The new legislation has created interesting discussions on security forums, as experts have observed that the distribution of a virus created, for example, in the US, in Japan by a Japanese citizen, would come within the scope of the criminal law.
The question that many onlookers are asking, Infosecurity notes, is what happens if the malware distribution takes place without the knowledge of the user of the computer, such as when a botnet is involved?
Legislators in Japan are less concerned about the semantics, however, as they say this is the country's response to support the International Convention on Cybercrime, a treaty ratified by more than 30 countries and which mandates international co-operation in investigating crimes in cyberspace.
According to Francis Tan of TheNextWeb newswire, the new legislation makes the creation or distribution of a computer virus without a reasonable cause punishable by up to three years in prison or 500,000 yen in fines, and the acquisition or storage of one punishable by up to two years in prison or 300,000 yen in fines.
"Critics, however, say the move could infringe on the constitutionally guaranteed privacy of communications. The law controversially allows data to be seized from computer servers subject to investigation. Furthermore, authorities are granted the ability to acquire communications logs from ISP that are kept for up to 60 days", says the newswire.
"Japanese investigative authorities have so far had trouble pursuing a series of cyberattacks due to the absence of a domestic law. Due to the privacy concerns involved, the upper house's Judicial Affairs Committee is waiting for a resolution for proper implementation by the authorities" adds the newswire.