Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

The 8th meeting of the Trust Sub-Working Group, which secured Promotion of DX

Overview

  • Date and time: Friday, April 8, 2022 (2022) from 4:00 pm to 5:45 pm
  • Location: Online
  • Agenda:
    1. Opening
    2. Proceedings
      1. Explanation of Secretariat Materials (Secretariat)
      2. Free discussion
    3. Adjournment

Materials

References

Relevant policies

Summary of proceedings

Date

From 4:00 p.m. to 5:45 p.m. on Friday, April 8, 2022 (2022)

Location

Held online

Attendees

Members

  • Hiroshi Ota (Partner, Nishimura & Asahi)
  • Natsuhiko Sakimura (Senior Researcher, Tokyo Digital Ideas Co., Ltd.)
  • Kazue Sako (Professor, Department of Information Science and Engineering, School of Basic Science and Engineering, Waseda University)
  • Satoru Tezuka (Professor, Faculty of Environmental Information, Keio University) [Senior Researcher]
  • Soshi Hamaguchi (Senior Staff Member, Keio University SFC Research Institute)
  • Tatsuya Hayashi (Director of LocationMind Co., Ltd.)
  • Hiroshi Miyauchi (Attorney, Miyauchi & Mizumachi IT Law Office)
  • Kazuya Miyamura (Partner, PwC Arata LLC)
  • Makoto Takamura (Counselor to the Director-General of cybersecurity, Ministry of Internal Affairs and Communications)
  • Hiromasa Kiyo (Senior Assistant, Commercial Affairs Division, Civil Affairs Bureau, Ministry of Justice) *
  • OKUDA Shuji (Director of the cybersecurity Division, Commercial Information Policy Bureau, METI)

Observer

  • Satoru Ijichi (Executive Director of the time business Accreditation Center, Information and Communication security Division, The Japanese Telecommunications Association)
  • Takayuki Idaka (Special Advisor for medical care Information Technology, Research development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
  • Daishu Ohta (Chairman of the External Affairs Department of the Digital Trust Council)
  • Hirohisa Ogawa (Chairman of the Steering Committee of the Nippon Trust Technology Council and Senior Researcher, Cyber security Strategic Group, Digital Innovation Division, Mitsubishi Research Institute, Inc.)
  • Mikio Ogawa (Executive Director of Administration and Settlement Systems Department, Japanese Bankers Association)
  • Tetsuro Okuno (Deputy Director of the General Affairs Division, Ministry of Health, Labor and Welfare Pharmaceutical and Environmental Health Bureau) * Attendance by proxy
  • OGURA Takayuki (General Manager of Corporate Sales Department, Shachihata Inc. Systems)
  • Seiji Kaneko (Director of the General Affairs Division, Pharmaceutical Affairs and Environmental Health Bureau, Ministry of Health, Labor and Welfare) * Attendance by proxy
  • Hiroaki Komatsu (Partner, Tokyo IT Audit Department, KPMG AZSA LLC)
  • Hajime Sato I (Executive Director of the Policy Department of the New Economy Federation)
  • Sato Tatewaki (Cloud-based Electronic Signature Service Council Secretariat)
  • Koichi Shibata (Executive Director in charge of DX Service Planning Department and Chairman of the Planning and Operation Subcommittee of the Trust Service Promotion Forum, Seiko Solutions Corporation)
  • Kenichiro Shimai (Deputy Director of medical care Information Technology Promotion Office, Research and development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
  • SHIMAOKA Masamoto (Senior Researcher, IS Research Institute, SECOM CO., LTD.)
  • Kikuzo Sodeyama (Director of SKJ Sogo Tax Accountant Office)
  • Hajime Toyoshima Kiyoshi (DigitalBCG Japan Managing Director)
  • Yuji Nakasu (Vice President of Government Affairs, SAP Japan Co., Ltd.)
  • NAKATAKE Hiroshi (Representative of Global Legal Entity Identifier Foundation (GLEIF) Japan Office)
  • Akira Nishiyama (Special Member of the Electronic Certification Bureau Conference (Representative of Future Trust Lab))
  • Eiji Nozaki (Director of the General Affairs Division, Supervisory Bureau, Financial Services Agency
  • Akihide Higo (Project Owner, Digital Identity Verification Project Team, Incubation Lab, Digital Architecture and Design Center (DADC), Information-Technology Promotion Agency (IPA))
  • Tomoaki Misawa (Partner, PwC Arata LLC)
  • YAMAUCHI Toru (Managing Director of the Association for the Promotion of Information Economy and Society and Director of the Digital Trust Evaluation Center)
  • WAKAMEDA Mitsuo (Senior Researcher, Data Strategy WG, Planning Committee, Digital Economy Promotion Committee, Japan Business Federation)

Digital Agency (Secretariat)

  • Group Manager of Digital social common function Group Masanori Kusunoki, Group Deputy Manager of Shusaku Indo Group, etc.

Minutes

  • The Secretariat explained Material 1 "Explanatory Materials for the Secretariat."
  • In the open discussion, the following remarks were mainly made.
    • In some cases, sufficient knowledge and users' needs cannot be taken into account only within the government. Therefore, it is better to hold a workshop in which all stakeholders are present, obtain oral and written comments, reflect them in the draft, and submit it to Pub Com. At the workshop, one person from each stakeholder group can speak.
      Regarding technical standards, it is good to refer to international standards or area standards that are considered to be equivalent to them. For example, it is typical to refer to ETSI standards in the EU. Regarding concerns about controversy, it is good to send project leaders and chairs from Digital Agency to standardization bodies. In fact, the chairman of the iGov working group of the OpenID Foundation was from NIST, and the chairman of the HEART working group was from MITRE, a non-profit organization funded by the US federal government. Standardization bodies that follow the process set forth in the TBT Agreement are more efficient than starting from scratch because they already have a mechanism to create documents efficiently, and it is cheaper because it is a mechanism to let private sector experts work. In addition, in order to let private sector experts work, it is necessary to make them feel the significance of it, so it is also a check whether it is meaningful to do it. It is possible to prevent favoritism because there will be people with different interests due to open participation. In light of this, it is quite possible to use international standardization bodies well.
    • I feel that there are many stakeholders in the proposed secretariat of the multi-stakeholder model. Workers and consumers are not always necessary. For example, when electronic power of attorney or qualified invoice exchange is involved, workers are unlikely to be involved, and consumers are unlikely to be involved. I am not opposed to the involvement of these people, but it would be clearer to think that industry, workers and consumers are collectively equivalent to the Civil Society, and that workers and consumers are included as members as necessary.
      The multi-stakeholder operator includes the ministries and agencies responsible for the system, but the ministries and agencies responsible for law should also be included. For example, the Electronic Signatures in Global and National Commerce Act and time stamp are under the jurisdiction of law, but there is no such thing as the ministries and agencies responsible for the system, so it is necessary to include the ministries and agencies widely. In addition, although it is not specified in the multi-stakeholder secretariat proposal, we believe that there should be a secretariat function, and that is Digital Agency.
      The first bullet on page 9 says "private sector Online Contract and Procedure," but it should be a transaction. Transactions include invoices, receipts, and quotations, and these need to be considered. I would like to see e-seals included in the content of the proposal. It is possible that e-seals can be used for notifications of facts, such as invoices and quotations, instead of electronic signatures of representatives, etc., instead of declarations of intent, such as contracts. It is very good that the second bullet says that it can be used to respond to remote signatures, etc., of Electronic Signatures in Global and National Commerce Act. Witness e-signatures are very similar to remote signatures in terms of technology and management, and should be considered together or in a separate forum.
      As for the needs of the business community, with regard to the digitization of the notice of assignment of receivables, it would be good to discuss the validity of the time stamp in relation to the fixed date.
    • In the multi-stakeholder model, it is considered that a mechanism for receiving support is created from the bottom up, and those that are desired to be flexibly revised, such as technical specifications and guidelines, are targeted. On the other hand, those that seem to have a large scope of influence and those that are enforceable must be dealt with from the top down. For example, those that have large disincentives and those that have penalties must be dealt with in a different way from the multi-stakeholder model. It is very important to be transparent about measures to efficiently operate the multi-stakeholder model. It is unfair to say that it is open but the Issue setting is done in a place where it cannot be seen in advance. The materials of this sub-working group will be disclosed in Digital Agency at a very high speed. It is very good that the transparency of the process before starting the multi-stakeholder model can be secured by the discussion here.
      It is also important to make it known that there are such places. The central government and Digital Agency are good at making various things known to society. It would be very appreciated if the decision process of various things could be open and the bootstrap could be secured in a visible manner.
    • Regarding the proposed schedule of the Secretariat, it is suggested that two discussions will proceed from the autumn of 2022: an example of administrative consideration and a multi-stakeholder model based on Trust. On page 5, examples of administrative consideration include the future status of GPKI, LGPLI, and JPKI, the technical standards and utilization policies of Trust services used for public certificates, and the level of identity verification required for electronic contracts in government procurement. These may be important inputs to the consideration of private sector related to Issue online contracts and procedures that must be considered in the multi-stakeholder model, responses such as remote signing of Electronic Signatures in Global and National Commerce Act, and consideration of the modernization of technical standards.
      In the multi-stakeholder model, there is a possibility that stakeholders in a conflict structure may participate, so it is expected that it will take time to reach an agreement. By having the government take the lead in discussions that will be helpful for discussions in the multi-stakeholder model as top-down government standards, it will be possible to refer to them in bottom-up discussions. By doing so, it will be possible to operate the multi-stakeholder model efficiently while ensuring transparency.
    • If you think that consumers and labor unions are irrelevant as stakeholders, you can just skip the meeting, and you should prepare a chair for stakeholders. There was a talk that multi-stakeholder discussions would take time, but it does not necessarily take time. In the OECD, the stakeholder is the Advisory Council, and although it provides advice, the final decision is made by the government committee, which is a full member.
    • It is difficult for the participating parties to understand the scope of what is being discussed in this sub-working group and what is being discussed in the sub-working groups under the Comprehensive Data Strategy Promotion Working Group. In promoting the multi-stakeholder model, various people will come in, so it will be more difficult to have a common understanding. Unless the scope of the discussion on Trust services to be examined in the multi-stakeholder model and the related movements around it are shared in a visible manner, the discussion will not proceed in a targeted manner. In addition, since the Trust mentioned in the Issue service may appear as a common base registry in the Issue handled by other sub-working groups, it is important to organize the management of the Issue and to what extent it can be affected in order to conduct efficient discussions.
      Regarding the agenda to be dealt with in the multi-stakeholder model, in the case of private sector, if we consider the transaction, the relevant use cases will be specifically mentioned. Regarding the agenda, it is inevitable that additional changes will be introduced. If the overall response method of incorporating changes, including change control, is also included in the agenda, it will be easier to operate when it is actually applied.
      With regard to stakeholders, it is necessary to flexibly adjust the relevant stakeholders because they differ depending on the use cases.
    • The arrangement presented by the Secretariat this time is very well thought-out, and I basically agree with it as a whole. In addition, regarding the operation of the multi-stakeholder model, the members are invited to be founders and open entries to ensure transparency, but in order to ensure transparency, it is essential to at least ask Digital Agency to join the multi-stakeholder model. I understand the idea of inviting people who can move their hands, but in that case, people with individual interests may move against the background of those interests, so it is necessary to invite people with a neutral position to join the multi-stakeholder model.
      As for the actors of the multi-stakeholder model, workers, consumers, and users are not necessarily involved in every use cases. A decision-making process in the form of free entry and self-responsibility is not common in the Japanese use cases. The most appropriate group is determined for each use cases, so it is unlikely that workers and consumers necessarily appear in every region.
      As a matter of course, matters related to legal matters are also examined by the Legislative Bureau and require legislative responses. Therefore, the multi-stakeholder model allows discussion on points of contention and matters to be included, but in the end, laws cannot be created in the multi-stakeholder model. Therefore, we believe that discussions in this multi-stakeholder model will be about parts that do not fall under legal matters and matters that can be addressed in guidelines.
    • This is a comparison of two cases, one in which discussions are centered on the administration and the other in which multi-stakeholder discussions are suitable. However, it should be expressed so that the difference between the two can be clearly understood. It is necessary to have a common recognition of whether the difference is that the administration is trying to expand the scope of experts beyond the existing framework to consumers and labor unions, instead of focusing on discussions with experts in the past, as in the case of the OECD. Or, it is necessary to have a common recognition of whether the same group of experts discuss various themes in a series of themes, and the experts can change freely within the organization for each theme.
      It is important to pick up voices from a wide range of users, and there was a talk that voices would be picked up by public comments. However, if you dare to post a public comment, it is something that the person does voluntarily, and if there is no incentive, it will not be delivered as a voice. In order for the government to actively listen to voices, it is important to have people speak as stakeholders. Regarding what kind of example is administration-centered and whether the multi-stakeholder model is good, if there are qualitative differences between the two, I would like to ask you to supplement it.
      Although I have expressed various opinions, I think it is important to first try this kind of challenging method. Under the current situation, it is good to pick up one that seems to be suitable for this method and implement it. As a result, there will be a review of what I think may not be suitable at present.
      In order to ensure the transparency of the multi-stakeholder model, it would be good to publish the minutes without delay so that anyone can access what kinds of discussions took place.
    • I think there are two qualitative differences. The first is that the administration is in charge of the system, such as GPKI and Government procurement. Although this is also related to many parties, there are also technical standards and other matters that can be independently examined by those who have the system. The second is that in the Digital Consultation, in realizing Phases I to III in the intensive reform period toward digital completion, many of the procedures assumed as examples are issuance from public authorities to the people and application to public authorities, so I mentioned as an example those that should be realized as soon as possible in a period of three years as a timeline. As pointed out by the members, cases to be examined by the administration are also related to many parties, so a process of hearing opinions is necessary in some form.
    • In the secretariat draft of the multi-stakeholder model, it should be summarized as roles, not divided by attributes such as business operators, workers, and consumers. For example, it should be divided by the perspective of what kind of contribution they are in, such as those who provide services, those who use them, and those who are experts in technology. In any case, I basically agree with the idea that multi-stakeholder and related parties must discuss together.
    • According to the comments I received on the chat function, regarding the multi-stakeholder model, most of digitalization is related to employment, and if there are users and consumers in every system, workers and consumers will be related in some way. On the other hand, it is quite difficult to find a person who can be constructively involved in the discussion in the multi-stakeholder model process. Whether the multi-stakeholder model is slow or fast depends on the process. How to reduce the burden on the secretariat is a concern. Regarding the burden on the secretariat in the multi-stakeholder model, it should be possible to significantly reduce the burden if it is cut out to an international standardization organization. The U.S. Ministry of Health, Labor and Welfare is a typical example. Regarding the planning to be adopted by ministries and agencies, I received an opinion that it is worth considering an approach in which Digital Agency acts as a control tower and cuts out to an international standardization organization so as not to be divided.
      In addition, if we make a model in which representatives speak collectively for each stakeholder group, irregular statements may be eliminated. It is important to include stakeholders in a well-balanced manner. It is better to discuss the opening of the door and mandatory participation separately. There is also an opinion that it is inappropriate to say that C is not necessary because it is B-to-B because there are naturally things that affect the privacy of individual consumers even in B-to-B. In summary of the opinions received, it seems to be common that it is important to include stakeholders for the issues and topics to be discussed.
    • What is important in multi-stakeholder is the relationship with the consultation. In what kind of consultation, what kind of members are selected becomes specific, and specific consultation is made and recommendations are made. How to select the most appropriate members for the consultation is important in multi-stakeholder. Another question is how to organize the relationship between the contents of activities in the international standards organization and the contents to be examined by multi-stakeholder. Depending on the contents of the consultation, there may be several patterns, such as directly utilizing the contents examined in the international standards, or having parts unique to Japan.
    • Remote signatures may be a good consideration for multi-stakeholder discussions.
    • ETSI may have established a standard for remote signature, which would make it less meaningful to discuss it independently in Japan.
    • It needs to be confirmed, but based on international trends, it seems that the JNSA is currently sorting out remote signatures, so there may be an opening. We may be able to further refine their compilation while watching international trends.
    • Regarding remote signatures, technical standards have been established by ETSI and CEN. However, the technical standards of ETSI and CEN are established as requirements for remote signatures to be qualified electronic signatures. In the Japanese case, even under the Electronic Signatures in Global and National Commerce Act, signature services that satisfy such technical requirements as qualified electronic signatures in Europe are not specified as legally effective services. Therefore, it is doubtful that the technical standards of ETSI and CEN are applied as they are. When the JNSA and JT2A develop the remote signature guidelines, they naturally confirm the technical standards of ETSI and CEN and develop the guidelines so that there is no significant difference from them.
    • There are two types of consultation: one is to gather experts for each consultation, and the other is to have a multi-stakeholder organization first and bring in consultations suitable for its members to consider. In the case of the OECD, it is the latter, where a multi-stakeholder stakeholder group is defined first and there is a meeting body within it. An agenda is set in advance by the secretariat, and representatives suitable for the agenda are selected by people in the stakeholder group. It has worked well for the past decades, so please refer to it.
    • With regard to multi-stakeholder, in order to reduce the function of the secretariat such as a regular review meeting, Digital Agency is recognized as one of the governments and business operators if it has a system in the multi-stakeholder community. I think that a mechanism in which a person who jointly edits materials and arranges discussions separately is necessary for the secretariat function.
    • Regarding the opinion that it may be possible to discuss the issue in a multi-stakeholder model from the perspective of responding to remote signatures and considering the modernization of technical standards, in that case, the scope of the discussion should be limited. First of all, since remote signatures are an area in which there are conflicts of interest among industry groups, in July 2020, the three ministries jointly issued a Q & amp; A on Article 2, Paragraph 1 of the Electronic Signatures in Global and National Commerce Act and a Q & amp; A on Article 3 in September. The legal arrangement has already been completed regarding what requirements should be satisfied in the abstract to be regarded as electronic signatures under Article 2, Paragraph 1 of the Electronic Signatures in Global and National Commerce Act and what internal controls should be in place within the corporation to be regarded as electronic signatures as a corporation. The remaining issues are the following. When a corporation actually uses an electronic signature in a transaction, it is the individual employee who operates the electronic signature. What type of internal control framework should be in place to ensure that an electronic signature performed by an individual employee can be regarded as the electronic signature of the corporation itself? What type of internal controls should be in place within the corporation to ensure that it can be regarded as an electronic signature as a corporation, and the modernization of technical standards. I think these are exactly the areas in which a multi-stakeholder model is suitable for discussion. However, the legal arrangement has ended with Article 2, Paragraph 1, Q & amp; A and Article 3, Q & amp; A. As far as remote signatures of electronic signatures are concerned, there may be an additional legal response.
    • If we do not set technical standards that realize "sufficient uniqueness" in Article 2, Paragraph 1 and Q & amp; A of Article 3, it will be confusing. How to organize the relationship between institutional theory, standardization, and technology is a very important point. At the institutional level, the national government has issued a policy in Q & amp; A, and some parts have been settled in a sense. On the other hand, the technical specifications of "sufficient uniqueness" when actually operating based on it have not been clarified. Operators are doing it based on their own thoughts, saying that they are safe, but it is important to gather all parties concerned and discuss it in a multi-stakeholder model. I think the discussion of Meta is quite true, but when an advisory is issued, what kind of accurate multi-stakeholder form will be taken is the question.
    • So-called remote signatures are pure remote signatures, and we recognize them as a type of remote signatures in which the key of the signer is entrusted. In this case, the current Electronic Signatures in Global and National Commerce Act does not allow the private key to be passed between the certificate authority and the remote Electronic Signatures in Global and National Commerce Act operator. Including such a case, there are still some parts that need to be done about the remote signature itself, although it may be at the enforcement rule level.
    • International standards are themselves multi-stakeholder if they are working in a proper international standardization organization. It should be considered that there are multi-stakeholders and they are cut out to the international standardization organization as a kind of multi-stakeholder process rather than international standards. It is better to cut out most of the technical things. There is debate over where to put out the policy things. Some of them may be discussed by, for example, the OECD, discussed internationally, and used as a legal instrument to fall into the legal system of each country. It is an idea that all of them are discussed at the international standards forum, and what is decided there is taken into one's own place. Of course, at that stage, what we want to do is incorporated in the process of discussion, but it is solidified overseas while it is said that it will be solidified at home and then taken overseas.
    • There is a view that it is preferable for Japan to take action based on Japan's way of thinking and strategy and to introduce it into Japan while discussing it internationally. In general, it is possible to export technological things overseas and do things like this, and there is also a strategy of making things by oneself in a de facto manner and making them an international standard. This is a case by case approach.
    • How many cases are there in which it is solidified in Japan and then taken overseas and succeeded? It may be a pattern in which it is consulted and issued by saying that it will be standardized outside in Japan, but it may be a pattern in which it can be decided within the government as soon as possible. It is a possible idea to issue it on the premise that domestic people will suddenly enter the international community, rather than having a multi-stakeholder discussion once in Japan and doing it internationally.
    • The multi-stakeholder model currently under consideration does not necessarily create a standard itself. It is a case-by-case matter whether the standard will be referred to as a guideline or a policy in Japan. Even if it is called an international standard, there are cases in which it is widely used as an international standard and cases in which it is not used. There are cases in which the background is different from that of Japan, such as the remote signature of ETSI. In considering the content to be handled by the multi-stakeholder model, the Secretariat would like to ask for specific examples of consolidating it domestically and bringing it as a standard, and examples of cases in which it is better to cut it out and discuss it at an international standardization organization.
    • What has been done internationally tends to be abstract so that it can be applied in all countries. When it is actually applied domestically, there may be a pattern in which a domestic profile is created in each country. International standards around open banking and their domestic profiles are occurring. ISO standards tend to be IS standards and have low hurdles. It is pointed out that there are many IS standards that are not used. The part where the background is different is that if the remote signature of ETSI is unique to Europe, it will be abstracted when it is made into IS, and the abstracted IS will be profiled again when it is applied to Japan. It is true that the multi-stakeholder model to be rotated as a country does not necessarily create a standard itself. It is a part related to technical standards that I said to the international standardization organization.
    • The multi-stakeholder model is a new attempt, and there are many parts that can be rotated. There are parts that are not filled in, including how to select participants, and it is necessary to improve it while actually rotating the process. I felt that there might be parts that are suitable or not suitable for this process depending on the setting of the title. In the background of thinking that the multi-stakeholder model is originally necessary, in the midst of the Issue surrounding so many Issue due to digitalization, the system of the Secretariat of Trust is not always sufficient, and if we try to do it by the conventional way of circulating the Council and the Study Group of public office, we may not be able to make the necessary decisions in a flexible manner in this rapid environment of digitalization. There are some parts that came out as a desperate measure. Regarding the request that Digital Agency should take more leadership in making decisions, it is only one year since Digital Agency itself was established, and there are expectations that if we can create a new model here, Digital Agency will not be a bottleneck and we will be able to secure the digitalization we really need. We would like to make it possible for Digital Agency to provide appropriate consultation. I recognize that many of you have actually experienced activities at various international standardization organizations and the multi-stakeholder process, so I would like you to continue to provide guidance and create a new planning process together. Digital Agency
  • The secretariat explained that the meeting materials will be published on the Digital Agency website later, that additional opinions and questions will be communicated to the secretariat and used by the secretariat as a reference for future operations, and that the minutes of the meeting will be published after the members confirm the content.
  • The secretariat explained that the next meeting of the sub-working group is scheduled to be held online from 14:00 on Monday, April 25, 2022 (2022).

End