Well, we are now entering the summer when the My Number bubble is at its peak, but how is everyone doing?
At the same time, the pension number was leaked widely.1It has also been said that this could have an impact on the My Number system, but I feel uncomfortable with the idea of making a bigger fuss about the leaking of the "number" than about other personal information such as "address, name, date of birth." This is because, when it comes to leaks, the impact on privacy is "number" < "address, name, date of birth" < "associated information."
For simplicity's sake, we will focus on "number" < "address, name, and date of birth" below.
1. Damage caused by identity theft
The "number" itself should only have the ability to distinguish one's data from that of other people. In the United States, for example, the SSN has been used to verify a person's identity due to a misunderstanding, which has led to a great number of identity theft incidents.2However, Japan's My Number and Pension Number systems are not supposed to do this. As for the former, it is explicitly prohibited by law. On the other hand, if you look around the world, you will see that there are many situations where you are asked to provide your name, address, and date of birth to verify your identity, and it is surprising that no accidents have occurred in this age of social media. However, even just considering this, you can see that the risk of direct damage from impersonation is greater for "numbers" than for "address, name, and date of birth."
By the way, the routes through which damage caused by spoofing can occur are as follows:
- Disclosure of unwanted information, especially "incidental information"
- Using the acquired "ancillary information" to threaten or interfere with someone's will
- Economic damage caused by financial transactions being spoofed
And so on.
2. Possibility of Remedying Modifications
Next, consider whether it is possible to salvage something that has been leaked by changing it.
It is difficult to recover leaked "associated information," so "bad people" collect it and do profiling. At this time, the "key" information - technically, identifiers/identification information - is used to match different "associated information" and aggregate the data.3It's what we call it. Both the "number" and "address, name, and date of birth" are identification information. By the way, the major identification information on the Internet are email addresses and mobile phone numbers. Phone numbers are also often used as identification information at general stores.
Now, when "associated information" is leaked, it often leaks in the form of this "identifying information-associated information" pair. "Bad people" will aggregate "identifying information-associated information A" and "identifying information-associated information B" to create "identifying information-associated information A-associated information B" information, and try to infer what a person is like. This is called "unwanted profiling." It is a typical example of privacy violation.
In such cases, whether or not the identification information can be changed will affect the vehicle's resistance to future accidents.
For example, let's say that at some point, information "Identification A - Incidental Information A" is leaked. At that stage, let's say that the person's "Identification A" is changed to "Identification B." Then, there will be no subsequent incidental information that can be linked to "Identification A," so it will no longer be possible to match and consolidate the data after the incident with the leaked data. This is the benefit of changing the identification information.
The "number" can be changed as stated in the leaked pension number change.4In contrast, your date of birth cannot be changed, your name is extremely difficult to change, and if your address is rented, it's all but hopeless if you own your home. In other words, even in terms of the possibility of saving your address from future data collection through changes, a "number" is far superior to "name, address, and date of birth," and the privacy impact is "number" < "address, name, and date of birth."
3. The value of information itself
Next, let's consider the value of the information itself. If a "number" is used correctly, it can only be used as identification information to distinguish one person from others, and should therefore be of no value to anyone other than the person in question and the administrator. On the other hand, an "address and name" has what is known as "reachability." In other words, the value of the information is the "number" << "address, name, and date of birth." And it can also be misused. A minor example would be to send direct mail, and a more serious example would be for an abuser to attack and kill a victim of domestic violence.
Similarly, the value of information is "number" << "ancillary information." Without the "ancillary information," there's no point in aggregating and profiling.
4. Conclusion
For the reasons mentioned above, the information risk of the "number" is quite low. Therefore, in the event of a leak, the focus should not be on the "number" but on the "ancillary information." This is where things are getting a little off. In reports of the Pension Service leak incident, they often say, "The information that appears to have been leaked includes basic pension numbers, names, dates of birth, addresses, etc." But wait a minute, it's that "etc." that's important.
Regarding the My Number system, the technical sub-working group has repeatedly stated that the system should be prepared so that it can be easily changed, so I believe that this is the case. I would be surprised if this wasn't the case, seriously.
footnote
- ""Unauthorized access to 125 million personal pension records leaked from Japan Pension Service" Nihon Keizai Shimbun(2015/6/1) http://www.nikkei.com/article/DGXLASDG01HB5_R00C15A6000000/ より 2015/6/9取得
- The myth that there are no restrictions on the civilian use of the U.S. Social Security Number (SSN)
- In ISO/IEC 24760 and other standards, the term "identification information" is used to refer to the "value" of an "identifier name:value" name:value pair, so care must be taken.
- In principle, the My Number will remain the same throughout one's life, but as I've said before, it would be better if it could be changed easily. It's not a big deal from a system perspective.
1 reply to "Is it dangerous if the "number" is leaked?"