Last June 17, 2011, the Japanese parliament approved a revised proposal for criminal law against creating and keeping malware, also known as the cybercrime law.
The key point about this revised criminal law is that malware writers will be penalized if malware was created and distributed under the following circumstances:
- Without a legitimate reason
- With the purpose of running it on someone’s computer without their consent
In other words, it’s about ‘malicious intent’.
Up until now, creating and owning malware with malicious intent could not be penalized by law in Japan. For example, the creator of the Harada virus was found guilty not for creating and distributing malware, but for violating copyrights for TV animation and for libel by using personal information and photos of his friends. The same person created the Octopus and squid virus while on probation, and was later arrested in 2010 for suspicion of property damage as the virus made victims’ computer hard disk unusable.
In other words, there was no direct way for punishing malware writers until now.
However, with the new law, the law enforcement can directly penalize creating and owning malware with the intent of malicious use.
Under the cybercrime law, people can be given up to three years in prison or fined up to JPY500,000 (about US$6,200) for creating and using malware with malicious intent, and be given up to two years in prison or fined up to JPY300,000 (about US$3,700) for owning or keeping malware for malicious purposes.
This new law demonstrates that the Japanese government is working on creating and strengthening its foundation against cybercrime in Japan. After signing the Council of Europe Convention on Cybercrime, followed by the approval of this new law, Japan is now in a much better position to achieve collaboration with other governments around the world against cybercrime.
Trend Micro, as a security company, welcomes this move as one of Japan’s nationwide efforts to tackle cybercrime. This effort reiterates the fact that creating, distributing, owning and keeping malware for malicious purposes is a crime. At the same time, this is a huge step towards tackling cybercrime that will certainly continue to happen for many years to come.
This is an English version of the Japanese blog entry found here.
Leave a reply