Archive for March 16th, 2004

Maiden issue released

administrator March 16th, 2004

Contents:

  • “Hacking” the Mercantile Law Bar Exam Questions by Michael Vernon M. Guerrero
  • Editorial by Dean Mariano Magsalin Jr.
  • Electronic Authentication System: A Breakthrough in Notarization by Ma. Cristina A. Ramos
  • The Philippine Rules on Electronic Evidence: An Outline by Jaime N. Soriano
  • Jurisprudence in CyberLaw by Jaime N. Soriano
  • Optical Media Act : A Panacea to Piracy by Ailyn L. Cortez
  • The Domain Name System (DNS) and Administering the root ccTLD .ph by Michael Vernon M. Guerrero
  • Spamming the World by Charilyn A. Dee
  • A Synopsis of the e-Commerce Law by Jaime N. Soriano
  • Overview of Selected Legal and Regulatory Issues in Electronic Commerce by Jaime N. Soriano
  • Lexicon of CyberLaw Terminology
  • 91 New Lawyers from the Arellano University School of Law
  • [ LegalWeb ] Lawphil.net: A step in the right direction by Carlyn Marie Bernadette C. Ocampo-Guerrero and Michael Vernon M. Guerrero
  • Digital Law & the Imperatives of the e-Law Center by Jaime N. Soriano
  • The Birth of the IT Law Society by Carlyn Marie Bernadette C. Ocampo-Guerrero

Editorial (MMJ)

administrator March 16th, 2004

Editorial
by Dean Mariano Magsalin Jr.

Three years ago, on the occasion of the centenary celebration of the Philippine Supreme Court, Arellano University School of Law was invited to co-sponsor the law and technology lecture. In the response I delivered for the school, I announced to the distinguished members of the Highest Court and their guests that as far back as 1997, the school had already anticipated the need to develop globally-oriented lawyers and professors. This can be gleaned from the school’s vision statement drafted on th same year where we saw ourselves as a globally competitive institution that harnesses world-class, state-of-the-art technologies and methodologies, responsive and attuned to the demands of the times.

In 1999, true to our vision, we opened an Information Technology Center (ITC) to handle all of the school’s computer requirements. On the same year, we set up at least 30 computer stations with Internet access for the exclusive use of law students. Lawphil was developed and introduced on the web in the year 2000 and has become the country’s most visited legal research website. The Arellano Law and Policy Review (ALPR), a journal featuring mainly articles on international law and policy developments, was published starting 2001 to which the law libraries of Yale and Harvard are now subscribers. An Institute of Special Studies (ISS) was opened to engage in research and encourage discussion in the field of international law, particularly international trade law. It holds monthly brown bag lectures mostly on the burning local and international legal issues of the day.

In 2001, the ISS worked with the International Trade Centre, a technical cooperation agency of the UNCTAD and the World Trade Organization (WTO) in authoring a handbook entitled “Arbitration and Alternative Dispute Resolution,” now considered by many Philippine law schools as the most authoritative on the subject. Changes in the curriculum were made in the year 2000. Among them were the introduction of courses like Alternative Dispute Resolution, Environmental Law, International Trade Law, Project Finance, CorporateFinance, Telecommunications Law, Technology and the Law, and Human Rights to address the globalization of both Commercial Law and Public Interest Law.

With the establishment in 2003 of AUSL’s Center for e-Law, it is clear that the school is ready to meet the challenges posed by the advent of the digital age. The formation of an IT Law Society with members composed of technologically proficient law students is a most welcome development that will set the school apart from even the so-called elite law institutions.

I congratulate the movers behind the Center for E-Law and the IT Law Society for the work they have been doing, and in particular for coming out with an ambitious project like the IT Law Journal. May your tribe increase and may you indeed be at the forefront of law and technology concerns in the country and beyond.

“Hacking” the Mercantile Law Bar Exam Questions

administrator March 16th, 2004

“Hacking” the Mercantile Law Bar Exam Questions
by Michael Vernon Guerrero

Hacking?

Hacking what? Technical people would argue that there is no such a thing as “Hacking the Mercantile Law Bar Exam Questions.” Cracking maybe, but not hacking. Obviously, confusion will arise on the usage of the word “hacking” if one is not particular to one’s audience.

For the technically inclined, to hack means to write a program code; or to modify a program, often in an unauthorized manner, by changing the code itself. A hacker, thus, is a computer enthusiast, or a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s). To crack, on the other hand, is to break into a computer system or to copy commercial software illegally by breaking (cracking) the various copy-protection and registration techniques being used. A cracker, therefore, is distinct from a hacker. The sole aim of crackers is to break into secure systems, while hackers are more interested in gaining knowledge about computer systems and possibly using this knowledge for playful pranks.1

To illustrate the technical distinction to the legal mind, decompilation allowed in Section 185 of the Philippine Intellectual Property Code (Republic Act No. 8293)2 is part and parcel of the technical concept of hacking. On the other hand, effecting transactions with one or more access devices issued to another person or persons to receive payment or any other thing of value (Section 9 [n] of the Access Devices Regulation Act, Republic Act No. 8484) – especially if construed in a virtual or Internet transaction – constitutes cracking.

Nevertheless, similar to the failure of mass media to distinguish between cracking and hacking, the terms cracking and hacking under the Philippine Electronic Commerce Act (Republic Act No. 8792) are used interchangeably. The Act provides specifically that “hacking or cracking … refers to unauthorized access into or interference in a computer system / server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document.” 3

The simplification of the definition of hacking, made synonymous to cracking, in the Electronic Commerce Act, allows the prosecution of a person, not necessarily a computer expert, who simply accessed another person‘s computer or electronic documents without the latter’s permission.

“Hacking the Mercantile Law Bar Exam Questions,” therefore, may be technically an incorrect title, but may be legally correct within Philippine jurisdiction.

Leakage of the 2003 Mercantile Law Bar Exams

The 21 September 2003 Mercantile Law Bar Examinations, one of the eight bar subjects and one given 15% weight, was annulled after a massive leakage – comprising 82 percent of the questions asked in the bar subject – occurred. The nullification of the examination on the subject was made in order to preserve the integrity and protect the sanctity of the examination and avoid any doubt or suspicion on the outcome of said examination. The Supreme Court, instead of having the examinees retake the Mercantile Law examination, distributed the weight assigned to Mercantile Law to other Bar subjects. Examinees in 2003 numbered to 5,349 law graduates.

The Supreme Court, on 4 February 2004, disbarred Danilo de Guzman, a lawyer from the Balgos and Perez law firm and the one responsible for the Mercantile Law Bar Examination leakage, and reprimanded Marcial OT Balgos, examiner in the 2003 Mercantile Law Exam, whose negligence was the root cause of the said bar leakage.

It appeared, on investigation, that Balgos prepared three sets of test questions on Mercantile Law on his personal computer in his law office. His computer, running on Microsoft Windows 98 operating system, is interconnected with other computers in the law office through a local area network (LAN). De Guzman activitated file-sharing of pertinent file folder(s) in Balgos’ computer without the latter’s knowledge, and was able to access Balgos’ files using his own computer in the network. De Guzman faxed the questions to Ronan Garvina, a fraternity brother. Garvina, in turn faxed the questions to Randy Iñigo and James Bugain. Iñigo passed a copy of the questions to Allan Guiapal, who gave a copy to Ronald Collado. Collado ordered the printing of the questions, with the logo and initials of the fraternity and distributed copies to 30 Bar candidates of the Manuel L. Quezon University (MLQU).

Atty. Ivan Uy, chief information officer of the Supreme Court, and his computer forensic experts were able to uncover De Guzman’s activities through his computer’s and the network’s logs. Inasmuch as access to Balgos’ computer was unauthorized, De Guzman is deemed to have committed “hacking” pursuant to the definition given by Section 33(a) of the Electronic Commerce Act.

Protecting files

Interconnectivity and security are two opposing, but not necessarily incompatible, concepts. Getting one step ahead of potential security threats would be a costly endeavor. But one must at least find ways to secure one’s files from an unauthorized user, who has basic knowledge of computers and their systems.

LAN may be practical in connecting a number of computers so as to share peripherals and resources, such as printers, hard disk storage, and even Internet connection when applicable. File transfer between computers within the network is made easier, especially if the file is above the 1.44MB diskette limit, or if the other computer does not have or support a large removable media drive. Unauthorized file access through shared folders, however, may occur if the user is unaware of means to control access. Therefore, what should be done to control access?

First. Choose the proper operating system. A lot of organizations purchase “home-based” operating systems such as Windows 95, 98, ME and XP Home for their personal computers as they are relatively cheaper than the more secure operating systems Windows NT, 2000, and XP Pro; or more popular than the various flavors of Linux or similar operating systems. The drawback in the use of Windows 98, for example, is that one can access the computer by merely cancelling the login box and thus create an account for oneself in the computer where one is not authorized to access. So if a file folder in Windows 98-based machine has been shared, one can access said folder in another computer in the network. Unlike in Windows 2000, for example, only one having administrator capabilities can add a new user to the computer. Furthermore, when a computer in a network does not contain a similar user profile as in the one accessed, a log-in and password dialogue box appears before one can access the other computer. 4

Second. Find out if you’re sharing more than you are willing to share. Clicking on your computer’s name on Network Neighborhood would show the folder(s) or drive(s) your computer is sharing over the network. Better unshare the folder(s) or drive(s) which you are not really willing to share, or otherwise create a specific folder containing only the files that you would want to share. Furtther, you may want to limit the number of people that can access the shared folders at one time.5

Third. Password-protect your documents. If you are using Microsoft Word and Excel, these documents and spreadsheets may be protected from being opened by unauthorized personnel.6

Fourth. Don’t let your ultra-sensitive files stay in your computer. Better store them in reliable removable storage devices, such as those heavy-duty portable ones that can be plugged in your USB port.

Fifth. If you have money to spare, buy reliable software which would provide your computer personal firewall. It is additional protection to safeguard your sensitive files.

These are some of the precautions one can do to safeguard one’s files from the prying eyes of other people, especially if the security of documents affect the lives of a lot of people.

  1. Definitions for “hack,” “crack,” and “hacker ”acquired or retrieved on 2 April 2004 from www.webopedia.com. Copyright, 2004 Jupitermedia . All rights reserved. Reprinted with permission from http://www.internet.com. []
  2. Section 185, R.A. No. 8293 provides in part, “Fair Use of a Copyrighted Work. — xxx Decompilation, which is understood here to be the reproduction of the code and translation of the forms of the computer program to achieve the inter-operability of an independently created computer program with other programs may also constitute fair use. ” []
  3. Section 33 (a), RA No. 8792. []
  4. Windows 95, 98, ME, XP Home, NT, 2000, XP Professional are trademarks of the Microsoft Corporation. On the other hand, visit www.linux.org for information on Linux. []
  5. The last option, however, is not available under Windows 98. []
  6. To do so, within the word processing (Word) or spreadsheet (Excel) application, click on “File,” then “Save As.” When the Save As dialog box appears, click on “Tools“on the tool bar on top right, and click “General Options…” on the drop-down menu appearing. A Save dialog box will appear. Key-in a password on the box under “File Sharing Option”, “Password to open.” A Confirm Password dialog box will appear, key-in the same password. The file saved would only be opened if the password so determined would be keyed-in. []