Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] OT: Japans digitilization


On 2020-09-27 18:31, Christian Horn wrote:
When dealing with hanko, fax machines and much paper in Japan,
that is seen by most as a burden, and inefficient.

There is one good thing thou about it:
if things are digitilized and go wrong, then not just money, but
our data is at stakes here.  Considering how the recent 7-11 ecash
thing (and other activities) went, maybe it's better to be unmodern?

Head first digitalization (and including centralization in the meaning)
of everything is a call for disaster. Although I would expect a
progressive improvement upon fax. I would not say Japan is "fax based"
anymore, but it still remains in some places.

About Hanko, The Other Solution(TM), Signature, is not better at all.
(I am unable to make signatures, same shape twice, etc.)

And digitalization of signatures, even though is it officially adopted
to a degree, it proven to be very hard to get usage adoption. No easy
way to protect, use, and keep authentic at the same time. Smartcards
are closest maybe.. but still not easy to use. Not easily appliable on
paper too :D So it doesn't provide a nice migration path. Every problem
you try to solve around this, opens a huge can of bugs for new attack
vectors, problems never existed before etc.

Solutions, for improving both fax and hanko/signatures, and other areas
too, has some requirements;
* Does not degrade (security/reliability/usability of) existing systems
* Does not create huge burden on any party
* Ideally it should allow for a migration path that supports old system
  for a period, without creating huge burden (duplicate work). This is
  crucial IMO for adoption. Otherwise everybody will wait for everybody
  else to switch first, or it will require a gigantic switch day event,
  which is not likely.
* Should be somewhat naturally understandable, acceptable. At the end,
  it will be humans using these, and humans will resist to use it until
  it is somewhat acceptable to them.

Considering, Email is taking the place of fax mostly, (applied in bad
ways most of the time, but, whatever..).

My assumptions/understandings;

* Email introduces slightly more burden than fax machine
* longer and more complex addresses compared to just (telephone) numbers * authencity is inunderstandable for ordinary people (must be provided)
  * will have software/system problems regularly
  * requires a computer to boot up, logins, etc.
  * dealing with passwords..
  * much more spam and phishing compared to fax
* applies to digitalized things in general, harder to check/keep/manage
    than papers in some aspects.

How and why did most places switch from fax to email?

* I guess people were somewhat already used to email before switch
* Benefits are too attractive? much faster and reliable, has colors :D,
  delivered papers don't look like shit.
* Even though these degradations compared to previous system, it was worth
  * Reduce waste?
* Amount of documents delivered increased too much making fax infeasible,
    forced change?
* We still hear usage of fax in some critical places with high volume
      usage :/ (COVID reports being delivered with fax, etc.)

For fax, even the last places will phase it out, because "everybody else"
is using email. It's just slow. very slow.

For hanko/signatures? I don't know yet. Digital signatures are already
accepted as the replacement, there are good enough preparations in place.
So when we can stop using hankos/signatures?

I guess when the masses are already using similar digital solutions in
their lifes, and it's naturally normal for them to use smartcards, handle
private keys, etc..

And it's really hard to predict when, because there are many misleading
/incorrect solutions in place for "similar" needs;

* Some "services" keeping your private keys on behalf of you, providing
  convinience, and defeating the purpose of private keys.. and causing

* Some governments are just issuing passwords. Use your government issues ID number and password, after that, whatever you do, is "authentic". Maybe sometimes a very badly designed 2FA is involved. Really not sure if it is
an okay solution at all. Well, also requires mass centralization.

* This is modifying meaning of authenticity. So far government witnessing and confirming the ID and claiming (having a log of) a document being filled in by the correct person, was not accepted as authentic, AFAIU.
    The trail left was required to be able to get verified at any time.

I'm very interested in discussions, ideas and developments this topic.

Furkan Mustafa

Home | Main Index | Thread Index