Slashdot Mirror
Japanese Man Arrested For Storing Malware
Orome1 writes "38-year-old Yasuhiro Kawaguchi is the first person in Japan to get arrested for storing malware on his computer after the upper house's Judicial Affairs Committee has confirmed the new anti-malware law passed by the Japanese parliament. The law considers the creation, distribution and storage of malware a crime punishable with up to three years in prison and a fine that could reach the sum of 500,000 yen ($6,200)."
Surely any "white hat" working against malware needs to store malware someplace, right? What a dumb law.
The article says the charge was "storing a computer virus without a legitimate reason". In this case, the suspect "told the MPD that he did it to punish people who use file-sharing software"; do you consider that "a legitimate reason"?
The summary is pretty poor (as usual). The article says 'The revised Penal Code, which was enforced July 14, bans storage of a computer virus for the purpose of infecting other computers.' I doubt Symantec or McAfee store for the purpose of infecting other computers.
FTFA:
Kawaguchi uploaded a file containing the virus, which was titled to suggest child pornography, to the Internet via the file-sharing software Share
Well, normally I consider people who upload viruses via file-sharing software to be scum of the earth, but this guy seems like he was actually doing it for a moderately good cause. "Think of the children" is hella over used, malware is malware, and vigilante justice it questionable, but punishing this guy seems kinda weird, especially that strongly. Also, how the hell do they define "storing" malware? Technically, that could mean anyone infected is guilty, which is really scary.
I'm sure it won't be abused, of course. /sarcasm
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
The German law is even actually dumber.
If I understood the Japanese law correctly, you'd have to have some kind of intent to use that malware to infect other computers to break it. So far, so good. Personally, I don't see anything wrong with that by itself, creating, storing or distributing malware with the intent to infect should be punishable. I wonder how they want to discriminate between intentional and accidental spreading (after all, it could well be that he himself downloaded that somewhere and didn't even know it's malware), but if they find a way to actually identify the intent of someone, that law could actually do much good.
The German "anti-hacker law" cannot. There is simply no angle or way this could possibly have any beneficial effect. Basically, what the law says is that a "hacking tool" is illegal. There may be an exception for good reason, so far nobody tested it. I actually cannot remember a case where it was used. And it's sufficiently ambiguous that a hex editor could be subject to it or a firewall that lets you configure the packets it replies with. But let's stay with nmap, hping and all the other "hacking tools" for a moment. These are very well known and quite powerful tools to check the security of a network, so they can be used to find weaknesses in it, hence they're hacking tools.
And auditing tools. Why? Because auditors use exactly the same tools for an obvious reason: Everything you can use to find weaknesses in a network to break into it can also be used to find weaknesses in a network to fix and seal them. Unfortunately, the law makes little difference in intent. Because not the use, but the possession, is already illegal. And when I own a rifle with a scope, it doesn't make any comment yet on whether I go on a killing spree with it or whether I'm a hunter.
Now let's ponder for a moment who gives a shit about a law that makes those tools illegal: An auditor, whose job and pretty much his career hangs on his police record being spotless, or a criminal who plans to commit a crime much more serious than "possession of hacking tools".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.