By TAKURO CHIBA/ Staff Writer
January 31, 2025 at 14:57 JST
Minoru Kihara, chair of the LDP research commission on security, speaks at a joint party meeting on the active cyberdefense bill at LDP headquarters on Jan. 30. (Shun Suzuki)
The government is planning on heading off cyberattacks with a new system that will include allowing it to access communications data and take action against online threats.
A draft bill was submitted to the ruling Liberal Democratic Party on Jan. 30 for implementing an active cyberdefense. The proposal was approved by the LDP's policy division.
Under the proposed framework, the government can collect and analyze online communication data, allowing it to access attack-source servers and render them harmless.
With consideration for the secrecy of communication guaranteed by the Constitution, the bill includes the establishment of an independent body, the “cyber communications information oversight committee,” to monitor the government’s activities.
The government plans to approve the bill in a Cabinet meeting as early as next week and submit it to the ordinary Diet session.
The oversight committee will be set up as a highly independent “Article 3 Committee,” similar to the Nuclear Regulation Authority and Fair Trade Commission.
It will monitor the government activities and report them to the Diet.
The committee will have the authority to recommend corrections to the government agencies if improper activities are detected.
It will consist of five experts and individuals appointed by the prime minister with Diet approval.
The proposed framework would allow the police and Self-Defense Forces to access attack-source systems and render them harmless, but only with prior approval from the oversight committee.
For highly organized and strategic cyberattacks, the draft bill includes a provision that allows the prime minister to order the SDF to implement “communications protection measures.”
According to government sources, a joint operations center for the police and SDF will be established near the Defense Ministry in Tokyo’s Ichigaya district, to handle accessing attack-source systems and neutralize them.
The draft bill would require operators of critical infrastructure, including utilities, railways, telecommunications and finance entities, to report cyberattacks. It would also establish a new council for sharing cybersecurity information between the government and private entities.
According to government data, more than 99 percent of cyberattacks detected in Japan originate from overseas.
Under the new system, the government will collect two types of communications data: one is “foreign-to-foreign communications,” which originate abroad, pass through Japan and are transmitted to another country.
The other is “foreign-to-domestic and domestic-to-foreign communications,” referring to exchanges between Japan and other countries.
The collection of such data will require approval from the oversight committee.
The data collected by the government will be filtered automatically, without human involvement, and only nonessential communication data―such as IP addresses and timestamps―will be analyzed.
Email content and subject lines will not be analyzed and will be immediately deleted during the filtering process.
However, concerns about privacy violations remain strong.
Unauthorized use or leakage of communication data will be subject to criminal penalties, including up to four years of imprisonment.
A series based on diplomatic documents declassified by Japan’s Foreign Ministry
Here is a collection of first-hand accounts by “hibakusha” atomic bomb survivors.
A peek through the music industry’s curtain at the producers who harnessed social media to help their idols go global.
Cooking experts, chefs and others involved in the field of food introduce their special recipes intertwined with their paths in life.
A series about Japanese-Americans and their memories of World War II