Operation of a multi-stakeholder model for digital reform (digitalization of disposition notices, etc.)

Overview

Date and Time: From September 30, 2022 to December 9, 2022
Location: Online
Schedule for Examination of digitalization's Basic Concept of Disposition Notices, etc. Based on the Digital Principles

Implementation briefing (Friday, September 30, from 3:00 p.m. to 4:00 p.m.)
Trial operation period (from September 30 (Fri) to October 7 (Fri))
First issue briefing (Thursday, October 6, from 3:00 p.m. to 3:45 p.m.)
First hearing period (from October 11 (Tue) to October 20 (Thu))
2nd Issue Presentation (Friday, October 21, from 17:00 to 18:00)
Second hearing period (October 21 (Fri) to November 2 (Wed))
3rd Issue Presentation (Friday, October 28, from 5:00 p.m. to 5:45 p.m.)
Third hearing period (from October 28 (Fri) to November 10 (Thu))
2nd Issues Interim Meeting (Monday, October 31, from 5:15 p.m. to 6:15 p.m.)
The 3rd Issues Interim Meeting (Friday, November 4, from 3:00 p.m. to 4:00 p.m.)
4th Issue Briefing and Interim Meeting (Friday, November 11, from 1:30 p.m. to 2:30 p.m.)
Fourth hearing period (from November 11 (Fri) to November 17 (Thu))
5th Issue Briefing Session and Opinion Exchange Meeting on the Draft Proposal (1st) (Friday, November 18, from 6:00 p.m. to 7:00 p.m.)
Fifth hearing period (from November 18 (Fri) to November 30 (Wed))
Opinion exchange meeting on the draft proposal (2nd meeting) (Thursday, December 1, from 1:45 p.m. to 2:45 p.m.)
Confirmation of draft proposal (from Friday, December 2 to Wednesday, December 7)

Materials

Opinion Summary

It describes what was discussed in Slack and what was exchanged online in the multi-stakeholder model.
In compiling the outline of opinions, after confirming with the facilitator, some terms have been unified from the viewpoint of ease of understanding.
Comments from consumer organizations are described as "(business operator)."
1st Discussion (from October 11, 2022 to October 20, 2022)
2nd Discussion (from October 21, 2022 to November 2, 2022)
2nd Issues Interim Meeting (October 31, 2022)
3rd Discussion (from October 28, 2022 to November 10, 2022)
Third Interim Meeting on Issues (November 4, 2022)
4th Discussion (from November 18, 2022 to November 30, 2022)
Fifth Issues (from November 18, 2022 to November 30, 2022) and Issues Interim Meeting (November 18, 2022)
Final Opinion Exchange Meeting (December 1, 2022)
Comments on the Draft Proposal (from December 5, 2022 to December 8, 2022)
Observer Opinion (on security)

1st Discussion (from October 11, 2022 to October 20, 2022)

[Issue 1]

In the case of a notice of disposition, etc. based on an application, etc., such as a notice of disposition, etc. not based on an application, etc., what kind of correspondence (necessary conditions) should be considered to contribute to digitalization between the administrative side, which is the source of notice, and the corporations and individuals, which are the recipients of notice, etc., at the time of efficiency?

[Opinion]

Basically, it should be digitally signed.
It is possible for the recipient to disclose or provide a notice that is not intended to be made public to a specific third party, and in such a case, the third party should be able to confirm that the notice has been prepared by a public body.
It is straightforward to use digital signatures, both public and private.
In the case where it is possible to inquire about the content of notifications by document number, etc., it is necessary to examine the security (such as redundancy of document number, etc.), so that it is easier to use existing and established technologies by digital signatures.
(Expert)
What kind of mechanism is assumed for "issuer certification" in Digital Agency?
If it is self-certification by the administrative side, it will be possible to become a person, and if it is certified by a third party, there is no substantial difference from a digital signature, and a digital signature is better from the viewpoint of security.
In addition, if the PDF file cannot be opened to verify the electronic signature with Adobe's AATL, the digital signature is better because it is less convenient for the recipient.
From the viewpoint of convenience, it is desirable that digital signatures can be used in combination with electronic signatures issued by private sector companies (Part 2) and time stamps.
(Local local government)
The following is an example of an issuer certificate.
1. A online application / notice system (such as e-Gov or jGrants) on a government domain (○ ○. go. jp) that has been verified by the sender
2. Signed S/MIME for e-mail
3. The prescribed information must be entered in the public authorities organization e-mail and attached files. (It is assumed that there is a log on the e-mail system that is operated and monitored properly.)
  (Response by the Secretariat)
Publication seems to be the essence of "use in open data," and digitally signing what is published is a second option.
The question says "Contribute to efficiency," but there will be an opinion that it is not preferable to disclose the matter of "Children's abuse" while contributing to efficiency because it is problematic from the viewpoint of privacy.
In addition to the expression "efficiency," there is also the viewpoint of whether an appropriate message will be sent to the person.
In addition, although it says "e-mail," is it okay to assume that the e-mail of each resident is known?
(Expert)
From the viewpoint of operational productivity, when intending to proceed with operations based on target data (in this case, notification of disposition, etc.), it is necessary to first confirm the reliability of the data. It is considered that the reliability includes the non-falsification of data, the source and generator, and the time of existence. In addition, it is also considered that confirmation or certification that the judgment at the time was made correctly is required even after the fact, and digital signatures and time stamps are effective means.
However, since digital signatures and timestamps can be packaged and handled in the data itself, it is considered to be easy to exchange, store, refer to, and circulate in validation.
(Business Operator)
As a general rule, electronic signatures in GPKI and LGPKI should be granted. If it is necessary to store the notice of disposition depending on the nature of the notice, it is necessary to create the notice in the long-term signature format (PAdES-LTV format for PDF) with a time stamp. In addition, it is necessary that the certificate authority certificates of GPKI and LGPKI are registered with Adobe's AATL, but it is necessary to satisfy WebTrust for CA and AATL Technical Requirements. Why don't you map the policies of GPKI and LGPKI and consider coordinating with Adobe?
(Business Operator)
Since the three categories of open data, digital signatures, and issuer certificates are not well understood, how about the following categories?
- Open Data Validation
- Confirmation by e-seal
- Verification by digital signature
- Verification through a validation function by the issuer
  In addition, since the validity of the certificate used for the digital signature is different from the current correctness of the content of the notice of disposition, verification (confirmation that the document was truly issued by the issuer and has not been tampered with) and validation (confirmation that the content is still correct and has not been executed) should be considered separately.
  (Expert)
In principle, electronic signatures should be attached to the notification of disposition indicated, but at present, whether the "notification of disposition" refers to a notification or a Issue with a permit differs depending on each administrative proceduer, so common rules should be established.
(Expert)
It is unclear what you want to do for social problems, so you should clarify the scope.
(Business Operator)
Comments for each page.
P14: What is the whole subject of "illustration"? Is it enough to solve only the requirements common to the illustration?
P16: Isn't it impossible to talk about the appropriateness of the means of realization unless the necessary requirements are seen?
P18: Stories with different levels are lined up in the same row. Isn't it to ask for opinions on what points should be considered as a means to realize digitalization?
P19: The subject has changed from the previous pages. Isn't it just to ask what should be noted and considered about the means of notification? In other words, the other pages are also
P20: We would like to hear your opinion on what is appropriate as a means of realization from the viewpoint of the convenience of the recipient.
P21: There is a posting as a requirement for action on the receiving side, but what kind of means can be considered?
P22: I think it is to ask your opinion on what is appropriate as a spoofs prevention measure.
(Business Operator)
"Use in open data" is stated, but the criteria should be clarified, such as whether to use open data if there is a need for it to be used as data, or whether to widely open data if it is acceptable to publish it regardless of the need. In addition, it is necessary to discuss after clarifying the requirements and criteria for the elements on page 14.
(Observer)

[Issue 2]

When a digitalization is made for a permission notice, etc. that is supposed to be presented to another person, what method is appropriate to make it possible to easily make a validation so that the notice received by the person subject to disposition is as intended by the sender (i.e., has not been tampered with in the course of communication due to an attack, etc. by a third person)?

[Opinion]

In E-Certificate issued by accredited certification business operators under the Electronic Signatures in Global and National Commerce Act, attributes such as affiliation and title may be entered, but other than the name, address, and date of birth, they are not subject to accreditation (Article 6, Item 8 of the Ordinance for Enforcement of the Electronic Signatures in Global and National Commerce Act). Therefore, as a general rule, it is reasonable to use certificates that clearly indicate the title, etc. in the GPKI and LGPKI.
There are some doubts about the use of e-seals. It seems that government and local governments executives have the authority to dispose of e-seals, but e-seals are mainly used by organizations and organization, so there is a gap.
In addition, since the E-Certificate of the GPKI and LGPKI is a position and responsibility, not a natural person, there is a view that it is an e-seal, and in that sense, it may be possible to use an e-seal.
(Expert)
If the interpretation of the Ministry of Internal Affairs and Communications materials is still valid, the square seal of a company is considered to be an approval seal, unlike the circle seal of a company. Therefore, it is necessary to consider whether it is compatible with, for example, a license issued by the administrative side on which an official seal was previously affixed.
* Ministry of Internal Affairs and Communications Material "Direction of Examination of System (e-Seal) to Ensure Reliability of Data Issued by organization"
(Local local government)
Digital signatures that have the function of indicating that they have been made by a specific public office (a range of public officials belonging to the public office) should be used when making a digitalization for a notice of permission, etc.
The reason is that GPKI and LGPKI do not allow electronic signatures based on AATL for the time being. Therefore, if "notification of permission, etc. premised on presentation to others" is discussed, it is inevitable that it cannot be limited to these. "validation" under Electronic Signatures in Global and National Commerce Act (following the interpretation of Article 2 (1)) should be included as a matter of course.
There may be a question that the private sector Trust Service cannot prove the authority of public officials, but it should be concluded that the guarantee of the validity of the authority of disposition cannot be performed only by the Trust Service, which is currently assumed.
In addition, not only "electronic signatures" of Electronic Signatures in Global and National Commerce Act but also "e-seals" in a broad sense, which will be described later, should be recognized in the same manner, and there is little practical benefit in strictly distinguishing between the two.
Even if various digital signatures are accepted, it does not interfere with the clarity that the document is "created by a public official in the course of his / her duties by the method and purport thereof" (see Article 228 (2) of the Civil Procedure Code). Rather, we believe that it is highly possible to borrow an electronic signature service widely used in private sector, and thus to realize an excellent UI / UX for notification recipients.
Regarding the e-Seal, how about the idea that "electronic signatures using certificates of responsibility issued by the private sector Certification Office" introduced by Ibaraki prefecture should be reinterpreted as "e-Seal" in this sense and its validity should be interpreted?
(Business Operator)
In principle, it is desirable to have a document that supports GPKI and LGPKI. However, considering the fact that it is not possible to automatically validation the issuer and completeness of a document in response to Adobe's AATL, electronic signatures based on Electronic Signatures in Global and National Commerce Act are used without problems even in observer-based electronic contracts between the government and private sector. Therefore, it is considered that there is no problem as long as it is issued by e-mail with a domain from the government and has an electronic signature and a time stamp based on a Electronic Signatures in Global and National Commerce Act certified by a certification authority.
(Local local government)
From a UI/UX perspective, it is more likely that the JSON or XML will be signed rather than presented in a PDF. The expiration date of the data is also debatable.
At the extreme, it could be signed using JSON Web Keys in /. well-known of the government domain.
In addition, in terms of long-term signatures, for those with a long expiration date, it is also necessary to consider that the validation of the validity of an expired key at a past point in time can be easily performed.
When a public official digitally signs with a GPKI certificate, a means of verifying the validity of the claim concerning the authority must also be provided.
(Expert)
The above opinion is true if it is only the confirmation of the completeness, but from the perspective of MSM this time, it is necessary for the recipient of the permission or the person who wants to confirm that he / she has received the permission to be able to easily confirm the issuer and the completeness of the electronic document by himself / herself, instead of individually confirming the hashtag with the permission authority.
(Local local government)

[Issue 3]

What considerations must be made when selecting the above method?

[Opinion]

Tamper resistance is ensured by digital signatures, not encryption.
(Expert)
A digital signature is considered sufficient.
(Business Operator)
It is difficult to secure the route, and it is sufficient to secure the object itself.
It is more important to be able to confirm the identity of the issuer than the strength of the electronic signatures, and it is assumed that if there are many methods, it is difficult to know whether or not they can be trusted. Therefore, it may be better to focus on GPKI/LGPKI / (e-seal).
The communication path and the strength of each are considered to be the AL (Assurance Level) of the Trust service, and it is appropriate to have rules based on eDelivery and the like, rather than determining them individually.
(Business Operator)

[Issue 4]

From what perspective should safety be evaluated when selecting the above method?

[Opinion]

In order to ensure the possibility of validation by a voluntary validation operator, it is necessary to use technical standards in accordance with open international standards. Whether or not the service provider is reliable depends on whether or not the organization has received conformity assessment.
However, it is insufficient from the viewpoint of liability, and in the end, a contractual relationship is required (a multilateral contract may be acceptable), and if conformity assessment is not required by the contractual relationship, it may not be necessary.
(Expert)

[Issue 5]

How should the effect of delivery (correct delivery) be guaranteed?

[Opinion]

It should be possible to complete the system (in digital), and human errors should be removed from the system, and the social reliability of the notification work should be improved.
(Business Operator)
It is generally difficult to guarantee the delivery.
We believe that the same method as the computerization of civil trials is possible depending on the procedure, but it is difficult to do so for adverse dispositions that are not based on applications.
In addition, it is difficult to perform the opening confirmation and the reply illustrated in the examples because many people ignore the opening confirmation and it is not realistic to force the reply.
(Expert)
In the current practice of paper management, neither the public nor private sectors take strict measures to guarantee the point of arrival (except in exceptional cases).
Instead of using cases in which strict handling is required because they are procedural acts, such as special service in civil cases, as reference cases for digitization, first of all, it should be confirmed how administrative practices are handled in paper operations, and electronic operations to the same extent should be sought.
(Business Operator)
Various routes are required.
In the case of mail, there is a rule that if it is sent to a content certificate, etc., it will be deemed to have arrived, but a digital ground rule corresponding to this is necessary.
On the other hand, if it is digital, it is possible to do things that cannot be done by analog (for example, a history of opening, a history of reaching a destination), but it is better not to restrict this too much.
To give a specific example, residents and companies may each have an official means of notice (such as an e-PO box in cooperation with Mynaportal).
It is possible to consider a rule that the notification means keeps track of the fact that the notification means has reached the destination box in the log, and the log of the opening of the envelope does not matter in consideration of privacy.
(Business Operator)

[Issue 6]

How should the national and local local government consider adopting a method to achieve both efficiency (cost, time, effort, etc.) and security of the notice service?

[Opinion]

Depending on the content of the notification and the recipient, there are cases where a complete digitalization cannot be made, and it is assumed that some notifications in paper form will remain. If public authorities can work digitally and without awareness of paper, it will be an efficient work.
(Local local government)
In some prefectures, from the viewpoint of administrative operation burden, after the official seal manager has confirmed the document, an electronic signature and a time stamp by the responsibility of the governor are attached by RPA.
In addition, since the cost is a little less than 200,000 yen in annual flat rate, there is almost no problem in terms of cost.
It has already been dealt with, and there is no problem in practice even if a general notice such as this time does not require an electronic signature.
However, it is quite difficult to attach an electronic signature instead of a seal to a document such as a tax notice that has been subjected to imprinting and printing.
We hope that the central, prefectural and municipal governments will be able to handle the issue in a unified manner.
(Local local government)
Digital should be the rule, and the cost of transition and the cost of unavoidable coexistence should be regarded as the cost of paper, not the cost of digitalization (digitalization should not be hindered in terms of cost).
Safety should be considered starting from the point equivalent to paper (the risk of theft, forgery, etc. is not zero for paper and mail).
(Business Operator)
Like Denmark, there should be a policy that in principle, people who need paper should be dealt with by digital sub-bookers. The cost of coexistence should be specified as the cost of paper as a subsidy to digital sub-bookers, and the business flow should be BPR in accordance with digital.
(Expert)
From the perspective of operational efficiency, emphasis should be placed on the development of a unified platform to some extent. There is a concern that the transition of disposal notices to organization will be delayed due to the need for each ministry and digitalization to build an infrastructure for business flows and digital signatures.
(Observer)

[Issue (7)]

In order to realize one time only administrative procedures (information that has been submitted once is not required to be submitted again unless it has been changed) when a corporation applies, how should the parties to be notified and the consent of the Principal be obtained in relation to electronic delivery?

[Opinion]

It is desirable to establish a mechanism in which the name, address, and contact information such as telephone and e-mail of a corporation can be used in common by the administration regardless of the country, prefecture, or municipality by linking them with the corporation number.
(Local local government)
How about providing a function equivalent to a mailbox, such as a post-office box linked to gBizID? It may be sufficient to regard the procedure for opening the post-office box as the consent for electronic delivery.
(Business Operator)

[Issue ⑧]

How do you assess the coverage of existing digital notification methods (e.g., via email)?
Example: (I) When issuing a notification of administrative guidance based on law, use an email with the official domain of organization (for example, @ digital. go. jp).
(ii) Encrypt attached files and assign passwords, etc.

[Opinion]

(1) is in favor.
(ii) Considerable ingenuity is required for the exchange of passwords (the method of sending passwords by separate e-mail (so-called PPAP) is out of the question).
(Expert)
I agree with (1), but it is better to avoid the fact that the transmission method differs between a corporation and an individual because it will make the office work more complicated.
(ii) Encryption may be necessary to prevent eavesdropping from the viewpoint of personal data protection, such as the payment of medical care and welfare.
In the case of an application that requires personal data protection, it is necessary to take measures to exchange passwords by another method other than e-mail, such as determining the password at the time of application.
(Local local government)
Regarding (1), the mail address in the from of the received mail is not sufficient because spoofs is easy. How about S/MIME by organization (S/MIME by e-seal) of E-Certificate name, as implemented by some financial institutions.
(Business Operator)
I would like to say S/MIME, but it is difficult to unify them because the correspondence of the recipient is unknown.
It's also hard to rely on email, given the sheer volume of email today.
It may be a good idea to set up an electronic post-office box (linked to gBizID), and when it is delivered there, the notification will be sent to the notification address (email, SMS, etc.) desired by the company or individual.
(Expert)
Consideration should also be given to the method of certifying the issuer of the sender when documents related to administrative dispositions, etc. are made into PDF and notified via e-mail.
For example, an electronic signature based on S/MIME is effective in providing a sense of security to recipients of e-mails because it guarantees the identity of administrative officials who are senders of the text of e-mails and attached PDFs.
(Expert)

[Issue (ix)]

Are there any points to be noted from the viewpoint of online application when administrative officials use e-mail and the security and Notice System at the time of enforcement of disposition notices, etc.?

[Opinion]

When notification of disciplinary action, etc. not based on an application, etc. is made by e-mail, how is the contact information of the other party managed?
(Local local government)
In the case of notification of disposition based on application, one local government and notification system used in many local online application has a function to require identity confirmation by My Number at the time of application, and in the case of individuals, identity confirmation can be sufficiently performed even with a free e-mail address.
In the case of a corporation, it is better to limit it to an email address with the domain of the corporation.
(Local local government)
From security's point of view, authentication of sender, receiver, and message is necessary, and it is not ensured by ordinary e-mail, but it is solved to some extent by electronic post-office box.
In addition, the story of the "notice of disposition" itself and the "notice" for convenience should be considered separately.
(Expert)
Should it not be recognized that in recent years, the process of issuing and acquiring free email has become stricter (two factor authentication with mobile phone numbers, etc. has become essential)?
Although some people are excessively concerned about communication by e-mail, it should be kept in mind that the use of e-mail addresses is a universal method that can be accepted by anyone at low cost, that logs are more accurate than those created in person or over the phone, and that e-mail addresses are an excellent tool compared to other means in terms of (almost) universality, uniqueness (the same e-mail address does not exist in the world, and the destination is uniquely determined), and reachability.
(Business Operator)

[Issue 10]

What is the most convenient way for an individual or a corporation to receive a notification?

[Opinion]

If you are an individual LINE user, it is convenient because you do not need to install a new app.
(Local local government)
An instrument that depends on a particular private service is inappropriate as a basic service. A basic service should be standardized, such as e-mail or SMS.
"Notice of disciplinary action" and "notice of receipt of notice of disciplinary action" should be considered separately.
(Expert)
It is desirable that a plurality of means are prepared for the "notification of the arrival of the disposition notification" and that the receiving party can select a plurality of means.
Since the "Disciplinary Action Notice" is often sent to related parties inside and outside the Company, it is desirable that the electronic data of the notice can be validation independently.
(Business Operator)
It is assumed that a notice of disposition based on an application is often presented to a third party, such as a permit, a qualification certificate, or a certificate.
In this case, it shall be considered based on the identity of the recipient (applicants), portability, possibility of validation by third parties, etc. For example, although there are various means of receipt, it shall be a guideline for the identity. It shall be a rule that the notification of disposition itself shall be issued in a general-purpose format (protocol) such as verifiable credential.
Notifications of disposition not based on applications, etc. are assumed to be one way in many situations (cases in which permission and qualification are made without based on applications, such as push-type administration, are also assumed).
In this case, the completeness and reachability of the notifying source (authorities, etc.) shall be considered with importance. For example, rules for Mynaportal, etc. shall be developed so that residents and companies have official means of notification (residents = e-PO box-like service in cooperation with law, corporations = gBizID) and the effectiveness of notification to them.
(Business Operator)

[Issue (xi)]

From the viewpoint of improvements in productivity, what criteria should be established to make it easier for individuals and corporations, etc. to use digitalization permits and licenses as official certificates?

[Opinion]

Permits, etc. can be easily searched. It will be difficult to search if the method of notification differs depending on the local government.
(Local local government)
For documents issued by the government, it is preferable to use a document such as Adobe's AATL that allows anyone who opens a PDF file to confirm the source, integrity, and non-falsification of the PDF file.
However, it is important to confirm that at present, Adobe's AATL can be made a validation on a computer, but cannot be made a validation on a smartphone in Issue.
It is desirable to provide a common application that allows automatic validation of the issuer, completeness, and non-falsification of documents issued by the government, whether on a personal computer or a smartphone, in Digital Agency. It is also desirable to support GPKI and LGPKI, and for terminals that do not have an application installed, it is desirable to install the application automatically when the file is opened so that the completeness of the document can be confirmed.
(Local local government)
We agree with the idea of "making it a rule that the digital data of the license / validation document can be used alone."
(Business Operator)
It is desirable to develop a database that allows the issuer (government) to easily search for the status and content of permission and approval.
(Business Operator)
The case of human consumption and the case of machine consumption should be considered separately.
Regarding the former, I think the standard approach is to use PDF and PDF Reader for PDF signature validation, but it is also possible to use a method in which the content can be displayed and the signature Mynaportal can be made by reading it to the validation app. Estonia has distributed an electronic signature and validation app.
For the latter, JWT is easy to use. If validation anonymity is not necessary, an API can be developed. In any case, it is necessary to develop claim names for the content.
(Expert)
The identity of the recipient, the portability of the content, and the possibility of validation by third parties presented are essential.
Various means of receipt (for example, private sector app) are good, but guidelines (based on IAL/AAL) are established for the identity of the person. It has been made a rule that the disposition notice itself shall be issued in a general-purpose format (protocol) such as verifiable credential.
As a scope, it is necessary to consider the linkage when a third party who has confirmed the presented permission and qualification provides the service.
For example, the health insurance card can be carried as a qualification, and the medical care service is provided on the premise of the health insurance status at the place where it is presented, but the medical care service provider needs to perform the office work (billing action) associated with the health insurance status. If this is considered in a general-purpose manner, the portable permit itself needs to be provided with an identifier that can be used in a general-purpose manner, rather than specifying the purpose, and it is better for the protocol to assume that the subsequent office work will be performed.
(Business Operator)

[Issue ⑫]

What measures are necessary to ensure that individuals or corporations are not victimized by fraudulent acts or digitalization due to the spoofs of disciplinary action notices, etc.?

[Opinion]

If it is presented to third parties as an official certificate, it is necessary to fully inform the parties concerned of the method of notice. In addition, it is easy to confirm if the information can be accessed by third parties, such as open data. Do you see an electronic signature when presenting the permit on the smartphone screen?
(Local local government)
It is important to publicize the validation method, and it is important to make it possible to make a validation as usual with major applications (such as Adobe Reader).
On the premise that the validation method is well known, if there is a validation method for electronic signatures, there may be a reading method (such as a smartphone) that does not allow the validation of electronic signatures.
(Expert)
It is desirable to provide a searchable database so that it can be easily checked. In light of the fact that individuals and corporations cannot always easily detect forgery, fraud, etc. even with paper certificates, consideration should be given so that the convenience and digital advantages are not impaired due to excessive restrictions and restrictions.
(Business Operator)
There should be a policy like Denmark that in principle is digital, and people who need paper should be dealt with by digital subbookers.
(Expert)

[Other (1)]

Regarding what is particularly necessary (hope) as a point of discussion in this theme.

[Opinion]

At present, it is recognized that the regulation's Bulk Review Plan is not within the scope, and although it may be outside the scope, it is necessary to focus on the person who made the administrative disposition when considering the DX of the disposition notice, etc.
Currently, it is considered that in principle, employees should determine and implement disciplinary actions ex officio. However, depending on the content, it may be possible to make a decision that can be entrusted, and it may be possible to implement the action by automation or automatic processing.
While the notice of disposition, etc. is being considered in this case, when the matters that require application are clarified and the rules applied to them are made, consideration should be made so that the so-called application principle is not excessively required, and as an adverse effect thereof, for example, one time only by back-office cooperation cannot be achieved at the same time.
(Business Operator)

[Other (2)]

In addition, operation of the "digitalization of Disposition Notice, etc." and the multi-stakeholder model.

[Opinion]

In the temporary special benefit for the Household Exempt from Resident's Tax, etc., a confirmation letter is to be sent to the Subject. Is the confirmation letter for the benefit also supposed to be a digitalization?
(Local local government)
Among the notice of disposition that is not based on an application, if there is a part that is found to be difficult or inappropriate to make an electronic Issue pursuant to Article 7, Paragraph 5 of the "Act on Promotion of Public Administration Utilizing Information and Communications Technology," such as an adverse disposition, a response has been made to make a paper Issue. It is good to consider the subject of discussion separately, taking into account the revision of this provision.
(Local local government)
One key Issue of Promotion of DX is ensuring the integrity of online access to public registries from private sector.
For example, if a reply with an e-seal is obtained when confirming corporate registration information online, it will contribute to Promotion of DX in private sector. In particular, in order to complete private sector procedures such as bank account opening and electronic contracts online, it is important to confirm that you are a "representative of a corporation" or a "person delegated by a representative." It is desirable to be able to complete online procedures by combining My Number cart and corporate registration information.
(Business Operator)
At present (the initial method of proceeding), there are a few open questions, and I felt that the form of the council was brought into Slack as it was. It may be more useful for forming discussions in Slack to present a proposal from the secretariat and obtain responses such as agreement / disagreement / alternative.
(Business Operator)
Regarding MSM, in the case of the OECD model, it is organized by stakeholder category, and it is clear from which position the intervention is made, so it is possible to know whether there are enough stakeholders and to read the background of their statements, but in Issue, it is difficult to understand at present.
The weekly comment deadline may be difficult for many people, especially for stakeholders who need to summarize their comments.
(Expert)
As a result of the discussions this time, will it be a conclusion that affects official document management and law and guidelines related to administrative proceduer?
Or is it just to summarize the results of the technical examination this time, and will the change of the law system be implemented as a separate task?
(Observer)

2nd Discussion (from October 21, 2022 to November 2, 2022)

[Issue 1]

In addition to notifications based on taxpayers' applications (tax reduction and exemption decision notices, tax payment certificates, etc.), how should electronic delivery be considered for notifications not based on applications (tax payment notices, etc.)?

[Opinion]

It would be more desirable if the convenience of electronic Issue could be provided. For example, tax notices could be guided to account transfers, or there could be a link to Pay-easy or a payment app so that you can pay as it is.
In addition, although it is outside the scope of this report, the timing of notification and the due date for payment differ depending on the tax item in the first place, and the collection of resident tax is based on the previous year's income. It is also Issue aware. It is inherently Issue that cash flow management is difficult for individuals. Therefore, it is expected that consideration will be made based on the convenience of taxpayers and users in addition to the digitization of notification and procedures.
(Business Operator)

[Issue 2]

With regard to notification to corporations, given that corporations are already widely using eLTAX for tax returns, what are your thoughts on sending notifications to eLTAX accounts?
Is the use of Mynaportal considered for notifications to be sent to individual taxpayers, such as tax notices? In that case, how should the positioning of eLTAX be considered?

[Opinion]

In eLTAX, there is also a function to make a validation for an e-mail address that is used for the first time, and it is possible to cooperate with a tax accountant. Therefore, it may be sufficient to send the message using the message function and notify the corporation by e-mail that the message has arrived.
(Business Operator)
As for corporations, in the case of companies that request tax accountants to file tax returns, etc., there may be cases where the person in charge of the corporation is not necessarily accustomed to using eLTAX. Therefore, isn't it necessary to consider in line with the actual business situation in order to ensure that the notification will be sent? For example, when a notification is registered in eLTAX, an e-mail notification can be sent, and multiple destinations can be set (the addresses of the tax accountant in charge and the person in charge of the company can be registered).
It is realistic for individuals to first request or approve electronic Issue in Mynaportal (in this case, it is even better if there are advantages such as being able to postpone the payment due date a little as in the case of digitization of details at credit card companies). It is desirable that measures such as making electronic Issue the default can be introduced at the same time based on the spread and use status of Mynaportal (My Number Card).
(Business Operator)

[Issue 3]

Regarding the provision of the Digital Procedure Act that "it is deemed to have reached the person who receives the notice of disposition, etc. when it is recorded in a file stored on the computer used by the person who receives the notice of disposition, etc.", is there any point that should be particularly noted in local taxes?

[Opinion]

Currently, how is it confirmed that "the information has been recorded in a file stored on the computer used by the person who receives the notice of disposition, etc.", and how is the proof in the lawsuit?
(Expert)
If the delivery is to be confirmed through eLTAX or Mynaportal, it is better to confirm the delivery by opening the notice. In this case, in order to encourage the opening of the notice, it may be advisable to consider sending an e-mail notice or displaying a pop-up when logging in to eLTAX / Mynaportal.
In addition, it is understood that the due date for tax payment is set uniformly, and based on this premise, it seems to be more convenient for taxpayers to make periodic reminders than to strictly deliver notices. Therefore, a mechanism and system should be examined in consideration of the nature of such procedures.
(Business Operator)

[Issue 4]

When and how to accept requests for electronic delivery of notifications (tax notices, etc.) that do not involve application.
How do you think about sending a copy of a notice (tax notice, etc.) without an application to Mynaportal, etc. as a notice without waiting for a request from a taxpayer?

[Opinion]

It is possible to encourage electronic Mynaportal from the next time by stating the guidance in the Issue or paper tax notice. In doing so, it may be possible to state the advantages of electronic Issue (for example, you can receive the notice earlier, proceed to the tax payment procedure as it is, or it is environmentally friendly), or it may be possible to consider the financial advantages (tax reduction, Individual Number Card Point, extension of the tax payment period) equivalent to the costs associated with sending the paper.
In addition, validation of A/B testing / Nudge should be conducted to determine what kind of message makes digitization more acceptable.
(Business Operator)

[Issue 5]

What are your thoughts on completing a series of procedures electronically (digitally) by using electronic payment of notification information?

[Opinion]

If the digital completion of the procedure is not premised, there is no merit for the taxpayer to choose the electronic Issue in the first place.
(Business Operator)

[Issue 6]

For or against each of the hypotheses regarding the use cases of the notice of disposition, etc. based on the application (notice pertaining to the certification under the Electronic Power of Attorney Act).
Hypothesis 1
(I) Ensuring the integrity of data: Transmission of emails from administrative domains
② Easy validation: validation of correctness in the administrative domain
③ Delivery confirmation: E-mail for confirmation of opening

[Opinion]

With regard to premises
1. It is stated that "GPKI and LGPKI are currently not easy to perform signature validation in terminal environments, so they will be excluded from the candidates." Is there any reason why it was judged that it was not easy? Recognition that GPKI and LGPKI can easily perform signature validation in terminal environments.
2. It is premised on the issuance of approval or cancellation of approval, but for example, it is necessary to notify the disposition even if the application for permission is not approved, and it is necessary to consider the response.
3. It is assumed that the content of the notice of disposition, etc. will be made public, but it is necessary to consider the case where the notice of disposition, etc. cannot be made public. Each hypothesis is assumed to be sent by e-mail, but it is necessary to consider how to ensure the identity of the recipient.
  (Observer)
I agree with you.
Given that the approval is based on their own application and that the list of approved business operators is also posted on the Digital Agency website, electronic signatures are not required. Given that it has been pointed out that there are cases where the opening confirmation function cannot be used for (iii), it is appropriate to request a reply to the effect that it has been received. Certification of Certification of services for handling electronic power of attorney
(Business Operator)
Isn't it possible to ensure the validation, etc. of third parties only by sending emails from the administrative domain? The same applies to cases where it is not based on an application.
(Observer)

[Issue (7)]

Hypothesis 2
(I) Ensuring data integrity: In addition to the transmission of emails from the administrative domain, private sector's electronic signatures shall be attached to the permission data.
② Easy validation: validation for correctness with administrative domains and electronic signatures
③ Delivery confirmation: E-mail for confirmation of opening

[Opinion]

Except for delivery confirmation, hypothesis 2 is good.
There is an idea that electronic signatures are issued to natural persons in principle. In the case of electronic signatures of specific accredited certification business operators, which are strict electronic signatures, the information to be registered is compatible with natural persons, and it is difficult to issue electronic signatures based on their responsibilities.
If you start where you can, consider that Adobe's AATL can only be verified by a certified operator in private sector, and it's even better to set a timestamp.
For confirmation of delivery, if it is premised on application, it is preferable to store the file in the server and have it downloaded from the link.
(Local local government)
(I) Data integrity (ii) Regarding validation, it is necessary that the certificates be issued by a certification authority listed in AATL, etc., and that the government positions, etc. are stated in the certificates. The GPKI/LGPKI should be made available for validation as soon as possible, and transition should be made to these.
With regard to (iii), it is better to have the URL, etc., included in the e-mail and have it downloaded, and to deem it to have arrived at the time of downloading. In the case of a notice of disposition based on an application, it is better to deem it to have arrived if it has not been downloaded for a certain period of time.
(Expert)
The same applies to Assumption 3. If electronic signatures of business operators are used instead of GPKI and LGPKI, it is possible that electronic signatures of different business operators will be used for each ministry and agency (in some cases, for each system), making it difficult to take a panoramic perspective. The same applies to cases where it is not based on an application.
(Observer)
I don't understand the reason why it is inconvenient to "use electronic signatures of different business operators." For example, there should be six companies and eight services only in private sector that can connect to the GPKI Bridge CA.
(Business Operator)

[Issue ⑧]

Hypothesis 3
(I) Ensuring data integrity: In addition to the transmission of emails from the administrative domain, the signature of an authorized business operator based on the Electronic Signatures in Global and National Commerce Act shall be attached to the permission data.
② Easy validation: validation for correctness with administrative domains and electronic signatures
③ Delivery confirmation: E-mail for confirmation of opening

[Opinion]

The "certified" services of a "business operator certified under the Electronic Signatures in Global and National Commerce Act" do not include services that certify "the titles of users and other attributes of users (excluding the names, addresses, and dates of birth of users)."
(Business Operator)

[Issue (ix)]

For and against hypotheses regarding use cases of disposition notices, etc. not based on applications (notices pertaining to rescission of certification under the Electronic Power of Attorney Act).
Hypothesis 1
(I) Ensuring the integrity of data: Transmission of emails from administrative domains
② Easy validation: validation of correctness in the administrative domain
③ Delivery confirmation: E-mail for confirmation of opening

[Opinion]

Agree.
Given that the list of certified business operators is also posted on the Digital Agency website, it is easy to confirm the facts, and electronic signatures are not required.
Regarding (iii), it is appropriate to request a reply to the effect that it has been received, in light of the indication that there are cases where the opening confirmation function cannot be used.
Certification of services for handling electronic power of attorney
(Business Operator)

[Issue 10]

[Opinion]

Except for delivery confirmation, this hypothesis 2 is good.
The electronic signature can be further time-stamped to enhance data integrity.
Since there is a concern about information security, including cyber-attacks such as spam emails, in relation to the arrival of disadvantageous administrative notices such as the revocation of permission, it is better to refrain from sending emails for confirmation of opening.
For example, when the administration unilaterally revokes the permission based on the application, it is necessary to make a decision to generate the arrival effect of seeing, such as by treating the transmission to the e-mail registered at the time of application as the arrival.
One idea is to apply it to electronic post-office boxes and notifications to Mynaportal in the future.
(Local local government)
Regarding (iii), it is better to have the URL, etc., included in the e-mail and have it downloaded, and to arrive at the time of downloading. In the case of a notice of disposition not based on an application, if it has not been downloaded for a certain period of time, it is better to send it in writing (or hand it over).
(Expert)

[Issue (xi)]

[Opinion]

None in particular

[Issue ⑫]

As an issue to be addressed in the future multi-stakeholder model, is there any other good alternative for use cases, where the needs of digitalization are high?

[Opinion]

I would like to propose a demonstration experiments with a permission for road occupancy, which was difficult at the time of the digitalization. In addition, a drones flight permission presented by a participant may be used. Since it is after the Digital Procedure Act, it has a high affinity with digitalization. Isn't it important to start from where there is a need in business?
(Facilitator)
There are many road use permits and road occupancy permits, and the advantages of digitization are great.
Whether to electronically sign the "notice" or the "permit" is a different idea depending on the procedure in practice.
In drones, even if you have a permit, you may be reported that you are flying, and when the police come, they show you the PDF screen of the permit.
The above electronic permit has an electronic signature, but it is attached to the permit, and the permission notice has been received by e-mail.
(Expert)
It may be possible to confirm the domain of the e-mail with DKIM, and to make a validation of many notifications such as permission and permission by downloading documents (attach an electronic signature that can make a digitalization) to the cloud.
(Facilitator)
Permission for occupancy is granted by the national government, prefectural government, and municipal government, and is also granted when various administrative properties such as rivers, parks, and ports are permitted to be used in addition to roads. Since there are so many cases and administrative procedures familiar to administrative officials, it is very good for use cases.
In addition, even if it is considered on another occasion, it is good because the same use cases can consider the payment notice of the occupancy fee that occurs every year derived from this procedure, the cooperation of the permission information with the competent police station, etc.
(Local local government)
Regarding the procedures for local government, it may be easier to respond to notifications about children and childcare, such as permission to enter a nursery school and receiving or suspending child allowances, because the parents' generation is relatively literate and the message is easy to understand.
(Business Operator)
Since the above notifications (nursery school and child allowances) are issued in a large number in one period, there are actually several consultations and inquiries from local government to see if it is possible to make a digitalization.
(Business Operator)

[Other]

In addition, I would like to ask a wide range of opinions on this issue.

[Opinion]

For electronic signatures, it is better to install CA certificates and use GPKI and LGPKI.
Validation of GPKI and LGPKI certificates is possible by installing CA E-Certificate in Windows, Adobe, etc., respectively. Regarding electronic signatures, it is probably the simplest to make it known that GPKI and LGPKI CA certificates are installed.
(Expert)
However, if you download a self-signed certificate such as a GPKI Government CA or LGPKI organization CAR2 and load it into Adobe Acrobat Reader, it is possible to automatically display "Signed and all signatures are valid" when you open a PDF, and visibility is certainly improved.
However, verification of revocation information is probably not possible, so actively verifying the signature panel may show "The selected certificate does not have information on how to verify its revocation status. It cannot be determined whether this certificate is valid or revoked."
The debate over whether something is on the AATL is different if it is manually added to the list by a validation because there is a de facto basis of trust where Adobe approves it.
Requiring more or less complex work on the part of the general public, whose literacy is not guaranteed, is a departure from the goal of what should be done to make it easily variable.
(Business Operator)

2nd Issues Interim Meeting (October 31, 2022)

[Issue 1]

Methods for ensuring the correctness of emails

[Opinion]

Regarding the use of S/MIME, instead of purchasing as many E-Certificate as the number of persons in charge, it may be sufficient if the company has at least one E-Certificate. There may be a way to operate S/MIME with one E-Certificate in the name of the company.
(Business Operator)
I think there are probably clients who do not support S/MIME, but in that case, I think that it is possible to guarantee the correctness of the contents by sending the text of the e-mail in PDF format. In addition, in that case, I think that it is possible to handle not only the number of persons in charge but also one E-Certificate for each corporation. It depends on the use cases, but considering the sharing of responsibility, I think that it is better to have one electronic certificate per department.
(Business Operator)
If you are on the receiving end, there is a high possibility that emails from government agency or local government will be opened immediately. Therefore, it is effective to have a E-Certificate such as S/MIME that allows the sender to be clearly identified, and you can operate it with peace of mind.
(Business Operator)
It is desirable that there are various methods. As you pointed out, sending without doing anything could cause damage to spoofs and other areas. When using an e-mail hosting service, source authentication is basically combined, but I think whether it is sufficient or not will be discussed later. In addition, even if e-mails are exchanged via S/MIME, it does not mean that there are no people who send fake e-mails, so it will be necessary to discuss later whether it will prevent phishing and the like through other routes.
(Administration Office)
I think it is one idea to attach an electronic signature to the attached files such as PDFs and send them, but it is difficult for the recipient side to consider the possibility of cyber attacks in the form of spoofs in government agency. In addition, in that case, it is considered that the use of S/MIME is good, but it is my understanding that S/MIME is not very popular. I would like to know if the cause is in the aspect of usability. (Operator)
- At first, I think that S/MIME had an image that all persons in charge had certificates, and it was difficult to spread. On the other hand, if it becomes widely known that a certain degree of issuer certification can be obtained by a corporation's electronic signature, such as e-seal, which is separately discussed, I think that S/MIME can be expected to spread in the future.
  (Business Operator)
- In short, when the government uses the e-mail, various people will be on the receiving side, so I think it would be fine if the government could confirm that the e-mail is the sender's e-mail even if the digital literacy is not high, and if the validation can be made after the fact. I thought that the operation you explained would be sufficient.
  (Business Operator)
99% of mail does not use S/MIME, so there is no habit of checking whether it is S/MIME or not. We have to think about how much the method of checking whether it is S/MIME or not will spread to all mail from government agency.
(Expert)
In light of the reality of cyberattacks, it is good for society as a whole to eliminate as much uncertainty as possible in e-mail. If the use of such a mechanism by government agencies, local government, etc. becomes widespread, megabanks and companies with many consumers will also be able to ensure the safety of society as a whole by preventing attackers from using their e-mail. Isn't it beneficial as a policy to be implemented by Digital Agency?
(Business Operator)
The correctness of e-mail is shown in the section "7.2.1 E-mail" of the "Guidelines for Formulation of Standards for Measures for Government Agencies, etc.", and DKIM is included in it. This is the baseline.
(Observer)
It is not possible to answer whether to improve security by adding security measure such as S/MIME to e-mail itself or to use a communication method other than e-mail. We will discuss again what kind of messaging method is easy for the people to understand.
(Administration Office)

[Issue 2]

I want to use an electronic signature

[Opinion]

It is divided into two patterns: one is to receive a certificate from a certificate authority on Adobe's ATL and sign it at hand, and the other is to sign it remotely.
(Business Operator)
If government agency is to use it, it is necessary to post the attribution information, but even if E-Certificate posts the organization attribution, it is not subject to the business to be certified, so there is no difference in whether it is an accredited certification business operator or not under the law (although there may be a certification authority that posts it as a service).
(Business Operator)
The question is not whether it is an accredited certification business operator, but whether it is listed in the ATL. It needs to be a E-Certificate where information about government positions can be confirmed. Originally, it should be to promote the use of the GPKI and LGPKI, but as a transitional position, it should be listed in the ATL and operated in such a way that government positions can be confirmed in some form.
(Expert)
It is a matter of Article 228 of the Code of Civil Procedure, but it is necessary to discuss whether the desire to use electronic signatures is related to the authenticity of the document or whether it is done as another security control measure.
(Administration Office)
From the perspective of the recipient of the notice of disposition, there may be a world view in which data is circulated for self-certification, etc. between the people and the private sector. This time, the issue is focused on the notice of disposition, but it is necessary to consider the validation in the case that the original data issued from government agency or local government is circulated.
(Business Operator)
One point is that the correctness can be proven even at the place where the notice of disposition is circulated from time to time. There is also a problem of how to consider the presence or absence of electronic signatures as a method for the formation of a genuine document under Article 228, paragraph 2 of the Code of Civil Procedure. However, I think that the main thing is security consideration.
(Expert)
Article 228 (2) of the Code of Civil Procedure broadly defines whether or not a genuine official document has been prepared as part of official duties, and the concept of an official document needs to be considered broadly compared to the issue of a notice of disposition, etc. It is necessary to consider the relationship with the Information Disclosure Act, etc.
(Administration Office)

[Issue 3]

To confirm delivery by e-mail only

[Opinion]

Writing a word such as "reply required" is the worst option because it is expected to make phishing and spam mails write "reply required" as well. In addition, the method of using the open confirmation tool uniformly is also at the risk of being abused. The method of writing a URL is good as a solution, but it cannot be used for a wide variety of documents considering the storage location and system of electronic documents.
(Business Operator)
It is questionable whether the method of describing the URL in which the electronic document is stored can be evaluated as legally arrived. Although it must be selected from among the mechanisms that can be evaluated as legally arrived, if the method of writing "Open confirmation tool" or "Reply required" does not work, it is difficult to evaluate the method of describing the URL as legally arrived unless separate measures are taken, for example, obtaining consent in advance for the method of confirming the arrival of the electronic document at the time of permission. It is a difficult issue to resolve.
(Business Operator)
We would like to consider that it has arrived when an electronic document is downloaded from a URL. Since there is a fear that some people will not download from a URL, it may be better to consider sending a document or handing it over face-to-face, and notify the URL if it has not been downloaded for a certain period of time (about one week).
(Expert)

[Issue 4]

Of a whole

[Opinion]

Depending on the nature of the notice of disposition, it may be necessary to discuss the use of different methods of delivery, such as whether to send the notice by e-mail with S/MIME or by file format.
(Business Operator)

3rd Discussion (from October 28, 2022 to November 10, 2022)

[Issue 1]

Approval or disapproval of the following hypotheses regarding permission to handle alcohol.
Hypothesis 1
(I) Ensuring the integrity of data: Transmission of emails from administrative domains
② Easy validation: validation of correctness in the administrative domain
③ Delivery confirmation: E-mail for confirmation of opening
*Is there a difference in the method of transmission when notifying a business operator or an individual?

[Opinion]

None in particular

[Issue 2]

[Opinion]

I agree with Hypothesis 2 except for the open confirmation email.
If an electronic signature is issued from an administrative domain, an electronic signature certified as a specific authentication service is not necessary, and an electronic signature that satisfies the requirements of Electronic Signatures in Global and National Commerce Act is sufficient. If a time stamp is provided, the certification capability of non-falsification is further improved.
In principle, it is better to send an e-mail with a URL to the e-mail address registered at the time of application, and to make it a service when it is downloaded.
The difference between corporations and individuals is whether to limit the e-mail address to be registered at the time of application to the domain of the corporation.
It is possible for individuals to authenticate themselves in My Number Card even if they are flexible workspace, but it is not possible for corporations to do so. Therefore, it is appropriate to send email addresses in corporate domains.
(Local local government)

[Issue 3]

[Opinion]

None in particular

[Issue 4]

Opinions for or against the following hypotheses regarding the revocation or suspension of permission under the Alcohol Business Act.
Hypothesis 1
(I) Ensuring the integrity of data: Transmission of emails from administrative domains
② Easy validation: validation of correctness in the administrative domain
③ Delivery confirmation: E-mail for confirmation of opening

*To the extent possible, please indicate whether there are differences in the method of transmission when notifying business operators or individuals.
*Is there a difference in the method of transmission depending on the content of the disposition notice?

[Opinion]

None in particular

[Issue 5]

[Opinion]

I agree with Hypothesis 2 except for the open confirmation mail.
It is better to consider notifications of Adverse Dispositions separately for those based on applications and those not based on applications.
If digitalization is to be made as soon as possible, it is realistic to start with applications, and to agree in advance at the time of application on the handling of cases where emails are not downloaded for a certain period of time after they are sent, or to respond separately by analog means such as paper or telephone.
However, when it is deemed that an e-mail has arrived even if it has not been sent or downloaded for a certain period of time, it is better to consider corporations and individuals separately.
When an e-mail address as a means of communication to be exchanged electronically in the future is registered with the consent of the applicant at the time of application, it is normal for a corporation to check the e-mail received within a certain period of time, but in the case of an individual, it is premature to cause a disadvantageous effect by not looking at the e-mail even with the consent of the applicant.
Therefore, how about starting with a corporation that has agreed to the effect of delivery in advance at the time of application?
(Local local government)

[Issue 6]

[Opinion]

None in particular

[Issue (7)]

Clarification of the purpose of publication and use of permission information.
In the publication accompanying the notice of disposition, one of the purposes of the publication is that the permission information is published online, so that persons other than the person who has received the notice of disposition of permission can easily confirm the information.
For example, if the name of the corporation is known, it will be easier for the residents to quickly check the permission status and public information online, and to report to the public authorities if necessary.
There are pros, cons, and alternatives to this arrangement.
Furthermore, from the viewpoint of the use of permission information, if the list of permission information published online has machine-readability, it may be easier for persons who have received a notice of disposition of permission and other persons to use it for secondary purposes, such as analyzing the permission information and combining it with other information, thereby improving the transparency and convenience of the information.
There are pros, cons, and alternatives to this arrangement.

[Opinion]

Although the disclosure of the list of permitted business operators in a machine-readable form has a certain effect, there is a problem of how to confirm the correctness of the list at the secondary use. It is desirable that the administration secures the integrity of the list to a certain extent even in such a disclosure method.
(Business Operator)
For example, the publication of adverse dispositions such as business suspension has a significant impact, so there are differences depending on the case. In addition, there is little need for secondary use of published data. For the time being, published data may only be a supplementary confirmation of the integrity of the permit.
(Local local government)

[Issue ⑧]

Announcement of licensed business operators under the Alcohol Business Act.
The list of alcohol business licensees is disclosed as machine-readable data.
When considering secondary use of data (information), it may be desirable to disclose the list of authorized personnel in the same format.
Yes, no, alternative.
Are there any undesirable cases?

[Opinion]

None in particular

Third Interim Meeting on Issues (November 4, 2022)

[Issue 1]

Confirmation of Delivery of Adverse Dispositions

[Opinion]

Is it considered to be reached in a situation where it is not always confirmed that it has reached the other party? You must consider whether the other party can usually be recognized. If you do DL, there are people who do not DL, so you must consider the case where you cannot reach the other party in this way.
(Expert)
How to confirm that it has arrived. In the case of an appeal or a lawsuit for rescission, it is ○ ○ days (months) from the day following the day on which the adverse disposition was made known. It is a very important issue in practice which timing is considered to be known.
(Expert)
It is important to confirm that it has been reached. There is a problem with the starting point, so it may not be possible to do it only with digital technology. As mentioned above, it can be done if the country issues a notification that it is deemed to have been delivered one week after it was sent. It is quite difficult in local government.
(Local local government)
Under the Specified Commercial Transactions Act, the calculation start date is the date recorded in the mail server of the other party. Since there is no way to confirm that it has been recorded, it must be determined by law. Even if it is determined, the recorded fact needs to be challenged as a case. Therefore, it must be newly determined by law.
Local government wants to digitalization a lot of things to be sent around the same time, especially dependents.
(Business Operator)
As mentioned above, if you try to make a digitalization for all delivery confirmations, the problem of whether or not the receiver has made a digitalization will be mixed. It should be stated that certain measures will reduce the number of procedures. If you leave the method of sending by mail and make it possible to send digitally, it will be much easier. It is difficult to solve all at once. It is difficult to change laws, but it is easy to add them. Otherwise, there will be no debate.
(Business Operator)
There are people who voluntarily refuse to digitize everything, so it will be combined with e-mail in the end. What is useful is to have it DL. Even if I e-mail with S/MIME, there are many cases where I want to receive the disposal notice itself as an attachment.
These days, all companies often DL from a link. For example, run a DL site in Digital Agency and have it DL as needed. You can confirm the arrival by DL. If you do not DL, you can only notify them by paper. It would be good if you could use a service that can be used by all ministries. It is faster to make at least one and use it. GPKI certificates are the fastest, but after DL of self-signed certificates, you need to set up an Adobe reader. If you are going to start early, it will be very different if you buy one AATL-compliant system, install it on the Digital Agency site, and sign with the system. That is one way to start.
(Business Operator)

[Issue 2]

Other

[Opinion]

If it is not based on an application, the hurdles are high, but if it is based on an application, it may be possible. The validity of the address sent is maintained. If it is not DL, it can be sent by phone or paper. Instead of aiming for perfection, it may be possible to send it digitally and think about it from there.
(Local local government)
It is difficult to solve all the Issue suddenly. It is necessary to narrow down the scope to some extent. If the requirements for delivery are clarified and how much can be dealt with and how much cannot be dealt with are advanced, it can be examined by the same methodology. It is better to consider a method that makes the method being examined by each ministry and agency into a methodology. If it is a complementary method or a form that covers some parts, it will be easier to proceed. If there is anxiety when promoting it, it will be difficult to proceed.
(Expert)
As mentioned above, it is desirable to create a mechanism that can be integrated with existing mechanisms. In addition, it is desirable to model a mechanism in which the level of the digitalization part is required depends on the content of the work, and the work part is entrusted to the original section by the Digital Agency. The purpose is not to digitalization everything, but to reduce the number of failures. The government has not been able to ensure identification to the people and corporations. It has not been able to promise a method of communication in digital, so it is desirable to create a policy strategy that can create that point in the long run.
(Business Operator)
In each disciplinary action notice, there are some that call the recipient, so there is a sense of anxiety about making a digitalization. If it is immediate, the level of intensity and permission may be divided. It will be a tool. There is a concern about the integrity of digital data. Even if I hear the co-management part, it will be handled by each ministry. All ministries and agencies are concerned. It would be appreciated if the interpretation of the Digital Procedure Act could be arranged. It is difficult to operate all ministries and agencies separately.
(Observer)
It is better to divide the persons who receive the notification of disposition into citizens and corporations. For corporations, the digitalization of the notification of disposition will be easy for those who are based on an application using gBizID, etc. For ordinary citizens, the notification of disposition will be sent digitally using Mynaportal, but it is difficult to proceed with the consent of the person. It is necessary to consider how to send the notification of disposition based on the application of the corporation, and how to ensure the completeness of the electronic file. As for the confirmation of delivery, why don't you create several options and try them out, and get feedback from the corporation that received them?
In addition, it would be good to do what is indicated in Ministry of Internal Affairs and Communications's "Summary of the Study Group on Systems to Ensure Reliability of Data Issued by organization" and "Guidelines on e-Seals."
(Business Operator)

4th Discussion (from November 18, 2022 to November 30, 2022)

[Issue 1]

Presupposition
The local local government, which is the recipient, is designated as a specified public benefit, and the target households are identified based on Non-taxable Households statistics.
Assumed transmission method Which of the following options (I) to (iv) is better?
(1) Is it okay to send it by e-mail? (The method is an option discussed so far.)
② Is it okay to send it to the chat account?
(iii) Is it OK to transmit from Mynaportal?
(iv) Are there any other effective methods?
With or without electronic signature
Is it better to attach an electronic signature?

[Opinion]

Considering that account information, etc. will be provided as a set with the method for responding to the confirmation letter, a service that requires authentication, such as Mynaportal, is preferable.
(Local local government)
In the future, notifications to individuals or households should ideally be sent to Mynaportal (or a service like an electronic post office box that works with Mynaportal is an option).
That's because there's no spoofs, there's less risk of accidentally deleting the message, and you can at least determine when the addressee can see it, but it's still easy to recognize it by setting up an email notification for the announcement.
(Business Operator)
It is better to send it from Mynaportal. When a notification arrives in Mynaportal, it will be sent to the registered e-mail address, so it is unlikely to be overlooked.
Electronic signatures are not required for communication via Mynaportal.
(Business Operator)
There are multiple options for the notification method to be assumed, but it may be inconvenient for the administration to obtain consent for each individually. It may be easiest to obtain consent to receive the notification in Mynaportal, and the discussion may be greatly omitted. In Mynaportal, there is no need to attach an electronic signature, and the recipient does not need to worry about the confirmation of the sender as in the case of e-mail.
(Expert)
It is not based on the premise that a notice of disposition will be sent by e-mail, but for individuals, there is a Mynaportal, so the notice should be sent there. For individuals, it is sufficient to send a notice that can be sent by Mynaportal, but for corporations, there is no Mynaportal, so there is no other way than to use gBizID, and there is no way to distinguish between individuals and sole proprietorships. As a preliminary step, since the necessary validation varies depending on the individual procedure, it is appropriate to arrange the validation method for each procedure (notice, permit, certificate, etc.). validation
(Expert)
The integrity of the notification is not so important, and it is important to ensure the integrity of the permit. It may be easier to organize if it is said that what is important is (the security of the integrity of) the permit rather than the detailed classification.
(Local local government)
In the above, it is stated that the integrity of the permit is important, but the integrity of the notification is also important. The arrival date and time of the notification may be important, and we are aware of the problem. In the case of litigation, etc., after the fact, the timing of the notification is also important, and legal arrangement is also difficult.
(Expert)
It is considered that there is a discussion about the case where the validity of the arrival of a notice is disputed. In addition, the validity of the arrival of an e-mail is still a difficult issue because it is related to whether or not the other party has recognized it. It is recognized that it is necessary to sort out the profit disposition such as permission separately from the adverse disposition.
(Local local government)

[Issue 2]

Presupposition
The local local government, which is the recipient, is designated as a specified public benefit, and the target households are identified based on Non-taxable Households statistics.
The confirmation letter has been used to obtain the consent of the Subject to the digital notification.
Assumed transmission method Which of the following options (I) to (iv) is better?
(1) Is it okay to send it by e-mail? (The method is an option discussed so far.)
② Is it okay to send it to the chat account?
(iii) Is it OK to transmit from Mynaportal?
(iv) Are there any other effective methods?
With or without electronic signature
Is it better to attach an electronic signature?

[Opinion]

As with point (1), it is better to transmit from (3) Mynaportal.
In general, in the case of receiving in Mynaportal, if it is sufficient for the addressee to know the content, or if the transmission destination is limited to public authorities even if the content of the notice is re-transmitted, electronic signatures are not necessary.
However, "electronic signatures" (digital signatures in general) as used herein shall also be deemed to be:
(1) Is it enough to have only non-falsification?
(ii) In addition to non-falsification, is it sufficient if the public office that created it can be specified to some extent?
(iii) In addition to non-falsification, is it necessary to be related to the creation of a specific public officer?
(iv) In addition to non-falsification, is it necessary to have a format created by a specific "administrative agency"?
There can be branches such as.
We would like to request that detailed examination of the provisions of the Ministerial Ordinance and the Ordinary Rules be encouraged based on the examination of the necessity and acceptability.
I do not feel the need for ④.
(Business Operator)
In cases where the accuracy of the document needs to be ensured in the later process, such as when the recipient of the notification applies to a third party (e.g., application for building confirmation), is it necessary to send an electronic document with an e-seal or electronic signature in addition to the notification in Mynaportal?
(Business Operator)

[Issue 3]

In order to ensure that there are no victims of transfer fraud or exploitation of public authorities (to a minimum) when benefit digitally notifies individuals of financial penalties such as personal data and tax collection, what measures need to be taken as common rules for national and local local government?

For example, what are the pros, cons, and alternatives (including additional comments) for the following responses?
Enter the fact that "We will never ask you to operate an ATM or make a cash transfer for the provision of public authorities" on the website or notice (assuming digital) related to benefit and tax collection of benefit.
When making a digitalization for a Disciplinary Action Notice, etc. for the first time, it is necessary to include the URL of the website of the Consumers Organization related to the Prevention of Harm to Consumers and attach the flyer.

[Opinion]

It is necessary to prevent systematic errors and deception.
In phishing and spoofs e-mails, there are examples where even the link and the contact TEL are disguised and made invalid, and even if the information is not entered at the transition destination, in some cases, just stepping on the link results in notifying that the e-mail address is alive.
In principle, e-mail notifications should be in plain text and should not include URLs or phone numbers that can be directly transferred.
Even if you have to write a URL or inquiry phone number
- Make plain text (at least on the sending side)
- Make simple URLs less likely to be spoofed
- Limit the number of portal sites as much as possible (if there are too many, it will be easier to make fakes).
- Use a website or TEL number that is easy to find and identify as official
  Such contrivances should be made.
  (Business Operator)
It is understood that the abolition of health insurance card has made the acquisition of My Number Card substantially mandatory. By thoroughly utilizing Mynaportal (including e-tax, etc. linked to Mynaportal) and public fund receiving account, the concerns described above may be significantly alleviated. It is more desirable that remittance (payment) can be performed from Mynaportal in cooperation with Pay-easy, Internet banking of financial institutions, update-related APIs, etc.
(Business Operator)
We received the following information on efforts, documents, and leaflets among the issues of this case.

Government Efforts against Furikome Fraud, etc.
1. Anti-False Billing Package
  Executive Summary
2. 2022 Consumer White Paper
  Part 1 Chapter 1 Summary Results, etc. of Aggregation and Analysis of Information on Consumer Accidents, etc.
Easy-to-understand dissemination and awareness-raising tools
Personal Information Protection Commission Website
Public relations materials (publications and videos)
(Business Operator)

I think that it is necessary to consider the notice of granting benefits and the notice of adverse disposition separately. I think that it is necessary to consider obtaining consent in two steps to send a notice from the administration in Mynaportal and to send a notice of adverse disposition in Mynaportal. Consent is essential for the delivery of a notice that is linked to some legal effect. There may be a difference in the level of consent between the notice and the notice that is not linked to legal effect.
(Expert)

[Issue 3]

Other

[Opinion]

We agree with the discussion in Mynaportal, but based on the points at issue this time, I feel that it is a predetermination of the conclusion. It is assumed that we will discuss the method of notification first, and if Mynaportal is good, it would be good to rewrite the premise and discuss it.
(Business Operator)

Fifth Issues (from November 18, 2022 to November 30, 2022) and Issues Interim Meeting (November 18, 2022)

[Comments on the Draft Proposal (1)]

About "Cover"

[Opinion]

All disposal notices mentioned in the document are assumed to be consumed by human eyes. Mechanical confirmation is also assumed to be performed by validation of a signature using Acrobat Reader, etc., and the result is displayed, which is then consumed by human eyes.
There are cases in which software on the server of the recipient directly consumes and processes what is issued in the form of machine-processable JSON, for example, without human intervention, and there are many cases in the digital advanced countries.
This can be addressed immediately, but the problem is that this category is completely missing. If it is this type, the key to either LGPKI or GPKI can be found on the website of the organization https://example.go.jp/well-known/jwks.json.
Is sufficient.
As a case in point, they should be broadly divided into those consumed by humans and those consumed by machines.
(Expert)

[Comments on the Draft Proposal (2)]

About the Introduction

[Opinion]

Opinions
Digitalization by mail allows the government to reduce the cost of mailing, and the industry to eliminate time constraints such as visits, contributing to the reduction of CO2 emissions when automobiles are used.
A modified opinion
By making a digitalization by mail, the cost of mailing can be reduced on the administrative side, and on the industrial side, there are no time restrictions such as visiting, which contributes to the reduction of CO2 emissions when using automobiles, etc., and the burden of office work to keep paper originals is reduced.
Reason
In order to touch the burden of office work, space, etc. that continues to store and preserve paper originals.
(Business Operator)

Opinions
On the other hand, some of the latter are subject to adverse dispositions or are sent to individuals who are expected to fall into the digital divide, so it is unlikely that they will be subject to digitalization in general.
A modified opinion
On the other hand, the latter includes those that fall under the category of adverse dispositions and those that are sent to individuals who are assumed to be in the digital divide, so more careful consideration is necessary for digitalization.
Reason
I think it is a partial denial, but "generally not" can be read in the entire denial, and the background of the discussion that "more careful consideration will be necessary because there is another point of contention" was added.
(Business Operator)

Opinions
On the other hand, some of the latter are subject to adverse dispositions or are sent to individuals who are expected to fall into the digital divide, so it is unlikely that they will be subject to digitalization in general.
A modified opinion
On the other hand, the latter are subject to adverse dispositions and some are sent to individuals, so it is unlikely that they will be subject to digitalization in general.
Reason
While there is a digital divide issue not only for individuals but also for corporations, the current description may be misunderstood that there is no digital divide issue for corporations.
(Observer)

Opinion
Slack is a suitable tool for collecting opinions from an unspecified number of people, but it is desirable to simultaneously use "graphic recording / facilitation graphic" and the like to "visualize" opinions from various perspectives written by stakeholders with various backgrounds and lead to common understanding.
(Business Operator)

Opinions
Strongly promote the formation of declining birthrate and aging population in order to improve the convenience of the people and solve the Issue they face, such as responding to the development of digital society
Opinion
We agree with the purpose, but it cannot be said that digitalization will be achieved by efficiency the content. We should summarize the whole picture of the benefits and risks of digitalization that will spread to the entire society in the future, including improving the digital literacy of the people concerned and preparing for the necessary equipment, and mention it somewhere.
(Business Operator)

Opinion
Although it overlaps with the viewpoint described above, it cannot be said that all "corporations" targeted this time can respond uniformly, and in the design of the system, it may be necessary to confirm the actual situation by hearings, etc., depending on the scale, industry, etc.
(Business Operator)

Opinions
Discussions were held among industry, academia, and consumer groups gathered in a multi-stakeholder format.
Opinion
The participating organizations this time are mainly organization organizations with knowledge in the digital field, and there is a great fear that they will be called multi-stakeholders and will be conducting institutional design. Isn't it essential to at least carry out public comments in the government-led compilation?
(Business Operator)

Opinion
Since you mentioned the necessity of promoting the formation of a digital society, I think it would be good for the Government of Japan to announce that it will proceed based on the policies of Society5.0 and other regions.
(Business Operator)

Opinion
In the second paragraph, it would be more persuasive to clarify the problem awareness based on specific facts.
(Business Operator)

[Comments on the Draft Proposal (3)]

"Content of the Recommendations / Perspective of the Recommendations"

[Opinion]

Opinion
It can be read as a postponement because of the digital divide, but rather it should be written in a forward-looking manner, such as "The problem of the digital divide exists, but in order to solve this problem under the digital principle, the establishment of digital agencies, etc. should be considered." Prioritizing is an orthogonal argument.
(Expert)

Opinion
In the process of digitization of trials, electronic procedures will be mandatory in civil cases where an agent is present. In light of this, the areas that should be expedited should not be limited to the digital divide.
(Expert)

Opinions
The digitalization of the disposition notice, etc. contributes to the administration, industry, and individuals in order to maintain and improve productivity in the midst of a decrease in the productive population. It should be actively promoted. In particular, it should be implemented with a strategy to maximize its value.
A modified opinion
Digitalization of disposition notices, etc. contributes to the government, industry, and individuals in order to maintain and improve productivity amid a decrease in the working population, and should be actively promoted. It is also required to be consistent with the "Digital Principles" in order for the people and businesses to enjoy the benefits of digitalization. In particular, it should be implemented with strategies to maximize its value.
Reason
In terms of strategic value (or somewhere in the general part), I would also like to refer to the conformity to "digital principles."
(Business Operator)

Opinions
Of commonly used software (such as Adobe Acrobat Reader)

Opinion
As a definition and strictness of terms, we would like to state that LGPKI supports SkyPDF (Skycom, Inc.) and JUST PDF (Justsystem, Inc.) because the broad expression "software for general use" is misleading. In addition, we would like to state that LGPKI does not support AdobeReader (Adobe, Inc.).
(Business Operator)

Opinions
A general electronic signature
A modified opinion
Services should be changed to "services in which electronic documents (digital information) created by users are encrypted with the signature key of the service provider itself based on the instructions of the users."
Reason
It is unclear what "general electronic signature" refers to. If it refers to a so-called witness type signature, it should be changed as shown in the content of the opinion.
(Business Operator)

Opinions
Such an electronic signature should be attached to a document, such as a permit, so that it can be used.
A modified opinion
Indicate how electronic means and data are to be attached to the document, or delete this statement.
Reason
It is unclear how electronic means such as an electronic signature and electronic data generated by the means can be attached to a paper document.
(Business Operator)

Opinion
It is good to show what value will be maximized in the strategic part and what will be advanced quickly in the prompt part.
(Business Operator)

[Comments on the Draft Proposal (4)]

Background of the Recommendations / 1. From the Perspective of improvements in productivity

[Opinion]

Opinions
Business operators are required to improve production efficiency under the banner of Reform of Working Practices.
Opinion
In the first place, the procedure for receiving the Issue of certificates issued by a government office and submitting them to another government office should be omitted, and the government office that grants permission should receive them directly from the certificate-issuing government office.
It is important not to allow private sector to obtain or submit documents that can be mutually inquired between government offices. The paragraph of the opinion section should state that "a mechanism should be realized in which certificates, etc. issued by government offices and submitted to other government offices are digitized and sent and received directly between government offices (a mechanism that does not allow private sector to obtain or submit them)."
(Expert)

Opinions
In light of the fact that private sector companies are promoting electronic contracts, the digitalization of notices of disposition, etc. based on applications should be promoted promptly.
A modified opinion
Insert the following after the comment section.
In addition, in the digital economy, the amount of data consumed by automatic processing by machines and software is much higher than that consumed by humans, and efficiency of this part is critical to the competitiveness of the economy. Therefore, digitalization that enables automatic processing by machines is essential.
(Expert)

Opinion
It says that it is possible to increase the productivity of society as a whole and reduce costs by taking action on digitalization, such as notification of disciplinary actions, in line with advances in information and communications technology. However, it is better to have estimated figures that can be predicted.
(Business Operator)

[Comments on the Draft Proposal (5)]

Background of the Proposal / 2. From the Viewpoint of Service Use

[Opinion]

Opinions
2. Perspective of Service Use
A modified opinion
Insert the following subheading after the comment section:
2.1 HUMAN CONSUMPTION OF THE DATA
(Expert)

Opinions
"This is because the application for viewing the PDF file cannot reference the self-signed certificate of the Certificate Authority of the GPKI, which is required for electronic signature validation."
"It would be nice for the government to be able to reference the self-signed certificates of GPKI and LGPKI Certificate Authorities."
Opinion
Regarding this description, the description that the "self-signed certificate" cannot be referred to may be an error (assuming that the revocation information cannot be referred to), and it is necessary to check the product specifications of Adobe Corporation from a technical perspective.
(Business Operator)

Opinion
One of the major advantages of digitization of documents is that it enables automatic processing, so it should be described as "background".
(Expert)

[Comments on the Draft Proposal (vi)]

Background of the Recommendations / 3. From the Perspective of Information and Communications Technology Reform in Recent Years

[Opinion]

Opinions
Electronic signatures used by electronic contract service providers exceed those used by contract parties.
A modified opinion
Other applications of electronic signatures, rather than data in electronic contracts, should also be indicated.
Reason
It is not appropriate to explain by referring to the electronic contract because the disposition notice and the electronic contract are different in nature.
(Business Operator)

[Comments on the Draft Proposal (7)]

"Proposal of Action Items for Realization / (1) Targets of the Proposal"

[Opinion]

Opinion
"Notice of disposition" and "notice" are mixed. It is necessary to process "notice" by reading whether it is a dictionary word or refers to "notice of disposition", and it is desirable to unify all of them into "notice of disposition".
(Expert)

Opinion
Although "notifications to individuals" are excluded, it is considered that notifications to sole proprietorships such as samurai business may be included (they have the same response power as corporations). How about "notifications to individuals (excluding sole proprietorships such as samurai business)"?
(Expert)

Opinions
For individuals with differences in digital literacy
A modified opinion
The statement "There is a difference in digital literacy" was deleted.
Reason
While there is a digital divide issue not only for individuals but also for corporations, the current description may be misunderstood that there is no digital divide issue for corporations.
(Observer)

[Opinions on the Draft Proposal ⑧]

"Proposal of action items for materialization / (2) Promotion of digitalization of notice (short-term)"

[Opinion]

Opinion
As a measure for GPKI, LGPKI, etc., which can be implemented in the short term in the sense that there are no dependencies on other companies, it may be possible to create a web page/web service for validation signatures under digital. go. jp (hereinafter referred to as "signature validation service") and to announce this signature validation service. It can be applied to formats other than PDF, and is suitable for automatic processing by machines.
(Expert)

Opinions
In the case of notification by e-mail, it is considered that the submission of a "deliverable e-mail address" is required at the time of application, and if the consent of the business operator is obtained, the process can be immediately advanced.
Opinion
Shouldn't the phrase "on the premise that relevant regulations are in place" be added after the phrase "when notifying by email?"?
Although it is stated that "if the consent of the business operator is obtained, it can be immediately advanced," there is no specific provision in the Ministerial Ordinance, etc. related to the digital method that the notification of disposition, etc. can be made by e-mail, and there is only a statement that methods other than electronic signatures are "specified separately." Therefore, it cannot be said that it can be immediately advanced in terms of the current law.
(Observer)

[Comments on the Draft Proposal (9)]

Regarding "Proposal of Action Items for Realization / (3) Use of Electronic Signatures (Short-term and Medium-term) / 1. Attach an electronic signature to an electronic document such as a license (Short-term)"

[Opinion]

Opinion
Please add the following viewpoints.
The term "electronic signature" is, in my opinion
(1) Those in which digital signature technology is applied to the detection of falsification of electronic documents (electronic signatures in the broadest sense)
(ii) Digital signatures from which time stamps or other distinctive usage characteristics have been removed
(iii) Electronic signatures on Electronic Signatures in Global and National Commerce Act + electronic signatures based on certificates of government positions and certificates of higher ranking employees (electronic signatures in the narrow sense)
(iv) Electronic signatures on Electronic Signatures in Global and National Commerce Act (electronic signatures in the narrowest sense)
Is found here.
(Business Operator)

It is considered that sorting out what "electronic signatures" or "E-Certificate (which should be transmitted together)" are should be a mid-term Issue of the administration (Digital Agency and each ministries and agencies).
The reason why there is no use of "electronic signatures" using "certificates of responsibility" issued by certified business operators in private sector other than the case in Ibaraki Prefecture is that this arrangement is not authorized.
For your reference
It can be understood that the measures to be taken by a building lots and buildings business operator when intending to make a Issue for the explanation of important matters by electromagnetic means in accordance with Article 35 of the Building Lots and Buildings Business Act, etc. are close to (1).
Based on Article 234 of the Local Autonomy Act, the measures that must be taken for electromagnetic records in which the details of the contract are recorded are considered to be ③.
(Business Operator)

Opinion
From Ministry of Internal Affairs and Communications to local government, "matters to be noted regarding the operation of electronic signatures and E-Certificate, etc." have already been indicated "for reference in the operation of local governments."
In addition to Trust services, when local government uses external services related to information systems, Ministry of Internal Affairs and Communications also shows the "Guidelines on Information security Policies in local governments," and there are also references to "various certification and certification systems."
The following documents are currently appropriate for local government.
Notice of the Director of the Administrative Division, Ministry of Internal Affairs and Communications Autonomous Administrative Bureau dated February 8, 2021 (Articles and Attachments 1 to 3)
"Guidelines for Information security Policy in local governments (March 2022 Edition)"
(Business Operator)

Opinions
1. Attach an electronic signature to an electronic document such as a license. (Short-term)
A modified opinion
1. Grant electronic signatures to electronic documents such as licenses and permits. (Short-term)
(Or) 1. Electronic signatures shall be affixed to electronic documents such as permission. (Short-term)
Opinion
Since "electronic signature" is a "measure," strictly speaking, "taking an electronic signature" may be correct. However, in general and daily conversation, it is also used as "attaching an electronic signature" and "granting an electronic signature," but the expression "attaching an electronic signature" is not familiar. Since "attaching to an e-mail" is also confusing, we propose a modification to either take, attach, grant, or perform.
(Operator) (Expert)

Opinions
Electronic signatures used in private sector may be attached for use.
A modified opinion
Electronic signatures used in private sector may be used.
(Expert)

Opinions
A service for giving electronic signatures to documents
Opinion
It seems that the correct expression for the "service for attaching an electronic signature to a document" is "service for implementing an electronic signature on a document", but it is also consistent with other parts, and it is requested that the expression be examined.
(Expert)

Opinions
Businesses providing services to grant electronic signatures
Opinion
The fact that it is a so-called witness type signature service or remote signature service should be specified.
Reason
In the case of PKI, there is a third party evaluation such as certification authority certification system and WebTrust certification, but in the case of the signature service described in the left column, there is no such system, so it seems to be an assertion that standards establishment, etc. are necessary, but it is difficult to understand it in the current way of writing.
(Business Operator)

Opinion
Delete lines 151 to 155 and 161 to 163. As an alternative to the deletion, it is proposed that the following should be stated:
Another person pointed out,' It is a story about which level of procurement service is chosen by local government or country when they Trust,' and I agree with that.
There is a tremendous leap in logic from the story of defining the services to be provided or considering "procurement Specifications" to the story of having a third party evaluate whether a business operator can provide the services.
If the argument includes the creation of a new evaluation system, the reasoning is even more incomprehensible.
(Business Operator)

Opinion
The descriptions in lines 151 to 154 should be maintained. In order to ensure the reliability of permission, what should be done is written. However, how about saying that the establishment of standards, etc. in line 154 is "important" or "should be aimed at"?
(Expert)

Opinion
Based on the principles, it is understood that electronic signatures used for notification of disciplinary action may be defined by the Digital Procedures Act and existing regulations. Therefore, it is necessary to state that there is a possibility that the electronic signature service in private sector may not be consistent with existing regulations.
(Business Operator)

Opinion
When users select services, it is important to be able to use the standards required of Trust service providers and information related to third party evaluation. When Trust services are used in documents issued by government agencies, it is important for the government to determine which level of procurement services to select at the time of Trust.
(Observer)

Opinion
In light of the "Q & amp; A) on Article 2, Paragraph 1 of the Electronic Signatures in Global and National Commerce Act" issued by the competent ministry of the Electronic Signatures in Global and National Commerce Act in July 2020, even if Digital Agency grants an electronic signature (or e-seal) on behalf of the government, it can be regarded as an electronic signature of the department in charge of the notice if a sufficient level of uniqueness is secured for the implementation based on the instruction from the department in charge of the notice, and it is relatively easy to set provisions to be regarded as satisfying the Digital Procedure Act and its subordinate provisions collectively.
(Business Operator)

[Comments on the Draft Proposal (10)]

"Proposals for Action Items for Realization / (1) Targets of these Recommendations / 2. Registration of GPKI and LGPKI in the AATL (Adobe Approved Trust List) (mid-term)"

[Opinion]

Opinion
Delete lines 161 to 163. The reason is as stated in your opinion (9).
Opinion
The statements in lines 161 to 163 should be retained because they contain information that should be followed to ensure the reliability of the authorization.
(Expert)

Opinions
It is necessary to improve the situation where the validation function of commonly used software (such as Adobe Acrobat Reader) results in an "unknown electronic signature" and it cannot be said that the data integrity can be automatically validation.
However, it also costs money and time, so it is desirable to set milestones and proceed.
A modified opinion
When making a digitalization for a notice of disposition, etc., there is a high need for a E-Certificate for GPKI and LGPKI in order to detect falsification (completeness) of the notice received by the person subject to the disposition. These E-Certificate support SkyPDF (Skycom, Inc.) and JUST PDF (Just Systems, Inc.), but Adobe, Inc., which provides AdobeReader, which has become the de facto standard for PDF viewing software, does not support certification certificates (AATL support). In order to promote the digitalization of GPKI and LGPKI toward the convenience of a notice of disposition, etc., it is required to promote consideration of responses to AATL for these.
Since it also takes time and money, it is desirable to set milestones and proceed with them.
Reason
Regarding LGPKI, it is necessary to correctly describe the current situation in which AATL is not supported while SkyPDF (Skycom Co., Ltd.) and JUST PDF (Just System Co., Ltd.) are supported.
In addition, with regard to AATL response, it is not a matter of "making improvements," but it is a matter of "advancing consideration of responses" based on needs, etc.
(Observer)

Opinions
Of commonly used software (such as Adobe Acrobat Reader)
A modified opinion
As a definition and strictness of terms, we would like to state that LGPKI supports SkyPDF (Skycom, Inc.) and JUST PDF (Justsystem, Inc.) because the broad expression "software for general use" is misleading. In addition, we would like to state that LGPKI does not support AdobeReader (Adobe, Inc.).
(Business Operator)

Opinions
In addition, although it is said that the validation function of overseas companies also satisfies certain standards, in the case of a business operator who provides a service to grant electronic signatures to documents issued by a country or public authorities, it is necessary to evaluate the applicability of the standards (described above).
Opinion
Since it is difficult to understand, it should be described directly by giving a specific name.
Reason
The overseas validation function seems to indicate AATL, EU TrustedList, WebTrust, etc., but it is difficult to understand, and it is also difficult to understand what the "standards (described above)" to which the "business operator who provides services to grant electronic signatures" should apply.
(Business Operator)

[Opinions on the Draft Proposal (xi)]

Regarding "Proposal of action items for materialization / (4) Materialization of how to deliver electronic documents / 1. Send an electronic document without an electronic signature attached to an email (short-term)"

[Opinion]

Reason
It is better to discuss the reliability confirmation of the sender, the delivery confirmation, and the opening confirmation separately. It is good to make a table in which the reliability confirmation, the delivery confirmation, the opening confirmation, and the case are arranged in rows of 1-3 on this page.
(Expert)

Opinions
In the licensing of industrial alcohol handling, the licensed operators are disclosed on the METI website.
Opinion
Since it seems unnecessary to show an example, we would like to delete the description.
(Observer)

Opinions
Said "(1) digitalization of notice"
A modified opinion
Changed to "(2) Promotion of digitalization of notice (short-term)" above.
Reason
There seems to be an error in the reference.
(Business Operator)

Opinions
It is necessary to establish a rule that e-mail is deemed to have been sent.
A modified opinion
It is necessary to establish rules such as that it is deemed to have been delivered by sending an e-mail.
Reason
At this point, it is premature to rule that sending an e-mail is deemed to be delivery.
(Business Operator)

Opinion
Regarding e-mail notifications, most respondents said that the method of using e-mail, which is used in organization in public authorities, is dangerous. It should also be stated that e-mail notifications with attachments or URLs are not recommended in principle.
(Business Operator)

Opinion
Regarding the method of attaching an electronic document without an electronic signature to an e-mail and sending it, there was an opinion that if the permission information is published and it is necessary for a third party to confirm the information, it may be difficult to understand the issuer and completeness of the information. It is necessary to pay attention to the fact that in the secondary use of the permission information, if the issuer and completeness of the information are not guaranteed, automatic validation by machine readability is not possible. Such description is also necessary.
(Business Operator)

[Comments on the Draft Proposal ⑫]

Regarding "Proposal of action items for materialization / (4) Materialization of how to deliver electronic documents / 2. Send e-mail with a document attached with an electronic signature (short-term)"

[Opinion]

Opinions
The aforementioned "1. Attach an electronic signature to an electronic document such as a license"
A modified opinion
The aforementioned "(3) 1. Attach an electronic signature to an electronic document such as a license"
Reason
The reference is confused with the "1." part immediately above.
(Business Operator)

Opinion
"Attach" shall be "grant" or "perform." The reason is the same as "Opinion (9)."
(Operator) (Expert)
Opinions
Said "(1) digitalization of notice"
A modified opinion
Changed to "(2) Promotion of digitalization of notice (short-term)" above.
Reason
There seems to be an error in the reference.
(Business Operator)

Opinion
Even when a document with an electronic signature is attached to an e-mail and sent, it is necessary to issue a certificate of issuance of the e-mail itself, and it may be necessary to use S/MIME or the like in combination.
(Business Operator)

Opinion
If the permission is disclosed, it may be possible to send an electronic document without an electronic signature by e-mail. However, since there are no unified rules for disclosure, there is a time lag between the actual time of obtaining the permission and the timing of disclosure. Therefore, unless there are unified rules, permission validation cannot be made. At present, it is difficult to discuss whether or not to grant an electronic signature depending on whether or not the permission is disclosed.
(Expert)

[Comments on the Draft Proposal (13)]

Regarding "Proposal of action items for materialization / (4) Materialization of how to deliver electronic documents / 3. Electronic documents with electronic signatures shall be stored in the file server, and the applicant shall download and receive them (short-term and medium-term)"

[Opinion]

Opinion
In the case of a disposition based on an application, it is possible to give an ID at the time of application, log in with the same ID, and download the application (notify by email, etc. that the application is available for download, and encourage downloading. In the case of a civil suit, this method is used).
At the end, why don't we add "There is also a way to download after user authentication of the applicant"?
(Expert)

Opinion
It is not desirable to use "in this case" because the risk of mistransmission is inherent in any method. The risk of mistransmission and its countermeasures should be discussed with respect to all 1-3 methods.
In addition, it is questionable whether the proposed method (encryption) is appropriate. If you use a file server, link sharing with access control should be your first choice. For example, you can use gBizID.
(Expert)

Opinion
It is questionable whether encryption is to be "decrypted", and "decryption" is better than "decryption".
(Expert)

Opinions
① Send it to the other party as a separate email.
Opinion
If you send it as a separate email to the other party, it will be sent to the same party even if it is not PPAP, and it does not function as a control, so it should be deleted.
(Expert)

Opinion
It is considered that there is a high possibility that information will be decrypted by a third party if the key is transmitted via the same route as the encrypted information or by a method that can be easily known by a third party. Therefore, it is necessary to ensure confidentiality by, for example, sharing the key at the time of prior meeting or, if it is impossible to share the key in advance, transmitting the key by a method other than the encrypted information.
(Observer)

Opinion
A number of similar private service are available for Financial Institutions' written notices (e.g., prospectuses) that require read receipts, and their use may be considered.
(Expert)

Opinion
There is a slight sense of incongruity in limiting the place where file servers are prepared to "local government" because "there are also Digital Agency where file servers cannot be prepared."
Considering the risk of phishing and spoofs, it is better to limit the location (domain) to a certain predictable range. For example, it should be shared by prefectures, or it should be somewhere on go. jp, such as Digital Agency.
(Business Operator)

Opinion
In the case where an electronic document with an electronic signature is stored in a file server and is downloaded and received by an applicant, it is possible to achieve a balance if not only encryption but also login authentication to the download server can be mentioned. In addition, it is more common to state the term "decryption" as "complex."
(Business Operator)

[Comments on the Draft Proposal (14)]

Regarding "Proposal of action items for materialization / (4) Materialization of how to hand over electronic documents / 4. Arrangement of the concept of delivery confirmation (mid-term)"

[Opinion]

Opinion
It is also good to refer to the form of opening confirmation as a regulation for financial institutions.
In addition, the story of Mynaportal and the so-called "post-office box" is described later as a consensus item, so it should be mentioned here as well.
(Expert)

Opinion
It is unreasonable to try to respond to all of them with one rule, so it is essential to prepare several variations and select them according to the purpose. How about changing "the principle part will be the same" to "You can show 2-3 options and select them appropriately according to the purpose."
(Expert)

[Comments on the Draft Proposal (15)]

"Proposal of action items for materialization / (5) Necessity of mid - to long-term consideration toward digital completion / 1. Consideration of digitalization of notice of disposition not based on an application (mid-term)

[Opinion]

Opinion
The statement "(5) Necessity of medium - and long-term studies toward digital completion" is reasonable, but it is also necessary to include surveys of actual conditions overseas, particularly in the EU.
Reason
In the EU, actual services such as e-delivery and regularized e-Mail have been provided for many years. Considering the system in Japan based on the experience there is an activity that is truly strategic, prompt and flexible.
(Business Operator)

Opinions
(It is necessary to discuss from the perspective of "fairness" in consideration of the situation of the other party, not "equality" in which the same opportunity is given.)
Opinion
Since equality and fairness are not always understood, why don't you delete the parentheses?
(Expert)

[Comments on the Draft Proposal 16]

"Proposal of Action Items for Materialization / (5) Necessity of Medium - and Long-term Consideration for digital completion / 2. Materialization of Digital infrastructure (Long-term)

[Opinion]

Opinions
In particular, it is considered that it can be handled by utilizing Mynaportal for individuals and expanding functions such as gBizID for corporations. Therefore, we would like to ask for prompt consideration and realization.
Opinion
The Government of Japan requests the Government of the United States to fully consider the creation of environments that are easy for users to access and utilize by thoroughly integrating existing Mynaportal and gBizID without launching new systems and tools, and to fully consider the unification of application UI/UX for notification of disciplinary action across multiple Ministries and Agencies.
(Business Operator)

Opinions
It is considered that it can be handled by extension such as gBizID.
Opinion
It should be changed to "It is considered that it can be dealt with by preparing a similar portal site."
Reason
gBizID is a means of authenticating individuals within a corporation, and its functions are completely different from those of Mynaportal and electronic post-office boxes, so it is not possible to expand the functions of gBizID. If other functions are assumed in the "etc." part of "gBizID, etc.", they should be described.
(Business Operator)

Opinion
As stated in the Recommendations, participants generally agreed to create digital PO Boxes for corporations and individuals and send electronic documents. That should be the premise of the discussion first. If it is a method of sending electronic documents to a digital PO Box, there is no need to discuss how to exchange documents by e-mail and measures against spoofs.
(Expert)

[Opinions on the Draft Proposal (Other)]

[Opinion]

Opinion
In order to ensure the identity, completeness and confidentiality of the notification of disposition under each system, it is requested that the E-Certificate of which Digital Agency (LGPKI, GPKI, JPKI, certification and authentication services, etc.) can be used and how they can be sent and received be registered in the design.
Reason
In preparation for the digitalization of the notification of disposition under each system, we would like to request that Digital Agency, which is responsible for driving the digitalization of society as a whole, make the design of the system.
(Observer)

Opinion
With regard to the handling of the draft proposal, the Government of Japan requests the Government of the United States to separately organize the points at issue (e.g., the level to be guaranteed in terms of completeness, identity, and confidentiality) and the response regarding the digitalization of the notice of disposition.
(Business Operator)

Opinion
It is better to summarize the pages of the multi-stakeholder review meeting for the participating organizations, companies, and experts by stakeholder category to show that the stakeholder categories are properly filled.
For your reference, the OECD has organized them into the following stakeholder categories:

Government
Business
Civil Society & Information Society
Trade Union
Internet Technical
(Expert)

Opinion
This time, the subject was limited to corporations, but for example, it would be better to state that consideration was given to notification of disposition based on an application in a part where personal data is not so relevant even for individuals.
(Local local government)

Opinion
There is a certain degree of possibility of mail spoofs, but it is better to consider the balance between convenience, cost, and security. It is recognized that it will be organized in practice in the future and summarized in general in the proposal.
(Local local government)

Opinion
It would be better to include a timeline for actions to be taken after Digital Agency receives these recommendations.
(Business Operator)

Opinion
There was no description related to the e-seal. It is necessary to examine whether the electronic signature in the administrative disposition notice is the e-seal.
(Expert)

Final Opinion Exchange Meeting (December 1, 2022)

[Opinion]

Opinions
Draft Recommendation / Number of Lines 107
Opinion
We presented a revised opinion to give symmetry to the structure of the document. There is no problem with the amendment proposed by the facilitator.
(Expert)

Opinions
Draft Proposal / Number of Lines 119 to 120
Opinion
What we have been discussing so far is not an electronic contract between two parties, but one party notifying the other party. It is not appropriate to describe the data in the electronic contract as in the current proposal. There are various applications of electronic signatures, but it may be better to compare the frequency of use of electronic signatures, such as attaching electronic signatures to invoices and guidance, or attaching them to emails from online banks to customers if S/MIME is included.
(Business Operator)

Opinions
Draft Proposal / Number of Lines 119 to 120
Opinion
I do not understand the significance of why this comparison of the number of electronic contracts is described.
(Facilitator Response)

I would like to show why electronic signatures are often used in private sector but not in public authorities. I would like to revise the sentence to say that there are various electronic signatures in use.
(Expert)

Opinions
Draft Recommendation / Number of Lines 137
Opinion

Since the main issue this time is that Digital Agency can respond, it was presented as digital. go. jp.
Creating a signature validation service is something that can be done on the server side. It should be possible because the load on the client is low and it can be done in a short period of time. In addition, it is the core principle of efficiency to aim for digitalization by having machines process automatically. It should be good to actively create a service that performs validation automatically.
(Expert)