日本語 English

<br /> <b>Warning</b>: Undefined variable $sitetitle in <b>/home/xb675064/monolith.law/public_html/wp-content/themes/monolith_en/header.php</b> on line <b>100</b><br />

MONOLITH LAW OFFICE+81-3-6262-3248Weekdays 10:00-18:00 JST

MONOLITH LAW MAGAZINE

IT

HOME > LAW MAGAZINE > IT > Details and Violation Examples of the Japanese Act on Prohibition of Unauthorized Computer Access

Details and Violation Examples of the Japanese Act on Prohibition of Unauthorized Computer Access

IT

Details and Violation Examples of the Japanese Act on Prohibition of Unauthorized Computer Access

The Unauthorized Computer Access Law (officially known as the “Law Concerning the Prohibition of Unauthorized Computer Access”) is a law enacted with the aim of preventing cybercrime and maintaining order in telecommunications.

With the proliferation of smartphones and the increase in internet users, the number of unauthorized access cases is also on the rise year by year.

In this article, we will explain in detail the contents of the Japanese Unauthorized Computer Access Law and examples of violations.

What is the Unauthorized Computer Access Law?

The Unauthorized Computer Access Law was enacted in 2000 and was revised in 2012 (Heisei 24) in response to the increasing severity of cybercrimes.

With this revision, phishing activities and the unauthorized acquisition and storage of identification codes (IDs and passwords) were prohibited, and the statutory penalties for unauthorized access were increased. Actions that were not previously punishable were prohibited, making the law more effective.

The purpose of the Unauthorized Computer Access Law is defined as “contributing to the healthy development of an advanced information and communication society” (Article 1).

The actions prohibited by the Unauthorized Computer Access Law are as follows:

  • Unauthorized access (Article 3)
  • Acts that promote unauthorized access (Article 5)
  • Unlawfully acquiring or storing someone else’s identification code (Articles 4 and 6)
  • Unlawfully requesting the input of someone else’s identification code (Article 7)

What is Unauthorized Access?

Unauthorized access can be divided into two categories: “unauthorized login” and “security hole attacks”.

Unauthorized login refers to the act of arbitrarily entering someone else’s identification code (ID and password) and logging into accounts such as SNS accounts and email addresses.

A security hole attack refers to an attack that exploits a security hole (a security defect that occurs in a computer connected to a network, also known as a “vulnerability”). Attackers can execute operations without proper authority, steal data, modify or delete data without editing rights, and use it as a stepping stone for intrusion or attacks on other systems by exploiting security holes. This attack can be automated like computer viruses and internet worms, so users may suffer damage or spread infections to other systems without their knowledge.

If you engage in unauthorized access, you may be sentenced to imprisonment for up to three years or fined up to one million yen.

What are Acts that Promote Unauthorized Access?

The Unauthorized Computer Access Law not only prohibits unauthorized access but also acts that promote unauthorized access. Acts that promote unauthorized access refer to making it possible for a third party to log into an account without the owner’s consent by disclosing someone else’s ID or password.

If you violate this, you may be sentenced to imprisonment for up to one year or fined up to 500,000 yen.

What is the Unlawful Acquisition and Storage of Someone Else’s Identification Code?

The act of unlawfully acquiring someone else’s identification code refers to “the act of acquiring someone else’s ID or password in order to engage in unauthorized access”.

Also, the act of unlawfully storing someone else’s identification code refers to “the act of storing someone else’s ID or password that was unlawfully acquired in order to engage in unauthorized access”.

Even if you do not engage in unauthorized access, the act itself that leads to unauthorized access is prohibited.

If you engage in either of these acts, you may be sentenced to imprisonment for up to one year or fined up to 500,000 yen.

What is the Unlawful Request for the Input of Someone Else’s Identification Code?

The act of unlawfully requesting the input of someone else’s identification code (ID and password) is commonly known as “phishing”. Phishing is a method where the perpetrator sends emails pretending to be an online shopping site or financial institution, lures the victim to a fake site that closely resembles the real one, and makes them enter personal information such as IDs, passwords, and credit card information. The English term “phishing” is a coined word combining “fishing” (to fish) and “sophisticated” (refined method).

Even if you do not make the victim enter personal information, the act of setting up a fake site itself is considered phishing and is subject to regulation.

If you engage in phishing, you may be sentenced to imprisonment for up to one year or fined up to 500,000 yen.

Duties of the Access Administrator

Under the Unauthorized Computer Access Law, administrators of servers and the like (access administrators) are required to take defensive measures to prevent unauthorized access (Article 8).

Administrators are obligated to take measures to prevent unauthorized access, such as “properly managing identification codes”, “constantly verifying the effectiveness of access control functions”, and “enhancing access control functions as necessary”. However, these three are obligations of effort, so there are no penalties for violating these obligations.

Examples of Violations of the Japanese Unauthorised Access Prohibition Law

Among cybercrimes, cases that fall under the violation of the Japanese Unauthorised Access Prohibition Law are on the rise. This trend is thought to be due to the widespread use of not only PCs but also smartphones, and the increase in financial transactions on the internet, such as internet banking and smartphone payments (like PayPay).

News reports of personal information leaks and unauthorized logins to SNS accounts due to cyber attacks are daily occurrences. Some cases even result in significant damages. What kind of incidents fall under the violation of the Japanese Unauthorised Access Prohibition Law?

Below, we introduce some specific cases.

Game Account Hijacking

A 23-year-old company employee was arrested by the Saitama Prefectural Police on suspicion of misappropriation of lost property and violation of the Japanese Unauthorised Access Prohibition Law for allegedly hijacking someone else’s smartphone game account.

The man is suspected of taking a smartphone that the victim had left behind, launching the installed smartphone game, and transferring the data to his own smartphone.

Unauthorized Login to Facebook

A 29-year-old company employee was arrested by the Tokyo Metropolitan Police Department’s Cybercrime Countermeasures Division on suspicion of violating the Japanese Unauthorised Access Prohibition Law for allegedly logging into the Facebook accounts of celebrities and others without authorization.

The suspect is believed to have logged into the Facebook and iCloud accounts of celebrities and ordinary people without authorization. He is said to have guessed the ID and password based on information such as birth dates, logged in, and downloaded the stored photos to his own PC.

Approximately 257,000 private photos, which should only be viewable by the celebrities themselves, were reportedly stored on the suspect’s PC. It seems that he was not only looking at the images but also browsing through contact lists without permission.

Unauthorized Access to Auction Site

The Kanagawa Prefectural Police Cybercrime Countermeasures Division and Minami Station arrested a 19-year-old boy on suspicion of violating the Japanese Unauthorised Access Prohibition Law and the

Japanese Private Electromagnetic Record Fraud and Supply Law. The boy is suspected of illegally logging into an auction site using someone else’s ID and password from his home PC and changing the email address and shipping destination.

The boy reportedly stated, “The ID and password were posted on an online bulletin board. I logged in illegally more than 50 times.” The police are investigating the possibility that the boy illegally obtained computer parts and other items on the auction site.

Unauthorized Intrusion into Workplace Server

A prefectural employee was sent to the Nagasaki District Prosecutor’s Office on suspicion of violating the Japanese Unauthorised Access Prohibition Law for unauthorized intrusion into the Nagasaki Prefectural Government’s server by inputting multiple colleagues’ IDs and passwords without permission.

The prefectural employee is said to have intruded into the server using his colleagues’ IDs and passwords and peeked at their work content. The number of unauthorized accesses by this prefectural employee is believed to have reached tens of thousands, and the number of downloaded files is believed to exceed one million. However, it is reported that no information leakage to the outside has been confirmed.

Credit Card Information Leak due to Unauthorized Access

It was found that a sports goods mail-order site was subjected to unauthorized access, and there is a possibility that customer credit card information has been leaked.

According to the site operator, the credit card information of customers who purchased products using the site has been leaked, and some of the card information may have been used fraudulently. The site operator explains that the cause of the unauthorized access was a vulnerability in the system, and the payment application was tampered with.

Unauthorized Login to Smartphone Payment System

In the case of unauthorized access to a smartphone payment system, the Fukuoka Prefectural Police arrested two men on suspicion of violating the Japanese Unauthorised Access Prohibition Law and fraud. The suspects are believed to have illegally logged into the smartphone payment system using someone else’s ID and password and bought about 190 items (worth about 95,000 yen) such as electronic cigarette cartridges at a convenience store.

Although the victim’s smartphone payment originally had 5,000 yen deposited, it was found that an additional 90,000 yen had been deposited from the man’s credit card.

This smartphone payment system has suffered many other cases of unauthorized access and unauthorized use. The number of victims identified by the end of July 2019 (Heisei 31) was about 800, and the total amount of damage was about 38.6 million yen. The service was discontinued in September 2019 (Reiwa 1).

Summary: Details and Violation Examples of the Japanese Act on Prohibition of Unauthorized Computer Access

Anyone who uses the internet, whether as an individual or a business, is potentially vulnerable to damage caused by unauthorized access. The damage can take many forms, including unauthorized logins to social networking sites, leakage of personal information, and fraudulent use of smartphone payments or credit cards, and in some cases, the amount of damage can be substantial.

If you suffer damage due to a violation of the Japanese Unauthorized Computer Access Prohibition Law, you can file a criminal complaint or a claim for damages based on the Civil Code. However, both procedures require advanced expertise, so it is recommended to consult with a lawyer who is well-versed in unauthorized access issues.

Managing Attorney: Toki Kawase

The Editor in Chief: Managing Attorney: Toki Kawase

An expert in IT-related legal affairs in Japan who established MONOLITH LAW OFFICE and serves as its managing attorney. Formerly an IT engineer, he has been involved in the management of IT companies. Served as legal counsel to more than 100 companies, ranging from top-tier organizations to seed-stage Startups.

Category: IT

Tag:

Related Articles

Crimes such as Threats and Incitement to Suicide on LINE

Crimes such as Threats and Incitement to Suicide on LINE

IT

Guidelines for AI Use Contracts in Japan: Ensuring Smooth Contractual Relations

Guidelines for AI Use Contracts in Japan: Ensuring Smooth Contractual Relations

IT

Definition of Open Source Software (OSS) and Points to Note Under Copyright Law?

Definition of Open Source Software (OSS) and Points to Note Under Copyright Law?

IT

Differences and Pros and Cons between Prime Contractors and Subcontractors in System Development

Differences and Pros and Cons between Prime Contractors and Subcontractors in System Development

IT

Understanding Crypto Asset Mining: A Guide for Investors and Business Owners

Understanding Crypto Asset Mining: A Guide for Investors and Business Owners

IT

The Importance of

The Importance of "User Protection" for Crypto Assets Exchange Service Providers

IT

Registration and Utilization of Google My Business

Registration and Utilization of Google My Business

IT

What Are the Key Considerations Regarding the Relationship Between Generative AI and Copyright?

What Are the Key Considerations Regarding the Relationship Between Generative AI and Copyright?

IT

What are the Regulations of the 'Japanese Act on Prevention of Transfer of Criminal Proceeds' in Non-Face-to-Face Transactions such as Receiving Mail?

What are the Regulations of the 'Japanese Act on Prevention of Transfer of Criminal Proceeds' in.

IT


tag

Advertisement Review AI (ChatGPT AI (ChatGPT, etc.) Contract Drafting and Review Cross-border Crypto Assets and Blockchains Cybercrime etc.) General Corporate General Corporate Contract Drafting and Review ID of the Defamatory Statement Internet Internet Mitigating Reputational Damage IPO IT Legal Support for VTuber Legal Support for YouTuber M&A M&A of SNS Accounts Mitigating Reputational Damage Personal Information Protection System Development Terms of Use

Weekly Popular Articles

Return to Top