Cruz, Kristine Deborah: An Analysis of CyberCrime Bills (House Bill 6794 and Senate Bill 3177)

Introduction

Technology assists us in most of our activities. It became necessity to some, especially to those of the younger generation. Students, or should I say, their parents have spent a lot to buy the various gadgets. In the University where I work, I observed that most of the students have with them their own laptops or notebooks. They also have the latest cellular phone models and mp4 players or ipod.

I remember the first time I have a computer subject was when I was in grade 6, which was in 1993. The ratio of computer to students that time, at least in our school, was one is to eight. Most of us were even afraid of having hands on exercise because we might cause damage to the computer and I believe it was really expensive that time.

During the 90s, some of the products of technology which I had or used was Nintendo family computer, pager, pay phone which uses a card, and during the late 90s, the nokia 5110. Today, technology indeed has changed a lot. From the Nintendo family computer, to sega genesis console, to play station and game boy, now, I am not even familiar with the xbox and Wii. I even got tired of updating myself of the latest cellular phone especially nokia, which most of the people I know refer to as a “disposable” cellular phone.

If people use technology to their advantage, some use them as to others’ disadvantage. We heard the news about the popular “I love you” virus. Months ago, we heard that the websites of some government agencies were hacked. The popular news about Manny Pacquiao and Trista Ranillo was rumoured to start from a post at the facebook. After the typhoon ondoy incident, I received an email with an attachment showing that an overseas Filipino worker has posted on her facebook some offensive statements towards Filipinos. I myself got mad at this lady after reading the forwarded email. Then I thought the forwarded email is questionable. I thought who would post something like that on her facebook where she posted details about herself with lots of her pictures in her album. Now, because of this coming election, we are receiving forwarded emails containing “black propaganda” against every candidate. These may seem as small issues for some. For others, like the persons who became the target, it caused them a lot of damage.

These are just examples of how technology is being used to cause damage to others. Like any other thing, having these advancements in technology has its pros and cons. However, this should not stop the continuous advancement of technology. Besides, people have become dependent on technology. With the fast pace of changes in technology, we should also work against the improper use of technology.

People responsible for the cybercrimes should be penalized. If technology at present is so advanced, then its advancement should also be used as a way to track the people responsible in committing cybercrimes. Our government should not only be concentrated on how to use the technology for an efficient and quality service to its people but should also be working on how to prevent cybercrimes and to caught and penalize those responsible for its commission.

We already have the Electronic Commerce Act. However, there is still a need for an enactment of a law penalizing cybercrimes. This caused the Congress to propose the Cybercrime Prevention Act of 2009. This paper will present the analysis of the House Bill 6794 and Senate Bill 3177. If these proposed bills will give us the necessary protection we need, then all efforts should be exerted to have it enacted as a law.

I. Cybercrime

On the definition, both the senate and house bill does not provide for the definition of the crybercrime. If you were to search on the web as to its definition, there are different views on what really the definition of cyber crime. Some define it as crimes committed with a use of or through the computer. Others state that it is a crime over the web. There are those who interpret it as to crime committed with a use of any “hi-tech” tools. However, if we will take the definition from the word itself, it pertains to any crime committed in the cyber world or a crime committed with the use of technology. It means any kind of technology, it does not matter if the technology used is so advanced or not. As to whom to say that it is a crime, then the law should come in. There should be a law specifically providing for a list, not technically, of cybercrimes. As the legal maxim state, “nullum crimen, nulla poena sine lege” (there is no crime, where there is no law punishing it). Still, I think the proposed law should provide for the definition of cybercrime.

Some activities which we can consider as cybercrime are stalking over the social or networking website or blogs, identity theft by creating an account pretending to be someone you are not, sale or distribution of Intellectual Properties without any authority, giving threats or harassment, forwarding or passing virus, piracy, and others. These are just some of those I am aware of but there are lots of activities that can be classified as cybercrimes.

The Electronic Commerce act provides in section 33., a definition of hacking and piracy as follows:

Section 33. Penalties. – The following Acts shall be penalized by fine and/or imprisonment, as follows:

(a) Hacking or crackling with refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic documents shall be punished by a minimum fine of One Hundred Thousand pesos (P 100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years;

(b) Piracy or the unauthorized copying, reproduction, dissemination, or distribution, importation, use, removal, alteration, substitution, modification, storage, uploading, downloading, communication, making available to the public, or broadcasting of protected material, electronic signature or copyrighted works including legally protected sound recording or phonograms or information material on protected works, through the use of telecommunication networks, such as, but not limited to, the internet, in a manner that infringes intellectual property rights shall be punished by a minimum fine of One Hundred Thousand pesos (P 100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years;

xxx

II. The House Bill 6794 and Senate Bill 3177

The two bills admit the vital role of Information and Communications Technology (ICT) these days. However the House Bill (HB) specifically states that ICT is now an enabler of key industries and a driving force for the nation’s social and economic development.

On definition, most of the technical words were provided on both bills and as stated earlier, none of these bills gave the definition of cybercrime. HB introduced the word “phishing” which refers to the act of securing personal information such as username, password, bank account numbers and credit card details for the purpose of using it in fraud, or for participating in fraudulent business practices, or for the purpose of identity theft and misrepresentation. The lawmakers are obviously aware of latest ways of how criminals steal using technology. Especially now that credit cards are being used frequently and we have been practicing online banking, mostly for convenience.

Cybercrime offenses

The bills enumerated the acts classified as those constituting cybercrimes which are going to be punishable once the bill was enacted. The following are enumerations of what those acts are:

A. Offenses against the confidentiality, integrity and availability of computer data and systems:

  1. Illegal Access
  2. Illegal Interception
  3. Data Interference
  4. System Interference
  5. Misuse of Devices

B. Computer-related Offenses:

  1. Computer Forgery
  2. Computer-related Fraud

C. Content-related Offenses:

  1. Cybersex
  2. Child Pornography
  3. Unsolicited Commercial Communications

Other Offenses

  1. Aiding or Abetting in the Commission of Cybercrime
  2. Attempt to Commit Cybercrime

Both bills enumerated these acts as cybercrimes. The HB however enumerated more acts on how the cybercrime of cybersex is being committed. The Senate Bill (SB) and HB states that cybersex is committed by engaging in an act establishing, maintaining or controlling, directly or indirectly, any operation for sexual activity or arousal with the aid of or through the use of a computer system, for a favor or consideration. This statement pertains to those who intentionally commit the cybersex act. The HB listed additional acts constituting cybersex, these are the following:

Sec. 4. C. 1. xxx

(b) Recording private acts including, but not limited to, sexual acts, without the consent of all parties to the said acts or disseminating any such recording by any electronic means with or without the consent of all parties to the said acts;

(c) Coercing, intimidating or fraudulently inducing another into doing such indecent acts for exhibition in the internet with the use of computer technologies;

(d) Exhibiting live or recorded shows depicting sexual or other obscene or indecent acts;

(e) Posting of pictures depicting sexual or other obscene or indecent acts;

(f) Establishing, financing, managing, producing or promoting a cybersex operation;

(g) Participating, in whatever form, in the cybersex operation; and

(h) Coercing, threatening, intimidating or inducing anyone to participate in the cybersex operation.

These additional specifications of acts constituting an offense of cybersex are an attempt to broaden the scope of who must be held liable for committing this crime. Now, more are protected from being violated with the cybersex act. The last years issue regarding the sex video of Katrina Halili and Hayden Kho falls on Sec. 4.C.1.b. This incident has also lead to the interest of many to pass the cybercrime act. Since the proposed law is still a bill, Halili’s counsel opted to use the Republic Act 9262 or the Act Defining Violence Against Women and their Children. I think the proposed law may include some provisions which will particularly complement with the said RA 9262. This is to provide more protection on women who are still the major victims of violence despite all the laws empowering women.

The bills also provide that the unsolicited commercial communications is a cybercrime under the content-related offenses. I think this is the product of reports of mobile users receiving unwanted commercial text messages which costs them two pesos and fifty centavos minimum per message. I myself was a victim. The messages that the telecommunication company sends me does not stop. I tried sending stop, no, off, which is the common code being used in their promotions but still, I receive unsolicited messages. My option then was to stop using that network, and it works.

Another difference between the two bills is the penalty provided for committing child pornography. In HB the proposed penalty is imprisonment of reclusion temporal or a fine of at least two hundred fifty thousand pesos (250,000.00) but not exceeding two million two hundred fifty thousand pesos (2,250,000.00). In SB, violation will be punished with imprison imprisonment of prision correcional or a fine of at least one hundred thousand pesos (100,000.00) but not exceeding five hundred thousand pesos (500,000.00) or both. I think the law should provide for a harsh penalty since what is involve in this specific crime is a child. However, there will be no assurance that this kind of cybercrime will be prevented just because of a harsh penalty. I remember once in a conversation with a friend, she said that death penalty will not lessen the commission of crimes, a criminal will commit crime whether there is a death penalty or not. I agree. What we need to focus on is on the implementation of laws. We have laws passed every now and then, but these laws are useless if we cannot implement it or if there is a poor implementation.

On Appropriations, the HB provides that an amount necessary for the implementation of the act shall be included in the General Appropriations act. The SB however specifically gave an amount to be appropriated annually which is Ten Million Pesos. The agencies responsible for the formulation of the rules and regulations of this law must be well aware of what to consider for inclusion in the appropriations law.

The Cybercrime bills and Electronic Commerce law

The Republic Act No. 8792, the Electronic Commerce Law, is concentrated on how to admit electronic documents as evidence and some of the cybercrimes like hacking and violation of intellectual property laws. However, RA 8792 is not enough to protect us from being a victim of cybercrime. Still, most of the cybercrimes being committed are not yet punishable by law. This is one reason for the need to pass the cybercrime prevention bills.

The HB and SB provides that Sec. 33 of the Electronic Commerce Law will be modified accordingly. Sec. 33 provides:

Section 33. Penalties. – The following Acts, shall be penalized by fine and/or imprisonment, as follows:

(a) Hacking or crackling with refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic documents shall be punished by a minimum fine of One Hundred Thousand pesos (P 100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years;

(b) Piracy or the unauthorized copying, reproduction, dissemination, or distribution, importation, use, removal, alteration, substitution, modification, storage, uploading, downloading, communication, making available to the public, or broadcasting of protected material, electronic signature or copyrighted works including legally protected sound recording or phonograms or information material on protected works, through the use of telecommunication networks, such as, but not limited to, the internet, in a manner that infringes intellectual property rights shall be punished by a minimum fine of One Hundred Thousand pesos (P 100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years;

(c) Violations of the Consumer Act of Republic Act No. 7394 and other relevant to pertinent laws through transaction covered by or using electronic data messages or electronic documents, shall be penalized with the same penalties as provided in those laws;

(d) Other violations of the provisions of this Act, shall be penalized with a maximum penalty of One million pesos (P1,000,000.00) or six (6) years imprisonment.

The HB and SB modified the definition given by the Electronic Commerce Law on the term Hacking and Piracy. The Bills classified Hacking as an offense against the confidentiality, integrity and availability of computer data and systems. The Bills further divided the acts which are considered as hacking as Illegal access, Illegal interception, data interference and system interference. These classifications made a clear modification on what acts will be classified as hacking. The Bills also modified the definition of the act of Piracy. In the Bills, it is categorized as a Computer-related Cybercrime. It is further divided into Computer Forgery and Computer Fraud.

Sec. 5 of the Electronic Commerce law gave the definition of Service Providers. The definition refers to the role of the service providers in providing the means for persons or entity to transmit or communicate their electronic documents. The law provides that:

(i) “Service provider” refers to a provider of- 

I. Online services or network access or the operator of facilities therefor including entities offering the transmission, routing, or providing of connections for online communications, digital or otherwise, between or among points specified by a user, of electronic documents of the user’s choosing; or

II. The necessary technical means by which electronic documents of an originator may be stored and made accessible to designated or undesignated third party.

The HB and SB also provides for the definition of who is a service provider. However, the definition of the service provider here pertains to their role of giving services by which the users will have the means to communicate and to store or process data. Both Bills provide that:

Service provider refers to:

(1) any public or private entity that provides to users of its service the ability to communicate by means of a computer system; or

(2) any other entity that processes or stores computer data on behalf of such communication service or users of such service.

The definitions are similar. The Law only specifies that the electronic documents are the ones being used in the communication which the service provider gives through connections. In the bills, the provision states that the communication is made by means of a computer system. In the definition of a computer system, as provided in the two bills, a computer system covers any type of device with data processing capabilities including but not limited to computers and mobile phones. Now, there is a mention of the mobile phone. The law makers also make sure that future products of modern technology will be covered by the law as long as it has data processing capabilities.

The Government Agency to Enforce and Implement the Cybercrime Act

Government agencies will be in charged of implementing these bills once it is enacted. The competency of the agencies will now be put into question. In the HB, the National Bureau of Investigation (NBI) and the Philippine National Police will be the agencies responsible for the enforcement and implementation of the law. The HB provides that a Cybercrime Investigation and Coordinating Center will be created which will be under the control and supervision of the Office of the President. It will be the office responsible for the formulation and implementation of a national cyber security plan. The HB also provide for its composition once created and its powers and functions.

The SB did not provide for the particular government agency to be responsible but it states that the law enforcement authority shall submit a report to the Department of Justice (DOJ). Then on Sec. 17, it states that a DOJ Office of Cybercrime will be created.

As to who will be in charge of implementing the law is not really an issue. The issue is how competent the authorities will be. The authorities in charge must have undergone intensive training on handling cybercrime cases. It is not enough that there is an officer or authority in charge; He must be knowledgeable, efficient and competent, and also skilled if necessary. Another issue will be the budget. When it comes to the appropriations there will always be doubts. With this kind of government we have at present, every activity of the government where money will be spent is going to be criticized. Since this law involves technology, I think the government will be spending a lot in its implementation and enactment. This is aside from the additional human resources which will be necessary.

At present, the NBI has Anti-fraud and Computer Crimes Division. This division was in charged of the recent incidents of hacking on different government sites. Since there exist this kind of division from the NBI, then it would not be that difficult on the government to implement and execute the provisions of these bills once enacted.

III. Threats in passing the Cybercrime bills

The cybercrime bills are being criticized for its alleged vagueness or the broadness of what the word cybercrime covers. People are afraid that the proposed law will violate one’s right against unreasonable searches and seizures. This is the responsibility of the agency that will be in charged with the enforcement and implementation of the law. Trainings are necessary to make them efficient in handling cybercrime cases.

The freedom of expression is also said to become violated once this bills became a law. This particularly pertains to the HB where one of its provision states that a cybersex crime covers recording of private acts including, but not limited to sexual acts, without the consent of all parties to the said acts or disseminating any such recording. Some people, like those in media, may question as to what is this private acts being referred to really be. The subjects of their expose might be considered private acts under this provision and they may be penalized by the law. If this proposed law will be enacted, the Implementing Rules and Regulations must provide for the limits of what is considered as private acts as stated in the provisions of the law.

IV. Conclusion

A law preventing cybercrimes is necessary now that technology is fast changing. I believe it is true that technology makes some lazy but the law makers should not be lazy in enacting the law preventing cybercrimes. With the everyday experience of cybercrimes whether it give small or lots of damage is enough for the lawmakers to think of ways on how to combat them. They just have to admit that they need the help of the people in authority when it comes to technology and forget about their own agenda. One way or another, they will become a victim of cybercrime.

If the proposed law is vague, then we should not stop lobbying at Congress. Once the law is passed and we still think it is vague, there will be an implementing rules and regulations to help. If the IRR is also vague, then it is up to the responsible agency to rightfully enforce it. If problem still arise, then there is no problem as there would be a lawyer who will handle the case.

As a whole, I think the proposed law will work more for the better protection of cyber people. We should still believe that our government works for us.


Bibliography

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: