What is a 'Sender Information Disclosure Request'? A Lawyer Explains the Procedure and Points to Note

When you are defamed online, you may want to identify the person who posted the defamatory content and seek claim for damages. But how can you actually identify the poster?

There is a system called the “sender information disclosure request,” which allows you to request information about the person who made the illegal post from administrators or providers of online bulletin boards, social networking sites, etc. In this article, we will explain how to make a sender information disclosure request and the process involved.

Furthermore, due to a legal amendment in October 2022, a new procedure has been established that allows for faster disclosure requests than before. We will also explain this in detail.

What is a Sender Information Disclosure Request?

A Sender Information Disclosure Request is a system that allows you to request the disclosure of information such as the address, name, and telephone number of a sender who has committed defamation or illegal postings against others on the Internet, from the operators of bulletin boards, blogs, and providers (Japanese Provider Liability Limitation Act, Articles 5 to 7).

When initiating a lawsuit seeking damages from the poster, personal information such as the person’s name and address is required. However, most of the defamation on the Internet is done anonymously, and it has been very difficult to identify the person who posted it, which has been a major issue for victim recovery measures until now.

The information subject to a Sender Information Disclosure Request is as follows:

• Sender’s name
• Sender’s address
• Sender’s email address and IP address
• Sender’s IP address / Port number combined with IP address
• Mobile terminal’s Internet connection service user identification number
• User identification code
• SIM card identification number
• Sending date and time (timestamp)

What is the Provider Liability Limitation Act?

The Provider Liability Limitation Act is a law that limits the liability for damages that administrators of websites or electronic bulletin boards, and providers should bear when defamation, copyright infringement, privacy infringement, etc. occur due to information disseminated or exchanged on the Internet.

The formal name is “Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers and the Disclosure of Sender Information,” which was enforced from May 2002 (Heisei 14) and significantly revised in October 2022 (Reiwa 4).

Reference: Response to Illegal and Harmful Information on the Internet (Ministry of Internal Affairs and Communications HP)

The major points of the revision are as follows:

• Review of the disclosure range by establishing procedures and requirements for disclosure related to login-type posts
• Establishment of a new judicial procedure for the disclosure of sender information

With the spread of new services such as SNS and smartphones, which were not anticipated at the time of the enactment of the Provider Liability Limitation Act in 2001 (Heisei 13), anyone can easily post on the Internet, and the limitations of disclosure requests under the old Provider Liability Limitation Act have been pointed out.

In recent years, there have been posts on so-called “login-type” SNS such as Twitter, YouTube comments, Instagram, etc., which are rampant with defamation. In the login type, only the IP address at the time of login is saved, and in many cases, the IP address at the time of posting is not saved, and it is possible to log in simultaneously on multiple devices such as smartphones and computers. Under the old law, there were many cases where disclosure requests were not granted because it was not possible to identify the access provider (which will be explained later in detail) used when making a post that infringed on rights.

In the revised law, it is recognized that login-type posts are also subject to information disclosure requests, and it is stipulated that not only the access provider used when making a post that infringes on rights, but also the access provider used at the time of login can be positioned as the other party to the disclosure request (Revised Provider Liability Limitation Act Article 5, Paragraphs 1 and 2. Establishment of the right to request the disclosure of specific sender information).

In addition, as the establishment of a new judicial procedure, in addition to the conventional out-of-court, civil preservation and litigation rights exercise, a new non-litigation type procedure called “sender information disclosure order case” has been established. As a result, the “two-stage” sender information disclosure procedure is combined into a “unified” procedure, which may result in faster information disclosure compared to the conventional procedure.

Reference: Overview of the Law to Amend Part of the Ministry of Internal Affairs and Communications Provider Liability Limitation Act

Sender Information Disclosure Requests and Providers

Generally, the term “provider” refers to internet connection companies like NTT. However, the term “provider” in the “Japanese Provider Liability Limitation Act” is defined to broadly include not only internet connection companies, but also administrators of electronic bulletin boards (BBS). There are two types of providers: “content providers” and “access providers (ISPs)”.

Content Providers

Content providers refer to companies that operate bulletin boards and blogs. For example, CyberAgent, which operates “Ameblo”, and Yahoo, which operates “Yahoo! Chiebukuro”, fall under this category. There are also sites like 2channel and 5channel, where it’s not immediately clear which company is operating them.

Access Providers (ISPs)

Access providers, or Internet Service Providers (ISPs), refer to internet connection companies. Examples include NTT East Japan, NTT Docomo, and Softbank. In general terms, this refers to “providers” in the case of fixed lines and “mobile carriers” in the case of mobile phone lines.

Procedure for Requesting Disclosure of Sender Information Prior to the Amendment

Below, we will explain the procedure for requesting the disclosure of sender information before the amendment to the Japanese Provider Liability Limitation Act. Prior to the amendment, as will be explained, it was necessary to go through multiple court proceedings to reach the point of information disclosure.

Requesting Disclosure of Sender Information to Content Providers (Out-of-Court)

The process of requesting the disclosure of sender information begins with asking the ‘content provider’ to disclose information such as IP addresses. In the case of bulletin boards or blogs, the site operators often do not know the names of the individuals who have posted defamatory comments, but they usually keep a record of the IP address (log) at the time of the post, especially if it is recent.

If the IP address is known, it is possible to identify the individual who made the post and determine the poster’s identity (although there are cases where this may not be possible). Content providers keep a record of the IP addresses of individuals who have posted on bulletin boards or blogs for a certain period of time.

To request the disclosure of sender information, you must submit a document called a ‘Request for Disclosure of Sender Information’ to the site operator (operating company). This request form can be filled out according to the template available on the Japanese Provider Liability Limitation Law related website, and sent by registered mail to the site operating company, along with an identification document. The request form must include the URL (address) of the site where the defamatory comments were posted, the name and address of the requester, and the reasons for requesting disclosure.

When a request for disclosure of sender information is made, the site administrator or provider will determine whether the requester’s claim meets the legal requirements, and decide whether to disclose or not disclose the sender information. There may be cases where the administrator voluntarily (without court proceedings) complies with the request for disclosure of the IP address, but if the administrator decides not to comply with the request unless a public judgment is made by the court, you will need to apply to the court for a provisional disposition of disclosure of sender information.

From the provider’s perspective, the person who made the post is a customer, and considering the protection of personal information, there are few cases where the provider voluntarily complies with the request for information disclosure. This is the current situation.

Filing a Provisional Disposition for Disclosure of Sender Information in Court

If a content provider does not comply with a voluntary information disclosure request, we use a civil preservation procedure called “provisional disposition” through the court, which is faster than a “lawsuit”. This is because in the case of sender information disclosure, “if the IP address is not disclosed promptly, it becomes impossible to identify the poster’s name and address”. The log where the sender’s IP address is recorded may be discarded in a short period of time, and the usual lawsuit procedure, which takes time, may be too late.

An “IP address” is information similar to an address on the Internet. Every machine connected to the Internet, such as home PCs and smartphones, has a unique “IP address”. Due to the structure of the Internet, a poster cannot communicate without an IP address. When a site is accessed or a post is made, the server records the poster’s “IP address” and the “timestamp” of the access time.

Typically, server administrators record IP addresses and timestamps, so in a provisional disposition or lawsuit, you will request them to disclose the IP address and timestamp of the person who made the illegal post.

Identifying the Internet Service Provider (ISP)

Once the IP address of the poster is identified, the next step is to identify the Internet Service Provider (ISP). An IP address, to be specific, is information like the following:

126.212.170.222

An IP address has a concept of ‘allocation’, which indicates ‘who manages this range to this range’. The above IP address is managed by SoftBank. Therefore, we can determine that the post was made by a SoftBank user.

Next, we will sue SoftBank.

The claim is to disclose the name and address of the person who was connected at this IP address at this time. Mobile carriers like SoftBank and fixed-line ISPs like Nifty collect the names and addresses of users at the time of contract, and also record logs of ‘which user was assigned with a certain IP address at a certain time’. Therefore, if you sue SoftBank and win, the name and address of the person who made the post will be disclosed. However, the problem here is the time limit.

The access records are extremely large. Mobile carriers record logs for tens of millions of people, and transit providers record logs for millions of people. Therefore, ISPs delete logs after a certain period of time. Mobile carriers keep records for about three months, and fixed-line ISPs keep records for about a year at most. Therefore, if you take time from the time posted to the filing of the lawsuit, the logs will disappear during that time.

Especially in the case of mobile carriers, this time limit is extremely important, as only about three months is left. For example, if you receive a request for a provisional disposition regarding a post one month ago, prepare documents and evidence in two weeks, file a provisional disposition against the site, and it takes two weeks because the other party also argues, and then receive disclosure of the IP address in one week, the remaining time is only about two weeks. If you spend extra time somewhere, you will not be able to identify the poster in time. Therefore, as explained next, a provisional disposition to prohibit deletion is generally also filed.

Filing a Provisional Disposition to Prohibit the Erasure of Sender Information by Access Providers

After receiving disclosure of sender information such as IP addresses and timestamps from content providers like site administrators, it becomes necessary to request the disclosure of the sender’s name and other details from the access provider. Under the traditional system, this procedure with the access provider generally requires a standard civil lawsuit.

Since the procedure for a standard civil lawsuit often takes several months to complete, it is necessary to file a provisional disposition to prohibit the erasure of sender information to ensure that the access logs kept by the access provider are not deleted and evidence is not lost during this period.

However, some access providers may allow you to request the preservation of access logs through voluntary negotiations outside of court, without using the procedure for a provisional disposition to prohibit the erasure of sender information.

Lawsuit for Disclosure of Sender Information

As a general rule, providers do not disclose sender information without the sender’s consent. Therefore, requests for disclosure of sender information are made through lawsuits. The main point of contention in the lawsuit is whether the content of the target post, etc., clearly infringes on the rights of the plaintiff (the person requesting disclosure).

Once the access log has been preserved, a lawsuit for the disclosure of sender information is filed against the access provider, requesting the disclosure of information about the sender, such as “address, name, email address”, etc.

Identifying the Sender through a Court Judgment

If the lawsuit is accepted, the court will issue a judgment ordering the access provider to disclose the name, address, email address, etc. of the subscriber who was used when posting the article.

Once the sender’s information is disclosed and the sender is identified, you then have options such as:

• Making them pledge not to defame in the future
• Claiming for damages
• Filing a criminal complaint

These are some of the choices available.

Thus, it is important to respond quickly if you are defamed online. If you consult with a lawyer who is knowledgeable about defamation measures, you can get a speedy response even in identifying the poster.

Procedure for Requesting Disclosure of Sender Information through the Newly Introduced Non-Litigation Procedure

So far, we have explained the conventional system. From here, we will explain the method of requesting disclosure of sender information through the non-litigation procedure, which was established by the amendment to the Provider Liability Limitation Law in Reiwa 4 (2022).

The non-litigation procedure is simpler than the usual litigation procedure and gives the court a wide discretion. Its features include:

• Unlike litigation procedures, it primarily takes the form of an examination, and arguments can be made outside of public courtrooms, unlike oral arguments in litigation procedures.
• The procedure is not publicly disclosed as a rule.
• Factual findings are at the discretion of the court, and are made in a simplified manner through a decision.
• Only one appeal is allowed as a rule for objections.

These are some of the features.

So, what changes have been brought about in the flow of sender information disclosure by the introduction of the non-litigation procedure? Let’s start by briefly explaining the flow of the procedure.

The Flow of Requesting Disclosure of Sender Information in the Non-Litigation Procedure

The flow of the new procedure for requesting disclosure of sender information introduced by the non-litigation procedure is as follows:

1. File a petition with the court for an order to disclose sender information to the content provider.
2. Along with 1, file a petition for an order to provide the name of the access provider held by the content provider.
3. Based on the information of the access provider obtained in 2, file a petition for an order to disclose sender information to the access provider and notify this to the content provider.
4. The content provider provides the sender information it holds to the access provider.
5. If the petition for a disclosure order is granted, information (IP address, sender’s name, address, etc.) is disclosed from the content provider and access provider.

At first glance, it may be difficult to understand what has significantly changed from the conventional procedure. Therefore, let’s take a closer look at what features it has and why it is effective for posts on SNS and other login-type platforms.

① File a petition with the court for an order to disclose sender information to the content provider

In the newly established procedure, you first need to file a petition with the content provider based on Article 8 of the Provider Liability Limitation Law. This are not any significant difference from the conventional procedure before the amendment.

② Along with ①, file a petition for an order to provide the name of the access provider held by the content provider.

With this amendment, it is now possible to request information from the access provider via the content provider within the same litigation procedure (Article 15, Paragraph 1, Item 1 of the Provider Liability Limitation Law). This request can be made simultaneously with the petition in ①, allowing the claimant to expect prompt provision of information.

③ Based on the information of the access provider obtained in ②, file a petition for an order to disclose sender information to the access provider and notify this to the content provider.

In the conventional procedure, after requesting disclosure from the content provider, it was necessary to make a new request for sender information disclosure to the access provider as a separate petition. However, in the new procedure established by this amendment, this petition can also be made in bulk within the same procedure, reducing the burden on the claimant.

In addition, in line with these procedures, it is possible to file a petition for an order to prohibit deletion (Article 16, Paragraph 1 of the same law) along with the petitions for disclosure orders in 1. and 3., and to issue an order to the content provider and access provider to prohibit the deletion of sender information. As a result, the preservation of logs related to infringing posts is ensured, making it possible to make more stable and effective disclosure requests.

④ The content provider provides the sender information it holds to the access provider.

In the conventional procedure, the obligation to provide such information was on the claimant side who filed the petition. However, since it is now possible to do this within the same procedure, the claimant can notify the content provider of the above, and the content provider can directly provide information to the access provider (Article 15, Paragraph 1, Item 2 of the Provider Liability Limitation Law).

⑤ If the petition for a disclosure order is granted, information (IP address, sender’s name, address, etc.) is disclosed from the content provider and access provider.

By following the above procedure and if the petition for a disclosure order is granted in court, information will be disclosed. How to respond based on this information is as mentioned in the first half of the article, “Obtaining a court judgment and identifying the sender“.

However, for login-type posts that have newly become subject to the new system, additional requirements (so-called supplementary requirements) have been added to the normal disclosure requirements in order to prevent abuse of requests due to simplification of procedures, protect the secrecy of communications, and prevent privacy infringement.

Conclusion: Consult a Lawyer for Sender Information Disclosure Requests

Just like the removal of defamatory articles, sender information disclosure requests require complex and specialized procedures, making it a highly specialized field. If there is a need to identify the poster, consulting with a lawyer who is knowledgeable about internet issues can lead to a smooth and speedy resolution.

Furthermore, identifying the perpetrator who made the post has a time limit. This is because the logs related to the perpetrator disappear after a certain period of time. We recommend consulting with a lawyer as early as possible.

Introduction to Our Firm’s Measures

Monolith Law Office is a legal office with extensive experience in both IT, particularly the internet, and law. In recent years, overlooking information related to reputational damage and slander spread on the internet can lead to serious harm. Our firm provides solutions for managing reputational damage and online crises.