Japanese Man Arrested For Storing Malware

Orome1 writes "38-year-old Yasuhiro Kawaguchi is the first person in Japan to get arrested for storing malware on his computer after the upper house's Judicial Affairs Committee has confirmed the new anti-malware law passed by the Japanese parliament. The law considers the creation, distribution and storage of malware a crime punishable with up to three years in prison and a fine that could reach the sum of 500,000 yen ($6,200)."

Symantec? McAfee?

[XanC]

Surely any "white hat" working against malware needs to store malware someplace, right? What a dumb law.

Re:From the article: "without a legitimate reason"

[gdshaw]

The article says the charge was "storing a computer virus without a legitimate reason". In this case, the suspect "told the MPD that he did it to punish people who use file-sharing software"; do you consider that "a legitimate reason"?

I can think of at least two organisations that might.

Re:Symantec? McAfee?

[Opportunist]

The German law is even actually dumber.

If I understood the Japanese law correctly, you'd have to have some kind of intent to use that malware to infect other computers to break it. So far, so good. Personally, I don't see anything wrong with that by itself, creating, storing or distributing malware with the intent to infect should be punishable. I wonder how they want to discriminate between intentional and accidental spreading (after all, it could well be that he himself downloaded that somewhere and didn't even know it's malware), but if they find a way to actually identify the intent of someone, that law could actually do much good.

The German "anti-hacker law" cannot. There is simply no angle or way this could possibly have any beneficial effect. Basically, what the law says is that a "hacking tool" is illegal. There may be an exception for good reason, so far nobody tested it. I actually cannot remember a case where it was used. And it's sufficiently ambiguous that a hex editor could be subject to it or a firewall that lets you configure the packets it replies with. But let's stay with nmap, hping and all the other "hacking tools" for a moment. These are very well known and quite powerful tools to check the security of a network, so they can be used to find weaknesses in it, hence they're hacking tools.

And auditing tools. Why? Because auditors use exactly the same tools for an obvious reason: Everything you can use to find weaknesses in a network to break into it can also be used to find weaknesses in a network to fix and seal them. Unfortunately, the law makes little difference in intent. Because not the use, but the possession, is already illegal. And when I own a rifle with a scope, it doesn't make any comment yet on whether I go on a killing spree with it or whether I'm a hunter.

Now let's ponder for a moment who gives a shit about a law that makes those tools illegal: An auditor, whose job and pretty much his career hangs on his police record being spotless, or a criminal who plans to commit a crime much more serious than "possession of hacking tools".