Japan IDs All Its Citizens

Edis Krad writes "While RealID in the US is a threat whose implementation is a ways in the future, the Japanese long ago implemented something similar; and there has been very little complaint raised about it. The Juki Net (Residents Registration Network — link in Japanese) has been silently developing since 1992. The system involves an 11-digit unique number to identify every citizen in Japan, and the data stored against that ID covers name, address, date of birth, and gender. Many Japanese citizens seem to be oblivious that such a government-run network exists. Juki Net had a spotlight shone on it recently because a number of citizens around the country sued against it, citing concerns of information misuse or leakage. And while an Osaka court ruled against the system, the Japanese Supreme Court has just ruled it is not unconstitutional, on the grounds that the data will be used in a bona-fide manner and there's no risk of leakage. While there is a longstanding registration system for us foreigners in Japan, what astonishes me is how the government can secretly implement such a system for its citizens, and how little concern the media and Japanese citizens in general display about the privacy implications."

Difference of culture

[pizzach]

It most likely passed through with so few complaints because of how different the culture is there from here. Something like this might seem like the ridiculously obvious thing to do for them. You can't count on very body to think the same as Americans, for better and worse.

Re:Is it that much of a deal?

[wish bot]

I'd say almost everywhere has something like the. In Australia there is a Tax File Number system. You don't HAVE to provided it when say, opening a bank or starting a new job, but if you don't you're simply taxed at the highest rate. IIRC it replaced a plan to have a national ID system, and it seems to be working out pretty well on a privacy level because it is only related to tax and financial aspects, which is where these system are actually needed and useful.

Re:Is it that much of a deal?

[conufsed]

No its not at all. The only people who see your Tax File number are employers, banks/super funds (people who deal with your money), and the tax office. You don't have to supply your TFN to any of them, and you can calim back any extra tack paid when filing your tax return (where you still dont *have* to give you TFN, it just takes longer), although I admit for most people this isnt practical The scary identifier here is your drivers liscense number, the number of times I've had to supply it, had copies taken of it, is used for all sorts of credit things, and yet changes when you move interstate

Re:Is it that much of a deal?

[Anne Honime]

I live in continental Europe and I have an ID card. I know that exactly the same style of ID cards exists in at least Belgium and Germany. Why is it a problem?

Ask the Jews... well, the ones the German government didn't murder, anyway.

In France, the situation was totaly opposite. During WWII, under the authority of René Carmille [wikipedia.org], the SSN was invented to help resistance rise an army if/when the allies would arrive. The germans and french "collaborateurs" never managed to lay their hands on the resulting files, thus had to resort to use many separate police files to hunt after the jews. IDs are only "useful" to nefarious purpose if they link to sensitive data. Name, DOB and gender are not sensitive. But if the governement can then tap into financial records, religion practice, race, sexual orientation, political affiliations, then, it's sure to become a liability.

The ID is not a problem as long as the records kept are accessed on a real "need to know" basis, enforced through a very harsh legislation.

Re:39.296.090-4

[Anonymous Coward]

That's your RG number, which really means nothing at all. I dare you to publish your CPF number (equivalent to a tax number) instead. If you second guess this suggestion then you'll understand the type of concern everyone else is talking about...

Re:Is it that much of a deal?

[Fri13]

Finland and Sweden was ahead in the whole census. Finland and Sweden started census in about middle of year 1600. and year 1750 already had every person in register.
At leat on start of year 2001, Finland and Denmark were only countries on world what could make census just with a computers and there were no need to go by door to door or using a mixed other kind databases together.

And at least on Finland, Civil register includes a lots of other information too than just name, address, phonenumber, education, marriage status. But it includes information of buildings and all kind other stuff what helps to build charts almost everything.

http://www.vaestorekisterikeskus.fi/vrk/home.nsf/www/populationinformationsystem [vaestorekisterikeskus.fi]
http://www.maistraatti.fi/en/index.html [maistraatti.fi]
http://tilastokeskus.fi/index_en.html [tilastokeskus.fi]

And even that Finland collects this kind adata alots, most important thing is that there are laws for individuals to protect their indentity.

Re:theft risk

[arivanov]

It is not the government running the digital key part of the register. There are 3-4 registrars who are authorised to issue it and their procedures are actually publically available and they are subject to regular 3rd party audit as part of their license. This includes the procedures for accessing and using the CA keys. The spec is also totally open. No government quango snake oil like the idiotic UK or US ID projects.

Further to this, most banks have mandated the use of the digital key for electronic banking now and have additional agreements with the registrars. Similarly, besides individual keys, there are also business ones so you can sign contracts with and between companies with them as well.

So the registrars have a very serious vested interest to keep the register in good shape and the CA keys secure. Definitely no government officials sleeping here. This is light years ahead of the target UK and US are putting themselves with their ID projects already. When you look at the UK ID and compare it to scandinavian and the BG one it is not even funny. It is actually sad - how much money will be wasted on a joke.

Re:theft risk

[arivanov]

There are two databases.

One is the government one. It is the same as the taxation and national insurance database, not a separate "yet-another" database like the UK ID project. This is the basis for normal IDs, not the digital ID system.

The digital ID system is privately run by registrars which have won a tender process. Having correct PKI procedures including the human bit was AFAIK part of the tender. It relies on the same unique ID as the government one.

For more details you should really dig around the websites of Infonotary and other digital ID issuers. Based on first hand experience with the UK mess and the BG system I wish the UK had something even remotely approaching the stuff which BG has created.

There are of course reasons for all this. BG was forced to have a working ID system to be able to have visa waivers with Shengen states. UK chose to boycott Shengen instead. And so on. This actually goes way back to the days of the first mainframe clones done in BG.

The best description of UK as far as identity management is concerned is a hippopotamus. Huge mouth, wide open, claiming how good and advanced they are while the bottom is stuck in the thick river mud. When I first came to the UK my first ID was easier to fake than a school ID in Bulgaria. You could copy the stamps with boiled egg and it was not even printed on embossed paper. It was a simple book printed on normal paper which any Eastern European could have copied and faked in 5 minutes. While things have improved since then, not by far. There is a fantastic BBC documentary called "Me and my fake passports" where a russian journo hired by the beeb goes and obtains nearly 20 fake IDs and passports and enters the UK without problem on each of them every time.

US is not much better either and the reason for this is the "not invented here attitude" which assumes for some reason that all IT is done in anglosaxon countries. As far as identity management and use of databases in government the anglosaxon countries are 20 years behind continental Europe. Same as far as privacy and safeguards on data.