Preventing information leaks

On Oct. 29, the day the three-year statute of limitations expired on indictments of suspects in the online streaming of 114 documents related to an investigation into international terrorism, the Metropolitan Police Department sent a paper to the prosecution without mentioning the names of any suspects. It is believed that the MPD’s Third Foreign Affairs Division prepared most of the leaked documents.

This case has revealed many problems. It has shown that investigation authorities have been sloppy in managing and controlling information stored in their computer systems. Clearly they must greatly improve the way they handle such information.

The leaked documents disclosed, among other things, the names of members of an antiterrorism team, a list of foreigners suspected of having links to international terrorism, remittances involving bank accounts held by employees at embassies of Muslim countries, the names of embassies of Muslim countries near which investigation points were set up, and names and addresses of informants who cooperated with the MPD division.

As a result of the leak, some people were suspected by family or friends of having ties with terrorist groups. Some victims have complained that the leak destroyed family ties or financially damaged their businesses. It’s deplorable that no remedial action was taken and no compensation was paid to them despite a strong suspicion that MPD personnel were responsible for the leak. The MPD adamantly refuses to admit that any of its personnel were involved, raising a key question: Did the MPD make really serious efforts to pinpoint the suspect or suspects? The MPD questioned some 400 people and requested the cooperation of the investigation authorities of some 60 countries, but it made no arrests.

File-sharing software and anonymization technique were used to stream the 114 documents in five compressed files streamed onto the Internet via a server in Luxembourg. The leak of these documents and the posting on YouTube of a September 2010 Japan Coast Guard video footage showing a Chinese fishing boat ramming two JCG ships near the Senkaku Islands accelerated a government move to prevent leaks of important government information by imposing severe punishments on leakers.

The culmination of this effort is the Abe Cabinet’s bill to give discretionary power to heads of administrative bodies to designate a wide range of information linked to diplomacy and security as special secrets, and to impose prison terms of up to 10 years on national public servants who leak such secrets. But this bill undermines press freedoms and the people’s right to know. The government should instead combat the problem by adopting better security measures to prevent leaks at their source — the places where the sensitive information is handled. For example, public servants should be banned from bringing personal computers and data storage devices to work, security cameras should be set up, data should automatically become encrypted if export attempts are made and work logs must be kept to ensure accountability.