Keep Malware on Your PC, Get Jailed?!


« Make the Web Safer, Get $10,000 | Main | Move Over Tom Clancy...A Real World Thriller: Stuxnet »

07/26/2011



Keep Malware on Your PC, Get Jailed?!

Kevin R. Smith
Co-Editor




In what sounds too hard to believe to be true, Japanese police have arrested their first victim suspect in the controversial Japanese anti-malware law.
The revised Penal Code... bans storage of a computer virus for the purpose of infecting other computers. Violators can be sentenced to a maximum of two years in prison or fined up to 300,000 yen.
Now, let's think this through here.

There are really four types of people that fall into this category:
  1. malware writers
  2. malware distributors
  3. malware researchers
  4. malware infected
Clearly, those folks that fall into the first two categories are up to no good, but what about those of us the fall into the third category? Legitimate researchers like we are?

And, what about the average individual or business owner whose computer(s) have been infected by a virus or other malware and whose computer(s) are now infecting others without their knowledge.

I'm not talking about someone claiming they had no knowledge of something when in fact they did; nor am I talking about someone who's claiming ignorance of the law.

I'm talking about someone like your brother, sister, uncle, aunt, father, mother... like YOU. Your computer is infected, and you don't know it. Now your PC is infecting other people's PCs.

Where does someone like this end up in the eyes of the law?

For those of you out there who're smugly thinking, "Pffft... I'd know if my computer we're infected. Pfft... These people are stupid."

You sure about that, smart guy? So sure you're willing to bet the next two or three years of your life on it? Literally?

As for researchers like us, we here, obviously, store malware explicitly for the purpose of infecting other computers. Granted in our case it's only our own computers we're infecting, but regardless, this law really seems good intent that's terribly misplaced and extremely easy to get around for someone who's arrested under its provisions.

Here are several possible scenarios, all of which start with, "Yes, your honor, I did have this malware on my computer, and...
  • "I've been trying to get rid of it, and it keeps coming back."
  • "I didn't even know it was there."
  • "Many people use my computer. It could belong to any number of people, it certainly wasn't mine.
  • "I'm an antivirus researcher. How else do I do my job without real viruses on my computer?"
How stiff are the penalties?

According to a piece at TheNextWeb on the Japanese antivirus legislation,
the legislation makes the creation or distribution of a computer virus without a reasonable cause punishable by up to three years in prison or 500,000 yen in fines, and the acquisition or storage of one punishable by up to two years in prison or 300,000 yen in fines.
Create or distribute a virus: 3 years or 500,000 yen (about $6,500 USD).
Store a virus: 2 years or 300,000 yen (about $4,000 USD).

There are so many crappy things to this law I don't know where to begin.

So many people who've had their computers infected by malware--particularly a worm or trojan spambot--may be infecting other computers without their knowledge.

And, what about those people who aren't running antivirus software when their PCs get infected?

What about someone who knows their PC is infected but who can't get rid of the infection while it propagates to infecting other PCs on its own.

Rationally, we may say to ourselves, "Oh, but c'mon, they can't be jailed for that!"

Would you be willing to stake the next two or three years of your life on that assumption?

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.