Forwarded From: William Knowles <erehwonat_private> (Daily Yomiuri On-Line) [2.9.99] The National Police Agency and the Posts and Telecommunications Ministry are sharply divided over a bill to deal with the problem of hackers, which the two bodies are expected to submit jointly during the current Diet session. The bill is to be based on two drafts that they prepared separately and announced in November. The NPA argues in favor of logs of messages sent through computer networks, as they would be useful in tracing transactions and could provide information in police investigations. The Posts and Telecommunications Ministry, however, argues against them, saying such logs would constitute an invasion of privacy, which is unconstitutional. The two bodies agree in principle that the government must take action against hackers. As there is no law prohibiting people from breaking into networks, the United States and some European countries have expressed fears that Japan could become a haven for hackers. The most intense conflict has been over the issue of whether the government should make it obligatory for Internet servers and other companies to keep logs. According to the NPA draft, firms would have to keep a record of, for example, users' IDs, passwords and their messages for up to three months. They would also be required to report instances of access to their networks. The ministry's draft, on the other hand, emphasizes privacy rights and keeping companies' responsibilities to a minimum. Records need only contain fees charged to users and specific measures taken to prevent people from accessing their networks, it says. Its draft would allow companies to decide for themselves how long to preserve such information, and stipulates that when the records no longer serve any purpose, they should be erased. The NPA and the ministry have held several rounds of talks on the issue. "Without detailed logs, it will be impossible to prove cases of hacking, thus defeating the purpose of the new law," an NPA official said. However, a ministry official said that logs should be erased if they are no longer of any use and contain no information related to hacking, as they would constitute a violation of privacy rights. Another government official said the debate between the NPA and the ministry reveals differences in their respective philosophies, rather than in their approach to discussing points of policy. The two bodies have posted their drafts on Web sites to test public opinion, which has also been divided on the issue of keeping logs. The Japan Federation of Bar Associations opposes the NPA draft. "The draft is potentially dangerous in that police may keep watch over a wide range of online activities," it said. The Japan Local Access Providers Association is largely in favor of the NPA's plan. However, some members fear that the administrative work involved would pose a huge burden. In December 1997, the European Union laid down a general guideline that Internet service providers should immediately erase records concerning user messages. At the Group of Eight summit meeting in Britain last year, it was resolved that logs should be kept, but in a manner that does not violate users' privacy. However, no international agreements have been reached on the issue, and only a few countries, such as Belgium, have made moves to draw up legislation against hacking. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:02 PDT