Japan's parliament enacted legislation Friday criminalizing the creation or distribution of computer viruses to crack down on the growing problem of cybercrimes, but critics say the move could infringe on the constitutionally guaranteed privacy of communications.
Japan's parliament enacted legislation Friday criminalizing the creation or distribution of computer viruses to crack down on the growing problem of cybercrimes, but critics say the move could infringe on the constitutionally guaranteed privacy of communications.
With the bill to revise the Penal Code passing the House of Councillors by an overwhelming majority, the government intends to conclude the Convention on Cybercrime, a treaty that stipulates international cooperation in investigating crimes in cyberspace.
Japanese investigative authorities have so far had trouble pursuing a series of cyberattacks on government offices, corporations and individuals in the absence of a domestic law specifically designed to punish virus creation and other harmful acts on computer networks.
The legislation makes the creation or distribution of a computer virus without a reasonable cause punishable by up to three years in prison or 500,000 yen in fines, and the acquisition or storage of one punishable by up to two years in prison or 300,000 yen in fines.
It also makes it punishable to send e-mail messages containing pornographic images to a random number of people.
The law controversially allows data to be seized or copied from computer servers that are connected via online networks to a computer seized for investigation.
It also enables authorities to request Internet service providers to retain communications logs, such as the names of e-mail senders and recipients, for up to 60 days.
Because of concerns that keeping such communication logs could violate the privacy of communications guaranteed under the Constitution, the upper house's Judicial Affairs Committee attached to the legislation a resolution calling for the authorities to apply the law appropriately.
The government submitted similar legislation to the Diet in 2003 and 2005, but the move failed each time because of strong opposition to a concurrently proposed clause that sought to make it an act of conspiracy for a group of people to simply conceive of committing a crime.
The Convention on Cybercrime, which was adopted by the Council of Europe in November 2001, took effect in 2004, with 31 countries having ratified it so far. It requires parties to make it criminal to have unauthorized access to computer systems, store images of child pornography and infringe on copyrights, among others.