IT Law Journal

administrator April 28th, 2008

The Proposed House Bills on CyberCrime Prevention
by Kristi Ann P. Rutab

Introduction

The Philippines came into the international limelight when a Filipino, Onel de Guzman, was singled out as the origin of the virus dubbed as “Love Bug” which was unleashed on May 4, 2000. It was considered as the most destructive and sophisticated virus ever conceptualized and perpetuated in the Internet. According to final estimates, it had invaded tens of millions of computers representing 80% of the computer systems worldwide and had caused a staggering financial damage amounting to $10 billion and irreparable damages to computers in several countries like Hongkong, Malaysia, Germany, Belgium, France, the Netherlands, Sweden, Great Britain and the United States.¹

This scenario has alarmed the whole world and prompted all nations; most especially the developed countries whose business endeavors depend largely on the cyber infrastructures, to look more closely into computer-related crimes known in the broad sense as “cybercrimes.” Moreover, there was a growing concern for legislations to apprehend and prosecute the criminals.

The Internet is considered as one of humankind’s greatest achievements. While it serves as an excellent tool for investors, allowing them to easily and inexpensively research investment opportunities, it is also an excellent tool for fraudsters.² The Internet allows individuals or companies to communicate with a large audience without spending a lot of time, effort or money by simply building an Internet web site and posting messages online.

This technological breakthrough has made telecommunications, banking systems, public utilities, emergency systems and forms of business endeavors to be conducted easily; it is also as easy for fraudsters to make their messages look real and credible, inflicting harm to others on a wide scale. Although it is often difficult to determine the motives of these digital outlaws, the result of their conduct threatens the promise of the Internet by reducing public confidence and consumer trust in the whole system.³

Cybercrimes Defined

What are cybercrimes and how do cybercriminals go through their illegal pranks?

Cybercrimes refer to offenses committed using a cyber tool such as a computer, web site, e-mail, or any other electronic document.⁴ Cybercrimes can be divided into three major categories, namely: ⁵

1. Cybercrimes against persons;
2. Cybercrimes against property; and
3. Cybercrimes against government

Cybercrimes against persons include transmission of child pornography, harassment with the use of a computer, and cyber-stalking where the victim is repeatedly flooded with threatening messages. Harassment with the use of a computer usually comes in the form of e-mail bombing where messages are sent to a target recipient repeatedly thus flooding his mail box with junk mail; spamming which is often used for trade and promotion; spoofing which refers to the faking of the e-mail sender’s identity and tricking the target recipient into believing that the e-mail originated from the supposed sender; linking/framing which involves displaying one’s site content on another’s web page without permission; denial of service which is an explicit attempt by attackers to prevent legitimate users of using the service.⁶

Cybercrimes against property include unauthorized computer trespassing through cyberspace, computer vandalism, creation and transmission of harmful programs or viruses to computer systems, hacking and cracking which refers to the unauthorized access or interference in a computer system/server or information communication system, and software piracy.⁷

Cybercrimes against government can be in the form of cyber terrorism in which the cyberspace is used by individuals and groups to threaten governments and to terrorize all citizens of the country. This can take the form of cracking into a government or military web site.⁸

As enumerated, it can be inferred that any activity which offend human sensibilities using computer systems can be within the ambit of cybercrimes. It can also be gathered that cybercrimes make use of the same resources as the Internet and the offenders are no ordinary individuals or groups but are those who have a thorough understanding of this superhighway of information. This makes it easy to commit even in a jurisdiction that does not require physical presence and oftentimes are varied in their design posing difficulty to make an electronic trail. Furthermore, due to their intellectual prowess, the offenders commit crimes and make them appear not clearly illegal.

With the growth of electronic commerce and the borderless characteristic of the World Wide Web, there is an escalating danger posed by cybercrimes. These have taken many faces and are committed in diverse fashion. Some of these crimes committed, like that of de Guzman, have been exposed to the world but some remain unnoticed until the damage has become vast. There are several instances of illegal access and damages around the world that remain unreported. Because of this situation, if left unchecked or unpunished, cybercrimes will adversely affect the virtual world.

Legislation against cybercrimes should be in place for the prevention, apprehension, and prosecution of cybercrimes. Existing laws are likely to be unenforceable against cybercrimes which greatly differ from the traditional terrestrial crimes committed considering that electronic data are intangible property. This seeming lack of legal protection poses dangers to business and economy and creates a threat to national security.

Legislations on Cybercrime Prevention

De Guzman, in spite of his admission of the crime he has committed by unleashing the “Love Bug” virus that caused so much damages, went out unscathed due to the lack of Philippine legislation on computer-related crimes at the time it was committed. While there were existing laws in the United States and in other countries who were victims of the virus, extradition cannot be applied. Moreover, government authorities decided that the other crimes he was charged with, such as credit card fraud, did not also prosper due to insufficient evidence.⁹

This scenario had left legal experts in disbelief and it prompted nations worldwide to take action. India’s National Association of Software and Service Companies (NASSCO), responding to the scenario, called for global regulations to deal with the future de Guzman’s of the world and asking every country which uses the Internet to adopt cyber laws¹⁰ The call had also raised concern in the Philippines because the absence of criminal liability for the “Love Bug” perpetrator could make cyber criminals seek the Philippines as a safe harbor for their illegal acts.

Six weeks after the “Love Bug” phenomenon, the Philippine government responded to the call when then President Joseph Estrada signed into law republic Act 8792, known as the Electronic Commerce Act.” The law seeks, among others, to ensure network security through the penal provisions particularly Section 33 (a) and (b) which states:¹¹

Section 33(a): “Hacking or cracking which refers to the unauthorized access into or interference in a computer system/ server or information and communications system; or any access in order to corrupt, alter, steal or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, attraction, theft or loss of electronic data messages or electronic document shall be punished by a minimum fine of P 100, 000.00 and a maximum commensurate to the damage incurred and mandatory imprisonment of six months to three years.”

Section 33(b): “Piracy or unauthorized copying, reproduction, dissemination, distribution, importation, use, removal, alteration, substitution, modification, storage, removal, uploading, downloading, communication, making available to the public, or broadcasting of protected material, electronic signature, or copyrighted word including legally protected sound recordings or phonograms or information material in protected works, through the use of telecommunications networks, such as, but not limited to, the interest, in a manner that infringes intellectual property rights shall be punished by a minimum fine of P 100, 000.00 and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years.”

RA 8792 is a landmark law in the history of the Philippines for it made the Philippines a legitimate player in the global marketplace.¹² It has placed the Philippines among the countries with a law against cybercrimes.

Section 33 (a) of RA 8792 was the basis got the arrest of Cesar Manalac for hacking into the computer systems of his former employer Thames International Business School.¹³ Manalac’s conviction marks the enforcement of RA 8792. It is by virtue of the same provision that the Supreme Court, on February 4, 2004 disbarred Danilo de Guzman, a lawyer from the Balgos and Perez law firm for hacking the Mercantile Law Bar Exams in September 2003 thus giving rise to a leakage in the prestigious bar examinations.¹⁴

While RA 8792 is already in place, it was found to have failed to address all the forms of cybercrimes that are enumerated in the Budapest Convention on Cybercrimes, namely:¹⁵

• Title 1: Offenses against confidentiality, integrity and availability of computer data and systems which include illegal access, illegal interception, data interference, system interference, misuse of devices;
• Title 2: Computer-related offenses which include computer-related forgery and computer-related fraud;
• Title 3: Content-related offenses as child pornography;
• Title 4: Offenses related to infringement of copyright and related rights.

Furthermore, enforcing the law with the use of the existing law enforcement guidelines as embodied in the Revised Penal Code, as amended, may not work for cybercrimes. Unlike the traditional, terrestrial crimes which deal with corporeal evidences, cybercrimes deal with electronic data which are intangible evidences. Take the case of theft of electronic data which does not deprive the owner of the data; rather, the thief gets the data but the data still remain with the owner.¹⁶ In this case, it may be argued that there was no theft because the data were not taken but were simply copied. Also, due to the borderless nature of the World Wide Web, the victim may be in one country but the criminal is in another country which makes it difficult to apprehend, investigate, and prosecute. Moreover, cybercrimes are committed in perfect anonymity and when launched, they attack many victims simultaneously. Thus, the Budapest Convention calls for international mutual cooperation because of the difficulty to apprehend the cyber criminals in spite of the existing laws.

House Bills on Cybercrime Prevention

Because of the noted inadequacies of the Electronic Commerce Law or RA 8792, several bills have been proposed in the House of Representatives as early as 2001 in the 12th Congress but until now, none of these bills have been passed into law.

Among the House Bills filed in the 12th Congress are:

1. HB 1310 known as the “Anti-Computer Fraud and Abuses Act of 2001″ was filed by Congresswoman Nanette Castelo-Daza on July 24, 2001. This bill defines computer fraud and other cyber-related fraudulent activities covered by computer forgery, damage to computer data or computer programs, computer sabotage, unauthorized access and unauthorized interception as well as obscenities. It likewise provides the necessary penal provisions that must be imposed upon the violators of the offense, both fine and imprisonment. Finally, it accords authority to the National Security Council to conduct investigation on computer – related crimes vis-à-vis its effect on national security. It was referred to the Committee on Science and Technology on 30 July 2001 and secondarily referred to the Committee on Revision of Laws.¹⁷
2. HB 3241 known as “Anti-Cybercrime Act of 2001″ was filed by Congressman Eric D. Singson on September 25, 2001. The objective of this act is to protect and safeguard the integrity of computers, computer systems, computer networks, computer servers, database, and the information and data stored therein from computer users who resorted to computer fraud, abuses and other cyber-related fraudulent activities by providing penal sanctions to the perpetrators in creating a coordinating body which shall coordinate, collate and synergize efforts of all law enforcement agencies in combating cybercrimes. It was referred to the Committee on Science and Technology on 01 January 2001 and secondarily referred to the Committee on Revision of Laws.¹⁸
3. HB 4083 known as the “Anti -Cybercrime Law” was filed by Congressman Amado T. Espino, Jr. on December 12, 2001. The bill recognizes the policy of the State to protect the society against the upsurge of computer fraud, destruction of electronic systems and properties and proliferation of crimes brought about by the continuing globalization of computer networks. It is imperative to maintain the confidentiality, integrity, reliability and availability of computer systems, networks and computer data in the furtherance of national interest and security. It is in this context that the State recognizes its duty to safeguard its interest against the image of electronic fraud that tends to disrupt peace and order in the cyber space. It was referred to the Committee on Science and Technology on 19 December 2001 and secondarily referred to the Committee on Revision of laws.¹⁹
4. HB 5560 (An Act Preventing and Penalizing Computer-Related Crimes, Further amending for the purpose certain pro0visions of Act No. 3815, as amended, otherwise known as the Revised Penal Code, was filed by Congresswoman Imee R. Marcos on December 17, 2002. The bill seeks to amend certain provisions of Act No, 3815 as amended, otherwise known as “the Revised Penal Code” by including erasures, substitutions, alterations, revelations and concealments or destruction of documents by the use of computers as a crime. It was referred to the Committee on Science and Technology on 13 January 2003 and secondarily referred to the Committee on Revision of Laws.²⁰

The Committee on Science and Technology and the Committee on Revision of Laws, after a study of the four bills filed in the 12Th Congress, were unanimous in saying that E-Commerce Law or RA 8792, while comprehensive in identifying the types of cybercrimes does not specify which acts constitute cybercrimes and it also does not address cybercrimes sited in the Budapest Cybercrime Treaty.²¹ Thus, there is a need for a stronger and more specific law to combat cybercrimes. The Information Technology E-Commerce Council (ITECC) was tasked to consolidate all these anti-cybercrime bills filed in the 12th Congress as a substitute bill which conforms with the international standards set under the Cybercrime Convention of the Council of Europe signed in Budapest in 2001.²²

As the ITECC was drafting the consolidated bill, House Bills on computer-related crimes were likewise refined and filed anew in the 13th Congress. Among these bills are:

1. HB 337 (An Act Preventing and Penalizing Computer-Related Crimes, Further Amending for the Purpose Certain Provisions of Act No. 3815, as Amended, Otherwise Known as the Revised Penal Code) filed by Congresswoman Imee R. Marcos on 01 July 2004 and was referred to the Committee on Revision of Laws on 27 July 2004.²³
2. HB 1246 (An Act Preventing and Penalizing Computer Fraud, Abuses and other Cyber-related Fraudulent Activities and Creating for the Purpose the Cybercrime Investigation and Coordinating Center, Prescribing its Powers and Functions and Appropriating Funds, therefore) known as the “Anti-Cybercrime Act of 2001″ was refined and filed anew by Congressman Eric D. Singson on 07 July 2004.²⁴
   The draft of the consolidated bill created by the ITECC known as the Philippine Cybercrime Prevention Act of 2003 had to undergo frequent changes Patterned after the Budapest Convention on Cybercrime, the bill known s the “Cybercrime Prevention Act of 2004″ or HB02093 was filed in the 13th Congress on 04 August 2004 by Congressman Amado T. Espino, Jr. The bill seeks to impose penalties for the following cybercrimes: illegal access and interception to the whole or any part of a computer system or network, illegal data and system interference, misuse of devices, computer forgery and fraud, and unsolicited commercial communication.²⁵ It also penalizes offenses related to child pornography through the Internet or computer network, the infringement of intellectual property rights, and other violations of the Revised Penal Code, the Consumer Act and other related laws using computer systems, the Internet or electronic transactions. Corporations would also be held liable for crimes committed in behalf and for the benefit of a juridical person including company officials and persons who conspire to commit cybercrimes including those helping or abetting to commit any crime under the Cybercrime law will be held liable.²⁶
3. HB 3777 (An Act Defining Cyber crime, Providing for Prevention, Suppression and Imposition of Penalties Therefor and for Other Purposes), known as the “Cybercrime Prevention Act of 2005″ was filed by Congresswoman Halili Cast Abayon on February 2, 2005. The bill was a refinement of the bill referred to the Committee on Information and Communications Technology on February 28, 2002. The bill seeks to define cybercrime, identify punishable act involving computers, provide penalties, determine legal procedures for the investigation and prosecution of cybercrimes, clarify jurisdiction and provide for a clause on mutual assistance and cooperation. It provides for the creation of the Cybercrime Investigation and Coordinating Center.²⁷

A new bill was filed, HB003218 known as “Department of Information and Communications Technology Act of 2005″ was filed by Congressman Simeon L. Kintanar on October 27, 2004. The bill prescribes the mandate of the department and its organizational structure.²⁸

Several bills have been filed since 2001 and the 13th Congress has ended but there was no law that has been enacted up to this point in time. In fact, on January 28, 2004, Richard Downing, senior legal counsel of the US Department of Justice Computer Crime and Intellectual Property Section and Joel Michael Schwarz, trial attorney of the US Department of Justice, conducted a workshop on the US Cyber crime Law for the ITECC intended to help local legislators and policy makers to improve the draft of the Cybercrime Prevention bill pending in Congress. As Downing said, “If you delay enacting a law against cybercrimes, it will only embolden those who commit these electronic crimes.²⁹

Inspite of all these calls for legislation to prevent cyber crimes, the bills are still pending in Congress. Meantime, the threat of cyber crimes continues to be a growing national concern. In a two-day “Legislators and Experts Workshop on Cyber crime” in October 2007, Ray Anthony Roxas-Chua, Chairman of the Commission on Information and Communications Technology read a joint declaration formulated by the participants which states, ” We hereby declare our support for Philippine accession to the Budapest Convention on Cybercrime and the expeditious passage of an implementing anti-cybercrime law to prevent, mitigate, and deter the commission of ICT related crimes, to foster cooperation within the ICT community, government, private sector and civil society in promoting an atmosphere of safe computing.”³⁰

After the 14th Congress was convened, two bills that are a refinement of previous bills have been filed. These bills are:

1. HB 190 known as the “Cybercrime Prevention Act of 2007″ was filed by Congressman Juan Edgardo M. Angara and several co-authors on July 2, 2007 and was referred to the Committee on Justice on July 24, 2007. The bill defines cybercrimes, identifies punishable acts involving computers, determines the legal procedure for the investigation and prosecution of cyber crimes, clarifies jurisdi8ctions, provides for a clause on mutual assistance and cooperation and identifies a local body that shall be responsible for providing a 24/7 assistance to foreign entities in the resolution of cybercrime cases.³¹
2. HB 1323 (An Act Preventing and Penalizing Computer Fraud, Abuses and Other Cyber-related Fraudulent Activities and Creating for the Purpose the Cybercrime Investigation and Coordinating Center, prescribing its powers and Functions and Appropriating Funds therefore) known as the “Anti-Cybercrime Act of 2001″³²

Conclusion and Recommendations

As evidenced by the House Bills filed in Congress since 2001, with all the consolidation, revisions and filing anew of the improved version of the bills and trying to align these with the Budapest treaty, Congress has yet to act on the pending bills aimed at cyber crime prevention in the Philippines. The government is taking its time in passing an important law that will safeguard the country from the dangers posed by cybercrimes. The E-Commerce Law or RA8792, as has been evaluated by technical experts, is not adequate to address the emerging cybercrimes. Moreover, it does not meet the international standards set in the Budapest Cyber crime Treaty and therefore does not merit the international mutual assistance and cooperation.

Have the Filipinos not learned any lesson from the “Love Bug” menace by a Filipino in 2000? Or is the Philippines opening its gates to be known as a haven for cyber criminals?

On December 11, 2007, it was reported by Monchito Ibrahim, the newly appointed commissioner of the Commission on Information and Communications Technology (CICT), that a consolidated version of a bill creating the proposed Department of Information and Communications Technology would be drafted by a technical working group created for the purpose.³³ But this was already filed in the 13th Congress by Congressman Kintanar through HB03218.

It can be surmised that this is an endless strife. Yet the upsurge of cybercrimes continues and because of its borderless characteristic, if left unchecked and unpunished, the adverse effect on the growth of e-commerce will be too great. Cybercrimes as noted by many experts pose skyrocket dangers to the security of particular countries and world society as a whole.³⁴

But legislation to combat cyber crimes is only one side of the coin. How to put teeth to the law is what matters most. Laws are useless if law enforcement agencies do not have the computer education and training necessary in this highly technological world. The proposal to establish e-courts to litigate cybercrimes is great but judges must possess the technical know-how.

With all these circumstances, the following recommendations are hereby forwarded:

1. That a law on cybercrime prevention to supplement RA 8792 and aligned with internationally accepted standards be passed without delay;
2. That a special agency with the technical expertise be created to monitor and regulate cyber activities;
3. That law enforcement agencies be manned by a new breed of law enforcement personnel with adequate computer skills and technical expertise and thoroughly trained to operate highly technical equipments and facilities since the re-training of personnel without computer background would be futile;
4. That adequate resources be provided to the law enforcement agencies so that they can acquire the necessary tools, equipment and technical skills and continuously upgrade them for the defense of network systems from cyber crime attacks;
5. That prevention is still the best tool against cybercrimes; hence, technologies like firewalls, encryption technologies and other infrastructure systems be required for all computer network systems;
6. That cooperation among all sectors of society to combat cybercrimes be forged and advocacy to increase awareness of the dangers of cybercrimes be strengthened; and
7. That everyone becomes a responsible and ethical user of computers and information systems.

1. Philippine Response: Technical Mechanism to Combat TNC’s Conclusion, < http://www.pctc.gov.ph/tncunrr.htm > [↩]
2. Internet Fraud, < http://www.crime_research.org/articles/Internet_fraud_0405 > [↩]
3. Legal and Regulatory Issues in the Information Economy/ Cybercrimes, < http://en.wikibooks.org/wiki/ > [↩]
4. Why is there a need for Cyber law?, < http://www.cyberlawindia.com/cyberindia/cybfaq.htm > [↩]
5. Ibid., Legal and Regulatory Issues in the Information Economy/ Cybercrimes, < http://en.wikibooks.org/wiki/ > [↩]
6. Loc. Cit., < http://en.wikibooks.org/wiki/ > [↩]
7. Loc. Cit., < http://en.wikibooks.org/wiki/ > [↩]
8. Loc. Cit., http://en.wikibooks.org/wiki/ > [↩]
9. Love Bug Case Dead in Manila, < http://www.wired.com/politics/law/news/2000/08/38342?currentpage=1 > [↩]
10. Loc. Cit., < http://www.wired.com/politics/law/news/2000/08/38342?cur rentpage=1 > [↩]
11. The Philippine E-Commerce Law _ Republic Act No. 8792, < http://www.digitalfilipino.com > [↩]
12. Salient Features of RA 8792, < http://www.digitalfilipini.com/writings_articles.cfm?id=19 > [↩]
13. E-Commerce Act or RA 8792 by Gilbert E. Lumantao, < http://www.batasayti.freeservers.com/customs2.html > [↩]
14. Mercantile Law Bar Leakage, < http://www.arellanolaw.net/publish/itlj_issue1_00.html > [↩]
15. Budapest Cybercrime Convention, < http://www.conventions.coe.int/Treaty/EN/Treaties/1_html/185htm > [↩]
16. RA 8792 Annotations, < http://www.disini.ph/downloads/EcomIRR%20annotations.pdf > [↩]
17. House of Representatives, House Bills and Resolutions, 12th Congress,< http://www.congress.gov.ph > [↩]
18. Loc. Cit., < http://www.;congress.gov.ph > [↩]
19. Loc. Cit., < http://www.congress.gov.ph > [↩]
20. Loc. Cit., < http://www.congress.gov.ph > [↩]
21. Digital Divide, < http://www.geocities.com/is201_mtan/link91.html > [↩]
22. Sison: Bill v. Computer fraud, < http://www.sunstar.com.ph/static/pam/2003/10/27/oped/mark.allen.c.sison.congress > [↩]
23. House of Representatives, House Bills and Resolutions, 13th Congress, < http://www.congress.gov.ph > [↩]
24. Loc. Cit., < http://www.congress.gov.ph > [↩]
25. Loc. Cit., < http://www.congress.gov.ph > [↩]
26. Cybercrime prevention bill to be refilled in new Congress, < http://www.ebalita.net/go/news/news.ph?id=2151 > [↩]
27. House of Representatives, House Bills and Resolutions, 13th Congress, < http://www.congress.gov.ph > [↩]
28. Loc. Cit., < http://www.congress.gov.ph > [↩]
29. US urges Philippines to Implement Cybercrime Law by Geoffrey P. Ramos, < http://computerworld.co.nz/news.nsf/news/EE981833038061A2cc256/E2800632?43 > [↩]
30. Legislation against Cybercrimes pushed, < http://www.gmanews.tv/story/66031/ > [↩]
31. House of Representatives, House Bills and Resolutions, 14th Congress, < http://www.congress.gov.ph > [↩]
32. Loc. Cit., < http://www.congress.gov.ph > [↩]
33. Consolidated DICT bill seen next week, < http://services.inquirer.net/print.php?article_id=106218 > [↩]
34. Actual Problems of Fighting Cybercrimes, < http://www.crime.research.org/library/nomokonov.html > [↩]

• ITLJ 4-2
• Comments(1)