Measures for Achieving e-Local Governments
shintaro maki
In promoting electronic local governments
(e-local governments), I think there are two major subjects to be considered.
The first of these, in the narrow sense, is the construction of an information
system for e-local governments; how to construct in the local governments an
efficient information system conducive to the improvement of public services.
The other, in the broader sense, is what form local governments that make good
use of information and communications technology (ICT) should take, and changes
in the local community; the question of how we should build local governments suited
to the age of decentralization, and create local communities that are pleasant
to live in. I think that the keyword here is to use ICT as a communications
tool to promote residents participation.
In this article, I would like also to present my views on two major systems that form the foundation of both e-government and e-local governments. The first of these is the Public Certification Service for Individuals. When public services are offered online, the problem is personal identification, and for this the Public Certification Service for Individuals will be used; how should this service be developed? The other system is the Basic Residential Registers Network System (Juki-net). The Juki-net has been in operation for two and a half years and is now well established in Japan. In this article, I would like to mention once again the significance and usefulness of the Juki-net. Finally, I would like to touch briefly on recent developments in measures to protect personal data and maintain information security.
(1) Present situation regarding local government procurement of information systems
The Ministry of Internal Affairs and Communications conducted a nationwide survey of local governmentsf costs for the adoption and operation of information systems, and published a preliminary report in December 2005. The report revealed that there are large differences in spending on information systems even between governments of similar size and with systems that have similar functions. It was also found that the cost per capita was comparatively higher in local governments that had smaller populations.
Why is there such a cost difference between local governments for similar information systems? Some conceivable reasons may be the scope covered by the system, differences in function or specifications, or the degree of customization. Considering the size of the discrepancy, however, one cannot help suspecting that there is not in place a proper competitive environment for the procurement of information systems by the local governments.
With regard to the procurement of information systems, we often hear talk of the so-called gone-yen bidh. The reason this happens so often is that, once a company has taken an order for an information system, it can keep on receiving orders for the long-term operation of the system under a private contract and thus recover their initial investment. In fact, this practice of so-called vendor lock-in has become a common business model for vendors. Then when the system needs modification following changes in laws or regulations, the local government has little other choice than to pay the vendorfs asking price whatever it may be, because the system is a black box. And it is the taxpayer who must pay for it.
The information systems of local governments have moved from the old large-scale mainframe computers to client servers, and are now making the transition to a web-based interface. In the days of the old mainframe computers, the hardware and the software that ran on it were treated as something inseparable. As systems have become more open, however, a competitive environment has been created for hardware procurement programs to upgrade system components, and procurement costs have become more reasonable. In software procurement, care must be taken not to get caught in a new vendor lock-in.
One other trend that was found was that costs per capita are comparatively higher in smaller local governments, and this is not limited to information systems; if we look at administration costs overall, local governments with a population under 10,000 tend to pay higher costs per capita. In recent years, as decentralization has progressed, more and more municipalities have merged in order to strengthen their financial, organizational and human resources base, but there still remain a considerably large number of municipalities with populations if less than 10,000. Under the gThree-in-one Reform,h the way local allocation taxes are distributed to local governments is being reviewed; measures to compensate the comparatively higher costs of smaller municipalities are tending to be scaled down, and the financial environment of these municipalities seems likely to become increasingly severe. Under these circumstances, if we are to promote e-local governments offering public services via the Internet 365 days a year, 24 hours a day, to every citizen, wherever in the country he or she may live, measures must be considered to deal with small-sized local governments. What is more, many of these smaller municipalities are sparsely-populated rural towns and villages. There is no bus service to the town or village office many kilos distant; and in winter people are forced to drive through the snow to reach the municipal office. It is the residents of these sparsely-populated areas who will benefit most if they are able to access public services via the Internet from the comfort of their own homes, but it is here that financial constraints are holding back the development of e-local governments.
In order to resolve these issues and to promote e-local governments, the Ministry of Internal Affairs and Communications has developed three key policies to support the construction of the local governmentsf information systems. These policies are joint outsourcing, EA (enterprise architecture) and the standardization of data. I would like to describe briefly the aims of each of these policies.
(2) Joint outsourcing
i) The meaning of joint outsourcing
Joint outsourcing is when a number of local governments jointly commission the operation of their information systems to the private sector. When e-local government is being promoted in order to make public services available online 24 hours a day, 365 days a year to every citizen, wherever in the country he or she may live, it is inefficient for individual local governments to pursue the change separately; by jointly outsourcing e-local government services, multiple local governments can effectively exploit the know-how of the private sector and operate their information systems via a joint data centre at lower cost and with a higher level of security. In the case of small-sized municipalities in particular, the single-handed promotion of e-local government is difficult in terms of their financial situation and the availability of technical staff. There are upwards of some 2,000 municipalities in Japan, and if the e-local government initiative is not to be delayed, joint outsourcing is the direction in which we must go.
ii) Two cost-splitting effects
Splitting the costs through joint outsourcing can be expected to reduce costs in two ways.
The first is the effect of cost-splitting between the local governments operating from the same shared data centre. The joint operation of the information system by multiple local governments can be expected to greatly reduce the operating costs per local government. The cost reduction effect is expected to be over 70% compared to the construction and operation of separate systems, depending on the number of local governments participating and the type of public services offered. When the cost of the joint operation of the information system is split proportionally between the participating local governments, in some cases the cost is split evenly, but in most cases the size of population or number of municipal employees is taken as the distribution index, and the tendency is for the cost reduction effect over separate operation to be greater the smaller the local government is. Joint outsourcing will surely be an efficient tool in promoting the e-local government program throughout the country, including even the smallest-sized municipalities.
There is one more cost-splitting effect that can be expected from joint outsourcing. If a group of local governments engaged in joint operation also use the same application software, splitting costs will hold in check the expense of program modification accompanying an OS version upgrade or improvements to the system.
iii) Standardization of public services
What should be noted here is the fact that the standardization of public services is a prerequisite for the joint use of an information system. Any attempt to operate on a single common information system the different public services provided by the various local governments would involve a huge amount of individual customization and be comparatively expensive. This means that the standardization of public services is a prerequisite for joint operation; and the thorough review of services involved in this process is a perfect opportunity for local governments to reform their services. In addition, if application software is to be shared by multiple local government groups, the need will arise for plans to standardize local government services nationwide. In promoting the standardization of services as a prerequisite to joint outsourcing, EA (enterprise architecture) will be a very useful reference model.
iv) Open systems and modularization
Another issue we must pay attention to in joint outsourcing is ensuring that the system is open and modularized; the system should not be a black box. If multiple local governments operate an information system jointly, it will be quite a large system; but this must not mean that the small local IT companies that have so far been responsible for the operation of the small local government systems should now be excluded. In order to curb vendor lock-in in joint outsourcing, the system should be open, using standard technologies, and modularized so that different vendors can have the chance to participate. Specifically, data should be exchanged in a standardized format via an integrated coordinated system, and there should be disclosure of system interface specifications so that components can be modularized. This will allow vendors to compete with each other in a fair environment. From now on even a local IT company, if it has the ability to construct a good application for the system, ought to be allowed to participate in the construction and operation of the e-local government system. This kind of open system is what we should aim for in joint outsourcing.
v) Development of a model system for shared use
In cooperation with the Local Authorities Systems Development Centre, the Ministry of Internal Affairs and Communications has been pursuing the development of a model shared-use system for public services, such as on-line applications, document management, integrated systems, finance and accounting, personnel and pay management, general affairs, etc., as well as procedures related to the Juki-net, taxation and welfare. The products of the development will be registered in the program library of the Centre and will be provided free of charge to local governments working on joint outsourcing, in an attempt to help reduce the initial cost incurred when the system is introduced. At present, a model is being developed, based on packages provided by vendors with a good record with systems aimed at individual local governments, that will enable multiple local governments to share and exchange standardized data through an integrated, coordinated system. The interface specifications for this integrated, coordinated system are open, making possible the modularization of the system.
vi) Creation of a framework for nationwide joint use
The Assembly for the Promotion of Joint Outsourcing, which was established in July 2005, has been studying the creation of a framework to keep the cost burden low following introduction of the system, by sharing maintenance and repair costs between the local governments. Even though the original system may be the same, if individual local governments carry out their own improvements, the systems will in time evolve into something that may look the same but are different; this will make it difficult to upgrade the OS jointly, or carry out modifications to conform to any law amendments there may be. In addition, given that the original system will be provided to local governments free of charge, a framework is necessary that will allow feedback of useful functional improvements made by individual local government groups, so that these can be incorporated into the original system and the benefit enjoyed by local governments all over the country. Work is going ahead on the creation of a national framework to bring about the sharing of application software that will provide the second cost-splitting effect of joint outsourcing.
(3) Local government EA
i) The meaning of EA
EA (enterprise architecture) is a design method that aims to optimize operations throughout an entire organization. In EA, administrative operations and systems are divided into four strata: 1) business architecture (BA); 2) data architecture (DA); 3) application architecture (AA); and 4) technology architecture (TA). In the context of local government, the current status (As Is) and desired status (To Be) of services and the system are laid out by means of modeling and the joint use of information is promoted throughout the authority, vertically-compartmentalized bureaucracy being eliminated. The exploitation of EA to improve services and the system from the perspective of overall optimization is expected to offer the following benefits: 1) The achievement of an efficient, low-cost and secure e-local government as duplicate investments involved in system development are avoided and smooth interconnection and cooperation become possible; 2) The use of an open system will prevent in advance vendor lock-in resulting from a black-box system, and the creation of an environment for fair competition will lead to a reduction of procurement costs; and 3) The complete visibility of the business processes and data systems and the modularization of system components will enable small-sized local IT companies, if they are competent, to participate in the construction and operation of local government systems; it is expected that this will not only promote the standardization and streamlining of local government operations, but also help stimulate local IT industries.
Although there has been a tendency for some local governments to try to optimize that part of their administration processes already covered by an information system, in the local government EA project administrative reform is introduced, including the reform of those services hitherto offered on paper or orally. The aim is an integrated reform of services and systems, including a review of how the work itself is done, how much of the administrative process can be covered by the information system, and how a one-stop service that serves the needs of the residents can be provided. Of the four strata of EA, AA and TA will undergo huge changes as information and communications technologies develop, but regardless of the hardware or software used, BA and DA are the foundation on which an efficient system will be built; local governments should not leave these to the vendors, but keep a firm grasp on them.
ii) Standardization of administrative processes and systems on a national basis
In the ongoing effort to build a local government EA, work is progressing in three local governments with populations of different sizes (Kitakyushu in Fukuoka Prefecture; Kawaguchi in Saitama Prefecture; and Mizusawa in Iwate Prefecture) with the involvement of the actual local government employees. Several vendors with previous experience in the introduction of information systems are also participating in the effort to build a local government EA, forming a consortium to examine the local governmentsf internal administrative and key public service processes. The members of the consortium were selected through a strict review conducted by an evaluation committee, and it is hoped that the participation of various vendors with experience of local governments all over Japan will provide various checks and lead to the construction of an ideal, more standardized EA reference model, not a model with any specific bias.
iii) Making administrative processes and systems more visible through EA
Making previously opaque administrative processes and systems more visible through EA will make it possible for administrative know-how that in the past was in the possession of individuals or individual departments to be shared across the whole authority, making possible a reform of administrative processes and systems from the viewpoint of overall optimization. Moreover, making what could be called the uppermost processes of the system design visible in a form that can be understood by both local government employees and local IT companies will make it possible to have an open system and modularization. This in turn will lead to the creation of a fair system procurement environment in which separate modules of the system can be assigned to different vendors, not only the vendors who installed the original system. If large numbers of local government groups make use of the EA reference model when they standardize their administrative processes in preparation for joint outsourcing, it is expected that this will lead to increased sharing of application software, etc., and to the realization of a high level of e-local government at low cost.
(4) Data standardization
i) The meaning of data standardization
In contrast to the days of the old mainframe computers when local government information systems were not connected online to the outside world, in an era when national and local public organizationsf information systems are part of a network through which data are exchanged, if there are a number of different data formats the data will have to be converted at every transaction, making the system as a whole cumbersome and inefficient. Up until now there have been cases where IT vendors have set their own data specifications in order to lock in customers. The standardization of data is extremely important for the construction of an efficient and effective system and for the reduction of procurement costs.
If we assume that from now on local government information systems will be more web-based and that joint outsourcing will be based on thin client solutions (in which employeesf terminals have only minimal functions, such as a browser, other applications and files being managed by a central server) using LGWAN-ASP, I think that we should standardize data using the XML markup language, which is not dependent on the OS or programming language. Using XML will not only allow data to be handled irrespective of the type of OS, etc; even decades from now we will be able to make free use of the best technologies then available to utilize the data effectively.
ii) Structure to promote data standardization
The Ministry of Internal Affairs and Communications set up a gData Standardization WGh under the gStudy Group on How e-Local Government Systems Should be Constructedh established in April 2004 to conduct studies on data standardization. In March 2005, the gCouncil of Local Governments for the Promotion of Data Standardizationh was set up; the decisions authorized by the Council are to be reflected in the construction of information systems by local governments nationwide.
iii) Where we go from here
In promoting data standardization, work will start first on 1) data exchanged over the exclusive network linking the national government and local governments; 2) data exchanged between systems within a local government; and 3) data handled by the front office data system, such as online applications and online tenders, until all of the data throughout the e-government and e-local government system have been standardized.
(1) The meaning of citizen participation through ICT
Although the purpose of promoting e-local governments is to improve the efficiency of administrative processes and the quality of services, we should not limit our discussions to the question of how to construct an information system for local governments; it is the move to reform through ICT what the administration itself should be that will lead to the realization of e-local government in the true sense. Progressive decentralization will expand the scope of administration for which local governments are responsible, and there are calls for greater citizen autonomy; I think ICT has an important role to play in the functioning of a true check by residents, and in developing public services that reflect the will of the residents.
It may be thought that behind modern social problems such as the increase in crime and the emergence of NEETs (young people Not in Employment, Education or Training) lies the weakening of interpersonal relationships and community cohesiveness. We should consider the use of ICT as a communication tool linking people together to promote resident participation in the community and as a measure to bring about a society where people can live comfortably and without anxiety. In what is often referred to as the Y2007 problem, Japan is entering a period of shrinking population, and the baby boom generation will soon reach retirement age. On the one hand, Japan cannot expect significant growth either in the economy or in tax revenues; on the other hand, the aging of society will rather increase the demand for public services. Under these circumstances, local communities will have to be supported not only by the local government but by a wide variety of other bodies, including NPOs, local residents and others. We need to consider in particular how retiring baby boomers, with their wealth of social experience and computer skills, can actively support their communities. From now on local residents should be seen not only as the passive recipients of public services but as supporters of the community, actively participating in the community and in local administration.
(2) The potential of SNS (social networking services or social networking sites)
These days, two out of three Japanese people use the Internet; we have become able to obtain or transmit a wide variety of information using ICT, free of geographical and time restraints. There are however drawbacks to the cyberspace created by the spread of the Internet; there is a high degree of anonymity and wrongdoers can easily hide themselves. Accidentally revealing onefs real name or mail address on the Internet opens one up to viruses or a deluge of unsolicited e-mails (spam mail). In 2004 more than 900 local governments around Japan had set up citizensf virtual conference rooms, with the aim of having residentsf opinions reflected in local administration; but in only a handful of them are there lively, constructive discussions, and the recent trend is rather to close these virtual conference rooms. Many people find it difficult to put their real names to opinions in a local government virtual conference room that is open to the public, and participants tend to be limited in number. On the other hand, if anonymous participation is allowed, the website is spoiled by irresponsible or abusive posts. This being the situation, the mechanism known as SNS (social networking service / site) has been seen as a means of promoting residentsf participation in the community through ICT, and has rapidly gained favor. It seems that the characteristics of SNS are that it offers both security and convenience.
(3) Security of SNS
SNS allows users to select how much personal information they want to disclose, such as their personal profile or diary. A person may want to share personal information, such as his occupation, hobbies or the school he graduated from, with people he wants to communicate with on a deeper level; but that does not mean he wants to make all his personal information available to everyone who accesses the site. In the past, how much personal information could be disclosed on electronic bulletin boards, blogs and mailing lists could only be determined across the board. With SNS, however, every member can control access to his information ? personal profile, diary, photo album, etc. - by choosing different levels of access according to the content ? for example, gFriends Onlyh, gFriends of Friendsh, gThis Grouph or gAllh.
With SNS it is possible to allow a member to disclose which members are his friends, and to attach a note of introduction. In the real world, if we want to know whether a person is reliable or not, we can look at what kind of relationship the person has with those around him, and what kind of friends he has. With SNS we can imagine to some degree what a person is like by looking at who his friends are, and at the introductory comments written by those friends. This kind of information can sometimes be more important than knowing a personfs real name. In the world of the Internet where spam mail and viruses are rampant, SNS offers added security in that members of the site can exchange e-mails without making their e-mail addresses known. A member can also view who has accessed his diary on the site, and can block access by troublesome members. It is also possible to choose whether the virtual conference room is to be operated under a membership system requiring permission to participate, and to choose whether non-members should be allowed to browse the posts.
It is characteristic of SNS that it is based on a relationship of mutual trust through personal relationships, as described above, and ensures carefree communication while controlling access and the amount of information displayed.
(4) Convenience of SNS
SNS offers a wide array of functions, including diaries, virtual conference rooms, photo albums, mail delivery, calendars, etc., and is also convenient in that it allows members to send or receive information with photo or position location data attachments, from a PC or cell phone. A more noteworthy characteristic of SNS, however, is probably the ability to display new information the user is interested in, such as friendsf diaries or a virtual conference room the user is a member of, through the gMy Pageh function. In the context of local public services, it is troublesome for residents to have to go round a number of websites to check each one separatelyGthat can hardly be called a gpersonal portal site.h If the idea is to build a site that residents will want to access at least once a day, just as they check their e-mail daily, administrative information might not attract their interest. They would surely be more interested in e-mails or diaries written by their friends, or comments posted in a virtual conference room they are interested in through their work or hobbies. If local governments can offer residents a convenient site where they can log in to see the latest information on topics of interest through the gMy Pageh function, the site will attract more hits and at the same time residents can be expected to master computer skills through their own interests. The sense of person-to-person connections is the greatest attraction of SNS, and people learn faster when they are interested. While the top page of the e-governmentfs portal site ge-Govh is identical for all viewers, with a local SNS promoting residentsf participation in the community the aim is to build a convenient portal site that has a common screen layout but can, on log-in, display a gMy Pageh with content matching the interests of the individual.
(5) Form of operation of a local SNS
The principal participants of a local government SNS are the local residents, and it is expected that a SNS will operate hand in hand with the actual real local community. At the same time it will enhance person-to-person relationships and community ties, exclude those with no ties to the local community and build up social capital. It is thought that this will also heighten the ability of the community to resolve problems.
It is expected that local SNSs will be operated flexibly and smoothly by NPOs or local public service corporations. In addition, in the ordinary virtual conference room, it is to be hoped that in addition to enhancing communications with each other residents will also pick up local issues and take the initiative in working to resolve those issues in the community, taking the stance that problems that can be resolved in the community should be resolved in the community, and that the local administration should not be relied on for everything.
It is assumed, however, that some problems will be difficult for the local community alone to resolve. Some local SNSs are planning to set up official virtual conference rooms where these administrative issues can be discussed. In these virtual conference rooms problems not resolvable by the residents alone will be taken up and the administration will also take a responsible part in the discussions. When this is done, however, it is important that a liaison counter be established in the local administration and strict rules be set up on how the virtual conference room is to be handled.
A conceivable means of bringing together residentsf opinions concerning issues discussed in the official virtual conference room on the local SNS site would be to tie it in with an on-line questionnaire system. For a local government wanting to grasp public opinion, an on-line questionnaire using the Internet can be operated at a significantly lower cost and more efficiently than conventional resident voting in which people have to make the trip to the polling station, or a mail?in questionnaire. In particular, an on-line questionnaire system calibrated to the Public Certification Service for Individuals ensures strict adherence to one-person-one-vote, prevents data tampering during transmission and makes possible ongoing discussion tied in with the official virtual conference room. Since it is easy for a person to give a false mail address or to have two or more mail addresses at the same time, the reliability of the Internet is declining and there is more risk of IDs and passwords being stolen in phishing attacks or through spyware. There have also been cases in which the public comments were inundated with a huge amount of e-mails pressing one particular assertion. This being so, it is hoped that this kind of on-line questionnaire will be adopted widely as a means of identifying participants to ensure one-person-one-vote and provide an accurate understanding of residentsf opinions.
The Ministry of Internal Affairs and Communications set up the gStudy Group on Resident Participation in the Local Community using ICTh (chaired by Takemochi Ishii, Professor Emeritus of Tokyo University) to advance studies from a variety of viewpoints, and in 2005 the experimental development of an on-line questionnaire system incorporating a local SNS and the Public Certification Service for Individuals was initiated in Chiyoda-ku in Tokyo and Nagaoka in Niigata in order to encourage resident participation. In 2006 the Ministry also plans an attempt to use TV terminals to encourage wider resident participation through the use of ICT via TV terminals. While PCs and cell phones are effective tools for the younger generation, it is expected that in the future interactive TV terminals that can be operated easily by the elderly using a remote control in the comfort of the living room will become a powerful tool.
(1) Outline of the service
In order to make it possible for administrative procedures such as applications and registrations to be conducted online over the Internet, a personal certification service featuring electronic certification and an electronic signature to serve as a means of personal ID that will take the place of signatures and seals on paper documents must be made available at a low cost to the people no matter where in the country they may live. Thus in December 2002 the glaw concerning the certification of electronic signatures by local governmentsh was enacted and on January 29, 2004 the Public Certification Service for Individuals was launched.
A resident who wants to obtain an electronic certificate brings his or her Basic Resident Registration Card (Juki-card) to the local municipal counter, uses the device installed at the counter to create a pair of encryption keys (a secret key and a public key) to be used with the electronic signature and has the keys stored on the Juki-card together with an electronic certificate issued by the governor of the prefecture. The electronic certificate is valid for three years and the issue fee is \500. When the resident needs to make an application online, he sends the application to the local government together with the electronic signature and certificate he created using the secret key. On receipt of the application the local government verifies the electronic signature and checks the validity of the electronic certificate against the Certificate Revocation list drawn up by the governor of the prefecture. This mechanism can prevent impersonation of the applicant, data tampering during transmission and repudiation of the transmitted material.
(2) Features of the Public Certification Service for Individuals
Even compared with other electronic certification systems whether in Japan or overseas, the Public Certification Service for Individuals is a system of the highest level. Its two main features are as follows.
Firstly, the level of security is extremely high. The electronic signature is based on an advanced encryption technology called public key cryptography in which a pair of encryption keys?a public key and a secret key?is used. In a shared key system in which only one key is used, the problem arises of how to deliver the encryption key along with the encrypted document; while in the public key system, only the public key is made known to the other party, and the secret key is retained by the sender. In addition, in a shared key system, if the encryption key is decoded, the entire system can be damaged almost beyond recovery, which means that a shared key system is not suitable for use in electronic certification where important rights or obligations or large amounts of money are involved. In a public key system, on the other hand, even if both of a pair of keys should be decoded, the damage will be local and limited to the user of the pair of keys in question.
In the Public Certification Service for Individuals the environment in which the pair of keys for the public key system is created has an extremely high level of security. In the case of the Public Certification Service for Individuals, the pair of keys is created by the user in person, using the dedicated terminal device located at the local government office, and the created pair of keys is stored securely on the IC chip in the Juki-card. The complicated computations that create the electronic signature are performed within the IC chip, which is essentially a tiny computer, and the stored secret key cannot be taken out of the chip (tamper-proofing ensures that the key will break if there is an attempt to remove it by force). In contrast, in some private-sector certification services, the pair of keys is created by the certification department, stored on a CD or floppy disk and sent to the user; or the user may download it onto the hard disk of his computer and store it there. In a system where the keys are stored on a hard disk or CD there is a strong risk of the secret key being stolen. On this point, it can be said that the Public Certification Service for Individuals has an extremely high level of security, since the pair of keys is created on the dedicated terminal device located in the local governmentfs office and the secret key is stored securely on the IC chip of the Juki-card held by the resident.
The other major feature of the Public Certification Service for Individuals is the high level of reliability and freshness of electronic certificates. The Public Certification Service for Individuals issues certificates after a close check-up and confirmation of the identity of the resident registered in the Juki-net has been completed by the municipal office. Since the Certification Revocation list is updated every 24 hours on the basis of newly-obtained information of changes, etc. sent from the Juki-net, the level of reliability regarding the validity of electronic certification is extremely high. The period of validity of an electronic certificate is three years, but if during that time there is any change in any of the four types of basic information entered on the electronic certificate, for example, death, a change of address or a change of name due to marriage etc., the electronic certificate becomes invalid. Of course, should the resident report the theft of the Juki-card, the electronic certificate will immediately become invalid, as is the case with any private-sector certification organization. If a notification of death or change of address is filed at the municipal office, however, the information will be processed automatically and online with no need to make a separate notification to the authority in charge of the Public Certification Service for Individuals; this ensures greater accuracy and eases the clerical burden. The high level of reliability and the freshness of electronic certificates is a major feature of the Public Certification Service for Individuals that is not available with private-sector electronic certification services.
(3) Limitations of the combination of ID / password and magnetic cards
Let me touch briefly on the difference between electronic certification and the combination of ID / password. At first glance, the combination of ID / password appears easy to use, but having separate ID/password combinations for different purposes is troublesome, and it is a huge burden on the individual to have different passwords for different purposes and to have to change them regularly. If a person lists all the IDs and passwords he cannot remember in a notebook or something and then has it stolen, he could lose everything. There has recently been an increase in the threat posed by phishing and spyware, and even when the user inputs the combination of ID and password using not a keyboard but a touch-screen display, and changes his PIN each time, modern technology can easily steal IDs and passwords. In the case of a magnetic card, the data recorded on it, unlike the data stored on an IC card, are unguarded and the card can easily be forged. There have been many instances of forged magnetic ATM cards being used to wrongfully withdraw money from bank accounts. We live in an age in which important information cannot be protected with magnetic cards and passwords. On this point, the Public Certification Service for Individuals, in which the secret key providing an electronic signature is stored securely on an IC card, has an extremely high level of security; and it is likely that in the future the service will not only become a platform for e-government and e-local government but will also form the infrastructure of the networking society. In passing, I would like to point out that in addition to identifying the individual, an electronic signature has the effect of preventing data falsification. When a municipal office receives an online application and saves the electronic signature from the public certification service, that is a sure guarantee that the information contained in the report is not later tampered with.
(4) Expansion of the scope of use
The number of electronic certificates issued by the Public Certification Service for Individuals as of the end of 2005 is in excess of 108,000. In order to promote the spread of the service, the Ministry of Internal Affairs and Communications has been working to expand its scope of use.
Firstly, it is planned to expand procedures for on-line applications using the Public Certification Service for Individuals in central and local government. As of December 2005, 11 national government ministries and agencies, 39 prefectural governments and 19 municipalities have in place a system that uses the Public Certification Service, although of these there are only three prefectures in which all municipalities have such a system. In the IT New Reform Strategy, the clearly-stated goal is that by the end of FY2008 all prefectures, and by the end of FY 2010 all municipalities, should have an on-line application system using the Public Certification Service for Individuals. Another goal set out is to increase the rate of use of online application and notification procedures both at national and local government offices to more than 50% by the end of FY2010. To achieve this, the spread of the Public Certification Service for Individuals has to be strongly encouraged.
Next, a draft law amendment has been presented to the Diet that will expand the range of those able to verify the validity of electronic certificates from the Public Certification Service for Individuals, to include not only public administrative agencies receiving administrative procedures but also those who act on behalf of the agencies, such as judicial and administrative scriveners, or those who issue accompanying documents required for administrative procedures, such as public notaries and doctors, via the professional associations to which they belong.
Further, in October 2005 ministerial ordinances of the law on personal identification by financial institutions and the foreign exchange law were amended to allow financial institutions to use the Public Certification Service for Individuals in verifying the identity of customers opening a bank account.
In its priority measures for local administrative and fiscal issues for FY2006, the Ministry of Internal Affairs and Communications is to review the expansion of the scope of use of the service to include other areas of public interest such as electricity, gas and medical care, and a study has already started to consider the use of the service by the private sector, all the while keeping in mind the protection of personal data. Elsewhere, there is a growing demand for the service to be used in the financial sector, and this is an issue for future consideration.
In addition to its use in these online procedures, the Public Certification Service for Individuals may be used in other ways, too. Currently development and demonstration studies are under way on the use of the service in electronic lockers, room access control, a community money system, on-line questionnaire systems and employee authentication (single sign-on) in information systems. In another verification experiment a reader/writer function is being installed on cell phone terminals for anywhere-anytime ubiquitous on-line application services. By promoting the adoption and diffusion of this kind of model system making use of the Public Certification Service for Individuals, the Ministry is hoping to enhance the quality of local administrative services and to expand the use of the Public Certification Service for Individuals.
(5) Expansion of storage media
In addition to the Juki-card, IC cards that fulfill certain conditions are recognized as media for the storage of electronic certificates from the Public Certification Service for Individuals. Although there have not yet been any specific requests for approval of an IC card, any IC card to be used as a storage medium should satisfy the following conditions, assuming of course that it first satisfies the legally-specified technical standards. It must be issued by a reliable body, such as a public organization; it must be an IC card in reasonably common use among the people; and it must allow the verification of the identity of the card holder (facial photo, biometric information, etc.). In reality, if staffs in the municipal offices are to be expected to check the IC card accurately and store the electronic certificate, etc. on the card, any IC card that is unknown to them or whose holder cannot be properly identified cannot be said to be an appropriate medium. At present, an IC card satisfying these basic requirements would be the IC staff identity card issued to personnel by the national or local governments. In the future, the Ministry plans to expand the range of storage media to include other IC cards issued to provide various administrative services such as medical treatment, nursing care, pensions, etc., as well as IC cards issued by reliable financial institutions.
(6) Improving reliability
The budget plan for FY2006 contains a request for a Research and Development (R&D) budget for the preparation of the next generation of the Public Certification Service for Individuals. This R&D program will examine measures to improve the convenience and reliability of the system used for the Public Certification Service for Individuals based on advances in information and communications technology, and with an eye to the updating of the current system. Specifically, it is planned to extract issues such as the introduction of biometrics, the introduction of time stamping and responses to new encryption methods, and to study measures that ought to be adopted.
The Public Certification Service for Individuals is a mechanism to verify the identity of residents for administrative procedures performed over the Internet, while the Basic Residential Register Network System (Juki-net) is a dedicated administrative network through which national, prefectural or municipal administration bodies can identify residents. For example, when applying for a passport, in the past a resident had to provide a copy of his resident card as identification; but it is more convenient for the resident if, instead of having to make a special trip to the municipal office to obtain a copy of his resident card, he can have the administrative body issuing the passport confirm his identity. The Juki-net was set up to network the Basic Resident Register that verifies residentsf address-related information so as to allow administrative agencies to confirm identities in a unified manner nationwide.
In order to offer residents an array of administrative services efficiently, administrative agencies need to be able to identify residents not on paper but electronically, online. The Juki-net can certainly be said to be the basic administrative network for e-government and e-local governments. Careful consideration must be given to the fact that if some local governments do not participate in the network, paper-based certification will continue in the system, not only forcing inconvenience onto residents but also markedly impeding the efficiency of other administrative bodies and causing a great deal of inconvenience.
Although there has been concern that the personal data tied to the 11-digit resident card code number might be leaked, I think that some of this concern is based on misunderstanding, and I would like briefly to go over this misunderstanding.
First of all, the information held by designated information-processing bodies for the Juki-net is limited by law to the four basic types of information (name, address, gender and birth date), the basic resident card code number and changes to these, if any. It is a complete misunderstanding to think that the designated bodies have unified control over all kinds of personal information, and it is impossible for the Juki-net to leak personal information that it does not hold. In addition, the Juki-net uses a unique transmission method to send encoded data over a dedicated line, with rigid firewalls and unlawful-access detection systems. In this way, the security of the Juki-netfs is ensured technologically, in addition to which operationally the system is subjected to checks using a checklist as well as inspection by independent inspectors. Penalties are imposed on any employee who violates confidentiality obligations.
A greater concern is whether personal data will be safe, in the event all kinds of databases using the resident card code numbers are created outside the Juki-net. On this point, the range of administrative agencies that can provide personal identification data from the Juki-net, and the uses to which such data may be put, are restricted by law. At the same time, if a resident so requests it must be disclosed which agencies obtained his or her identification data from the Juki-net. In other words, not even administrative agencies are allowed to obtain a residentfs identification data without a legal basis or without the knowledge of the resident. No resident card code number can be used for non-government purposes, and the number can be changed at the residentfs request if there is any concern. In the future, it is possible that we will have the choice of using the Juki-net to prevent the unlawful use of bank accounts, or tax evasion; but at the same time, full consideration should be given to the protection of the privacy of the individual, and I think careful discussions are called for.
As I have described, the Juki-net is a network allowing administrative agencies to verify the identity of residents; approximately 30 million pieces of identification information are provided annually to administrative agencies from the Juki-net. For example, if we look at the payment of pensions, in the past confirmation of whether a pensioner was still alive or not used to be by means of the current-status report submitted on a postcard, making it difficult to confirm when a pensioner had died. As a result, every year the amount of benefit paid out in error amounted to several billions of yen, the recovery of which also took a huge amount of money. Now however confirmation of identity can be done using the Juki-net, cutting out this waste of taxpayersf money.
In addition to being used for identification purposes when a copy of the resident card is issued outside the area in which a person lives, the Juki-card can also be used as an IC card on which the electronic certificate issued by the Public Certification Service for Individuals is stored. A Juki-card containing a photo of the holder can be used as an official identity card, in the same way as a driverfs license. If so determined by a municipal bylaw, it can also be used as a safe, convenient IC card for all kinds of services unique to the municipality, such as in an automatic certificate dispenser, as a certificate of seal registration, to confirm the holderfs safety, or as community currency. As of August 2005, only a little over 680,000 Juki-cards have been issued; but this does not necessarily reflect on whether or not the Juki-net itself is being put to good use. As a network allowing administrative agencies to verify the identity of residents, it can be said that the Juki-net itself is certainly being put to effective use and is playing a major role as the indispensable foundation for the promotion of e-government and e-local governments.
Local governments hold a huge amount of important personal information about residents, and in order to ensure trust and the safety of residents as the e-local government initiative progresses, local governments must reinforce measures to prevent information leaks and to enhance the level of security. Practically all local governments in Japan have already enacted bylaws concerning the protection of personal information, and almost all have drawn up policies on information security. The question, however, is whether or not local government employees are adhering strictly to the policies. Not a little damage has been caused by failure to observe even the most elementary rules ? never open attached files from unknown sources, do not download files from the Internet without due care, do not take office PCs home. The Local Authorities Systems Development Centre also offers e-learning training that focuses on information security.
From the perspective of encouraging regular inspection and evaluation of the effectiveness of information security measures in the local governments and making improvements, the Ministry of Internal Affairs and Communications is currently asking all local governments to carry out information security inspections. Since in the future it will be necessary to promote information security measures with greater focus on the system and on operation, the Ministry is also conducting studies on a system to evaluate objectively the information security levels of local governments, set up appropriate objectives and implement calculated, phased measures to protect personal information and maintain information security. On top of that, in preparation for the establishment of an ISAC (information sharing and analysis centre) for local governments, the Ministry intends to implement empirical testing and evaluation of a system enabling local governments to share various incident information through the LGWAN, with an eye to full-scale operation.