INTRODUCTION
Overview
Nowadays, cybersecurity has become one of global issues since Internet has been the center of many crucial activities of human beings due to its convenience, including connecting with other people, online shopping, entertainment… and collecting information However, this environment is totally not safe as it seems:
The more people using Internet, the more of their private information will be put onto it and this information can be used for cybercrime and malicious cyberattack, threatening human rights and properties of the owners The target could be any legal person, from individuals to groups, organizations, and even government agencies
Cybercrime are also creating more heavy damages than ever before: According to the report from McAfee (2018) – One of worldwide security companies, the cost of cybercrime in 2016 was $4.2 trillion; In the case of WannaCry ransomware attack only in 2017, the losses could reach $4 billion with more than 100.000 groups over
150 countries had been affected (CBS News, 2017)
Consider the number of cyberattacks which increases sharply in these decades, together with the awareness about the possible damages which cyberattack can create, many governments have made their moves by built cybersecurity legal framework, including Vietnam On June 12 th 2018, Vietnamese Cybersecurity Law was officially passed with the approval of 423 Assembly members (86,86% of the total members of the National Assembly), and has been enforced from January 1 st
2019 After being approved by the Assembly, there are many people who has raise their voice referring to the content of this law Many people worried that their basic human rights will be violated, including the freedom of speech, the right of access to information and their privacy since the law has mentioned about the responsibilities of Internet service providers and other enterprises provide their services on the Internet, which includes verify the identification of the users, provide the information regarding the users to the professional cybersecurity force of the Ministry of Public Security when they request, prevent and delete the information which is considered as illegal, including: Against the Vietnamese government, disturbing the public, national secrets A large number of organizations, groups and activists in Vietnam are also shown their concerns regarding how the Cybersecurity Law will affect their activities in the future, including UN Human Rights, American Chamber Commerce, and so on.
Why choose this topic?
a) Cyberspace is important to our current life:
With the increasing of Internet users and activities which are happening on the cyberspace, it is clear that the cyberspace is becoming an inseparable part of our life According to Statista (2019), approximately 4.4 billion people were active Internet users as of April 2019, encompassing 58% of the global population In some countries such as UAE, Iceland, Norway, Qatar… the online usage rate is 99% (Statista, 2019) Being able to store and exchange a massive amount of information without limitation of time and space are also some of the strongest characteristics of cyberspace Over the last two years alone, 90 percent of the data in the world was generated and each day, there are 2.5 quintillion bytes of data created at our current pace (Marr B., 2018) Thanks to these amounts of information and the speed of information flows, human being can connect to each other, despite of distance and time, together with doing other activities such as online shopping, mobile banking, studying through online classes and so on Regarding the number of possibility activities are increasing, the barrier between cyberspace and real space is also become blur This also means that the attacks come from cyberspace can also create heavy damage in reality, with a larger scale and it is much harder to find out the culprit In order to prevent and keep the damage at minimum, governments have been put many efforts in improving cybersecurity and building a cybersecurity legal framework is one of them b) There is no proper research about current Vietnamese cybersecurity legal framework in general and comparative research about Vietnamese cybersecurity legal framework and Japanese cybersecurity legal framework in particular:
While Vietnamese Cybersecurity Law was just passed last year and the concept of cybersecurity still new to the people, Japan is the first country in G7 (including France, Germany, the U.S, England, Canada, Italy and Japan) implemented “Basic Act on Cybersecurity” as a specific law for cybersecurity (Kazuyasu S and Masaya H., 2018) Therefore, Japan has had a long time in implementing cybersecurity law than other countries Moreover, Japan is also well- known as a country with high technology, thus this country may have more experiences about dealing with cyberattack.
Definitions
In this paper, some inportant key terms will be applied definitions as below:
Legal framework can be understood as a set of specialized legal regulations which manage same kind of social relations to ensure these relations can work in unity and maintain the social order Cybersecurity legal framework is a set of specialized legal regulations manage relations between all the stakeholders which are related to cybersecurity This can include the Constitution, Criminal Law, Cybersecurity Law and other legal documents
In order to point out what are the differences between two legal frameworks, this paper will use two definitons of cybersecurity which are mentioned in the main cybersecurity law of each system a) In the case of Japan, the definition of cybersecurity will be taken from the Basic Act on Cybersecurity, which is “the necessary measures that are needed to be taken to safely manage information, such as prevention against the leak, disappearance, or damage of information magnetic, or other means unrecognizable by natural perceptive functions (hereinafter in this section referred to as "Electronic or Magnetic Means"); and to guarantee the safety and reliability of information systems and information and telecommunications networks (including necessary preventive measures against malicious activities toward electronic computers through information network or storage media for information created by electronic or magnetic means (hereinafter referred to as "Electronic or Magnetic Storage Media")), and that those states are appropriately maintained” b) In the Cybersecurity Law in 2018 of Vietnam, the term “cybersecurity” can be understood as “assurance that activities in cyberspace do not harm national security, public order, the lawful rights and interests of any organization or individual”
Similar to the term “cybersecurity”, other related terms such as cyberspace, cyberattack and cybercrime will also use two definitions from both countries:
- Cyberspace and National cyberspace: a) In the Cybersecurity Strategy in 2015 of Japan, cyberspace has been defined as “an artificial domain for the free exchange of ideas without being constrained by national borders” and “an intangible frontier of infinite values generated by intellectual creations and innovations inspired by the ideas globally exchanged” b) In Vietnam, “cyberspace” means a network of information technology
(IT) infrastructure which includes telecommunications network, the Internet, computer network, communication systems, information processing and control systems, databases; cyberspace is where people’s activities are not limited by space and time (National Assembly, 2018)
Beside the definition of cyberspace, Vietnamese Cybersecurity Law also mentions the term “national cyberspace”, which has been defined as “a cyberspace established, managed and controlled by the Government”
- Cyberattack: a) In the Cybersecurity Law of Vietnam, “cyberattack” has been explained as “the use of cyberspace, information technology or electronic devices to sabotage or interrupt the telecommunications network, the Internet, computer network, communication systems, information processing and control systems, databases or electronic devices” b) In Japan, while this terms is not defined in the cybersecurity law, according to Japanese Ministry of Defense (n.d.), “cyberattack” can be understood as “abuse of information and communications networks, information systems to make an unauthorized access, steal, falsify or destroy information, cause information systems to cease functioning or to malfunction, execute a malicious program or implement a DDoS attack (distributed denial of service attack) through cyberspace”
- Cybercrime: a) The term “cybercrime" has been defined as “a crime that involves the use of cyberspace, information technology or electronic devices as defined in Criminal Code” in Vietnamese Cybersecurity Law b) On the contrary, instead of giving a general definition, the National Police Agency of Japan only mentions that cybercrime consists of three categories; "Violation of Unauthorized Computer Access Law",
"Crime against computer/data" and "Internet Crime" (National Police
Purpose of the research
This research purpose is to find out the differences between cybersecurity legal frameworks in Japan and Vietnam and the reasons why they happen From that point, the author will find out the effects which caused by these two legal structures and analyze what is the strong points and weaknesses from both flameworks, and how to improve both of them
- What are the differences between Vietnamese and Japanese cybersecurity legal frameworks?
- What are the effects caused by these differences?
In this paper, comparative research method will be used to compare and analyze Japanese and Vietnamese cybersecurity legal frameworks in general in order to find out the differences and similarities between these frameworks Later, these characteristics will be explained base on the background information of each country, the theory of Rule of Law – Separation of powers for Japan and the theory of Socialist state ruled of law in the case of Vietnam Through these explanation, this thesis will show the advantages, disadvantages and effects of each legal framework
2 Cyberspace, cybersecurity, cyberattack and cybercrime:
In order to be able to analyze each legal framework referring to cybersecurity, it is necessary to know how these governments define four keywords: Cyberspace, cybersecurity, cyberattack and cybercrime since these terms are strongly related to each other and the government will build legal documents related to cybersecurity base on their definitions
For the definitions of “cybersecurity”, this paper will mention the definitions which are used in Basic Act on Cybersecurity (2014 – Amended 2018) of Japan and Cybersecurity Law (2018) of Vietnam In the Basic Act on Cybersecurity,
“cybersecurity” has been defined as “the necessary measures that are needed to be taken to safely manage information, such as prevention against the leak, disappearance, or damage of information which is stored, sent, in transmission, or received by electronic, magnetic, or other means unrecognizable by natural perceptive functions (hereinafter in this section referred to as "Electronic or Magnetic Means"); and to guarantee the safety and reliability of information systems and information and telecommunications networks (including necessary preventive measures against malicious activities toward electronic computers through information network or storage media for information created by electronic or magnetic means (hereinafter referred to as "Electronic or Magnetic Storage Media")), and that those states are appropriately maintained” - which means
Japanese government has seen cybersecurity in technical aspect while in the case of Vietnam, the definition of “cybersecurity” is “assurance that activities in cyberspace do not harm national security, public order, the lawful rights and interests of any organization or individual”– which means Vietnamese government has seen cybersecurity in political and legal aspect Outside of the term
“cybersecurity”, Vietnamese government also defined “cyberspace”, “cyberattack”, and “cybercrime” in Cybersecurity Law, while Japan define these terms in different documents: The definition of “cyberspace” can be found in Japan Cybersecurity Strategy 2015, “cyberattack” was defined by Ministry of Defense (Ministry of Defense, n.d.) and “cybercrime” was defined by National Police Agency(National Police Agency, 2003)
3 Japanese and Vietnamese cybersecurity legal frameworks:
Outside of main legal documents which are directly dedicated to cybersecurity in Japan are Basic Act on Cybersecurity (2014 – Amended 2018) and Cybersecurity Strategy (2018), other regulations related to cybersecurity are:
• Penal Code (1907 – Amended 2017) – which mentions about Computer Fraud (Article 246-2), Damaging of Documents for Government Use (Article
• Installment Sales Act (1961 – Amended 2018) – which now required online businesses handle credit card data appropriately and implement faud prevention measure;
• Unfair Competition Prevention Act (1993 – Amended 2015) – showing what kinds of activity are considered as unfair competition;
• Unauthorized Computer Access Prohibition Act (1999 – Amended 2013);
• Act on the Protection of Personal Information (2003) – which mentions about collecting, retaining, handling personal information;
• Act on Protection of Specially Designated Secrets (2013) – Mentioning information which is considered as specially designated secrets and people who handle them
Similar to Japan, together with the Cybersecurity Law (2018) as main legal document dealing with cybersecurity, other law such as Criminal Code (2015 – Amended 2016), Law on E-transactions (2005), Law on Network Information Security (2015)… are also mention about cybersecurity in one way of another
Since Japan is the first country in G7 promulgated a specific law which is dedicated to cybersecurity, there are several researches referring to Japanese cybersecurity legal system and policies which has shown how the cybersecurity legal framework of Japan has changed from time to time, including Japan’s Changing Cybersecurity Landscape by Nir Kshetri (2014); Review of the Japan Cybersecurity Stratery by Yoko Nitta (2014); Reseach Report on Cybersecurity and Privacy in the APT (Asia-Pacific Telecommunity) member Countries from Korea Internet & Security Agency – KISA (2016)… In the case of Vietnam, since the Cybersecurity Law has just passed on June 2018 there is still no proper research related to this legal document and cybersecurity legal framework of Vietnam in general, only some reports from Ministry of Public Security, National Assembly or Ministry of Justice
It is also essential to take a look at the background of both countries to figure out why cybersecurity legal framework is needed Together with the information from the Cybersecurity Strategies from years to years and the goals of Abenomics, this paper also consider about the real situation which is happenning in Japan base on the report and information from several newspapers, such as Reuters, Nikkei Asian Review, The Diplomat…
Based on the history and the characteristics of Japanese law and Japanese government system which has been shown through Introduction to Japanese Law by Yoshiyuki Noda (1976); Japanese Law and Legal Theory by Koijiro Fujikura
(1996); The spirit of Japanese Law by John Owen Haley (1998) and Japanese Law by Hiroshi Oda (2009), it is quite clear that the contemporary legal system is the result of adapting both American system and Civil law system (from France and Germany) in the context of Japan The Rule of Law, which is the fundamental principle underlying the present Constitution of Japan (Hiroshi O., 2009), also become a crucial element in the entire Japanese legal system and cybersecurity legal framework is no exception
5 Theory of Rule of Law and Socialist state ruled of law:
To understand the spirit of Vietnamese and Japanese legal framework in general and the will of the government behind the main cybersecurity legal documents, it is necessary to know more about the theory of Rule of Law which was applied in the case of Japan and the theory of Socialist state ruled of law in the case of Vietnam Outside of documents which are related to Japanese law have been mentioned above, this paper also studied about Rule of Law from The Spirit of the Laws by Montesquieu (1748) and On the Social Contract; or, Principles of Political Rights by Jean-Jacques Rousseau (1762) For the theory of Socialist state ruled of law, there are several papers such as Theory of Socialist state ruled of law by Le
Cong Dinh (2007); Socialist state ruled of law of the people, by the people, for the people under the leadership of Vietnamese Communist Party – Achievements and development orientation by Dao Tri Uc (2008); Building socialist state ruled of law in Vietnam at the moment by Tran Thanh (2008) …
- Due to the lack of time and capacity, this research can mainly focus on legal documents which are having the most effects related to cybersecurity in each country
- Since the topic is about legal frameworks, other factors outside legal aspect which are also affecting the reality will not be mentioned or be mentioned much in this paper.
Methodology
In this paper, comparative research method will be used to compare and analyze Japanese and Vietnamese cybersecurity legal frameworks in general in order to find out the differences and similarities between these frameworks Later, these characteristics will be explained base on the background information of each country, the theory of Rule of Law – Separation of powers for Japan and the theory of Socialist state ruled of law in the case of Vietnam Through these explanation, this thesis will show the advantages, disadvantages and effects of each legal framework.
Literature review
2 Cyberspace, cybersecurity, cyberattack and cybercrime:
In order to be able to analyze each legal framework referring to cybersecurity, it is necessary to know how these governments define four keywords: Cyberspace, cybersecurity, cyberattack and cybercrime since these terms are strongly related to each other and the government will build legal documents related to cybersecurity base on their definitions
For the definitions of “cybersecurity”, this paper will mention the definitions which are used in Basic Act on Cybersecurity (2014 – Amended 2018) of Japan and Cybersecurity Law (2018) of Vietnam In the Basic Act on Cybersecurity,
“cybersecurity” has been defined as “the necessary measures that are needed to be taken to safely manage information, such as prevention against the leak, disappearance, or damage of information which is stored, sent, in transmission, or received by electronic, magnetic, or other means unrecognizable by natural perceptive functions (hereinafter in this section referred to as "Electronic or Magnetic Means"); and to guarantee the safety and reliability of information systems and information and telecommunications networks (including necessary preventive measures against malicious activities toward electronic computers through information network or storage media for information created by electronic or magnetic means (hereinafter referred to as "Electronic or Magnetic Storage Media")), and that those states are appropriately maintained” - which means
Japanese government has seen cybersecurity in technical aspect while in the case of Vietnam, the definition of “cybersecurity” is “assurance that activities in cyberspace do not harm national security, public order, the lawful rights and interests of any organization or individual”– which means Vietnamese government has seen cybersecurity in political and legal aspect Outside of the term
“cybersecurity”, Vietnamese government also defined “cyberspace”, “cyberattack”, and “cybercrime” in Cybersecurity Law, while Japan define these terms in different documents: The definition of “cyberspace” can be found in Japan Cybersecurity Strategy 2015, “cyberattack” was defined by Ministry of Defense (Ministry of Defense, n.d.) and “cybercrime” was defined by National Police Agency(National Police Agency, 2003)
3 Japanese and Vietnamese cybersecurity legal frameworks:
Outside of main legal documents which are directly dedicated to cybersecurity in Japan are Basic Act on Cybersecurity (2014 – Amended 2018) and Cybersecurity Strategy (2018), other regulations related to cybersecurity are:
• Penal Code (1907 – Amended 2017) – which mentions about Computer Fraud (Article 246-2), Damaging of Documents for Government Use (Article
• Installment Sales Act (1961 – Amended 2018) – which now required online businesses handle credit card data appropriately and implement faud prevention measure;
• Unfair Competition Prevention Act (1993 – Amended 2015) – showing what kinds of activity are considered as unfair competition;
• Unauthorized Computer Access Prohibition Act (1999 – Amended 2013);
• Act on the Protection of Personal Information (2003) – which mentions about collecting, retaining, handling personal information;
• Act on Protection of Specially Designated Secrets (2013) – Mentioning information which is considered as specially designated secrets and people who handle them
Similar to Japan, together with the Cybersecurity Law (2018) as main legal document dealing with cybersecurity, other law such as Criminal Code (2015 – Amended 2016), Law on E-transactions (2005), Law on Network Information Security (2015)… are also mention about cybersecurity in one way of another
Since Japan is the first country in G7 promulgated a specific law which is dedicated to cybersecurity, there are several researches referring to Japanese cybersecurity legal system and policies which has shown how the cybersecurity legal framework of Japan has changed from time to time, including Japan’s Changing Cybersecurity Landscape by Nir Kshetri (2014); Review of the Japan Cybersecurity Stratery by Yoko Nitta (2014); Reseach Report on Cybersecurity and Privacy in the APT (Asia-Pacific Telecommunity) member Countries from Korea Internet & Security Agency – KISA (2016)… In the case of Vietnam, since the Cybersecurity Law has just passed on June 2018 there is still no proper research related to this legal document and cybersecurity legal framework of Vietnam in general, only some reports from Ministry of Public Security, National Assembly or Ministry of Justice
It is also essential to take a look at the background of both countries to figure out why cybersecurity legal framework is needed Together with the information from the Cybersecurity Strategies from years to years and the goals of Abenomics, this paper also consider about the real situation which is happenning in Japan base on the report and information from several newspapers, such as Reuters, Nikkei Asian Review, The Diplomat…
Based on the history and the characteristics of Japanese law and Japanese government system which has been shown through Introduction to Japanese Law by Yoshiyuki Noda (1976); Japanese Law and Legal Theory by Koijiro Fujikura
(1996); The spirit of Japanese Law by John Owen Haley (1998) and Japanese Law by Hiroshi Oda (2009), it is quite clear that the contemporary legal system is the result of adapting both American system and Civil law system (from France and Germany) in the context of Japan The Rule of Law, which is the fundamental principle underlying the present Constitution of Japan (Hiroshi O., 2009), also become a crucial element in the entire Japanese legal system and cybersecurity legal framework is no exception
5 Theory of Rule of Law and Socialist state ruled of law:
To understand the spirit of Vietnamese and Japanese legal framework in general and the will of the government behind the main cybersecurity legal documents, it is necessary to know more about the theory of Rule of Law which was applied in the case of Japan and the theory of Socialist state ruled of law in the case of Vietnam Outside of documents which are related to Japanese law have been mentioned above, this paper also studied about Rule of Law from The Spirit of the Laws by Montesquieu (1748) and On the Social Contract; or, Principles of Political Rights by Jean-Jacques Rousseau (1762) For the theory of Socialist state ruled of law, there are several papers such as Theory of Socialist state ruled of law by Le
Cong Dinh (2007); Socialist state ruled of law of the people, by the people, for the people under the leadership of Vietnamese Communist Party – Achievements and development orientation by Dao Tri Uc (2008); Building socialist state ruled of law in Vietnam at the moment by Tran Thanh (2008) …
Limitation of the research
- Due to the lack of time and capacity, this research can mainly focus on legal documents which are having the most effects related to cybersecurity in each country
- Since the topic is about legal frameworks, other factors outside legal aspect which are also affecting the reality will not be mentioned or be mentioned much in this paper.
COMPARISION BETWEEN VIETNAMESE AND JAPANESE
Japanese cybersecurity legal frameworks
Even though Japan has always well-known as a developed country with high technology, it seems that this thought is not correct in the case of cybersecurity The Japanese government has started facing cyberattacks since 2000s when Japanese government website was defaced for the first time in January, 2000 (Tomoo Y.,
2017) After that, some efforts have been made such as the establishment of IT Strategic Headquarters (2000), National Information Security Center (2005) and Information Security Policy Council (2005) (Tomoo Y., 2017), together with basic strategies of information security, yearly plans, government agency and critical infrastructure measures However, at that time, Japan still did not considered cyberattacks as a national security threat, if not neglected them: Despite the fact that many Japanese government agencies, especially Ministry of Defense gets hacked every day, no one at this ministry understands cyberspace and therefore they cannot do anything, only watch and simply report that there has been an attack (Ruairidh
V., 2013) While there is opinion that the cyberattacks on Lower House Diet and defense contractor Mitsubishi Heavy Industries in 2011 had helped raising concerns and open the eyes of both Japanese policymakers and business executives (Kshetri N., 2014), cybersecurity was only officially recognized as national security and crisis management problem from 2013, started with Cybersecurity Strategy which was determined on June 10, 2013, by Policy Council (Tomoo Y., 2017) In 2014, by promulgating Basic Act on Cybersecurity in 2014, Japan become the first country in G7 which has a separate law dedicates to cybersecurity From that point, this country continues to invest more in cyberspace in general Through several Cybersecurity Strategies, reforming and strengthening the system which is in charge of applying and promoting cybersecurity, Japan is moving toward the goal of creating Society 5.0 and prepare for Olympic and Paralympic Games Tokyo 2020
2.1.2 Characteristics of Japanese cybersecurity legal framework
Today, the Basic Act on Cybersecurity is the main law about cybersecurity
After this law was enforced, legal documents which were used to stipulated part of cybersecurity before such as Telecommunications Business Act (1984), Penal Code
(1907 – Amended 2007), Act on Prohibition of Unauthorized Computer Access
(1999 – Amended 2013), Basic Act on the Formation of an Advanced Information and Telecommunications Network Society (2000) and Act on Protection of Specially Designated Secrets (2013) are still valid and having important role in supporting the Basic Act on Cybersecurity With the Basic Act on Cybersecurity as the centre, some features of Japanese cybersecurity legal framework can be seen, includes:
• Maintaining cybersecurity while trying to protect the nature of cyberspace
Japan wants to aim for cybersecurity with the minimum of interfering the flow of information and the nature of cyberspace Starting with the way the term
“cyberspace” was defined in Cybersecurity Strategy in 2015 as “an artificial domain for the free exchange of ideas without being constrained by national borders” and
“an intangible frontier of infinite values generated by intellectual creations and innovations inspired by the ideas globally exchanged” Base on this definition, cyberspace in Japanese Government point of view has two features:
- Cyberspace is not constrained by time or space: In the real world, the space is limited and each country is separate from each other by national border On the cyberspace, such limitation does not exist at all Thanks to such nature, people can communicate and enjoying services from other places in the world without being hold down by physical factors
- Cyberspace contains unlimited resources and free flow of information: As mentioned above, the capacity of cyberspace is unlimited due to the fact that it is not constrained by time and space
Since cyberspace has a large number of users and demands for exchange information/knowledge on cyberspace are tremendous, the amount of information which is uploaded and exchange on cyberspace is also monstrous
In the Cybersecurity Strategy in 2018, the Government of Japan has shown their commitment by confirming to create a “free, fair and secure cyberspace”:
The basic ideals to which Japan will adhere to contribute to the objectives of the Basic Act is to aim for a “free, fair and secure cyberspace.” Such a cyberspace means a secure cyberspace in which the freedom of expression and economic activities of all actors active therein is guaranteed without any discrimination or exclusion with no justifiable reasons, and where unlawful activities such as the theft of information or assets are not allowed
By choosing to maintain these characteristics of cyberspace, the Japanese government can guarantee that the right of expression and right of access to information of the people will be ensured This allow people to freely express their own ideas and arguments, especially when their ideas are against the others In this way, controversial problems can be discussed and everyone can see the issues in different aspects, therefore people can understand the problems better and having more advantages in finding solutions Moreover, since people can access to information freely, they will have more change to gain knowledge they needed in several sources so that they could compare them to each other and finding which one is true and which one is not accurate For people who are in academic environment, such condition is the best for them to pursue their study further For the citizen, they can give their own opinions (even if such opinion is negative) from the bottom of their heart to make their nation better without worry about being punished For the government, they can receive feedbacks from their people as fast as they could and think about how to improve the situation
• Responsibility of maintaining cybersecurity mainly belongs to the public sector, but cooperation between all stakeholders are highly recommended
The responsibilities of all stakeholders are mentioned from Article 4 to Article
9 of the Basic Act on Cybersecurity However, while the public sector entities (central government, local governments, critical information infrastructure (CII) operators) must take the responsibility about cybersecurity, other parties (Enterprises, educational and research organizations, citizens) are encouraged to voluntary and cooperate with the government in applying cybersecurity The reason is also come from the nature of cyberspace: Since cyberspace is not restricted by time and space, cyberattacks can come anytime without any caution and it is difficult to find out who is the attacker Therefore, prepare and prevent cyberattacks are easier and effective rather than tracking the culprit And then, due to the fact that cyberspace is crucial for contemporary Japanese economy and national security, the government must take the main role in making a secure cyberspace Again, since cyberspace is a place which doe not have any border and anyone can become targets of cyberattacks, no one can protect the cybersecurity by themselves alone and because of that, cooperation between stakeholders is needed
• Cybersecurity in the context of Japan is in technical aspect rather than political aspect
In the case of Japan, cybersecurity in general and methods to secure cyberspace has been mentioned in technical aspect rather than political aspect - this can be seen not only in the Basic Act of Cybersecurity but also other legal documents Starting with the definition of cybersecurity: Article 2 of the Basic Act on Cybersecurity defined cybersecurity as “the necessary measures that are needed to be taken to safely manage information, such as prevention against the leak, disappearance, or damage of information which is stored, sent, in transmission, or received by electronic, magnetic, or other means unrecognizable by natural perceptive functions (hereinafter in this section referred to as "Electronic or Magnetic Means"); and to guarantee the safety and reliability of information systems and information and telecommunications networks (including necessary preventive measures against malicious activities toward electronic computers through information network or storage media for information created by electronic or magnetic means (hereinafter referred to as "Electronic or Magnetic Storage Media")), and that those states are appropriately maintained.” Next, in two
Cybersecurity Strategy in 2015 and 2018, the role of cyberspace, together with policy approarches are very specific and highlight about the importance of new technology which are directly related to cyberspace such as artificial intelligence (AI), Internet of Things (IoT), finance services using new technology (Fintech)… and what kind of measures should be done in order to prevent risks from cyberspace toward them By explaining about cybersecurity and related topics in technical aspect, it is easier to all stakeholders to understand clearly what they should do in order to implement cybersecurity in their case
• Main authority of secure cybersecurity belongs to the Cybersecurity Strategic Headquarters and National Center of Incident Readiness and Strategy for Cybersecurity (NISC):
According to the Basic Act on Cybersecurity, the Cybersecurity Strategic Headquarter has many functions which mainly focus on improving cybersecurity mainly base on the cooperation of other national organs (Article 25) Moreover, this Headquarter can also request the submission of materials, the presentation of opinion, explanation and any other necessary cooperation from: the heads of local governments and Incorporated Administrative Agencies; the deans of national university corporations (referring to national university corporations prescribed under Article 2, paragraph (1) of the National University Corporation Act (Act No.112 of 2003)); the heads of inter-university research institute corporations (referring to inter-university research institute corporations prescribed under Article
2, paragraph (3) of the Act); the President of the Japan Legal Support Center (referring to the Japan Legal Support Center prescribed under Article 13 of the Comprehensive Legal Support Act (Act No 74 of 2004)); the representatives of Special Corporations and authorized corporations (referring to juridical persons incorporated by a special act and where the approval of a governmental entity is required for their incorporation and associated matters), the representative of the relevant entity facilitating Cybersecurity-related communication and coordination with domestic and foreign parties concerned (Article 31, Clause 1) and other parties (Article 31, Clause 2) Together with Cybersecurity Strategic Headquarters, NISC also has a big role in maintaining cybersecurity by doing cybersecurity audit, analyzing incident through investigation and cooperate with the local government.
Vietnamese cybersecurity legal framework
As reported by Internet World Stats, Vietnam is in the Top 20 countries which have the most Internet Users in the world (Internet World Stats, n.d.) After
20 years since the Internet was officially provided to the people in 1997, the percentage of the population which use the Internet in Vietnam has sharply raises from 0.004% to more than 46.5% in 2016, according to the World Bank Data (World Bank, n.d.) Together with increasing in number of users, the risks from the
Internet are also increasing Beside the fact that Vietnam is also a target of cyberattacks just like any country in the world and cybercrimes in Vietnam are becoming more and more complicated to the extent that current legal documents are not enough anymore, one of the biggest problems which raising concerns of Vietnamese government are the movements from anti-government groups and individuals on the Internet Since the amount of information on cyberspace is enormous, together with the fact that they are easy to be spread and hard to track the sources, it is a big challenge to the authority to control the flow of information, especially the kind of information which is negative and malicious toward them, including false information, confidential information, and information which will put them into difficult situations once it is spread In order to deal with these situations, the Cybersecurity Law was promulgated and enforced starting from January, 2019 However, this law has been criticized by several stakeholders because people worry that it will limit the freedom of expression, become a violation of privacy and decrease investment in Vietnam
2.2.2 Characteristics of Vietnamese cybersecurity legal framework
Similar to Japan, before Cybersecurity Law was promulgated there are some legal documents which are somehow related to cybersecurity such as Law on E- transaction in 2006 (specified about transaction on electronic devices), Criminal Law in 2015 (Chapter XXI, Section 2, from Article 285 to Article 294 mentions about cybercrime and punishments) and Law on Cyberinformation Security in 2015 (stipulating matters about information in cyberspace) Together with these legal documents, Vietnamese Communist Party also implemented several resolutions and directives which are about directions of developing information infrastructure such as Resolution No 13-NQ/TW of the 4 th Plenum of the 11 th Party Central Conference, on January 16, 2012; Directive No 46-CT/TW of Political Bureau…
Although these documents are not legally binding, they are the base of major Vietnamese laws since the content of them will be legalized into laws after that
Through these legal documents, some characteristics of the cybersecurity legal framework of Vietnam can be seen, for example:
• Law enforcement in general and cybersecurity protection in particular must be put under the leadership of Vietnamese Communist Party
The principle “enforcement must be put under the leadership of Vietnamese Communist Party” is applied for every single type of legal documents in Vietnam and the Cybersecurity Law is not an exception In the Article 4, Clause 2 of
Cybersecurity law has mentioned: “Cybersecurity protection will be carried out under leadership of Vietnam’s Communist Party and management of the State” -
This means any actions related to cybersecurity must follow the will of Vietnamese Communist Party
• One of methods which will be use for maintaining cybersecurity is managing the information inside cyberspace
If one of basic principles of maintaining cybersecurity in Japan is secure the cyberspace while ensure the free flow of information on cyberspace, then in Vietnam, control the flow of information (or control how people can access information) is necessary for the sake of maintaining cybersecurity For more details, the idea of control information has appeared in the Resolution No 13- NQ/TW of the 4 th Plenum of the 11 th Party Central Conference in 2012 through
“enhancing management of information on the Internet, social networks and individual blogs” (Central Executive Committee of Communist Party, 2012) Next, this feature can be seen in Cybersecurity Law through several articles, for example:
- According to Article 5, point i and point l at the first Clause, cybersecurity protection measures also include “Request for removal of illegal or false information in cyberspace which violates national security, disrupts public order or violates lawful rights and interests of other organizations or individuals” and “Block or restrict activities of certain information system; termination, suspension or request for termination of certain information system; revocation of domain names”.This means if an information is considered as illegal or false and violates national security/disrupts public order/violates lawful rights and interests of other organizations or individuals will be requested to be removed, and the government also have the authority of limiting the access of people toward certain information system if they want Article 16 and Article 26 has point out that information which commits one of the acts below will be consider as illegal information, including:
(a) Oppose the government of Socialist Republic of Vietnam;
(b) Disrupt social order and violates national security;
If an information has been considered as illegal, it will be not allow on website, web portals and social media pages of any organization or individual
- Article 26 mentioned that domestic and overseas providers of telecommunications services, Internet services and value added services in Vietnam’s cyberspace must:
(a) Verify users’ information when they open digital accounts;
(b) Provide users’ information for professional cybersecurity forces of the Ministry of Public Security upon request document to serve investigation into cybersecurity violations;
(c) Block and delete information mentioned in Clause 1 to Clause 5 of Article 16 of this Law on their services or information systems within
24 hours after a request is given by the cybersecurity force of the Ministry of Public Security or a competent authority of the Ministry of Information and Communications
- Article 26 also mentioned “Domestic and overseas providers of in Vietnam’s cyberspace that collect, analyze or process private information or data about relationships of their service users or data created by their service users in Vietnam shall retain such data for a specific period of time defined by the Government Overseas enterprises mentioned in this Clause shall open branches or representative offices in Vietnam”
• The cooperation between all stakeholders is compulsory
Although both Vietnam and Japan legal systems require cooperation from all stakeholders in implementing cybersecurity, cooperation between the government and other stakeholders is compulsory in Vietnamese law, which has been showed in Article 26 as mentioned above and other Article such as Clause 8 (Internet and online providers must cooperate with the government to handle information which is violate the law), Clause 9 (Internet users who post illegal information must remove/delete it at the request from professional cybersecurity force) of Article 16, Point b, Clause 2 of Article 21…
• Cyberspace also has border just like a nation in real world
In the Article 2 of Cybersecurity Law, beside the definition of “cyberspace” there is also the term “national cyberspace”, which means “a cyberspace established, managed and controlled by the government” While cyberspace is still defined as “where people’s activities are not limited by space and time”, by define what is “national cyberspace” the Vietnamese government has shown that there is a special kind of cyberspace, or rather a part of the entire cyberspace is still be managed by the government and therefore, any entity using services or having activities on such cyberspace must follow the rules of the creator – in this case, the government Based on this logic, once people are considered using Vietnam’s cyberspace, no matter which nationality they are and what kind of services they use, they have to follow Vietnamese law just like in real life where they have to follow Vietnamese law as long as they are in Vietnam For more details, Article 26 mentions responsibility of enterprises which are providers of telecommunications services, Internet services and value-added services in Vietnam’s cyberspace about what they have to do with information which are consider illegal, how they should treat the person who violated the law and what they have to do with their users’ data
This Article also mention that these enterprises must retain users’s data for a specific period of time defined by the government and the overseas enterprises which are providers of telecommunications services, Internet services and value- added services in Vietnam’s cyberspace must open branches or representative offices in Vietnam However, this argument seems to have some problems:
- First of all, it is almost impossible to know where is the limitation of national cyberspace According to the Article 26, conpany provides services which are related to cybersecurity on Vietnam’s cyberspace will have to follow the law of Vietnam and if they do not follow, they will have to face punishment from the government However, since cyberspace are not limited by time and space, it is possible to users in Vietnam to use online services which are provided by companies from other nations (which does not have branches or representative offices in Vietnam) and vice versa For example, A is a Vietnamese and M company is a Japanese enterprise M company makes game which allows people all over the world can play and pay by using credit card or online banking, then A find out how to download such game and play it In that case, is it possible to the government interfere in these transaction and asking the company to follow Vietnamese law?
- Secondly, create such border can also limit the legitimate right of access to information of the people Since information are unlimited and very hard to control, beside of the removing information method, the government mostly will ask the Internet providers in Vietnam to block the IP address of certain websites which the government doubts that most of anti-government information will come from them However, blocking these websites does not mean this information will disappear, it is just that most of the people who use Internet in Vietnam cannot access to them For example, BBC is one of the online newspapers which has been blocked in Vietnam because of posting several articles which can be considered as against the Vietnamese Communist Party and Vietnamese government Other domains such as Wattpad.com, Blogspot.com are also blocked by some Internet providers due to the fact that there are some bloggers use their blogs to express their opinions against the government
Although most of the people who live in Vietnam cannot access to this website, people who bypass the firewall or who are using the Internet in other countries can still access to it And while the government can ensure that not many people would know about anti-government information from these websites due to blocking, the Vietnamese citizen are constrained from accessing the knowledge in other aspects which is shared on those websites
- Last but not least, data localization is still a controversial issue
According to the Article 26, Internet and online services provider enterprises must retain users’s data for a specific period of time defined by the government and the overseas enterprises which are providers of telecommunications services, Internet services and value-added services in Vietnam’s cyberspace must open branches or representative offices in Vietnam Moreover, Article 25 and Article 26 of the draft of new regulation for Cybersecurity Law mention in a more details way about what kind of enterprise must stored users’s data and open branches or representative offices, together with the minimum time limitation that these companies have to keep users’ data Even though the law is not mentioning directly, in order to saving the data base on how the law has requested, these enterprises will need to put their servers within the border of Vietnam While saving the data can help when cybercrime happen and the demand of tracking culprits are needed, not only these servers will easily become target of cyberattacks but the price for creating them can also making more burden to companies and put them into considering if they should continue to invest in Vietnam
• Cybersecurity in the context of Vietnam is in political aspect rather than technical aspect
Similarities between Japanese and Vietnamese legal frameworks
While current Japanese and Vietnamese legal frameworks are different in general, there are also several similarities betweens these two structures, includes:
- Highlight the importance of cooperation between these stakeholders with each other: Both Cybersecurity Law of Vietnam and the Basic Act on Cybersecurity of Japan mention about the responsibilities of all stakeholders and emphasize the cooperation between them
- Having law which regulates about handling personal information in general and handle on cyberspace in particular:
Right to privacy is one of the constitutional rights in both Vietnam and Japan This right has been secured not only by important legal documents such as the Constitution, Criminal Law or Civil Code but also other specific laws In addition, personal information is not only crucial for the person who has itself but also a very crucial source on cyberspace for the Government and other parties such as business entities, swindlers and hackers since it can bring a massive amount of money to these parties
Therefore, secure personal information is also being considered as an important part in secure cybersecurity
While Japan has a law called Act on the Protection of Personal Information which appoints how to handle the personal information properly, Vietnam dedicates the Section 2 of Chapter II in the Law on cyberinformation security (from Article 16 to Article 20) for regulating about necessary methods in order to deal with personal information Both these laws focus on appointing the obligations of entities which are using personal information for the sake of its business
- The authority of institutions/group in charge of cybersecurity are immerse: Both Cybersecurity Strategic Headquarters in Japan and professional cybersecurity force of Ministry of Public Security in Vietnam have great power to request necessary information from other parties including public and private sector, domestic and foreign parties.
EXPLANATION WHY THERE ARE DIFFERENCES BETWEEN
Background of Japan
Before the Basic Act on Cybersecurity was implemented in particular and the
Japanese Government realized how important cybersecurity is, Japan had faced several hardships in terms of political aspect, economic aspect and social aspect as well a) In political aspect:
From 2000 until now, the Government of Japan is always the target of cyberattacks First, the government website was defaced for the first time in January,
2000 Next, the Lower House Diet and defense contractor Mitsubishi Heavy Industries were also attacked in 2011, which leads to the results that lots of crucial information had been lost Not to mention the fact that for a long time the Ministry of Defense was hacked everyday and no one can do anything about it While the Government of Japan could not found the culprit of those cyberattacks most of the time, there are several times that cyberattacks had been considered as being sponsored by other nations For example, on April 2013, Korea had been suspected as the culprit under major cyberattacks to CII (in finance and broadcasting) Later, Korean authority declared that they did not responsible to the attack and North Korea had done it (Tomoo Y., 2017) Therefore, the need of a specific law for cybersecurity in particular and a good cybersecurity legal framework is a very important task b) In economic aspect:
Before Shinzo Abe became prime minister in 2012, the economy of Japan was suffered for a long time This period was called “The lost decade”, which referred to the 1991 – 2000 period at first but later also included the decade from
2001 to 2010 due to deflation (Leika K., 2012), and fiscal deficits (Naoki A., 2010) c) In social aspect:
Japan has known as an aging society for a long time, and the situation continue to become worst With low birth rate and high percentage of people over
65 or older in total of population, this country has to face with several challenges such as burden on their welfare system, shortage of labor, nursing care for elderly and so on With the current technology, Japan is trying to develop more inventions such as robot to take care for old people and as alternative methods to deal with lack of labor, however since these technology is also related to cyberspace, there is also the risk that they will be target of cyberattacks
Figure 3.1: The percentage of total population and number of aging people over 70 years old in Japan (1990 – 2018)
Sources: https://asia.nikkei.com/Economy/Japan-crosses-new-aging-milestone-with-20- now-70-or-older
3.1.2 History of modern law of Japan
Although Japanese law has a long history which start from the third century when the Yamato kingdom existed and ruled by Queen Himiko (the first era) to the present, the contemporary law of Japan, which is unrelated to the legal system before 1868, just developed at the time when Tokugawa Shogunate fell and the Emperor declared that imperial rule should be restored From 1868 until now, Japan has imported and adapted two legal structures: The first one is European law (mainly French and German codes) and the second one is US law (adapted after WWII) which the supreme law of the nation - Constitution of Japan was built after
US Constitution model By learning from both systems and applying them into Japanese context, nowadays Japanese law has become a mix system: While it primarily based on codified laws, case law is also a significant part of Japan legal structure (Hiroshi O., 2009) Together with the laws, the theory of Rule of Law also become a fundamental principle lying under the entire present Japanese law in general and the cybersecurity legal framework in particular
3.1.3 The theory of “Rule of Law” a What is Rule of Law?
While the concept of Rule of Law was just promoted together with the raise of capitalism at the end of 18 th century, the idea about Rule of Law had already established from a long time ago In ancient Greek, famous philosophers such as Solo, Plato, Aritstole has become pioneers on this aspect with Solo (638- 559 B.C) had pointed out that the power of the government and the power of the law should be consider as equal, and both of them are tools for the people to approach freedom and justice (Uc D T., 2015); Plato (427-347 B.C) mentioned that people who is in the government should give up their own will in order to follow the law and only obey the law (Uc D T., 2015); Aristotle (385 – 322 B.C) was considered as the father of basic idea about separation of power and putting the law onto the highest position, above the will of each individual… Obviously at that time, the term “Rule of Law” did not exist but these ideas still remain their own value and later, they was developed onto principles of Rule of Law today
Nowadays, there are several definitions for the term “Rule of Law” One of definitions which is covered most principles of this term is how it was explained in the report No S/2004/616 of the Secretary-General of the UN about the rule of law and transitional justice in conflict and post-conflict societies According to this report, Rule of Law refers to a principle of governance in which all persons, institutions and entities, public and private, including the State itself, are accountable to laws that are publicly promulgated, equally enforced and independently adjudicated, which are consistent with international human rights norms and standards It requires, as well, measures to ensure adherence to the principles of supremacy of law, equality before the law, accountability to the law, fairness in the application of the law, separation of powers, participation in decision-making, legal certainty, avoidance of arbitrariness and procedural and legal transparency (UN, 2004) b Principles of Rule of Law
Despite not using the term Rule of Law, in several document such as The Spirit of the Law (1748) and The Social Contract (1762), Montesquieu (1748) and Jean-Jacques Rousseau (1762) had pointed out several features or this ideology, including:
- The law is absolute: The law is the general will of the people and have the highest position Everyone, even the government, have to follow the law and only obey the law
- Freedom is the core of Rule of Law: The term “freedom” here is not mean people can do anything without limitation, it means people can do anything which is not banned by the law In a country where the law is absolute and nothing is higher than it, normally people will also have as much as freedom they could
- Separation of power is necessary to apply Rule of Law: In order to convert the general will of the people into the law, a legislator is needed
However, the one who has the right to legislate should not have the right to administrate Also, these powers should limit the power of each other or else abuse of power will happen This statement is the base of what we called “separation of powers” today
- When implementing the law, we should consider if such law is suitable for the current society c Rule of Law in the context of Japan
The Rule of Law is the essential principle of the present Constitution of Japan While it is not difficult to understand since this Constitution was built base on the model of the US one, it is not the first time the Japanese Government know about such concept The previous Constitution, which was enacted in 1889 and heavily influenced by the German Constitution and jurisprudence, has already incorporated the principle of Rechtsstaat (“State-under-law” or “Legal state” in German, also considered the same as “Rule of Law” in English) However, the concept of Rechtsstaat is controversal at that time since there are two ways to interpret it:
+ One is understanding the term Rechtsstaat is Rule of Law, which means the law in this case was the general will of the people, therefore the law has supreme power and the state must operate in respect to the law In that state, the powers of legislation, administration and jurisdiction will be separated and limiting each other to avoid abuse of power Since freedom is the fundamental essence of Rule of Law, the freedom of the people is continuing to improve and secure by the protection of human rights
+ Another way is interpreting Rechtsstaat as Rule by Law (or Rule through managing the state, showing the will of the government and based on how Hiroshi Oda has mentioned about the situation at that time in Japanese Law, it seems the terms Rechtsstaat has been understood in this way For more details, state power was to be exercised within the framework of statutory laws enacted by the Emperor with the “participation” of the Imperial Diet The Emperor was to rule the nation in accordance with the provisions of the Constitution (Art 4) However, this principle was undermined by the power of the Emperor to issue imperial edicts in order to maintain public security or to cope with nature disasters (Art 8, para 1) It also stipulated that the Constitution did not prevent the Emperor from exercising his power during a war or state of emergency Fundamental rights of citizens were guaranteed by the Constitution only within the limits established by statutory laws
Constitutional review did not exist, and judicial control over the administration was allowed only in limited cases when specified by law (Hiroshi O., 2009)
After the WWII, while the new Constitution has been enacted and the real concept of Rule of Law has been applied, references to Rule of Law in Japanese jurisprudence were gradually outnumbered by references to Rechtsstaat or Rule by Law under strong influence of German jurisprudence, which purported to achieve substantive Rule by Law as distinguished from Rule by Law in the pre-War days which were merely technical and without substantive justice in the statutes As a result, the demarcation line between Rule of Law and Rule by Law became blurred by the interchangeable use of the terms (Hiroshi O., 2009)
Background of Vietnam
3.2.1 Situation about cybersecurity in Vietnam:
After 22 years since the first time Internet came to the people in 1997, nowadays, cyberspace has slowly become a second world to a major of Vietnamese people where activities from that space will have almost the same effect as if such actions happen in real life, if not worse While activities in reality are controlled by the law and the identity of a person who commit those acts are clear, it is not the same in cyberspace Therefore, there are many activities in cyberspace which people may not dare to do in real world could be done in the virtual world, leaving many consequences which may has both positive effects and negative effects to the real society a In political aspect:
To Vietnamese government, cyberspace has a crucial role in many aspects which includes national security and administration, especially in national security
In the context of Vietnam, since national security means the stability and sustainable development of the socialist regime and the State of the Socialist Republic of Vietnam, the inalienability of the independence, sovereignty, unity and territorial integrity of the Fatherland (National Assembly, 2004) and activities of infringing upon the national security also including acts of infringing upon the political regime (National Assembly, 2004), outside of physical attacks and cyberattacks which damage the state in physical aspect, information which create negative images of Vietnamese Communist Party or create doubts about the leadership of the Party are seen as threats to national security and on cyberspace, due to the nature that the flow of information are free and can spread very fast, anti- government groups and individuals can using blogs, online newspapers and social networks to spread adverse information for the government easily while the government can not control such information as they do in real world Some of the cases which shows hardships that Vietnam has to face with are:
+ Cyberattacks which targets Vietnamese government and CII operators:
According to the statistic from Ministry of Public Security, from 2010 until the first half of 2017, more than 18.052 websites with “.vn” domain, including 1.083 websites belongs to the government with the domain “.gov.vn” had become victims of cyberattacks (Van A., 2017) In 2016, the two biggest international airports of Vietnam named Noi Bai and Tan Son Nhat, together with Vietnam Airlines - the biggest airline operator in Vietnam, have been hacked by a group of Chinese hackers named 1937CN (Nguoi Lao Dong Online, 2016)
+ Activities of anti-government groups and individuals on social networks and website such as Facebook, Youtube or Blogspots:
To spread adverse information about the government, most of anti- government groups and individuals have chosen to post their information and opinions through blogs or famous social network to Vietnamese people such as Facebook and Youtube In 2015, the Ministry of Public Security has banned 748 websites which are having negative information related to Vietnamese Communist Party and Vietnamese government (Kha X L., 2015) Several bloggers have been considered as anti-government, such as Mother Mushroom, Anh Ba Sam, Dieu Cay… had been arrested However, many anti-government fanpages are still working on both Facebook and Youtube, and the Vietnamese government still could not do anything about this b In economic aspect:
In 2018, cyberattacks by using malware have cost Vietnamese economy 642 million USD, more than 21% compare to 2017 According to BKAV - one of the most famous computer security company in Vietnam - more than 60% enterprises in Vietnam in total has had their computers infected by cryptocurrency mining malware and 1,6 million computers in Vietnam has lost their data due to many reasons (Thuy D., 2018) In the famous WannaCry incident, more than 800 computers had been infected by this ransomware and some of them belongs to companies which provides servers, domains and data for rent Also in this case, an enterprise which own 7 infected servers had paid 100 million VND (approximately
44 thousand USD) to fix them (Dinh N, 2017) c In social aspect:
According to Dammio.com, the Internet users in Vietnam has reached 64 million and active social media users are 55 million in 2018 (Dammio, 2018)
While the number of users in Vietnam is quite high, the awareness of the people about cybersecurity is not While the number of victims and damages have not been calculated, there are several cases about people were frauded through social networks such as Facebook, WhatsApp, Zalo (a famous social network in Vietnam)
… and lost both their money and their own account to scammers (Mai V., 2019)
Other activities such as leaking important information, false information, online gambling (Lam A., 2017) are also raising concerns from the people about safety on cyberspace as well Despite the fact that Vietnam has already had several legal documents about cybersecurity, they are not enough to handle the current situation
Therefore, a specific law which is dedicated to cybersecurity are truly necessary in the context of Vietnam
3.2.2 History of modern law in Vietnam:
The contemporary law of Vietnam was just started to develop since 1945
Due to the fact that the French had passed the right to govern North Vietnam to Japan before, at that time when Japan was lost the WWII, under the leadership of Vietnamese Communist Party, Vietnamese people took the advantage of the situation and took control of the North Vietnam after the victory of the August Revolution From that point on, Vietnamese legal system has been reformed several times, which can be put into three main periods:
• The first period (from 1945 to 1959):
Since the government of Vietnam in this state is just a new temporary government, the demand of human resources and suitable laws in order to overcome hardships at that time is highly needed Therefore, in a very short time from September 1945 to 19/12/1946 (Great Revolution Day), about 479 legal documents had been passed and implemented (Pham H N., 2008), which also include the Constitution in 1946 Vietnamese Law at this moment, especially the Constitution, is heavily influence by French Law
• The second period (from 1959 to 1980):
In this period, a new Constitution called the Constitution in 1959 had been implemented This Constitution also the first one showing that Vietnam started to follow the ideology of Marxism – Leninism in order to becoming a socialist country At the same time, several legal documents which focused on establishing and maintaining the current government such as voting, military service and criminal law were made and implemented
• The third period (from 1980 to the present):
After peace had come to Vietnam, the government had made another Constitution which was called the Constitution in 1980 – This is also the first time the leading role of Vietnamese Communist Party toward the state was officially confirmed by the law on Article 4 From that point on, the legal system of Vietnam also showing the connection with the Party through other legal documents more clear than ever, to the extent that the will of the Party has become an inseparable part of the legal system and deny it will also be considered as deny the Constitution and against the Government
To explain such phenomenon, because the Vietnamese Communist Party has a history as the party which leads the people to the victory, free Vietnamese people from being ruled by France, Japan, America and united the country, this Party was officially recognized by the people as the ruling party of the country After that, due to the fact that there are threats from other nations such as China and America, in order to protect the sovereignty of the country, the Party must focus on maintain its position through the legal system Also during this period, in order to face the challenges came from globalization and demands of the people, the Vietnamese government has come up with an exclusive theory: the theory of Socialist state ruled of law
3.2.3 Theory of Socialist state ruled of law a) Content of the theory:
Theory of Socialist state ruled of law was officially declared by Nong Duc Manh - former General Secretary of Communist Party in the opening of the first session of 12 th National Assembly on July 19 th , 2007, and has been considered as a creation from the Vietnamese Communist Party by implementing theory of separation of powers to Vietnam The main content of this theory is:
1 The state’s power is inseparable The power of legislature, executive and judiciary will be in charged by some specific government agencies
2 The Government is in charge of administrating the people based on the law which were promulgated by the National Assembly The Constitution and other legal documents are results of converting the will of Vietnamese Communist Party into the reality
3 Authorization of the central government includes:
+ What the central government can decide by themselves;
+ What Central Committee, Political Bureau or Secretariat of the Communist Party of Vietnam decides or gives their opinions
Similar to the central government, the authorization of the local government also includes:
+ What the People’s Council and People’s Committee can decide by themselves;
+ What the local Party Executive Committee and Party Standing Committee decide or give their directives to the People’s Council and People’s Committee
4 Judicial activities, including managing, educating and using the judicial human resources are under the lead of Vietnamese Communist Party through the role of Party Committee at judicial institutions according to the Party’s rules
THE EFFECTS FROM LEGAL FRAMEWORKS
The effects from Japanese cybersecurity legal framework
In Japan, cybersecurity has appeared quite early in legal aspect Outside of several legal documents such as Telecommunications Business Act (1984), Penal Code (1907 – Amended 2007) and Act on Prohibition of Unauthorized Computer Access (1999 – Amended 2013), in July 2000, the Japanese Government determined the Guidelines for Information Security Policies in Information Security Measure Promotion Meeting and after that, replace this Guideline with the Common Standards of Information Security Measures for Government Agencies in 2005 by Policy Council (which had several editions over years later) At the same time, measures to protecting critical infrastructure were also applied, start with Special Action Plan on Cyberterrorism Countermeasures for Critical Infrastructure (2000) and later had been replaced by several Action Plans, which the newest is the Basic Policy of Critical Information Infrastructure Protection (2014 – revised 2015)
Regarding to institutions in charge of cybersecurity, the first agency was IT Strategic Headquarters which was established in 2000 and belongs to the Cabinet Secretariat Later, National Information Security Center and Information Security
While it is clear that many efforts have been made, the effects from these legal documents were not enough to deal with cyberattacks, not to mention at that time the Japanese Government did not consider cyberattacks as a national security threat yet (as mentioned in Chapter 2) b) After implementing the Basic Act on Cybersecurity:
After implementing the Basic Act on Cybersecurity, the situation related to cybersecurity in Japan has changed substantially, especially in legal aspect:
+ First, the number of agencies in charge of cybersecurity in Japan has increased and the authority of these agencies is also higher than before:
Based on the Basic Act on Cybersecurity, the Cybersecurity Strategic Headquarters and National Center of Incident Readiness and Strategy for Cybersecurity (NISC) were established
Figure 4.1: The organization of agencies in charge of cybersecurity before and after the Basic Act on Cybersecurity Sources: Yamauchi T (2017), Cybersecurity Strategy in Japan, NISC
Before these two institutes, Japan has already had IT Strategic Headquarters, National Information Security Center and Information Security Policy Council – which were established under the IT Strategic Headquaters Before the act, both Information Security Policy Council and National Information Security Center do not have much authority towards other government organizations and depend on IT Strategic Headquarters For example, all the activities related to cybersecurity such as checking, recommending, or reporting between these agencies and other governmental bodies are not compulsory, and when incident happens, National Information Security Center can only provide supports to other governmental bodies on request However, after the act, not only Cybersecurity Strategic Headquarters and NISC become more independent and have equal position with IT Strategic Headquarters and National Security Council (NSC) but they also have more authority towards other government organizations For more detail, other government agencies have to submit information related to cybersecurity at their institution to Cybersecurity Strategic Headquarters and in exchange, the Headquarters will give recommendation for them to handle with the situation while NISC will cooperate with the local governments Moreover, the NISC also have authority to conduct cause investigation in serious incidents by itself
Figure 4.2: Current framework of cybersecurity policy in Japan Sources: Yamauchi T (2017), Cybersecurity Strategy in Japan, National center of
Incident readiness and Strategy for Cybersecurity (NISC)
+ Second, Cybersecurity Strategies are more effective than before:
While Cybersecurity Strategy which was implemented before the act adopted by Information Security Policy Council and only has legal binding toward its members, Cybersecurity Strategy which was implemented after the act seems to be more effective by being adopted as a Cabinet Decision and even being reported to the National Parliament Furthermore, by applying authorities of mandatory reporting and formal recommendations, the Cybersecurity Strategic Headquarters may enforce the Strategy as well (Yamauchi T., 2017)
+ Finally, the awareness about cybersecurity is raising:
Related to the awareness about cybersecurity in Japan, while there are many controversal opinions about this topic, it is clear that the awareness of Japanese Internet users is raising in general While still felling unease about the attitude of the Japanese government, Jeff Kingston (2016) has seen how active other entities in Japan react with cyberattacks For more details, the Japan Business Federation (Keidanren), created a task force involving 30 major companies encompassing the transport, finance, computer technology and communications sectors and made recommendations calling on the government to do more in terms of sharing information about threats, training human resources and supporting technology development This Federation has also taken on the task of raising awareness in the business community that cybersecurity is an essential management task requiring significant investments to reduce associated risks NTT, a famous telecommunication company in Japan, is spearheading efforts to promote cybersecurity standards and information sharing across Asia, drawing on its experience in the United States and participation in Federal Communications Commission advisory groups (Jeff Kingston, 2016) About Japanese users, according to ESET Japan Cyber-Savviness Report 2016 which was done by ESET -
A Slovak enterprise in IT security, more than 70% respondents in Japan are knowledgeable about cybersecurity despite the fact that they did not receive any formal education about cybersecurity and they also restrain themselves from having risky cyber behaviour Most of them (86% of respondents in total) know to immediately disconnect a breached device from the Internet and 71 percent do not open or download attachments from unknown senders (ESET, 2016) However, ESET (2016) has also mentioned that there is a gap between their knowledge and their frequent measures to secure their information in this report For more details, less than 50% of respondents said that they apply preventive steps regularly
Figure 4.3: Proactive measures taken to guard against cyberattacks
Sources: Japan Cyber-Savviness Report 2016, ESET
The effects from Vietnamese cybersecurity legal framework
Before the Cybersecurity Law was passed, the cybersecurity legal framework of Vietnam has been already criticized for a long time due to the restriction of access to information and other concerns about the right to expression through remove information and block several websites which are considered as opposed to the government and contain false information However, this policy is not negative as it seems since there are many cases that false information has cause great consequences toward the people In August 2018, a Facebook user posted an
Keeping software up-to-date
Setting passwords on personal devices
Backing up important data regularly
Using different passwords for different accountsPercentage in total broken After hearing this news, the local people were scared and went to the higher place to escape the flood Later, the Steering Committee for Natural Disaster Prevention of Thanh Hoa Province declared that this news was fake, and the flood is just water release from the dam due to heavy rain in long time (Tuan M., 2018)
Since a major of Vietnamese people believes the news on social network without reconfirm it, false information become a big issue and if the government does not intervene quickly, the social order may break from that This also shows another problem that not many Vietnamese people aware the consequences of their action, which a part of it came from the fact that there was no specific law about managing online activities at that time
Outside of what has been mention above referring to the situation in Vietnam in previous chapters and above, the awareness of Vietnamese people referring to cybersecurity is also one of the biggest problems As reported by an emergency warning from Vietnam computer emergency response team (VNCERT) on December 27, 2017, about 1,4 billion of email accounts and passwords has been leaked all over the world and 437.664 accounts are from Vietnam, with 930 accounts belongs to people who works in the government (Ha T., 2017) ESET
(2015) also pointed out this issue in the Vietnam Cyber-Savviness Report 2015 and emphasized that Vietnamese users have low cybersecurity awareness and do not take proper preventive measures Less than 30 percent of respondents recognized the serious risks from common threats such as unsecured application, spam emails and banner advertisements, and more than 40% in total of respondents have misconception about common cybersecurity issues, especially (1) connect to free public Wi-Fi is safe, (2) believe PC is more likely to be hacked than mobile device and (3) using personal details which are easy to remember to make their password
This leads to many risky online behaviors and make a major of Vietnamese users become easy targets for cyberattacks and cybercrime
Figure 4.4: Top risky online behaviors in Vietnam Sources: Vietnam Cyber-Savviness Report 2015, ESET
Not only Vietnamese individuals have low awareness about cybersecurity, many companies in Vietnam are also putting their business into risk In the Evaluation of Information Security Index Survey 2018, Vietnam Information Security Association (VNISA) showed that while major of enterprises care about principles of implementing information security and human resources for cybersecurity, mot many companies interest regarding knowing legal framework and policies about information security and investing on it
Figure 4.5: Weakness of enterprises in Vietnam about information security Source: Evaluation of Information Security Index Survey 2018 - VNISA b) After implementing the Cybersecurity Law:
Since the Cybersecurity Law has just been enforced on January 1, 2019, the effects of this law do not show much in other aspects According to the criminal police department of Hanoi, the number of victims of online scams is still increasing (TTXVN, 2019), methods of internet frauds become more complicated and there is no signal that Vietnamese people will restrain their risky behaviors on cyberspace soon However, the awareness of people referring to posting false news and any information which is related to the government has been increased
Nowadays, people on social networks - especially Facebook or Zalo – are being more careful about what they should post, or else they would face punishment come from the government.
RECOMMENDATIONS AND CONCLUSION
Recommendations
In consideration of the political institution in Vietnam and the current situation, this paper comes up with recommendations in legal aspects and policies as below:
- Detailed standards for recognizing illegal information are crucial:
Since the barrier between opposing the government and pointing out the wrongdoings of the government is blur, having detailed standards regarding illegal information is important in order to avoid abuse of power and encourage people to voice their opinions without afraid the punishments from the government These standards should be drafted base on the Constitution and other laws with the consideration of human rights in mind, and it must be written as clear as possible
- Precise procedure for retrieving users’ information is needed:
Outside of emergency circumstances, how users’ information will be retrieved by the professional cybersecurity force is also need to be regulated clearly in the law
- Raising more awareness about cybersecurity:
+ Knowledge about cybersecurity should be a compulsory part in education:
While Computer Science is already a subject in Vietnamese education using it To improve the knowledge about cybersecurity, not only this must be a compulsory part of the curriculum but other methods should also be put into consideration In several high-ranking universities in Japan such as Kyoto University or Tsukuba University, students must learn brief lessons about cybersecurity before using library or using the exclusive Wi-Fi of the university
+ Spread the messenge about cybersecurity by using soft power:
Beside of other common methods such as through education and competition, spread the idea of cybersecurity through social media is also crucial when a major of Vietnamese Internet users is using social networks Another way is promoting cultural products which are related to cybersecurity such as films, comic books, animations…
Figure 5.1: Promoting cybersecurity through anime in Japan
Sources: Ryo Fuzuki, NISC b) Japan:
- Raising more awareness about cybersecurity in governmental bodies:
Seeing that the cybersecurity in Japan mainly focus on the role of the governmental bodies, it is essential for governmental officers to understand about cybersecurity Therefore, beside of training current officers, the employment examination of Japanese government should have a test referring to knowledge of computer science in general and information security in particular
- The Japanese government should be more active in counterattack and finding culprit of cyberattacks:
Beside enhancing security of CII and other important systems, counterattack and tracking the culprit of cyberattacks is also good methods to continuing to improve cybersecurity Recently, the Ministry of Defense in Japan has planed to create and maintain cyber-weapons in the form of malware to counterattack with attackers who targets governmental bodies (Catalin C., 2019) While this malware is only use for the purpose of defense, it is also the first step for Japan to be more proactive in secure cybersecurity
- Encouraging people to study computer sciences and take IT jobs:
Considering Japan is an aging society and the conditions of IT careers in this country is not good enough to get interest of Japanese people, there is a shortage of
IT technicians all over Japan According to the Ministry of Economy, Trade and Industry, the current gap between available professionals and opportunities is 132,060 IT professionals, and it will further increase to 193,010 in 2020 when the Tokyo Summer Olympic and Paralympic Games will be held in Japan About half of end-user companies believe they are deficient in IT security employees, and only
26 percent of them think they have enough talent in these roles (Mihoko M., 2016)
This shortage of IT human resources is also happened in governmental bodies
Because of that, together with recruiting foreign employees, Japan will need more policies about improving the working conditions of IT technicians and encourage people to take majors related to computer science.
Conclusion
While many people believe that because Japan is famous as a high-technology country and also the first country in G7 implementing cybersecurity law, Japan must be one of the best countries in cybersecurity, this paper has shown an opposite of that belief Same as the case of Vietnam, while the Vietnamese cybersecurity legal framework is criticized heavily by other countries and it is undeniable that there is limitation of freedom of expression and access to information, it is still having some values which is suitable in the context of Vietnam By analyzing main legal documents referring to cybersecurity, study about situation, political institution and the legal theory which laying under the legal structure of each country, this paper has pointed out several problems in each systems and come up with recommendations
1 Catalin C (2019), Japanese government to create and maintain defensive malware, ZDNet Retrieved from: https://www.zdnet.com/article/japanese- government-to-create-and-maintain-defensive-malware/
2 CBS News (2017), "WannaCry" ransomware attack losses could reach $4 billion Retrieved from: https://www.cbsnews.com/news/wannacry- ransomware-attacks-wannacry-virus-losses/
3 CBS News (2017), Cyberattack hit more than 100,000 groups in at least 150 countries, Europol says Retrieved from: https://www.cbsnews.com/news/cyberattack-hit-more-than-100000-groups- in-at-least-150-countries-europol-says/
4 Council of Europe (2019) Chart of signatures and ratifications of Convention of Cybercrime Retrieved from https://www.coe.int/en/web/conventions/full-list/- /conventions/treaty/185/signatures?p_auth=Gudst4LT
5 ESET (2015), Vietnam Cyber-Savviness Report 2015 Retrieved from:https://static1.esetstatic.com/fileadmin/Images/INT/Press/2015/2015- 12-22/ESET_Vietnam_Cyber_Savviness_Report_Dec_2015.pdf
6 ESET (2016), Japan Cyber-Savviness Report 2016 Retrieved from: https://cdn1- prodint.esetstatic.com/ESET/SG/whitepapers/2016_ESET_Japan_Cyber- Savviness_Report.pdf
7 Hamada K (2007), On The Rule of Law in Japan, World Justice Project Multidisciplinary Outreach Meeting, Singapore
8 Hiroshi Oda (2009), Japanese Law, Third Edition, Oxford University Press
9 Internet World Stats, Top 20 countries in Internet Users vs Rest of the World
– March 31, 2019 Retrieved from: https://www.Internetworldstats.com/top20.htm
10 Japan Today (2016), Japanese users not proactive enough about cybersecurity: Survey Retrieved from: https://japantoday.com/category/tech/japanese-users-not-proactive-enough- about-cybersecurity-survey
11 Kazuaki N (2018), Japan's IT firms enthusiastically open doors to overseas tech workers, The Japan Times Retrieved from: https://www.japantimes.co.jp/news/2018/11/18/business/japans-firms- enthusiastically-open-doors-overseas-tech-workers/
12 Kazuyasu S and Masaya H (2018), Cybersecurity: Japan Retrieved from: https://gettingthedealthrough.com/area/72/jurisdiction/36/cybersecurity- japan/
13 Kshetri, N (2014), Japan’s Changing Cybersecurity Landscape, Computer,
14 Law on National Security (2004) of Vietnam
15 Leika K (2012), Japan eyes end to decades long deflation, Reuters
Retrieved from: https://www.reuters.com/article/japan-economy- estimate/update-2-japan-eyes-end-to-decades-long-deflation- idUSL4E8JH1TC20120817
16 Marr, B (2018) How Much Data Do We Create Every Day? The Mind- Blowing Stats Everyone Should Read Retrieved from https://www.forbes.com/sites/bernardmarr/2018/05/21/how-much-data-do- we-create-every-day-the-mind-blowing-stats-everyone-should- read/#78eeea4a60ba
17 McAfee (2018), The Economic Impact of Cybercrime – No Slowing Down
Retrieved from: https://www.mcafee.com/enterprise/en-us/assets/executive- summaries/es-economic-impact-cybercrime.pdf
18 Mihoko M (2016), How Japanese Businesses Are Cultivating Cybersecurity
Professionals, Paloalto Networks Retrieved from: https://blog.paloaltonetworks.com/2016/10/cso-japanese-businesses- cultivating-cybersecurity-professionals/
19 Ministry of Defense, Regarding Response to a Cyber Attack, Retrieved from: https://www.mod.go.jp/e/about/answers/cyber/#a1
20 Ministry of Foreign Affairs of Japan (2016), Japan’s Foreign Policy to
Promote National and Worldwide Interests, Diplomatic Bluebook 2016
Retrieved from: https://www.mofa.go.jp/policy/other/bluebook/2016/html/chapter3/c030106. html
21 Naoki A (2010), Japan’s Shrinking Economy, Brookings Retrieved from: https://www.brookings.edu/opinions/japans-shrinking-economy/
22 National Diet (1946), The Constitution of Japan, Prime Minister of Japan and His Cabinet Retrieved from: https://japan.kantei.go.jp/constitution_and_government_of_japan/constitutio n_e.html
23 National Diet (2014), The Basic Act on Cybersecurity Retrieved from: http://www.japaneselawtranslation.go.jp/law/detail/?id'60&vm&re=0
24 National Police Agency, Arrests and Consultations of Cybercrime in 2003, Retrieved from: https://www.npa.go.jp/cyber/english/statics/2003.htm
25 Resolution No.13-NQ/TW on January 16, 2012 of the Central Executive Committee of Communist Party
26 Ruairidh Villar (2013), Japan - U.S security talks likely to highlight Tokyo’s cyber-defence woes, Reuters Retrieved from: https://uk.reuters.com/article/uk-japan-usa-cybersecurity/japan-u-s-security- talks-likely-to-highlight-tokyos-cyber-defence-woes- idUKBRE9910TI20131002
27 Satista (2019) Global digital population 2019 Retrieved from https://www.statista.com/statistics/617136/digital-population-worldwide/
28 The Government of Japan (2015), Cybersecurity Strategy, Japan
29 The Government of Japan (n.d.), ABENOMICS | The Government of Japan -
30 The National Assembly (2018), Cybersecurity Law, Vietnam
31 Tomoo Yamauchi (2017), Cybersecurity Strategy in Japan, National center of Incident readiness and Strategy for Cybersecurity (NISC), p.5
32 UN (2004), The rule of law and transitional justice in conflict andpost- conflict societies Retrieved from: https://www.un.org/en/ga/search/view_doc.asp?symbol=S/2004/616
33 World Bank Data, Individuals using the Internet (% of population) –
Vietnam Retrieved from: https://data.worldbank.org/indicator/IT.NET.USER.ZS?end 16&locations
1 Bui, V H (2013), Tam quyền phân lập không phù hợp với thể chế chính trị ở nước ta, CAND Online Retrieved from: http://cand.com.vn/Su-kien-Binh- luan-thoi-su/Tam-quyen-phan-lap-khong-phu-hop-voi-the-che-chinh-tri-o- nuoc-ta-237626/
2 Dammio.com (2018), Các số liệu thống kê Internet Việt Nam năm 2018
Retrieved from: https://www.dammio.com/2018/10/08/cac-so-lieu-thong-ke- internet-viet-nam-nam-2018
3 Dao, T U (2015), Giáo trình Nhà nước pháp quyền, NXB Đại học Quốc gia
4 Dinh, N (2017), 800 máy tính tại Việt Nam đã bị nhiễm WannaCry, VnExpress Retrieved from: https://vnexpress.net/so-hoa/800-may-tinh-tai- viet-nam-da-bi-nhiem-wannacry-3585682.html
5 Ha T (2017) 1,4 tỷ tài khoản email bị lộ mật khẩu trong đó có 440.000 tài khoản '.vn' Retrieved from https://congnghe.tuoitre.vn/14-ty-tai-khoan- email-bi-lo-mat-khau-trong-do-co-440000-tai-khoan-vn-
6 Kha, X L (2015), Vô hiệu hóa 6 blog, website có nội dung chống phá Đảng,
Nhà nước, Dân Trí Retrieved from: https://dantri.com.vn/chinh-tri/vo-hieu- hoa-6-blog-website-co-noi-dung-chong-pha-dang-nha-nuoc-1433923909.htm
7 Lam, A (2017), Tội phạm công nghệ cao lập kỷ lục về tiền chiếm đoạt cũng như số người bị thiệt hại, Báo Mới Retrieved from: https://baomoi.com/toi- pham-cong-nghe-cao-lap-ky-luc-ve-tien-chiem-doat-cung-nhu-so-nguoi-bi- thiet-hai/c/28571743.epi
8 Le, C D (2007), Học thuyết Nhà nước pháp quyền Xã hội chủ nghĩa, Tạp chí Tia Sáng Retrieved from: http://tiasang.com.vn/-dien-dan/hoc-thuyet- nha-nuoc-phap-quyen-xa-hoi-chu-nghia-125
9 Mai, V (2019), Cảnh báo gia tăng tình trạng lừa đảo qua mạng, Police of
Da Nang City Retrieved from: http://cadn.com.vn/news/62_204861_canh- bao-gia-tang-tinh-trang-lua-dao-qua-mang.aspx
10 Montesquieu (1948), Bàn về tinh thần pháp luật (The spirit of the laws), Hoang, T D (Translator), The Gioi Publisher, Hanoi, Vietnam
11 Nguoi Lao Dong Online (2016), Hacker Trung Quốc gây sự cố tại sân bay Nội Bài, Tân Sơn Nhất Retrieved from: https://nld.com.vn/thoi-su-trong- nuoc/hacker-trung-quoc-gay-su-co-tai-san-bay-noi-bai-tan-son-nhat- 20160729210104008.htm
12 Pham, H N (2008), Nhìn lại những chặng đường phát triển của pháp luật ở
Việt Nam từ năm 1945 đến nay Retrieved from: http://www.hids.hochiminhcity.gov.vn/c/document_library/get_file?uuid 8928d8-4a81-414f-914c-57a1fa900e24&groupId025
13 Rousseau, J J (1762), Bàn về khế ước xã hội (Hoàng Thanh Đạm dịch), NXB Thế giới, Hà Nội, Việt Nam
14 Thuy, D (2018), Thiệt hại virus gây cho người dùng Việt đã lên mức kỷ lục, VNEconomy Retrieved from: http://vneconomy.vn/thiet-hai-virus-gay-cho- nguoi-dung-viet-da-len-muc-ky-luc-20181219171559092.htm
15 TTXVN (2019), Cảnh báo tình trạng gia tăng các vụ lừa đảo qua điện thoại,