9th Promotion of DX Sub-Working Group Meeting Held to Secure Trust

Overview

• Date and Time: Monday, April 25, 2022 (2022) from 14:00 to 15:45
• Location: Online
• Agenda:
  1. Opening
  2. Proceedings
     1. Explanation of Secretariat Materials (Secretariat)
     2. Free discussion
  3. Adjournment

Materials

• Agenda (PDF/95KB)
• Exhibit 1: Secretariat explanatory materials (PDF / 1,500 kb)
• Proceedings Summary (PDF/252KB)

References

• Promotion of DX Sub-Working Group Meeting to Secure Trust (PDF / 65 kb)

Relevant policies

• Data Strategy

Summary of proceedings

Date

Monday, April 25, 2022 (2022) from 2:00 p.m. to 3:26 p.m.

Location

Held online

Attendees

Members

• Hiroshi Ota (Partner, Nishimura & Asahi)
• Natsuhiko Sakimura (Senior Researcher, Tokyo Digital Ideas Co., Ltd.)
• Kazue Sako (Professor, Department of Information Science and Engineering, School of Basic Science and Engineering, Waseda University)
• Satoru Tezuka (Professor, Faculty of Environmental Information, Keio University) [Senior Researcher]
• Soshi Hamaguchi (Senior Staff Member, Keio University SFC Research Institute)
• Tatsuya Hayashi (Director of LocationMind Co., Ltd.)
• Hiroshi Miyauchi (Attorney, Miyauchi & Mizumachi IT Law Office)
• Kazuya Miyamura (Partner, PwC Arata LLC)
• Makoto Takamura (Counselor to the Director-General of cybersecurity, Ministry of Internal Affairs and Communications)
• Hiromasa Kiyo (Senior Assistant, Commercial Affairs Division, Civil Affairs Bureau, Ministry of Justice) *
• OKUDA Shuji (Director of the cybersecurity Division, Commercial Information Policy Bureau, METI)

Observer

• Satoru Ijichi (Executive Director of the time business Accreditation Center, Information and Communication security Division, The Japanese Telecommunications Association)
• Takayuki Idaka (Special Advisor for medical care Information Technology, Research development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
• Daishu Ohta (Chairman of the External Affairs Department of the Digital Trust Council)
• Hirohisa Ogawa (Chairman of the Steering Committee of the Nippon Trust Technology Council and Senior Researcher, Cyber security Strategic Group, Digital Innovation Division, Mitsubishi Research Institute, Inc.)
• Mikio Ogawa (Executive Director of Administration and Settlement Systems Department, Japanese Bankers Association)
• Tetsuro Okuno (Deputy Director of the General Affairs Division, Ministry of Health, Labor and Welfare Pharmaceutical and Environmental Health Bureau) * Attendance by proxy
• OGURA Takayuki (General Manager of Corporate Sales Department, Shachihata Inc. Systems)
• Seiji Kaneko (Director of the General Affairs Division, Pharmaceutical Affairs and Environmental Health Bureau, Ministry of Health, Labor and Welfare) * Attendance by proxy
• KOMATSU Hiroaki (Partner, Tokyo IT Audit Department, KPMG AZSA LLC)
• Hajime Sato I (Executive Director of the Policy Department of the New Economy Federation)
• Sato Tatewaki (Cloud-based Electronic Signature Service Council Secretariat)
• Koichi Shibata (Executive Director in charge of DX Service Planning Department and Chairman of the Planning and Operation Subcommittee of the Trust Service Promotion Forum, Seiko Solutions Corporation)
• Kenichiro Shimai (Deputy Director of medical care Information Technology Promotion Office, Research and development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
• SHIMAOKA Masamoto (Senior Researcher, IS Research Institute, SECOM CO., LTD.)
• Kikuzo Sodeyama (Director of SKJ Sogo Tax Accountant Office)
• Hajime Toyoshima Kiyoshi (DigitalBCG Japan Managing Director)
• Yuji Nakasu (Vice President of Government Affairs, SAP Japan Co., Ltd.)
• NAKATAKE Hiroshi (Representative of Global Legal Entity Identifier Foundation (GLEIF) Japan Office)
• Akira Nishiyama (Special Member of the Electronic Certification Bureau Conference (Representative of Future Trust Lab))
• Eiji Nozaki (Director of the General Affairs Division, Supervisory Bureau, Financial Services Agency
• Akihide Higo (Project Owner of the Digital Identification Project Team, Incubation Lab, Digital Architecture and Design Center (DADC), Information-Technology Promotion Agency (IPA))
• Tomoaki Misawa (Partner, PwC Arata LLC)
• YAMAUCHI Toru (Managing Director of the Association for the Promotion of Information Economy and Society and Director of the Digital Trust Evaluation Center)
• WAKAMEDA Mitsuo (Senior Researcher, Data Strategy WG, Planning Committee, Digital Economy Promotion Committee, Japan Business Federation)

Digital Agency (Secretariat)

• Masanori Digital social common function Group, Group Director, Shusaku Indo, Group Deputy Director, and others

Minutes

• The Secretariat explained Material 1 "Explanatory Materials for the Secretariat."
• In the open discussion, the following remarks were mainly made.
  • Regarding the basic policies of the Trust Policy, we are honored to have the contents announced at the 5th Sub-Working Group as an issue for policy formulation reflected. Regarding international compatibility, it is necessary to announce that it is an international standard, not a specific country. This is a point that leads to related technology neutrality. At the same time, it is important to have an ecosystem that can be continued. In particular, it is important for users to know the economic foundation that can be operated and operated stably. The first and second layers are not particularly special, but in Digital Agency, public and private sectors, including Government Cloud, are actually implementing policies for data connections infrastructure, so it is good to be aware of its relevance.
    Secretariat material (Reference 5) Regarding Trust that is considered to be necessary for personal procedures, it can be said that the use cases that people who want Trust consciously think of is the case of non-continuous events that occur suddenly. Things that are used every day implicitly accept an appropriate level of use cases by themselves, but the Trust factor becomes important in things that are not used every day. A mechanism that combines the discontinuity between daily use and sudden important events is required. This can be rephrased as a story of reputation. The accumulation of acts and their continuity, and time from the past are very important points. Trust
    Regarding incentives for participation in the multi-stakeholder model, in light of past expert meetings, the biggest point is that we want national policies to be taken in the right direction purely as experts, not as rewards. Of course, when we participate with the approval of Company organization, etc., we think that there is a motivation to participate from the perspective that we want the parts that affect the project to be seen in the right direction as well. From that perspective, not only the purpose, but also the parts that the processes, processes, experience of participation, and opinions were adopted, and even if they were not adopted, the parts that the opinions were expressed and were useful for the discussion may be included in the contribution. It will be so-called honor and honor, but even in open source software, it is said to be "Cathedral and Bazaar," but it is considered to be the same as the list of experts, and it is worth the incentive to keep a record of the participants' contributions on the Digital Agency site. In the past, when we asked companies and central government agencies to support international standardization activities, we heard that companies are very reluctant to provide resources, but it is easier to use business time if there is a clear evaluation of the contribution, such as a minister's certificate of merit, for the results. So, I would like to input this.
  • I agree with the talk of incentives. Regarding the overall image of the outline (draft) of the report, there are places where the content of the discussion is not necessarily covered. The overall image is the face of the report, so I would like you to consult with the chairman and make sure that the content of the main body of the report is fully covered in the completed form.
    Regarding "1. Scope of Discussion on Trust (2) Areas for Intensive Consideration on Trust," I would like you to list the opinions that consideration on private sector is more useful. In "2. Survey on the Status of Trust Securement (2) Scope of Introduction of Trust Services," the difficulty of selecting services is mentioned as a, but how to select it has not been mentioned much since "4. Promotion of the Use of Issue Services in administrative proceduer." Depending on Trust services and applications, there are levels of security and appropriate Trust services, so it is very important to clarify such a relationship. I would like you to take it up in Chapter 4 and subsequent chapters. Trust Trust Issue
    2. In (4), it is written that "there are still Issue in which Trust is considered to be a hindrance to digitalization." Here, when Trust is referred to as a hindrance to digitalization, I think that Trust is written in the sense that physical Trust is a problem, such as the need for interviews and seals. I think that the meaning of "Trust is still a hindrance to Trust" is different from the meaning of Okinawa in this sub-working group, so I would like it to be written so as not to be confused.
    In Chapter 3, as a "policy and legal Issue," Issue is mentioned regarding the status of e-seals and the evidentiary power of electronic contracts. However, I feel that this is also not covered in Chapter 4 and subsequent chapters. Therefore, as long as it is listed as a Issue here, it should also be covered in Chapter 4 and subsequent chapters.
    As a main opinion on the announcement of the "Evidential Power of Electronic Contracts" in "(Reference 8-2) Trust Service Issue," the necessity of sorting out the two stage presumption is stated. However, the Q & A on Article 3 of the Electronic Signatures in Global and National Commerce Act issued by the government mainly shows the rough content of the second stage presumption, in particular, the fact that authenticity can be established if there is a measure called electronic signatures. However, regarding the so-called "first stage presumption," which is the presumption that the act of affixing a seal is presumed if there is a seal impression in the case of a seal, sorting out the case where the act of affixing a seal is digitized has hardly been discussed yet. How to look at the "first stage presumption" in terms of the method of electronic signatures should be examined.
    Regarding Chapter 4, regarding the concept of Trust, which is that there was a high need for Trust in the administrative field, the phrase "Trust is still a hindrance" may include physical Trust, so we would like you to devise how to write it. In addition, we believe that it is important to update the technical standards of the public certification infrastructure, but as a particularly important example, there is a response to international standards such as AATL, so we would like you to specifically mention it.
    Regarding "(Reference 9) digital completion Infrastructure Image to Enable Trust," it seems to be insufficient because it focuses on ID. In particular, such electronic signatures and e-seals are required for the notification of disposition mentioned in (ii) and (iv). Such points should be clearly described as the infrastructure image, and GPKI, LGPKI, and JPKI in some cases should be specified as those that support such Trust services.
    Chapter 6 (1) describes how to ensure the quality of Trust services. This is probably the first time that this sub-working group has considered how to ensure the quality of Trust services. What I want to say here is about technical standards, operating standards, and public and private certification systems, so it is better to write down in detail. Regarding ID, it is called assurance level, and ID providers can be considered as part of Trust services in a broad sense, so it is not necessary to use a different term for Trust services. It can be said for certain that Issue, when considering how to ensure the quality of Trust services, may not be able to secure a system as a country, but that does not mean that it will be a case of private sector. First of all, it is necessary to consider and develop measures to secure such a system as a country. The description of Issue in other discussions is difficult to take meaning, so it is better to add it.
    Regarding the basic policies of the Trust Policy, Trust services, which are mainly considered by this sub-working group, will be centered on Layer 1 and Layer 2. Layer 1 and Layer 2 have various properties that are required above Layer 3. To realize this, the ideal way of Trust is to consider how Layer 1 and Layer 2 should be and build the whole. In that sense, we should promote the realization of Trust services in Layer 1 and Layer 2 to support Layer 3 and later.
    Regarding the proposal for a review system for the future construction of Trust infrastructure, in the section on the ideal way of short-term review, it is written that "Digital Agency will provide a forum for discussion." Is it correct to understand that this is written in the sense that Digital Agency will provide such a forum in the sense that we will work with a multi-stakeholder model?
  • There is no problem with that recognition. Regarding the part on transactions and procedures between the private sector and the private sector in the column of the ideal way of consideration, Digital Agency provides a multi-stakeholder forum where stakeholders can discuss.
    With regard to the comments on the ideal way of quality assurance for Trust services, I recognize that there was no agreement in the discussions of this sub-working group on whether the assurance level can be discussed comprehensively as one of the axes for Trust services. I think that it is fine to describe it as a technical standard instead of quality assurance, but I would like to consider what kind of description is appropriate.
  • Regarding the overall image of the outline (draft) of the report, 6' and 7' appear many times like a "low tone" throughout the report. Regarding the meaning of the terms "international compatibility" and "international interoperability," when writing the report, I would like you to write that both the technical and legal aspects have been agreed on by the terms "international compatibility" and "international interoperability," in the form of the need for interoperability in the technical sense and the need for a level of legislation sufficient to be mutually certified by, for example, the EU. In the third layer of the Basic Guidelines for the Trust Policy, the term "international compatibility" also appears. If only the international standards organization is described, it tends to be limited to the technical aspect. Therefore, I would like you to incorporate the fact that it is necessary to ensure consistency in the legal system surrounding international Trust, which is being discussed by international standards organizations such as UNCITRAL.
    In addition, Chapter 5 describes how the members of the multi-stakeholder model should be composed. The form of incorporator and open entry may work well in such a framework in the technical world such as the Internet, but it is related to the reliability of transactions performed by various people in Trust, so it is essential to take care not to be dragged by the interests of specific stakeholders as a whole. It is necessary to take care of the members participating in the multi-stakeholder model by calling out to them in Digital Agency to some extent and making sure that they are included, rather than taking the form of being led by an incorporator who raises his own hand.
    As for the outer edge of the members who will participate, I think that open entry is fine, but Trust services can affect everyone, and in the presentations by experts so far, some people seem to have conflicting interests, so it is necessary to consider that the discussion will proceed in a neutral manner as a whole.
    (3) Regarding the Issue of the study on the quality guarantee of Trust services, it is written that if the government guarantees the quality guarantee of Trust services, the government may not be able to ensure a system to maintain and audit the latest specifications. This seems to be an excessive consideration of the responsibility of the government. The Trust of transactions conducted in the paper world is secured to a certain extent by registered seals and content certification, but all of this is at the level of "presumption" in legal terms, and if it cannot be relied on, it can be disproved. Therefore, it is extremely burdensome for the government to guarantee 100%. If the government shows guidelines and those that conform to them can be relied on by people involved in various transactions to a certain extent, I don't think it necessarily means that the government must continue to maintain the latest specifications or conduct audits perfectly. I would like you to devise such a matter in the report.
  • Regarding the proposed framework for future Trust infrastructure, the short-term "Study on private sector in Online Transactions and Procedures in Issue" is expected to have a wide range of patterns. In that case, considering the recent international situation, it can be said that talks on payments and digital currencies are moving quite rapidly, even in light of the Russian invasion of Ukraine. In the past, FATF responses were mentioned in Issue, but I think that moves in use cases related to remittances and payments are expected to accelerate rapidly overseas. From the perspective of agile governance, it is better to assume that use cases will have to be dealt with urgently by outsiders from overseas as a future organization of use cases. The rapid changes in international trends should be taken into account when considering the framework for discussion and the stakeholders involved.
  • Although there was a sense of free participation in the multi-stakeholder approach, it is worth considering an approach in which representatives are represented by each stakeholder group so that some stakeholder groups do not dominate in terms of quantity. The OECD is typically like that.
    Regarding the "Study on the Way of Ensuring Quality of Trust Services," there was talk of long-term maintenance due to the involvement of the national government in specifications and standards, but it is quite difficult for the national government and the administration to take action at a detailed level. Against this background, it is written with the assumption that international standards and area standards will be referred to. I think that it is assumed that by referring to international standards, the burden on Digital Agency will be reduced and more effective policies will be possible to be realized, so I would like to confirm with the Secretariat.
    Regarding the basic policies of the Trust Policy, there was an opinion that the discussion of this subworking would depend on the first and second layers, but I think that is narrow. The range presented by the Secretariat must be included, and in particular, the third and fourth layers are important for the spread of Trust services. Even if open banking is conducted overseas, it is very important how much the response of the user experience should be. The purpose of this subworking is to connect to the digital completion and Automation Principles in the sixth layer, so I think it is shallow and deep, but it is necessary to take a good look at this.
  • As you understand. As for Digital Agency, I stated that there are such things as Trust to consider when considering the quality guarantee of Issue services. In the final report, I would like to supplement it so that it can be meaningful.
  • In "(Reference 6) Trust Awareness of Issue Services," the highest percentage of interest in examples of possible future infrastructure development and dissemination of Trust services is "establishment of methods that can be introduced at low cost," followed by "provisions for legal effectiveness (evidentiary power)." When considering the dissemination of Trust services, whether or not they will be used by SMEs is a very important Issue. Therefore, it is necessary to make it known to SMEs that they can be introduced at low cost or that they can obtain greater benefits than costs by introducing them. For example, it is necessary to consider the creation of guidelines for the introduction of Trust services in private sector, and to consider low-cost auditing and certification systems when design.
    When I made a presentation on "Roles of Electronic Seal Impression" in "(Reference 7-3) Needs of Trust Service and Issue," I said that it is necessary to discuss how to display the technical validation results to users in an easy-to-understand manner in the Trust service. However, this must be considered in combination with the assurance level. If the validation method is different for each service, when the relying party validation the data, it is difficult to spread the Trust service in an environment where the validation method, which is the guarantee level of the Trust service that guarantees the reliability of the data, is different for each servicer. In Europe, the European Commission operates the Trusted List of Trust in the eIDAS Regulation, which is a trust base, and the European Commission operates the Trusted List of in the AS Regulation, which is a service that can provide the legally effective Trust service by developing Trust anchors. In addition, the European Commission publicly provides the Trusted List of validation, which is an open source library widely available in development. Although the basic policy of the Trusted List of validation Policy is internationally compatible, it is necessary to establish the Trusted List of Trusted List in accordance with international standards. Regarding the draft basic policy of the Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of Trusted List of validation Trust Trust validation validation Trust validation validation Trust Trust
  • It is important for the validation infrastructure to be in a valid data state in order for the receiving party to validation the Trust service. International compatibility requires not only technology but also the development of legal systems to create a state of equal footing.
  • Since the report is read by readers with various backgrounds, I would like you to carefully explain the meaning of the words and make the description so that the logic is clear. For example, regarding the survey results, it makes sense that the report covers where the needs were, where the Issue was, and what should be done based on the survey results. The meaning of the words used in the report is important for what the survey report means, so I would like you to clarify the meaning of the words such as the scale of implementation and the implementation ratio so that the report can be read with trust. In addition, the expression "securing Trust" and the term "Trust service" are used interchangeably with the same meaning, so if they have almost the same meaning, it is better to unify them. I would also like you to carefully explain the difference between authenticity and truthfulness. In addition, I think the words "Trust Scope" and "Trust Policy" can be supplemented by the reader in various ways, such as who does what and how, and who does what and how, so I would like you to carefully explain that.
  • Overall, we received the efforts of the Secretariat. This sub-working group was originally the Trust Service Review Committee in Ministry of Internal Affairs and Communications, and was divided into two working groups, Time Stamp and e-Seal Review. In the flow that time stamps should be created as an international policy, it was organized as a notification in April 2021. In the IT Strategic Office, the Data Strategy Task Force was established and was in the flow of looking at Trust from the perspective of data. There was a flow that we had to discuss systems based on the idea that the Electronic Signatures in Global and National Commerce Act of Trust services had been established 20 years ago and should be reviewed. However, the issue of ID was added after Digital Agency. It is really good that the issue of ID was included. UNCITRAL has also been considering the issue of IdM and Trust services, including the legislation of the issue. It was very meaningful after Digital Agency that the system was established to consider both ID-related services and Trust services.
    There was a trend to look at data-related services and ID-related services in advance, but also for Trust services, I think it is necessary to scrutinize the standards for Trust services. There is no agreement on the assurance of Trust services, and there is a recognition that discussions have yet to be held firmly. Under such a trend, it is quite reasonable to focus on digital consultation from the perspective of use cases in terms of Japan's overall approach. At the same time, it is necessary to discuss the standards for Trust services themselves. It is important to prepare the future content of the secretariat draft to be compiled this time with an image of a starting line in this regard.
    It is important to carefully explain the method and words of the multi-stakeholder discussion without bias, and it is important to summarize the content of the meeting with transparency.
  • I would like to reply to some of the comments you gave me. About use cases such as remittances and settlements. I think it is very important, but in addition to Digital Agency, Ministry of Finance, the FSA and the BOJ are also working, so what roles Digital Agency will play is Issue.
    Among the members, we agreed on the matter of SMEs and the possibility of validation. Regarding validation infrastructure, we have received an opinion that Open Banking has recently been aware of the significance of providing a continuous validation system from the time of development to the time of operation. We would like to include in the report the importance of policies for SMEs. In addition, we would like to include in the report that there were opinions on the significance of providing a continuous validation system from the time of development to the time of operation from the perspective of the assurance level of Identification and the quality guarantee of Trust services.
  • Trust services must contribute to Society5.0, DFFT, and DX. We would like to make a report in a form that can contribute to these things.
  • I would like to express my gratitude for the very active discussion today. Based on the content of the guidance, I would like to issue a solid report and set up a new examination system in the future. In particular, there have been talks about overseas applicability and new use cases, but there are also overseas initiatives to sign photos and videos that have been only attached with metadata for a long time. Or there are talks about DARPA funding the addition of the security function to the chip itself to the automatic. Therefore, it has become an era in which Trust is embedded in various devices in society in a much wider range than Trust had previously been considered. How to ensure the authenticity of data and interoperability in countries around the world will become increasingly important.
    Under such circumstances, some people may feel that a series of discussions are being conducted in a roundabout way, but first of all, at the time when Digital Agency has just started, I would like to advance carefully while explaining to politics, including how the group of discussions should be. Here, I would like to crouch down firmly and build a base, and I would like to work on discussions so that Digital Agency will not be left behind in the current of the times.
• The secretariat explained that the meeting materials will be published on the Digital Agency website later, that additional opinions and questions will be communicated to the secretariat and used by the secretariat as a reference for future operations, and that the minutes of the meeting will be published after the members confirm the content.
• The secretariat explained that the next meeting of the sub-working group is being arranged to be held online from 10:00 on Friday, May 20, 2022 (2022).

End