Joi Ito kicks Japanese national ID card ass

Joi Ito was hired to audit the security of the Japanese feds' big-brother national ID system as implemented in Nagano . His conclusion? The system sucks — it places the personally identifying info of Japanese citizens at risk of being stolen, altered, and deleted, and it was implemented incompetently. He wrote a letter to governor to the governor of Nogano (and released it under a Creative Commons license) detailing the problems with the system. Joi is now in big trouble — and I suspect he likes it that way.

In summary, I believe that the security level of the networks were below average and any average computer network engineer could break into and steal or damage a variety of personal information including Jyukinet information. The people working in the office and in particular, the vendors providing the system security are not sensitive to security and privacy issues. The servers have not been maintained properly and the selection of passwords (many had default passwords or easily guessable passwords) was irresponsible and showed a complete lack of attention to security. I strongly urge that the priority on security for privacy purposes be increased significantly, both in local government offices and vendors providing solutions to these local governments. I believe that the citizens and the people responsible for protecting their information are significantly at risk.