On March 11, the day when the massive earthquake and tsunami hit the Tohoku region’s Pacific coastal areas, the Kan Cabinet endorsed a bill to revise the Criminal Law to smooth investigation into computer crimes.

On April 1, while the nation was shaken by the aftermath of the March 11 disasters and by the accidents at the Fukushima No. 1 nuclear power plant, the government submitted the bill to the Diet. The bill was for setting up new crime categories — creation and distribution of computer viruses — and for punishing violators.

Because the revision was feared to infringe on the secrecy of communication as guaranteed by the Constitution’s Article 21, Section 2, the Japan Federation of Bar Associations and some computer and Internet experts have dubbed the bill a “computer surveillance bill.”

But the Upper House enacted the bill into law on June 17. Only the Japan Communist Party and the Social Democratic Party opposed the bill. The revision of the Criminal Law went into force on July 14.

Even ruling party Diet members were aware of the danger inherent in the bill. The Upper House Judicial Affairs Committee voted for a supplementary resolution calling on law-enforcement authorities to properly apply the revised Criminal Law. Internet-related firms should raise their voice each time investigators apply the law without restraint.

Under the revised Criminal Law, those who create or distribute computer viruses will be given up to three years’ imprisonment or be fined up to ¥500,000. Those who acquire or keep computer viruses will be given up to two years’ imprisonment or be fined up to ¥300,000. Those who email obscene images to an unspecified large number of people will also be punished.

In addition, the Criminal Procedure Law was revised to enable investigators to copy or confiscate data in a server connected online with a computer seized by them.

Under this revision, which will go into effect early next year, investigators can “request” that Internet providers keep the “history” of emails such as the email addresses of senders and receivers for a maximum 60 days. No warrant issued by a court is required in making such requests.

With the revisions, the government hopes to sign an international treaty on international cooperation in cyber crimes investigation by the end of this year.

Until now, there had been no law that directly punishes those who create or distribute computer viruses. For example, law-enforcement authorities applied the crime of damaging an article to a 28-year-old man arrested on suspicion of uploading a computer virus called ika-tako (squid-octopus) virus through peer-to-peer file sharing software from May to July 2010. This virus replaces text or photographs in a data file with images of squids, octopuses or sea urchins.

The Tokyo District Court on July 20 sentenced the man to 30 months’ imprisonment, saying that damaging the function of a hard disk with the virus constitutes the crime of damaging an article. Certainly the law revisions will make computer crimes investigation much easier.

Their impact has already appeared. It was learned on July 21 that the Metropolitan Police Department arrested a 38-year-old man from Ogaki, Gifu Prefecture, on suspicion of keeping a computer virus in his personal computer around 9:40 a.m. on July 17. A personal computer freezes if infected with the virus through peer-to-peer file sharing software.

The revisions have many problems. The revised Criminal Law empowers investigators to arrest the creator of a virus even before it causes damage. This provision would tempt investigators to carry out 24-hour surveillance over the Internet to detect viruses.

The possibility cannot be ruled out that when a person is trying to make a computer program, a computer virus is inadvertently created. The Justice Ministry says that this does not constitute a crime. But it will be burdensome for the person to convince investigators that the virus has been created inadvertently.

Investigators who have seized a computer are allowed to confiscate data contained in a server and other computers connected online with the computer. Because they cannot know in advance which computers contain relevant data, they may be tempted to try to confiscate data in many computers. There may be no limit to the number of computers whose data the investigators try to confiscate.

In this process, they could come across data not related to the crime they are investigating.

A provision in the revised Criminal Procedure Law that allows investigators to “request” Internet providers without a court-issued warrant to keep the “history” of emails for up to 60 days is problematic too. It must first be remembered that the email addresses of senders and receivers are part of their privacy. The possibility also cannot be ruled out that investigators will make “requests” in an abusive manner.

People and lawmakers should closely watch the moves of investigators so that the law revisions themselves do not become tools for increasing their grip further on people’s means of communication.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.