TRON News Items for March 2005

21st Century COE Project at the University of Tokyo Discusses Protecting Personal Information

On March 16, the University of Tokyo's 21st century Center of Excellence (COE) project, which aims at creating the infrastructure for the next generation ubiquitous information society, gave a presentation titled "The Ubiquitous Information Society and Personal Information Protection." While there is not much public resistance to the creation of a ubiquitous information society in Japan, there is widespread public resistance to it overseas, particularly in the U.S., where new, intrusive security laws have been put into effect as a result of the events of September 11, 2001. In fact, as Prof. Ken Sakamura pointed out in the keynote address, resistance radio frequency ID tags is so strong in the U.S. that it has actually delayed the introduction of RFIDs into the supply chain, where they are expected to play a crucial role in managing the supply chain and preventing losses from employee pilfering and shoplifting by customers. Prof. Sakamura also touched on the matter of guaranteeing network security in his keynote speech, which was titled "Guaranteeing Security and Personal Privacy in the Ubiquitous Information Society."

Prof. Sakamura outlined some of the potential privacy/security problems of ubiquitous computing networks: (1) how do you prevent others from reading your RFID tags (passive tags), (2) how do you prevent others from reading your active ID tag in a land cell, (3) how do you guarantee privacy inside sensor networks designed with context awareness, (4) how do you guarantee privacy when RFIDs are thrown out with your garbage (one goal is to use RFIDs attached to discarded items to improve garbage disposal), (5) what if someone takes an RFID tag from a discarded luxury item and attaches it to a counterfeit luxury item, (6) how do you prevent people from remotely manipulating the sensor and appliance networks in your intelligent house, and (7) what if someone tries to copy the circuits in the security chip. The common thread running through all these potential problems is malicious intentions by humans and/or human organizations, including governments. Prof. Sakamura said that we need privacy levels based on laws, and that we need to think of various scenarios, including what happens if you go to court.

Since he is in charge of developing the infrastructure for Japan's future ubiquitous computing networks, Prof. Sakamura outlined the measures he has created to deal with the issues guaranteeing security and protection privacy. First and foremost is the eTRON security architecture, which is a ubiquitous security framework that can handle everything from securing communication between low level sensors in a local area network inside a family dwelling to managing secure electronic commerce transactions in wide area networks. In addition, he has created an "RFID identification blocking protocol," which is intended to prevent third party data mining based on the illegal accessing of RFID tags. Using this protocol, the information stored on the tag, including the identification number, can only be accessed with the permission of the owner. Finally, anti-tampering hardware technology is also being developed. This is particularly needed for things such as electronic money and credit and cash cards. The anti-tampering mechanism is designed to destroy data on the hardware unless the access is done in a predetermined manner.

After Prof. Sakamura spoke, a legal affairs specialist, Prof. Junichi Hamada, gave a presentation titled "Providing a System for Protecting Personal Information for the Ubiquitous Age." Surprisingly, efforts to regulate the use of personal information have a long history. Prof. Hamada described a list of eight principles that the OECD established in 1980, which are a collection of common sense guidelines that place limits on the gathering and use of personal data while requiring the consent of the individual plus institution of well defined security procedures for protecting those data. In addition to these principles, Japan is putting into effect in April a law for protecting personal information as part of its eJapan project. However, Prof. Hamada said that laws cannot completely regulate technology; they can mainly deal with fraud, the damaging of data, illegal access to data, copyright violations, etc. He also noted that new rules are needed concerning the use of electronic tags, rules for both standalone and network use, plus limits as to how much personal data can be released. He sees most of the problems coming from networks.

After Prof. Hamada spoke, Prof. Hideyuki Tanaka gave a presentation on the return on security investment (ROSI). As computer networks have grown in Japan, there have been increasing cases of personal data being leaked, which are leading to greater financial losses each year. There are also increasing cases of cash card fraud, which can sometimes occur at an interconnected ATM of another bank. As a result, security has to be planned on a national and industry-wide basis, which is expensive, so the question is how much to invest. The answer isn't as easy at it seems, since the biggest security problems usually involve people and their organizations, not the technology, which is only about 25 percent of the overall cost of a security system. Another problem is who pays for the losses that result from a security breach. In the case of cash card fraud in Japan, it is usually the bank customer, not the bank, who suffers the loss. As a result of increasing cases of cash card fraud, banks in Japan have instituted a new system that allows bank customer to set limits on withdrawals, plus new cash cards with biometric data are being studied.

The final presentation of the program was made by Mr. Taro Komukai, who is a senior researcher at the University of Tokyo. His presentation, "The Utilization of ID Information and Privacy--Protecting Personal Information," was interesting because he talked also talked about personal computers and the Internet, that is, home network terminals and a wide area network that spans the globe. As everyone knows, there are organizations that want to provide services via the Internet, and there are also people who would be more than happy to use them. Under ideal conditions, this merely requires the end user to submit identification information (password, electronic signature, biometric data, etc.), which is then verified prior to the provision of the service. However, there are also people who want marketing data, and others who would like to know which Internet sites others have visited, how long they have spent there, and what they have done there. This intrusive activity is done through the use of cookies and Web beacons, which can violate privacy and lead to court cases, which Mr. Komkukai described during his presentation.

During the final panel discussion, no solutions were proposed, although the problems of protecting personal data were analyzed from various angles. For example, Prof. Sakamura noted that today one can easily do a Web search of people using a search engine to obtain all sorts of information on a person. He also pointed out that sometimes violating a person's privacy, such as that of a missing child, can actually lead to their rescue. Prof. Hamada noted that personal data and privacy are different things. He also brought up the important point that for people to use network-based systems, they are going to have to trust them. Creating that trust is probably going to lead companies to make investments in security systems, That's the point that Prof. Tanaka continued to hammer away at. If you want to hide your face, you're going to have to buy a mask, and that costs money. Toward the end of the discussion, Prof. Sakamura proposed that security laws should be discussed. Indeed they should, because only governments have the resources to gather vast amounts of personal data and track people around the clock via networks.

Autonomous Movement Support Project Holds Meeting in Tokyo

The Autonomous Movement Support Project, which also goes by the name Free Mobility Assistance Project, held the third meeting of its promotion committee on March 17 at the Hotel Laforet in Tokyo. The main topic of the meeting, which took place around a table that was so huge one could not make out the faces on the other side, was to discuss the progress that had been made in implementing ubiquitous computing networks for autonomous movement in the port city of Kobe in western Japan. However, it was also announced at the meeting that the same technology is going to also be demonstrated at the international exposition currently under way in Aichi Prefecture, Expo 2005 Aichi, Japan. The Ubiquitous Communicator (UC) will be used to give multilingual guidance in the Nagakute Area of the expo site, and autonomous movement support in the Seto Area of the expo site (see the expo site map here). In addition, IC tags are going to be widely used during the course of the exposition. A description of the advanced technologies that we be demonstrated at expo, are listed on the expo's Web site (here).

During the meeting, Prof. Ken Sakamura gave a keynote address, and he also showed a video of the technologies that he has created at the YRP Ubiquitous Networking Laboratory. The video showed the UC and ucode-based RFIDs being used to get information on various products, keeping track of food inside a refrigerator, interrogating medicine bottles, making garbage disposal more efficient, and helping in the cultivation of farm crops. The UC was also shown giving information on historical points of interest, and the video ended with comments by the visually impaired Sadao Hasegawa and the hearing impaired Hiroshi Hasegawa. Both of these men were present at the meeting in the Hotel Laforet, and they gave their impressions on the state of the technology developed to date. Mr. Sadao Hasegawa talked about the need to be able to distinguish the men's room from the ladies' room, and he would also like to communicate with things inside vending machines. Mr. Hiroshi Hasegawa talked of the need for content creation, which is progressing. He said people in wheelchairs are in need of it. He also talked about security and the handicapped.

The main technical topic of discussion was "intelligent triangulation points," which are being specially developed to provide navigational information with greater accuracy than would be available solely by relying on the GPS system. These intelligent triangulation points along with beacons are going to be installed at more and more places throughout Kobe, which is the city that has been selected to serve as the test bed for the new technology. In addition, it was noted that security policy discussions dealing with autonomous movement support would begin in the month of April. In spite of that fact that most of the implementation of this technology is taking place in western Japan, local government officials from the Tokyo Metropolitan and Aomori Prefecture governments were also present at the meeting. In addition, there were representatives from various industries, such as NYK Line which is hoping to use ubiquitous networking technology to provide new services to its customers. Prof. Sakamura, who is very proud of the technologies that he and his staff have created, said that he would like to move the system overseas as soon as possible.

Personal Media Begins Marketing Teapanel

Personal Media Corporation announced on March 23 that it has begun marketing a new color touch panel LCD display with an embedded computer that allows developers to program it for a wide variety of uses in ubiquitous networks. The new panel display, called Teapanel, is being sold for evaluation at a single unit price of 312,900 yen (consumption tax included), and it comes with a bezel attachment that allows it to be employed for outdoor applications. Since does not require a cooling fan, it is also silent and vibration free indoors. Personal Media is marketing Teapanel with a full array of software that allows for easy programming as either a standalone or secure network HMI. The hardware and software specifications for Teapanel as as follows: