ID cards – Page 2

At the IT Strategic Headquarters

Yesterday we visited the Prime Minister’s IT Senryaku Honbu (IT Strategic Headquarters). (This has actually been the only national-level government agency that has agreed to speak to us, and some of the reasons for refusal have been rather telling, not least that of Houmusho (the Ministry of Justice), which claimed that they had nothing to do with privacy and so on, which betrays a level of ignorance about the effects of their own policies that is probably more the result of bureaucratic sectionalism and literalism than anything else but is nevertheless interesting!). The IT Strategic HQ is responsible for developing the ‘i-Japan’ strategy, the latest incarnation of what has at various times been called ‘Information Society Japan’ and ‘e-Japan’ policy. They are also the agency that wrote the most recent Japanese data protection laws, which I wrote about a couple of weeks ago.

We were treated to a prepared presentation on the latest incarnation of the i-Japan strategy, in which the ‘i’ seems to stand for ‘inclusion’ and ‘innovation’ but not apparently for ‘interactive’, which one might expect from its use elsewhere in computing. However it was the brief interview we had afterwards that was more enlightening.

In short, the government has acknowledged that what they originally wanted out of juki-net has failed due to opposition, despite the supreme court victory that ruled that the current cut-down version was constitutional. However, as Kanshi-no! argued, they are not going to back down that easily. The movement towards the creation of centralised government databases will continue, and there most likely will eventually be a fully configured identification system (and card) and rather alarmingly, the new i-Japan strategy makes it quite clear that laws that currently prevent this from happening will simply be changed or removed. They do not want opposition groups, nor indeed the current global recession, to be able to hold up or change these plans.

However the main thrust of development of centralised databases has shifted away from juki-net and the jyuminhyo (residents’ registration) system, towards national insurance, health and pensions. This is, as the agency than runs juki-net, Lasdec, suggested to us – and I am now beginning to think that this suggestion was rather more of a loaded hint than I had first thought – by far the most data-rich area of government records and therefore in many ways more suitable for being the basis of an architecture of central registration and identification. The database that the government intends to create in this area will also have the possibility for citizens to add in (voluntarily, they say), information from private sources, such as bank account and other financial details. Of course this could be more ‘convenient’ in terms of benefits and taxes, but it also puts an enormous amount of previously private data in the government’s hands and presents a huge temptation to identity fraud and theft from both outside and, more importantly inside the state bureaucracy (and let’s not forget, most identity fraud is an inside job).

It gets more worrying still as despite the advanced stage of these plans, the government has apparently still not decided exactly who will have access to this database, and the police in particular, as well as private insurance companies, are still considered as potential users. It seems that although the IT Strategic HQ might have developed data protection in Japan but they do not appear to understand its principles of necessity, proportionality and consent – indeed I asked them about these principles and they really had no serious reply. Instead they claimed that people in Japan wanted to have these central databases because the current fragmented system had led to poor security and data losses, and in any case, ageing society and the pensions crisis meant this had to be done. I have noticed that in Japan, ‘ageing society’ like ‘terrorism’ in the UK, seems to have become the spectre evoked to silence potential criticism.

There are many other issues too: the government is also trying to introduce a voluntary system of Electronic Health Records (EHR), but this is not as developed as the Connecting for Health centralised database that is still experiencing significant problems in its introduction in the UK; and there are some rather less controversial social inclusion measures included the provision of computers for schools and so on. However my overall impression after leaving the IT Strategic HQ was of a government that was determined to press ahead with centralised collection and control of personal information regardless of the views of citizens or of whether it is really necessary even to achieve the policy aims they have. And this won’t change as the result of a change in government either. If, as seems likely, the Liberal Democratic Party (LDP or Jyuminshuto) are voted out, the Democratic Party of Japan (DPJ or Minshuto) which will succeed them, has already said that it will create a central database.

(Thank-you to the officials of the IT Strategic Headquarters for their time).

A juki-net footnote

I had a conversation yesterday (not a formal interview) with Midori Ogasawara, a freelance journalist and writer who used to report on privacy issues for the Asahi Shimbun newspaper. This was mainly to set up further interviews with those who are or were involved with campaigns on surveillance and privacy issues in Tokyo. However I also managed to clarify a few of my own questions about juki-net and the opposition which it attracted.

In short, there seem to have been several objections.

First of all was the objection to the idea of a centralised database, which was able to link between other previously separate databases.
Secondly, there was the fact that this was the national state asserting authority over both local government and citizens. Both Local Authorities and citizens groups had argued for ‘opt-in’ systems, whereby firstly, towns could adopt their own policies towards juki-net, and secondly and more fundamentally, individual citizens could decide whether they wanted their details to be shared.
The third objection was to there being a register of addresses at all. Many people saw this simply as an unnecessary intrusion onto their private lives, and in any case, the administration of welfare, education and benefits worked perfectly well before this (from their point of view) so why was such a new uniform system introduced?
Next there were objections based on what was being networked. The jyuminhyo (see my summary from the other day) is not actually a simple list of individuals and where they live, but is a household registry. It might not, like the koseki, place the individual in a family line, but is still a system based on patriarchal assumptions, with a designated ‘head’ of the household, and ‘dependents’ including wives and even adult children.
Finally, there was the question of the construction of an identification infrastructure. Whether or not juki-net is considered as an identification system, and it does have a unique identifying number for each citizen, and has the potential to be built on to create exactly such a comprehensive system of national identification. Lasdec, who we talked to the other day, may not approve of this, or believe it will happen, but they are only technicians, they are not policymakers and don’t have the power or the access to know or decide such matters. And in the end, if they are required by law to run an ID system then they will have to run it.
There were, as I already mentioned, objections to the potential loss or illicit sharing of personal information. I don’t think this is intrinsic to juki-net, or indeed to database systems, but of course both databases and networks make such things easier. People are also quite cynical about promises of secure systems. Lasdec may say that that juki-net is secure, but there have been enough incidences of government data leaks in the past for people not to accept such assertions.
Finally, Juki-net connects to the border, passport and visa system. The reason that foreigners will finally be included on the jyuminhyo (and therefore juki-net) from 2012 is not therefore to respond to long-term foreign residents’ requests for equal treatment but in fact to make it even easier to sort out and find gaikokujin, check their status, and deal with unofficial and illegal migrants. Groups campaigning for the rights of foreign workers (mainly the exploited South-East Asian and Brazilian factory workers) have therefore been very much involved. Of course it also makes it possible to connect the overseas travel of Japanese people to a central address registry.

I’ll be meeting Midori again soon, I hope, along with other researchers and objectors. I am also still hoping to be able to talk to officials from the Homusho (Ministry of Justice) and the Somusho (Ministry of Public Management, Home Affairs, Posts & Telecommunications), but they are are currently passing around my request to different offices and generally delaying things in the best bureaucratic traditions!

Identification in Japan (Part 2): Juki-net

As I mentioned yesterday, one of the big developments in state information systems in Japan in recent years has been the development of the jyuminkihondaichou network system (Residents’ Registry Network System, or juki-net). Very basically juki-net is a way of connecting together the 1700 (recently restructured from 3300) local authorities’ residents’ registries (jyuminhyo). These are a record of who lives in the area and where, that are held on a multiplicity of different local computer (and even still, paper) databases. Japanese government services are always struggling to catch up with massive and swift social changes, particularly the increased mobility of people, that made first the Meiji-era koseki (family registers) and then the disconnected local jyuminhyo (which were both themselves introduced to deal with earlier waves of increased social and spatial mobility) inadequate.

Operational from 2002, juki-net is restricted by law to only transmitting four pieces of personal data (name, sex, date-of-birth and address), plus a randomly-generated 11-digit unique number. Nevertheless, the system was strongly opposed and has sparked multiple legal challenges from residents’ groups who did not want to be on the system at all, and who considered the risk of data leakage or privacy violation to be too great for the system to be lawful. These challenges were combined together into one class-action suit, which finally failed at the highest level, the Supreme Court, in March 2008. The court ruled that juki-net was constitutional and there was no serious security risk in the system itself but according to some analysts did not address the possibility of mistakes being made by operatives. But this would seem to me to be a problem of data protection in general in Japan, rather than an issues that is specific to juki-net. Like Brazil, but unlike Canada and the UK for example, Japan has no independent watchdog agency or commissioner for safeguarding privacy or kojin deta (personal data), and other than internal procedures, the courts are the citizen’s only recourse. In any case, as Britain’s comparatively frequent incidence of data loss by public authorities shows, even having such a system does not necessarily make for better practice. There is in Japan, as in Britain, training and advice in data protection provided by a specialist government information systems agency.

We interviewed officials at that government agency, Lasdec (the Local Authorities Systems Development Centre) today. Lasdec also developed and runs juki-net and is responsible for the new jyuminhyo / juki-net card that enables easy access to local (and some national) services via the web or ATM-like machines at local government offices. Unsurprisingly they were quite bemused by the opposition to juki-net, which they say was based on a lack of understanding amongst citizens about what it was, and a general fear of computers and databases. They argued that many people (including one or two local authorities) had the impression juki-net was, or was planned to be, an extensive database of all personal information held by different parts of the government, or even was the basis for a new system of national identification or indeed was a new system of national identification – indeed that was the impression one got from reading both Japanese and foreign civil and cyber-liberties groups’ reports in 2002/2003 with plenty of stories of the new Japanese ‘Big Brother’ system (see the archived collection here for example).

However Lasdec argued that both ideas were incorrect. The officials recognised both that the 11-digit unique number was adapted from a previous failed identification scheme, and that juki-net could in theory become the basis for any proposed future national ID scheme, but this was prevented by the enabling law. In any case juki-net was not even the best existing system on which to base an ID system: passport, driving licence and healthcare databases all had more information and certainly information with higher levels of personal identifiability – and no-one seems to be objecting the amount of information contained on the driving licence system, for example. Juki-net has no photos or other biometric data and no historical information. Likewise the residents’ card can have a photo if the resident wishes, but this is not shared through juki-net, and in fact the card itself is entirely voluntary. In addition, only in one city has take-up of the card exceeded more than 50% of the adult population (Lasdec has detailed information on take-up but only published a ‘league table’ without percentages). You also do not lose anything by chosing not to have or use the card.

The officials at Lasdec were, as with many technical and systems engineers in both public and private sectors whom I have interviewed, far more aware of privacy, data protection and surveillance issues than most politicians and mainstream (non-technical) government officials. They did not shy away from the terms kanshi (surveillance) or kanshi shakai (surveillance society) and indeed were as critical of the unregulated spread of things like CCTV in public space as many activists. They saw themselves in fact as controllers of information flow as much as facilitators. They were committed to the minimalist model of information-sharing set out by the law governing juki-net and wanted to find always the ways that information that was necessary to be shared could be shared without the creation of central databases or the exchange of additional unnecessary information. In addition, new laws came into force (in 2006), which make the residential information more private than it was before. In fact, such local registers used to be entirely public (anyone could access them), and now they are far more restricted – this only seems to have been noticed by direct marketing firms, who of course were not 100% happy with this change.

This puts me into a strange position. I have colleagues here who have been utterly opposed to juki-net, and I have always assumed that it was in some way similar or equivalent to the UK National Identity Register / ID card scheme. However in fact, it seems very similar to the ‘information clearing house’ idea which I and others have proposed for the UK, in opposition to the enormous NIR which would seem to suck in every kind of state-held information on the citizen! In addition juki-net does not require any more information from the Japanese citizen than is already held by the state, again unlike the NIR in the UK, for which multiple new forms of information are being requested by the state and indeed there are fines, and ultimately prison sentences, proposed by law for refusal to give up or update such information. In contrast, juki-net is more like the electoral register in the UK, to which hardly anyone objects.

This all makes me wonder exactly what it is that provoked such vociferous opposition to juki-net. If it is a actually or potentially repressive surveillance system, somewhat like Barthes’ famous description of Tokyo, it is one with an empty centre; there is no ‘Big Brother’ only a rather well-meaning set of bespectacled technicians who are just trying, as they see it, to make things work better so that people don’t have to keep proving who they are every time they move to a new area. Perhaps there are particular cultural and political factors (that is after all the working hypothesis of this entire project – and perhaps in making assumptions about both systems and oppositions across borders we obscure the specifics). Perhaps it is the association of the 11-digit number with previous proposed ID schemes. Perhaps, as in Germany, in new government information systems, there are resonances with older systems of identification and control that hark back to more repressive, fascist, times. Or perhaps there is a general cynicism of successive government ‘information society’ / ‘e-Japan’ / ‘i-Japan’ strategies and initiatives, each of which promise empowerment and in practice deliver more bureaucracy. These are some questions I need to explore further with other officials academics and activists.

Identification in Japan (Part 1)

Just as I did in Brazil, I am going to be looking a little at the way in which systems of government information and identification work in Japan.

One of the immediately obvious things is that Japan has no national system of ID cards. Instead, as in the UK, the Driving Licence is used as a de-facto ID. The Japanese Driving License until recently was rather like that in Brazil, in that it connected to individual strongly to the family though carrying the honseki, the address where the koseki (family registration) was registered. However, this section can now be left blank and may be removed altogether in the future. The current driving license has a photo but no other biometric data, and whilst being a plastic card with a credit card form factor, is not any kind of smart card. There’s a really nice photo-essay on the process of obtaining a Japanese driving license on super-otaku, Danny Choo’s site.

The koseki is a very traditional way of registering people based on their family’s place of origin or residency and can often stretch back many generations with details of parents, grandparents etc. The individual is no more than one name on this register. The koseki is simply a computer record these days, although paper print-outs are used in more formal identification procedures, but very few people carry a copy of their koseki around with them.

In addition to the koseki, there is a jyuminhyou (Residents’ Register), a current address register, which every local authority keeps. As with the koseki, there was an associated old paper certificate for many years. In 1999, the old Resident Registration Law was updated and came into effect in 2002 and this included a provision to introduce a voluntary Resident Registration Card. This is a smart card, and is supposed to make access to local services easier, though some see it as a precursor to a full national ID-card scheme, especially as from 2004 the card could also be used to do other things online, like tax-returns. The suspicions are also because of the way in which the card as introduced along with a new system for connecting up all the local authority residents’ registry systems in Japan, juki-net. I’ll write more about this tomorrow as we are going to talk to the official responsible for the implementation of the card and juki-net at Lasdec, the Local Authorities Systems Development Center.* On Friday afternoon, I will also be meeting up with Ogasawara Midori, a freelance journalist who specialized in covering the juki-net controversy and is also a former student of my future boss, Professor David Lyon.

There is of course an exception to the lack of national ID. Foreign residents often get very upset that they are forced to carry the gaikokujin touroku shoumeisho (Certificate of Alien Registration). This is seen as discriminatory and it is particularly so in the case of families who are identified by the state as ‘Korean’ or ‘Chinese’, whose increasingly distant ancestors came from those countries. The gaikokujin touroku shoumeisho was also particularly controversial as it included fingerprinting requirements for Koreans and Chinese that were seen as a product of the colonial period, but which were only removed in 1999. But then, following on from reactions to 9/11, and G8 plans for standardized biometric passports and visas, they were reintroduced in 2007 along with fingerprinting and facial photographs of all foreigners at the border. In one small progressive step however, permanent Korean and Chinese residents would not have the ‘colonial stigma’ reintroduced.

Foreigners are also not included on the jyuminhyou except at the discretion of local officials, although indications are that they will be included from 2012 when the system in further rationalised, although it is probably down to the campaigns for change from naturalised and long-term foreign residents like Ardudou Debito.

*Although as I am also going ‘out on the town’ with an important figure in Shinjuku urban planning (and regular in the Golden Gai stand-up bar neighbourhood), I might not get round to writing this sequel up until Friday morning.

Resident Registration Card

India to issue biometric ID cards

According to The Times (and many other sources), this week, India is to create a central database, a unique identification number and biometric ID cards for all of its citizens. The scheme will be run by the newly-created Unique Identification Authority and cost an estimated £3 Billion (or around $5 Billion US).

As in Brazil, there is a felt need for such a system because of the proliferation of IDs and the dangers of anonymity and invisibility in a society where this can be a life or death issue. None of this, of course, means that the particular measures chosen will achieve their aims or will not create other problems. The Times with predictable journalistic cliche, calls this the largest Big Brother scheme in the world and the leader of the project is talking about a “ubiquitous online database” . However, it is rather difficult to see how it will be anything like that when most of India’s chaotic multi-level bureaucracy, especially at local level, still ‘works’ on the basis of paper-based filing systems.

There are suggestions too that this has purposes in crime-fighting and anti-terrorism, although the Indian government website on the scheme makes no such claims (which have in any case been discredited in the discussion about the proposed UK National Identity Register and ID card). It instead focuses on how ‘the Unique ID will be helpful in reducing identity related fraud and allow only targeted people to get the benefits from the government’ (MIT website).

Discussions on listservs has also served to question claims made in The Times article. The paper talks about ‘1.2 Billion’ people being enrolled, but in fact the scheme would only cover over-18s, which would be less than 2/3 of that number It also seems unclear exactly how the cards will be biometric. If it is just a photograph and fingerprint, this would be much the same as the Brazilian scheme. Of course the UK had more ambitious plans, but these were scrapped due to cost and reliability concerns.

Japan, where I am now, has instituted its own central database, and unique ID number, juki-net, and I will be talking to one of the people responsible for dealing with the technology that enables local governments to use the system this coming week…

(Thanks to John Bredehoft for pointing out the problem with the figures).

Sport and Surveillance: new Brazilian football fans ID

Sport and surveillance might not seem the most closely linked topics, but there are intersections and these are increasing in number. Sports ‘mega-events’ are often the trigger for surveillance surges, with the introduction of new technologies and practices. Because of the use of drugs and other medical techniques to illicitly aid performance the practice of sport is now a subject of constant suspicion and the body of sportspeople are the sites of intense scrutiny (drugs testing, biological passports etc.). And finally, sports fans are subject to all kinds of controls and monitoring.

In this last area, the Brazilian government has recently announced a national ID card scheme for football fans… this is of course in addition to the new national ID card that everyone in Brazil will have to carry anyway.

However, in common with many commentators here, Brazilian football researcher, Oliver Seitz, does not believe the plan will or should happen. He makes a penetrating comparison to the very similar proposals in the UK in the 1980s and also notes that, whatever the problems of violence in Brazilian stadiums, they are not the main problem, which is the crumbling and unsafe infrastructure of football stadia. The one recent tragedy in Brazilian football, when 7 fans died after falling through rotten seating at Fonte Nova, he says “only happened because the stadium was literally falling to pieces. In that situation, the identification wallet it would not have saved the victims”.

He is quite right. As usual this appears to be a case of a technological ID solution to a problem that has nothing to do with what identification. To paraphrase Seitz’s conclusion, Brazilian supporters are treated like animals, so they behave like animals, and under this plan, it will be no different, except that they will be officially identified animals!

(Thanks to a dedicated Corinthians fan, Rodrigo Firmino, for this story – which is one with which I am catching up after my holiday!)

David Blunkett Attacks Surveillance!

I know. Pause. Take a deep breath…

You read it right. The former UK Home Secretary, with a reputation as one of the most authoritarian of recent years (though it is hard to chose in that regard), will condemn the growth of surveillance in a speech at the University of Essex today. He will also, according to Tom Young at VUnet, call for the ID card scheme (which he introduced!) to be scrapped, and for the information-sharing powers that were hidden in the new Coroners and Justice Bill, to be reduced. He also argues that the latter will happen as he knows the Justice Minister, Jack Straw, recognises the problem.

I don’t know whether to laugh or cry. Certainly it is fantastic when a prominent figure like this changes their mind and is prepared to admit that they were wrong, I just wish that sometimes they listened to the arguments against what they were doing when they were in office. In addition, of course Blunkett spent several years after leaving office writing very strong pro-surveillance, pro-ID card pieces for the populist, right-wing tabloid newspaper, The Sun, and is (or was) according to the Register of House of Commons Members Interests, paid £25-30,000 ($35-40,000 US) as the Chair of the International Advisory Committee of Entrust Inc., a company that works on digital certification and Internet surveillance, and which was involved in consortia for the ID card contract. Perhaps they have had enough of him.

But let’s hope he really has had a genuine change of heart.

Come to Britain and we will fingerprint your kids…

Last week I mentioned the approval of the biometric passports scheme by the European Parliament, and that there were several countries that planned to fingerprint children under the age of 12 despite the legal, ethical and technical problems with this.

However, what I didn´t mention is that – surprise, surprise – Britain is one of the countries that does fingerprint kids, and indeed it has already been fingerprinting foreign children resident in Britain as young as 6. As Privacy International´s Gus Hossein argues on The Guardian´s Comment is Free website, the UK government claims that this is only bcause the EU has forced this upon them when in fact it was the UK government that forced the EU into adopting that position in the first place!

Now, as I mentioned, the European Parliament has pushed the age limit upwards, but will this make any difference to the UK Home Office? Given that the Home Office is still ´carefully considering´ its responce to the kicking it received from the European Court of Human Rights over the taking and retention of the DNA of 857,000 children, I wouldn´t bank on it.

Identity and Identification in Brazil (continued)

…the Brazilian driving licence is a goldmine of personal information…

I spent a little while over the last couple of days examining the actual material identity documents currently required in Brazil. Here are some pictures with a little explanation. There will be a lot more in the final article!

The first is the simplest but in many ways the most important to life-chances. This is the Cadastro de Pessoas Físicas (CPF) (Register of Physical (or Natural) Persons) card (or Taxpayer’s Card).

‘Pessoas Físicas’ is a a piece of legalese that is draws a distinction between humans and other ‘legal persons’, like corporations or governments. The CPF number is issued to all those who pay tax and is essential if one wants any formal work. The actual document is a blue plastic card like old-style credit cards, which also has a machine readable magnetic strip on the back.

The number is also required for many other government transactions, and it is, apparently a major disaster if you lose the card, or if for some reason, your CPF number is rescinded (which can happen if you don’t pay tax in Brazil for more than a year, for example if you are abroad, without explanation). Many people who live in the favelas, and who are involved in the shadow economy do not have a CPF, which is a severe obstacle to social inclusion.

The second document is the Registro Geral (General Registry) (ID) card, a double-sided piece of thick paper, just larger than a credit card. It is oriented vertically at the front and horizontally at the back.

As I noted in the first post I made on this subject, the RG card cross-references the CPF and also birth certification (it lists the full names of both mother and father and city and state of origin). This card is the one that is being replaced by the new RIC smartcard ID system.

Finally, we have the Carteira Nacional de Habilitação, the driving licence which, despite its name, is issued at state rather than national-level. The colour and format differs from state-to-state, however they all have pretty much the same level of information (a lot!) and cross-identification with other forms of ID. This one is from Paraná, which is a paper usually folded in half horizontally. It is specifically forbidden to laminate it.

The Brazilian driving licence is a goldmine of personal information. Partly this is because the licence had been intended to be a unifying piece of identification (a practice typical of ‘autocentric’ cultures!), containing all the information on both the CPF card and the RG card, and more. This will now not be the case following the issuing of the new RIC cards, so it will be interesting to see if the quantity of information on these licences will be reduced or, if not, what the justification will be for having this much visible personal information on one paper document.