Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Promotion of DX Sub-Working Group that secured Trust (10th)

Overview

  • Date and Time: Friday, May 20, 2022 (2022) from 10:00 to 11:45
  • Location: Online
  • Agenda:
    1. Opening
    2. Proceedings
      1. Secretariat explanatory materials and explanation of the draft report (Secretariat)
      2. Free discussion
    3. Adjournment

Materials

References

Relevant policies

Summary of proceedings

Date

From 10:00 am to 11:45 am on Friday, May 20, 2022 (2022)

Location

Held online

Attendees

Members

  • Hiroshi Ota (Partner, Nishimura & Asahi)
  • Natsuhiko Sakimura (Senior Researcher, Tokyo Digital Ideas Co., Ltd.)
  • Kazue Sako (Professor, Department of Information Science and Engineering, School of Basic Science and Engineering, Waseda University)
  • Satoru Tezuka (Professor, Faculty of Environmental Information, Keio University) [Senior Researcher]
  • Soshi Hamaguchi (Senior Staff Member, Keio University SFC Research Institute)
  • Tatsuya Hayashi (Director of LocationMind Co., Ltd.)
  • Hiroshi Miyauchi (Attorney, Miyauchi & Mizumachi IT Law Office)
  • Kazuya Miyamura (Partner, PwC Arata LLC)
  • Makoto Takamura (Counselor to the Director-General of cybersecurity, Ministry of Internal Affairs and Communications)
  • Hiromasa Kiyo (Senior Assistant, Commercial Affairs Division, Civil Affairs Bureau, Ministry of Justice) *
  • OKUDA Shuji (Director of the cybersecurity Division, Commercial Information Policy Bureau, METI)

Observer

  • Satoru Ijichi (Executive Director of the time business Accreditation Center, Information and Communication security Division, The Japanese Telecommunications Association)
  • Takayuki Idaka (Special Advisor for medical care Information Technology, Research development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
  • Daishu Ohta (Chairman of the External Affairs Department of the Digital Trust Council)
  • Hirohisa Ogawa (Chairman of the Steering Committee of the Nippon Trust Technology Council and Senior Researcher, Cyber security Strategic Group, Digital Innovation Division, Mitsubishi Research Institute, Inc.)
  • Mikio Ogawa (Executive Director of Administration and Settlement Systems Department, Japanese Bankers Association)
  • Tetsuro Okuno (Deputy Director of the General Affairs Division, Ministry of Health, Labor and Welfare Pharmaceutical and Environmental Health Bureau) * Attendance by proxy
  • OGURA Takayuki (General Manager of Corporate Sales Department, Shachihata Inc. Systems)
  • Seiji Kaneko (Director of the General Affairs Division, Pharmaceutical Affairs and Environmental Health Bureau, Ministry of Health, Labor and Welfare) * Attendance by proxy
  • KOMATSU Hiroaki (Partner, Tokyo IT Audit Department, KPMG AZSA LLC)
  • Hajime Sato I (Executive Director of the Policy Department of the New Economy Federation)
  • Sato Tatewaki (Cloud-based Electronic Signature Service Council Secretariat)
  • Koichi Shibata (Executive Director in charge of DX Service Planning Department and Chairman of the Planning and Operation Subcommittee of the Trust Service Promotion Forum, Seiko Solutions Corporation)
  • Kenichiro Shimai (Deputy Director of medical care Information Technology Promotion Office, Research and development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
  • SHIMAOKA Masamoto (Senior Researcher, IS Research Institute, SECOM CO., LTD.)
  • Kikuzo Sodeyama (Director of SKJ Sogo Tax Accountant Office)
  • Hajime Toyoshima Kiyoshi (DigitalBCG Japan Managing Director)
  • Yuji Nakasu (Vice President of Government Affairs, SAP Japan Co., Ltd.)
  • NAKATAKE Hiroshi (Representative of Global Legal Entity Identifier Foundation (GLEIF) Japan Office)
  • Akira Nishiyama (Special Member of the Electronic Certification Bureau Conference (Representative of Future Trust Lab))
  • Eiji Nozaki (Director of the General Affairs Division, Supervisory Bureau, Financial Services Agency
  • Akihide Higo (Project Owner of the Digital Identification Project Team, Incubation Lab, Digital Architecture and Design Center (DADC), Information-Technology Promotion Agency (IPA))
  • Tomoaki Misawa (Partner, PwC Arata LLC)
  • YAMAUCHI Toru (Managing Director of the Association for the Promotion of Information Economy and Society and Director of the Digital Trust Evaluation Center)
  • WAKAMEDA Mitsuo (Senior Researcher, Data Strategy WG, Planning Committee, Digital Economy Promotion Committee, Japan Business Federation)

Digital Agency (Secretariat)

  • Masanori Digital social common function Group, Group Director, Shusaku Indo, Group Deputy Director, and others

Minutes

  • The Secretariat explained Material 1 "Explanatory Materials for the Secretariat". The following opinions received from the absent members were introduced and the status of reflection by the Secretariat was explained.
    • The first point is that Trust services are an essential infrastructure for replacing paper-based transactions with digital transactions, which are currently conducted by the public, private, and private sectors. In order to enable people to conduct online transactions with peace of mind, it is essential that e-seal, which is the authentication of organization, be developed with legal backing. In today's rapidly advancing technology, it is considered that legal discipline should be minimized and responses should be made by interpretation and operation as much as possible. However, in the current situation where phishing scams and the like are rampant, it is extremely important as the foundation of organization to be able to legally confirm whether the counterparty who is conducting online transactions is a legitimate Trust that has been authenticated. Time stamps are basically only a matter of evidence, so it is considered that legislative development is necessarily unnecessary, but it is necessary to develop e-seal with legal backing. The second point is that when considering international applicability, consistency with the discussions at UNCITRAL is extremely important. When considering an institutional framework for Trust services in Japan, it is necessary to pay attention to the discussions at UNCITRAL and to maintain consistency with it.
    • If Trust is defined, for example, there may be a method of referring to the definition of Trust in ISO 25010. In addition, there may be a method of referring to the definition of Trust in ISO 25010 and describing Trust services with reference to the definition of ISO.
    • Consistency with UNCITRAL's discussion is also mentioned as a specific example in the Basic Policies part of the Trust Policy under the heading of international applicability. The definition of Trust, which I would like to discuss intensively in today's round, is also reflected in the draft report.
  • In the open discussion, the following remarks were mainly made.
    • Regarding the definition of Trust, ISO 25010, which is written in the secretariat material, is an ISO for software quality standards. ISO 19970 is a standard for the reliability of datasets. It is a story about how to guarantee what should not be wrong, and it is completely different from Trust, which we believe and process because it came from the correct publisher. If you are going to quote it, it is better to think of Trust as a concept that "guarantees that you can rely on it" as a mere English word, for example, "The belief that something is true or collect or" and "that you can rely on it" in the Oxford Dictionary.
    • If the ISO definition deviates from the discussion in this Sub-Working Group, I think that the definition written in UNCITRAL may be cited in this report, or that the definition of Trust may be set aside and only Trust services may be defined.
    • ISO 27099 defines Trust services at the FDIS (Final Draft International Standard) stage. It has become a standard being standardized at SC27, and the voting will be completed in the first half of June. The voting will probably be completed before the report is issued. Since it is an FDIS, the content is already quite stable. The title of ISO 27099 itself is "Public Key Infrastructure-Practices and Policy Framework", and the definition of Trust services is Electronic Text Service, Which Enhances trust and confidence in electric transaction, so it is a very generic definition. In Japanese, it is defined as "electronic services that strengthen trust and confidence in electronic transactions", so it is a definition that is easily accepted by members.
    • As for the definition of Trust, I agree with "really on". What is a Trust service like this? I think that Trust is a Trust where certain facts about information, such as who made it or when it happened, can be proven to third parties.
      As this third person, it is mainly the judge who is aware. My main idea is that the court can prove it, but in general, it can be relied on in the sense that it can be shown to the third person that it is correct. I think that such a thing is good to be called Trust.
    • Since ISO is set as a definition in the standards for software quality, it will be misleading if you do not write down what the standards are about and what the report is about in all of them. There are Trust services that are mentioned in eIDAS and Trust services that are mentioned by the American Institute of Certified Public Accountants (AICPA), so you should always include what the definition is set in every time. If the discussion on the assurance level of Identification is not written without omitting the modifier, there will be confusion about the scope. Trust
      The definition of Trust, particularly Trust in DFFT, is still quite controversial. Due to the recent situation, some themes that should be considered in the medium to long term must be considered in the near future. For example, Trust, which is related to settlements due to the invasion of Ukraine, is gaining attention. This will be considered in the future, so the definition in this report is just like this, but it should be brushed up in the future in consideration of what is actually required in the situation.
    • Originally, this sub-working group discussed the data problem of the content, which is the difference between truth and authenticity, and the taxonomy of procedural Trust, which is how to convey true data. Therefore, I think that the procedural theory was the first thing to be discussed, so in this report, it should be written that both sides were discussed. And since the procedural theory was the first thing to be considered, what should be considered as the Trust service with such wording is the eIDAS, the definition of UNCITRAL, and the "mechanism to verify the validity of people, organization, data, etc. on the Internet and to prevent falsification and spoofs of the sender" of the Ministry of Internal Affairs and Communications Study Group.
    • To summarize your opinions, in the draft report, it is currently in the order of what should be secured in Trust after the definition is written. However, after writing the scope of Trust and what should be secured in Trust, the focus of discussion will be on the procedural theory where it should be secured in Trust, so I think it is necessary to consider the definition of Trust in that order.
    • The context is very important for the definition of Trust. If ISO 27099 is adopted, there will probably be a problem in the report that the draft that has not appeared cannot be repeated, so we would like to clear the situation that it is difficult to bring it as a definition. The focus on procedural theory will not diverge by defining the procedure in this context. It is difficult for general Trust because there is only ISO to rely on. If the focus becomes ambiguous when the definition of Trust is expanded, the discussion may converge if the definition of Trust service in the contextual process is described with a preamble. It is easy to discuss the technical part, but it is difficult to evaluate the legal definition and positioning.
    • After listening to your opinions, I thought that it would be difficult for this sub-working group to summarize the definitions of Trust itself as one because the definition of Trust itself would be extremely wide. Regarding DFFT, it was stated in the future efforts that the concept of Trust would be deepened toward. Therefore, I would like to proceed in the direction of not defining Trust, only introducing that there are various definitions. And regarding Trust services, first of all, in consideration of securing the authenticity and non-falsification of paper for digital, for example, I would like to revise the definition of Trust services by citing the definition of UNCITRAL or the definition of ISO27099.
    • The definition of Trust services should also be written based on what was examined in this sub-working group. However, since there has been no such detailed discussion this time, the title should be reprinted from the representative parts.
    • I don't know what the "those services" of eIDAS refers to, so I would like to know what it refers to if you are a specialist. For example, in (a) of eIDAS, there is "related to those services." I think that the interpretation is different in whether it is the Delivery services in front or whether Electronic signatures, Electronic seals, and Electronic time stamps are also services. If the Electronic signatures, Electronic seals, Electronic time stamps, and Electronic registered delivery services are all "those services," I would like to consider an appropriate translation so that there is no misunderstanding even in Japanese.
    • Regarding the part of the Japan-EU Digital Partnership that is written as "mutual recognition" in Japanese and "mutual recognition" in the original text, I think it is appropriate to use the term "mutual recognition", but I have a very good impression that the phrase "mutual recognition" can pave the way for the long-term goal of mutual recognition. On the other hand, when the mutual recognition is realized, regarding Trust services that are recognized as Qualified under the current law, eIDAS, in the EU, it is probably considered to be mutual recognition that Qualified services in the EU are recognized in Japanese courts, but it will be necessary to reorganize the legal system in which Japanese Trust services are recognized as Qualified in the EU. If it is not possible to realize it, we will face a Issue that only EU services will be used in the EU, and Japanese services will not be recognized as Qualified in the EU. In addition, even if the mutual recognition is not realized, I am afraid that under the current Japanese legal system, the effectiveness of EU Qualified services will be recognized in courts, and Japanese Trust services will not be recognized as Qualified in the EU. I believe that the report also indicates that a general law for Trust services must be developed as a mid - to long-term goal, but it is necessary to focus on that in the future.
    • The current concern is whether the content of the approval can be used in accounting audits based on accounting audits and global standards, which will be discussed in the next stage. Therefore, in addition to legal matters, it is necessary to consider actual commercial transactions and their audits in the future. In practice, there are things to be solved in relation to the so-called distributed ledger, but it is thought that many similar cases will be assumed.
    • In order to work on Trust services in Japan, and in addition, there is a direction to consider based on international cooperation, a specific one such as the Japan-EU Digital Partnership has emerged. A relationship like the personal data Protection Law and the GDPR is also assumed in the field of Trust. There are parts where institutional theories cannot be eliminated. It is better to be free and open-minded if there are as few as possible, but I understand that it is most important to consider how Japan can bring it to regulation so that it does not become Hong Kong. It is important to consider how Japan can bring the Japan way, including auditing as another external framework and the world in accordance with international standards, in addition to the system.
    • Regarding the results of the fact-finding survey on Trust security, it was found that there were needs for Trust security mainly in the industries of administration, finance and insurance, information and communications, real estate, medical care and welfare, and transportation and postal services. As an use cases of Trust services that require overseas cooperation, there are order-receiving and ordering forms, contracts, invoices, etc., and industry-specific procedures for finance and insurance, etc. In addition, as examples of measures considered for dissemination, regulations on the legal effectiveness (evidentiary power) of Trust services other than electronic signatures and awareness-raising activities to promote awareness and understanding are mentioned. The results of this survey were conducted using the budget, and the Sub-Working Group has also received input, so the results must be properly respected and future actions should be taken in response to the results. In the report, it was decided to discuss the private sector field using the multi-stakeholder model, but the guidelines for each use cases in response to the needs of the business community. use cases
      I think that the examples mentioned above correspond to the results of the survey on finance and communication, but I would like you to use the same words as the survey results if possible, and show that we will discuss the results of the survey in the multi-stakeholder model and show solutions.
    • In order to write specifically for each industry / business type, it is necessary to coordinate with the related ministries and agencies. Therefore, it is difficult to write to what extent at present. However, we will consider writing specifically.
    • It is a very important part because it is meaningless to try hard to create a Trust service if it is not used in the application in the end. Because of the relationship with each ministry, I would like it to be expressed in a wide range as a Digital Agency.
    • Please clarify the relationship between the entire report and what is written in the "Comprehensive Data Strategy" announced on June 18 last year. I understand that we did not have time to discuss all the points described in the Comprehensive Data Strategy, but it should be described a little more in the future. In particular, as a Issue described in the Comprehensive Data Strategy, the function of Trust anchor, the creation of a certification scheme, the creation of a Trust base, the effect of certification, certification standards, the publication of qualified services, and international mutual recognition are mentioned, and the necessity of these and the necessity of consideration are stated, so how to respond to these should be described in this report. In addition, I think that it is an extremely important concept to disclose qualified services based on the basis of the foundation of Japanese Trust services. In this regard, I think that there are concerns that the establishment of a certification system will lead to the strengthening of Trust services, but I think this is different. The establishment of certification and standards is for Trust service operators, not for users. Even if such a certification system is established, certification is not required for all services. As an ideal form, certification will be performed for the highest level service, and standards and standards will be clarified and made available for the lower levels. In other words, in order to select an appropriate level service, it is important to increase the number of options, including certified ones, and to show the significance of what each level means. Even in Issue awareness of Trust services, the selection of service operators is mentioned as an extremely important Issue. It is necessary to consider Trust infrastructure and certification a little more, including these. The creation and revision of comprehensive provisions are also being advanced in eIDAS2.0 of the EU and the Model Law of UNCITRAL. It is necessary for Japan to clearly recognize that it is in the state before eIDAS1.0, and to resolve Issue toward future mutual certification. regulation regulation
      At present, regarding the legal effect, in the Japanese legal system, only the second tier of the so-called two tier presumption is legislated for the establishment of examination by electronic signatures, and the legal effect of the first tier and other Trust services is not shown. This is partly due to the problem of legal stability in Japan, but in particular, when countries that adopt the eIDAS or the UNCITRAL Model Law emerge in the future, there will be an imbalance in terms of the extent to which it will be effective in mutual exchanges with those countries. In the future, for example, in E-Certificate, the effect of this has not been legislated yet, and it should be clearly stated that it will be examined together with the legal effect of e-seals and time stamps.
      In addition, it is necessary to consider the validity of the timestamp as a fixed date in the future. As a Issue to be handled by the administration, the administration should mainly formulate a trusted list, qualified services, and a publication method for certified services. In addition, as an object to be handled by the multi-stakeholder model, it should be formulated so that the level of Trust services can be set and users can make choices based on it. In addition, it is necessary to include the timestamp in the scope of consideration. The third party requirement for notice and approval of assignment of receivables no longer meets the requirement of perfection with the timestamp. It should be discussed why it is not good even though it has been shown that the state has certified and a certain time has occurred. Please consider it because the approval of the debtor should be able to meet the requirement of perfection with the timestamp.
      Future multi-stakeholder models should also include storage services, such as storing Trust services in the form of long-term signatures, which are associated with validation services.
      Regarding the part of future efforts, the construction of Trust infrastructure, the relationship of certification, and the method of announcing qualified services should be clearly described as Issue. It should be written not only in the table of the promotion system but also in the summary part. Regarding the future efforts to deepen the concept of DFFT toward the promotion of Trust, I think "clarifying" is correct. If we want to deepen this, as we can see from today's discussion, various opinions will emerge and it will not be a very productive activity. The Trust Concept and Policy are the premise for building the Trust infrastructure and the whole, and these should not be the goals or objectives. Therefore, it is necessary to clearly distinguish this part.
      I would like to ask the Secretariat about the type and image of the Trust Policy, which will be formulated based on the basic policies of the Trust Policy. Please tell us about it within the scope of your current image.
    • The basic policies of the Trust Policy have been organized as guidelines for multi-stakeholder parties, including the government, to consider measures related to Trust. Since the discussions on the completed form of the Trust Policy have not been deepened to that extent in this sub-working group, it is considered that continued discussions are necessary in multi-stakeholder forums.
      Regarding the comments received, regarding the part described in the Trust Comprehensive Data Strategy, for example, I would like to consider writing down the specific points raised in the Comprehensive Data Strategy in the "Background" section of the report. Since the Comprehensive Data Strategy comprehensively organized the points of contention regarding the Trust infrastructure, it is quite difficult for this Sub-Working Group to implement all of this. However, for example, in the future efforts of this draft report, it is also written that further institutionalization of e-seal is necessary, and there are certainly places where progress has been made on the points raised in the Comprehensive Data Strategy. I would like to consider writing down the progress and future prospects in an easy-to-understand manner.
    • As a person in charge of the time stamp system, the reason why the time stamp is insufficient for the fixed date is that it does not have a certification function to prove that it has been delivered to the other party. If the recipient side can affix the time stamp, it is controversial whether or not it is treated as the fixed date. Since we have to consider the certification that it has been delivered to the other party, there is a mechanism called e-delivery in eIDAS. Then, what should be done to implementation e-delivery in the Japanese market is the world of telecommunications, and we are conducting research and study.
      Regarding the guidelines on e-seals, we believe that it is ideal for the government to first create guidelines and launch a voluntary certification system by private sector, as was the case with time stamps in the past. We believe that we can take the first step in the form of the so-called private sector certification system. At the beginning, as stated in the comments from the members who were absent today announced by the Secretariat, it was pointed out that a solid legal system and legal scheme by the government is necessary. As we move forward with the private sector certification system, it will become clear that this must be done by the legal system, and that the private sector voluntary system will be sufficient. Accordingly, we believe that we can examine the ideal form of the certification body and the legal framework.
    • Regarding the basic policies of the Trust Policy, for example, if it is the national Trust Policy, in the government information systems, public service, and online application systems, for systems with such a degree of impact for each risk, Trust services with such a guarantee level, I think it is a document that shows whether it is an electronic signature, a time stamp, an e-seal, or an e-delivery. The electronic signature and e-seal with the guarantee level are documents that sort out how the guarantee level is secured in accordance with such technical standards, for example. Therefore, if it is the national Trust Policy, the Trust Policy shows that the national government trusts data, systems, and services if they are guaranteed in this way. My understanding is that the basic policies of the Trust Policy described here have been shown in this report that they will be compiled based on this concept and system.
    • It is important to organize the common Issue with the entire comprehensive data strategy and program management. That is the point that we had a lot of difficulty in advancing the sub-working group this time, so regarding how to proceed in the future, I would like you to organize the system and process of the program management.
    • There are still places where discussions are likely to continue, and the sub-working group is only one more meeting, so I would like to create some kind of communication channel and consider a meeting where you can have detailed discussions.
    • I would like to express my gratitude for the open discussion. When the Comprehensive Data Strategy was compiled last year, we set extremely ambitious goals for Digital Agency to be created in the future. When we tried to actually do this, this sub-working group was held at a rapid pace, twice a month, and I think that there were many opinions and discussions at an extremely high level each time. On the other hand, the more we tried to discuss each issue based on facts, the more difficult parts became apparent. Today, there is quite a lot of discussion about even the definition of Trust, and even if we look at definitions including ISO and eIDAS, it is difficult to understand them as concepts internationally, but it is still progressing on an on-going basis. Today's discussion once again shows this.
      Today, there is talk of a third party perfection, but the more we discuss the details, the more it will be related to the foundation of the system. This is not something that can be decided by Digital Agency alone, but something that the Government must do as a whole. The LDP has given guidance to listen to the opinions of people from various perspectives, and there are fluffy discussions on what to do with digital assets such as NFTs. On the other hand, I am worried that the world will become really strange if we do not coordinate solid discussions like those held by the sub-working group here.
      This time, I have received a very deep commitment from all of you. There are so many things that I have been able to see. I strongly believe that our system is never sufficient for the height of the mountains that have come into sight, and I strongly believe that Digital Agency must continue to firmly establish its system. At the same time, since this cannot be carried out by Digital Agency staff alone, I would like to consider how to address this issue as a whole society by properly combining the wisdom of private sector and managing the program. In order to make the multi-stakeholder model work, and to receive and institutionalize the matters discussed there within the government, various adjustments of interests will occur, so I would like to ask for your continued guidance. This issue is becoming more important not only in Japan but also in the world, and I believe that search is underway, so I will make steady efforts so that Japan will not be subordinated to other countries, and so that Japanese people and companies will not be disadvantaged by not being connected.
  • The secretariat explained that the meeting materials will be published on the Digital Agency website later, that additional opinions and questions will be communicated to the secretariat and used by the secretariat as a reference for future operations, and that the minutes of the meeting will be published after the members confirm the content.
  • The secretariat explained that the next meeting of the sub-working group is being arranged to be held online from 3:00 p.m. on Wednesday, June 29, 2022.

End