Cybersecurity legal frameworks in Vietnam and Japan: A Comparative Analysis

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.02 MB, 65 trang )

(1)<div class='page_container' data-page=1>

i
VIETNAM NATIONAL UNIVERSITY, HANOI

VIETNAM JAPAN UNIVERSITY

VU PHUONG LINH

CYBERSECURITY LEGAL

FRAMEWORKS IN VIETNAM AND

JAPAN:

A COMPARATIVE ANALYSIS

MASTER’S THESIS

MASTER OF PUBLIC POLICY

</div>
(2)<div class='page_container' data-page=2>

ii
VIETNAM NATIONAL UNIVERSITY, HANOI

VIETNAM JAPAN UNIVERSITY

VU PHUONG LINH

CYBERSECURITY LEGAL

FRAMEWORKS IN VIETNAM AND

JAPAN:

A COMPARATIVE ANALYSIS

MAJOR: PUBLIC POLICY 
CODE: PILOT

RESEARCH SUPERVISORS: 
Associate Prof. KOBAYASHI TAKAAKI

Dr. BUI HAI THIEM

</div>
(3)<div class='page_container' data-page=3>

CONTENTS

LIST OF FIGURE ... iii

ACKNOWLEDGEMENTS ... iv

ABBREVIATION ... v

CHAPTER 1: INTRODUCTION ... 1

1.1. Overview: ... 1

1.2. Why choose this topic? ... 2

1.3. Definitions: ... 3

1.4. Purpose of the research: ... 6

1.5. Research questions: ... 6

1.6. Methodology: ... 6

1.7. Literature review: ... 6

1.8. Limitation of the research: ... 10

CHAPTER 2: COMPARISION BETWEEN VIETNAMESE AND JAPANESE
CYBERSECURITY LEGAL FRAMEWORKS ... 11

2.1. Japanese cybersecurity legal frameworks ... 11

2.1.1. Overview: ... 11

2.1.2. Characteristics of Japanese cybersecurity legal framework ... 12

2.2. Vietnamese cybersecurity legal framework ... 16

2.2.1. Overview: ... 16

2.2.2. Characteristics of Vietnamese cybersecurity legal framework ... 17

2.3. Similarities between Japanese and Vietnamese legal frameworks: ... 25

CHAPTER 3: EXPLANATION WHY THERE ARE DIFFERENCES BETWEEN
TWO LEGAL FRAMEWORKS ... 27

</div>
(4)<div class='page_container' data-page=4>

3.1.1. Situation in Japan: ... 27

3.1.2. History of modern law of Japan ... 29

3.1.3. The theory of “Rule of Law” ... 29

3.2. Background of Vietnam: ... 33

3.2.1. Situation about cybersecurity in Vietnam: ... 33

3.2.2. History of modern law in Vietnam: ... 36

3.2.3. Theory of Socialist state ruled of law ... 37

CHAPTER 4: THE EFFECTS FROM LEGAL FRAMEWORKS ... 41

4.1. The effects from Japanese cybersecurity legal framework ... 41

4.2. The effects from Vietnamese cybersecurity legal framework ... 45

CHAPTER 5: RECOMMENDATIONS AND CONCLUSION ... 49

5.1. Recommendations: ... 49

5.2. Conclusion: ... 52

</div>
(5)<div class='page_container' data-page=5>

iii

LIST OF FIGURE

</div>
(6)<div class='page_container' data-page=6>

ACKNOWLEDGEMENTS

From the bottom of my heart, I would like to thank my supervisors, Prof.
Kobayashi and Dr. Thiem, for their wonderful supports. Despite the fact that both of
them are very busy, they always try to spend their time to help and give me valuable
ideas. While Prof. Kobayashi has helped me with the methodology and made me
understand my research topic better, Dr Thiem has pointed out for me which
theories should I use in this thesis and give me advices to improve my paper.
Without their guidance, this thesis cannot be finished.

Next, I want to send my gratitude to Dr. Thuy Anh and Dr. Hoang Linh for
giving me helpful comments and supporting me mentally at VJU. I also want to
give my special thanks to all teachers and everyone at Tsukuba University,
especially the staffs at Global Initiative Office for their warmly welcome and
helping me with my internship in Japan. Through the internship, I had had the
opportunities to collect documents for this thesis and had time to understand Japan
better. Moreover, I would love to thanks all the teachers at VJU and our program
assistant, Mrs. Ha, for helping me with the procedure related to this thesis and other
works.

Last but not least, there are my family and my friends – all the people who has
supported me from the beginning until the end of this thesis. Thank you, for always
stay by my side and encourage me.

</div>
(7)<div class='page_container' data-page=7>

ABBREVIATION

AI: Artificial Intelligence

APT: Asia-Pacific Telecommunity
CII: Critical information infrastructure
IoT: Internet of things

NISC: National center of Incident readiness and Strategy for Cybersecurity
NSC: National Security Council (Japan)

</div>
(8)<div class='page_container' data-page=8>

CHAPTER 1: INTRODUCTION

1.1. Overview:

Nowadays, cybersecurity has become one of global issues since Internet has
been the center of many crucial activities of human beings due to its convenience,
including connecting with other people, online shopping, entertainment… and
collecting information. However, this environment is totally not safe as it seems:
The more people using Internet, the more of their private information will be put
onto it and this information can be used for cybercrime and malicious cyberattack,
threatening human rights and properties of the owners. The target could be any legal
person, from individuals to groups, organizations, and even government agencies.
Cybercrime are also creating more heavy damages than ever before: According to
the report from McAfee (2018) – One of worldwide security companies, the cost of
cybercrime in 2016 was $4.2 trillion; In the case of WannaCry ransomware attack
only in 2017, the losses could reach $4 billion with more than 100.000 groups over
150 countries had been affected (CBS News, 2017).

Consider the number of cyberattacks which increases sharply in these
decades, together with the awareness about the possible damages which cyberattack

can create, many governments have made their moves by built cybersecurity legal
framework, including Vietnam. On June 12th 2018, Vietnamese Cybersecurity Law

was officially passed with the approval of 423 Assembly members (86,86% of the
total members of the National Assembly), and has been enforced from January 1st

</div>
(9)<div class='page_container' data-page=9>

2
information which is considered as illegal, including: Against the Vietnamese
government, disturbing the public, national secrets... A large number of
organizations, groups and activists in Vietnam are also shown their concerns
regarding how the Cybersecurity Law will affect their activities in the future,
including UN Human Rights, American Chamber Commerce, and so on.

1.2. Why choose this topic?

a) Cyberspace is important to our current life:

With the increasing of Internet users and activities which are happening on
the cyberspace, it is clear that the cyberspace is becoming an inseparable part of our
life. According to Statista (2019), approximately 4.4 billion people were active
Internet users as of April 2019, encompassing 58% of the global population. In
some countries such as UAE, Iceland, Norway, Qatar… the online usage rate is
99% (Statista, 2019). Being able to store and exchange a massive amount of
information without limitation of time and space are also some of the strongest
characteristics of cyberspace. Over the last two years alone, 90 percent of the data
in the world was generated and each day, there are 2.5 quintillion bytes of data
created at our current pace (Marr B., 2018). Thanks to these amounts of information
and the speed of information flows, human being can connect to each other, despite
of distance and time, together with doing other activities such as online shopping,
mobile banking, studying through online classes and so on. Regarding the number

of possibility activities are increasing, the barrier between cyberspace and real space
is also become blur. This also means that the attacks come from cyberspace can also
create heavy damage in reality, with a larger scale and it is much harder to find out
the culprit. In order to prevent and keep the damage at minimum, governments have
been put many efforts in improving cybersecurity and building a cybersecurity legal
framework is one of them.

</div>
(10)<div class='page_container' data-page=10>

3
cybersecurity legal framework and Japanese cybersecurity legal framework
in particular:

While Vietnamese Cybersecurity Law was just passed last year and the
concept of cybersecurity still new to the people, Japan is the first country in G7
(including France, Germany, the U.S, England, Canada, Italy and Japan)
implemented “Basic Act on Cybersecurity” as a specific law for cybersecurity
(Kazuyasu S. and Masaya H., 2018). Therefore, Japan has had a long time in
implementing cybersecurity law than other countries. Moreover, Japan is also
well-known as a country with high technology, thus this country may have more
experiences about dealing with cyberattack.

1.3. Definitions:

In this paper, some inportant key terms will be applied definitions as below:
- Cybersecurity legal framework:

Legal framework can be understood as a set of specialized legal
regulations which manage same kind of social relations to ensure these
relations can work in unity and maintain the social order. Cybersecurity
legal framework is a set of specialized legal regulations manage relations
between all the stakeholders which are related to cybersecurity. This can

include the Constitution, Criminal Law, Cybersecurity Law and other
legal documents.

- Cybersecurity:

In order to point out what are the differences between two legal
frameworks, this paper will use two definitons of cybersecurity which are
mentioned in the main cybersecurity law of each system.

</div>
(11)<div class='page_container' data-page=11>

4
magnetic, or other means unrecognizable by natural perceptive 
functions (hereinafter in this section referred to as "Electronic or 
Magnetic Means"); and to guarantee the safety and reliability of 
information systems and information and telecommunications 
networks (including necessary preventive measures against malicious 
activities toward electronic computers through information network 
or storage media for information created by electronic or magnetic 
means (hereinafter referred to as "Electronic or Magnetic Storage 
Media")), and that those states are appropriately maintained”.

b) In the Cybersecurity Law in 2018 of Vietnam, the term “cybersecurity”
can be understood as “assurance that activities in cyberspace do not 
harm national security, public order, the lawful rights and interests of 
any organization or individual”

Similar to the term “cybersecurity”, other related terms such as cyberspace,
cyberattack and cybercrime will also use two definitions from both countries:

- Cyberspace and National cyberspace:

a) In the Cybersecurity Strategy in 2015 of Japan, cyberspace has been
defined as “an artificial domain for the free exchange of ideas without 
being constrained by national borders” and “an intangible frontier of 
infinite values generated by intellectual creations and innovations 
inspired by the ideas globally exchanged”.

</div>
(12)<div class='page_container' data-page=12>

5
Beside the definition of cyberspace, Vietnamese Cybersecurity Law also
mentions the term “national cyberspace”, which has been defined as “a 
cyberspace established, managed and controlled by the Government”. 
- Cyberattack:

a) In the Cybersecurity Law of Vietnam, “cyberattack” has been
explained as “the use of cyberspace, information technology or 
electronic devices to sabotage or interrupt the telecommunications 
network, the Internet, computer network, communication systems, 
information processing and control systems, databases or electronic 
devices”.

b) In Japan, while this terms is not defined in the cybersecurity law,
according to Japanese Ministry of Defense (n.d.), “cyberattack” can
be understood as “abuse of information and communications 
networks, information systems to make an unauthorized access, steal, 
falsify or destroy information, cause information systems to cease 
functioning or to malfunction, execute a malicious program or 
implement a DDoS attack (distributed denial of service attack) 
through cyberspace”.

- Cybercrime:

a) The term “cybercrime" has been defined as “a crime that involves the 
use of cyberspace, information technology or electronic devices as 
defined in Criminal Code” in Vietnamese Cybersecurity Law.

</div>
(13)<div class='page_container' data-page=13>

6
1.4. Purpose of the research:

This research purpose is to find out the differences between cybersecurity
legal frameworks in Japan and Vietnam and the reasons why they happen. From
that point, the author will find out the effects which caused by these two legal
structures and analyze what is the strong points and weaknesses from both
flameworks, and how to improve both of them.

1.5. Research questions:

- What are the differences between Vietnamese and Japanese cybersecurity
legal frameworks?

- Why these differences happen?

- What are the effects caused by these differences?
1.6. Methodology:

In this paper, comparative research method will be used to compare and
analyze Japanese and Vietnamese cybersecurity legal frameworks in general in
order to find out the differences and similarities between these frameworks. Later,
these characteristics will be explained base on the background information of each
country, the theory of Rule of Law – Separation of powers for Japan and the theory
of Socialist state ruled of law in the case of Vietnam. Through these explanation,
this thesis will show the advantages, disadvantages and effects of each legal

framework.

1.7. Literature review:

2. Cyberspace, cybersecurity, cyberattack and cybercrime:

</div>
(14)<div class='page_container' data-page=14>

7
For the definitions of “cybersecurity”, this paper will mention the definitions
which are used in Basic Act on Cybersecurity (2014 – Amended 2018) of Japan and
Cybersecurity Law (2018) of Vietnam. In the Basic Act on Cybersecurity,
“cybersecurity” has been defined as “the necessary measures that are needed to be 
taken to safely manage information, such as prevention against the leak, 
disappearance, or damage of information which is stored, sent, in transmission, or 
received by electronic, magnetic, or other means unrecognizable by natural 
perceptive functions (hereinafter in this section referred to as "Electronic or 
Magnetic Means"); and to guarantee the safety and reliability of information 
systems and information and telecommunications networks (including necessary 
preventive measures against malicious activities toward electronic computers 
through information network or storage media for information created by electronic 
or magnetic means (hereinafter referred to as "Electronic or Magnetic Storage 
Media")), and that those states are appropriately maintained” - which means 
Japanese government has seen cybersecurity in technical aspect while in the case of
Vietnam, the definition of “cybersecurity” is “assurance that activities in 
cyberspace do not harm national security, public order, the lawful rights and 
interests of any organization or individual”– which means Vietnamese government 
has seen cybersecurity in political and legal aspect. Outside of the term
“cybersecurity”, Vietnamese government also defined “cyberspace”, “cyberattack”,
and “cybercrime” in Cybersecurity Law, while Japan define these terms in different
documents: The definition of “cyberspace” can be found in Japan Cybersecurity
Strategy 2015, “cyberattack” was defined by Ministry of Defense (Ministry of

Defense, n.d.) and “cybercrime” was defined by National Police Agency(National
Police Agency, 2003).

3. Japanese and Vietnamese cybersecurity legal frameworks:

</div>
(15)<div class='page_container' data-page=15>

8
• Penal Code (1907 – Amended 2017) – which mentions about Computer
Fraud (Article 246-2), Damaging of Documents for Government Use (Article
258) and Private Use (Article 259);

• Installment Sales Act (1961 – Amended 2018) – which now required online
businesses handle credit card data appropriately and implement faud
prevention measure;

• Unfair Competition Prevention Act (1993 – Amended 2015) – showing what
kinds of activity are considered as unfair competition;

• Unauthorized Computer Access Prohibition Act (1999 – Amended 2013);
• Act on the Protection of Personal Information (2003) – which mentions

about collecting, retaining, handling personal information;

• Act on Protection of Specially Designated Secrets (2013) – Mentioning

information which is considered as specially designated secrets and people
who handle them.

</div>
(16)<div class='page_container' data-page=16>

9
general, only some reports from Ministry of Public Security, National Assembly or
Ministry of Justice.

4. Background of each country:

It is also essential to take a look at the background of both countries to figure
out why cybersecurity legal framework is needed. Together with the information
from the Cybersecurity Strategies from years to years and the goals of Abenomics,
this paper also consider about the real situation which is happenning in Japan base
on the report and information from several newspapers, such as Reuters, Nikkei
Asian Review, The Diplomat…

Based on the history and the characteristics of Japanese law and Japanese
government system which has been shown through Introduction to Japanese Law 
by Yoshiyuki Noda (1976); Japanese Law and Legal Theory by Koijiro Fujikura 
(1996); The spirit of Japanese Law by John Owen Haley (1998) and Japanese Law 
by Hiroshi Oda (2009), it is quite clear that the contemporary legal system is the
result of adapting both American system and Civil law system (from France and
Germany) in the context of Japan. The Rule of Law, which is the fundamental
principle underlying the present Constitution of Japan (Hiroshi O., 2009), also
become a crucial element in the entire Japanese legal system and cybersecurity legal
framework is no exception.

5. Theory of Rule of Law and Socialist state ruled of law:

</div>
(17)<div class='page_container' data-page=17>

10
law, there are several papers such as Theory of Socialist state ruled of law by Le 
Cong Dinh (2007); Socialist state ruled of law of the people, by the people, for the 
people under the leadership of Vietnamese Communist Party – Achievements and 
development orientation by Dao Tri Uc (2008); Building socialist state ruled of law 
in Vietnam at the moment by Tran Thanh (2008) …

1.8. Limitation of the research:

- Due to the lack of time and capacity, this research can mainly focus on
legal documents which are having the most effects related to

cybersecurity in each country.

- Since the topic is about legal frameworks, other factors outside legal
aspect which are also affecting the reality will not be mentioned or be
mentioned much in this paper.

</div>
(18)<div class='page_container' data-page=18>

CHAPTER 2: COMPARISION BETWEEN VIETNAMESE

AND JAPANESE CYBERSECURITY LEGAL

FRAMEWORKS

At the first sight, it is undeniable that the legal frameworks about cybersecurity
of Vietnam and Japan are different in general: If Japanese government approached
cybersecurity in a technical way then Vietnamese government tried to define what
cybersecurity is in legal and political aspects; while responsibilities of the
government are emphasized in the case of Japan, Vietnamese cybersecurity legal
framework requests compulsory cooperation between the service providers and the
users with the government. However, what is the meaning lying under these
characteristics? Such question will be discussed further in this chapter.

2.1. Japanese cybersecurity legal frameworks 
2.1.1. Overview:

</div>
(19)<div class='page_container' data-page=19>

12
V., 2013). While there is opinion that the cyberattacks on Lower House Diet and
defense contractor Mitsubishi Heavy Industries in 2011 had helped raising concerns
and open the eyes of both Japanese policymakers and business executives (Kshetri
N., 2014), cybersecurity was only officially recognized as national security and
crisis management problem from 2013, started with Cybersecurity Strategy which
was determined on June 10, 2013, by Policy Council (Tomoo Y., 2017). In 2014, by
promulgating Basic Act on Cybersecurity in 2014, Japan become the first country in
G7 which has a separate law dedicates to cybersecurity. From that point, this
country continues to invest more in cyberspace in general. Through several
Cybersecurity Strategies, reforming and strengthening the system which is in charge
of applying and promoting cybersecurity, Japan is moving toward the goal of
creating Society 5.0 and prepare for Olympic and Paralympic Games Tokyo 2020.
2.1.2. Characteristics of Japanese cybersecurity legal framework

Today, the Basic Act on Cybersecurity is the main law about cybersecurity.
After this law was enforced, legal documents which were used to stipulated part of
cybersecurity before such as Telecommunications Business Act (1984), Penal Code
(1907 – Amended 2007), Act on Prohibition of Unauthorized Computer Access
(1999 – Amended 2013), Basic Act on the Formation of an Advanced Information
and Telecommunications Network Society (2000) and Act on Protection of
Specially Designated Secrets (2013) are still valid and having important role in
supporting the Basic Act on Cybersecurity. With the Basic Act on Cybersecurity as
the centre, some features of Japanese cybersecurity legal framework can be seen,
includes:

• Maintaining cybersecurity while trying to protect the nature of 
cyberspace

</div>
(20)<div class='page_container' data-page=20>

“an intangible frontier of infinite values generated by intellectual creations and
innovations inspired by the ideas globally exchanged”. Base on this definition,
cyberspace in Japanese Government point of view has two features:

- Cyberspace is not constrained by time or space: In the real world, the 
space is limited and each country is separate from each other by national
border. On the cyberspace, such limitation does not exist at all. Thanks to
such nature, people can communicate and enjoying services from other
places in the world without being hold down by physical factors.

- Cyberspace contains unlimited resources and free flow of 
information: As mentioned above, the capacity of cyberspace is 
unlimited due to the fact that it is not constrained by time and space.
Since cyberspace has a large number of users and demands for exchange
information/knowledge on cyberspace are tremendous, the amount of
information which is uploaded and exchange on cyberspace is also
monstrous.

In the Cybersecurity Strategy in 2018, the Government of Japan has shown
their commitment by confirming to create a “free, fair and secure cyberspace”:
The basic ideals to which Japan will adhere to contribute to the objectives of the 
Basic Act is to aim for a “free, fair and secure cyberspace.” Such a cyberspace 
means a secure cyberspace in which the freedom of expression and economic 
activities of all actors active therein is guaranteed without any discrimination or 
exclusion with no justifiable reasons, and where unlawful activities such as the theft 
of information or assets are not allowed.

</div>
(21)<div class='page_container' data-page=21>

14
different aspects, therefore people can understand the problems better and having
more advantages in finding solutions. Moreover, since people can access to

information freely, they will have more change to gain knowledge they needed in
several sources so that they could compare them to each other and finding which
one is true and which one is not accurate. For people who are in academic
environment, such condition is the best for them to pursue their study further. For
the citizen, they can give their own opinions (even if such opinion is negative) from
the bottom of their heart to make their nation better without worry about being
punished. For the government, they can receive feedbacks from their people as fast
as they could and think about how to improve the situation.

• Responsibility of maintaining cybersecurity mainly belongs to the 
public sector, but cooperation between all stakeholders are highly 
recommended

</div>
(22)<div class='page_container' data-page=22>

15
• Cybersecurity in the context of Japan is in technical aspect rather

than political aspect

In the case of Japan, cybersecurity in general and methods to secure
cyberspace has been mentioned in technical aspect rather than political aspect - this
can be seen not only in the Basic Act of Cybersecurity but also other legal
documents. Starting with the definition of cybersecurity: Article 2 of the Basic Act
on Cybersecurity defined cybersecurity as “the necessary measures that are needed 
to be taken to safely manage information, such as prevention against the leak, 
disappearance, or damage of information which is stored, sent, in transmission, or 
received by electronic, magnetic, or other means unrecognizable by natural 
perceptive functions (hereinafter in this section referred to as "Electronic or 
Magnetic Means"); and to guarantee the safety and reliability of information 
systems and information and telecommunications networks (including necessary 
preventive measures against malicious activities toward electronic computers

through information network or storage media for information created by electronic 
or magnetic means (hereinafter referred to as "Electronic or Magnetic Storage 
Media")), and that those states are appropriately maintained.” Next, in two 
Cybersecurity Strategy in 2015 and 2018, the role of cyberspace, together with
policy approarches are very specific and highlight about the importance of new
technology which are directly related to cyberspace such as artificial intelligence
(AI), Internet of Things (IoT), finance services using new technology (Fintech)…
and what kind of measures should be done in order to prevent risks from cyberspace
toward them. By explaining about cybersecurity and related topics in technical
aspect, it is easier to all stakeholders to understand clearly what they should do in
order to implement cybersecurity in their case.

</div>
(23)<div class='page_container' data-page=23>

16
According to the Basic Act on Cybersecurity, the Cybersecurity Strategic
Headquarter has many functions which mainly focus on improving cybersecurity
mainly base on the cooperation of other national organs (Article 25). Moreover, this
Headquarter can also request the submission of materials, the presentation of
opinion, explanation and any other necessary cooperation from: the heads of local
governments and Incorporated Administrative Agencies; the deans of national
university corporations (referring to national university corporations prescribed
under Article 2, paragraph (1) of the National University Corporation Act (Act
No.112 of 2003)); the heads of inter-university research institute corporations
(referring to inter-university research institute corporations prescribed under Article
2, paragraph (3) of the Act); the President of the Japan Legal Support Center
(referring to the Japan Legal Support Center prescribed under Article 13 of the
Comprehensive Legal Support Act (Act No. 74 of 2004)); the representatives of
Special Corporations and authorized corporations (referring to juridical persons
incorporated by a special act and where the approval of a governmental entity is
required for their incorporation and associated matters), the representative of the
relevant entity facilitating Cybersecurity-related communication and coordination

with domestic and foreign parties concerned (Article 31, Clause 1) and other parties
(Article 31, Clause 2). Together with Cybersecurity Strategic Headquarters, NISC
also has a big role in maintaining cybersecurity by doing cybersecurity audit,
analyzing incident through investigation and cooperate with the local government.
2.2. Vietnamese cybersecurity legal framework

2.2.1. Overview:

</div>
(24)<div class='page_container' data-page=24>

17
Internet are also increasing. Beside the fact that Vietnam is also a target of
cyberattacks just like any country in the world and cybercrimes in Vietnam are
becoming more and more complicated to the extent that current legal documents are
not enough anymore, one of the biggest problems which raising concerns of
Vietnamese government are the movements from anti-government groups and
individuals on the Internet. Since the amount of information on cyberspace is
enormous, together with the fact that they are easy to be spread and hard to track the
sources, it is a big challenge to the authority to control the flow of information,
especially the kind of information which is negative and malicious toward them,
including false information, confidential information, and information which will
put them into difficult situations once it is spread. In order to deal with these
situations, the Cybersecurity Law was promulgated and enforced starting from
January, 2019. However, this law has been criticized by several stakeholders
because people worry that it will limit the freedom of expression, become a
violation of privacy and decrease investment in Vietnam.

2.2.2. Characteristics of Vietnamese cybersecurity legal framework

Similar to Japan, before Cybersecurity Law was promulgated there are some
legal documents which are somehow related to cybersecurity such as Law on
E-transaction in 2006 (specified about E-transaction on electronic devices), Criminal

Law in 2015 (Chapter XXI, Section 2, from Article 285 to Article 294 mentions
about cybercrime and punishments) and Law on Cyberinformation Security in 2015
(stipulating matters about information in cyberspace). Together with these legal
documents, Vietnamese Communist Party also implemented several resolutions and
directives which are about directions of developing information infrastructure such
as Resolution No. 13-NQ/TW of the 4th Plenum of the 11th Party Central

</div>
(25)<div class='page_container' data-page=25>

18
Through these legal documents, some characteristics of the cybersecurity legal
framework of Vietnam can be seen, for example:

• Law enforcement in general and cybersecurity protection in particular 
must be put under the leadership of Vietnamese Communist Party

The principle “enforcement must be put under the leadership of Vietnamese
Communist Party” is applied for every single type of legal documents in Vietnam
and the Cybersecurity Law is not an exception. In the Article 4, Clause 2 of
Cybersecurity law has mentioned: “Cybersecurity protection will be carried out 
under leadership of Vietnam’s Communist Party and management of the State” - 
This means any actions related to cybersecurity must follow the will of Vietnamese
Communist Party.

• One of methods which will be use for maintaining cybersecurity is 
managing the information inside cyberspace

If one of basic principles of maintaining cybersecurity in Japan is secure the
cyberspace while ensure the free flow of information on cyberspace, then in
Vietnam, control the flow of information (or control how people can access
information) is necessary for the sake of maintaining cybersecurity. For more
details, the idea of control information has appeared in the Resolution No.

13-NQ/TW of the 4th Plenum of the 11th Party Central Conference in 2012 through

“enhancing management of information on the Internet, social networks and
individual blogs” (Central Executive Committee of Communist Party, 2012). Next,
this feature can be seen in Cybersecurity Law through several articles, for
example:

</div>
(26)<div class='page_container' data-page=26>

19
information system; termination, suspension or request for termination of 
certain information system; revocation of domain names”.This means if 
an information is considered as illegal or false and violates national
security/disrupts public order/violates lawful rights and interests of other
organizations or individuals will be requested to be removed, and the
government also have the authority of limiting the access of people
toward certain information system if they want. Article 16 and Article 26
has point out that information which commits one of the acts below will
be consider as illegal information, including:

(a) Oppose the government of Socialist Republic of Vietnam;
(b) Disrupt social order and violates national security;

(d) Violate economic management laws.

If an information has been considered as illegal, it will be not allow on
website, web portals and social media pages of any organization or
individual.

- Article 26 mentioned that domestic and overseas providers of

telecommunications services, Internet services and value added services
in Vietnam’s cyberspace must:

(a) Verify users’ information when they open digital accounts;

(b) Provide users’ information for professional cybersecurity forces of the
Ministry of Public Security upon request document to serve
investigation into cybersecurity violations;

(c) Block and delete information mentioned in Clause 1 to Clause 5 of
Article 16 of this Law on their services or information systems within
24 hours after a request is given by the cybersecurity force of the
Ministry of Public Security or a competent authority of the Ministry
of Information and Communications.

</div>
(27)<div class='page_container' data-page=27>

20
in Vietnam’s cyberspace that collect, analyze or process private 
information or data about relationships of their service users or data 
created by their service users in Vietnam shall retain such data for a 
specific period of time defined by the Government. Overseas enterprises 
mentioned in this Clause shall open branches or representative offices in 
Vietnam”.

• The cooperation between all stakeholders is compulsory

Although both Vietnam and Japan legal systems require cooperation from all
stakeholders in implementing cybersecurity, cooperation between the government
and other stakeholders is compulsory in Vietnamese law, which has been showed in
Article 26 as mentioned above and other Article such as Clause 8 (Internet and
online providers must cooperate with the government to handle information which

is violate the law), Clause 9 (Internet users who post illegal information must
remove/delete it at the request from professional cybersecurity force) of Article 16,
Point b, Clause 2 of Article 21…

• Cyberspace also has border just like a nation in real world

</div>
(28)<div class='page_container' data-page=28>

21
services, Internet services and value-added services in Vietnam’s cyberspace about
what they have to do with information which are consider illegal, how they should
treat the person who violated the law and what they have to do with their users’ data.
This Article also mention that these enterprises must retain users’s data for a
specific period of time defined by the government and the overseas enterprises
which are providers of telecommunications services, Internet services and
value-added services in Vietnam’s cyberspace must open branches or representative
offices in Vietnam. However, this argument seems to have some problems:

- First of all, it is almost impossible to know where is the limitation of 
national cyberspace. According to the Article 26, conpany provides 
services which are related to cybersecurity on Vietnam’s cyberspace will
have to follow the law of Vietnam and if they do not follow, they will
have to face punishment from the government. However, since
cyberspace are not limited by time and space, it is possible to users in
Vietnam to use online services which are provided by companies from
other nations (which does not have branches or representative offices in
Vietnam) and vice versa. For example, A is a Vietnamese and M
company is a Japanese enterprise. M company makes game which allows
people all over the world can play and pay by using credit card or online
banking, then A find out how to download such game and play it. In that
case, is it possible to the government interfere in these transaction and
asking the company to follow Vietnamese law?

</div>
(29)<div class='page_container' data-page=29>

22
that most of the people who use Internet in Vietnam cannot access to
them. For example, BBC is one of the online newspapers which has been
blocked in Vietnam because of posting several articles which can be
considered as against the Vietnamese Communist Party and Vietnamese
government. Other domains such as Wattpad.com, Blogspot.com are also
blocked by some Internet providers due to the fact that there are some
bloggers use their blogs to express their opinions against the government.
Although most of the people who live in Vietnam cannot access to this
website, people who bypass the firewall or who are using the Internet in
other countries can still access to it. And while the government can
ensure that not many people would know about anti-government
information from these websites due to blocking, the Vietnamese citizen
are constrained from accessing the knowledge in other aspects which is
shared on those websites.

</div>
(30)<div class='page_container' data-page=30>

23
them can also making more burden to companies and put them into
considering if they should continue to invest in Vietnam.

• Cybersecurity in the context of Vietnam is in political aspect rather than 
technical aspect

While other countries such as Japan defines “cybersecurity” in a technical
aspect, the term “cybersecurity” has been explained as “assurance that activities in 
cyberspace do not harm national security, public order, the lawful rights and 
interests of any organization or individual” in Vietnamese Cybersecurity Law. 
With this definition, the range of actions which can be considered as cybersecurity
is very large, including both technical responses and activities which is for political

purposes, including maintain national security and public order.

• The power of Ministry of Public Security in maintains cybersecurity 
is huge:

If the Ministry of Public Security has already had a big role in maintaining
cybersecurity by preventing cybercrime through the Criminal Law, then after
implementing the Cybersecurity Law the power of this Ministry has been become
higher than ever with their professional cybersecurity force. While having
professional forces for cybersecurity is undoubtedly necessary, there are several
concerns related to the authority of this team in particular and the Ministry itself in
general.

The professional cybersecurity force of the Ministry of Public Security is one

</div>
(31)<div class='page_container' data-page=31>

24
their work which are related to national security, the budget and other resources for
the development of both professional cybersecurity forces is prioritized (Article 3,
Clause 3). Also according to the Cybersecurity Law, the professional cybersecurity
force of the Ministry of Public Security has permission to do several actions,
includes:

- The professional cybersecurity force of Ministry of Public Security can
do appraisal (Article 11, Clause 4, point a), assessment (Article 12,
Clause 3, point a), inspection (Article 13, Clause 5, point c), supervision
(Article 14), together with response and remediation of cybersecurity
incidents occurring to National security information systems (Article 15,
Clause 3, point a).

- According to Article 16 Clause 7, all professional cybersecurity forces

and competent authorities can request individuals and organizations to
suspend or remove the information which is considered as cybersecurity
violations. Also, they can block and restrict the information network,
deny access from internet users to the information/websites which violate
the law. Individuals and organizations, including private enterprises shall
cooperate with professional cybersecurity forces or else they will face
with penalties from the government base on their behaviors (Article 9).
- The professional cybersecurity force of Ministry of Public Security can

ask enterprises which handles personal information to give them
information of users by formal written request (Article 26, Clause 2, point
a). They can also request these companies to block, delete illegal
information according to the law and stop providing or refuse to provide
services for organizations or individuals whom violated the law (Article
26).

</div>
(32)<div class='page_container' data-page=32>

25
information which is considered as illegal. While this ability allows the Vietnamese
Government to manage the social order and political stability, it also limits the right
of expression and right to access to information of the people in general. Next, since
there is no standard for confirming if a piece of information is truly violating the
law or not, therefore the barrier between criticize wrongdoings of the government
and anti-government movements is not clear. Furthermore, because the procedure of
requesting information from these enterprises is not explicit at the moment and
there is no way to check and monitor such procedure yet, it is possible for the
authority to abuse of their power.

2.3. Similarities between Japanese and Vietnamese legal frameworks:

While current Japanese and Vietnamese legal frameworks are different in

general, there are also several similarities betweens these two structures,
includes:

- Highlight the importance of cooperation between these stakeholders 
with each other: Both Cybersecurity Law of Vietnam and the Basic Act 
on Cybersecurity of Japan mention about the responsibilities of all
stakeholders and emphasize the cooperation between them.

- Having law which regulates about handling personal information in 
general and handle on cyberspace in particular:

</div>
(33)<div class='page_container' data-page=33>

26
While Japan has a law called Act on the Protection of Personal 
Information which appoints how to handle the personal information
properly, Vietnam dedicates the Section 2 of Chapter II in the Law on
cyberinformation security (from Article 16 to Article 20) for regulating
about necessary methods in order to deal with personal information. Both
these laws focus on appointing the obligations of entities which are using
personal information for the sake of its business.

- The authority of institutions/group in charge of cybersecurity are 
immerse: Both Cybersecurity Strategic Headquarters in Japan and 
professional cybersecurity force of Ministry of Public Security in
Vietnam have great power to request necessary information from other
parties including public and private sector, domestic and foreign parties.

</div>
(34)<div class='page_container' data-page=34>

CHAPTER 3: EXPLANATION WHY THERE ARE

DIFFERENCES BETWEEN TWO LEGAL FRAMEWORKS

To understand why two legal structures above are too different, this chapter will
explain through the background of each country, together with the history of
contemporary law and the main theories which are lying under each legal
framework.

3.1. Background of Japan: 
3.1.1. Situation in Japan:

Before the Basic Act on Cybersecurity was implemented in particular and the 
Japanese Government realized how important cybersecurity is, Japan had faced
several hardships in terms of political aspect, economic aspect and social aspect as
well.

a) In political aspect:

</div>
(35)<div class='page_container' data-page=35>

28
cybersecurity in particular and a good cybersecurity legal framework is a very
important task.

b) In economic aspect:

Before Shinzo Abe became prime minister in 2012, the economy of Japan
was suffered for a long time. This period was called “The lost decade”, which
referred to the 1991 – 2000 period at first but later also included the decade from
2001 to 2010 due to deflation (Leika K., 2012), and fiscal deficits (Naoki A., 2010).

c) In social aspect:

Japan has known as an aging society for a long time, and the situation
continue to become worst. With low birth rate and high percentage of people over
65 or older in total of population, this country has to face with several challenges
such as burden on their welfare system, shortage of labor, nursing care for elderly
and so on. With the current technology, Japan is trying to develop more inventions
such as robot to take care for old people and as alternative methods to deal with lack
of labor, however since these technology is also related to cyberspace, there is also
the risk that they will be target of cyberattacks.

</div>
(36)<div class='page_container' data-page=36>

29
Sources:

3.1.2. History of modern law of Japan

Although Japanese law has a long history which start from the third century
when the Yamato kingdom existed and ruled by Queen Himiko (the first era) to the
present, the contemporary law of Japan, which is unrelated to the legal system
before 1868, just developed at the time when Tokugawa Shogunate fell and the
Emperor declared that imperial rule should be restored. From 1868 until now, Japan
has imported and adapted two legal structures: The first one is European law
(mainly French and German codes) and the second one is US law (adapted after
WWII) which the supreme law of the nation - Constitution of Japan was built after
US Constitution model. By learning from both systems and applying them into
Japanese context, nowadays Japanese law has become a mix system: While it
primarily based on codified laws, case law is also a significant part of Japan legal
structure (Hiroshi O., 2009). Together with the laws, the theory of Rule of Law also
become a fundamental principle lying under the entire present Japanese law in
general and the cybersecurity legal framework in particular.

3.1.3. The theory of “Rule of Law” 
a. What is Rule of Law?

While the concept of Rule of Law was just promoted together with the raise
of capitalism at the end of 18th century, the idea about Rule of Law had already

</div>
(37)<div class='page_container' data-page=37>

30
position, above the will of each individual… Obviously at that time, the term “Rule
of Law” did not exist but these ideas still remain their own value and later, they was
developed onto principles of Rule of Law today.

Nowadays, there are several definitions for the term “Rule of Law”. One of
definitions which is covered most principles of this term is how it was explained in
the report No. S/2004/616 of the Secretary-General of the UN about the rule of law
and transitional justice in conflict and post-conflict societies. According to this
report, Rule of Law refers to a principle of governance in which all persons,
institutions and entities, public and private, including the State itself, are
accountable to laws that are publicly promulgated, equally enforced and
independently adjudicated, which are consistent with international human rights
norms and standards. It requires, as well, measures to ensure adherence to the
principles of supremacy of law, equality before the law, accountability to the law,
fairness in the application of the law, separation of powers, participation in
decision-making, legal certainty, avoidance of arbitrariness and procedural and legal
transparency (UN, 2004).

b. Principles of Rule of Law

Despite not using the term Rule of Law, in several document such as The 
Spirit of the Law (1748) and The Social Contract (1762), Montesquieu (1748) and

Jean-Jacques Rousseau (1762) had pointed out several features or this ideology,
including:

- The law is absolute: The law is the general will of the people and have 
the highest position. Everyone, even the government, have to follow the
law and only obey the law.

</div>
(38)<div class='page_container' data-page=38>

31
absolute and nothing is higher than it, normally people will also have as
much as freedom they could.

- Separation of power is necessary to apply Rule of Law: In order to 
convert the general will of the people into the law, a legislator is needed.
However, the one who has the right to legislate should not have the right
to administrate Also, these powers should limit the power of each other.
or else abuse of power will happen. This statement is the base of what we
called “separation of powers” today.

- When implementing the law, we should consider if such law is suitable
for the current society.

c. Rule of Law in the context of Japan

The Rule of Law is the essential principle of the present Constitution of

Japan. While it is not difficult to understand since this Constitution was built base
on the model of the US one, it is not the first time the Japanese Government know
about such concept. The previous Constitution, which was enacted in 1889 and
heavily influenced by the German Constitution and jurisprudence, has already
incorporated the principle of Rechtsstaat (“State-under-law” or “Legal state” in

German, also considered the same as “Rule of Law” in English). However, the
concept of Rechtsstaat is controversal at that time since there are two ways to
interpret it:

+ One is understanding the term Rechtsstaat is Rule of Law, which means
the law in this case was the general will of the people, therefore the law has
supreme power and the state must operate in respect to the law. In that state, the
powers of legislation, administration and jurisdiction will be separated and limiting
each other to avoid abuse of power. Since freedom is the fundamental essence of
Rule of Law, the freedom of the people is continuing to improve and secure by the
protection of human rights.

</div>
(39)<div class='page_container' data-page=39>

32
managing the state, showing the will of the government and based on how Hiroshi
Oda has mentioned about the situation at that time in Japanese Law, it seems the 
terms Rechtsstaat has been understood in this way. For more details, state power
was to be exercised within the framework of statutory laws enacted by the Emperor
with the “participation” of the Imperial Diet. The Emperor was to rule the nation in
accordance with the provisions of the Constitution (Art. 4). However, this principle
was undermined by the power of the Emperor to issue imperial edicts in order to
maintain public security or to cope with nature disasters (Art. 8, para 1). It also
stipulated that the Constitution did not prevent the Emperor from exercising his
power during a war or state of emergency. Fundamental rights of citizens were
guaranteed by the Constitution only within the limits established by statutory laws.
Constitutional review did not exist, and judicial control over the administration was
allowed only in limited cases when specified by law (Hiroshi O., 2009)

After the WWII, while the new Constitution has been enacted and the real
concept of Rule of Law has been applied, references to Rule of Law in Japanese
jurisprudence were gradually outnumbered by references to Rechtsstaat or Rule by

Law under strong influence of German jurisprudence, which purported to achieve
substantive Rule by Law as distinguished from Rule by Law in the pre-War days
which were merely technical and without substantive justice in the statutes. As a
result, the demarcation line between Rule of Law and Rule by Law became blurred
by the interchangeable use of the terms (Hiroshi O., 2009).

</div>
(40)<div class='page_container' data-page=40>

33
the definition from the Ministry of Foreign Affairs of Japan, the Rule of Law has
been understood as “the concept that acknowledges the superiority of the law over 
all other forms of power; it is the basis of friendly and impartial relations between 
states as well as being an essential cornerstone of a fair and just domestic society. 
The rule of law is also an important factor for promoting “Good Governance” in 
each country, as well as ensuring the peaceful settlement of disputes” (Ministry of 
Foreign Affairs of Japan, 2016). In this way, the Rule of Law in Japan seems to be
mainly understood as “superiority of the law over all other forms of power”
(including international law), however other features such as the idea of freedom
and basic human rights and separation of powers can also be found in Japanese
legal system. In the case of Japanese cybersecurity legal framework, the concept of
Rule of Law and its characteristics can be seen through how Japan was consider the
Rule of Law as one of basic principles in policy planning and implementation
(Cybersecurity Strategy 2015), commit to create a “free, fair and secure cyberspace”
and promote the Rule of Law in cyberspace (Cybersecurity Strategy 2018).

3.2. Background of Vietnam:

3.2.1. Situation about cybersecurity in Vietnam:

After 22 years since the first time Internet came to the people in 1997,
nowadays, cyberspace has slowly become a second world to a major of Vietnamese
people where activities from that space will have almost the same effect as if such

actions happen in real life, if not worse. While activities in reality are controlled by
the law and the identity of a person who commit those acts are clear, it is not the
same in cyberspace. Therefore, there are many activities in cyberspace which
people may not dare to do in real world could be done in the virtual world, leaving
many consequences which may has both positive effects and negative effects to the
real society.

</div>
(41)<div class='page_container' data-page=41>

34
To Vietnamese government, cyberspace has a crucial role in many aspects
which includes national security and administration, especially in national security.
In the context of Vietnam, since national security means the stability and
sustainable development of the socialist regime and the State of the Socialist
Republic of Vietnam, the inalienability of the independence, sovereignty, unity and
territorial integrity of the Fatherland (National Assembly, 2004) and activities of
infringing upon the national security also including acts of infringing upon the
political regime (National Assembly, 2004), outside of physical attacks and
cyberattacks which damage the state in physical aspect, information which create
negative images of Vietnamese Communist Party or create doubts about the
leadership of the Party are seen as threats to national security and on cyberspace,
due to the nature that the flow of information are free and can spread very fast,
anti-government groups and individuals can using blogs, online newspapers and social
networks to spread adverse information for the government easily while the
government can not control such information as they do in real world. Some of the
cases which shows hardships that Vietnam has to face with are:

+ Cyberattacks which targets Vietnamese government and CII

operators:

According to the statistic from Ministry of Public Security, from 2010 until

the first half of 2017, more than 18.052 websites with “.vn” domain, including
1.083 websites belongs to the government with the domain “.gov.vn” had become
victims of cyberattacks (Van A., 2017). In 2016, the two biggest international
airports of Vietnam named Noi Bai and Tan Son Nhat, together with Vietnam
Airlines - the biggest airline operator in Vietnam, have been hacked by a group of
Chinese hackers named 1937CN (Nguoi Lao Dong Online, 2016).

</div>
(42)<div class='page_container' data-page=42>

35
To spread adverse information about the government, most of
anti-government groups and individuals have chosen to post their information and
opinions through blogs or famous social network to Vietnamese people such as
Facebook and Youtube. In 2015, the Ministry of Public Security has banned 748
websites which are having negative information related to Vietnamese Communist
Party and Vietnamese government (Kha X. L., 2015). Several bloggers have been
considered as anti-government, such as Mother Mushroom, Anh Ba Sam, Dieu
Cay… had been arrested. However, many anti-government fanpages are still
working on both Facebook and Youtube, and the Vietnamese government still could
not do anything about this.

b. In economic aspect:

In 2018, cyberattacks by using malware have cost Vietnamese economy 642
million USD, more than 21% compare to 2017. According to BKAV - one of the
most famous computer security company in Vietnam - more than 60% enterprises in
Vietnam in total has had their computers infected by cryptocurrency mining
malware and 1,6 million computers in Vietnam has lost their data due to many
reasons (Thuy D., 2018). In the famous WannaCry incident, more than 800
computers had been infected by this ransomware and some of them belongs to
companies which provides servers, domains and data for rent. Also in this case, an
enterprise which own 7 infected servers had paid 100 million VND (approximately

44 thousand USD) to fix them (Dinh N, 2017).

c. In social aspect:

</div>
(43)<div class='page_container' data-page=43>

36
… and lost both their money and their own account to scammers (Mai V., 2019).
Other activities such as leaking important information, false information, online
gambling (Lam A., 2017) are also raising concerns from the people about safety on
cyberspace as well. Despite the fact that Vietnam has already had several legal
documents about cybersecurity, they are not enough to handle the current situation.
Therefore, a specific law which is dedicated to cybersecurity are truly necessary in
the context of Vietnam.

3.2.2. History of modern law in Vietnam:

The contemporary law of Vietnam was just started to develop since 1945.
Due to the fact that the French had passed the right to govern North Vietnam to
Japan before, at that time when Japan was lost the WWII, under the leadership of
Vietnamese Communist Party, Vietnamese people took the advantage of the
situation and took control of the North Vietnam after the victory of the August
Revolution. From that point on, Vietnamese legal system has been reformed several
times, which can be put into three main periods:

• The first period (from 1945 to 1959):

Since the government of Vietnam in this state is just a new temporary
government, the demand of human resources and suitable laws in order to overcome
hardships at that time is highly needed. Therefore, in a very short time from
September 1945 to 19/12/1946 (Great Revolution Day), about 479 legal documents
had been passed and implemented (Pham H. N., 2008), which also include the

Constitution in 1946. Vietnamese Law at this moment, especially the Constitution,
is heavily influence by French Law.

• The second period (from 1959 to 1980):

</div>
(44)<div class='page_container' data-page=44>

37
and maintaining the current government such as voting, military service and
criminal law were made and implemented.

• The third period (from 1980 to the present):

After peace had come to Vietnam, the government had made another
Constitution which was called the Constitution in 1980 – This is also the first time
the leading role of Vietnamese Communist Party toward the state was officially
confirmed by the law on Article 4. From that point on, the legal system of Vietnam
also showing the connection with the Party through other legal documents more
clear than ever, to the extent that the will of the Party has become an inseparable
part of the legal system and deny it will also be considered as deny the Constitution
and against the Government.

To explain such phenomenon, because the Vietnamese Communist Party has
a history as the party which leads the people to the victory, free Vietnamese people
from being ruled by France, Japan, America and united the country, this Party was
officially recognized by the people as the ruling party of the country. After that, due
to the fact that there are threats from other nations such as China and America, in
order to protect the sovereignty of the country, the Party must focus on maintain its
position through the legal system. Also during this period, in order to face the
challenges came from globalization and demands of the people, the Vietnamese
government has come up with an exclusive theory: the theory of Socialist state
ruled of law.

3.2.3. Theory of Socialist state ruled of law 
a) Content of the theory:

Theory of Socialist state ruled of law was officially declared by Nong Duc
Manh - former General Secretary of Communist Party in the opening of the first
session of 12th National Assembly on July 19th, 2007, and has been considered as a

</div>
(45)<div class='page_container' data-page=45>

38
1. The state’s power is inseparable. The power of legislature, executive and

judiciary will be in charged by some specific government agencies.

2. The Government is in charge of administrating the people based on the law
which were promulgated by the National Assembly. The Constitution and
other legal documents are results of converting the will of Vietnamese
Communist Party into the reality.

3. Authorization of the central government includes:

+ What the central government can decide by themselves;

+ What Central Committee, Political Bureau or Secretariat of the Communist
Party of Vietnam decides or gives their opinions.

Similar to the central government, the authorization of the local government
also includes:

+ What the People’s Council and People’s Committee can decide by
themselves;

+ What the local Party Executive Committee and Party Standing Committee
decide or give their directives to the People’s Council and People’s
Committee.

4. Judicial activities, including managing, educating and using the judicial
human resources are under the lead of Vietnamese Communist Party through
the role of Party Committee at judicial institutions according to the Party’s
rules.

</div>
(46)<div class='page_container' data-page=46>

39
are for the sake of protecting the absolute leading role of Vietnamese Communist
Party towards the society (Le C. D., 2007)

b) Features of theory of Socialist state ruled of law:

Compare to the basic principles of Rule of Law, the characteristics of
Socialist state ruled of law is quite different:

+ First and foremost, the theory of Socialist state ruled of law does not
recognize the separation of powers in government.

+ There are two systems work at the same time in Vietnam: One system
belongs to the government and the other belongs to Vietnamese Communist Party.
+ Finally, both Constitution and laws are results of converting the will of
Vietnamese Communist Party into the reality. For this reason, the position of the
Party toward the law is complicated: The Constitution is the supreme law of
Vietnam, therefore in theory Vietnamese Communist Party must follow the
Constitution and other laws. However, the Constitution and other laws are reflection
of the Party’s will and the content are mainly decided by the Party – which means

the law is only tools to manage the society by the Party.

c) Meaning of the theory and how this theory affects cybersecurity legal 
system of Vietnam:

By applying this theory, the role of Vietnamese Communist Party toward the
state is strengthened through several aspects, including:

- Confirm that the power of legislation, administration and judiciary 
are inseparable and “separation of power” is not suitable with the 
context of Vietnam:

</div>
(47)<div class='page_container' data-page=47>

40
and most of the people who encourage separation of powers are people
who want a state with multi-party system, the Party believe that these
people wants to erase the legitimate leadership of Vietnamese Communist
Party and due to this reason, they are considered as anti-government.
+ Moreover, the idea of “separation of powers” was mainly attached to 
capitalism in the past. Consequently, it has become a mindset that such
idea is a part of capitalism, thus it is very hard for a socialism state to
accept separation of powers.

- Secure the power of the Party in every aspect:

+ Both Constitution and other legal documents contain the will of the
Communist Party.

+ Mostly high-ranking government officers are member of the Party,
therefore beside the law, they also have to follow the rule of the Party.
Since cybersecurity has an important role in maintaining the power of

Vietnamese Communist Party and cybersecurity legal framework is part of the
entire Vietnamese legal structure, both Cybersecurity Law and other legal
documents in the framework is not exception in showing the leadership and the will
of the Party through their content (Clause 2, Article 4 of Cybersecurity Law in
2018) and put all activities which opposes the government as threats which should
be handled as fast as possible.

</div>
(48)<div class='page_container' data-page=48>

CHAPTER 4: THE EFFECTS FROM LEGAL

FRAMEWORKS

While the fact both Vietnam and Japanese cybersecurity legal structures have
been existed a long time before a specific law about cybersecurity was passed, there
are differences between before and after enforcing the current main cybersecurity
legal documents (Basic Act on Cybersecurity in the case of Japan and Cybersecurity
Law in the case of Vietnam). Through analyzing these effects in these periods and
the differences, strong points and weaknesses from each legal framework can be
find out. For this reason, this chapter will mention about the effects came from
implementing cybersecurity legal framework in Vietnam and Japan in two periods:
Before and after implementing the cybersecurity law.

4.1. The effects from Japanese cybersecurity legal framework 
a) Before implementing the Basic Act on Cybersecurity:

</div>
(49)<div class='page_container' data-page=49>

42
While it is clear that many efforts have been made, the effects from these legal
documents were not enough to deal with cyberattacks, not to mention at that time
the Japanese Government did not consider cyberattacks as a national security threat
yet (as mentioned in Chapter 2).

b) After implementing the Basic Act on Cybersecurity:

After implementing the Basic Act on Cybersecurity, the situation related to
cybersecurity in Japan has changed substantially, especially in legal aspect:

+ First, the number of agencies in charge of cybersecurity in Japan has 
increased and the authority of these agencies is also higher than before:

Based on the Basic Act on Cybersecurity, the Cybersecurity Strategic
Headquarters and National Center of Incident Readiness and Strategy for
Cybersecurity (NISC) were established.

Figure 4.1: The organization of agencies in charge of cybersecurity before and 
after the Basic Act on Cybersecurity

Sources: Yamauchi T. (2017), Cybersecurity Strategy in Japan, NISC

</div>
(50)<div class='page_container' data-page=50>

43
not have much authority towards other government organizations and depend on IT
Strategic Headquarters. For example, all the activities related to cybersecurity such
as checking, recommending, or reporting between these agencies and other
governmental bodies are not compulsory, and when incident happens, National
Information Security Center can only provide supports to other governmental
bodies on request. However, after the act, not only Cybersecurity Strategic
Headquarters and NISC become more independent and have equal position with IT
Strategic Headquarters and National Security Council (NSC) but they also have
more authority towards other government organizations. For more detail, other

government agencies have to submit information related to cybersecurity at their
institution to Cybersecurity Strategic Headquarters and in exchange, the
Headquarters will give recommendation for them to handle with the situation while
NISC will cooperate with the local governments. Moreover, the NISC also have
authority to conduct cause investigation in serious incidents by itself.

Figure 4.2: Current framework of cybersecurity policy in Japan

</div>
(51)<div class='page_container' data-page=51>

44
 + Second, Cybersecurity Strategies are more effective than before:

While Cybersecurity Strategy which was implemented before the act 
adopted by Information Security Policy Council and only has legal binding toward
its members, Cybersecurity Strategy which was implemented after the act seems to
be more effective by being adopted as a Cabinet Decision and even being reported
to the National Parliament. Furthermore, by applying authorities of mandatory
reporting and formal recommendations, the Cybersecurity Strategic Headquarters
may enforce the Strategy as well (Yamauchi T., 2017).

+ Finally, the awareness about cybersecurity is raising:

</div>
(52)<div class='page_container' data-page=52>

45
risky cyber behaviour. Most of them (86% of respondents in total) know to
immediately disconnect a breached device from the Internet and 71 percent do not
open or download attachments from unknown senders (ESET, 2016). However,
ESET (2016) has also mentioned that there is a gap between their knowledge and
their frequent measures to secure their information in this report. For more details,
less than 50% of respondents said that they apply preventive steps regularly.

Figure 4.3: Proactive measures taken to guard against cyberattacks

Sources: Japan Cyber-Savviness Report 2016, ESET 
4.2. The effects from Vietnamese cybersecurity legal framework 
a) Before implementing the Cybersecurity Law:

Before the Cybersecurity Law was passed, the cybersecurity legal framework
of Vietnam has been already criticized for a long time due to the restriction of
access to information and other concerns about the right to expression through
remove information and block several websites which are considered as opposed to
the government and contain false information. However, this policy is not negative
as it seems since there are many cases that false information has cause great
consequences toward the people. In August 2018, a Facebook user posted an
information that the Trung Son hydroelectric dam at Thanh Hoa Province was

</div>
(53)<div class='page_container' data-page=53>

46
broken. After hearing this news, the local people were scared and went to the higher
place to escape the flood. Later, the Steering Committee for Natural Disaster
Prevention of Thanh Hoa Province declared that this news was fake, and the flood is
just water release from the dam due to heavy rain in long time (Tuan M., 2018).
Since a major of Vietnamese people believes the news on social network without
reconfirm it, false information become a big issue and if the government does not
intervene quickly, the social order may break from that. This also shows another
problem that not many Vietnamese people aware the consequences of their action,
which a part of it came from the fact that there was no specific law about managing
online activities at that time.

</div>
(54)<div class='page_container' data-page=54>

Figure 4.4: Top risky online behaviors in Vietnam

Sources: Vietnam Cyber-Savviness Report 2015, ESET

</div>
(55)<div class='page_container' data-page=55>

48
Figure 4.5: Weakness of enterprises in Vietnam about information security

Source: Evaluation of Information Security Index Survey 2018 - VNISA 
b) After implementing the Cybersecurity Law:

Since the Cybersecurity Law has just been enforced on January 1, 2019, the
effects of this law do not show much in other aspects. According to the criminal
police department of Hanoi, the number of victims of online scams is still
increasing (TTXVN, 2019), methods of internet frauds become more complicated
and there is no signal that Vietnamese people will restrain their risky behaviors on
cyberspace soon. However, the awareness of people referring to posting false news
and any information which is related to the government has been increased.
Nowadays, people on social networks - especially Facebook or Zalo – are being
more careful about what they should post, or else they would face punishment come
from the government.

</div>
(56)<div class='page_container' data-page=56>

CHAPTER 5: RECOMMENDATIONS AND CONCLUSION

Base on the current situation in each country and all the analyses above, this
chapter will come up with some recommendations for improving the legal
documents and policies of both countries.

5.1. Recommendations:

a) Vietnam:

In consideration of the political institution in Vietnam and the current
situation, this paper comes up with recommendations in legal aspects and policies
as below:

- Detailed standards for recognizing illegal information are crucial: 
Since the barrier between opposing the government and pointing out the
wrongdoings of the government is blur, having detailed standards regarding illegal
information is important in order to avoid abuse of power and encourage people to
voice their opinions without afraid the punishments from the government. These
standards should be drafted base on the Constitution and other laws with the
consideration of human rights in mind, and it must be written as clear as possible.

- Precise procedure for retrieving users’ information is needed: 
Outside of emergency circumstances, how users’ information will be

retrieved by the professional cybersecurity force is also need to be regulated clearly
in the law.

- Raising more awareness about cybersecurity:

</div>
(57)<div class='page_container' data-page=57>

50
using it. To improve the knowledge about cybersecurity, not only this must be a
compulsory part of the curriculum but other methods should also be put into
consideration. In several high-ranking universities in Japan such as Kyoto
University or Tsukuba University, students must learn brief lessons about
cybersecurity before using library or using the exclusive Wi-Fi of the university.

+ Spread the messenge about cybersecurity by using soft power:

Beside of other common methods such as through education and competition,
spread the idea of cybersecurity through social media is also crucial when a major
of Vietnamese Internet users is using social networks. Another way is promoting
cultural products which are related to cybersecurity such as films, comic books,
animations…

</div>
(58)<div class='page_container' data-page=58>

51
b) Japan:

- Raising more awareness about cybersecurity in governmental bodies: 
Seeing that the cybersecurity in Japan mainly focus on the role of the
governmental bodies, it is essential for governmental officers to understand about
cybersecurity. Therefore, beside of training current officers, the employment
examination of Japanese government should have a test referring to knowledge of
computer science in general and information security in particular.

- The Japanese government should be more active in counterattack 
and finding culprit of cyberattacks:

Beside enhancing security of CII and other important systems, counterattack
and tracking the culprit of cyberattacks is also good methods to continuing to
improve cybersecurity. Recently, the Ministry of Defense in Japan has planed to
create and maintain cyber-weapons in the form of malware to counterattack with
attackers who targets governmental bodies (Catalin C., 2019). While this malware is
only use for the purpose of defense, it is also the first step for Japan to be more
proactive in secure cybersecurity.

</div>
(59)<div class='page_container' data-page=59>

52
policies about improving the working conditions of IT technicians and encourage

people to take majors related to computer science.

5.2. Conclusion:

</div>
(60)<div class='page_container' data-page=60>

REFERRENCES

English

1. Catalin C. (2019), Japanese government to create and maintain defensive
malware, ZDNet. Retrieved from:

2. CBS News (2017), "WannaCry" ransomware attack losses could reach $4
billion. Retrieved from:

3. CBS News (2017), Cyberattack hit more than 100,000 groups in at least 150
countries, Europol says. Retrieved from:

4. Council of Europe (2019). Chart of signatures and ratifications of
Convention of Cybercrime. Retrieved from

5. ESET (2015), Vietnam Cyber-Savviness Report 2015. Retrieved

from:

6. ESET (2016), Japan Cyber-Savviness Report 2016. Retrieved from:

https://cdn1-
prodint.esetstatic.com/ESET/SG/whitepapers/2016_ESET_Japan_Cyber-Savviness_Report.pdf

7. Hamada K. (2007), On The Rule of Law in Japan, World Justice Project 
Multidisciplinary Outreach Meeting, Singapore.

8. Hiroshi Oda (2009), Japanese Law, Third Edition, Oxford University Press
9. Internet World Stats, Top 20 countries in Internet Users vs. Rest of the World

– March 31, 2019. Retrieved from:

</div>
(61)<div class='page_container' data-page=61>

54
10. Japan Today (2016), Japanese users not proactive enough about

cybersecurity: Survey. Retrieved from:

11. Kazuaki N. (2018), Japan's IT firms enthusiastically open doors to overseas 
tech workers, The Japan Times. Retrieved from:

12. Kazuyasu S. and Masaya H. (2018), Cybersecurity: Japan. Retrieved from:

13. Kshetri, N. (2014), Japan’s Changing Cybersecurity Landscape, Computer, 
47 (1), 83-86. Doi:10.1109/MC.2014.17

14. Law on National Security (2004) of Vietnam

15. Leika K. (2012), Japan eyes end to decades long deflation, Reuters. 
Retrieved from:
/>estimate/update-2-japan-eyes-end-to-decades-long-deflation-idUSL4E8JH1TC20120817

16. Marr, B. (2018). How Much Data Do We Create Every Day? The
Mind-Blowing Stats Everyone Should Read. Retrieved from

we-create-every-day-the-mind-blowing-stats-everyone-should-read/#78eeea4a60ba

17. McAfee (2018), The Economic Impact of Cybercrime – No Slowing Down. 
Retrieved from:

18. Mihoko M. (2016), How Japanese Businesses Are Cultivating Cybersecurity 
Professionals, Paloalto Networks. Retrieved from:

</div>
(62)<div class='page_container' data-page=62>

55
19. Ministry of Defense, Regarding Response to a Cyber Attack, Retrieved from:

20. Ministry of Foreign Affairs of Japan (2016), Japan’s Foreign Policy to 
Promote National and Worldwide Interests, Diplomatic Bluebook 2016. 
Retrieved from:

/>html

21. Naoki A. (2010), Japan’s Shrinking Economy, Brookings. Retrieved from:

22. National Diet (1946), The Constitution of Japan, Prime Minister of Japan and
His Cabinet. Retrieved from:

/>n_e.html

23. National Diet (2014), The Basic Act on Cybersecurity. Retrieved from:
/>2

24. National Police Agency, Arrests and Consultations of Cybercrime in 2003, 
Retrieved from:
25. Resolution No.13-NQ/TW on January 16, 2012 of the Central Executive

Committee of Communist Party

26. Ruairidh Villar (2013), Japan - U.S. security talks likely to highlight Tokyo’s 
cyber-defence woes, Reuters. Retrieved from:

talks-likely-to-highlight-tokyos-cyber-defence-woes-idUKBRE9910TI20131002

27. Satista (2019). Global digital population 2019. Retrieved from

28. The Government of Japan (2015), Cybersecurity Strategy, Japan.

</div>
(63)<div class='page_container' data-page=63>

56
30. The National Assembly (2018), Cybersecurity Law, Vietnam.

31. Tomoo Yamauchi (2017), Cybersecurity Strategy in Japan, National center 
of Incident readiness and Strategy for Cybersecurity (NISC), p.5

32. UN (2004), The rule of law and transitional justice in conflict 
andpost-conflict societies. Retrieved from:

33. World Bank Data, Individuals using the Internet (% of population) –

Vietnam. Retrieved from:

/>=VN&start=1997

Vietnamese

1. Bui, V. H. (2013), Tam quyền phân lập khơng phù hợp với thể chế chính trị 
ở nước ta, CAND Online. Retrieved from:

/>luan-thoi-su/Tam-quyen-phan-lap-khong-phu-hop-voi-the-che-chinh-tri-o-nuoc-ta-237626/

2. Dammio.com (2018), Các số liệu thống kê Internet Việt Nam năm 2018. 
Retrieved from:

3. Dao, T. U. (2015), Giáo trình Nhà nước pháp quyền, NXB Đại học Quốc gia
Hà Nội.

4. Dinh, N. (2017), 800 máy tính tại Việt Nam đã bị nhiễm WannaCry,

VnExpress. Retrieved from:

5. Ha T. (2017). 1,4 tỷ tài khoản email bị lộ mật khẩu trong đó có 440.000 tài
khoản '.vn'. Retrieved from
/>

</div>
(64)<div class='page_container' data-page=64>

57
6. Kha, X. L. (2015), Vơ hiệu hóa 6 blog, website có nội dung chống phá Đảng,

Nhà nước, Dân Trí. Retrieved from: 

7. Lam, A. (2017), Tội phạm công nghệ cao lập kỷ lục về tiền chiếm đoạt cũng

như số người bị thiệt hại, Báo Mới. Retrieved from: 
/>pham-cong-nghe-cao-lap-ky-luc-ve-tien-chiem-doat-cung-nhu-so-nguoi-bi-thiet-hai/c/28571743.epi

8. Le, C. D. (2007), Học thuyết Nhà nước pháp quyền Xã hội chủ nghĩa, Tạp
chí Tia Sáng. Retrieved from:

9. Mai, V. (2019), Cảnh báo gia tăng tình trạng lừa đảo qua mạng, Police of 
Da Nang City. Retrieved from:

10. Montesquieu (1948), Bàn về tinh thần pháp luật (The spirit of the laws), 
Hoang, T. D. (Translator), The Gioi Publisher, Hanoi, Vietnam

11. Nguoi Lao Dong Online (2016), Hacker Trung Quốc gây sự cố tại sân bay
Nội Bài, Tân Sơn Nhất. Retrieved from:
/>nuoc/hacker-trung-quoc-gay-su-co-tai-san-bay-noi-bai-tan-son-nhat-20160729210104008.htm

12. Pham, H. N. (2008), Nhìn lại những chặng đường phát triển của pháp luật ở 
Việt Nam từ năm 1945 đến nay. Retrieved from:

/>8928d8-4a81-414f-914c-57a1fa900e24&groupId=13025

13. Rousseau, J. J. (1762), Bàn về khế ước xã hội (Hoàng Thanh Đạm dịch), 
NXB Thế giới, Hà Nội, Việt Nam

14. Thuy, D. (2018), Thiệt hại virus gây cho người dùng Việt đã lên mức kỷ lục, 
VNEconomy. Retrieved from:

</div>
(65)<div class='page_container' data-page=65>

16. Tuan M. (2018), Bác tin vỡ đập thủy điện gây hoang mang ở Thanh Hóa, 
CafeF. Retrieved from:

17. Van, A. (2017), Hơn 6 năm, trên 1000 website cơ quan nhà nước của Việt 
Nam bị hacker tấn công, ICT News. Retrieved from:

</div>