Top>Research>Intertwining of technical and legal issues in the My Number system
Nobuyuki Sato [Profile]
Nobuyuki Sato
Professor of Public Law, British & American Law, Information Law, Chuo Law School, Chuo University
On February 14th, 2012, the government submitted to the Diet a law bill related to the use of a number for identifying specific individual during administrative procedures (My Number bill). This bill proposes assigning a different number (My Number) to all Japanese citizens (including mid- to long-stay foreigners and special permanent residents), as well as implementing a system (My Number system) which uses these numbers as a common number for taxation, social insurance and disaster-preparedness procedures (numbers will also be assigned to corporate entities). If the law is enacted at the current 180th session of the Diet, the system will begin operation from 2015.
As a data-matching system for personal information held by the government, there is no doubt that the My Number system would be efficient and could serve as a basis for other systems. For example, the government envisions implementation of a comprehensive total system for establishing an upper limit on the total amount of personal expenses associated with medical care, nursing care, childcare services and disabilities. On the other hand, there are fundamental questions regarding the act of forcible data-matching. There is also concern that the risk of worst-case scenarios may outweigh the foreseen increase in convenience.
Social division and computerization are advancing at a high level in modern society. In my opinion, the expansion of a My Number system as a base for public services is unavoidable within such a society. However, further review is required for the system proposed by the current bill. In particular, we must investigate the possibility of increasing technical and institutional safety. In this article, I will discuss the intertwining of technical and legal issues related to the My Number system.
Today, each one of us possesses various personal numbers. This includes public numbers such as residence card codes, universal pension numbers and health insurance numbers, as well as private numbers such as bank account numbers and Chuo University student ID numbers. By using such numbers, we receive the merit of being able to identify ourselves through minimal disclosure of personal information.
Fundamentally, in such systems until now, such personal numbers have been designed differently for each purpose or organization. This system was based on concern that the use of a single personal number for multiple purposes and organizations would result in the number being used as a key for data-matching, thus leading to privacy violations unwanted by the individual. However, put simply, the current My Number bill recognizes the merits of data-matching in the fields such as taxation and social insurance, and therefore seeks to implement a common number. Merits would be enjoyed by both the government (imposition/collection of taxes based on an accurate assessment of income) and by citizens (through systems such as the comprehensive total system mentioned above).
Incidentally, in regards to data-matching for taxation purposes, a law for implementing a number-based system known as the "Card System for Users of Small-Sum Savings, etc." was promulgated in the 1980s. However, the law was repealed before enactment, making the recent proposal the first in 30 years.
Criticisms of the My Number bill include concern for the risk of privacy violation that is an inherent part of data-matching. This is certainly an important point. However, when considering the example of adopting fair taxation through progressive taxation, it is necessary to perform data-matching within a certain scope for information regarding personal economic activities and lifestyle. If all government resources were funded by consumption tax, then it would no longer be necessary to provide the government with information on personal economic activities. However, a society based on such a taxation system cannot be called fair and equal.
Therefore, it is important to carefully review the necessity, rationality and safety for both the purpose and method of data-matching. In this article, I would like to raise one issue by focusing on the safety of the My Number system.
My Number is a common number used for multiple administrative purposes. This kind of number is already used in many countries. Among those countries, the technical and system model adopted by Australia is thought to have the highest level of safety.
An overview of the Australian model is provided below.
(1) The government assigns a public personal ID number to citizens. This ID is held by both the government and the assigned individual.
(2) The government uses encryption technology to generate a non-public personal ID number from the public personal ID number. This non-public personal ID is recorded only in an IC card which is issued to that individual. Without the encryption key, it is technologically impossible to restore the public personal ID from the non-public personal ID. The encryption key is held only by the Data Protection Committee which is a highly independent government institution. In other words, the government does not constantly hold the non-public personal ID.
(3) When registering personal information into databases constructed by government institutions (for example, a personal taxation database), the non-public personal ID and a code allocated to each database administrator is to generate a third personal ID. This third personal ID is used for registration. The non-public personal ID required at this time is acquired through either of two methods: 1) based on law and approval received from the Data Protection Committee, the ID is generated for each case, or 2) the ID is read from the IC card submitted by the individual. It is prohibited to record the non-public personal ID or the public personal ID into individual databases.
In summary, the Australian system is supported by the following technology and system: A common number is assigned to all citizens. However, a different child number is used for each data administrator generated from that number. Furthermore, the government is not able to freely restore the common number from that child number.
As a result, the Australian system ensures safety on two levels. First, even if information is leaked from a certain system, the personal IDs recorded in that system are not used in other systems. Therefore, the leaked information cannot be used to perform data-matching for personal information. Second, in order to perform data-matching across multiple systems, it is necessary in each case to acquire the encryption key which is controlled by the Data Protection Committee and to generate a personal ID for each system which is a target of data-matching. This makes it technologically and systematically impossible for the government or government employees to perform unlawful data-matching.
On the other hand, the My Number system proposed by the current bill uses a residence card code for the public personal ID described in (1) above. My Number is used as the non-public personal ID described in (2) above. However, My Number is not non-public and is held by the government. Furthermore, instead of using My Number within individual data bases, the bill proposes using a number equivalent to the personal ID described in (3) above. Even so, the information supply network system which records the two numbers and conducts bidirectional conversion is operated by the government (Ministry of Internal Affairs and Communications). As a result, although the first type of risk is reduced, concern still remains regarding the second type of risk. Even if the fears contained in author George Orwell's 1984 are unfounded, there is still the immediate risk of invalid access by persons who possess official database access authority (for example, there was a recent case in which information was read from a transit IC card by a train station employee who was a stalker ).
As discussed above, one issue of the My Number system is the intertwining of technology and law. Specifically, how should information technology be incorporated into legal systems? This issue has complicated debate regarding the My Number system. Still, the government must make a selection based on a comprehensive evaluation of safety, convenience and cost. In this respect, debate is required which includes changes to the technological infrastructure which will be used.