data protection – Page 3

Identification in Japan (Part 2): Juki-net

As I mentioned yesterday, one of the big developments in state information systems in Japan in recent years has been the development of the jyuminkihondaichou network system (Residents’ Registry Network System, or juki-net). Very basically juki-net is a way of connecting together the 1700 (recently restructured from 3300) local authorities’ residents’ registries (jyuminhyo). These are a record of who lives in the area and where, that are held on a multiplicity of different local computer (and even still, paper) databases. Japanese government services are always struggling to catch up with massive and swift social changes, particularly the increased mobility of people, that made first the Meiji-era koseki (family registers) and then the disconnected local jyuminhyo (which were both themselves introduced to deal with earlier waves of increased social and spatial mobility) inadequate.

Operational from 2002, juki-net is restricted by law to only transmitting four pieces of personal data (name, sex, date-of-birth and address), plus a randomly-generated 11-digit unique number. Nevertheless, the system was strongly opposed and has sparked multiple legal challenges from residents’ groups who did not want to be on the system at all, and who considered the risk of data leakage or privacy violation to be too great for the system to be lawful. These challenges were combined together into one class-action suit, which finally failed at the highest level, the Supreme Court, in March 2008. The court ruled that juki-net was constitutional and there was no serious security risk in the system itself but according to some analysts did not address the possibility of mistakes being made by operatives. But this would seem to me to be a problem of data protection in general in Japan, rather than an issues that is specific to juki-net. Like Brazil, but unlike Canada and the UK for example, Japan has no independent watchdog agency or commissioner for safeguarding privacy or kojin deta (personal data), and other than internal procedures, the courts are the citizen’s only recourse. In any case, as Britain’s comparatively frequent incidence of data loss by public authorities shows, even having such a system does not necessarily make for better practice. There is in Japan, as in Britain, training and advice in data protection provided by a specialist government information systems agency.

We interviewed officials at that government agency, Lasdec (the Local Authorities Systems Development Centre) today. Lasdec also developed and runs juki-net and is responsible for the new jyuminhyo / juki-net card that enables easy access to local (and some national) services via the web or ATM-like machines at local government offices. Unsurprisingly they were quite bemused by the opposition to juki-net, which they say was based on a lack of understanding amongst citizens about what it was, and a general fear of computers and databases. They argued that many people (including one or two local authorities) had the impression juki-net was, or was planned to be, an extensive database of all personal information held by different parts of the government, or even was the basis for a new system of national identification or indeed was a new system of national identification – indeed that was the impression one got from reading both Japanese and foreign civil and cyber-liberties groups’ reports in 2002/2003 with plenty of stories of the new Japanese ‘Big Brother’ system (see the archived collection here for example).

However Lasdec argued that both ideas were incorrect. The officials recognised both that the 11-digit unique number was adapted from a previous failed identification scheme, and that juki-net could in theory become the basis for any proposed future national ID scheme, but this was prevented by the enabling law. In any case juki-net was not even the best existing system on which to base an ID system: passport, driving licence and healthcare databases all had more information and certainly information with higher levels of personal identifiability – and no-one seems to be objecting the amount of information contained on the driving licence system, for example. Juki-net has no photos or other biometric data and no historical information. Likewise the residents’ card can have a photo if the resident wishes, but this is not shared through juki-net, and in fact the card itself is entirely voluntary. In addition, only in one city has take-up of the card exceeded more than 50% of the adult population (Lasdec has detailed information on take-up but only published a ‘league table’ without percentages). You also do not lose anything by chosing not to have or use the card.

The officials at Lasdec were, as with many technical and systems engineers in both public and private sectors whom I have interviewed, far more aware of privacy, data protection and surveillance issues than most politicians and mainstream (non-technical) government officials. They did not shy away from the terms kanshi (surveillance) or kanshi shakai (surveillance society) and indeed were as critical of the unregulated spread of things like CCTV in public space as many activists. They saw themselves in fact as controllers of information flow as much as facilitators. They were committed to the minimalist model of information-sharing set out by the law governing juki-net and wanted to find always the ways that information that was necessary to be shared could be shared without the creation of central databases or the exchange of additional unnecessary information. In addition, new laws came into force (in 2006), which make the residential information more private than it was before. In fact, such local registers used to be entirely public (anyone could access them), and now they are far more restricted – this only seems to have been noticed by direct marketing firms, who of course were not 100% happy with this change.

This puts me into a strange position. I have colleagues here who have been utterly opposed to juki-net, and I have always assumed that it was in some way similar or equivalent to the UK National Identity Register / ID card scheme. However in fact, it seems very similar to the ‘information clearing house’ idea which I and others have proposed for the UK, in opposition to the enormous NIR which would seem to suck in every kind of state-held information on the citizen! In addition juki-net does not require any more information from the Japanese citizen than is already held by the state, again unlike the NIR in the UK, for which multiple new forms of information are being requested by the state and indeed there are fines, and ultimately prison sentences, proposed by law for refusal to give up or update such information. In contrast, juki-net is more like the electoral register in the UK, to which hardly anyone objects.

This all makes me wonder exactly what it is that provoked such vociferous opposition to juki-net. If it is a actually or potentially repressive surveillance system, somewhat like Barthes’ famous description of Tokyo, it is one with an empty centre; there is no ‘Big Brother’ only a rather well-meaning set of bespectacled technicians who are just trying, as they see it, to make things work better so that people don’t have to keep proving who they are every time they move to a new area. Perhaps there are particular cultural and political factors (that is after all the working hypothesis of this entire project – and perhaps in making assumptions about both systems and oppositions across borders we obscure the specifics). Perhaps it is the association of the 11-digit number with previous proposed ID schemes. Perhaps, as in Germany, in new government information systems, there are resonances with older systems of identification and control that hark back to more repressive, fascist, times. Or perhaps there is a general cynicism of successive government ‘information society’ / ‘e-Japan’ / ‘i-Japan’ strategies and initiatives, each of which promise empowerment and in practice deliver more bureaucracy. These are some questions I need to explore further with other officials academics and activists.

Data Protection in Japan

Comprehensive data protection in Japan is fairly recent. Until 2003, data protection was still governed under much two earlier ‘ information society initiatives: firstly, the Act for the Protection of Computer Processed Personal Data Held by Administrative Organisation (1988) and secondly, the Protection of Computer Processed Personal Data Act (1990), which are based on the 1980 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. These laws were limited an applied only to the state, and within that, only to some national government organisations rather than all of them.

Lawyers and those concerned with privacy within and without government were well aware of these limitations, and in the late 90s, a special Privacy Issues Study Working Group was set upby the Electronic Commerce Promotion Council of Japan (ECom). This committee issued Guidelines Concerning Protection of Personal Data in Electronic Commerce in the Private Sector in March 1998. The Chair of that committee, Professor Masao Horibe, provides an account here.

Subsequently, a Personal Data Protection Legislation Special Committee was established in January 2000 under the Advanced Information and Telecommunications Society Promotion Headquarters (now the IT Strategic Headquarters), a body responsible directly to the Japanese cabinet. This body has issued all the laws and directions regarding IT, e-Japan etc.

The need to “protect personal data” (kojin deta) was mentioned in Article 22 of the Basic Law on the Formation of an Advanced Information and Telecommunications Network Society within the rubric of ‘security’. This was followed up by the e-Japan strategy of January 2001, which under the section on the Facilitation of E-Commerce, recommended that “Necessary legislative measures should be taken to win the confidence of consumers, including submission of a bill to protect personal data to the ordinary session of the Diet in 2001.”

The Bill was introduced in March 2001, but as a result of concerns about its effects on the freedom of the press, was left to fall by 2002. However the Personal Information Protection Bill was passed in 2003, one of five bills with implications for data protections to be passed in that Diet session.The bill came into force in 2005. I’ll discuss the content and operation of the bill later, but there’s a good summary in English from when the Bill was passed here.

The one particularly interesting thing to note here is that it doesn’t designate or establish any one body to oversee the operation of the law or the enforcement of rights, or deal with complaints as in European countries and Canada, for example, Instead it keeps data protection as an internal matter for designated government ministries (and for companies), with legal action an option if all else fails. The law is generally on the side of data flow and commercial / administrative convenience, which is not surprising given its origins in industry-led e-commerce promotion organisations.

Japan to introduce resident-monitored CCTV

One of the most interesting developments in recent years has been the way in which the state has attempted to adapt Japan’s traditional culture of responsibilized local community organisations (chounaikai) for the new surveillance society (kanshi shakai, in Japanese). Cynics may well argue that what is called here bohan machizukuri (or community safety development – or sometimes the similar anzen anshin machizukuri) is simply a way in which the government can attempt to save money whilst pretending to be tough on what is always claimed to be a worsening crime rate. It is also true to say that this is also a further perversion of the machizukuri (bottom-up community development) idea that came out of local environmental movements of the 1960s.

Nevertheless, the Japan Times reported that the Keisatsuchou (National Police Agency or NPA) appears to be pushing forward with plans to extend its rather small number of CCTV cameras* into 15 residential areas starting January 2010 (two of which, Higashiyamato and Musashimurayama, are suburbs of Tokyo, and I’ll be visiting these whilst I am here) at the cost of 597 Million Yen (around £3.85 Million or $6.3 Million US). There’s always an underlying fear that is played on when such systems are installed, and in this case it is a classic: the threat to children. The small camera systems(around 25 cameras in size) will be installed on streets that are commonly used by kids going to and from school.

The fact that the schemes are focused on child safety would certainly be one of the reasons why the use of local volunteer committees to watch the cameras and manage the data from local civic facilities like community centres, has been put forward. It could also be in response to opposition from some local residents to what they see as the imposition of unwanted state invasion of their privacy, although according to the Japan Times, the police say it “will help residents to secure safety by themselves.” Their big problem is that there do not appear to be many volunteers yet!

There are many questions here. One mystery is that in Japan most school runs already have several, often elderly, volunteers who look out for children in person,in a more genuinely machizukuri form of bohan machizukuri so why the more expensive cameras? Another massive question is the one around privacy and data protection. How will volunteers be expected to act as official data controllers, especially in such a sensitive area as surveillance of children in public space? Finally, what will the effect be on trust and community relations to have one set of people in the community monitoring others? How will they be held accountable?

These, and many other questions will be just some of the things occupying my time here for the next two months…

*There are just 363 NPA cameras in Japan, however there are more owned by local municipal authorities, particularly in Tokyo, and thousands more operated by private companies and shoutenkai (shopkeepers’ associations).

Google: ‘give us data or you could die!’

I’ve been keeping a bit of an eye on the way that online systems are being used to map disease spread, including by Google. What I didn’t anticipate is that Google would use this as a kind of emotional blackmail to persuade governments to allow them as much data as they like for as long as possible.

Arguing against the European Commission’s proposal that Google should have to delete personal data after 6 months, Larry Page claims that to do so would be “in direct conflict with being able to map pandemics” and that without this the “more likely we all are to die.”

Google talk a lot of sense sometimes – I was very impressed with their Privacy counsel, Richard Fleischer, at a meeting I was at the other week – and in many ways they are now an intimate part of the daily lives of millions of people, but this kind of overwrought emotionalism does them no favours and belies their moto, ‘don’t be evil’.

(again, thanks to Seda Gurses for finding this)

EU Telecommunications Directive in effect

From today, private lives in the UK will be a little less private, as EU Directive 2006/24/EC becomes part of national law.

Traffic data on e-mail, website visits and Internet telephone calls now have to be recorded and retained by Internet Service Providers (ISPs). Specifically, the Directive mandates the retention of: the source of a communication; the destination of a communication; the date, time and duration of a communication; the type of communication; the type and identity of the communication device; and the location of mobile communication equipment.

This is coming into force despite the fact that many countries and ISPs still object to the directive. It has to be said that many ISPs are objecting on grounds of cost rather than any ethical reason. German courts are yet to determine the constitutionality of the directive and Sweden is not going to implement it at all.

As with many of these kinds of laws, it was rushed through on a wave of emotion after a particular ‘trigger event’ – in this case, the 7/7 bombings in London in 2005. There was a whole lot of devious practice in the Council of Ministers to get it passed too – if the Directive had been considered as a policing and security matter, it would still have needed unanimity, which means that the objections of Germany and Sweden would have vetoed the Directive. Instead, it was reclassified as ‘commercial’ on the grounds that it was about the regulation of corporations, and commerical matters need only a majority vote. How convenient…

The Home Office in Britain says our rights are safe because of RIPA, which is hardly cause for rejoicing. My main concerns, apart from the fact that this is yet another moment in the gradual erosion of private life, are that:

1. police access will rapidly become routine rather than specific, and this could be extended to many other public authorities – the original drafts of the Communications Bill would have extended the right of access to such data to all RIPA-empowered organisations (which includes most public authorities);

2. the data will be used illicitly by ISP employees for criminal purposes (remember that most identity thefts are inside jobs) – the records will be a blackmailers delight;

3. there will more ‘losses’ of this data by ISPs and others who have access to it. Remember the accidental revelation of user data by AOL in the USA?

A quarter of UK databases break privacy laws

This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal…

A new report for the Joseph Rowntree Reform Trust by a very credible largely Foundation for Information Policy Research (FIPR) team that combines engineers, lawyers, software developers, and political scientists, has concluded that a quarter of the UK public-sector databases are illegal under human rights or data protection law. It also looks at UK involvement in some European database projects and finds all of them questionable too.

The report rates the 46 databases on a traffic light system – green, amber, red – and argues that those rated ‘red’, in particular the National Identity Register and the Communications Database, and are simply unreformable and should be scrapped. This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal, and not just massively expensive, morally questionable or politically undesirable. In fact, a quarter of all the databases were found to contravene the law and more than half were ‘problematic’ (i.e. open to challenge in court) . All of those rated ‘amber’ (29 databases) the authors argue, should be subject to independent review.

There are a number of other major recommendations, including the reassertion of the necessity and proportionality tests contained in DP law, citizens should anonymous rights to access data, more open procurement of systems, and better training processes for civil servants. The most important and radical measures proposed, and entirely correctly in my view, are those concerning the location of data and the whole nature of UK IT development. For the former, the report recommends that the default location for sensitive personal data should be local, with national systems kept to a minimum – this appears to be rather like the ‘information clearing house’ system as opposed to central databases, that we proposed in our Report on the Surveillance Society, but better worded and justified! In the latter case, the authors simply note that fewer than 30% of government IT projects succeed at a cost of 16Bn GBP per annum and that there should never be a general and aimless government IT program, rather there should only ever be specific projects for clearly defined and justified (proportional and necessary) aims.

It is an excellent report and probably unanswerable in its logic. Tellingly, The Guardian report contains no response from any government minister…

Surveillance to be ‘hardwired’ into British culture?

Labour simply needs to admit that it has been wrong on this and to develop some more credible plans which recognises that real security protects liberties rather than undermining them in the name of security.

Richard Thomas is no longer a lone voice in the top echelons of the British state against the growing culture of surveillance, but he remains the most persistent and hard-hitting critic, not least because of he makes the best possible use of his position as UK Information Commissioner when most government watchdogs are largely toothless.

Now in an interview in The Times newspaper, he has renewed his attack on the government’s data-sharing and surveillance proposals,arguing that we risk “hardwiring surveillance” into the British way of life. He has clearly fully absorbed the report we wrote for him back in 2006, in which we warned of the possibility of a ‘technological lock-in’ and is building on it in a serious and creative way.

Thomas is clear in the interview that government plans are ‘excessive’ and so much so that they ‘risked undermining democracy’. With Thomas now joined in his stance by eminent critics like the House of Lords Constitution Committee, former MI5 chief, Stella Rimington and most recently, former far-from-liberal Home Secretary, David Blunkett, as well as just about all media and academic opinion, it seems difficult to see how the government can continue to claim that its plans are in any way credible. Labour is now obviously isolated, unpopular and wrong on surveillance. This needs more than token gestures like the resignation of the Home Secretary, Jacqui Smith (she has other reasons why she should resign anyway), it needs some real soul-searching and a complete reconsideration of the direction in which the government is heading. Labour simply needs to admit that it has been wrong on this and to develop some more credible plans which recognise that real security protects liberties rather than undermining them in the name of security.

David Blunkett Attacks Surveillance!

I know. Pause. Take a deep breath…

You read it right. The former UK Home Secretary, with a reputation as one of the most authoritarian of recent years (though it is hard to chose in that regard), will condemn the growth of surveillance in a speech at the University of Essex today. He will also, according to Tom Young at VUnet, call for the ID card scheme (which he introduced!) to be scrapped, and for the information-sharing powers that were hidden in the new Coroners and Justice Bill, to be reduced. He also argues that the latter will happen as he knows the Justice Minister, Jack Straw, recognises the problem.

I don’t know whether to laugh or cry. Certainly it is fantastic when a prominent figure like this changes their mind and is prepared to admit that they were wrong, I just wish that sometimes they listened to the arguments against what they were doing when they were in office. In addition, of course Blunkett spent several years after leaving office writing very strong pro-surveillance, pro-ID card pieces for the populist, right-wing tabloid newspaper, The Sun, and is (or was) according to the Register of House of Commons Members Interests, paid £25-30,000 ($35-40,000 US) as the Chair of the International Advisory Committee of Entrust Inc., a company that works on digital certification and Internet surveillance, and which was involved in consortia for the ID card contract. Perhaps they have had enough of him.

But let’s hope he really has had a genuine change of heart.

German Corporations in Trouble over Surveillance

t seems that there is a mood in Germany for much stronger action, and a growing awareness that the country cannot, unlike in the UK at present, or indeed Germany in its own recent past, be allowed to slip into a situation in which surveillance becomes normal…

There is a major ongoing storm in Germany over the behaviour of its major corporations in spying on workers. There is a nice summary news report from the BBC which you can watch here.

The newest scandal emerged in January when it was revealed that the railway company, Deutsche Bahn, had conducted surveillance operations against thousands of its staff, both workers and management, possibly over years. The operations, with names like ‘Squirrel’, involved all kinds of intrusive internal espionage including tracking family members. The company’s aim was apparently to do with corruption and links to other rival corporations but the management have now admitted they went too far.

Internal security was also the reason behind the massive surveillance operations at Deutsche Telekom, the communications giant, possibly dating back to 2000. Here journalists and managers were targeted by a private detective agency. And of course then there was last year’s scandal over the way that the Lidl supermarket chain created a kind of Stasi-style operation at many of its stores and warehouses in Germany and the Czech Republic with secret cameras and operatives making detailed notes on the movements (especially toilet breaks) of its employees. According to The Guardian, the level of personal detail recorded by the store was incredible, one entry read: “Frau M wanted to make a call with her mobile phone at 14.05 … She received the recorded message that she only had 85 cents left on her prepaid mobile. She managed to reach a friend with whom she would like to cook this evening, but on condition that her wage had been paid into her bank, because she would otherwise not have enough money to go shopping.”

In the BBC report, the conclusion seems to be that better data protections laws are needed. Certainly this is true. But the cases involving corporations are important because they provide clear and comprehensible examples of how people ‘with nothing to hide’ can be targeted anyway and do have to be worried. There are enough of them too to show that this is not a series of isolated cases, but a part of a ‘culture of surveillance’. However it seems that there is a mood in Germany for much stronger action, and a growing awareness that the country cannot, unlike in the UK at present, or indeed Germany in its own recent past, be allowed to slip into a situation in which surveillance becomes normal. This means more than stronger DP, it means not allowing corporations and government to reduce fundamental liberties with arguments about ‘exceptions’. There seems to be growing awareness from the strong German Trades Unions in particular about this, we will see if this translates into wider social, and state, action.

Facebook, Privacy and the follies of youth

It is hard to say anything about Facebook that hasn’t been said elsewhere. Of course, the decision to reverse its attempt to change its terms, which would have made it nigh on impossible for members to remove material they had posted, is a good one. Effectively what it would have done is made Facebook the owner of all personal data posted on the site.

The campaign against it was of course organised through Facebook groups! That in itself should have been enough to persuade Facebook’s young owners of the power and passion generated by the system they had created. But I don’t think they really do understand it, or indeed very much about the implications of what they are doing at all. I mentioned their youth. Last time Facebook got into trouble, it was because of comments made by their ‘Marketing Director’ (age: 24) at Davos, which were (apparently erroneously) taken by the press to indicate that Facebook was going to sell personal data.

Now, I know that it’s not cool and probably won’t make me popular to knock youth at a time where youth is everything (despite the fact that the word is ageing) – Fast Company last month had snowboarder Shaun White as its cover star in a story full of fawning admiration about how rich he had become by telling big companies about the youth market. But at least White seems to have his head screwed on – maybe it’s a class thing? Facebook’s owners on the other hand need to grow up a bit. They need to learn a bit more about the value of some rather old-fashioned fundamental rights, particularly privacy, and strop treating the system they have created as the personal spare-time sophomore project as which it began. I think that they just didn’t appreciate how people would view their proposals.

There is a serious issue here. Privacy is something that you only start to truly truly understand as you get older. Partly this is because your mistakes and your secrets get more serious and more potentially damaging as you get older! But, as I have said before, most of those are nobody’s business but your own and no-one benefits from forced transparency – honesty and conscience are also profoundly personal matters. It has been argued that the ‘youthfulness’ of the Net has encouraged a general carelessness with privacy. I am not sure that is entirely true, as Facebook users have shown – they care. But it’s the careless and – let’s face it – privileged youth of many of these new entrepreneurs, the fast companies, which is more concerning. Most are not success stories from the wrong side of the tracks, who have learned ‘the hard way’.

The threat of legal action from EPIC, which was preparing to take them to the Federal Trade Commission might have concentrated minds in this regard. Maybe it was just the threat itself – EPIC have a strong record in these kinds of cases and have taken down Microsoft and Doubleclick. However I would like to think that the arrogance and energy of youth might be tempered with a bit more maturity and consideration in the future. If only, as I’ve said before, because Facebook is no longer a fresh young company in Web 2.0 terms and could easily be eclipsed by the next big thing. Perhaps they can hire someone more ‘real’ like Shaun White to tell them how privacy rights and user control of information would be like, totally rad, dude…

Woah man, I am so stoked about privacy... (Shaun White, not actually advising Facebook on privacy, pictured for Fast Company)

On a more serious note, EPIC put a lot of time and money into protecting privacy in the USA and they do a damn good job, and in cases like that of Facebook they are having a positive affect the world over, so give them some money!