The other day, I was talking with Professor Suzuki of Niigata University, and we talked about how difficult it is to get interviewed by the media. This was his reaction to an article in the 2010/12/22 issue of Nikkei Computer. Professor Suzuki said, "I've become a big supporter of numbers lol," and I've become "a biometric authentication supporter and an opponent of numbers lol."
Those who know me well may be surprised and ask, "Wait, Sakimura is a biometric authentication advocate?" But of course, I am a die-hard opponent of online biometric authentication. This is not something that has just recently happened. I have been expressing my opposition since 1997. I wonder where the twist happened. I think it was because I said that when you open a bank account, your identity cannot be confirmed unless you have a certificate with biometric information such as a photo, or that in order to link a living person to a resident's certificate, which is a "presence confirmation DB," you need a "credential" that links biometric information such as a photo or signature with a key in the presence confirmation DB. The requirements for offline and online are completely different, but the listeners do not have that kind of resolution, so they don't get it. It's really difficult to talk about it.
So today I would like to briefly examine what I said in this article.
"I cannot support the policy of using only IC cards for identity authentication, because of the cost and convenience involved. This is because an IC card reader is required. "If other identity authentication methods such as passwords and biometric authentication were available, the cost of implementation would go down and convenience for citizens would increase. (Senior Researcher Sakimura) (p.69)
Assuming proper identity verification is performed, there is no doubt that IC cards have a high level of security. However, implementing support for this is not so easy and is costly. This will be a problem especially for homes and small businesses. In reality, not all administrative work requires such a high level of security. Therefore, it is important to increase convenience and reduce costs by allowing the selection of an appropriate level of authentication method.
On the other hand, when considering identity verification at the counter, it is not always possible to prepare an authentication system connected to an IC card reader. In such cases, identity verification using the face of an ID card is required, which requires biometric information such as a photograph or signature. For example, even if a "number" has been issued, presenting only the "number" does not provide any verification.
I think that if you shorten that kind of talk, it would become the quote above. It's really difficult to speak.
Senior Researcher Sakimura said,The "issuance of new numbers based on the Resident Code," which is currently under consideration, is considered to be difficult. (P.71)
Issuing new numbers is not difficult. What is difficult is delivering them accurately to the individual, and making it possible for the receiving institution to verify that it is the individual who is using the number, and not someone else, when the individual uses the number. However, this is summarized as above. This makes it seem as if they are saying that issuing numbers is difficult.
"Resident registration codes can be changed by citizens' applications, and information such as addresses linked to them can also be changed. This cannot be considered information used to verify identity." (p. 71)
I have no idea why this has come up. What I said is that until a few years ago, information in the Basic Resident Register was accepted on an application basis without the need to show identification, so it would be difficult to recognize it as information that has been verified from an international perspective.
However, if new numbers were to be issued to all citizens after strict identity verification, "it would be impossible to do it in three or four years," said Sakimura. If the number system is to be put into operation around 2014, this would not be enough.
This is true, and even in Korea and Germany, where identity verification has already been completed, the distribution of ID cards is a major project that takes 10 to XNUMX years. As mentioned above, it is not surprising that it would take even longer to do this in Japan, where identity verification has not been completed. I'm surprised that such a simple matter can be written accurately.
Therefore, Senior Researcher Sakimura points out that "we should first proceed with a method that does not issue new numbers" (Figure 5).
It's not that we won't issue new numbers (← it will take 5 to 10 years to issue them steadily!), but we should adopt a system that doesn't depend on numbers, but this is what the article has turned out to be. If we use a system that depends on numbers, the service can't start until everyone has a number. Instead, we need to make it possible to receive the service even without a number, and we need to make a gradual transition, otherwise we won't be able to start in 2014.
Another thing I mentioned is that each system already has a database where each individual is registered, but in order to link them, each person in each database must be matched. Even if a "common number" is assigned to each individual in each database, the individual in the database must first be identified, identified as the owner of the common number (matched), and the common number must be assigned to the individual in the database. The key to this is only the four basic pieces of information, aren't they? If so, we need to talk about how to do this efficiently, and since there is no perfect match, the only way to match them is to involve the individual. (Think of the special pension mail.) However, we cannot incur high costs for each system like we did with the pension problem, so we need to come up with a good method, but I think that almost nothing has been said about this. To do this efficiently, we should use not only the 100-year-old means of contact, "address," but also electronic means such as email, but there is currently no system in place to register this with the government. I don't know whether the Basic Resident Register will be expanded or created separately, but it would be more efficient to first prepare registries of electronic means of communication (e.g. email) and electronic means of transfer (e.g. account numbers) and then do everything at once, but perhaps I didn't get my point across well.
The ID used to log in can be "an ID issued by a private ID provider" (p. 72).
Honestly, I think this is true. There is no country that has been successful in using government-issued IDs on the Internet. (South Korea, which is often cited as an example, also uses IDs issued by five certified businesses. Moreover, the level of identity verification is much lower than that of Japan's specific certification businesses. This is one of the major reasons for its widespread use.) State-issued ID cards should be positioned as documents that raise the level of identity verification for private IDs. I think it would be a good idea to register this type of private credential information in the national registry, along with the email addresses mentioned above.
Sakimura, a senior researcher, said, "The assignment of new numbers can be carried out over a sufficient period of time after the number system is launched." (p. 72)
This is the same as the above-mentioned idea of "starting the system without relying on numbers, and gradually popularizing the numbers." However, it is hard to read it that way.
This is the end of my part, but it's really difficult. I need to practice speaking more "roundly". If I try to be accurate and talk about the details, the story becomes fragmented and the content changes. These days, I'm telling myself that I should sacrifice accuracy and talk in a way that conveys the main points correctly.
P.S. If I say, "Why don't we just use the Resident Registration Code instead of creating a new number? It's a great solution," won't that help prevent people from being labeled as opponents of the number system?