[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[jericho@dimensional.com: [ISN] Conflict holding up hacker bill]


----- Forwarded message from mea culpa <jericho@dimensional.com> -----

Date: Fri, 12 Feb 1999 17:15:08 -0700 (MST)
From: mea culpa <jericho@dimensional.com>
To: InfoSec News <isn@repsec.com>
Subject: [ISN] Conflict holding up hacker bill 

Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>

(Daily Yomiuri On-Line) [2.9.99] The National Police Agency and the Posts
and Telecommunications Ministry are sharply divided over a bill to deal
with the problem of hackers, which the two bodies are expected to submit
jointly during the current Diet session.

The bill is to be based on two drafts that they prepared separately and
announced in November.

The NPA argues in favor of logs of messages sent through computer
networks, as they would be useful in tracing transactions and could
provide information in police investigations.

The Posts and Telecommunications Ministry, however, argues against them,
saying such logs would constitute an invasion of privacy, which is

The two bodies agree in principle that the government must take action
against hackers. As there is no law prohibiting people from breaking into
networks, the United States and some European countries have expressed
fears that Japan could become a haven for hackers. 

The most intense conflict has been over the issue of whether the
government should make it obligatory for Internet servers and other
companies to keep logs. 

According to the NPA draft, firms would have to keep a record of, for
example, users' IDs, passwords and their messages for up to three months.
They would also be required to report instances of access to their

The ministry's draft, on the other hand, emphasizes privacy rights and
keeping companies' responsibilities to a minimum. Records need only
contain fees charged to users and specific measures taken to prevent
people from accessing their networks, it says.

Its draft would allow companies to decide for themselves how long to
preserve such information, and stipulates that when the records no longer
serve any purpose, they should be erased. 
The NPA and the ministry have held several rounds of talks on the issue.

"Without detailed logs, it will be impossible to prove cases of hacking,
thus defeating the purpose of the new law," an NPA official said.
However, a ministry official said that logs should be erased if they are
no longer of any use and contain no information related to hacking, as
they would constitute a violation of privacy rights.
Another government official said the debate between the NPA and the
ministry reveals differences in their respective philosophies, rather than
in their approach to discussing points of policy.
The two bodies have posted their drafts on Web sites to test public
opinion, which has also been divided on the issue of keeping logs.
The Japan Federation of Bar Associations opposes the NPA draft. 
"The draft is potentially dangerous in that police may keep watch over a
wide range of online activities," it said.
The Japan Local Access Providers Association is largely in favor of the
NPA's plan. However, some members fear that the administrative work
involved would pose a huge burden.
In December 1997, the European Union laid down a general guideline that
Internet service providers should immediately erase records concerning
user messages.
At the Group of Eight summit meeting in Britain last year, it was resolved
that logs should be kept, but in a manner that does not violate users'

However, no international agreements have been reached on the issue, and
only a few countries, such as Belgium, have made moves to draw up
legislation against hacking.

Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

----- End forwarded message -----

Thomas Roessler  74a353cc0b19  dg1ktr  http://home.pages.de/~roessler/
     2048/CE6AC6C1  4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1