I had the great honor of spending the past week in Japan as a guest of the Japanese Broadband Association (BBA) to discuss issues of privacy, spyware and cyber security. The BBA were the most gracious hosts that one could ask for. I hope to return the kindness when they come visit the US.

The best part of the trip was really the information exchange. I offered what I know about spyware issues in the US and Europe and they taught me a good deal about cyber fraud in Japan.

There are many similarities between the two countries. For example, it is very clear that money has become the driving factor for Internet crimes around the world. Even in Japan, where otaku or “nerd” culture has become a national export, hacking purely for the glory of it has been dwarfed by hacking for the purpose of committing fraud. In Japan, this mainly takes the form of auction phishing sites and relatively simplistic billing schemes referred to as one-click fraud. Japan seems to have seen a slight rise in some forms of spyware, like targeted keystroke loggers used for corporate espionage and fake security software like the rogue DriveCleaner (seen here in a Japanese advertisement).

On the other hand, there are major differences. In particular, the US has a much higher prevalence of nuisance or harmful adware and identity theft than Japan. Based on the discussions that I had, I attribute this to four major factors:

1. The crime rate for fraud and property crime in Japan is astoundingly low in general (online and offline) per capita.
2. Unlike English-speaking countries, there is a major language barrier for foreigners to commit online fraud in Japanese because the language is used by so few people in general.
3. The distribution of software in Japan is almost completely controlled by the computer manufacturers (OEMs). I have been told that most Japanese, particularly those with less technical knowledge, have all of their software pre-loaded when they purchase computers. They make choices about which ISP and security software they want and after that they never add or significantly alter settings on the computer. Software companies pay large sums to have their products pre-installed because there are generally no post-purchase online downloads. In the US, as CDT and others have documented, it is precisely this online marketplace for software that has led companies to pay affiliates to install software without adequately monitoring their affiliates’ actions.
4. Advertising distribution also seems to be much less complex in Japan than in the US. As we have detailed in Following the Money I and Following the Money II, the ad structure in the US leads a small but significant number of ads to be placed in nuisance adware without the advertisers’ knowledge. I have been told that most Japanese content providers only have direct relations with their advertisers and the largest content providers seem to vet ads thoroughly.

These factors are not meant to reflect negatively on the US (other than the general crime statistics). In particular, there are major benefits to creating and sustaining more open markets. However, we need to realize that these benefits also come with risks and that responsible market actors should care about the health of the full market and do their part to protect it from fraud.

This entry was posted on Thursday, November 30th, 2006 at 2:09 pm and is filed under Consumer Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.