Identification in Japan (Part 2): Juki-net

As I mentioned yesterday, one of the big developments in state information systems in Japan in recent years has been the development of the jyuminkihondaichou network system (Residents’ Registry Network System, or juki-net). Very basically juki-net is a way of connecting together the 1700 (recently restructured from 3300) local authorities’ residents’ registries (jyuminhyo). These are a record of who lives in the area and where, that are held on a multiplicity of different local computer (and even still, paper) databases. Japanese government services are always struggling to catch up with massive and swift social changes, particularly the increased mobility of people, that made first the Meiji-era koseki (family registers) and then the disconnected local jyuminhyo (which were both themselves introduced to deal with earlier waves of increased social and spatial mobility) inadequate.

Operational from 2002, juki-net is restricted by law to only transmitting four pieces of personal data (name, sex, date-of-birth and address), plus a randomly-generated 11-digit unique number. Nevertheless, the system was strongly opposed and has sparked multiple legal challenges from residents’ groups who did not want to be on the system at all, and who considered the risk of data leakage or privacy violation to be too great for the system to be lawful. These challenges were combined together into one class-action suit, which finally failed at the highest level, the Supreme Court, in March 2008. The court ruled that juki-net was constitutional and there was no serious security risk in the system itself but according to some analysts did not address the possibility of mistakes being made by operatives. But this would seem to me to be a problem of data protection in general in Japan, rather than an issues that is specific to juki-net. Like Brazil, but unlike Canada and the UK for example, Japan has no independent watchdog agency or commissioner for safeguarding privacy or kojin deta (personal data), and other than internal procedures, the courts are the citizen’s only recourse. In any case, as Britain’s comparatively frequent incidence of data loss by public authorities shows, even having such a system does not necessarily make for better practice. There is in Japan, as in Britain, training and advice in data protection provided by a specialist government information systems agency.

We interviewed officials at that government agency, Lasdec (the Local Authorities Systems Development Centre) today. Lasdec also developed and runs juki-net and is responsible for the new jyuminhyo / juki-net card that enables easy access to local (and some national) services via the web or ATM-like machines at local government offices. Unsurprisingly they were quite bemused by the opposition to juki-net, which they say was based on a lack of understanding amongst citizens about what it was, and a general fear of computers and databases. They argued that many people (including one or two local authorities) had the impression juki-net was, or was planned to be, an extensive database of all personal information held by different parts of the government, or even was the basis for a new system of national identification or indeed was a new system of national identification – indeed that was the impression one got from reading both Japanese and foreign civil and cyber-liberties groups’ reports in 2002/2003 with plenty of stories of the new Japanese ‘Big Brother’ system (see the archived collection here for example).

However Lasdec argued that both ideas were incorrect. The officials recognised both that the 11-digit unique number was adapted from a previous failed identification scheme, and that juki-net could in theory become the basis for any proposed future national ID scheme, but this was prevented by the enabling law. In any case juki-net was not even the best existing system on which to base an ID system: passport, driving licence and healthcare databases all had more information and certainly information with higher levels of personal identifiability – and no-one seems to be objecting the amount of information contained on the driving licence system, for example. Juki-net has no photos or other biometric data and no historical information. Likewise the residents’ card can have a photo if the resident wishes, but this is not shared through juki-net, and in fact the card itself is entirely voluntary. In addition, only in one city has take-up of the card exceeded more than 50% of the adult population (Lasdec has detailed information on take-up but only published a ‘league table’ without percentages). You also do not lose anything by chosing not to have or use the card.

The officials at Lasdec were, as with many technical and systems engineers in both public and private sectors whom I have interviewed, far more aware of privacy, data protection and surveillance issues than most politicians and mainstream (non-technical) government officials. They did not shy away from the terms kanshi (surveillance) or kanshi shakai (surveillance society) and indeed were as critical of the unregulated spread of things like CCTV in public space as many activists. They saw themselves in fact as controllers of information flow as much as facilitators. They were committed to the minimalist model of information-sharing set out by the law governing juki-net and wanted to find always the ways that information that was necessary to be shared could be shared without the creation of central databases or the exchange of additional unnecessary information. In addition, new laws came into force (in 2006), which make the residential information more private than it was before. In fact, such local registers used to be entirely public (anyone could access them), and now they are far more restricted – this only seems to have been noticed by direct marketing firms, who of course were not 100% happy with this change.

This puts me into a strange position. I have colleagues here who have been utterly opposed to juki-net, and I have always assumed that it was in some way similar or equivalent to the UK National Identity Register / ID card scheme. However in fact, it seems very similar to the ‘information clearing house’ idea which I and others have proposed for the UK, in opposition to the enormous NIR which would seem to suck in every kind of state-held information on the citizen! In addition juki-net does not require any more information from the Japanese citizen than is already held by the state, again unlike the NIR in the UK, for which multiple new forms of information are being requested by the state and indeed there are fines, and ultimately prison sentences, proposed by law for refusal to give up or update such information. In contrast, juki-net is more like the electoral register in the UK, to which hardly anyone objects.

This all makes me wonder exactly what it is that provoked such vociferous opposition to juki-net. If it is a actually or potentially repressive surveillance system, somewhat like Barthes’ famous description of Tokyo, it is one with an empty centre; there is no ‘Big Brother’ only a rather well-meaning set of bespectacled technicians who are just trying, as they see it, to make things work better so that people don’t have to keep proving who they are every time they move to a new area. Perhaps there are particular cultural and political factors (that is after all the working hypothesis of this entire project – and perhaps in making assumptions about both systems and oppositions across borders we obscure the specifics). Perhaps it is the association of the 11-digit number with previous proposed ID schemes. Perhaps, as in Germany, in new government information systems, there are resonances with older systems of identification and control that hark back to more repressive, fascist, times. Or perhaps there is a general cynicism of successive government ‘information society’ / ‘e-Japan’ / ‘i-Japan’ strategies and initiatives, each of which promise empowerment and in practice deliver more bureaucracy. These are some questions I need to explore further with other officials academics and activists.

Identification in Japan (Part 1)

Just as I did in Brazil, I am going to be looking a little at the way in which systems of government information and identification work in Japan.

One of the immediately obvious things is that Japan has no national system of ID cards. Instead, as in the UK, the Driving Licence is used as a de-facto ID. The Japanese Driving License until recently was rather like that in Brazil, in that it connected to individual strongly to the family though carrying the honseki, the address where the koseki (family registration) was registered. However, this section can now be left blank and may be removed altogether in the future. The current driving license has a photo but no other biometric data, and whilst being a plastic card with a credit card form factor, is not any kind of smart card. There’s a really nice photo-essay on the process of obtaining a Japanese driving license on super-otaku, Danny Choo’s site.

The koseki is a very traditional way of registering people based on their family’s place of origin or residency and can often stretch back many generations with details of parents, grandparents etc. The individual is no more than one name on this register. The koseki is simply a computer record these days, although paper print-outs are used in more formal identification procedures, but very few people carry a copy of their koseki around with them.

In addition to the koseki, there is a jyuminhyou (Residents’ Register), a current address register, which every local authority keeps. As with the koseki, there was an associated old paper certificate for many years. In 1999, the old Resident Registration Law was updated and came into effect in 2002 and this included a provision to introduce a voluntary Resident Registration Card. This is a smart card, and is supposed to make access to local services easier, though some see it as a precursor to a full national ID-card scheme, especially as from 2004 the card could also be used to do other things online, like tax-returns. The suspicions are also because of the way in which the card as introduced along with a new system for connecting up all the local authority residents’ registry systems in Japan, juki-net. I’ll write more about this tomorrow as we are going to talk to the official responsible for the implementation of the card and juki-net at Lasdec, the Local Authorities Systems Development Center.* On Friday afternoon, I will also be meeting up with Ogasawara Midori, a freelance journalist who specialized in covering the juki-net controversy and is also a former student of my future boss, Professor David Lyon.

There is of course an exception to the lack of national ID. Foreign residents often get very upset that they are forced to carry the gaikokujin touroku shoumeisho (Certificate of Alien Registration). This is seen as discriminatory and it is particularly so in the case of families who are identified by the state as ‘Korean’ or ‘Chinese’, whose increasingly distant ancestors came from those countries. The gaikokujin touroku shoumeisho was also particularly controversial as it included fingerprinting requirements for Koreans and Chinese that were seen as a product of the colonial period, but which were only removed in 1999. But then, following on from reactions to 9/11, and G8 plans for standardized biometric passports and visas, they were reintroduced in 2007 along with fingerprinting and facial photographs of all foreigners at the border. In one small progressive step however, permanent Korean and Chinese residents would not have the ‘colonial stigma’ reintroduced.

Foreigners are also not included on the jyuminhyou except at the discretion of local officials, although indications are that they will be included from 2012 when the system in further rationalised, although it is probably down to the campaigns for change from naturalised and long-term foreign residents like Ardudou Debito.

*Although as I am also going ‘out on the town’ with an important figure in Shinjuku urban planning (and regular in the Golden Gai stand-up bar neighbourhood), I might not get round to writing this sequel up until Friday morning.

Resident Registration Card

New report on facial recognition out now

There is an excellent new report on facial recognition now available for free download. The report is written by my one-time co-author on the subject, Lucas Introna of Lancaster University, and new Surveillance & Society advisory board member, Helen Nissenbaum of New York University.

The report is aimed primarily at people who developing policy on, or thinking of commissioning or even using facial recognition and therefore concentrates on the practical questions (does it work? what are its limitations?) however it does not neglect the moral and political issues of both overt and covert use. What is quite interesting for me is how little the technical problems with the systems have changed since Lucas and I wrote our piece back in 2004; the ability of facial recognition to work in real-world situations as opposed to controlled environments still appears limited by environmental and systemic variables like lighting, the size of the gallery of faces and so on.

The report is probably the best non-technical summary available and is perfect for non-specialists who want to understand what is the state-of-the-art in facial recognition and the range of issues associated with the technology. Very much recommended.