Day 0 Event #220 Restoring Internet Credibility and Preserving Democracy

Summary

This discussion focused on restoring internet credibility and preserving democracy in the face of growing misinformation, disinformation, and cybersecurity threats. Toshiaki Tateishi opened by explaining Japan’s constitutional protections for telecommunication secrecy, which prohibit censorship and blocking without individual permission, while noting the recent passage of Japan’s Active Cyber Defense Act that requires deep packet inspection to detect cyber attacks. He emphasized that Japan’s constitution was created after deep reflection on World War II, when many people were killed due to misinformation and disinformation.

The panelists identified several key challenges to internet reliability and democratic institutions. Yuki Nakazawa discussed domain abuse issues, particularly how expired domains can be repurposed for fraudulent activities like fake shopping sites. Masaaki Miyagawa outlined four types of losses caused by unreliable internet information: economic losses from phishing, intellectual losses from misjudgment, social losses from increased surveillance costs, and mental losses from smartphone addiction and isolation.

The discussion revealed different approaches to addressing these problems. Miyagawa proposed three measures: NACIL certification to identify sites without “dark patterns,” education programs targeting different age groups, and better domain management to help users identify suspicious websites. Yosuke Nagai from DotAsia provided insights into DNS abuse prevention, explaining how different domain extensions like .Kids require more proactive content monitoring compared to general domains like .Asia.

A central theme emerged around the concept of personal digital sovereignty versus national digital sovereignty. Nagai argued that protecting individual data ownership and allowing users to move between platforms freely would be more effective than national data localization policies in combating disinformation and preserving democratic institutions. The panelists concluded that education, technical measures, and empowering individual users are essential components of maintaining internet credibility and democratic resilience.

Keypoints

**Major Discussion Points:**

– **Balancing cybersecurity protection with privacy rights and constitutional protections** – The discussion focused heavily on Japan’s new Active Cyber Defense Act and the tension between protecting citizens from cyber attacks while preserving constitutional rights like telecommunication secrecy and privacy

– **DNS abuse and domain management as tools for combating misinformation** – Speakers explored how proper domain name management, monitoring, and certification systems could help identify and prevent phishing sites, fake shopping sites, and other malicious online activities

– **Personal vs. national digital sovereignty** – A key argument emerged that personal data sovereignty (individuals owning and controlling their own data) is more important than national data localization for protecting democratic institutions and preventing platform lock-in

– **Third-party certification and monitoring systems** – Discussion of various approaches to verify legitimate websites, including NACIL certification for sites without “dark patterns,” proactive content monitoring for .Kids domains, and the challenges of creating trustworthy verification seals

– **Education and digital literacy as fundamental solutions** – Recognition that improving user education and logical thinking about internet information is crucial, especially for vulnerable populations like the elderly and students

**Overall Purpose:**

The discussion aimed to explore strategies for “restoring Internet credibility and preserving democracy” in the face of widespread misinformation, disinformation, cyber attacks, and online fraud, with particular focus on technical and policy solutions that don’t rely heavily on government censorship.

**Overall Tone:**

The discussion maintained a collaborative, academic tone throughout, with speakers sharing expertise and building on each other’s ideas. While there were technical difficulties and some language barriers, the conversation remained constructive and solution-focused. The tone was serious given the gravity of threats to democratic institutions, but optimistic about finding balanced approaches that protect both security and fundamental rights.

Speakers

– **Toshiaki Tateishi**: Discussion moderator/host, has been working on harmful information issues in Japan for more than 20 years, involved in government study groups on harmful information and cyber bullying

– **Yosuke Nagai**: Representative from DotAsia, involved in domain registry operations, holds four ICANN companies, works on DNS abuse and digital sovereignty issues

– **Yuki Nakazawa**: Provides domain registration services, holds four ICANN companies, provides domain registrar service, operates Ultra Domain and realdomain.com (domain secondary market platform), works primarily with SEO and marketing companies

– **Masaaki Miyagawa**: From Katana Performance Consulting (established in 2003 in New York), RMA provides support for laboratory accreditation ISO IEC 17025, former graduate school professor, works on international internet information reliability and NACIL certification

**Additional speakers:**

None identified beyond the provided speakers names list.

# Discussion Report: Internet Credibility and Democratic Challenges in Japan

## Executive Summary

This discussion brought together three experts and a moderator to examine challenges facing internet credibility and democratic institutions in Japan. Moderated by Toshiaki Tateishi, who has over 20 years of experience addressing harmful information issues in Japan, the panel included Yosuke Nagai from DotAsia (focusing on DNS abuse), Yuki Nakazawa (providing domain registration services), and Masaaki Miyagawa from Katana Performance Consulting (working on internet information reliability).

The conversation explored the tension between protecting citizens from cyber threats while preserving constitutional rights, examining technical solutions and policy approaches to combat misinformation and cybersecurity threats. Technical difficulties throughout the session, including audio issues and connectivity problems, affected the flow of discussion.

## Constitutional Context and Cybersecurity Tensions

### Japan’s Telecommunication Secrecy Protections

Tateishi opened by explaining Japan’s constitutional framework, noting that the constitution was created after reflection on World War II experiences and includes strong protections for telecommunication secrecy. These provisions prohibit censorship and blocking without individual permission, creating constraints on government intervention in digital communications.

He highlighted a current tension with Japan’s recently passed Active Cyber Defense Act, which requires deep packet inspection to detect cyber attacks. This creates a potential conflict between constitutional protections of telecommunication secrecy and new cybersecurity monitoring requirements.

### The Democratic Challenge

Nagai briefly mentioned what he called a “dead loop” in democratic governance, observing that disinformation campaigns can affect democracy itself by tampering with voting processes. This creates a paradox where the democratic processes meant to address security and privacy balance can themselves be compromised by the threats they’re attempting to manage.

## Domain Abuse and Infrastructure Issues

### Secondary Market Vulnerabilities

Nakazawa provided insights into domain abuse, particularly how expired domains entering secondary markets can be repurposed for fraudulent activities. He shared a personal example of booking airline tickets and encountering suspicious sites, illustrating how malicious actors acquire abandoned domains to create fake shopping sites and phishing operations.

He explained that expired domains may retain residual trust or search engine rankings that fraudsters can exploit, making this a significant vulnerability in internet infrastructure.

### DNS Management Approaches

Nagai discussed different monitoring requirements for various domain types, using .Kids domains as an example of extensions requiring more proactive content monitoring compared to general domains like .Asia. He mentioned partnerships with organizations like the Internet Watch Foundation to provide human oversight alongside automated detection systems.

The discussion touched on challenges with WHOIS data access for abuse prevention, particularly regarding privacy concerns and GDPR compliance.

## Internet Information Reliability Framework

### Impact Categories

Miyagawa presented his work on internet information reliability, outlining different types of losses from unreliable online information:

– Economic losses from phishing and unfair competition

– Intellectual losses from poor decision-making based on bad information

– Social losses including increased surveillance costs and declining trust

– Mental losses such as smartphone addiction and social isolation

### NACIL Certification System

Miyagawa introduced the NACIL certification system designed to identify sites without “dark patterns” and promote better corporate governance. However, Nagai raised concerns that malicious actors would attempt to obtain legitimate credentials to appear trustworthy, potentially undermining certification approaches.

## Technical Challenges and Practical Considerations

### Monitoring vs. Certification Debate

The participants discussed different approaches to identifying trustworthy content. While Miyagawa advocated for certification systems, Nagai preferred proactive monitoring combined with automated systems and professional partnerships, acknowledging that complete protection against all threats is not feasible.

### Educational Components

Both Tateishi and Miyagawa emphasized education as essential, particularly for elderly users who may be more vulnerable to phishing attacks due to limited familiarity with domain verification methods.

### Personal vs. National Digital Sovereignty

Nagai argued for prioritizing personal digital sovereignty – individual data ownership and platform mobility – over national data localization policies. He suggested this approach would be more effective for protecting democratic institutions by reducing vulnerability to manipulation and platform lock-in effects.

## Key Challenges and Unresolved Issues

The discussion identified several ongoing challenges:

– Balancing constitutional telecommunication protections with cybersecurity monitoring needs

– Managing the reality that complete protection against malicious sites is not achievable

– Addressing expired domain abuse in secondary markets

– Developing effective trust indicators without creating new vulnerabilities for exploitation

## Conclusion

Despite technical difficulties that limited the depth of discussion, the participants identified important tensions between security needs and democratic principles in Japan’s digital governance approach. The conversation highlighted the complexity of addressing internet credibility issues while preserving constitutional protections, with participants generally favoring industry-led solutions over government-mandated approaches.

The discussion demonstrated that effective responses to digital threats require understanding interactions between technical capabilities, legal frameworks, and social factors. While many concepts were introduced, the technical challenges prevented full development of most ideas, indicating the need for continued dialogue on these critical issues facing democratic societies in the digital age.

Toshiaki Tateishi: Are you going to zoom in on the PowerPoint? Yes. Pardon. Zoom link. No, no, no. Just live. Wait a minute. I’m getting a link from Mr. Tateishi. Yes, please. Facebook. Everyone, I’m just… It’s on. Connectivity is not good, so… Oh, I see. Hi. Can you hear me? Okay, thank you. So, I’m so sorry I’m late because another session I attended, so 10 minutes, 15 minutes late. So, now, today, we would like to talk about restoring Internet and the credibility of and preserving the democracy. So, as you know, we have so many misinformation, disinformation before that, illegal information, harmful information. So, we would like to talk about how we can restore the Internet and the credibility and preserving the democracy. So, as you know, we have so many misinformation, disinformation before that, illegal information, harmful information… Can you hear me? Okay. My PC prevented it, sorry. So, we have so many problems maybe after today. So, we would like to talk about how we can restore the Internet and the credibility of and preserving the democracy. So, as you know, we have so many misinformation, disinformation before that, illegal information, so we have so many problems maybe after the Internet coming into this world. So, more than 20 years I’m struggling with these issues in Japan sometimes. Can you hear me? With government, study group for the harmful information. First of all, it was the cyber bullying for the high school students. Maybe 2005, 4 or 5, 6. So, that was Apple made an iPhone. For the first time, the high school students would never have such a stupid phone, but two years later, most of them have the iPhone. So then, that’s the beginning of the cyber bullying. Almost at the same time, the same phenomenon was happening in South Korea. So, they make some regulation to stop the cyber bullying because they have some very famous actress killed by herself. So, that was a social problem, so they made a law for that, but it was in vain. Cyber bullying continues and the suicide rate is decreasing, but we still have the same problem now. So, additionally, now we have some disinformation or misinformation sometimes generated by the AI. So then, the democracies, can we make the democracies trusted? How do we maintain the democracy in this world? So, in Japan, we have the constitution about the secrecy of telecommunication, which prohibits the infringement of the secrecy of telecommunication, such as censorship, blocking, filtering, without the permission of each person. So, many people tend to allow the censorship of the Internet because they don’t know the mechanism, the blocking. So, nowadays, as you know, the cyber attack, almost every day we have had from the other countries, sometimes from Japan, but then they make a new act. So now we have the Active Cyber Defense Act. So, past May 16th, just one month ago, and now it’s from May 23rd, so now it’s effective. So, most of the people probably know about what is the cyber defense. So, if we don’t do a deep packet inspection, we cannot do these things. But it breaks the secrecy of telecommunication. So, usually people tend to allow, and some people are happy because we are protected by the government. As you know, this act is very useful sometimes for the detection of attack services, and the detoxification of attackers, and the information sharing and collaboration, so they protect the cyber attack to maintain our network. So, next please. So, but some people, concerns have already been expressed. What kind of concerns? Concerns about the infringement of the constitutionality of communication, which I mentioned, and also concerns about the privacy infringement. So, they don’t know about telecommunication secrecy, but nowadays some people are very sensitive to their concerns about privacy. So, maybe 10 years ago, no one complained about that, but nowadays some people talk about it. Then, next please. Countermeasures against disinformation, which I told the constitution was made, was created out of deep reflection of World War II. So, many people killed by the misinformation, or sometimes killed by the war, was made out of deep reflection of World War II. So, many people killed by the misinformation, or sometimes disinformation. And the violation of cyber communication is the threat of Japanese democracy. I think this is the most important thing in Japan nowadays. So, however, many citizens tend to allow blocking due to the lack of knowledge of the mechanisms of blocking, so the lethality is a very important thing also. But we need the countermeasures that do not rely on the government in a way that does not infringe on the security of communication. We should be independent from the government. Sometime the fund or something. So, we have an exception about blocking. We blocked the China pornography. It’s the only exception in our country. But we never have money from the government. It’s our voluntary effort. While improving user literacy will undoubtedly be important in the future, and also there may be cases where technical measures and third-party evaluation systems might be effective, we think. So, now we have some speakers here. So, they are talking about our effort. Not established, but probably we will do it in the near future, I hope. So, first of all, could you make an address, Mr. Miyakawa? Is it okay? No, not okay. Just a moment. Sorry. Sorry, no. Hello, one moment. Sorry for the waiting. So, by the way, then, Adam, do you have something about which I open you about? I talked about some Japanese situation. So, probably, maybe the background of the regulation act will be different from Japan. So, what do you think about that?

Yosuke Nagai: Yeah, while we’re tackling that technical issue, I guess one of the things about the topic that you mentioned, it’s always a balance between protecting citizens against cyber attack and also protecting privacy and so on. One of the things that I think is quite important is that who decides where that balance lies and that is precisely, I guess, part of the topic today, which is the democratic process that actually leads into how we set that balance. But one of the interesting things, as I was preparing to respond, is that the problem with disinformation campaigns affects democracy itself. So, when you have a system where it, you know, by kind of tampering with the system of democracy and kind of skewing the voting process to achieve a certain result, then that democratic process is actually setting the balance between privacy and security. We come into an issue of a kind of a dead loop, if you will, and that is something that I was going to expand a little bit more on, but I think they are ready for the next presentation. I’m ready. Just a moment. Thank you. The panel will need to allow sharing from… The panel will need to allow sharing from… Not permit. We’ll need to allow sharing from… Yuki Nakazawa.

Yuki Nakazawa: Okay, it’s great. It’s great. Okay. I am skipping Yuki Nakazawa. I am providing mainly domain registration services as a right-of-descent company. Also, I hold four ICANN companies and provide domain registrar service. So then, we forecast domain service for SEO company or marketing company now. Thank you. Here is my right profile. I related in service of especially SEO and recently 20 years. Okay. Here is our domain service web page, Ultra Domain. Next. Here is our domain secondary market platform, realdomain.com. We are providing this service for SEO company too. And then, I explain this information for example to use domain secondary market. First step, for example, domain was used by actual no problem user for shopping site. Then, domain has expired and dropped. Afterwards, the person registered the domain and available to open the fake shopping site. Of course, user will not be received any items. Okay. Just a moment. This slide is HREF analytics data in Singapore company. It is not difficult to get organic access to the domain secondary market. Then, it is a question and how can we prevent this domain issue. Next, I looked this ticket price recently three weeks. Sorry, I reserved air ticket to go to Istanbul from Tokyo using Expedia. So, I met this ticket price recently three weeks and maintain constant price. Then, I bought air ticket updated upper price this slide. So, this one and this one. Updated prices. I bought my air ticket updated upper prices air ticket. But, I did not feel good. However, I decided to use this schedule airline the ticket. My same company director. So, I did not able to change other flight. Next, I reserved air ticket this slide. Okay. Thank you for listening my talk. Okay, finish.

Masaaki Miyagawa: Okay, ready. My name is Masaaki Miyagawa from Japan. Can you hear me? Okay. This main subject is international internet information reliability. Next page, please. This is my background. RMA provides support for laboratory accreditation ISO IEC 17025 Katana Performance Consulting is my company. I established in 2003 in New York. And a former graduate school professor. Next page, please. Can the Internet sustain democracy? Proliferation of direct patterns in online e-commerce. Phishing damage in authorized, leaked personal information continues. While spread spam, platform regulation alone is not enough. Limits of registration demerit. Misinformation and disinformation spread during emergencies such as an earthquake disaster. It’s a murder of life and death. And the damage and social unrest caused by fake information and direct patterns will increase due to AI, I think. Next page, please. As a result, the lack of information democracy brings for losses or for risks. First, economic loss. Example, suffering damage from phishing site. And an organization that is doing business correctly is at a disadvantage. Honesty doesn’t pay. Second, intellectual loss. Example, misjudgment due to incorrect information. And lack of creativity due to asking too easily for answers. And in response to suspicious information, they are unable to critically address it and easily accept it, I think. What should I say? You may miss out on opportunities for serendipity. Third, social loss. For example, increasing the social cost due to the need for surveillance or research. And social anxiety due to degrees in trust in society. And checking liability and safety or enforcing regulations more. These generate social cost and these will be covered by our taxes. Last, mental loss. Increasing stress due to smartphone addiction. You know? Partial or biased information fosters bias or is heuristic. It may lead to a lack of identity, I think. Excessive Internet dependence means relative degrees in personal communication which can lead to isolation. In such a situation or environment, it seems that one may unknowingly fall prey to malicious sites. Next slide, please. The organization is working on three measures and approaches. Next slide, please. First, certification by NACIL. What is NACIL? In October 2022, OECD Digital Economy Purpose showed seven dark patterns, you know? In the EU, April 2022, the Digital Service Act, DSA, has been adopted. Japan has acted against unjustifiable premiums and misleading representations, but it is not sufficient. Not sufficient, I think. Excuse me, sir. Can you turn off the volume on your computer? Sound off on the computer. Mute. Mute. Mute. On the computer because there’s something coming back. No, no, no. Mute. Sound off. I have a microphone on this computer. Speak up. First, certification by NACIL. What is NACIL? NACIL is a certification, a type of authentication, and it indicates that there are no dark patterns on the site. The reason third-party certification is necessary is that it is fundamental to corporate governance and reflects the era of empathy. NACIL is aware of the supply chain. For example, if there are 50 tons of food ingredients that can only be harvested in a certain area, if 100 tons were circulating the market, it would be strange. The reliability of information requires cooperation. The NACIL-certified reliable site is not intended to point out sites with sludge or suspicious sites. Not intended. Second, education. Probably the target for education will be people involved with Internet information. Therefore, it will range from elementary school students to the elderly like me. I think it is effective to categorize by age when conducting educational and awareness activities. Particularly in Japan, many fishing sites target the elderly. High school and college students need to be aware of the dangers of excessive dependence. Last, domain management. Suspicious websites can be difficult to distinguish from legal ones just by looking at the subject or contents. However, by examining the domain name, it is possible to somewhat predict or perceive whether a site is suspicious. Additionally, malicious companies may utilize abandoned domains to lead users to misleading sites. By managing domains appropriately, we can avoid phishing sites, I think. Thank you.

Toshiaki Tateishi: Thank you very much, Mr. Miyakawa. Then, we are talking about whether these things are effective or not. The last thing he mentioned about domain name management. First of all, I would like to ask you, Edmund, about the domain name manager. I’m not sure if it’s only in Japan, but nowadays Japanese people don’t have interest in domain names. It’s easy to find some websites and put some words on the Google site. There is no relationship with the domain name. When they have a phishing email, they are easy to click the phishing site. That is one of the reasons why he mentioned that. What do you think about that?

Yosuke Nagai: Thank you, Mr. Sasaki. Admin here from DotAsia. As mentioned, well, I think I’ll start off with the question posed in terms of, I guess, DNS abuse in some sense. The two aspects that you mentioned, one is the domain abuse itself, the other one is the lack of people actually using domain names and therefore causing the difficulty of identifying the identity of spam or phishing and so on. I think that’s a very interesting observation and I’ll start with the DNS abuse and come back to what I think is an important process going forward about digital identities and the authentication and the credentials of users online. I think, first of all, on the DNS abuse side of things, we talked a little bit about privacy versus cybersecurity, which is the age-old discussion, right? One of the interesting things about DNS abuse or domain abuse is that in the current discussions, it’s very much always related to the ability to obtain registration data from what is called the WHOIS or what is called the Registration Data Access Protocol now. But since the GDPR, since the event of GDPR, a lot of the public WHOIS information of public domain registration data is no longer available and the cybersecurity side is saying, hey, we need access to that information in order to tackle cybersecurity issues and deal with DNS abuse issues. So where do we draw that kind of balance, right? On the DNS abuse side, there is a big debate about whether content constitutes something that domain registrars or registries should be taking action on. I actually like to think of it a little bit further. When you think about the ICANN ecosystem, ICANN itself is probably not the right entity to enforce any kind of content regulation. However, that does not mean that registries and registrars cannot take a further step. One of the good examples, I think, is, for example, .Kids. .Asia actually also provides services, well, we actually operate .Kids. And when you look at DNS abuse, when we look at DNS abuse on .Asia versus on .Kids, our approach is significantly different. On .Asia, well, I shouldn’t say anything goes, but anything that is not illegal goes, right? But on .Kids, it’s very different. We actually actively monitor the content that is actually served on .Kids, and .Kids registrant agree to a kind of policy that disallows them to provide content that is rated R or restricted, such as pornography, such as casino sites, such as violence and gore. And if they do, for example, there are cases where it’s a site where it’s providing movies, but they had rated R movies, of course, that is a violation of the policies, and we do take action and take them down. But here is the balance that I talked about earlier. When a domain, for example, let’s say sex.kids is registered, but there’s no content on it, that touches on the name itself, but sex.kids could completely be a sex education for kids and so on. So in that case, we take a further look. Things like rape.kids, for example, we actually take action and preliminarily suspend it, but things like sex.kids is the test of where you balance between the freedom of expression and also protection. The balance here between .Asia and .Kids, obviously, then is very different. A sex.Asia, we wouldn’t even care about it, but a sex.Kids, we would actually put a watch on it. And that is where we believe the balance needs to be, is not to what I like to say pre-crime something. When you go to pre-crime, then we definitely cross the line of the balance between protection on cybersecurity versus the other side. Now, moving to the discussion about cybersecurity itself and the balance and how I think that relates to our democratic institutions and so on, this is the type of balance, this is the type of thing that we need to be clear about when we talk about protection of privacy and so on. And that relates to the who is data that I mentioned. One of the things that people like to say is that privacy is about kind of data security and they come hand in hand. I actually think it’s the other way around. The question is, first of all, why are you keeping the data itself? In the domain registration part of things, it is very clear that domain registration data is required and you are keeping personally identifiable data, then security and then the decisions whether to disclose that information becomes very important. But then we move on to the platforms such as social media and we touched a little bit upon disinformation and misinformation. There, the line is significantly different because there are certain data that you don’t have to retain. Platforms that should not maintain, for example, even if you want to verify, for example, someone’s age or verify certain credentials, once that verification is done, that data should be deleted, right? So if the data is not stored in the first place, then security is not an issue for privacy. Now, moving a little bit further to platforms and so on, then we talk about the content. And the content itself, of course, could be developed towards disinformation and spread on a particular platform and therefore affecting election results as well and that’s the disinformation issue that we often talk about. On that particular front, I personally believe that one of the key aspects in terms of Internet governance is looking at what we so-called digital sovereignty and data sovereignty. The issue there, though, is that too much attention is being placed on national digital sovereignty or national data localization. That is precisely the wrong thing to do, in my mind, because if you want to build a democracy, the data sovereignty that needs to be developed is personal data sovereignty. If laws and regimes protect personal digital sovereignty, which allows people’s data to be owned by themselves, regardless of where the platform is, that is protection to the end user. That’s protection to the citizen, not data localization or data national digital sovereignty. Because that’s where the part where you talked about people not using different domains and all jumping into Facebook or certain social media platform, that’s where it’s really important because with personal digital sovereignty, people can move out of a particular platform. If I own my data and I am allowed and I’m protected to move on to different platforms, for example, like the Fediverse or the social web, I’m not locked in to a Facebook and therefore I’m also not locked in to attacks to Facebook through disinformation and so on. I think one of the key aspects of dealing with this issue of cybersecurity, disinformation and the deterioration of our democratic institutions is to think about personal digital sovereignty. With that, it builds what I call a digital resilience. We often talk about cybersecurity and so on, but cybersecurity is never 100%. The issue about whether infrastructure, national internet infrastructure or personal digital data and so on, it’s more about resilience, whether you can withstand attack, whether you can get yourself back up, whether you can reconstruct your digital world quickly, even after attack or under attack. All of that comes back to, I think, one of the key aspects is to get out of the… Sorry, I think I jumped through many different areas, but it is a very broad topic that was brought up.

Toshiaki Tateishi: Thank you very much. I’m very impressed by what you said about data sovereignty. I think that it does not belong to the nation, but belongs to the person. Also in Japan, we were talking about that, especially just before making some law and act. Namely, we are personal data, but as you say, sovereignty does not belong to the person. So that’s a very good point, I think. And also I want to know about the kids. So how do you find out the bad side for the kids? So I, your eyeball, try to find out or something. Yeah, so that’s a good point.

Yosuke Nagai: In terms of specifically on DotKids, I guess when DotKids was launched about two and a half years ago, we’re glad that actually the mechanism in the system for handling DNS abuse is in place. So what the systems behind, which is actually supported by our provider, Identity Digital, and through them, CleanDNS, allows us to look at actually, in reality, it’s actually looking at content. Because in order to determine a bit of whether things are phishing, you will have to take a look at the content. On that part, for regular DNS abuse stuff, then it’s very much based on different lists. There are different people that monitor phishing, malware, and so on. And we utilize that plus a reporting mechanism. So we are somewhat reactive in terms of DNS abuse. On the DotKids situation, you are correct. We are proactive. So when a domain is registered, the reality is, yes, we actually have eyeball. We eyeball the registration. But we also utilize the tools that was mentioned and also a little bit of AI and identifying potential issues. But at the end of the day, we do have a team that eyeballs the issue because there is a certain balance that I mentioned that needs to be made. But on top of that, we also work with Internet Watch Foundation. They are focused on what are called CSAM, the child sexual abuse materials. For those ones, we definitely don’t eyeball them because we are not the professionals for that. Those things, we depend on somewhat automated mechanism and report through IWF, the Internet Watch Foundation. So it’s a mixture of proactive reporting and also depending on reliable lists. Okay. Very wise way. Thank you.

Toshiaki Tateishi: So I’m talking about how do you check your DotKids site. That is a common procedure with Mr. Miyakawa. Probably the same way we have to check the website, not automatically, probably by the human.

Masaaki Miyagawa: It’s very difficult and not easy. We cannot protect against all malicious sites, phishing sites. So we focus on the theory and honesty side. Sorry, our association’s activities, I tell not sure, probably not sure. Affected by production of damage spread mainly to people who are said to be informationally disadvantaged people like me. And the protection, the promotion of those who conduct business fairly. So all phishing sites we cannot protect. So I’m sorry. So focus on the theory side. Just we can do now. Right? Okay. Thank you.

Yosuke Nagai: I wanted to respond a little bit. One of the things when we started to think about DotKids, we also thought about having kind of a seal, having some sort of credentials to show that you are a proper DotKids website. The challenge there, though, is that domains and hosting could be compromised. That’s one thing. The other thing is that the bad guys are going to try to get that seal. And that’s where we have a problem. So we cannot actually trust it, because if I’m trying to do something bad, I will definitely try to get that seal first, because then I become trusted. And then the information happens. The other thing is, as I was saying, even if it is not intentional, that so-called seal or that website could be compromised, and some additional data or content would be added to it by hackers or by those who are trying to do bad. What do you think about that situation? Therefore, we didn’t actually use that method and had to do more monitoring.

Toshiaki Tateishi: But it is not launched, so we don’t have a complete idea. It’s a very difficult problem. Extremely, we have to change the protocol, but it is not easy. Because, as you mentioned about Whois, maybe more than 20 years ago, we were talking about Whois in the ICANN meeting. So the new next protocol, I don’t remember the name, but it is not effective now. So that’s a very big problem, I think. So, only two minutes left. If someone has a question or opinion, please raise your hand. Or come up to the microphone. Okay. So then, the last one.

Masaaki Miyagawa: Education is very important. For example, logical thinking about information and the Internet. Logical thinking. Logical thinking. I think. It’s okay.

Yosuke Nagai: One minute. Sure. So, I guess I’ll close on, you know, in terms of the topic today. To me, I think the focus a lot of times on national digital sovereignty is really misplaced. If we really want to protect our citizens, we need to give them the personal digital sovereignty. And that is a foundation of addressing some of the attacks on our democratic institutions and democratic systems. Because without that, the disinformation is going to hurt. Just a few percentage in the voting process could affect, you know, the results of the election. And those targeted disinformation campaigns is doing that. And by creating a regime that allows for personal digital sovereignty, which allows me to jump out of Facebook and, you know, still be connected in the social web. I think that is the future that I think we need to see.

Toshiaki Tateishi: Thank you very much. So, I hope that the AI will never get the domain name. So, yeah. Now, I’ll adjust the time. Thank you very much. And please place to our panelists. Thank you so much.

Agreement points

Domain management and monitoring are essential for cybersecurity

Speakers

– Yosuke Nagai
– Yuki Nakazawa
– Masaaki Miyagawa

Arguments

Proactive content monitoring combined with automated systems and professional partnerships is necessary for protecting vulnerable users

Expired domains can be exploited by malicious actors to create fake shopping sites and phishing operations

Domain management is crucial for identifying suspicious websites, as malicious companies utilize abandoned domains

Summary

All three speakers agree that proper domain management, whether through proactive monitoring, preventing abuse of expired domains, or identifying suspicious sites through domain analysis, is crucial for maintaining cybersecurity and protecting users from malicious activities.

Topics

Cybersecurity | Infrastructure | Legal and regulatory

Human oversight is necessary alongside automated systems for content monitoring

Speakers

– Yosuke Nagai
– Masaaki Miyagawa

Arguments

Proactive content monitoring combined with automated systems and professional partnerships is necessary for protecting vulnerable users

Third-party certification systems like NACIL can identify sites without dark patterns and improve corporate governance

Summary

Both speakers acknowledge that while automated systems and AI tools are helpful, human review and third-party oversight are essential components of effective content monitoring and website certification systems.

Topics

Cybersecurity | Legal and regulatory | Sociocultural

Education and awareness are fundamental solutions to internet safety issues

Speakers

– Toshiaki Tateishi
– Masaaki Miyagawa

Arguments

Countermeasures against disinformation should not rely on government and must preserve communication secrecy

Education targeting all age groups is essential, with particular focus on elderly users vulnerable to phishing

Summary

Both speakers emphasize that education and improving user literacy are critical components of addressing internet safety issues, with Tateishi mentioning user literacy improvement and Miyagawa providing detailed educational recommendations for different age groups.

Topics

Development | Sociocultural | Human rights

Similar viewpoints

Both speakers recognize the fundamental tension between cybersecurity measures and privacy/constitutional protections, emphasizing that this balance is delicate and requires careful consideration of democratic processes and constitutional principles.

Speakers

– Toshiaki Tateishi
– Yosuke Nagai

Arguments

Japan’s constitution prohibits infringement of telecommunication secrecy, but new Active Cyber Defense Act requires deep packet inspection

Balance between protecting citizens from cyber attacks and protecting privacy requires careful consideration of who decides where that balance lies

Topics

Human rights | Legal and regulatory | Cybersecurity

Both speakers view disinformation as a direct threat to democratic institutions, with Tateishi focusing on the broader impact of misinformation on democracy and Nagai specifically addressing how disinformation campaigns can manipulate voting processes.

Speakers

– Toshiaki Tateishi
– Yosuke Nagai

Arguments

Misinformation and disinformation pose significant threats to democracy and have increased with AI generation

Disinformation campaigns affect democracy by tampering with voting processes, creating a problematic feedback loop

Topics

Human rights | Sociocultural | Legal and regulatory

Both speakers highlight the economic impact of domain abuse and information unreliability, focusing on how malicious actors exploit legitimate business models and create unfair competitive disadvantages for honest businesses.

Speakers

– Yuki Nakazawa
– Masaaki Miyagawa

Arguments

Expired domains can be exploited by malicious actors to create fake shopping sites and phishing operations

Information unreliability causes economic losses through phishing damage and disadvantages honest businesses

Topics

Economic | Cybersecurity | Legal and regulatory

Unexpected consensus

Personal data sovereignty over national digital sovereignty

Speakers

– Toshiaki Tateishi
– Yosuke Nagai

Arguments

Countermeasures against disinformation should not rely on government and must preserve communication secrecy

Personal digital sovereignty should be prioritized over national digital sovereignty to protect citizens and enable platform mobility

Explanation

This represents unexpected consensus as both speakers, despite coming from different perspectives, agree that individual rights and independence from government control should take precedence over national-level data control. This is particularly significant given the current global trend toward data localization and national digital sovereignty.

Topics

Human rights | Legal and regulatory | Sociocultural

Voluntary, non-government approaches to internet safety

Speakers

– Toshiaki Tateishi
– Masaaki Miyagawa
– Yosuke Nagai

Arguments

Countermeasures against disinformation should not rely on government and must preserve communication secrecy

Third-party certification systems like NACIL can identify sites without dark patterns and improve corporate governance

Proactive content monitoring combined with automated systems and professional partnerships is necessary for protecting vulnerable users

Explanation

All speakers converge on the idea that effective internet safety measures should come from voluntary, industry-led, or third-party initiatives rather than government mandates. This consensus is unexpected given the typical debate between regulation and self-regulation in internet governance.

Topics

Legal and regulatory | Cybersecurity | Sociocultural

Overall assessment

Summary

The speakers demonstrate strong consensus on several key areas: the importance of domain management for cybersecurity, the need for human oversight in automated systems, the value of education and awareness programs, and surprisingly, the preference for voluntary over government-mandated solutions. They also agree on the fundamental tension between privacy and security, and the threat that disinformation poses to democratic institutions.

Consensus level

High level of consensus with significant implications for internet governance. The speakers’ agreement on prioritizing individual rights over national control, and voluntary industry solutions over government regulation, suggests a shared vision for a more decentralized, user-empowered approach to internet safety. This consensus could inform policy development that balances security needs with democratic values and individual freedoms.

Different viewpoints

Role of government in cybersecurity versus constitutional protections

Speakers

– Toshiaki Tateishi
– Yosuke Nagai

Arguments

Japan’s constitution prohibits infringement of telecommunication secrecy, but new Active Cyber Defense Act requires deep packet inspection

Balance between protecting citizens from cyber attacks and protecting privacy requires careful consideration of who decides where that balance lies

Summary

Tateishi emphasizes constitutional constraints and the problematic nature of government involvement in telecommunications monitoring, while Nagai focuses more on the democratic process of determining the balance between security and privacy without explicitly rejecting government involvement.

Topics

Human rights | Legal and regulatory | Cybersecurity

Approach to data sovereignty

Speakers

– Toshiaki Tateishi
– Yosuke Nagai

Arguments

Countermeasures against disinformation should not rely on government and must preserve communication secrecy

Personal digital sovereignty should be prioritized over national digital sovereignty to protect citizens and enable platform mobility

Summary

Tateishi advocates for complete independence from government involvement in countermeasures, while Nagai argues for personal digital sovereignty over national sovereignty but doesn’t completely reject all forms of institutional involvement.

Topics

Human rights | Legal and regulatory | Sociocultural

Unexpected differences

Effectiveness of certification and trust systems

Speakers

– Yosuke Nagai
– Masaaki Miyagawa

Arguments

Proactive content monitoring combined with automated systems and professional partnerships is necessary for protecting vulnerable users

Third-party certification systems like NACIL can identify sites without dark patterns and improve corporate governance

Explanation

This disagreement is unexpected because both speakers are working toward the same goal of protecting users from malicious content, but Nagai explicitly argues against certification seals (which Miyagawa proposes) because bad actors will try to obtain them first to appear trustworthy. This creates a fundamental disagreement about whether trust indicators can be effective or if they inherently create new vulnerabilities.

Topics

Cybersecurity | Legal and regulatory | Economic

Overall assessment

Summary

The main areas of disagreement center on the role of government versus private/voluntary solutions, the effectiveness of certification systems versus monitoring approaches, and the balance between constitutional protections and cybersecurity needs.

Disagreement level

Moderate disagreement with significant implications. While speakers generally agree on the problems (misinformation, domain abuse, need for user protection), they have fundamentally different approaches to solutions. The disagreement between government-independent solutions versus democratic process involvement, and between certification versus monitoring systems, could lead to very different policy and implementation outcomes. These disagreements reflect deeper philosophical differences about trust, governance, and the role of institutions in internet governance.

Partial agreements

Similar viewpoints

Both speakers recognize the fundamental tension between cybersecurity measures and privacy/constitutional protections, emphasizing that this balance is delicate and requires careful consideration of democratic processes and constitutional principles.

Speakers

– Toshiaki Tateishi
– Yosuke Nagai

Arguments

Japan’s constitution prohibits infringement of telecommunication secrecy, but new Active Cyber Defense Act requires deep packet inspection

Balance between protecting citizens from cyber attacks and protecting privacy requires careful consideration of who decides where that balance lies

Topics

Human rights | Legal and regulatory | Cybersecurity

Both speakers view disinformation as a direct threat to democratic institutions, with Tateishi focusing on the broader impact of misinformation on democracy and Nagai specifically addressing how disinformation campaigns can manipulate voting processes.

Speakers

– Toshiaki Tateishi
– Yosuke Nagai

Arguments

Misinformation and disinformation pose significant threats to democracy and have increased with AI generation

Disinformation campaigns affect democracy by tampering with voting processes, creating a problematic feedback loop

Topics

Human rights | Sociocultural | Legal and regulatory

Both speakers highlight the economic impact of domain abuse and information unreliability, focusing on how malicious actors exploit legitimate business models and create unfair competitive disadvantages for honest businesses.

Speakers

– Yuki Nakazawa
– Masaaki Miyagawa

Arguments

Expired domains can be exploited by malicious actors to create fake shopping sites and phishing operations

Information unreliability causes economic losses through phishing damage and disadvantages honest businesses

Topics

Economic | Cybersecurity | Legal and regulatory

Key takeaways

Personal digital sovereignty should be prioritized over national digital sovereignty to truly protect citizens and enable them to move between platforms freely

The balance between cybersecurity protection and privacy rights requires careful consideration of who makes these decisions, especially given that disinformation attacks can compromise the democratic processes that set these balances

Domain management and monitoring are crucial for identifying suspicious websites, but complete protection against all malicious sites is not feasible

Education across all age groups is essential for combating misinformation, with particular attention needed for vulnerable populations like the elderly

Third-party certification systems and proactive monitoring can help identify trustworthy sites, but these systems face challenges from bad actors who may try to obtain legitimate credentials

Japan’s constitutional protection of telecommunication secrecy creates tension with new cybersecurity measures like the Active Cyber Defense Act that require deep packet inspection

Information unreliability creates multiple types of losses: economic (phishing damage), intellectual (misjudgment), social (increased surveillance costs), and mental (addiction and isolation)

Resolutions and action items

Continue development of NACIL certification system for identifying sites without dark patterns

Implement age-categorized educational programs targeting different demographics from elementary students to elderly users

Develop countermeasures against disinformation that operate independently from government funding and control

Utilize a combination of proactive monitoring, automated systems, and partnerships with professional organizations like Internet Watch Foundation for content oversight

Unresolved issues

How to effectively balance constitutional protection of telecommunication secrecy with cybersecurity needs in Japan’s Active Cyber Defense Act

The fundamental challenge of preventing bad actors from obtaining legitimate security seals or credentials

How to address the problem that complete protection against all phishing and malicious sites is not feasible

The broader question of whether internet infrastructure can sustain democratic institutions given current threats

How to implement personal digital sovereignty in practice while maintaining platform functionality

The ongoing challenge of expired domain abuse and how to prevent malicious reuse of abandoned domains

Suggested compromises

Focus certification efforts on promoting honest businesses rather than trying to identify all malicious sites

Use different approaches for different types of domains (e.g., stricter content monitoring for .kids domains versus general domains like .asia)

Combine automated monitoring systems with human oversight for content evaluation, acknowledging that perfect protection is not achievable

Develop solutions that preserve communication secrecy while still enabling necessary cybersecurity measures

Implement data deletion practices where verification data is removed after use to balance security needs with privacy protection

One of the interesting things, as I was preparing to respond, is that the problem with disinformation campaigns affects democracy itself. So, when you have a system where it, you know, by kind of tampering with the system of democracy and kind of skewing the voting process to achieve a certain result, then that democratic process is actually setting the balance between privacy and security. We come into an issue of a kind of a dead loop, if you will.

Speaker

Yosuke Nagai

Reason

This comment introduces a profound paradox at the heart of democratic governance in the digital age – that the very democratic processes meant to protect citizens can be compromised by the threats they’re trying to address, creating a self-defeating cycle. It elevates the discussion from technical solutions to fundamental questions about democratic legitimacy.

Impact

This comment reframed the entire discussion from a technical problem-solving approach to a deeper philosophical examination of democratic vulnerability. It established the conceptual foundation that influenced subsequent discussions about sovereignty and governance throughout the session.

The issue there, though, is that too much attention is being placed on national digital sovereignty or national data localization. That is precisely the wrong thing to do, in my mind, because if you want to build a democracy, the data sovereignty that needs to be developed is personal data sovereignty.

Speaker

Yosuke Nagai

Reason

This comment challenges the prevailing policy discourse around data governance by arguing that individual empowerment, rather than state control, is the key to protecting democracy. It presents a counter-narrative to nationalist approaches to digital policy and suggests a fundamentally different power structure.

Impact

This insight shifted the conversation from discussing government regulation and national policies to focusing on individual empowerment and personal rights. It prompted Tateishi to express strong agreement and acknowledge this as a key point in Japanese policy discussions, showing how it resonated across different national contexts.

The challenge there, though, is that domains and hosting could be compromised. That’s one thing. The other thing is that the bad guys are going to try to get that seal. And that’s where we have a problem… if I’m trying to do something bad, I will definitely try to get that seal first, because then I become trusted.

Speaker

Yosuke Nagai

Reason

This comment reveals the fundamental security paradox in trust systems – that the very mechanisms designed to establish trust become the primary targets for exploitation. It demonstrates sophisticated understanding of adversarial thinking and the limitations of technical solutions to trust problems.

Impact

This observation effectively challenged Miyakawa’s certification approach by highlighting its inherent vulnerabilities. It forced the discussion to confront the reality that bad actors actively adapt to and exploit trust mechanisms, leading to a more nuanced understanding of why simple technical solutions often fail.

As a result, the lack of information democracy brings for losses or for risks. First, economic loss… Second, intellectual loss… Third, social loss… Last, mental loss.

Speaker

Masaaki Miyagawa

Reason

This systematic categorization of the multidimensional costs of information unreliability provides a comprehensive framework for understanding the stakes involved. It moves beyond typical discussions of economic harm to include psychological, social, and intellectual dimensions, showing the holistic impact on society.

Impact

This framework provided structure to the discussion by demonstrating that internet credibility issues affect multiple aspects of human experience simultaneously. It helped establish why the topic deserves serious attention across different domains and influenced how other participants framed their subsequent contributions.

We should be independent from the government. Sometime the fund or something. So, we have an exception about blocking. We blocked the China pornography. It’s the only exception in our country. But we never have money from the government. It’s our voluntary effort.

Speaker

Toshiaki Tateishi

Reason

This comment reveals the tension between accepting government protection and maintaining independence from government control. It shows how even well-intentioned cybersecurity measures can threaten the constitutional principles they’re meant to protect, highlighting the delicate balance required in democratic societies.

Impact

This established the central tension that ran throughout the discussion – how to address real security threats without compromising democratic values. It provided concrete context for the theoretical discussions about privacy versus security and influenced how other participants framed their solutions.

Overall assessment

These key comments transformed what could have been a technical discussion about internet security into a sophisticated examination of democratic theory and governance in the digital age. Nagai’s insights about the ‘dead loop’ of democracy and personal versus national digital sovereignty provided the conceptual framework that elevated the entire conversation. Miyakawa’s systematic analysis of multi-dimensional losses gave weight to why these issues matter, while Tateishi’s observations about government independence highlighted the practical tensions involved. Together, these comments created a discussion that moved fluidly between technical implementation challenges and fundamental questions about power, trust, and democratic legitimacy in digital societies. The participants built upon each other’s insights, creating a layered analysis that acknowledged both the complexity of the problems and the limitations of simple solutions.

How can we effectively balance cybersecurity protection with privacy rights and constitutional protections like telecommunication secrecy?

Speaker

Toshiaki Tateishi

Explanation

This is a fundamental challenge in implementing cyber defense measures while maintaining democratic principles and constitutional rights

How can we develop countermeasures against disinformation that do not rely on government control and do not infringe on communication secrecy?

Speaker

Toshiaki Tateishi

Explanation

Finding independent solutions to combat misinformation while preserving democratic freedoms is crucial for maintaining trust in democratic institutions

How do we break the ‘dead loop’ where disinformation affects the democratic process that is supposed to set the balance between privacy and security?

Speaker

Yosuke Nagai

Explanation

This represents a fundamental paradox where the system meant to solve the problem is itself compromised by the problem

How can we prevent domain abuse in secondary markets where expired domains are used for fraudulent purposes?

Speaker

Yuki Nakazawa

Explanation

Domain abuse through secondary markets poses significant risks for fraud and misinformation, requiring better prevention mechanisms

How can we effectively monitor and verify website content without compromising security when domains and hosting can be compromised?

Speaker

Yosuke Nagai

Explanation

The challenge of maintaining trust in verification systems when bad actors can compromise both domains and certification seals

How can we improve user literacy about domain names and phishing recognition, especially among elderly users?

Speaker

Toshiaki Tateishi and Masaaki Miyagawa

Explanation

Many users, particularly elderly, are vulnerable to phishing attacks due to lack of understanding about domain names and website verification

How can we implement personal digital sovereignty as an alternative to national digital sovereignty?

Speaker

Yosuke Nagai

Explanation

Personal data ownership and portability could provide better protection for citizens than national data localization policies

What technical measures and third-party evaluation systems might be effective for combating misinformation?

Speaker

Toshiaki Tateishi

Explanation

Exploring technical solutions and independent evaluation mechanisms that don’t rely on government control

How can we develop better protocols to replace current systems like WHOIS that have proven inadequate?

Speaker

Toshiaki Tateishi

Explanation

Current internet protocols have limitations that have been discussed for over 20 years without effective solutions

How can we build digital resilience rather than just focusing on cybersecurity prevention?

Speaker

Yosuke Nagai

Explanation

Since cybersecurity is never 100% effective, building systems that can withstand and recover from attacks may be more important