Photo/Illutration Defense Minister Nobuo Kishi, right, attends a ceremony for presenting the flag of the Self-Defense Forces’ Cyber Defense Command in Tokyo in March. (Pool)

Cyberattacks on government institutions and key infrastructure facilities represent a serious threat to national security and people’s livelihoods.

The need to strengthen measures against cyberattacks is understandable. But such measures should not infringe on people’s rights guaranteed by the Constitution, such as privacy of communication.

There are concerns about an “active cyberdefense,” which the administration of Prime Minister Fumio Kishida has said Japan will introduce.

No ample explanations have yet been given on the approach, including on its risks. The government should not press ahead with the plan in a slapdash manner.

The three key national security documents, which were revised late last year, state expressly that the government will establish systems to implement an active cyberdefense.

They say that Japan’s response capabilities in the field of cybersecurity “should be strengthened to levels equal to or surpassing those of leading Western countries.”

The government hopes that Japan will acquire the capabilities to block cyberattacks in advance instead of taking response measures only after damage has been caused.

The documents also spelled out plans to expand the number of Self-Defense Forces personnel in cyber-related units to about 4,000 and increase the total number of related personnel, including those who engage in associated duties, to approximately 20,000 by around fiscal 2027.

Experts say that “hybrid warfare,” which combines the use of conventional weapons with cyberattacks, information warfare, psychological warfare and other instruments, has become the mainstream of contemporary war.

The government believes that China, Russia and North Korea have been improving their cyber capabilities and Japan will be unable to defend itself if it adheres to a reactive approach.

This understanding provides the backdrop for the latest government move.

Active cyberdefenses have already been adopted by Western nations, which monitor cyberspace even in peacetime and analyze invasions into systems and networks as well as suspicious communications.

However, the approach always comes with the danger of possible infringements on personal information and privacy.

In the United States, the government came under fire for collecting reams of data on U.S. citizens’ communications under the pretext of counterterrorism. The USA Freedom Act was enacted in 2015 to restrict related government activities.

In Japan, Article 21 of the Constitution provides that privacy of communication should be protected. The Telecommunications Business Law sets penalties for business operators that violate the privacy of communication.

In addition, the Law on Prohibition of Unauthorized Computer Access bans access to data without the consent of the person who holds the right to use it.

Some government and ruling coalition officials are calling for discussions on possible legal amendments to exempt the SDF from the unauthorized computer access law and other legislation.

But priority should be given to dispelling public concerns about possible infringements on their rights.

The three national security documents called for authorizing the government to penetrate and neutralize an attacker’s servers in advance.

Still, it is often not easy to determine on the spot whether a cyberattack is a crime, an act of terrorism or an armed attack in nature and whether it is being waged by individuals or a national government.

It has also yet to be established internationally what constitutes an armed attack and at what stage a counterattack is justified.

The government should face up to the fact that a wrong response could prompt a serious confrontation or conflict between nations.

--The Asahi Shimbun, Jan. 29

Related News