{"id":7723,"date":"2010-11-04T11:06:10","date_gmt":"2010-11-04T02:06:10","guid":{"rendered":"http:\/\/www.debito.org\/?p=7723"},"modified":"2010-11-04T11:06:10","modified_gmt":"2010-11-04T02:06:10","slug":"eido-inoue-on-improbable-remote-tracking-of-rfid-next-generation-gaijin-cards-yet-scan-proof-travel-pouches-now-on-sale","status":"publish","type":"post","link":"https:\/\/www.debito.org\/?p=7723","title":{"rendered":"Eido Inoue on improbable remote tracking of RFID next-generation “Gaijin Cards”; yet “scan-proof” travel pouches now on sale"},"content":{"rendered":"

\"Handbook<\/a>\"\\\"<\/a>\"Foreign<\/a>\"\\\"<\/a>\"\u300c\u30b8\u30e3\u30d1\u30cb\u30fc\u30ba\u30fb\u30aa\u30f3\u30ea\u30fc\u3000\u5c0f\u6a3d\u5165\u6d74\u62d2\u5426\u554f\u984c\u3068\u4eba\u7a2e\u5dee\u5225\u300d\uff08\u660e\u77f3\u66f8\u5e97\uff09\"<\/a>\"JAPANESE<\/a>\"sourstrawberriesavatar\"<\/a>\"debitopodcastthumb\"<\/a>
\nUPDATES ON TWITTER: arudoudebito
\nDEBITO.ORG PODCASTS on iTunes, subscribe free<\/p>\n

Hi Blog.\u00a0 With the rerelease of an article I wrote last year (I am reading all my old articles in order for the Debito.org Podcast<\/a>, so listen here<\/a> or read it here<\/a>) is a revisitation of an argument I made about the next-generation “Gaijin Cards” (Zairyuu Kaado<\/em>), with imbedded IC Chips.\u00a0 I expressed a fear that these “smart cards” will be remotely scannable, meaning the NPA will be able to zap a crowd and smoke out who’s foreign or not (whereas Japanese citizens have no legal obligation to carry ID 24\/7 backed up with criminal punishment) — or will further justify racial profiling of people like me who look foreign but aren’t.<\/p>\n

Techie Eido Inoue, a naturalized J citizen himself, writes here on invitation to address this argument.\u00a0 He was worried that this topic might get a bit geeky (he has in fact made it very readable, thanks), but never mind, this needs to be discussed by people in the know.\u00a0 However, please do read or page down to the end, where I have some basic counterarguments and a scan of something I saw the other day in a travel shop — a “scan proof” pouch for your valuables on sale!\u00a0 Read on.<\/p>\n

\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/<\/p>\n

EIDO INOUE WRITES:<\/strong><\/em><\/p>\n

There has been a lot of concern these days about the inclusion use of NFC (near field communications) technology, which is a type of RFID (radio frequency identification), being included in the successor to the Japanese ARC (alien registration card), the \u5728\u7559\u30ab\u30fc\u30c9 {zairy\u016b k\u0101do} (non-Japanese residence card). In this comment, I\u2019ve summed up, per Debito\u2019s request, some of the back and forth Q&A that has been occurring on other blogs:<\/p>\n

Q: What sort of wireless technology is in these new cards? Is it reliable? Is it proven?<\/strong>
\nA: The card\u2019s IC chip will use JIS X 6322 type B standards, which is basically the Japanese translation of ISO 14443 type B standards. This is the exact same international standard used for both Japanese and overseas e-passports, as well as Japanese driver\u2019s licenses and the \u4f4f\u57fa\u30ab\u30fc\u30c9 {j\u016bki k\u0101do} (Japanese citizen residency card).<\/p>\n

Q: What will be inside these chips?<\/strong>
\nA: The same information that\u2019s printed outside the card:
\n* full passport\/English legal name, date of birth, sex, nationality & domicile\/state\/locale
\n* resident address in Japan
\n* [visa] status, and status length \/ expiration date
\n* visa status grant date
\n* residency card number and expiration\/renewal date
\n* work restrictions, if any
\n* any permitted activities outside of visa status
\n* color photograph<\/p>\n

Special Permanent Residents, however, will only have the following on their cards:
\n* full passport\/English legal name, date of birth, sex, nationality & domicile\/state\/locale
\n* resident address in Japan
\n* special permanent resident number and renewal date
\n* color photograph<\/p>\n

Technically speaking, the \u5728\u7559\u30ab\u30fc\u30c9 {zairy\u016b k\u0101do} (non-Japanese residence card) will be called and labeled as a \u7279\u5225\u6c38\u4f4f\u8005\u8a3c\u660e\u66f8 {tokubetsu eij\u016bsha sh\u014dmeisho} (Special Permanent Resident Identification [Card]) for people with this status.<\/p>\n

[ the only thing that will not be on the chip but on the outside of the card will be the Ministry of Justice\u2019s seal. Note that there\u2019s much less information on this card than the ARC: no passport info, head of household, employer, etc. ]<\/p>\n

Non-Japanese that have kanji names with their governments will have the kanji on the cards. In the case that the kanji is Chinese Simplified or Traditional and can\u2019t be represented with using Japanese character sets, it will be converted to Japanese form.<\/p>\n

[it was not clear from the literature I read what characters were permitted and what were not and what underlying character set encoding, such as JIS X 0208 or Unicode, would be used. It was also unclear to me from reading the literature as to whether non-Japansese without official government registered Kanji names, such as Japanese-Americans or those who just want a Kanji (or kana or hybrid) name, even if it\u2019s \u5f53\u3066\u5b57 {ateji}]<\/p>\n

Customs\/airport officials plan to register \/ use the alphabet passport form and not the Kanji [even if it\u2019s Japanese] form of the name as inputting \/ copying the kanji name takes too much time.<\/p>\n

Unlike the previous ARC cards, there is no plan to list aliases (either katakana or kanji).<\/p>\n

[It does not say how non-Japanese, who have Japanese aliases for anti-discrimination or other purposes, will prove what their registered legal alias is]<\/p>\n

Years on the card will be specified in Western (ex. 2010) system, not Japanese (ex. H.22 or \u5e73\u621022) system. Dates will be in Y M D order, and the fields will be labeled [so you know which is the month and which is the date]. Sex will be specified with a \u201cM\u201d or \u201cF\u201d [as opposed to \u300c\u7537\u300d, \u300c\u5973\u300d, \u300c\u2642\u300d, or \u300c\u2640\u300d].<\/p>\n

[This should make the card more comprehensible to non-Japanese officials if you attempt to use it as ID overseas]<\/p>\n

If a full name is too long for one line, it will be broken into multiple lines.<\/p>\n

[better than the ARC and the Japanese driver\u2019s license, which continued long (ie. Brazilian) names onto the back of the card]<\/p>\n

Q: If the information inside the chips is the same as the information written on the outside of the card, what\u2019s the point?<\/strong>
\nA: Three main points:<\/p>\n

1. reduction of data entry errors (no hand copying the info from the card to some other system)
\n2. speed of processing (depends on the operator, processes, & hardware\/software implementation)
\n3. [primary official reason] preventing the creation of completely bogus identifications using high tech printing, copying and manufacturing technology that is available to even amateurs today.<\/p>\n

The info on the chip is digitally \u201csigned\u201d (a certificate validating that no information has been added, changed, or deleted) using PKCS (public-key cryptography standards). So long as the signing key is kept secure by the government, it\u2019s mathematically impossible to recreate a government\u2019s digital signature\/certificate associated with a bogus identity. Now, you can clone (that is, copy the certificate along with the entire ID, including the photograph, without adding or removing anything) a digital ID. But that\u2019s not the purpose of the certificate. The signature prevents somebody from creating a bogus ID from scratch. These days, thanks (?) to advances in technology accessibility, most professional and even some amateur forgers can create a phony identity card (\u201cTaro McLovin\u201d), mimicking holograms, blacklight ink, microprint, etc., that is so good it can fool a professional trained inspector.<\/p>\n

But even the most powerful governments in the word have yet to break the modern strength digital signature\/certificate algorithms \u2014 because the best mathematicians, working for the best spook agencies (NIST, NSA) in the world, created the system based on principles of impossible to solve quickly mathematics (ie. using ultra large prime numbers), then publicized all their work to have it checked by the other best mathematicians in the world. Based on what mathematicians have known for literally thousands of years, and taking into account the current state of Moore\u2019s Law, the crypto should theoretically be safe from brute force attack for literally eternity. Where things fail is due to errors in implementing the algorithms, or theft\/discovery of the secret keys, not in the algorithms themselves.<\/p>\n

Anyway, for IDs with digital signature certificates, the forger is going to have no choice but to clone, in its entirety, somebody\u2019s existing digital ID when they make a fake ID. Which means they\u2019re going to have to look an awful lot like the person whose identity they stole because the picture data is calculated with the certificate\u2019s hash. Plus they\u2019re going to have to hope that the identity theft victim didn\u2019t report the ID as stolen \/ lost or that the victim unknowingly had their ID scanned in a place that would be logically impossible for a followup scan of the cloned card. For example, a digital ID gets scanned in Hokkaid\u014d, then the exact same digital ID with the same serial number gets scanned by another police officer in Fukuoka 5 minutes later; a computer will pick up on that.<\/p>\n

Now, if there\u2019s a fingerprint encoded in the chip (which is not the case for Japanese passports or the \u5728\u7559\u30ab\u30fc\u30c9 {zairy\u016b k\u0101do} but is true for new European passports) and digitally signed, then even if the fraudster looks like the victim in the digitally signed photograph, they\u2019re out of luck. They can\u2019t remove or change the fingerprint without invalidating the certificate.<\/p>\n

Q: Can a civilian or official read my card from a distance?<\/strong>
\nA: Extremely doubtful. The way the cards work is that while they have no power source of there own; they are powered by a minute amount of power they induce from their radio frequency for no more than a fraction of a second, and this power gives them the strength to produce a very faint signal that can only be practically read reliably by another device that\u2019s less than four or 5cm away. The chips contain power regulators, so even if you send an extra strong signal to the chip in an effort to give the chip more power to work with, it does not produce a stronger return signal.<\/p>\n

This is why you can see a lineup of Suica\/Pasmo\/Icoca\/PiTaPa electronic wicket gates in a train station: the radio waves produced by those gates, which are no more than a meter apart, are so faint that each gate can\u2019t hear and interfere with the radio waves being produced by the gates right next to it.<\/p>\n

The maximum field range of a ISO 14443 device is less than 10cm. The maximum range that professionals have managed to get out of a ISO 14443 device in a laboratory (meaning neither the card or the reader can move for a long time, the room\u2019s air is shielded from radio noise, and the lab\u2019s using a very nonstandard reader) is 20cm: the length from the tip of your little finger to the tip of your thumb on an average outstretched hand.<\/p>\n

Because the return signal from the chip inside the card is constant no matter how how power you throw at it, the only way you\u2019re going to increase the range is by using a larger antenna. But even then there are limits, as the signal is so weak that it\u2019s literally drowned out by the radio noise that permeates the real world.<\/p>\n

Some professionals have speculated that, given a large enough (a very non-portable antenna; it would need to be mounted and not hand held), it is possible to increase the maximum range of ISO 14443, in a laboratory (not real world) setting, to 50cm: the length from your wrist to your elbow.<\/p>\n

Anything longer than 20cm is suspect; anything longer than 50cm is science fiction, in my opinion.<\/p>\n

Q: Could a crowd of people (assuming they\u2019re in range of a reader), or even a whole bag of cards, be scanned en mass?<\/strong>
\nA: Even if it was possible to read ISO 14443 cards from a distance, ISO 14443 is designed to only work with one card at a time. It is not possible to have one reader read multiple cards, have many readers read one card, or have many readers read many cards.<\/p>\n

It\u2019s a matter of laws of physics (two signals being in the exact same frequency) and the way the devices were designed. Mobile phones, Bluetooth, and WiFi have very sophisticated and complicated protocols to allow them to share and operate and be individually addressed in a range of airspace, jumping and across (sometimes thousands) of frequencies and channels, sometimes using more than one simultaneously, in an elaborate cooperative ballet to prevent two devices from using the exact same airspace at the same time.<\/p>\n

ISO 14443, on the other hand, not only doesn\u2019t have these protocols, but in fact was specifically designed to not share airspace with anything else. There are specific fail-safe parts of the protocol that are designed to make the card\/reader shut down, back out, and shut up if it detects something else using its airspace for safety\/reliability reasons. It also has safety procedures to handle cases where it doesn\u2019t have enough power or a good enough signal to complete a transaction: Everyone knows it\u2019s futile to try to yank away your payment card or try to swipe your card for only a split second in an effort to fool the vending machine into making a transaction without having your balance debited.<\/p>\n

If you\u2019ve ever had two\u00a0Suica Cards and\/or a Japanese driver\u2019s license in the same wallet<\/a>, you know that the readers will refuse to work or will only work with one card. Again, this is not just a limitation of the technology, it is by design.<\/p>\n

Q: But what if somehow somebody comes up with way that allows for eavesdropping of a card talking to a reader (from afar or near)? Am I safe?<\/strong>
\nA: Some people on the Internet have claimed even farther ranges than what we mentioned above: such as detecting the presence of a signal at 20 meters and actually discerning the digital bits at 10 meters. None of these claims have been independently confirmed or verified, and even if we give them the benefit of the doubt and believe for the sake of argument that it\u2019s possible, nobody has shown they can break the cryptography gleaned from real devices in the field in real world situations.<\/p>\n

To an eavesdropper, most ISO 14443 cards \u201csound alike.\u201d This means they all \u2014 be it your e-passport or your U.S. Passport Card or your Japanese driver\u2019s license or your FeLiCa based Suica\/Pasmo\/Icoca\/PiTaPa or your PayPass credit card or your Japanese Taspo tobacco age-verification card \u2014 talk on the same frequency (13.56 Mhz). Furthermore, the transaction that occurs between the reader and the card is encrypted, so even if a bad person had such a clear signal that they were able to discern the individual digital bits going back-and-forth between the reader and card, it would be useless for determining the payload or even the type of card being used in most cases.<\/p>\n

Thus, just because the card, either in your hand or concealed in a wallet, of you or the person next to you is or isn\u2019t \u201c squawking\u201d and you are or are not doesn\u2019t mean somebody can figure out that \u201cthat person is a foreigner and that person is not\u201d due to the presence or absence of a 13.56 Mhz encrypted squawk. That squawk could be anything, from a Japanese passport to a London train commuter Oyster Card.<\/p>\n

NOTE: Some security journals have speculated that it may be possible to perform literally a \u201cman-in-the-middle\u201d attack in some cases. This means putting something physically between (the 10cm) space of air between the card and the reader that is big enough to ensure that the reader and card can\u2019t hear each other; the bad spy device acts as a \u201crelay\u201d between the legit card and reader. So when you swipe, you should be absolutely sure you\u2019re swiping the real legit reader and not something placed directly on top of it.<\/p>\n

Q: Even if they can\u2019t read the contents of my card, can a civilian or official detect that I\u2019m in possession (or that I\u2019m not in possession) of a \u5728\u7559\u30ab\u30fc\u30c9 {zairy\u016b k\u0101do} (non-Japanese residence card) without my knowledge?<\/strong>
\nA: No. The reason for this in answered both in the previous question and the following question. You could easily fool an eavesdropper into thinking you swiped any arbitrary ISO 14443 Type B card that uses encryption by simply using another, completely different and unrelated ISO 14443 Type B card. You could purchase and carry your own battery powered\u00a0USB portable [dummy] reader<\/a> in a purse or bag, for example.<\/p>\n

Q: Can a civilian or official read my card without my knowledge if they\u2019re very near or next to me?<\/strong>
\nA: Japanese [and U.S. and E.U., but not all countries] e-passports, and yes, the new \u5728\u7559\u30ab\u30fc\u30c9 {zairy\u016b k\u0101do} (non-Japanese residence card) have\u00a0BAC (basic access control)<\/a>.<\/p>\n

This means you have to know some piece of information that\u2019s either on the card or in your head to read it.<\/p>\n

Even if somebody manages to covertly (say, on a crowded train or bus) get a portable skimmer close enough [less than 10cm] to your back pocket, purse, bag, or briefcase to pick up your card, they still need to know some things that are on the card in order to read it.<\/p>\n

NOTE: Not all NFC cards and RFID use this extra access control and\/or encryption. So you don\u2019t want to carry all your cards unprotected \/ unshielded in your back pocket. It is possible to obtain special,\u00a0practical shielded slips for ISO 14443 based technology<\/a> (tin foil hats sold separately). Some ISO 14443 technology (such as many, including Japanese, passports) already include a shielding envelope or technology integrated into the device. However, the presence of the shielding does not mean that the shielding is the last or only or even best line of defense against skimming; it is merely one component in a suite of many security components for the passport & residency card, already built-in by design, that would have to be compromised. To stay on topic, the NFC cards which are the discussion of the Q&A, such as Japanese passport, driver\u2019s license, and yes, the \u5728\u7559\u30ab\u30fc\u30c9 {zairy\u016b k\u0101do} (non-Japanese residence card), do implement and enforce BAC in addition to encrypting their point-to-point sessions with the readers.<\/p>\n

Q: Can private enterprises read the IC chip?<\/strong>
\nA: Yes. The MoJ [Ministry of Justice] plans to publish the specifications for reading information from the card. However, they can\u2019t override\u00a0BAC<\/a> (see above) which means a private enterprise would not be able to read your card without your knowledge.<\/p>\n

[ This is interesting. The literature I have specifically mentions that society, especially financial institutions and mobile phone companies, needs a reliable domestic photo id for non-Japanese residents. ]<\/p>\n

Q: What if the chip isn\u2019t working? What if the private enterprise doesn\u2019t have a reader? Is there an alternative electronic way to verify the card without the chip? Will I be hauled off to the police box if my chip isn\u2019t working?<\/strong>
\nA: The MoJ [Ministry of Justice] is also going to make a website available for checking cards (which presumably could be accessed by even mobile phone browsers). The website will accept the card\u2019s number and one other piece of information from the card to prevent people from randomly guessing \u5728\u7559\u30ab\u30fc\u30c9 {zairy\u016b k\u0101do} (non-Japanese residence card) numbers. The literature suggests that this extra information be the card renewal\/expiration date.<\/p>\n

Upon submitting the number, the website will simply return \u6709\u52b9 {y\u016bk\u014d} (valid) or \u5931\u52b9 {shikk\u014d} (invalid). To protect private information, no other information (such as name, date of birth, nationality, visa status, etc.) will be returned.<\/p>\n

ENDS<\/strong><\/p>\n

\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/<\/p>\n

COMMENT FROM ARUDOU DEBITO (donning his tinfoil hat<\/em>):<\/strong><\/p>\n

One conflict I always notice from my side of the spectrum is the inherent mistrust of scientists — when they claim a new technology, open to all manner of theoretical abuses, is “safe”.\u00a0 This is the same camp that tends to blame the scientists on the Manhattan Project for opening Pandora’s Box with The Bomb.<\/p>\n

Continuing in that vein in an attempt to contrapose aarguments to Eido’s research above, a whole bunch of “what ifs” and “whys” that are not all that unreasonable quickly come to mind:<\/p>\n

1) WHAT IF<\/strong> the sacred encryption keys get cracked or leaked somehow<\/strong>?\u00a0 Can happen quite easily, if not in part due to government error, see here<\/a>.\u00a0 And hackers are forever getting increasingly sophisticated.\u00a0 It’s hard to imagine the “eternity” scenario in a place when it’s techie vs. techie, and one is but a few steps ahead of the other.\u00a0 The risk is too great — once the door is open, identity theft becomes possible.<\/p>\n

2) WHAT IF the realm of “science fiction” becomes “science fact”?<\/strong> We once thought manned flight (with or without gravity), or portable computers, or even gigabytes of data stored in tiny places were impossible, but technology, again, has a habit of catching up and deleting the “im” prefix.\u00a0 Encryption notwithstanding, decrypting computers are getting faster and smarter all the time.<\/p>\n

3) WHY<\/strong> are foreigners only required to be IDed by private businesses<\/strong> (last two Qs above)?\u00a0 Actually, I can answer that one.\u00a0 Because the NPA feels the irrepressible need to track people that could commit crime.\u00a0 And because they can’t do that to Japanese citizens due to the outrage — witness the flop of the Juuki Netto system<\/a>.\u00a0 People just don’t want to be forced to carry ID in this society, much less tracked by it.\u00a0 It’s just happening to foreigners because they can’t stop it.\u00a0 And it increases the Japanese police’s power<\/a> by deputizing the private sector.\u00a0 This is just common sense — give the police anywhere in the world extra power, and they will feel fully justified in using it to accomplish their goals until they’re told they’ve gone too far (and in Japan, they insufficiently are<\/a>).<\/p>\n

4) WHY is that same private sector now advertising preventative measures against RFID technology?<\/strong> Check this out — a scan-proof pouch for your valuables now on sale in travel shops in Japan (seen because I went and renewed my passport on Tuesday):<\/p>\n

\"\"<\/a><\/p>\n

Unless this is Snake Oil (and Eido himself points out that non-contact scanning is possible), how do we deal with this?\u00a0 By saying that the distance is too small or the definition of the signal is too vague to matter?\u00a0 Again, I will raise the technology argument to say that once the leap is possible, it’s only a matter of degree.\u00a0 This may be tinfoil-hat-ism, but to me it’s like saying, “Don’t worry about The Bomb; if there is fallout from an unlikely attack, there are anti-radiation pills you can take.”\u00a0 Sorry, I don’t believe in having to put the Genie back in the Bottle.\u00a0 Especially since the reasons for this measure are less a technological inevitability than a political necessity (i.e., tightened policing of the only people you can police this way, since society in general wouldn’t dare accept it).\u00a0 If this is scary enough to the general public for it to be used as a preventative marketing ploy, then the foreigners should also count as members of the general public who are entitled to be scared.\u00a0 Just fobbing it off on a “it probably won’t happen” “eternity scenario” ignores the political realities behind these moves.<\/p>\n

Alright, I’ll stop there.\u00a0 Let’s have a discussion.\u00a0 Arudou Debito<\/p>\n

ENDS<\/p>\n","protected":false},"excerpt":{"rendered":"

With the rerelease of an article I wrote last year (I am reading all my old articles in order for the Debito.org Podcast, so listen here or read it here) is a revisitation of an argument I made about the next-generation “Gaijin Cards” (Zairyuu Kaado), with imbedded IC Chips. I expressed a fear that these “smart cards” will be remotely scannable, meaning the NPA will be able to zap a crowd and smoke out who’s foreign or not (whereas Japanese citizens have no legal obligation to carry ID 24\/7 backed up with criminal punishment) — or will further justify racial profiling of people like me who look foreign but aren’t.<\/p>\n

Techie Eido Inoue, a naturalized J citizen himself, writes here on invitation to address this argument. He was worried that this topic might get a bit geeky (he has in fact made it very readable, thanks), but never mind, this needs to be discussed by people in the know. However, please do read or page down to the end, where I have some basic counterarguments and a scan of something I saw the other day in a travel shop — a “scan proof” pouch for your valuables on sale! Read on.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44,33,5,10,11],"tags":[],"class_list":["post-7723","post","type-post","status-publish","format-standard","hentry","category-discussions","category-fingerprinting-nj","category-human-rights","category-japanese-policeforeign-crime","category-problematic-foreign-treatment"],"_links":{"self":[{"href":"https:\/\/www.debito.org\/index.php?rest_route=\/wp\/v2\/posts\/7723","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.debito.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.debito.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.debito.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.debito.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7723"}],"version-history":[{"count":0,"href":"https:\/\/www.debito.org\/index.php?rest_route=\/wp\/v2\/posts\/7723\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.debito.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.debito.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7723"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.debito.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}