Japanese government will access home devices in security survey

This may seem weird, but I think the idea of what they're doing is spot on. If anyone were to get access to my things I'd rather it be the government and then have them disclose it to me. Additionally, if you don't want your information accessible you've had your notice to hire someone to lock it down or lock it down yourself. I would liken the service to the government checking the insulation on your house.

This seems like exactly what some commenters were asking for in the &quot;I Scanned Austria&quot;[1] post 9 days ago.<p>This seems like the digital version of checking for locked doors. Here in Montreal you can get a ticket for leaving your car door unlocked. This seems like a similar initiative, but one that protects against greater threats while being less punitive.<p>[1] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=19113147" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=19113147</a>

This is an interesting and innovative approach. It is essentially a grey hat operation carried out by the government to raise individual awareness about cybersecurity. Considering that the article mentions a &quot;constitutional right to privacy&quot; I&#x27;m assuming that citizens would have significant recourse if one were to prove that one&#x27;s data were leaked. It is ethically dubious but as an American whose phone calls can be tapped at any time without a warrant I am open to the idea that it is time for radical measures to improve privacy.

the following article puts it in context a lot better: <a href="https:&#x2F;&#x2F;www.ft.com&#x2F;content&#x2F;7d57b8d8-294e-11e9-a5ab-ff8ef2b976c7" rel="nofollow">https:&#x2F;&#x2F;www.ft.com&#x2F;content&#x2F;7d57b8d8-294e-11e9-a5ab-ff8ef2b97...</a><p>&quot;The huge question is what happens if, as many experts suspect, the experiment reveals major vulnerability throughout Japan. Even that shock may not do the trick. There is an awful lot of complacency to shake off and while Japan is far from alone in that, all the top-down, Society 5.0 posturing makes it hard to shift. Even with the government’s pro-IoT drumbeating in the background, said Itsuro Nishimoto, the president of Japanese cyber security group LAC, the business of IoT security is not yet growing in Japan. There remain deep, unresolved questions of whether manufacturers of IoT devices or their users should have responsibility for ensuring security and a nagging concern that the government’s mega-hack will not conjure up an answer.&quot;

What this says of course is that software vendors and security vendors are not able to or not incentivized enough protect their users, to the point the government needs to become more involved.<p>The biggest issue I see with almost all security software is that they have no idea what should or shouldn’t happen and the just punt to the user asking them to be a SME on the right behavior, and with enterprise software that’s so complex there’s no way to know if the millions of settings are what the business really intended, and very little software even allows you to express intentions beyond a low level allow deny rule. Google docs is a little better in that they talk in terms of what you’d do with a doc, but very little software is even at that basic level.

Those who don&#x27;t trust the government must already be assuming this is happening without their consent and taken the appropriate measures.<p>So I don&#x27;t really see a problem, if it results in citizens getting informed by someone other than their paranoid neighborhood tech-obsessed geek that their negligence is part of the problem.<p>I&#x27;ve been that guy in the past, there&#x27;s a substantial portion (majority?) of the American population that will pay far more attention to a government notice of vulnerability than a fellow citizen they perceive as a paranoid extremist dreaming up invisible threats.

&gt; the institute will ensure no data is leaked<p>that’s a relief

Well the five eyes, Chinese, Russians, Israelis, French and many private actors are doing this all the time anyway. May as well see what happens if a Democratic government tries to do this for a positive reason.

It is not a big leap from this to &quot;you have connected an unapproved device, we have blocked you from the network&quot; to &quot;you have been fined for connecting an unapproved device to our network&quot; or worse... some of you here may be old enough to remember the monopoly Bell had on telephones and the times when it was illegal to connect anything they did not approve of.<p>&quot;The road to hell is paved with good intentions.&quot;

I interpreted this headline very differently at first

&gt; Institute researcher Daisuke Inoue says the project&#x27;s aim is to increase the safety and security of people&#x27;s devices. He says the institute will ensure that no data is leaked.<p>Classic example of &quot;what could go wrong&quot;?

For an overview of Japan&#x27;s current Internet exposure check out: <a href="https:&#x2F;&#x2F;exposure.shodan.io&#x2F;#&#x2F;JP" rel="nofollow">https:&#x2F;&#x2F;exposure.shodan.io&#x2F;#&#x2F;JP</a>

&quot;The institute says it will keep under wraps any data obtained in the survey.&quot;<p>Unless someone better at scanning for vulnerabilities finds a hole in their system.

Why would anyone ever be okay with this? Regardless of the country or soft the culture is - this should never be seen as &quot;okay&quot; or &quot;passive&quot; in any way.

Searches and Inspections in Noncriminal Cases <a href="https:&#x2F;&#x2F;law.justia.com&#x2F;constitution&#x2F;us&#x2F;amendment-04&#x2F;05-searches-and-inspections-in-noncriminal-cases.html" rel="nofollow">https:&#x2F;&#x2F;law.justia.com&#x2F;constitution&#x2F;us&#x2F;amendment-04&#x2F;05-searc...</a>