In Japan, Using Copyright to Fight Computer Viruses
Masato Nakatsuji, the creator of a malicious computer virus, was recently convicted in Japan, not of creating a virus, but of copyright infringement, thereby putting into question the efficacy of laws available to fight such offences. The case should also raise questions in the international community about the adequacy of protection available against cybercrime in Japan, and prompt a closer look at the laws available elsewhere, including Canada.
Nakatsuji was alleged to have created a Trojan horse and then attached it to copyrighted animated images, which he illegally copied and distributed. The malware would then cheerfully display images of popular characters, while also erasing music and movie files from the victim’s computer. This copying and distribution made him, as a cyber-criminal, uniquely vulnerable to the sanctions of copyright law.
Nakatsuji received a suspended sentence of three years from the court, and the leniency of the sentence may be a reflection of the fact that the charge was copyright infringement, rather than another criminal offence. However, Nakatsuji also argued that the malware was meant to remove movies and music illegally downloaded from the Internet, in a self-proclaimed but ostensibly selfless act of law enforcement.
As have many jurisdictions, Japan has prohibited a range of computer-related activities. However, none of these legal channels was suitable in addressing the crime of creating and distributing malicious computer viruses, and the authorities were forced to turn to copyright law.
In Canada, the Criminal Code specifically targets the dissemination of computer viruses. Section 430(1.1) provides:
“Every one commits mischief who willfully
- destroys or alters data;
- renders data meaningless, useless or ineffective;
- obstructs, interrupts or interferes with the lawful use of data; or
- obstructs, interrupts or interferes with any person in the lawful use of data or denies access to data to any person who is entitled to access thereto.”
Although containing a criminal prohibition of some breadth and a potential prison sentence of up to 10 years, this may lack sufficient deterrent value, considering the enormity of the damage a computer virus is capable of causing. The section may not deter those who simply create viruses because it requires actual interference with data to be demonstrated. Furthermore, the provision appears to have been rarely used to prosecute the simple mischievous dissemination of viruses but, rather, has primarily been used against fraudulent activities. Finally, because of the cross-border nature of such offences, the absence of an international and specialized cybercrime law can be a significant barrier to enforcement.
Although the Masato Nakatsuji situation affirms the potentially wide applicability of copyright law, it may also serve as a reminder of complementary improvements required for a safe and efficient platform for e-commerce.
For a US newspaper report on the case, see:
For more information about cyber security in Canada, visit:
http://www.itac.ca/PolicyandAdvocacy/CyberSecurityandPrivacy.html
For English versions of the Japanese Penal Code and the Unauthorized Computer Access Law, see:
http://www.cas.go.jp/jp/seisaku/hourei/data/PC.pdf; or
http://www.npa.go.jp/cyber/english/legislation/ucalaw.html
Summary by: Lea Epstein
