[ISN] Ban on Unauthorized Online Access in Japan to be Enacted

From: cult hero (jerichoat_private)
Date: Thu May 13 1999 - 14:44:18 PDT

  • Next message: cult hero: "[ISN] The Digital Detective Workshop"

    Forwarded From: "Prosser, Mike" <mike.prosser@L-3Security.com>
       May 13, 1999 (TOKYO) -- Legislation to outlaw unauthorized access to
    computer networks will go into effect in Japan by the end of this year at
    the earliest, and the penalties will include fines or imprisonment. 
       The bill, sponsored jointly by the National Police Agency, the Ministry
    of Posts and Telecommunications, and the Ministry of International Trade
    and Industry (MITI), was submitted to the Diet after it was adopted at a
    Cabinet meeting on April 16. It is expected to pass the Diet by the end
    of June.
       The concerned government agencies will make the bill to ban
    unauthorized access a new law, and not simply an amendment to the Criminal
    Law or the Telecommunications Business Law. Under the terms of the
    legislation, unauthorized access is defined as "any unauthorized logging
    in to a computer network using another person's ID or password, or any
    attack on a security hole in an operating system or application." The bill
    will ban such unauthorized access. The penalties will include imprisonment
    for up to one year or fines of up to 500,000 yen. (121.03 yen = US$1) 
       Also, the bill will outlaw "any acts to promote unauthorized access" 
    such as provision or sales of a user ID and password to a third party. In
    such cases, penalties will be fines of up to 300,000 yen. Even in the
    United States and Europe, where laws banning unauthorized access have
    already been enacted, few countries ban acts to promote unauthorized
       The bill will protect "all networked computers, those which control
    access with a user authentication via a user ID or password as well as
    authentication results" from unauthorized access. Networks will include
    the Internet, public circuits and corporate dedicated lines. 
       The new bill will not require corporate system administrators to
    "preserve log on records of protected computers," which the NPA has
    sought. Preservation of logs was excluded from the bill based on
    discussions among the three concerned parties. 
       In November 1998, the NPA sought to require companies to preserve their
    log records, based on its view that "those to be protected by the bill and
    obliged parties are identical." However, many companies said that such a
    requirement would impose a tremendous burden on them and that it wouldn't
    necessarily help prevent unauthorized access.
       Nonetheless, companies will still be expected to make their best
    efforts to preserve log records to detect any unauthorized access at an
    early stage and minimize damages. The bill will not have its intended
    effect unless companies take some measures to prevent unauthorized access. 
       Therefore, the three parties decided to ask companies to implement
    voluntary efforts to take some measures to prevent unauthorized access. 
    Specifically, system administrators are expected to manage passwords on a
    thorough basis, and to implement a variety of preventive measures. 
       Although it is not legally binding, most system administrators will
    likely implement such preventive measures on a voluntary basis.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:23:27 PDT