BY MICHAEL MACARTHUR BOSACK, CONTRIBUTING WRITER
Eight years ago this month, the Japanese parliament passed the Act on the Protection of Specially Designated Secrets amidst protest and consternation from both foreign and domestic sources.
The operative assumption from those critics was that the new law would restrict freedom of information and make the Japanese government increasingly opaque. Some even fretted that it would lead to undue prosecution of journalists and whistleblowers. In other words, the view was that the law was a threat to Japanese liberal democracy.
In reality, the intent of the law was to counter security risks in the country and to bring the Japanese government up to international standards for information security. Over the past seven years that the law has been in force, the Japanese government has applied its terms cautiously and incrementally in trying to address the core objectives underpinning the secrets protection law.
There may be some who question the risk of espionage inside Japan. Just how bad could it be? As a Group of Seven member and top-tier economic and military power, Japan is a prime target for spying and has been for some time.
Take, for example, the 2007 incident involving a Maritime Self-Defense Force officer. His Chinese spouse used him to gain access to classified information on Aegis Ballistic Missile Defense destroyers, which she promptly delivered to the Chinese government. It was a textbook case of so-called honeypotting, a practice in which a foreign government uses attractive members of the opposite sex to cultivate relationships meant to elicit classified or sensitive information. As it turns out, she was not the only one to do so during that time frame either.
Further, the Japanese government is somewhat notorious for leaking information to the press, some of which is classified. Those leaks have included details about the Self Defense Force’s operational plans, content from intergovernmental negotiations and insights from high-level policy decisions.
The risk of espionage and the prevalence of leaks, while problematic in their own right, have also been obstacles to increased intelligence sharing with foreign partners. Japan has long desired to become part of the “Five Eyes” intelligence sharing construct composed of Australia, Canada, New Zealand, the United Kingdom and the United States. To do that, the government would need to boost its information security standards to match those of the other partners.
That’s why, measures were necessary to deal with spying, to prevent leaks and to match others’ information security practices, so the Japanese government turned to legislation. The question was what needed to be done through that new legislation.
For information security to work, a few things must be in place. First is physical security; information must be controlled and stored somewhere that cannot be accessed by someone without a valid “need-to-know.”
In addition to having places meant to store and discuss classified material, a government must determine what type of information has to be protected. In principle, the concept behind classification is based upon the risk associated with release of certain information. In other words, if information were to fall into the wrong hands, how damaging would it be to the government or the populace? Examples of classified information include the schematics for a new jet fighter, access codes for weapon systems or plans for securing a major event involving world leaders.
Once the government has an idea of what it needs to protect and how, it has to be able to articulate those rules to the end user. This may be in the form of laws, policies, or guidelines, any of which can explain how secret something is and how it should be handled.
A government must also vet and track the end users for classified information. Essentially, a government wants to make sure that officials do not have any factors that would make them easy to compromise — things like crushing debt (which makes them more vulnerable to bribes) or competing loyalties to foreign countries. The vetting process typically comes in the form of a background check and interview.
Finally, there must be a means to impose costs for those who violate the rules; after all, if there are no grounds for recourse, there would be nothing to deter someone from simply flouting the rules.
So, what did Japan have prior to the special secrets protection law? There was no legal framework in place to manage any of the aforementioned requirements. Sure, there was physical security inside government offices, but no legal recourse that could deter employees from simply taking classified material home with them. There were classification markings, but those were based on ministry-level policies rather than definitions under Japanese law.
Meanwhile, Japanese government employees responsible for handling that information did not go through a formal security vetting process. Their access to classified information was based singularly on their job position; that is, if the job required a person to have access to classified materials, they would have access, no questions asked. This was in part owing to the individuals’ right to privacy under Japanese law that no executive policy could trump.
Finally, there was no legal basis for punishing individuals for releasing classified information — at least nothing explicit. The government could fire an individual or, if the offense was bad enough, tie the act to some other criminal behavior. However, that was hardly a specific deterrent.
In the end, the secrets protection law was meant to upgrade Japan’s information security practices, not to make things more obscure for watchdogs and journalists. It provided rules for “specially designated secrets” — pieces of information that were specifically protected under Japanese law. Only individuals who were vetted could have access to those secrets, and there was legal recourse for any violations.
How has it worked in practice? In truth, the Japanese government is still figuring out how to implement this law. Currently, there are only 20 ministries and agencies that have used specially designated secrets, and the most frequent users are the ones observers might expect based on the intent of the law: the Ministry of Defense, Cabinet Secretariat, Ministry of Foreign Affairs and National Police Agency. Between December 2014 (when the law came into effect) and July 2021, there have only been a total of 640 specially designated secrets. There have been no prosecutions of violations under the law.
For a G7 leader and one of the top economies in the world, the number of specially designated secrets are probably on the low end of the spectrum with what could feasibly be under the scope of the law, but mature implementation will take more time for a Japanese bureaucracy that is slow to evolve. While there has been progress, the incremental nature of improvement in information security practices will continue to be an obstacle for the Japanese government as it seeks to join intelligence sharing frameworks in the near-term.
In the meantime, the deliberate, measured approach should be a welcome one for critics of the secrets protection law. So far, none of their predictions have come true, and while they may still have misgivings about how future administrations may wield the legal authority, the past eight years have demonstrated that the law will not be the harbinger of a police state.
Michael MacArthur Bosack is the special adviser for government relations at the Yokosuka Council on Asia-Pacific Studies. He previously served in the Japanese government as a Mansfield fellow.
