Calling the National Institute of Information and Communications Technology's (NICT) survey hacking is sort of misleading here, the intent is not to hack or attack IoT devices in Japan in order to gain information, but to gauge the scale of the security risk in order to understand it and formulate a next step. By hacking devices that are set with a default user name and password, the government can begin to address the on-going IoT device security issue in Japan. In this way NICT employees will gain access to see if it is doable and the government will act on this information, this isn’t a matter of privacy or surveillance, and it may actually work as, if it can cause behavioural change, it may protect against botnets being established in Japan, therefore deterring attacks. This may prove to be an arduous approach to the problem, but experts such as author and professional security analyst, Bruce Schneier, believe “government needs to play some role in coordinating some rules of the road for flimsy IOT security” [1].
darkreading.com/attacks-breaches/japan-authorizes-iot-hacking/d/d-id/1333745 [1] techdirt.com/articles/20190129/08152741484/new-japanese-law-lets-government-hack-iot-devices-warn-owners-theyre-vulnerable.shtml zdnet.com/article/japanese-government-plans-to-hack-into-citizens-iot-devices techradar.com/news/japanese-government-will-hack-citizens-iot-devices