Tags: Crime and Punishment, Legislation
By Alexander Villafania
QUEZON CITY, METRO MANILA – After nearly a decade, the Senate has finally approved the Cybercrime Bill on its third and final reading. But is the bill updated enough to accommodate the latest developments on the Internet?
The Cybercrime Bill underwent some changes due in part to the change in government as well as its supporters. The Senate version of the bill is actually combines several proposals. Nevertheless, the original format and content remains the same.
And therein lies the problem; this version of the bill practically has not been updated long enough to include up and coming concerns in cyberspace. Perhaps to compensate for this, the Cybercrime Bill is given a broad, sweeping, and sometimes vague mandate.
It does not describe what cybercrime is, instead signifying a number of generally accepted “digital crimes.” Normally, these types of violations would be stated in technical terms but the Senate’s version of the Cybercrime Bill lacks these.
For instance, the concept of hacking is broadly described as “illegal access.” Data capture is described in the Senate’s Cybercrime Bill as “illegal interception” and “data interference.”
Spam is missing though a provision in the proposal called “unsolicited commercial communications” is included. Even the words “virus,” “malicious software” (malware), “Trojan,” “denial-of-service (DDOS) attack,” “software piracy” do not make an appearance.
Noteworthy in the Cybercrime Bill is the inclusion of child pornography. It would have been acceptable if it wasn’t late; Republic Act 9775, the Child Pornography Law, was enacted in 2009 and already has provisions against online exploitation. The latest version of the Cybercrime Bill does refer to RA 9775, but such an inclusion is already moot given the existence of another law.
One aspect of the proposal that could have potentially troublesome effects is the perceived process by which a government agency can conduct its investigation.
In Section 11, “Disclosure of Computer Data”, the issuance of a court order would force a service provider (a telecommunications firm or a data center, for example) to release all information related to specific users who are being investigated. It essentially supersedes the privacy agreement between the service provider and the user, if there are any prior arrangements.
In Section 12, “Search, Seizure, and Examination of Computer Data,” the organization that is conducting the investigation can procure data “either directly, through access and use of computer system, or indirectly, through the use of electronic eavesdropping or tapping devices.”
These two sections would still require a court order for the acting agency to conduct their investigation. But whatever factors that could lead a judge to issue a warrant to allow for electronic eavesdropping remain unknown; the proposed bill does not have those provisions on what would justify an investigation.
If it becomes law what would be the appropriate and competent government agencies to enforce the Cybercrime Bill?
According to the bill’s main proponent, Senator Edgardo Angara, it would be the Department of Justice (DOJ), and the Department of Science and Technology – Information and Communications Technology Office (DOST-ICTO).
Two agencies called the National Cyber Security Center (NCSC) and the National Cybersecurity Coordinating Council (NCCC) would be formed to augment the government’s enforcement capacity on ICT.
But note that there have been several attempts to put up a cybersecurity office in the Philippines. The DOST-ICTO used to be the Commission on Information and Communications Technology (CICT), which was already getting a lot of promotion to become a full department until it was absorbed into the DOST. In 2004, there was the Task Force for the Security of Critical Infrastructure (TFSCI) but was later dissolved.
Even the DOJ does not have a full complement of cybersecurity experts to enforce these laws. At least the National Bureau of Investigation (NBI) and the Philippine National Police (PNP) have the technical, logistical, and manpower capacity to conduct cybercrime investigations. Even so, the number of people prosecuted for cybercrime-related violations remain low.
Having a cybercrime law in the Philippines is by no means a necessity, especially with the mushrooming information and communications technology sector in the country, as indicated by the presence of outsourcing firms.
The current Cybercrime Bill already has its supporters especially among ICT-related industries. However, there is still a need to review some of the outdated segments of the proposal and also it needs an appropriate set of implementing rules and regulations (IRR) that would define what constitutes cybercrime and what factors are needed for an agency to peak into someone’s ICT infrastructure.
Most importantly, the government has to finally agree to a specific ICT direction and follow it to the letter. Only an agency that invokes its legal mandate to enforce other agencies to follow is needed and such an agency could not just be a bureau or a commission.
Unless these are addressed, a cybercrime law would only go so far as putting a hobbyist hacker in jail and not entirely protect the country’s ICT infrastructure.
Related stories:
Long overdue ‘cybercrime’ bill finally gets Senate nod
‘Cybercrime’ in the Philippines on the rise, warns Symantec
Proponents renew call for Philippine cybercrime bill
How SOPA, PIPA could affect Pinoy Web users
Accidents and Tragedies Administration Cooperatives Crime and Punishment Elections Environment Filipinos Abroad General News Government Agencies Government Offices Inspirational Stories Judiciary Labor and Employment Legislation Military NGOs and foundations non-government organizations and foundations People Power and Edsa Politics Poverty Public Holidays and Celebration Typhoons and Natural Disasters Typhoons and natural disaters Water Electricity and Utilities
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
|
|
|
|
|
|
|
|
