PKI in Japan: Privacy a prime concern

Japan's law on digital signature and certification took effect on April 1, 2001, with the purpose of promoting a secure e-commerce environment for the country where privacy can be ensured.

Japan's law on digital signature and certification took effect on April 1, 2001, with the purpose of promoting a secure e-commerce environment for the country where privacy can be ensured.

It was legislated in May 2000 under the initiative of the Ministry of Public Management, Home Affairs, Posts and Telecommunications (MPHPT), Ministry of Economy, Trade, and Industry (METI), and Ministry of Justice (MOJ) to facilitate usage of digital signatures and certification, giving them the same status of recognition as an ordinary signature, and sealed private papers.

The growth of the electronic commerce market and the need for secure communications between different industries has resulted in a push for the promotion of an electronic certification system.

There are already existing electronic data interchanges (EDIs) for use amongst different industry players, but some kind of standardization across industries is still needed for the management and policies pertaining to a secure key infrastructure.

First started as the Japan Electronic Certification Systems Promotion Initiative (JECSPI) by several commercial entities such as Fujitsu, Hitachi, NEC, NTT, IBM Japan, Toshiba and Mitsubishi, JECSPI was eventually handed over to the Certification and Notarization Working Group under the auspices of the Electronic Commerce Promotion Council of Japan (ECOM).

Presently, the committee is still working through issues pertaining to liability risk of CAs, privacy of information and damage compensation. A recent study showed that 70% of survey participants at a Japanese business conference were concerned about a lack of privacy regarding their personal information, making it the greatest cause of concern when it comes to e-commerce.

Though the need for a secure infrastructure was started primarily for the purpose of B2B commerce, a few initiatives by the government have been forthcoming for public access and use under the government certification infrastructure (GPKI), with a CA functioning as a bridge between different ministry CAs.

Several administrative procedures have already been computerized and moved online, including a computerized public procurement system headed by the Ministry of Land, Infrastructure and Transport (MLIT).

Read more about PKI in Asia.