ASCII.jp What is the interpretation and operation of virus sins "crazy"?

On the night of April 26, 2019, a seminar for IT engineers "Trends and Countermeasures for Unauthorized Directive Electromagnetic Records" hosted by the Japan Hacker Association was held in Shibuya, Tokyo (sponsored by IPA / Information Processing Promotion Organization).

The theme of this day, "Sin on the Defense Directors Electromagnetic Record" (so -called "virus crime") is a law created for the purpose of punishing, banning the creation and provision of computer viruses.。

しかし最近になって、「Coinhive（コインハイブ）事件」（自らのWebサイトに仮想通貨のマイニングスクリプトを組み込んだことで検挙された事案）、「アラートループ事件」（無限アラート事件、アラートダイアログが繰り返し表示されるWebページへのリンクを掲示板に貼ったことで検挙・補導された事案）、「Wizard Bible事件」（セキュリティ研究のためのWebマガジンが初歩的なリモートコマンド実行コードを掲載したことで管理者らが検挙された事案）など、ウイルス罪が問われた検挙が相次いでおり、同時にセキュリティ研究者やITエンジニアからはその“検挙範囲の曖昧さ”と拡大を懸念する声も高まっている。影響を懸念し、有志により行われてきたセキュリティ技術勉強会が休止する動きすら出ている。

Director of Information Legal Research Institute / Hiromitsu Takagi, Chief Researcher of Industrial Technology Research Institute

Takahiro Hirano, a lawyer in the second lawyer of the Electric Law Office, (see the first part article)

Following the lecture by Kei Hirano, a lawyer in charge of coinhive incident, in the first part of the article, Hiromitsu Takagi, director of the Institute of Information Legal (JILIS), was on stage in the second half of the seminar.From the reputation of the Yokohama District Court ruling sentence in the Coinhive case, the police and prosecutors in interpretation of the same crime in the coinhive case, entitled "What is the original range that should be charged?"He explained the impact on the BIBLE incident and the alleva loop incident, and the original scope intended at the time of legislation, and warned the current legal operation.

Mr. Takagi's commentary was detailed, so in this article, the summary will be excerpted.The seminar is live on YouTube and an archive video has been released, so please take a look.

JILIS Takagi: The situation over the virus crime is "I think it's going to go wrong."

Mr. Takagi first started a lecture on the current situation over the fraudulent electromagnetic recording, saying, "Isn't it going wrong?"First, we will explain the points of the case where the COINHIVE case, which was acquitted in March this year (then prosecutors, the prosecutor's appeal), explain the points of the case that are charged with the same crime and explain their views.

ここでは話の前提として、不正指令電磁的記録罪の条文（刑法168条の2および3）を確認しておきたい。なお条文中の「人の電子計算機における実行の用に供する」とは「第三者のコンピューターやスマートフォンで実行させる」、「電磁的記録」とは「コンピュータープログラム」という意味である。

(Creating an unauthorized electromagnetic recording, etc.) Article 168-2 For the purpose of execution in a human electronic computing machine, the following electromagnetic records and other records are prepared or provided.The person shall be imprisoned for three years or less or a fine of 500,000 yen or less.In addition to one person listed in the preceding item listed in the preceding item 2, which is an electromagnetic record that gives an unauthorized action that does not perform the operation in line with the intention when using an electronic calculator, or does the operation that should be contrary to the intention.Electromagnetic records described in (…… Omitted ……) (Acquisition of fraudulent electromagnetic records, etc.) Article 168-2 For the purpose of paragraph 1 of the preceding Article, each item of the same paragraph.Those who have acquired or stored the electromagnetic records listed in or shall be imprisoned for two years or less or fines of 300,000 yen or less.

The point is the interpretation of the word "action against intentions" and "illegal commands".Originally, it is a word for specifying viruses, troyes, worms, spyware, etc., but if these are interpreted more widely, programs that developers and providers do not consider it will be in the target range.There is a risk of entering.The interpretation of the article was also an issue in the coinhive case trial in the Yokohama District Court.

In the sentence, the defendant's coinhive installed on his website is determined to be a "unauthorized command" in the sense that it performs the operation that is contrary to the intention of the site viewer, but cannot be said to be an "illegal command."And he is innocent.

Mr. Takagi first said, "I think that if you evaluate in a word," I think that the "pros and cons" will not fall under the fraud commander. "Is explained.

What are the "pros and cons" by the Yokohama District Court?In the sentence, coinhive has a negative position that the site viewer's PC runs mining without the consent, but emphasizes the convenience of the site operator as a new means of recruiting.He acknowledges that there was a positive perspective.Mr. Takagi stated that the fact was that "there were pros and cons" from the time of the incident that the judge may not be a program that coinhive gave "illegal orders."

The sentence acknowledged that the internet user's opinion on Coinhive was "divided into pros and cons" (the same applies below Takagi).

But it's not as famous as Coinhive, for example, a completely new method / genre program shouldn't even have pros and cons.Therefore, it is not appropriate to rely on the pros and cons.How should it be drawn to whether or not it is more specific to the "illegal command"?

Takagi says in his opinion that "only those who do not want anyone to be used for execution" should be under the wrong command program.It is "" General Standards "in the world of law, that is, something that is common sense or average person who doesn't want to move this."It is a view that it should be limited to what causes the results.

"For example, a worm with self -propagation function, an exposure virus that causes information leakage, a smartphone app that steals the phonebook, an application that monitors GPS and LINE, and a cross -site requet for writing" blast notice "on a bulletin board -theseI don't want to move, it's dangerous and I don't want to touch it. On the other hand, Coinhive is not like that. There is no problem in trying it (stops when the browser is closed), just a little CPU is used.And just something that someone is making a little money. "

How to interpret the "illegal command" in the article, Mr. Takagi's opinion