National ID System and Cybersecurity

This year in October, the “my number” or national ID system will be introduced in Japan and from January 2015, its use will be required.Before that, however, some legal changes are required to prevent illegal access and use of national IDs and to build public awareness about the advantages of the system and the precaution that they need to take to protect their personal ID.The latter is an issue because of the advance of IT technology that presents dangers to protecting IDs where they are used for services without adequate protections.
Consideration is going to connecting the national ID to a variety of sensitive information, including family registration, passports, savings accounts, medical records and automobile registration.Family registration document are need when getting married, applying for passport or handling inheritance issues. In the case of bank records, the linking of the national ID will help prevent tax evasion and money laundering. In the case of medical records, use of the national ID will help track the use of medications and laboratory tests, presumably cutting costs.So there is a great deal of anticipation surrounding the introduction of the new national ID and the contribution it can make to help Japan deal with the problems of its aging society and shrinking tax base.
However, since the national ID is the door to a great deal of information about individuals, there also dangers associated with its adoption.Technology may be available to protect the use of national IDs, but will it be enough?For example, ten years ago nobody thought that telephone and Internet service would become one and the same.The US government is thought to enjoy the best cybersecurity protection, but the recent hacking of US pension data shows that even the strongest measures may not be enough.We also have the example in Japan where some 1.25 million records were lost from Japan’s pension system. As long as technology continues to grow and develop, the dangers will remain.
In this situation, the first step for the government is tighten up the legal framework governing data protection and to introduce new penalties. For example, under the current law, leaking and using information is a crime, but there are no penalties for trafficking. This issue must be addressed before the new national ID system is put into practice.
Longer term, there needs to be more education and awareness around cybersecurity issues. Security starts with individuals and if people are more aware of the dangers it will help prevent hacking and other criminal activity.Moreover, when there is a data breach, quick action is necessary and there needs to be more awareness of this fact.
I welcome the national ID system, but at the same I urge the government to ensure that national IDs are protected adequately.

Takahiro Tsugu
Faculty of Law
Keio University
Takahiro is a member of Faculty of Law at Keio University.
Read more