addressing cybercrimes in the philippines · based on interview of key persons as the primary...
TRANSCRIPT
Page 1 of 45
ADDRESSING CYBERCRIMES IN THE PHILIPPINES:
A LEGAL FRAMEWORK IS CRUCIAL1
Lizan E. Perante-Calina
I. Introduction
A. Background of the Study
The era of globalization has introduced myriad of concerns and developments in the
growth of modern and sophisticated communication technology. With its emergence, it makes
everyday life activities easier and economical through the use of global internet or the World
Wide Web (www).
The unprecedented growth of these information technologies appear to have advantages
and disadvantages. People from all walks of life are forced to cope with the demands of the
digital era for different reasons like for academic, business or socialization purposes. However,
with easy access and availability, there appears to have apparent drawbacks on its uses. One
prevalent drawback is making the internet and computer system a means to commit crimes which
in the international parlance are referred to as cybercrimes.
Cybercrimes are any crime that is committed using a computer, a network, or hardware
device. Attacks include keystroke loggers, viruses, root kits or Trojan horses, phishing,
pharming, theft or manipulation of data or services via hacking or viruses, identity theft and bank
or e-commerce fraud (Merrit 2010:15).
1 A policy paper submitted to UP-NCPAG as part of the course requirement in PA 247 (Policy Paper), SY 2011-2012
Page 2 of 45
According to the Tenth United Nations Congress on the Prevention of Crime and the
Treatment of Offenders, “cybercrime” is “any crime capable of being committed in an electronic
environment, where crime refers to behavior generally defined as illegal or likely to be
criminalized. Its commission can be done through a computer system or network, in a computer
system or network or against a computer system or network” (Corell 2000:2).
From the viewpoint of the Council of Europe on the Convention on Cybercrime which is
the only binding international instrument on issue, “cybercrime” is “one of the most global of all
transnational crimes and it poses major challenges for the law enforcement and criminal justice
systems” (Council of Europe 2009). The pervasiveness of these computer crimes is in fact
growing, reaching to an annual revenue of “$1 trillion” (Leyden, 2009:1) and is estimated to
exceed the revenues of international drug trafficking (Council of Europe 2009 and Security
Watch 2009).
Various literatures articulate that cybercrimes are evolving, fast-growing, and
sophisticated and can happen anytime, anywhere and to anybody at a different level. “It goes
beyond the technical, transnational dimension and it involves offenders who deliberately fashion
their attacks to exploit the potential weaknesses present in the infrastructure‟s transnational
nature. In the Asian region, these are also one of the fastest growing non-violent crimes” (Sosa
2009:1).
Cybercrime groups use botnets, computers that transmit spam and viruses via the Internet
to other computers without their owners knowing about it. The botnets can steal credentials,
credit card details and other sensitive information. They can also carry out the pay-per-install and
pay-per-click schemes. Cybercriminals can utilize search engines like Goggle and social
networking sites such as Facebook and Twitter (spot.ph/the-feed/47838/cyber-threat-
intensifying-in-ph-says-anti-vi..., Cybercrime Threat Intensifying in PH Says Anti-Virus Firm,
Page 3 of 45
Spot, The Feed 2011: 1).
Cybercrimes may take several forms. Table 1 indicates an explanation of the different
forms of cybercrimes.
Table 1. Forms of Cybercrimes
Black Market/Underground
Economy
An efficient, online global marketplace where stolen goods and fraud-
related services are regularly bought and sold.
Bot or Botnet
Short for robot, a bot is a small hidden application that is sent by
cybercriminals to unsuspecting computers like yours. It then uses your
computer to perpetrate criminal activities such as sending spam emails or
phishing attacks. Botnets are networks of bots working together to
perpetuate massive attacks in thousands or even millions of computers.
Crimeware
Includes programs that may be classified as bots, keystroke loggers,
spyware, backdoors and Trojan horses.
Hacking
Person or group of people who use unauthorized methods to access a
computer or network of computers, usually for illegal purposes.
Keystroke Logger
A simple, readily available spyware application, loaded onto target
computers via spam or click fraud Trojans, that records every keystroke
on your computer, and sends your information back to the cybercriminal.
Phishing
Spam email that appears to be legitimate but is not. Its goal is to get you
to send personal information to the cybercriminal.
Spam
Spam is a catch-all term for any unsolicited email. Much of it is just
bothersome correspondence from legitimate businesses. But some of it
has criminal intent, whether phishing for information, attempting to load
malicious code onto your computer, trying to enlist you in a scam, or
trying to seduce children.
Trojan
Trojans are applications sent to your computer, either via spam or click
fraud that sit silently on your computer and download spyware bots or
other malicious applications to your computer.
Source: Cybercrime Exposed, Symantec’s Internet Safety Advocate, 2009
Cybercrime is one of the most complicated problems in the digital era faced by both
Page 4 of 45
developed and developing countries. It can be one of the species of conventional crimes. What
makes it distinctly different is the usage of a computer device or a system. “Data heavens
represent one of the greatest threats against security in the information age. Attacks against
critical infrastructures can be carried out from countries which lack cybercrime regulations
implying serious problem of jurisdiction” (Picotti and Salvadori 2008:4).
Being a global offense, cybercrime needs a global answer through international
cooperation. As early as 1984, the United States of America (USA) started its campaign against
cybercrime problems by enacting its first law on Computer Fraud and Abuse Act (18 U.S.C.
1030). Seven years later, the Department of Justice (DOJ) created a specialized unit to address
computer issues known as the Computer Crime and Intellectual Property Section (CCIPS) which
evaluates computer crime problems, offers legislative and policy proposals to address computer
crimes (Kowalski 2002).
In the United Kingdom (UK), an Internet Crime Forum was formed in 1999 which
brought together representatives from the government, the law enforcement agencies and the
internet industry to develop and maintain a working relationship in the protection of legitimate
internet communications (Kowalski 2002). The Forum has identified significant gaps in
addressing cybercrime cases in UK.
The Canadian Government has also its share in addressing the endemic spread of
cybercrimes. It initiated major initiatives in addressing cybercrimes by actively participating in
G8 Group of Senior Experts on Transnational Organized Crime, the Committee of Experts on
Crime in Cyberspace of the Council of Europe and the Organization of American States Group
of Government Experts on Cyber-Crime. It also conducts Global summits, international studies
and has helped in drafting the Council of Europe Convention on Cybercrime. In fact, Canada
was one of the first countries to enact criminal laws in the area of computer crime (Kowalski
Page 5 of 45
2002) in consonance to the Convention on Cybercrime 2001. A study of the United Nations-
sponsored network of Internet policy officials articulate that Canada is ahead of nearly two-thirds
(2/3) of the 52 countries surveyed in enacting laws to crack down cybercrimes (Kowalski 2002
citing Chu 2000).
In November 2001, the Council of Europe1 crafted the Convention on Cybercrime (CoC)
with the participation of Canada, Japan, South Africa, and the USA. The Convention took effect
on July 1, 2004. Considered as the only binding international instrument on the issue of
cybercrime, the Convention serves as a guide for any country to develop a comprehensive
national legislation on cybercrime. The CoC also operates as a framework for international
cooperation between signatory countries (Council of Europe 2009).
In “2010 there were about 1.9 billion internet users all over the world” (Internet World
Stats 2010) and this is expected to grow each year as information technologies are evolving. New
models, versions, software and programs are launched every year to keep pace with the demands
of the time.
Moreover, the Internet Crime Complaint Center (IC3)2 received more than three hundred
thirty six thousand (336,000) complaints for the period of January to December 2009 covering
only the United States (see Figure 1). Less than half of the complaints were referred to local,
state and federal law enforcement agencies of the country for further investigation. Most of the
referred cases involved internet fraud resulting to financial loss.
Page 6 of 45
Figure 1. Yearly Comparison of Complaints Received via the IC3 Complaint Website
(2000-2009)
Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)
National White Collar Crime Center (NW3C),
Bureau of Justice Assistance, U.S. Department of Justice
Faced by massive cyberthreats, United States President Barack Obama issued a
Presidential Proclamation on October 2010 declaring the month of October as the National
Cybersecurity Awareness Month. (See Annex A). In other parts of the world, cybercrime
complaints are on the rise as computer internet users are also increasing as shown in Tables 2,
2.1., 2.2., 2.3 and 2.4 on World Internet Usage and Population Statistics (see Annex B).
The tremendous influence of information communication technologies (ICT) is certainly
making a great wave on the economic, political and social situations of every nation. But too
much dependency will basically generate vulnerabilities if such use cannot be regulated. The
prevalence of cybercrime activities has signaled that there is a need for some countries to
Page 7 of 45
strengthen their cybercrime framework using the “Convention on Cybercrime”3 as a guideline or
“model law”. These countries include Argentina, Benin, Botswana, Brazil, the countries of the
Caribbean, Chile, Colombia, Costa Rica, the Dominican Republic, India, Indonesia, Morocco,
Mexico, Niger, Nigeria, Pakistan, Sri Lanka, and Philippines (See Figure 1, Annex “C”)
(Council of Europe 2009).
B. Problem Statement
The researcher feels the need to conduct this study to fill in the gaps of the policy of the
Philippine Government to address the prevalence of cybercrimes. By answering the questions on
how to address cybercrimes in the Philippines and how to strengthen the existing pillars of the
judicial system, the policy study will be able to identify the issues faced by the country and the
possible recommendations to the problems.
C. Objectives
The main objective of the paper is to analyze and examine the present situation of the
Philippines as a developing country on how it responds to the information technology
advancement, with particular focus on the doom side of seamless access to internet where
proliferation of cybercrime cases is apparent.
The researcher aims to make the policy paper a useful instrument for Congress and the
Philippine bureaucracy to enact a legislative measure which will define the nature and scope of
cybercrimes in accordance with the provisions of Convention on Cybercrime of the Council of
Europe. As mentioned earlier cybercrimes are not only a domestic but a global concern, thus,
there is a need to harmonize domestic laws with international treaties.
Page 8 of 45
D. Methodology
The study employed in the paper is the descriptive method in analyzing and evaluating
the policy gaps in the prevention of cybercrimes in the country. The gathering of the data is
based on interview of key persons as the primary source of information. Secondary materials,
such as books, journals, newspapers and internet sources, were also utilized. The study focusses
on how the Philippine Government deals with the prevention and prosecution of cybercrime
cases.
E. Definition of Terms
“Botnets/Zombies - are armies of computers infected with malware that can serve many
purposes, from launching distributed denial of service attacks, to sending spam, stealing
confidential information, installing additional adware and rogueware, performing click fraud or
facilitating phishing
Cyberterror - The deliberate destruction, disruption or distortion of digital data or information
flows with widespread effect for political, religious or ideological reasons.
Cyber-utilization - The use of on-line networks or data by terrorist organizations for supportive
purposes.
Cybercrime - The deliberate misuse of digital data or information flows
Cracking - is a higher form of hacking in which the unauthorized access culminates with the
process of defeating the security system for the purpose of acquiring money or information
and/or availing of free services
Page 9 of 45
Computer virus - is a computer program that can copy itself and infect a computer without
permission or knowledge of the user. The original may modify the copies or the copies may
modify themselves
Hacking - is the act of illegally accessing the computer system/network of an individual, group
or business enterprise without the consent or approval of the owner of the system
Phishing/Pharming – emails and websites that mimic legitimate businesses with the intent of
getting you to disclose usernames, passwords, credit card numbers, and accounts.
Spyware – is a computer program that collects personal information about a user without their
consent, such as a key stroke logger” (Lozano 2011).
II. Review of Literature
The prevalence of cybercrimes worldwide has been considered as a threat to democracy.
“The growing danger from crimes committed against computers, or against information on
computers, is beginning to claim attention in national capitals” (McConnel 2000:1). The
information technology revolution has influenced the society in handling everyday activities. “It
has in one way or the other pervaded almost every aspect of human activities” (Convention on
Cybercrime, ETS 185, Explanatory).
Cybercrimes are harmful acts committed from or against a computer or network.
According to German criminologists, cybercrimes are computer crimes that infringe property
interests when electronic information is deliberately modified (computer manipulation), destroy
(computer sabotage) or used to misappropriate computer time. Other popular definitions are
those committed in the sphere of computer information and those perpetrated by using the
computer (Polivanyuk 2009).
Page 10 of 45
Furthermore, cybercrimes differ from most terrestrial crimes in four ways. First,
committing these crimes can easily be learned; second, there are few resources relative to the
potential damage caused; third, cybercrimes can be committed in a jurisdiction without being
physically present; and fourth, cybercrimes are often not clearly illegal (McConnel 2000).
The emergence of these crimes can be attributed to Information and Communication
Technology (ICT) which is a “set of activities that facilitate by electronic means the processing,
transmission, and display of information” which has become the center of the new society”
(Asian Development Bank 2003). “ICT” is also defined as “tools that facilitate the production,
transmission, and processing of information. The advent of ICT has promised a potential
advancement in economic, politics and social activities with the “improvement in the generation,
sharing and use of information and knowledge to induce collaboration across different
boundaries within and among nation-states” (Ocampo 2008:100). The undeniable success of ICT
created a great impact which “some countries and organizations described ICT‟s effectiveness in
superlative terms like time-space compression and “the death of distance,” “spaces of flows”
instead of “spaces of places,” simultaneous globalization and localization processes
(“glocalization”), and creation of “the information society” and “information polity” as well as
“information highways” (Ocampo 2008:100).
Along these lines, ICT has brought unprecedented increase in the usage of internet and
other wireless technologies so as the burgeoning of countless internet activities. With its
evolution, it perked-up both economic and social opportunities like increase in people‟s income,
business investments and connectivity. “Globalization has also given much emphasis to the role
of ICT where there is profound transformation in the world economy. Over the last decade,
globalization and ICT have gone hand in hand in the rapid spread of the use of ICT as both an
outcome and determinant of globalization as a key enabler”
(http://www.cict.gov.ph/images/files/Philippine_ICT_Roadmap.pdf Philippine CICT Road Map
Page 11 of 45
2006).
The “information revolution” has opened a wide spectrum for individuals to cross borders
in a seamless way. Almost all aspects of the world‟s infrastructure sectors like banking,
communications, energy, health, emergency services, agriculture, water supply, government
services, manufacturing, strategic commercial centers, and even religious and cultural
institutions are operated and maintained with the use of computer systems.
With an increasingly mobile population, information technologies are also useful in
maintaining family ties and have stemmed migration because businesses have outsourced various
processes to developing countries (Haslam et al. 2009). Doing business for entrepreneurs is even
made accessible from online procurement to payment and to the delivery of goods and services.
With ICT, the markets and its clienteles can efficiently transact businesses without spending on
transaction costs.
The way of life of every individual has been made easier by the birth of new and modern
technology and its “primary function is actually social in nature, allowing people to keep in
touch, rather than in the economic sphere for which they may have originally been intended”
(Alampay 2006). ICT‟s magnetism received diversity of views on how it will affect the society
and development. There are, of course, superfluity of observations on the benefits and drawbacks
made by economists and scholars. Taking from the viewpoint of the optimists, they see the use of
information technology as a necessity that helps encourage the sustainable development of
individuals, communities, and nations.
The use of ICT was considered crucial to development as it can be used in public
administration, business, education, health, and environmental protection as cited during the
Page 12 of 45
World Summit on the Information Society (WSI) in 2003. The growing share of ICT in world
economic output has been cited as evidence of its importance. It also provides developing
countries an opportunity to „leapfrog‟ stages of development and achieve the level of
development like of the West (Haslam, Schafer and Beaudet 2009).
On the other hand, the pessimistic view contends that ICT will only aggravate the
existing inequalities and social divides. “Evidence for this perspective is taken from cases
demonstrating that areas have been long benefited from excellent physical access and have been
dominant politically and economically are the ones benefitting from greater access to
information technologies. Based on history, telecommunications roll-out has generally increased
inequality, benefited mostly the wealthy, and had little impact on the quality of life for the poor”
(Haslam et al. 2009).
According to a pragmatic view, ICT has a role in a country‟s development if applied
appropriately. Contradicting the point of view of the pessimists, access to telephone can have a
dramatic effect on the quality of life of the rural poor. An anecdotal evidence show that the
“Grameen Village phone ladies in Bangladesh have been celebrated as a good model for areas
where there is widespread access to telephones. At one point, village phone ladies were earning
three times the national average income” (Haslam, et al. 2009). This only shows that ICT are
useful for development.
In developed countries, information technology and the internet have helped globalize
production and capital markets. It also speeds up innovation by reducing the time for designing
new products, through powerful computers that make it easier and cheaper to process large
amounts of data (Asian Development Bank 2003).
Page 13 of 45
ICT and globalization have spurred economic development as economic interdependence
of nations and regions around the world deepens. This global information society has too much
potential that even developing countries are seeing the possibility of bringing ICT infrastructure
in their countries to cope with globalization and experience the surge of economic boom. Access
to modern information technology which is grounded on the principles of affordability,
accessibility and quality of basic telecommunication services and the universal service and
universal access has also posed drawbacks detrimental to end users with particularity on the
online computer related crimes or cybercrimes.
The use of internet around the world grew rapidly either for social use or otherwise. The
growth of internet has introduced positive and negative developments. One of the negative
developments is the proliferation of fraudulent internet activities which is not only limited to
hacking and introduction of viruses but it also include “telecommunications and computer
crimes; fraudulent identification including identity theft; fraudulent government securities;
electronic fund transfer fraud; auction fraud; Intellectual Property Rights (IPR) abuses; economic
espionage (theft of trade secrets); online extortion; international money laundering; and work-at-
home and online business opportunities schemes” (FBI 2006). And these are commonly known
as internet crimes or cybercrimes.
Studies revealed that the existence of the new technologies has challenged the traditional
legal concepts of every nation as “information and communication flow effortless around the
world with no more boundaries between territories. Criminals are increasingly located in places
other than where their acts produce their effects” (Convention on Cybercrime, ETS 185,
Explanatory).
Proving that crime follows opportunity, virtually every advancement has been
accompanied by a corresponding niche to be exploited for criminal purposes, referred to as
Page 14 of 45
„cybercrimes‟. Ensuring security against the widespread cybercriminalities is a global challenge
that can be learned from the experience of other jurisdictions (Clough 2010).
III. Review of Foreign Policies
One of the claimed benefits of the Internet is that it connects people with common
interests (Nasso 2000) regardless of territorial boundaries. The cyberspace where all electronic
communications pass through is considered by many as the most dangerous place as unexpected
attacks and threats on privacy can occur anytime in just a click of the cursor. The phenomenon of
cybercrime activities can cause economic and political sabotage on the critical infrastructures of
both government and private sectors.
Figure 2. Cyberspace and the Internet Users
INTERNET USERS
PLDT DSL GLOBE DSL OTHER ISP
CYBERSPACEWorld Wide Web (WWW)
BAYANTEL / SKYINET
Source: NBI- Head Agent Palmer Mallari, 2010
Page 15 of 45
The call to fight against cybercrime activities is a global concern that countries around
the world should stand united as “…the ends of information are after all human ends. The logic
of information must ultimately be the logic of humanity. For all information‟s independence and
extent, it is people, in their communities, organizations, and institutions, who ultimately decide
what it all means, and why it matters” (Brown and Duguid 2000:18, cited in Alampay 2009: 23).
The Council of Europe Convention on Cybercrime, which is the only binding
international instrument in addressing cybercrimes, has been open for signatures for both
member and non member States of the Council of Europe since 2001. Countries that have signed
and ratified the Convention include Denmark, France, Germany, Romania and Ukraine. Non
member States, like Canada, Japan and South Africa, have signed the Convention but have not
ratified yet. The United States of America is the only non member State that has ratified the
Convention in 2006. Table 2 shows the status of member and non member States on the
Convention on Cybercrime. Based on the latest data dated January 2011, the Philippines have not
signed the Convention but it was noted the country has delegates to the conferences and trainings
of the Council. Efforts in the international arena in addressing cybercrimes are overwhelming as
issues and concerns are evolving each day. And more than one hundred (100) countries are now
strengthening its legal framework in consonance with the provisions of the Convention.
One of the most pressing concerns in addressing cybercrime is the difficulty for the
police, judicial and administrative and other law enforcement authorities not only in identifying
cybercriminals but also in determining the locus commissi delicti (place of the commission of the
crime ) and tempus commissi delicti (time of the commission of the crime) since difficulties in
determining the extent and impact of the criminal acts committed through the use of new
technologies exist (Picotti et al. 2008:51).
Page 16 of 45
Table 2. Status on the Ratification of Participating Countries to the Convention on
Cybercrime (As of January 16, 2011)
Convention on Cybercrime
CETS No.: 185 Treaty open for signature by the member States and the non-member States which have participated
in its elaboration and for accession by other non-member States
Opening for signature Entry into force
Place: Budapest
Date : 23/11/2001
Conditions: 5 Ratifications including at least 3
member States of the Council of Europe
Date : 1/7/2004
Status as of: 16/1/2011
Member States of the Council of Europe
States Signature Ratification Entry into
force Notes R. D. A. T. C. O.
Albania 23/11/2001
20/6/2002 1/7/2004 X
Andorra
Armenia 23/11/2001
12/10/2006
1/2/2007 X
Austria 23/11/2001
Azerbaijan 30/6/2008 15/3/2010 1/7/2010 X
X X
X
Belgium 23/11/2001
Bosnia and Herzegovina 9/2/2005 19/5/2006 1/9/2006 X
Bulgaria 23/11/2001
7/4/2005 1/8/2005
X
X X
Croatia 23/11/2001
17/10/2002
1/7/2004 X
Cyprus 23/11/2001
19/1/2005 1/5/2005 X
Czech Republic 9/2/2005
Denmark 22/4/2003 21/6/2005 1/10/2005 X
X
X
Estonia 23/11/2001
12/5/2003 1/7/2004 X
Finland 23/11/2001
24/5/2007 1/9/2007
X
X X
France 23/11/2001
10/1/2006 1/5/2006
X
X X
Page 17 of 45
Georgia 1/4/2008
Germany 23/11/2001
9/3/2009 1/7/2009
X
X X
Greece 23/11/2001
Hungary 23/11/2001
4/12/2003 1/7/2004
X
X X
Iceland 30/11/2001
29/1/2007 1/5/2007
X
X
Ireland 28/2/2002
Italy 23/11/2001
5/6/2008 1/10/2008 X
Latvia 5/5/2004 14/2/2007 1/6/2007 X
X
Liechtenstein 17/11/2008
Lithuania 23/6/2003 18/3/2004 1/7/2004 X
X X
Luxembourg 28/1/2003
Malta 17/1/2002
Moldova 23/11/2001
12/5/2009 1/9/2009 X X
X
Monaco
Montenegro 7/4/2005 3/3/2010 1/7/2010 55 X
X
Netherlands 23/11/2001
16/11/2006
1/3/2007 X
X
Norway 23/11/2001
30/6/2006 1/10/2006
X
X X
Poland 23/11/2001
Portugal 23/11/2001
24/3/2010 1/7/2010 X X
Romania 23/11/2001
12/5/2004 1/9/2004 X
Russia
San Marino
Serbia 7/4/2005 14/4/2009 1/8/2009 55 X
Slovakia 4/2/2005 8/1/2008 1/5/2008 X
X X
Page 18 of 45
Slovenia 24/7/2002 8/9/2004 1/1/2005 X
Spain
23/11/2001
3/6/2010 1/10/2010 X X
Sweden 23/11/2001
Switzerland 23/11/2001
The former Yugoslav
Republic of Macedonia
23/11/2001
15/9/2004 1/1/2005 X
Turkey 10/11/2010
Ukraine 23/11/2001
10/3/2006 1/7/2006
X
X
United Kingdom 23/11/2001
Non-member States of the Council of Europe
States Signature Ratification Entry into force Notes R. D. A. T. C. O.
Argentina
Australia
Canada 23/11/2001
Chile
Costa Rica
Dominican Republic
Japan 23/11/2001
Mexico
Philippines
South Africa 23/11/2001
United States of
America
23/11/2001
29/9/2006 1/1/2007
X
X X
Total number of signatures not followed by ratifications: 17
Total number of ratifications/accessions: 30
Notes: (55) Date of signature by the state union of Serbia and Montenegro. a: Accession - s: Signature
without reservation as to ratification - su: Succession - r: Signature "ad referendum". R.: Reservations -
D.: Declarations - A.: Authorities - T.: Territorial Application - C.: Communication - O.: Objection.
Source : Treaty Office on http://conventions.coe.int/
The Council of Europe Convention on Cybercrime has introduced procedural and
Page 19 of 45
substantive measures that will serve as guidelines for all States in adopting its domestic law on
cybercrime as the communication highway has “opened new doors for cybercriminals, changing
not only the traditional commission of the crimes but also some substantial aspects of the
criminal law and criminal procedure” (Picotti et al. 2008:51).
As mentioned earlier, countries of France, Germany and Romania have ratified have
already ratified the CoC in 2006, 2009 and 2004, respectively. These countries have good
practices to share as described in the succeeding paragraphs.
In France, the Convention on Cybercrime (CoC) was signed in November 2001 and
ratified in January 2006. Prior to its ratification, the country had already experienced some
cybercrime offenses. In 1988, the French Parliament adopted its first law concerning computer
fraud. Other pertinent laws were also successively passed. Majority of computer crime and
cybercrime offenses are embodied in the Penal Code of France but it does not necessarily cover
all provisions of the Convention even though France has ratified the same. It does not have any
specific provision regarding computer-related forgery and computer related fraud but these two
offenses seem to fall within the ambit of its traditional provision on fraud (Picotti et al. 2008:6).
French cybercrime legislation is at the forefront in fighting new cyberthreats,
criminalizing illegal acts such as hacking, cracking and input of malicious codes causing a
modification of data. The acts of installing illegal programs as spyware or sniffer and phishing
are punishable offenses with corresponding stiffer penalties. Today, France is faced by problems
on spam or unsolicited commercial e-mail. To reduce such menace to the privacy and correct
functioning of the computer systems and networks, a law was enacted criminalizing the act of
sending unsolicited messages with a fine of 750 euros for each mail sent (Picotti et al 2008:6).
The German government on September 2009 has ratified the Convention on Cybercrime
Page 20 of 45
(CoC). Its criminal code and other laws on preventing cybercrime largely comply with the
requirement of the CoC even before its ratification. Most of cybercrime offenses concerning
illegal interception, data interference, computer fraud and copyright infringements are in
consonance with the provisions of the Convention. A limited review on illegal access and misuse
of devices and identity seem to be not covered by German legislation (Picotti et al. 2008:6).
The Romaninan Government, has already implemented all the provisions of the CoC by
creating specific cybercrime offenses without referring to the provisions of its traditional laws.
The implementation was done prior to the ratification of the CoC in May 2004. What the
Romanian legislature did was to formulate its cybercrime law based on the provisions of the CoC
as its guide model. Today, Romania has the modern cybercrime law coherent with the provisions
of CoC which certainly a good practice that can be thought of by other countries that have no
cybercrime legislation yet (Picotti et al. 2008:8).
The U.S. Government has a well established legal framework in combating cybercrimes.
All segments of the society are being assisted, educated and informed about the drawbacks of the
digital age. It has also signed and ratified the CoC, the first non member State to do so. An
Internet Crime Complaint Center (IC3) was also established in May 2000 as the Internet Fraud
Complaint Center in partnership with the National White Collar Crime Center (NW3C) and the
Federal Bureau of Investigation (FBI). Among the common complaints referred to IC3 can be
categorized in the figure shown below and also the number of perpetrators per 100,000 in the
different areas of the country (IC3 Annual Report 2009).
Figure 7. 2009 Top 10 Most Referred IC3 Complaint Categories, 2010 (Percent of Total Complaints Referred)
Page 21 of 45
Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)
National White Collar Crime Center (NW3C),Bureau of Justice Assistance, U.S. Department of Justice
Table 10. Perpetrators per 100,000 People, 2010
Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)
National White Collar Crime Center (NW3C),Bureau of Justice Assistance, U.S. Department of Justice
Below are illustrations showing top 10 countries where cybercrimes are prevalent based
Page 22 of 45
on the information given by perpetrators to their victims.
Figure 8. Top 10 Countries by Count: Perpetrators (Number by Rank), 2010
Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)
National White Collar Crime Center (NW3C), Bureau of Justice Assistance, U.S. Department of Justice
Figure 9. Top 10 Countries by Count: Individual Complainants (Number by Rank), 2010
Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)
National White Collar Crime Center (NW3C), Bureau of Justice Assistance, U.S. Department of Justice
IV. Philippine Situation - The Case of “I LOVE YOU” Virus
Page 23 of 45
In the Philippines, the pervasiveness of cybercrimes using the definition of an
international body is apparently ubiquitous. In 2000, the infamous “I LOVE YOU” virus was
created and unleashed by Onel De Guzman, a Filipino student. It caused damage and infected
computers and networks of companies, private and government institutions in Asia (particularly
in Hong Kong), Europe and United States which was estimated to have reached to US$ 10
billion. Emanating from the Philippines, the virus was received in e-mail inboxes in Hong Kong
which erases and blurs the graphics and data in the computer and gets the contact address in the
computer directory and sends the same email to all contacts listed therein. Once received and
opened in another computer, it replicates the same harm (Sosa 2009:80). A thorough
international manhunt was conducted resulting to De Guzman‟s arrest. However, the cases filed
against him were dismissed based on the principle of nullum crimen, nulla poena sine lege (for
there is no crime committed when there is no law punishing the same).
Following that incident, the Philippine government enacted Republic Act (RA) Number
8792, or the “Electronic Commerce Act of 2000” which provides for the legal recognition and
admissibility of electronic data messages, documents and signatures. Under this law, the first
Filipino to be convicted of cybercrime particularly on hacking was JJ Maria Giner. He pleaded
guilty to hacking the governmental portal “gov.ph” in violation of Section 33a of the E-
Commerce Law.
The said particular section is only limited to “hacking or cracking which refers to
unauthorized access into or interference in a computer system/server or information and
communication system. It can also be an access to corrupt, alter, steal or destroy using a
computer or other similar information and communication devices, without the knowledge and
Page 24 of 45
consent of the owner of the computer or information & communications systems, including the
introduction of computer viruses resulting in the corruption, destruction, alteration, theft or loss
of electronic data messages or document” (RA 8792).
Based on the statistics of the Anti-Fraud and Computer Crimes Division (ATCD) of the
Criminal Investigation and Detection Group (CIDG) of the Philippine National Police (PNP), the
Philippines is experiencing numerous and evolving computer crime cases since 2003 to 2010
(See Figure 3) and it is even becoming worst in the next year up to present. From the inception of
the (ATCD) under the (CIDG), it has received more than 3,000 referred cases of computer
crimes emanating from government agencies and private individuals nationwide (See Table 3).
Figure 3. Computer Related Crime Cases Investigated (1,759)
2003 – October 2010
O
oc
Source: ATCD-CIDG-PNP, 2011
Page 25 of 45
Table 3. Cases Investigated by Year (2003-2010)
Source: ATCD-CIDG-PNP
COMPUTER
CRIMES
2003
2004
2005
2006
2007
2008
2009
2010
TOTAL
Child Pornography/Internet
Pornography
3
1
9
5
24
5
4
51
Internet Fraud
5 2 2 1 20 6 25 41
Phishing
3 1 1 5 6 16
Hacking/Intrusion
1 4 6 4 1 9 3 27
On-Line Game Hacking
51 26 4 4 81
Web Defacement
35 23 78 466 54 101 223 162 1,032
Malicious Email
3 7 7 3 19 7 4 50
VOIP(Voice Over Internet
protocol)
7 1 8
Identity Theft
1 1 4 4
Intellectual Property
(Computer Related Piracy)
1 8 6 15
Credit Card Fraud
1 3 3 3 10 5 1 5 31
Other Crime (Computer
Aided Crime)
88 129 12 8 237
TOTAL
38
50
155
523
171
300
268
173
1,726
Page 26 of 45
As to forensic examinations conducted it has reached to around one hundred ninety-five
(195) cases.
Figure 4. Computer Forensic Examinations Conducted
CY: 2003 –2009
Source: ATCD-CIDG-PNP, 2010
Figure 5. Digital Forensic Examination Conducted CY: 2010
No. of Forensic Cases = 54; No. of Digital Evidence Examined = 239
Source: ATCD-CIDG-PNP, 2010
0
10
20
30
40
50
60
70
80
90
100
2003 2004 2005 2006 2007 2008 2009
49
35
21
65
9937
2009
2008
2007
2006
2005
2004
2003
Page 27 of 45
Based on the records of the Department of Justice (DOJ) Task Force on E-Government,
Cybersecurity and Cybercrimes, there were more than thirty (30) cybercrime cases were filed
before the Philippine Courts. These are mostly website defacements, on-line pornography,
cyberstalking, internet libel, computer forgery, text scams and privacy issues (Sosa 2009).
While the National Bureau of Investigation (NBI), another law enforcement agency
which addresses cybersecurity and cybercrimes in the Philippines is receiving an average of
three (3) to five (5) complaints a day in Metro Manila involving different forms of cyber crimes
(Congzon 2010).
Figure 6. Government Website Defacements (2003-2010)
Source: ATCD-CIDG-PNP
The common cybercrimes handled by the NBI include the following as shown in Table 4,
while the ATCD-CIDG-PNP had also cataloged cybercrime cases received as shown in Table 5.
Page 28 of 45
Table 4- Classified as Cyber Crime Cases by NBI
Website Defacement
Hacking/Cracking
Malicious email sending
Internet pornography
Launching of harmful computer viruses
Distributed denial of service attacks (DOS)
Acquiring credit card information from e-commerce website
Internet shopping using fraudulently acquired credit cards
On-line auction fraud
Wire transfer of funds from a fraudulently acquired credit card
Source: NBI-Manila, 2010
Table 5 – Classified as Cyber Crime Cases by ATCD-CIDG-PNP
Government Website Defacement
Hacking
Malicious E-mail
Extortion through Telephone
Cellular Phone, E-mail and Facebook Threat
Internet Pornography
Internet Fraud
Libel through Internet
On-line Game Hacking
Credit Card Fraud
Phishing
VOIP (Voice Over Internet Protocol)
Intellectual Property (Software Piracy)
Unauthorized posting of Cellular Phone Number in the Internet
Internet Scam
Fake Facebook Account
Letter from Interpol Berne on Child Pornography
Hacked Yahoo E-mail
Letter from Interpol Ottawa on On-line Child Pornography
On-line Sexual Exploitation
Fake and Defamatory Facebook Account
Source: ATCD-CIDG-PNP, 2009
Page 29 of 45
Furthermore, the above-stated cybercrime cases cannot be successfully prosecuted
under the existing laws of the country like the Revised Penal Code (Act 3815), Access
Device Regulation Act of 1998 (RA 8484), E-Commerce Act of 2000 (RA 8792), Anti-Photo
and Video Voyeurism Act of 2009 (RA 9995), Intellectual Property Code of the Philippine
(RA 8293), Consumers Act of the Philippines (RA 7394), Special Protection of Children
Against Abuse, Exploitation and Discrimination Act (RA 7610), Anti-Trafficking in
Persons of 2003 (RA 9208), Anti-Wire Tapping Law (RA 4200). The provisions of these
laws require corporeal evidence for traditional and terrestrial crimes while in cybercrime
cases it require intangible evidence. A comparative table (Table 6) of Philippine Laws
showing the punishable offenses and its corresponding penalties (see Annex “D”).
The country‟s legal framework is challenged by the emergence of new languages in
technological advancements. And the need to collaborate with international treaties is crucial as
cybercrime is considered a transnational crime that can undermine democracy if not given
attention at an early stage.
A. Cybercrime Case Handled by NBI – Credit Card Fraud
One of the many cases handled by the National Bureau of Investigation is the case of a
Makati-based company PENGENGREGALO.COM.PH engaged in the business of delivering
merchandise via internet to its customers. To avail of the services, customers are required to
encode credit card details, delivery and email addresses.
In March 2004, an internet client using an email address [email protected] ordered
electronic supplies valued at eighty thousand pesos (Php80,000.00) through a credit card. When
the transaction was completed, the buyer requested that the delivery be made at McDonald‟s
Restaurant in Boni Avenue, Mandaluyong City. Days after the delivery, the company received a
Page 30 of 45
notice from the credit card company saying that the card owner submitted a dispute resolution
denying that he made an order of such merchandise. A subsequent investigation by the company
revealed that they have been victimized by a buyer using fraudulently acquired credit card
information.
The National Bureau of Investigation (NBI) conducted an investigation through the
following procedure:
i. “Extraction of the “Internet Protocol (IP) Address” – upon verification
with the “Internet Service Provider (ISP)” , it was found out that the “static IP
Address” belongs to a subscriber who maintains an internet café in
Mandaluyong City. An ocular inspection was then conducted in the internet
café and resulted to the dearth of records about internet logs of its users.
However, the employee of the café was able to describe how the workstation
user looks like. A cartographic sketch was made based on the descriptions
given by the witness and presented to the delivery man and confirms the same.
ii. Verification with YAHOO! USA – a request was made through the United
States Department of Homeland Security for the release of all possible IP
Address pertinent to those used by email address [email protected].
Various addresses were provided by YAHOO! USA. The three (3) IP
Addresses correspond to the IP Address of the said cyber café. The YAHOO
logs also pinpoint to the first IP Address used in creating the YAHOO
account.
iii. Domain Check/Trace Routing of IP Addresses – this led to the
identification of the local IP Address. Upon review of the logs of the ISP, it
pointed out to the telephone number used to access the internet by dial-up
phone company and provides the subscriber‟s telephone number and address
pointing the residential apartment in Baranca Drive, Mandaluyong City.
iv. Search Warrant Application was made and followed by filing a suit.
Page 31 of 45
Service of search warrant resulted to the confiscation of the computer used to
open YAHOO account and the offender was arrested
v. Forensic Examination – the confiscated hard disc revealed that there was
an email made by the offender address to his friend dated March 5, 2004
offering the sale of electronic supplies.
vi. Separate Search Warrant was applied for the recovery of electronic
supplies from the offender for violating the provisions of the Anti-Fencing
Law” (Mallari 2009).
Based on the actual case discussed above, it is apparent that the NBI underwent a tedious
procedure in identifying the offender. It needs to tie-up with the law enforcement authorities in
the USA before it can proceed with its investigation. Another observation is the application of a
traditional law which does not necessarily correspond with the offense made.
The Anti-Fencing4 law of the Philippines was crafted in 1979 and the penalties imposed
therein though tough yet the rationale of the law was to deter robbery and thievery and impose
heavy penalties on persons who profit from the effects of the said crimes. Different search
warrants and different suits were issued and filed against the offender as there is no
comprehensive set of rules that govern cybercrimes. This is one of the problems that confront the
Philippine law enforcement authorities.
B. Evidence of Problems
The following are the issues identified based on interviews of key persons and secondary
pieces of evidence:
Page 32 of 45
i. There is an endemic proliferation of cybercrime incidents all over the country as
shown in the investigation conducted by the government‟s law enforcement
agencies like the National Bureau Investigation (NBI) and Philippine National
Police (PNP);
ii. Lack of tools and methodology in prosecuting cybercrime complaints;
iii. Lack of government support in enhancing capability building seminars and
trainings for the law enforcement authorities, the prosecution and the judiciary;
iv. Lack of awareness and educational program for the citizenry and stakeholders;
v. Lack of cooperation from telecommunication companies, internet service
providers and commercial hotspots offering Wifi internet connection;
vi. Lack of coordination from the five (5) pillars of the judicial system;
vii. Cybercrime victims are silent on the incident with certainty that their complaints
cannot be acted upon;
viii. Cybercrime perpetrators are increasing for there is no law punishing their acts;
and
ix. Lack of legal framework which defines the nature, scope, punishable offenses and
penalties5 of cybercrime cases;
C. Efforts to Solve the Problem
The Philippine Government in its effort to prevent future cyberthreats and as a lesson
Page 33 of 45
learned from the first computer offense which hacked the computer systems and launched
viruses, enacted Republic Act (RA) Number 8792 or the “Electronic Commerce Act of 2000”.
But experts on cybercrime cases in the Philippines who underwent training abroad argued
that RA 8792 is limited only to hacking and launching of viruses. The law has limitations as to
its provisions on penalties and sanctions on the deterrence of cybercrime cases.
“From the perspective of law enforcement authorities, among the limitations include the
following:
a. The Internet Service Providers (ISP) under the law are not
obliged to maintain important logs and cooperate with law enforcement
in the investigation of computer crimes;
b. The Telecommunications companies are not obliged to
cooperate with law enforcement in the investigation of computer
crimes;6
c. Internet Cafes/Cyber Cafes where most of the computer crimes
perpetrators perform the violations are not obliged to maintain records
of clients and customers;
d. Other offenses committed with the use of computers and/or the
internet are not penalized under said law like internet Gambling,
internet pornography, cyber terrorism (Mallari 2010)
The Philippine laws (see Table 6, Annex “D”) that have been considered pertinent to
cybercrimes were considered insufficient as the provisions are not applicable to cybercrime cases
which require a different specie of evidence. And these traditional laws are no longer attuned to
the demands of time specifically with ICT. Apparently, the country lacks a comprehensive set of
regulations on cybercrimes as there are no hard and fast rules defining its nature and scope.
Page 34 of 45
Aside from these pertinent legislations, Executive Order No. 62, “Creating the Philippine Center
on Transnational Crime (PCTC) to Formulate and Implement a Concerted Program of Action of
All Law Enforcement, Intelligence and Control of Transnational Crime” was issued on January
15, 1992 by then President Joseph E. Estrada (see Annex “E”). The PCTC is under the Office of
the President but under the general supervision and control of the National Police Commission
(Napolcom)7. The main objective of PCTC is to serve as a nerve center, a think tank, and a
central database for the monitoring, detecting, and investigating of transnational crimes. Among
the pressing concerns of the PCTC is the state of vulnerability in the field of telecommunications
and electronic commerce.
In this era of globalization, the country, have been witness to hostile computer related
attacks in the past few years, some rather incongruous, others just as devastating as the Melissa
and the Love Bug viruses. But nothing can prepare the country to face future attacks against the
information infrastructure systems if at this point in time measures are not exerted in order to
address these threats (PCTC 2000).
Other agencies like the Philippine National Police (PNP), the National Bureau of
Investigation (NBI), the Commission on Information and Technology Communication (CICT)
and the Department of Justice (DOJ) are in the forefront in combating cybercrimes in the
Philippines. However, the efforts exerted by these agencies to curb cyberthreats are not adequate.
Thus, there is a need to have a legal framework that prosecutes computer crimes and punishes
offenders.
In 2007, the DOJ created a Task Force on E-Government, Cybersecurity and Cybercrime
to pursue the e-government agenda, institutionalize a cyber security regime and implement laws.
The said task force worked closely with the Council of Europe, a private organization, and local
Page 35 of 45
experts of IT practitioners and other stakeholders. To intensify the efforts of the PNP in
preventing cybercrimes, another task force was established in August 2004 under the ATCD-
CIDG known as the Government Computer Security and Incident Response Team (GCSIRT). It
serves as the center for reporting incidents on computer attacks on government information and
communication systems and provides coordinated support system in response to such incidents.
There was an evidence of transnational attacks on computers and the information
infrastructure in the periods of CY 2003 to CY 2007 (GCSIRT). There were 667 government
websites defaced, or an aggregate of 133 government websites were attacked by defacers/hackers
each year, an average of 11 incidents per month. Furthermore, it was found out that 134 coded
defacers (both local and international) have attacked these government websites in that five-year
period. Of the attacked/hacked government websites, 507 of the 667 government websites were
using Linux operating system (OS), free and openly available software. This operating system
(OS) is highly vulnerable to attacks by defacers/hackers (Sosa 2009).
The Philippine National Police ATCD-CIDG has also intensified capacity building
seminars and trainings of the Philippine law enforcement authorities both at the national and
international levels. Partnership and cooperation initiatives with other government agencies like
National Bureau of Investigation, P.A.C.E.R, Intelligence Service of the Armed Forces of the
Philippines (AFP), Philippine Center on Transtional Crimes (PCTC)-Interpol Secretariat Manila,
National Security Council (NSA), National Intelligence Coordinating Agency (NICA), Anti-
Money Laundering Council, and Commission on Information and Communication Technology
(CICT) are also continuing.
Page 36 of 45
Table 7. Computer Crime Incident Response Course
March 2005-October 2009
Source: ATCD-CIDG-PNP, 2010
Table 8. Trainings and Seminars Conducted
Source: ATCD-CIDG-PNP, 2010
DATE & PLACE CONDUCTED NO. OF
STUDENTS
(PNP-CIDG)
NO. OF
STUDENT
(OTHER PNP
UNIT)
TOTAL
March 14-18, 2005 HCIDG 42 - 42
September 5 – 9,2005 HCIDG 30 - 30
October 17 – 21, 2005 Cebu 25 20 45
October 24 – 28, 2005 Davao 15 45 60
Aug 21 – 25, 2006 Cagayan De
Oro
14 36 50
August 28 – Sept 1, 2006 Cebu 12 40 52
Sept 4 – 8, 2006 Pampanga 16 50 66
July 2 – 6, 2007 Davao 13 31 44
August 13 – 17, 2007 HCIDG 37 - 37
Oct 12 –16, 2009 Zamboanga(2) - 52 52
TOTAL 204 274 478
Credit Card Fraud Executive Seminar (Sponsored by Credit Card
Association of the Philippines)
Intermediate Computer Crime Investigators Course
“Cyber-Security: Understanding and Preventing Computer Crimes”
Introduction to Local Area Network (LAN), Wide Area Network (WAN)
& Wireless Networks
Identity Theft
Hardware requirements, Configuring a modem, Configuring Internet
Connection and Email Services
Anti-Money Laundering Act of 2001, E-Commerce Act of 2000 and Access
Devices Regulation Act of 1998
Internet Protocols and their functions, how to access the Net, how the
Internet works and E-mail
Page 37 of 45
The PNP-CIDG-ATCD initiated a partnership program between international and
regional law enforcement. One is with the INTERPOL 24/7 Contact person on High Tech
Crimes, Cybercrime Technology Information Network System (CTINS) which is open for ten
(10) countries to share information among cybercrime law enforcement units in Asia. Among
these countries include China, Hongkong, India, Indonesia, Korea, Malaysia, Philippines,
Singapore, Thailand and Japan.
Figure 6. Ten (10) Countries in Asia Sharing Cybercrime Information
Source: PNP-CIDG-ATCD, 2010
Private sector and government partnership in the local arena are also part of the
undertaking like the Microsoft-Security Program (GSP) and the Philippines Emergency
Response Team (PHCERT) which is the first computer emergency team in the Philippines. It is a
non profit organization which aims to provide reliable and trusted point of contact for computers,
Internet and other information technology related emergencies (NCC 2011).
CTINS - Cybercrime Technology Information Network System
CTINS JAPAN
CTINS Philippines
CTINS Malaysia
CTINS Indonesia
CTINS China
CTINS India
CTINS
Korea
CTINS Singapore
CTINS Thailand
CTINS Hong Kong
CTINS United Kingdom
Page 38 of 45
IV. Recommendations
Having discussed the issues and problems on cybercrimes that confront the country, it is
just apropropriate to recommend doable measures that will address the present issues that the
country is experiencing in order to protect the interest of various stakeholders like the end-users
and the civil society. The society needs to be protected by the government to enjoy the freedom
of using the World Wide Web as it facilitates easy access and free flow of information being the
main objective. The principles of accessibility, affordability and universal access without
crossing the boundary of privacy should be espoused.
Putting an end to cybercrime is not an easy task especially the country has not provided
punitive consequences on online crimes. More and more individuals are encouraged to commit
such and at the same time, victims of these illegal activities will choose to remain silent because
of the uncertainties that their complaints could not be acted upon for lack of legal remedy.
The issue in addressing cybercrimes in the Philippines is a serious problem that needs
attention not only by the police force but by legislators themselves. Anecdotal and empirical
evidence as stated in the previous discussions claim that enacting a piece of legislation is crucial
to avoid future downfall of the information infrastructure of government and private sectors
which if not given attention will eventually result to economic, political and social quandary.
The problems on cybercrime prevention posed by various stakeholders demand for a
policy action which is the enactment of a Cybercrime Prevention Act. Policymaking involves a
complex round or cycles and can also be “understood in a variety of meanings and perspectives.
First, public policy is political and as such it is open to differing interests and stakes; second,
stakeholders with varied motives try to influence the outcome of the policy; third, a view on
Page 39 of 45
management of policymaking is that stakeholders/social actors (including their resources) – both
government and nongovernment – contribute to the shaping of policy; and fourth, public policy
formulation requires not only political keenness but also managerial smartness (Co 1998:296).
The paper suggests that in policy formulation, “various actors and stakeholders are vital
in infusing rational decisions to solve the issue at hand. Other nations also become an important
part of the environment when foreign and domestic policies are involved. Social change and
conflict stimulate demands for government action (Anderson 2000:49). And the country‟s IT
infrastructure play a significant role in the economic, political and social developments, thus
formulating a national policy on how to prevent cybercrimes is an important concern that needs
governmental attention.
Indeed, the enactment of a comprehensive law that will deter cybercrimes in the
Philippines in conformity with the international standards is imperative. Cybercrime is not only a
domestic but a global concern. Cybercrime knows no boundaries. Criminals operate in countries
where regulations and enforcement capacities are weak. Classified as transnational crime, the
country needs to accede with international laws and other treaties but foremost, it must have its
own domestic policy. Accordingly, a legislative measure to be known as “Cybercrime Act of
2011” must embody the following provisions:
a. Strengthen the present infrastructure, facilities and capability established by law
enforcement agencies like the ATCD-CIDG-PNP and NBI with the former as the lead
agency. Said agencies must coordinate with the DOJ. – This will address the issue on the
endemic proliferation of cybercrime incidents all over the country as shown in the
investigation conducted by the said government law enforcement agencies. However,
budgetary contrainsts pose a problem in strengthening the present infrastructure and
facilities. As previously discussed, the infrastructure and facilities used by law
Page 40 of 45
enforcement agencies were donations and grants from foreign countries and international
bodies. Considering the scarcity of government resources, such recommendation may not
be prioritized for now but can be considered as part of the long term goal of the
government. Savings from the national budget can be appropriated to realize the goal. As
to the capability of law enforcement agencies, organizational constraints may be a
hindrance especially in a bureaucratic type of an organization thus, limiting the
effectiveness and efficiency of programs.
b. Conduct capacity building seminars and trainings to the different pillars of the judicial
system which include the law enforcement agencies of the government like, the NBI and
PNP; the prosecutors (DOJ) who conduct preliminary investigations; the judiciary which
is composed of judges and justices who adjudicate cases filed and renders judgment; and
the community which is composed by different stakeholders. – By doing this activity,
lack of tools, methodology in prosecuting cybercrime complaints will be addressed as
well as the lack of training and capability enhancement programs. Capacity building
seminars and trainings are activities that can easily be achieved in terms of budget and
participation. Sponsors or organizers can come from government institutions or from
private sectors. Achievement of this goal can easily be attained. Education is a key to
progress and order.
c. Registration of all laptop computers and desktop units with the National
Telecommunications Commission (NTC) upon purchase by the buyer and upon trading
by the seller to monitor users of Wifi and broadband connectivity in educational
institutions and commercial hotspots where most cybercrime cases happen. – This will
address the problems of cybercrime activities using WIFI connection in cybercafes‟ and
in coffee shops where most of the incidents are taking place. The proliferation of
broadband connection using prepaid internet, calls for the registration of desktop
computers. By registering laptop and desktop computers, according to the NBI, will help
Page 41 of 45
law enforcement agencies easily track perpetrators. It is high time for the government to
register information gadgets including cellular phones as these are commonly used as
instruments to perpetrate crimes. By registering computer laptops and desktops, such
action can help government monitor and prevent cybercrimes as well as examine
economic activities for tax purposes. The NTC can issue a policy on this regard with no
much constraints as this is only an administrative function.;
d. Compel all Internet Service Providers (ISP), telecommunication companies and internet
cafés to maintain important logs and data of its users and submit all data required for the
investigation of cybercrimes committed. – As previously discussed from the point of
view of NBI, telecommunication companies and internet service providers are vital in the
prevention of cybercrime activities and in the prosecution of cybercrimes committed. The
government can use its police power to compel telecommunication companies and
internet service providers as they are the very core of internet activities. They can keep
track every transactions that are taking place in the cyberspace which cannot be seen by
anyone. They are also capable of storing data that can be used as pieces of evidence in the
future. Such recommendation is practical as there can no be legal nor budgetary
constraints on the part of the government. Business incentives can be extended to these
private companies as a reciprocal obligation.
e. Adopt the provisions on all forms of cybercrime in consonance with those enumerated in
the Budapest Convention on Cybercrime of 2001 – (a) Offences against confidentiality,
integrity and availability of computer data and systems which include illegal access, illegal
interception, data interference, system interference, misuse of devices; (b) Computer-
related offences which include computer-related forgery and computer-related fraud; (c)
Content-related offences such as child pornography; (d) Offences related to infringement
of copyright and related rights; (e) Establish treaties with other countries for mutual
cooperation; and (f) Assent to the Convention on Cyber Crime Council of Europe in
Page 42 of 45
which non member States like Canada, Japan, South Africa have signed the Convention
while the USA had already signed and ratified it. - By adopting the provisions of the
Budapest Convention on Cybercrime, the country‟s legal framework will harmonize with
international laws and the country can easily request useful data or information from other
signatory countries as the nature of cybercrime is considered global. The CoC is the only
international instrument that is in existence and binding. This recommendation will help
countries to pursue a common cybercrime policy and foster international cooperation.
f. Embodying a provision on the participation of the private sector in educating the public on
the drawbacks of using internet and install cooperation with the government and civil
society to strengthen its campaign to combat cybercrimes. – The role of the private sector
is indispensable in nation building. By involving them in the campaign against
cybercrime will help educate and inform the public of the possible ill effects of the
internet and the prevention of illegal activities through the world wide web. There are no
constraints on this recommendation as the Philippine Constitution recognizes the active
role of the private sector as partner in development. There are some activities that the
government cannot perform well in which the private sectors‟ assistance is desired.
Such recommendations will not only answer the questions on how to prevent
cybercrimes but also on who will fight cybercrimes. The involvement of various actors in
fighting cybercrimes is interdependent with each other. The PNP and NBI alone cannot deter
such crimes. Legislators, criminal justice professionals, IT community and the community in
general must be educated in understanding the technicalities of this novel issue. “The legal
process is just one way to fight cybercrime. The best methods are proactive rather than reactive –
that is, it is best to prevent the crime before it happens” (Shinder 2000:41).
Page 43 of 45
VI. Conclusions
Cybercrimes are evolving. Every day different strains of cybercrimes appear which is
beyond user‟s protection and while it is evolving, more and more individuals and corporations
are victimized by illegal internet activities. The problem of why is there a proliferation of
cybercrimes can be traced on the lack of domestic policies of a country in addressing such.
The efforts of the country‟s law enforcement agencies like, the NBI and PNP in
addressing cybercrimes are overwhelming amidst absence of budget and capacity building
assistance from the government. Ironically, assistance like provision for equipment , technical
knowledge, training and capacity building seminars are coming from foreign grants and
international agencies. This only show that they are more concerned on how to address the issues
on cybercrimes that the country is facing today because since the 2000 “I LOVE YOU” virus
incident took place, there was only one legislative measure enacted and is now considered
limited as to its provisions.
To warrant deterrence of cybercrime cases, it is just appropriate that investigation and
prosecution of offenses be supported by a modern piece of a comprehensive legislation against
cybercrimes. The role of technology in a modern society is vital. Developing countries like
Philippines cannot shy away from development toward an e society as people from all walks of
life have great dependency on the World Wide Web. But knowing the drawbacks of internet, it is
pivotal that all strata of the e society will be able to prevent the occurrence of cybercrimes by
being educated and informed. The community, business and government sectors need to work
hand in hand to better achieve the call to combat cybercrimes.
Under the theory of broken windows, “a broken window if left unrepaired in a building
Page 44 of 45
sends a signal that there is a lack of concern about the building and if left unattended it will lead
to more broken windows” (www.usmayors.org/USCM/us_mayor_newspaper/documents/11_04,
National Summit on “Building Clean, Livable Cities”, DeLong 1999). In relation to cybercrimes,
if the government will not take a concrete action on solving its prevalence, it will cause a chain
reaction among perpetrators that such wrong doings are acceptable behaviors which will
eventually create fear and deterioration in the community.
The importance to enact a legislative measure against cybercrimes is to prevent the
prevalence of cybercrimes and to build up the confidence of various national and international
stakeholders. As aptly said, the government is good in “steering rather than in rowing” (Osborne
and Gaebler). The need to enact policies that are attuned to the demands of time is vital as
technology plays a vital role in the economic, social and political spheres of the Philippine
Administrative System. And as the country embraces digitization to efficiently and effectively
deliver services to its citizenry, it is proper that the State, the market and the community must
collaborate to protect the information technology infrastructure of the country. “The management
of public affairs is not, and should not be treated as, the exclusive domain of the government.
The affairs of government are the affairs of all. The problems of society are the problems of all”
(Carino 2003:66). Thus, the role of the state, the market and the civil society is crucial in
promoting sustainable development. And in order to attain sustainability, we need to embrace the
concept of good governance wherein accountability, participation, predictability and
transparency is espoused.
But one may ask, is cybercrime really a serious problem in the Philippines? According to
a news article which quoted “Trend Micro senior threat researcher Nart Villeneuva, “the
lifeblood of cybercrime is theft, and the Philippines is an emerging market in online banking and
purchasing. With the boom of Business Process Outsourcing (BPO) and medical tourism,
cybercrime will follow” (spot.ph/the-feed/47838/cyber-threat-intensifying-in-ph-says-anti-vi...
Cybercrime Threat Intensifying in PH Says Anti-Virus Firm, Spot, The Feed 2011: 1).
Page 45 of 45
Thus, the call of various stakeholders that a Cybercrime Prevention Act be enacted
should be given due importance by the legislators. Based on the discussions above, the paper
incorporates a draft House Bill bill entitled “Cybercrime Prevention Act of 2011” (See Annex
“G” ) as a recommendation.
Endnotes 1 Council of Europe(CoE) is a private organization founded on May 5, 1949 by 10 countries. It seeks to
develop a common and democratic principles based on the European Convention on Human Rights and
other reference texts on the protection of individuals throughout Europe. Based in Strasbourg (France),
CoE has 47 member countries.
2 International Crime Complaint Center (IC3) was established in partnership with the National White
Collar Crime (NW3C) and the Federal Bureau of Investigation (FBI). It began its operation in May 2000
as the Internet Fraud Complain Center. It operates as a medium to receive, develop, and refer criminal
complaints about the pervasiveness of cybercrimes.
3 The Convention on Cybercrime (CoC) (ETS No. 85) took effect on July 1, 2004 which was open for
signature by member States of the Council of Europe and by non member States which participate in
Budapest Convention in November 23, 2001. The Convention is the first international treaty on crimes
committed via the Internet and other computer networks, dealing particularly with infringements of
copyright, computer related fraud, child pornography and violations of network security. It also contains a
series of powers and procedures such as the search of computer networks and interception. Four years in
the making, the Convention‟s main objective is to pursue a common criminal policy aimed at the
protection of society against cybercrime, especially by adopting appropriate legislation and fostering
international cooperation. Among the countries that contributed to its success include United States,
Canada, Japan and other countries which are not members of the Organization.
4 Presidential Decree No. 1612 or the Anti-Fencing Law defines fencing as the act of any person who,
with intent to gain for himself or for another, shall buy, receive, possess, keep, acquire, conceal, sell or
dispose of, or shall buy and sell, or in any other manner deal in any article, item, object or anything of
value which he knows, or should be known to him, to have been derived from the proceeds of the crime
of robbery or theft.
5 This is based on the interviews conducted with the law enforcement authorities of the National Bureau
of Investigation (NBI) and the Philippine National Police (PNP) who are in the forefront of addressing
cybercrimes in the country.
6 PCTC is currently holding its office at the Philippine National Police (PNP) Compound in Camp Crame,
Quezon City