Taking the First Step Towards Introducing Standardized Numbers
Toshihiro Enami
Senior Fellow
November 22, 2010 (Monday)
Preamble
Number systems, which have been a pending issue in Japan for many years, have at last begun to move in earnest towards being introduced. After the change of administrations, the Investigative Commission on Social Security and Tax Number Systems, which is in charge of designing number systems, was convened and its interim report was released on June 29. Public opinion was then polled extensively (the deadline was August 16), and, taking those opinions into consideration, the commission plans to come to a decision by the end of the year and to introduce a standardized number system by 2013.
Based on real-world experience with municipalities’ information systems, I have asserted in the past the importance of number systems in Japanese society, and, when Juki Net (the national online citizen ID number system) stirred up anti-number-system movements in 2003, my book calling for the promotion of Juki Net, entitled “What Will Juki Net Change?”, was the only one of its kind. Despite my efforts, however, suits were brought against Juki Net citing invasion of citizens’ privacy, and, unfortunately, politicians and government officials soon began to avoid the topic of number systems altogether. Thereafter, proposals for promoting the necessity of Juki Net were continued steadily by an expert panel of the Japan Productivity Center’s Committee for Promoting Informatization, but the next time numbers systems were given any attention was in 2007, when the pension payment records problem occurred. At the time, the problem was attributed to shoddy bookkeeping on the part of the Social Insurance Agency, but I pointed out that, no matter how careful one’s bookkeeping is, matching data using Japanese names is technologically impossible, and therefore number systems are essential. From that time, the fixed benefits problem also occurred before the Democratic Party, who had clearly stated in their manifest that they would “introduce a standard number system to apply across both tax and social security systems,” took office and a tangible movement towards introducing a new number system began.
Now, the government has invited the public to voice their opinions concerning the interim report on number systems. Based on my experiences since Juki Net of discussions with experts and practitioners alike, I would like to voice my own opinion below on how to address the various points of debate raised by the public.
Issue 1: What will be the range of application?
The interim report first outlines three options for range of application: option A (a Germany-type system: application to tax services only), option B (a USA-type system: application to tax services and social security), option C (a Sweden-type system: application to many areas of public administration).
First of all, presenting these options all of a sudden without any principle or philosophy of standardized numbers which would make clear exactly what they are and the meaning behind their establishment evokes a great sense of unease. Of course, the preface of the opinion questionnaire does touch on the aims of introducing the system, but the technical goals are described with nothing more than a detached tone. As I have claimed in a previous paper, a number system is proof of a new social contract between the country and its people and should therefore be afforded a proper place in Japan’s 100-year master plan.
Number systems are not simply for the purpose of increasing the efficiency of a country’s public administration, they also elucidate the relationship of rights and duties between the country and its people; they should act as a binding social contract for a new age where, as the citizens shoulder their fair share of the duties, the country protects the rights of the citizens. Therefore, number systems should not be applied to limited areas like tax or social security, but should also be applied to a wider range of public administrative areas. For example, municipalities, which come into direct contact with citizens’ everyday lives, should use number systems to protect their way of life. Furthermore, private businesses should use number systems when conducting operations related to citizens’ rights and duties.
Especially in municipalities, exterior data linkages relating to citizens (taxation, pension eligibility, medical insurance, address referral) are carried out in large volumes and at high frequency. If standardized numbers were used in these information checking processes, \100 billion would be saved in costs every year at the base municipality level. Additionally, if standardized numbers were used in a wide range of public administration areas, it would be possible to reduce the number of attached documents necessary for administrative procedures and to improve those procedures which citizens find so onerous. Moreover, by consolidating and using citizens’ information which is kept within the municipality and offering notification-style services, we would be able to protect the way of life of citizens, especially those social underdogs who are unfamiliar with public administrative procedures and who do not understand Japanese very well.
At present, application by private companies has not yet been envisioned, but for operations which relate to citizens’ rights and duties, number systems should be used proactively here as well. For example, there is currently \150 billion in unclaimed welfare pension funds because the pension rights holders are unknown, and the same sort of problem exists in corporate pensions as well. The assets sleeping in financial institutions’ dormant accounts are also likely of immense proportions. Because there are no identification numbers, the account owners have become unknown, and one might even say their rights have been violated. Number systems should be applied proactively in such operations as well.
Issue 2: What numbers will be used?
Next, the interim report presents three options for numbers: basic pension number, Juminhyo code (lit. resident card code), or a newly created number. As was made clear by the pension payment records problem, using basic pension numbers could cause instances of duplicate numbering which would lead to changes of address and name not being reflected in the pension records. This would clearly not fulfill the prerequisite of identity verification, and so basic pension numbers are obviously not suitable for use as standardized numbers.
In that case, one might think, we simply have to choose between Juminhyo codes or a new number system. But the opinions of intellectuals are split on this issue. While I understand the desire to wipe away the bad image and the fetters associated with Juminhyo codes by using a new number system, my personal opinion is that, by declaring that a new number system would somehow allow us to avoid danger, we would actually be deceiving the people, and that we should instead openly embrace Juminhyo codes.
Juki Net was originally built to keep perfect track of changes in citizens’ basic information and for identity verification within municipalities, and for the past seven years it has operated without incident. Juki Net is the quintessential foundation of identity verification, and there is no real alternative to the Juminhyo codes maintained therein. There are, however, flaws within the current laws relating to Juminhyo codes, i.e. strict restrictions on usage and the ability to change the card and/or code as many times as one likes. These laws should be amended and Juminhyo codes should be attributed the status of standardized numbers.
Building a new number system equivalent to Juminhyo codes would be to build a roof atop a roof and result in unnecessary costs. The newly-established number system would simply inherit all the problems Juminhyo codes had, and if the new numbers tried to go it alone as virtual “Juminhyo codes,” nothing at all would change. Giving the illusion that creating a new number system would provide protection of privacy, as it were, would simply be to deceive the people. In the unlikely event that a problem did occur, it is possible that the people would panic upon discovering that they had been misled. The most important part of privacy protection is preventing any leakage of the information attached to the numbers; one must not treat only the numbers themselves and then dress it up as though it were privacy protection. The “invisible numbers” argument is the same argument as that in favor of new numbers. We should use Juminhyo codes as “visible numbers” and set forth the fundamental principle of properly protecting the personal information attached to those numbers.
Issue 3: How will the information be managed?
The interim report then gives two options for management systems: a centralized management system (integrate the numbers of various areas into one number, and have centralized, concentrated information management) or a distributed management system (have distributed information management over different areas, and use standardized numbers to link the information through a relay database).
This issue involves a combination of number management and information management, and should be laid out as below.
| Number Management | |||
|---|---|---|---|
| Same number | Different no. for each area
(Linkage possible) |
||
| Information Management | Centralized | Korea | N/A |
| Distributed | US | Australia | |
In terms of information management, information should be distributed across and managed by the various area of operations, and each area of operations should take responsibility for the content of its information. From the perspective of protection of private information, centralizing and integrating all information in one place is inappropriate. As far as I am aware, there are almost no dissenting opinions among intellectuals on this point.
Conversely, when it comes to methods of number management, positions on whether to adopt “the same number” or “different numbers for each area" vary greatly. I believe that Japan should adopt “the same number,” and that the Flat Model, as it is called, that the US, South Korea, and much of Europe have adopted is appropriate. In contrast, those intellectuals who assert that “different numbers for each area” should be adopted believe that the method in use in Australia, i.e. the Sectoral Model, is more desirable.
The reason the Australian method seems so desirable is because it seems like it has a higher level of security: because different numbers are used for each area, even if information is leaked it cannot be matched across areas by number; and production of linkage numbers has a very complex protocol and makes full use of high level encryption technology. There are two problems with this method.
The first is an operational problem. The fact that what works in theory does not always work in practice is common knowledge in places dealing with raw data. Even if we ignore the problems of processing performance related to disparity in population sizes (Japan’s population is more than ten times greater than that of Australia), Australia’s method has the following sizeable operational problems and it is likely that similar significant difficulties would arise during operations in Japan (I will omit the details). Not only that, the process of attaching linking numbers is not complete even in Australia’s most advanced fields, and the fact that there are not yet any real operations data is an issue as well.
- Name used when linking data (problems of kanji codes and furigana)
- Operations when changing names
- Linking data with municipalities (short time span and large volume processing)
- Dealing with changes of number in various areas (loss/acquisition of medical insurance number)
- Transitioning to attached linking numbers
- Responsive troubleshooting
The second problem is the way the method regards safety. The reasoning is that even if a large amount of data were leaked from several areas, one would be unable to match the numbers to each other and therefore the system is safe. But if each area had its own strict security measures in the first place, the likelihood of large amounts of data being leaked simultaneously from several areas would be extremely low. By thinking the system to be safe because it uses different numbers, the security for each area becomes lax, and countermeasures for Issue 4, protection of private information, are taken lightly. As a result, the danger of information leaks actually increases.
I do not want what I say to be misunderstood; I do believe that all areas should use “the same number,” but I am not saying that they must necessarily switch over right away. Operations that do not currently have standardized numbers established should assign and use them, but in cases like basic pension numbers and medical insurance numbers, where there are already existing numbers in place, standardized numbers should be attached to the existing numbers (to be used as linking numbers) and put into operation in the immediate future. Raw data is never tidy information, and the time-consuming process of attaching standardized numbers and correcting information (i.e. data cleansing) will no doubt occur. Giving meaning to the numbers will affect the operation of the system as well. The elimination of existing numbers and the switchover to standardized numbers should be undertaken only after data cleansing has been completed, the safety of system operations has been confirmed, and the people’s consensus has been gained.
I might argue that by using only one number, if that number were found out by someone, they could use it to consolidate all of my data, one piece after another. However, each piece of information is individually protected by its respective operational area, and even if someone found out my number they would not be able to consolidate my information. The important thing is not “if someone found out my number,” but protecting the personal information attached to that number. Furthermore, the “relay database” mentioned in the interim report was an idea once brought forth regarding the debate of electronic post office boxes and is a method for avoiding the introduction of standardized numbers. This was a design whereby, in exchange for not using standardized numbers, citizens would take responsibility for their own numbers (not even mandatorily, at that, but voluntarily). This idea is not appropriate for the standardized number system design described here.
Issue 4: How will personal information be protected?
Finally, the interim report lays out three options for personal information protection: allowing citizens to control the use of their own information; preventing fraudulent activities such as forgery and identity theft; and preventing use outside of the intended purpose. However, all three options are in fact necessary measures for protecting personal information.
(1) Citizens can control the use of their own information
The important thing here is striking a balance between technical and systematic countermeasures when setting up the system. Technically speaking, citizens must be provided with a mechanism to check their own access logs, while from a system standpoint, an extra-governmental third party institution needs to be established. We must avoid settling for technology and neglecting systematic countermeasures, or vice versa.
- Technical countermeasures: mechanism for checking one’s own access log
- Systematic countermeasures: establish an extra-governmental third party institution
Further, the third party institution should possess the following six capabilities. Especially important is that we monitor not only the current conditions of operations, but that there is “4. The capability to monitor the utilization of standardized numbers” as well. This is because, as was seen so clearly in the pension payment records problem, it will not allow the government to sabotage the use of standardized numbers and turn a blind eye to violations of citizens’ rights.
- The capability to ameliorate citizens’ unease
- The capability to provide relief to citizens who have been damaged
- The capability to monitor the operational conditions of standardized numbers
- The capability to monitor the utilization of standardized numbers
- Receiving internal accusations and protecting the accuser
- Disclosure of information to the public and periodic reports
(2) Preventing fraudulent activities such as forgery and identity theft
The interim report says “…to introduce IC cards as a mechanism for identity verification. As an existing, stable mechanism, Juki Net cards may be used as well,” but Juki Net was originally built for the purpose of implementing identity verification, and Juki Net cards are already distributed by municipalities as identity verification tools. Constant efforts towards raising security have resulted in all Juki Net cards issued after April 20, 2009 being embedded with an IC chip that has the card’s information recorded on it, as well as being printed with anti-forgery logos and QR codes. Making new IC cards in addition to Juki Net cards certainly seems like a waste of taxpayers’ money.
(3) Preventing use outside of the intended purpose
Currently, use of personal information outside of the intended purpose is prevented by personal information protection laws and regulations. “Use outside of the intended purpose” is not a problem with standardized numbers, but rather is a problem of personal information protection, and should be treated as such.
Conclusion
It is unclear to what extent the results of the public opinion questionnaire will be reflected in the design of the number system. Additionally, there are those intellectuals who point out that because it was a questionnaire soliciting the opinions of normal citizens, the content of the questions was not very accurate and the language was somewhat lacking. However, the fact that the government cast the points of controversy of number systems, a fundamental national problem, to the citizens and requested their opinions is commendable.
Hereafter, the citizens’ opinions will be taken into consideration, the number system proposal will be polished, and a final decision will be reached based on a political judgment. The one thing I want to ask of the government is that they not pander to the citizens’ temporary emotions and anxiety, but rather fix their sights on the Japan of 100 years from now, and deliver a decision that looks at the big picture and sees the number system as the backbone of the country.
Notes
(1) Enami, Toshihiro. 2008. Not Repeating the Pension Payment Records Problem: The Problem Lurking within Japanese Names and Its Fundamental Solution. Public Administration & Information Systems. October, 2008 issue.
(2) Enami, Toshihiro. 2010. Realizing the Real Electronic Government by Introducing Standardized Numbers—3 Proposals Regarding Standardized Numbers. Public Administration & Information Systems. June, 2010 issue.
(3) In addition to final income tax return information supplied by tax offices, municipalities also perform the task of tying owners of tax objects such as land, houses, vehicles, and light vehicles to the relevant resident. These should also be mandatorily numbered.
(4) Enami, Toshihiro. 2009. Restructuring Electronic Government with Integrated Number Systems. Informatization Research. July, 2009 issue.
