Top>Opinion>Cyberspace and Law


Yoshinori Nakanome

Yoshinori Nakanome [profile]

Cyberspace and Law

Yoshinori Nakanome
Professor, Chuo University Law School
Area of Specialization: Criminal Law, Criminal Procedure

Read in Japanese

I. Originally developed as military technology, the Internet is used today for e-mail, Internet telephones, bank transactions, economics, shopping, and in countless other situations. Even corporations and the government use networks for information storage and sharing, with recent trends showing a growing increase in the usage of clouds. The Internet greatly improves convenience, and is especially suited to the efficiency requirements of businesses and society, able to answer information sharing needs. It has now become a part of the social infrastructure. The society we live in is changing radically, into one that is dependent on digital information.

II. While the Internet can provide both convenience and enhanced efficiency, it also has the capacity to do great harm, through such methods as unauthorized acquisition of IDs and passwords by viruses or phishing, which can in turn be used to obtain money or information fraudulently; manipulation or destruction of computer information; unauthorized acquisition of information related to national defense and security through the use of viruses included as attachments to targeted e-mails that cannot be blocked by firewalls; and the distribution and sale of child pornography which leaves serious and permanent scars on the dignity of its victims. The most troublesome aspect of crimes and unlawful acts carried out in cyberspace is, in addition to the Internet's inherent anonymity and difficulty in discovering the true identity of such criminals, the fact that the damage caused by these crimes can occur on a huge scale instantly, without being hindered by the barriers of national borders. In fact, a great number of reports have been made of attempted access, attack, and unauthorized acquisition of information by foreign sources. DoS attacks, which involve using viruses to create backdoors allowing computers to be operated without permission, and then using many of those springboard computers to place huge quantities of server requests ultimately resulting in excessive loads and service shutdowns, could render the Internet completely inoperative. In that sense the Internet is vulnerable.

III. The more our society's infrastructure and everyday lives depend on the Internet, the more important our methods of handling the Internet's darker side become. How to restrict and control this dark side of the Internet, while ensuring the safety of cyberspace, improving convenience and efficiency, and assuring the safety of people using it, is becoming a crucial issue. Legal protection and rules responding to our needs in the age of cyberspace are becoming vitally important, where the Internet not only fulfills a function as a part of the infrastructure through the use of networks that gather and store various kinds of information used in everyday life in digital form, including government information that accumulates the interests of the public, national security-related information that is a key part of providing safety to the people, and information detailing the economic activities of corporations, but also can distribute harmful information on a tremendous scale. Let us examine several examples of such measures below.

1. One of such measures would be to make it known to actual and potential criminals that if a crime is committed, its punishments will be carried out by eventually tracing back to the identity of the person actually responsible, which will lead to deter future crimes. Because those who commit crimes over the Internet do so in believing there is little danger of their identities being detected and punished, a major factor in deterring the crimes would be to increase their "traceability" ("Ensuring Traceability in Cybercrime Investigations" 2011 General Security Measures Conference). In technological terms, this would require steps improving the ability to trace transmission sources, by such measure as keeping logs (Code of Criminal Procedure, Article 197, paragraph (3)) and/or the introduction of routers with default security functions preventing unauthorized access that does not leave traces.

2. When dealing with cybercrimes, it is their "prevention" that is critical. In this respect, recent Penal Code Revisions for the punishment of virus creation and distribution (Penal Code Article 168-2) have an extremely important meaning. Computers that become infected by viruses can become susceptible to unauthorized operation, which will make it possible to steal IDs, passwords, and other important information as well as to destruct data. Such viruses also have the function of concealing the true culprit at the time of the actual crime or attack, by using other computers as springboards. The punishment of virus creation and distribution would target the prior act taken before actual harm caused by unauthorized acquisition of information, and would be a significant in preventing ensuing damage. Today, with emerging viruses such as Stuxnet able to conduct unauthorized operation of nuclear facilities even if they are isolated from the Internet, the prevention increased its importance than ever before.

3. An important law in cybercrime prevention is "Law on Prohibit Unauthorized Access". The laws prohibiting unauthorized access is originally intended to restrict the unauthorized "access" by using the IDs and passwords of others, which is taken prior to the occurrence of actual harm caused. However, unless the acquisition, distribution, and sale of such IDs and passwords were not prohibited, their later unauthorized use would inevitably occur. For this reason, there have been recent revisions for punishing actions including the unauthorized acquisition, storage, distribution and sale of these IDs and passwords, as well as unauthorized requests for their input. The revision has forwarded one step further in advance of fraudulent access by using them (same law as above, Articles 4~7).

4. To make the Internet safe for everyone to use, however, mere punishment will not be sufficient. The creation of a cooperative system unifying the government and the people, requesting the widespread assistance of the public, is essential as well. Carrying out identity confirmation of Internet caf辿 users, for example, could be one part of actions toward the formulation of such a cooperative system, and would play a significant part in increasing the traceability of cybercrimes.

5. Society is increasingly shifting towards the usage of digitalized information, and so both the Penal Code and the Code of Criminal Procedure must be revised able to respond to the resulting changes.

For example, theft prescribed by the Penal Code (Article 235) focuses mainly on the theft of tangible objects, albeit with exceptions such as the theft of electricity. In cases of information theft, including that of software with tremendous proprietary value, under the current statute it is the theft of the discs, etc. on which such information is stored or transferred that is subject to punishment. It has the limitation in that if a person with access rights used his or her own information storage equipment to steal the information, it could not be punished. The law should be revised for making punishment of the theft of the information itself possible by putting focus on the information itself to be protected. In addition, in order to make it possible to punish transmission of thefted information over electronic lines, it would be necessary to introduce such categories of crimes as the illegal use of electronic lines for illicit purposes (wire fraud). In addition, it would be preferable for the seizure in the Criminal Procedural Code to be revised to be more consonant to the actual purpose of the seizure of digital information itself. While the seizure of digital information currently is to be conducted by taking a form of seizure of computers and/or media on which digital information is stored, i.e., tangible objects, true purpose of the seizure lies in getting the information itself.

6. Although no national borders actually exist in cyberspace, there are limits on each countries' sovereign or jusirsdiction. When dealing with unauthorized acquisition of information committed by overseas sources, it is therefore important to build a system of mutual investigative cooperation with countries where the unauthorized access originated, as well as countries through which such transmission occurred. By entering into mutual investigative cooperation treaties or agreements with other countries and ratifying the European Cybercrime Convention, Japan has taken steps to strengthen its overseas alliances, but there are cases where cooperation with other countries cannot be achieved. Consequently, the enhancement of information protection through the evolution of encryption technology, and of security measures and systems involving the combined efforts of the government and the people, will become even more critical.

7. In order to respond to the corrupt use of cyberspace and to cybercrimes, there is a necessity to thoroughly train people with knowledge of technological methods to prevent unauthorized access and acquisition of information, and who possess the technology to analyze the evidence of such acts. Even in case of conventional crime, there are an increasing number of cases where evidence is stored in encrypted form, leading to a growing need for digital forensics. In South Korea, a graduate school specialized in digital forensics has been established, with its graduates being assured of employment in national organizations. In order to respond to the increased use of the digitalized information, the importance of investigative science (digital forensic) for the prevention and investigation of such crimes continues to rise.

IV. If there were is too much protection of anonymity in the cyberspace, criminals could also enjoy increased anonymity, resulting in the loss of cyberspace security and the generation of serious obstacles to the actual everyday lives of the public. Therefore, in order to make cyberspace safer, a degree of control that can balance the protection of privacy with the safety of the cyberspace will be required.

Yoshinori Nakanome
Professor, Chuo University Law School
Area of Specialization: Criminal Law, Criminal Procedure
Birthplace: Fukushima Prefecture
1953 Birth
1975 Graduation from Faculty of Law, Chuo University
1979 Completion of master's program specializing in Criminal Law and Criminal Procedure, Chuo University Graduate School of Law
1983 Withdrawal from doctoral program specializing in Criminal Law and Criminal Procedure, Chuo University Graduate School of Law
From 2004, current position as Professor of Law at Chuo University Law School after serving as Professor of Law at Faculty of Law, Chuo University
Current research topics: policies on crime prevention and reduction to ensure public safety, measures against organized crime, governance of illegal activities in organizations and corporations, cybercrimes, search and seizure, double jeopardy, others