Yesterday, the National Information Security Center (NISC) at the Japanese Cabinet Secretariat officially published a proposal document that recommends next strategies for Japanese cybersecurity law and policy.
http://www.nisc.go.jp/conference/seisaku/
http://www.nisc.go.jp/conference/seisaku/dai34/pdf/34shiryou0101.pdf
　
This document contains topics as below;
　

• Enabling to scan and block e-mails that is suspected to contain malware or other message with harmful intent
• Legislating new law that requires ISPs of long term retention and preservation of all communication datas (Japanese version of the EU's Data Retention Directive, 2006/24/EC)
• Establishing a new cyber defense force under the Self-Defense Force

　
As a matter of course, the most important agenda is balancing privacy (secrecy of communication) and scanning/retaining communications. Under the Japanese Constitutional Law that became effective in 1947 and the other related privacy protection laws, the meaning of “secrecy of communication” is very broad. The latter article 21(2) of the Constitutional Law says that “No censorship shall be maintained, nor shall the secrecy of any means of communication be violated”.
　
The meaning of the word “communication” is interpreted as containing not only communication content itself, but also communication data by court and government (e.g.; government’s official commentary of Telecommunication Law of 1984 article 4). Even if the purpose is cyber security, government or ISP can’t scan or brock them without strongly clear and comprehensive consent of customers or other legitimate reason. How to amend or change the interpretation of secrecy of communication is very important topic in Japanese legal scholars in these years, in the context of blocking unlawful information including copyright infringement, child porn, and other harmful content.
　
In the 2011 amendment of the Japanese Criminal Procedure Law (article 197) that has made for the purpose of ratifying the Convention on Cybercrime, limited preservation of communication data by request from relevant authority has been newly approved. The provision accredits the government authority to request ISPs to keep their customer’s communications data in at most 30 days in case of specific criminal activities is detected without the court’s warrant. Some Japanese legal scholars criticize it from the viewpoint of privacy and secrecy of communication. The NISC's new strategy goes beyond it.
　
I will make a presentation that deals with this topic, especially how to solve the cybersecurity trade-off problems at the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Workshop on Systems Resilience (Budapest/Hungary) in next month.
http://systemsresilience.org/wsr2013/wsr2013.html
And I'm preparing an article that forcuses on scanning and blocking communications in case of emergency, with analyzing 2,000 samples questionnaire data. That will be written in English.