Opinion Requesting Careful Deliberation and Other Considerations on the So-called Active Cyber Defense Bill
April 17, 2025
Japan Federation of Bar Associations
The Japan Federation of Bar Associations (the "JFBA") compiled its "Opinion Requesting Careful Deliberation and Other Considerations on the So-called Active Cyber Defense Bill" dated April 17, 2025, and submitted it on April 18, 2025 to the Prime Minister, the Chairman of the House of Councillors Committee on Cabinet, and the President of the House of Councilors.
Summary of Opinion
1. With regard to establishing a mechanism to use certain information on communications through the Bill on Preventing Damage Caused by Unauthorized Acts against Critical Computers, the JFBA requests that the Diet carefully discuss the Bill from the perspective of whether such a mechanism violates the secrecy of communications. At the very least, the JFBA requests the following points (a) to (c) be implemented.
(a) Require a high degree of necessity, unavoidability and appropriateness that is sufficient to justify using information on communications provided based on an agreement between the Prime Minister and an entity designated as an operator of a critical infrastructure.
(b) Establish a requirement that "it is extremely difficult to prevent damage through other preventative measures" for taking External-External Communication Purpose Transmission Measures (cybersecurity measures taking information in Japan from data transmissions between two foreign entities).
(c) Clarify that information on communications automatically selected (after being obtained based on an agreement set forth in the above (a) or External-External Communication Purpose Transmission Measures) cannot be used for criminal investigations.
2. With regard to specifying the measures to access and neutralize cyber threats (measures by which the police or the Self-Defense Forces accesses servers and other tools to be used for a cyber-attack in advance and neutralize them so that they cannot be used in such attacks) in the Police Duties Execution Act and the Self-Defense Forces Act under the Act Prescribing Adjustments to the Relevant Acts to Coordinate with the Enforcement of the Act on Preventing Damage Caused by Unauthorized Acts against Critical Computers, the JFBA requests that the Diet carefully discuss the measures from the perspective of whether the system is designed in a way that fulfills the requirements of necessity under international law to avoid infringing on the sovereignty of other countries. As a bare minimum, the JFBA requests the following requirements (a) to (c) to be fulfilled regarding the measures to access and neutralize cyber threats.
(a) There is temporal urgency (imminency).
(b) There are no other reasonable means available (sole means).
(c) The vital interests of another country will not be seriously impaired.