[ISN] Japanese Government Bans Security Researcher's Speech

R.A. Hettinga rah at shipwright.com
Mon Nov 15 09:17:47 EST 2004

--- begin forwarded text

Date: Mon, 15 Nov 2004 04:48:20 -0600 (CST)
From: InfoSec News <isn at c4i.org>
To: isn at attrition.org
Subject: [ISN] Japanese Government Bans Security Researcher's Speech
Reply-To: isn at c4i.org
List-Id: InfoSec News <isn.attrition.org>
List-Archive: <http://www.attrition.org/pipermail/isn>
List-Post: <mailto:isn at attrition.org>
List-Help: <mailto:isn-request at attrition.org?subject=help>
List-Subscribe: <http://www.attrition.org/mailman/listinfo/isn>,
	<mailto:isn-request at attrition.org?subject=subscribe>
Sender: isn-bounces at attrition.org


November 12, 2004

[JUKI net is Japan's national ID system. Ejovi performed a security
audit of the system for Nagano Prefecture one year ago]

Its been a long day. I am greatly disappointed that Soumushou, the
Japanese government that maintains JUKI net, prevented me from
speaking today at the PacSec security conference. Soumushou prevented
my talk by threatening the Japanese event who currently are seeking
contracts from the government

The Japanese government gave me two options.

1) Do not talk
2) Drastically change your slides to say what they want me to.

When I offered to not use slides at all and give my own opinion they
told me that I would not be permitted to speak AT ALL. It is obvious
to me that they did not have an issue with my slides or presentation.
They were afraid that I would draw attention to problems in JUKI net.
Soumushou thinks that they can hide from the issues. They think that
if they keep people from speaking about the issues, it will go away. I
thought I would be immune from such Japanese government pressures
however I underestimated Soumushou's ability to manipulate those
around me.

Soumushou's reason for forbidding me to speak was this "Since we are
endorsing the convention we have to right to tell you not to speak" if
this is the case, the Japanese government needs only sponsor or
endorse ANY event in which they don't agree with and force the
organizers to change the content. If this is the case Japan will never
make any progress towards a safer environment.

What is most upsetting to me is the fact that I HAD NO PLANS TO
CRITIZE the Japanese government. My talk was going to be extremely
fair and balanced addressing the issues raised by both sides. In fact
I invited Soumushou to meet with me directly so that I can address any
issues they may have. I told them this on the telephone and by email.
Instead they choose to pressure the Japanese representatives of the
conference. They never attempted to talk with me directly. Why is

If they had issues with something I may say why not ask me about it?
Why pressure a company they relies on government contracts? Is this
fair? The purpose of my talk was to present both sides of JUKI net
security systems. I have no vested interest in seeing it fail or in
seeing it succeed. I only wanted to recommend how best to make it
safer, how best to improve the system. But Soumushou believed that my
recommendations on how to improve its security alone would mean that
JUKI net has problems and they refused to admit this. I'm sorry to
tell them but it does have security problems. The good news is that
the technical issues can be easily resolved. However the greatest
problem with JUKI net is not technical but Soumushou's inability to
even acknowledge that they exist! How can a system become secure if
the Japanese government are not willing to listen to someone who
points out issues.

Today was a sad day for Japan and a frustrating day for me.

Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -

--- end forwarded text

R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list