Last June 17, 2011, the Japanese Parliament approved a revised proposal for criminal law against creating and keeping malware aka the Cybercrime Law.
The key point about this revised criminal law is that malware writers will be penalized if a malware was created and distributed under the following circumstances:
- Without a legitimate reason
- With the purpose of running it on someone’s computer without the person’s consent
In other words, it’s about “malicious intent.”
Up until now, creating and owning malware with malicious intent cannot be penalized by law in Japan. For example, the creator of the Harada virus was found guilty not for creating and distributing malware but for violating the copyright for TV animation and for libel by using his friends’ personal information and photos. The same person created the Octopus and Squid viruses while on probation and was later arrested in 2010 for suspicion of property damage as the viruses rendered victims’ hard disks unusable.
In other words, there was no direct way to punish malware writers in Japan until now.
The new law allows law enforcers to directly penalize people for creating and owning malware with the intent of malicious use.
Under the Cybercrime Law, people can serve up to three years in prison or can be fined up to JPY500,000 (around US$6,200) for creating and using malware with malicious intent. They can serve up to two years in prison or can be fined up to JPY300,000 (around US$3,700) for owning or keeping malware for malicious purposes.
This new law demonstrates that the Japanese government is working on creating and strengthening its foundation against cybercrime in Japan. After signing the Council of Europe Convention on Cybercrime, followed by the approval of this new law, Japan is now in a much better position to achieve collaboration with other governments around the world against cybercrime.
Trend Micro, as a security company, welcomes this move as one of Japan’s nationwide efforts to tackle cybercrime. This effort reiterates the fact that creating, distributing, owning, and keeping malware for malicious purposes is a crime. At the same time, this is a huge step toward tackling cybercrime that will certainly continue to happen for many years to come.
This is an English version of the Japanese blog entry found here.