki-net footnote

I had a conversation yesterday (not a formal interview) with Midori Ogasawara, a freelance journalist and writer who used to report on privacy issues for the Asahi Shimbun newspaper. This was mainly to set up further interviews with those who are or were involved with campaigns on surveillance and privacy issues in Tokyo. However I also managed to clarify a few of my own questions about juki-net and the opposition which it attracted.

In short, there seem to have been several objections.

  1. First of all was the objection to the idea of a centralised database, which was able to link between other previously separate databases.
  2. Secondly, there was the fact that this was the national state asserting authority over both local government and citizens. Both Local Authorities and citizens groups had argued for ‘opt-in’ systems, whereby firstly, towns could adopt their own policies towards juki-net, and secondly and more fundamentally, individual citizens could decide whether they wanted their details to be shared.
  3. The third objection was to there being a register of addresses at all. Many people saw this simply as an unnecessary intrusion onto their private lives, and in any case, the administration of welfare, education and benefits worked perfectly well before this (from their point of view) so why was such a new uniform system introduced?
  4. Next there were objections based on what was being networked. The jyuminhyo (see my summary from the other day) is not actually a simple list of individuals and where they live, but is a household registry. It might not, like the koseki, place the individual in a family line, but is still a system based on patriarchal assumptions, with a designated ‘head’ of the household, and ‘dependents’ including wives and even adult children.
  5. Finally, there was the question of the construction of an identification infrastructure. Whether or not juki-net is considered as an identification system, and it does have a unique identifying number for each citizen, and has the potential to be built on to create exactly such a comprehensive system of national identification. Lasdec, who we talked to the other day, may not approve of this, or believe it will happen, but they are only technicians, they are not policymakers and don’t have the power or the access to know or decide such matters. And in the end, if they are required by law to run an ID system then they will have to run it.
  6. There were, as I already mentioned, objections to the potential loss or illicit sharing of personal information. I don’t think this is intrinsic to juki-net, or indeed to database systems, but of course both databases and networks make such things easier. People are also quite cynical about promises of secure systems. Lasdec may say that that juki-net is secure, but there have been enough incidences of government data leaks in the past for people not to accept such assertions.
  7. Finally, Juki-net connects to the border, passport and visa system. The reason that foreigners will finally be included on the jyuminhyo (and therefore juki-net) from 2012 is not therefore to respond to long-term foreign residents’ requests for equal treatment but in fact to make it even easier to sort out and find gaikokujin, check their status, and deal with unofficial and illegal migrants. Groups campaigning for the rights of foreign workers (mainly the exploited South-East Asian and Brazilian factory workers) have therefore been very much involved. Of course it also makes it possible to connect the overseas travel of Japanese people to a central address registry.

I’ll be meeting Midori again soon, I hope, along with other researchers and objectors. I am also still hoping to be able to talk to officials from the Homusho (Ministry of Justice) and the Somusho (Ministry of Public Management, Home Affairs, Posts & Telecommunications), but they are are currently passing around my request to different offices and generally delaying things in the best bureaucratic traditions!

Identification in Japan (Part 2): Juki-net

As I mentioned yesterday, one of the big developments in state information systems in Japan in recent years has been the development of the jyuminkihondaichou network system (Residents’ Registry Network System, or juki-net). Very basically juki-net is a way of connecting together the 1700 (recently restructured from 3300) local authorities’ residents’ registries (jyuminhyo). These are a record of who lives in the area and where, that are held on a multiplicity of different local computer (and even still, paper) databases. Japanese government services are always struggling to catch up with massive and swift social changes, particularly the increased mobility of people, that made first the Meiji-era koseki (family registers) and then the disconnected local jyuminhyo (which were both themselves introduced to deal with earlier waves of increased social and spatial mobility) inadequate.

Operational from 2002, juki-net is restricted by law to only transmitting four pieces of personal data (name, sex, date-of-birth and address), plus a randomly-generated 11-digit unique number. Nevertheless, the system was strongly opposed and has sparked multiple legal challenges from residents’ groups who did not want to be on the system at all, and who considered the risk of data leakage or privacy violation to be too great for the system to be lawful. These challenges were combined together into one class-action suit, which finally failed at the highest level, the Supreme Court, in March 2008. The court ruled that juki-net was constitutional and there was no serious security risk in the system itself but according to some analysts did not address the possibility of mistakes being made by operatives. But this would seem to me to be a problem of data protection in general in Japan, rather than an issues that is specific to juki-net. Like Brazil, but unlike Canada and the UK for example, Japan has no independent watchdog agency or commissioner for safeguarding privacy or kojin deta (personal data), and other than internal procedures, the courts are the citizen’s only recourse. In any case, as Britain’s comparatively frequent incidence of data loss by public authorities shows, even having such a system does not necessarily make for better practice. There is in Japan, as in Britain, training and advice in data protection provided by a specialist government information systems agency.

We interviewed officials at that government agency, Lasdec (the Local Authorities Systems Development Centre) today. Lasdec also developed and runs juki-net and is responsible for the new jyuminhyo / juki-net card that enables easy access to local (and some national) services via the web or ATM-like machines at local government offices. Unsurprisingly they were quite bemused by the opposition to juki-net, which they say was based on a lack of understanding amongst citizens about what it was, and a general fear of computers and databases. They argued that many people (including one or two local authorities) had the impression juki-net was, or was planned to be, an extensive database of all personal information held by different parts of the government, or even was the basis for a new system of national identification or indeed was a new system of national identification – indeed that was the impression one got from reading both Japanese and foreign civil and cyber-liberties groups’ reports in 2002/2003 with plenty of stories of the new Japanese ‘Big Brother’ system (see the archived collection here for example).

However Lasdec argued that both ideas were incorrect. The officials recognised both that the 11-digit unique number was adapted from a previous failed identification scheme, and that juki-net could in theory become the basis for any proposed future national ID scheme, but this was prevented by the enabling law. In any case juki-net was not even the best existing system on which to base an ID system: passport, driving licence and healthcare databases all had more information and certainly information with higher levels of personal identifiability – and no-one seems to be objecting the amount of information contained on the driving licence system, for example. Juki-net has no photos or other biometric data and no historical information. Likewise the residents’ card can have a photo if the resident wishes, but this is not shared through juki-net, and in fact the card itself is entirely voluntary. In addition, only in one city has take-up of the card exceeded more than 50% of the adult population (Lasdec has detailed information on take-up but only published a ‘league table’ without percentages). You also do not lose anything by chosing not to have or use the card.

The officials at Lasdec were, as with many technical and systems engineers in both public and private sectors whom I have interviewed, far more aware of privacy, data protection and surveillance issues than most politicians and mainstream (non-technical) government officials. They did not shy away from the terms kanshi (surveillance) or kanshi shakai (surveillance society) and indeed were as critical of the unregulated spread of things like CCTV in public space as many activists. They saw themselves in fact as controllers of information flow as much as facilitators. They were committed to the minimalist model of information-sharing set out by the law governing juki-net and wanted to find always the ways that information that was necessary to be shared could be shared without the creation of central databases or the exchange of additional unnecessary information. In addition, new laws came into force (in 2006), which make the residential information more private than it was before. In fact, such local registers used to be entirely public (anyone could access them), and now they are far more restricted – this only seems to have been noticed by direct marketing firms, who of course were not 100% happy with this change.

This puts me into a strange position. I have colleagues here who have been utterly opposed to juki-net, and I have always assumed that it was in some way similar or equivalent to the UK National Identity Register / ID card scheme. However in fact, it seems very similar to the ‘information clearing house’ idea which I and others have proposed for the UK, in opposition to the enormous NIR which would seem to suck in every kind of state-held information on the citizen! In addition juki-net does not require any more information from the Japanese citizen than is already held by the state, again unlike the NIR in the UK, for which multiple new forms of information are being requested by the state and indeed there are fines, and ultimately prison sentences, proposed by law for refusal to give up or update such information. In contrast, juki-net is more like the electoral register in the UK, to which hardly anyone objects.

This all makes me wonder exactly what it is that provoked such vociferous opposition to juki-net. If it is a actually or potentially repressive surveillance system, somewhat like Barthes’ famous description of Tokyo, it is one with an empty centre; there is no ‘Big Brother’ only a rather well-meaning set of bespectacled technicians who are just trying, as they see it, to make things work better so that people don’t have to keep proving who they are every time they move to a new area. Perhaps there are particular cultural and political factors (that is after all the working hypothesis of this entire project – and perhaps in making assumptions about both systems and oppositions across borders we obscure the specifics). Perhaps it is the association of the 11-digit number with previous proposed ID schemes. Perhaps, as in Germany, in new government information systems, there are resonances with older systems of identification and control that hark back to more repressive, fascist, times. Or perhaps there is a general cynicism of successive government ‘information society’ / ‘e-Japan’ / ‘i-Japan’ strategies and initiatives, each of which promise empowerment and in practice deliver more bureaucracy. These are some questions I need to explore further with other officials academics and activists.

EU Telecommunications Directive in effect

From today, private lives in the UK will be a little less private, as EU Directive 2006/24/EC becomes part of national law.

Traffic data on e-mail, website visits and Internet telephone calls now have to be recorded and retained by Internet Service Providers (ISPs). Specifically, the Directive mandates the retention of: the source of a communication; the destination of a communication; the date, time and duration of a communication; the type of communication; the type and identity of the communication device; and the location of mobile communication equipment.

This is coming into force despite the fact that many countries and ISPs still object to the directive. It has to be said that many ISPs are objecting on grounds of cost rather than any ethical reason. German courts are yet to determine the constitutionality of the directive and Sweden is not going to implement it at all.

As with many of these kinds of laws, it was rushed through on a wave of emotion after a particular ‘trigger event’ – in this case, the 7/7 bombings in London in 2005. There was a whole lot of devious practice in the Council of Ministers to get it passed too – if the Directive had been considered as a policing and security matter, it would still have needed unanimity, which means that the objections of Germany and Sweden would have vetoed the Directive. Instead, it was reclassified as ‘commercial’ on the grounds that it was about the regulation of corporations, and commerical matters need only a majority vote. How convenient…

The Home Office in Britain says our rights are safe because of RIPA, which is hardly cause for rejoicing. My main concerns, apart from the fact that this is yet another moment in the gradual erosion of private life, are that:

1. police access will rapidly become routine rather than specific, and this could be extended to many other public authorities – the original drafts of the Communications Bill would have extended the right of access to such data to all RIPA-empowered organisations (which includes most public authorities);

2. the data will be used illicitly by ISP employees for criminal purposes (remember that most identity thefts are inside jobs) – the records will be a blackmailers delight;

3. there will more ‘losses’ of this data by ISPs and others who have access to it. Remember the accidental revelation of user data by AOL in the USA?

Incompetence and Surveillance

There is an opinion piece in The Daily Telegraph (UK) today by Alasdair Palmer, which argues that it is the incompetence and human fallibility of the UK government rather than any lack of desire which prevents an Orwellian surveillance state from emerging in the UK. It is hardly new but it’s an attractive argument, one which I have used before and which we used to a certain extent in our Report on the Surveillance Society, and one which draws on the deep well of cynicism about government which has long characterised British politics.

However there are a number of problems with the argument. The first is whether it is really true. A totalitarian society does not have to be competent in the sense of having correct information, in fact one of the central messages of Nineteen Eight-Four is that ‘truth’ is a product of state control in such societies. This was obvious in the case of Stalin’s purges. The accusations made against individuals did not rely on the accuracy of the accusation but on the very fact of accusation, something brought out very strongly in Orlando Figges’ recent book, The Whisperers. In the UK in recent years we have seen some elements of this. It doesn’t matter for example, whether someone really is a terrorist, the word ‘terrorist’ is just redefined in law and practice to encompass that person. New terms are invented to describe quasi-crimes (like anti-social behaviour) which come to have the force of ‘crime’ and become the focus of state surveillance activity. And I have shown how the recent arguments over photography in public places show a genuine totalitarianism in the attempt to define the limits of the collection and interpretation of visual images. It doesn’t matter how competent the state is at carrying out its desires here. The very fact that it defines what is acceptability in this way can create a new ‘normality’ and a ‘chilling effect’ on protest and resistance – which makes such activity even more essential.

The second problem is the idea that incompetence protects us. It didn’t in Soviet Russia and it doesn’t today. The government’s uselessness in handling data harms people. The loss and leakage of private personal information can lead to real effects on people’s lives: information theft, fraud and so on. The loss of trust in those who control information also has knock-on effects on those organisations that genuinely rely on personal information to provide essential services and care: education, health services, social work etc. A loss of trust caused by failed repression leads to a generalised loss of trust in government and in other people: it damages social trust. It is perhaps because British people have such a low level of social trust anyway that we expect things to fail.

The third problem relies on the first two and is the idea that state incompetence is enough to protect us. Of course it isn’t. Cynicism is no basis for thinking of, and creating, a better society. Do we want to live in a society where our only protection is the fact that state is structurally or contingently unable to create a totalitarian situation even though it continues to try? I certainly don’t. The emergence of surveillance societies, competent or otherwise, requires the imagination of alternatives – including greater democracy, accountability, transparency, and regulation and control of both state and corporate organisations in our favour – and political action to demand and create those alternatives.

A faith in failure is simply a form of nihilism.

The loneliness of personal data

Surveillance like this harms us all: it makes our lives banal and reveals only the sadness and the pain.

Still from I Love Alaska
Still from I Love Alaska

There is something at once banal and heartbreaking about what is revealed through the examination of personal data. The episodic film, I Love Alaska, captures this beautifully. The film by Lernert Engelberts and Sander Plug is based on AOL’s accidental exposure of the search data of hundreds of thousands of its users, and focuses on just one, 711391. The film consists of an actress reading out the (unusually discursive and plain language) search terms of User 711391 like an incantation, with background sound from Alaskan locations and static camera shots that serve to emphasize her boredom, isolation and loneliness.

I was watching episode 5 of the film when two stories popped into my inbox that just happened to be related. The first was from the New York Times business section and dealt with the other side of the recent US sporting scandal over revelations that baseball player Alex Rodriguez has taken steroids. Like User 711391, Rodriguez had given up his data (in this case, a sample) in the belief that the data would be anonymous and aggregated. But it wasn’t.

So, then we come to how the state deals with this. The Toronto Globe and Mail comments on the way the Canadian federal government is, like so many others, proposing to introduce new legislation to monitor and control Internet use. The comment argues that there is no general need to store personal Internet use data (or Canada will end up like the UK…), and that Internet surveillance should be governed by judicial oversight. Quite so. But, as the NYT article points out, it isn’t just the expanding appetite of the state for data (frequently coupled in the UK with incompetence in data handling) that we should fear but the growth in numbers of, and lack of any oversight or control over, private-sector dataveillance operations.

Some people will argue that any talk of privacy here is irrelevant: User 711391 was cheating on her husband; Rodrguez was taking steroids; there are paedophiles and terrorists conspiring on the Internet. With surveillance the guilty are revealed. Surely, as Damon Knight’s classic short story, ‘I See You’, claimed, with everything exposed we are truly free from ‘sin’? But no. In its revelations, surveillance like this harms us all: it makes our lives banal and reveals only the sadness and the pain. For User 711391, her access to the Internet served at different times as her main source of entertainment, desire, friendship, and even conscience. The AOL debacle revealed all of this and demeaned her and many others in the process. Most of us deserve the comfort of our very ordinary secrets and the ability for things to be forgotten. This is the true value of privacy.

(Thanks to Chiara Fonio for letting me know about I Love Alaska)