Act on Prohibition of Unauthorized Computer Access


Published: 2013

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
´╗┐Act on Prohibition of Unauthorized Computer Access

(Purpose)

Article 1 The purpose of this Act is to prevent computer-related crimes committed via telecommunications lines and maintain telecommunications-related order as realized by means of Access Control Features by prohibiting acts of unauthorized computer access and stipulating penalties therefor and assistance measures to be taken by Prefectural Public Safety Commissions to prevent the recurrence of such acts, thereby contributing to the sound development of an advanced information and telecommunications society.

(Definitions)

Article 2 (1) The term "Access Administrator" as used in this Act means a person who manages the operation of a computer connected to a telecommunications line (hereinafter referred to as a "Specified Computer") in relation to its use (limited to the kind realized via the telecommunications line concerned, hereinafter referred to as "Specified Use").

(2) The term "Identification Code" as used in this Act means a code allocated to a person who, with regard to the Specified Use of a Specified Computer, has been granted permission from the Access Administrator with authority over said Specified Use (hereinafter referred to as an "Authorized User") or the actual Access Administrator (hereafter in this paragraph referred to as an "Authorized User, etc.") so as to enable the Access Administrator concerned to identify this particular Authorized User, etc. as distinguished from all other Authorized Users, etc. In concrete terms, an Identification Code may be any of the following or a combination of any of the following and another code:

(i) A code the content of which must not, according to the instructions of the Access Administrator concerned, be revealed to a third party without reason

(ii) A code that has been generated from an image of the whole or a part of the body of the Authorized User, etc. concerned or said user's voice using a method specified by the Access Administrator concerned

(iii) A code that has been generated from the signature of the Authorized User, etc. concerned using a method specified by the Access Administrator concerned

(3) The term "Access Control Feature" as used in this Act means a feature that has been added to a Specified Computer subject to Specified Use or another Specified Computer connected thereto via a telecommunications line by the Access Administrator with authority over the Specified Use of the Specified Computer concerned to automatically control said Specified Use. An Access Control Feature is to be designed to remove all or part of the restrictions imposed on said Specified Use upon confirming that a code input into the Specified Computer associated therewith by a person wishing to engage in said Specified Use is identical to the identification code associated with said Specified Use (including a combination of a code generated from the identification code using a method specified by the Access Administrator concerned and a part of the identification code concerned; the same applies in items (i) and (ii) of the following paragraph).

(4) The term "Act of Unauthorized Computer Access" as used in this Act means any of the following acts:

(i) An act of rendering a Specified Computer with an Access Control Feature available for Specified Use that is subject to restrictions imposed by the Access Control Feature concerned by inputting someone else's identification code associated with the Access Control Feature concerned via a telecommunications line and thus operating the Specified Computer concerned (excluding such an act engaged in by the Access Administrator who has added the Access Control Feature concerned and such an act engaged in upon obtaining permission from the Access Administrator concerned or the Authorized User to whom the identification code concerned belongs)

(ii) An act of rendering a Specified Computer with an Access Control Feature available for Specified Use that is subject to restrictions imposed by the Access Control Feature concerned by inputting any information (excluding an identification code) or command suitable for evading the restrictions on said Specified Use via a telecommunications line and thus operating the Specified Computer concerned (excluding such an act engaged in by the Access Administrator who has added the Access Control Feature concerned and such an act engaged in upon obtaining permission from the Access Administrator concerned; the same applies in the following item)

(iii) An act of rendering a Specified Computer available for Specified Use that is subject to restrictions imposed by the Access Control Feature of another Specified Computer connected thereto via a telecommunications line by inputting any information or command suitable for evading said restrictions into said other Specified Computer via a telecommunications line and thus operating the Specified Computer concerned

(Prohibition of Acts of Unauthorized Computer Access)

Article 3 It is prohibited for any person to engage in an Act of Unauthorized Computer Access.

(Prohibition of Acts of Obtaining Someone Else's Identification Code)

Article 4 It is prohibited for any person to obtain someone else's identification code associated with an Access Control Feature for the purpose of engaging in an Act of Unauthorized Computer Access (limited to the kind specified in Article 2, paragraph (4), item (i); the same applies in Article 6 and Article 12, item (ii)).

(Prohibition of Acts of Facilitating Unauthorized Computer Access)

Article 5 It is prohibited for any person, unless there are justifiable grounds for refusing to do so or any other legitimate reason therefor, to supply someone else's identification code associated with an Access Control Feature to a person other than the Access Administrator associated with the Access Control Feature concerned and the Authorized User to whom the identification code concerned belongs.

(Prohibition of Acts of Wrongfully Storing Someone Else's Identification Code)

Article 6 It is prohibited for any person to store someone else's identification code associated with an Access Control Feature that has been wrongfully obtained for the purpose of engaging in an Act of Unauthorized Computer Access.

(Prohibition of Acts of Illicitly Requesting the Input of Identification Codes)

Article 7 It is prohibited for any person to engage in any of the acts listed below by impersonating an Access Administrator who has added an Access Control Feature to a Specified Computer or otherwise creating a false impression of being the Access Administrator concerned. However, this does not apply if permission has been obtained from the Access Administrator concerned.

(i) An act of leaving the following information accessible to the general public via automatic public transmission carried out through connection to a telecommunications line (the kind designed for on-demand activation and direct reception by the general public, excluding broadcasting or cable broadcasting): information purporting to be the Access Administrator concerned requesting an Authorized User who has been allocated an identification code associated with the Access Control Feature concerned to input the identification code concerned into a Specified Computer

(ii) An act of transmitting the following information to the Authorized User concerned via an email (an email as specified in Article 2, item (i), of the Act on Regulation of Transmission of Specified Electronic Mail (Act No. 26 of 2002)): information purporting to be from the Access Administrator concerned requesting an Authorized User who has been allocated an identification code associated with the Access Control Feature concerned to input the identification code concerned into a Specified Computer

(Protective Measures by an Access Administrator)

Article 8 An Access Administrator who has added an Access Control Feature to a Specified Computer is to endeavor to properly manage identification codes associated with the Access Control Feature concerned or codes used to confirm them via the Access Control Feature concerned, and is to always verify the effectiveness of the Access Control Feature concerned and endeavor to promptly take appropriate measures to protect the Specified Computer concerned from acts of unauthorized computer access, such as enhancement of the function of the Access Control Feature concerned, whenever deemed necessary.

(Assistance, etc. by Prefectural Public Safety Commissions)

Article 9 (1) In the event of recognizing the occurrence of an Act of Unauthorized Computer Access, a Prefectural Public Safety Commission (an Area Public Safety Commission in the case of an area in Hokkaido that does not fall under the jurisdiction of the Hokkaido Prefectural Police Headquarters (as specified in the main clause of Article 51, paragraph (1), of the Police Act (Act No.162 of 1954); the same applies hereafter in this paragraph); the same applies hereafter in this article) is to provide the Access Administrator associated with the Specified Computer that has been exposed to unauthorized access with appropriate assistance, including advice, guidance and supply of relevant data, so as to enable said administrator to take any necessary emergency measures to protect the Specified Computer concerned from further acts of unauthorized access according to the modus operandi or cause of the act of unauthorized access concerned. This is on the condition that the Access Administrator concerned has requested assistance by submitting any documents and other materials useful in ascertaining the operational and management status of the Specified Computer concerned at the time of the act of unauthorized access concerned and other circumstances to prevent the recurrence of similar acts, and that such a request is deemed reasonable.

(2) A Prefectural Public Safety Commission may entrust the whole or a part of the work involved in the implementation of the case analysis needed to provide the assistance prescribed in the preceding paragraph (encompassing a technical investigation and analysis of the modus operandi and cause of the Act of Unauthorized Computer Access for which the assistance concerned has been sought and other matters; the same applies in the following paragraph) to a person to be specified in the Rules of National Public Safety Commission.

(3) Any person who has engaged in the work involved in the implementation of the case analysis entrusted by a Prefectural Public Safety Commission pursuant to the provision of the preceding paragraph may not divulge any secrets that said person has become privy to through this work.

(4) Any necessary matters in connection with the assistance prescribed in paragraph (1), in addition to what is provided for in the preceding three paragraphs, will be prescribed by the Rules of Nationa1 Public Safety Commission.

(5) In addition to what is provided for in paragraph (1), a Prefectural Public Safety Commission must endeavor to raise awareness and spread knowledge about the protection of Specified Computers with an Access Control Feature from Acts of Unauthorized Computer Access.

Article 10 (1) To help protect Specified Computers with an Access Control Feature from acts of unauthorized computer access, the National Public Safety Commission, Minister for Internal Affairs and Telecommunications, and Minister of Economy, Trade and Industry are to publicize the status of the occurrence of acts of unauthorized computer access and progress of research and development on technology relating to Access Control Features at least once a year.

(2) To help protect Specified Computers with an Access Control Feature from Acts of Unauthorized Computer Access, the National Public Safety Commission, Minister for Internal Affairs and Telecommunications, and Minister of Economy, Trade and Industry must endeavor to assist any organizations formed by persons who engage in business activities geared towards the enhancement of Access Control Features for the purpose of assisting in measures taken by Access Administrators who have added Access Control Features to Specified Computers pursuant to the provisions of Article 8 through the supply of the necessary information and so on, provided that they are deemed to be capable of providing such assistance appropriately and effectively.

(3) In addition to what is provided for in the preceding two paragraphs, the National Government must endeavor to raise awareness and spread knowledge about the protection of Specified Computers with an Access Control Feature from Acts of Unauthorized Computer Access.

(Penal provisions)

Article 11 Any person who has violated the provisions of Article 3 shall be punished by imprisonment with work for not more than three years or a fine of not more than 1 million yen.

Article 12 Any person who falls under any of the following items shall be punished by imprisonment with work for not more than one year or a fine of not more than 500,000 yen.

(i) A person who has violated the provisions of Article 4

(ii) A person who has supplied the identification code of another person in violation of the provisions of Article 5 despite knowing that the recipient intends to use it for an Act of Unauthorized Computer Access

(iii) A person who has violated the provisions of Article 6

(iv) A person who has violated the provisions of Article 7

(v) A person who has violated the provisions of paragraph (3) of Article 9

Article 13 Any person who has violated the provisions of Article 5 (excluding a person specified in item (ii) of the preceding article) shall be punished by a fine of not more than 300,000 yen.

Article 14 The offenses specified in Article 11 and Article 12, items (i) to (iii), are governed by the provisions of Article 4-2, of the Penal Code (Act No.45 of 1907).