computer ethics - computer and internet crime 2016

7/26/2019 Computer Ethics - Computer and Internet Crime 2016

1/130

INTRODUCTION TOINTRODUCTION TO

COMPUTER ANDCOMPUTER AND

INTERNET CRIMEINTERNET CRIME

Atty. Ramon Antonio A. RupertoAtty. Ramon Antonio A. Ruperto


2/130

Ethics and Criminal LawEthics and Criminal Law

When faced with a difficult ethicalWhen faced with a difficult ethicaldecision, reference to the law isdecision, reference to the law is

often a good starting point.often a good starting point. In making an ethical decision, one ofIn making an ethical decision, one of

the principle guidelines is tothe principle guidelines is todetermine whether there is a lawdetermine whether there is a law

that is applicable.that is applicable. More specifically, one should askMore specifically, one should ask

whether or not the contemplated actwhether or not the contemplated act

is a crime.is a crime.


3/130

The FirstThe First CybercrimeCybercrime

It is said that the first recorded cyberIt is said that the first recorded cybercrime took place in the yearcrime took place in the year18201820

JosephJoseph--Marie Jacquard, a textileMarie Jacquard, a textile

manufacturer in France, produced themanufacturer in France, produced theloom. This device allowed the repetition ofloom. This device allowed the repetition ofa series of steps in the weaving of speciala series of steps in the weaving of specialfabrics. This resulted in a fear amongstfabrics. This resulted in a fear amongstJacquard's employees that their traditionalJacquard's employees that their traditionalemployment and livelihood were beingemployment and livelihood were beingthreatened. They committed acts ofthreatened. They committed acts ofsabotage to discourage Jacquard fromsabotage to discourage Jacquard fromfurther use of the new technology.further use of the new technology.


4/130

What is a computer crime?What is a computer crime?

refers to any crime that involves arefers to any crime that involves acomputer and a network. The computercomputer and a network. The computermay have been used in the commission ofmay have been used in the commission of

a crime, or it may be the target.a crime, or it may be the target. any illegal behavior directed by means ofany illegal behavior directed by means of

electronic operations that targets theelectronic operations that targets thesecurity of computer systems and the datasecurity of computer systems and the dataprocessed by them.processed by them.

also referred to asalso referred to ascyber crimecyber crime


5/130

What is a computer crime?What is a computer crime?

As of now, there is absolutely NOAs of now, there is absolutely NOcomprehensive law oncomprehensive law on cybercrimecybercrimeanywhere in the worldanywhere in the world

There is NO exhaustive and uniformThere is NO exhaustive and uniformdefinition aboutdefinition about cybercrimecybercrime..However, any activity involving aHowever, any activity involving acomputer which basically offendscomputer which basically offendshuman sensibilities, can also behuman sensibilities, can also beincluded in its ambitincluded in its ambit


6/130

Other termsOther terms

ComputerComputer--related crimerelated crime -- any illegalany illegalbehavior committed by means of, orbehavior committed by means of, or

in relation to, a computer system orin relation to, a computer system ornetwork, however, strictly speaking,network, however, strictly speaking,this is notthis is not cybercrimecybercrime..

NetcrimeNetcrime -- refers to criminalrefers to criminalexploitation of the Internetexploitation of the Internet


7/130

COMPUTER CRIME

Crimes thattarget

computers

directly

Crimes

facilitated bycomputer

networks ordevices, the

primary targetof which is

independent ofthe computernetwork or

device


8/130

Crimes that primarily targetCrimes that primarily target

computer networks or devices:computer networks or devices:

Computer virusesComputer viruses

DenialDenial--ofof--service (DOS) attacksservice (DOS) attacks MalwareMalware


9/130

Crimes that use computer networksCrimes that use computer networks

or devices to advance other ends:or devices to advance other ends: CyberstalkingCyberstalking// cyberbullyingcyberbullying

Internet fraud and identity theftInternet fraud and identity theft

Information warfareInformation warfare PhishingPhishing scamsscams


10/130

Other ways of classifyingOther ways of classifying

CybercrimesCybercrimes:: According to the victim/offendedAccording to the victim/offended

person:person:

1.1. CybercrimesCybercrimes against personsagainst persons

2.2. CybercrimesCybercrimes against propertyagainst property

3.3. CybercrimesCybercrimes against theagainst thegovernmentgovernment


11/130

CybercrimesCybercrimes against personsagainst persons

include crimes like transmission ofinclude crimes like transmission ofchildchild--pornography, harassment ofpornography, harassment of

any one with the use of a computerany one with the use of a computersuch as esuch as e--mail, andmail, and cyberstalkingcyberstalking,,and trafficking, distribution,and trafficking, distribution,posting, and dissemination ofposting, and dissemination of

obscene material includingobscene material includingpornography, indecent exposure,pornography, indecent exposure,and child pornographyand child pornography


12/130

CybercrimesCybercrimes against propertyagainst property

include unauthorized computerinclude unauthorized computertrespassing through cyberspacetrespassing through cyberspace

(intrusion), computer vandalism,(intrusion), computer vandalism,transmission of harmful programs,transmission of harmful programs,and unauthorized possession ofand unauthorized possession ofcomputerized informationcomputerized information


13/130

CybercrimesCybercrimes against governmentagainst government

includeinclude cyberterrorismcyberterrorism,, cyberwarfarecyberwarfare

generally speaking, these crimesgenerally speaking, these crimes

may also refer to those againstmay also refer to those againstpersons, but this time directedpersons, but this time directedagainst the government (as aagainst the government (as ajuridical person)juridical person)


14/130


CybercrimesCybercrimes:: As categorized by the United Nations:As categorized by the United Nations:

1.1.

unauthorized accessunauthorized access

2.2. damage to computer data or programsdamage to computer data or programs

3.3. sabotage to hinder the functioning of asabotage to hinder the functioning of acomputer system or networkcomputer system or network

4.4. unauthorized interception of data to,unauthorized interception of data to,from and within a system or networkfrom and within a system or network

5.5. computer espionagecomputer espionage


15/130


CybercrimesCybercrimes:: According to the role of the computer (asAccording to the role of the computer (as

categorized by the US Department ofcategorized by the US Department ofJustice):Justice):

1.1. The computer as a targetThe computer as a target -- attacking theattacking thecomputers of others (spreading virusescomputers of others (spreading virusesis an example)is an example)

2.2. The computer as a weaponThe computer as a weapon -- using ausing a

computer to commit "traditional crime"computer to commit "traditional crime"that we see in the physical world (suchthat we see in the physical world (suchas fraud or illegal gambling)as fraud or illegal gambling)

3.3. The computer as an accessoryThe computer as an accessory -- using ausing acomputer to store illegal or stolencomputer to store illegal or stolen

informationinformation


16/130

CybercrimesCybercrimes

There is no exhaustive list of allThere is no exhaustive list of allcybercrimescybercrimes

New kinds ofNew kinds ofcybercrimescybercrimes arise, andarise, andit is difficult to anticipate all theit is difficult to anticipate all thepossible kinds ofpossible kinds ofcybercrimescybercrimes

Some specific acts may fall underSome specific acts may fall under

several kinds of categories or areasseveral kinds of categories or areas


17/130

AREAS OFCOMPUTER

CRIME

Theft: goods,Theft: goods,

information orinformation ormoneymoney

Theft ofTheft ofcomputer timecomputer time

UnauthorizedUnauthorized

accessaccess(Hacking)(Hacking)

ComputerComputer

fraudfraud

Identity theftIdentity theft

HarassmentHarassment

and sexuallyand sexually--

relatedrelated

materialmaterial

Forgery andForgery and

piracypiracy

ComputerComputer

espionageespionage


18/130

1. UNAUTHORIZED ACCESS1. UNAUTHORIZED ACCESS

Unauthorized access to computerUnauthorized access to computermaterial (hacking/intrusions)material (hacking/intrusions)

Unauthorized access with intent toUnauthorized access with intent tocommit further offenses (such ascommit further offenses (such asblackmail)blackmail)

Unauthorized modification ofUnauthorized modification of

computer material (for example,computer material (for example,distributing viruses)distributing viruses)


19/130

Hacking / IntrusionsHacking / Intrusions

ModernModern--day vandalism or graffitiday vandalism or graffiti

Unauthorized access to computer systemsUnauthorized access to computer systemsor networksor networks

Ranges from the mere defacing ofRanges from the mere defacing ofwebsites for personal notoriety, thewebsites for personal notoriety, thechallenge, or a political message, tochallenge, or a political message, tointerfering or controlling the computerinterfering or controlling the computersystem or network of anothersystem or network of another

It is unanimously agreed that any andIt is unanimously agreed that any andevery system in the world can be hackedevery system in the world can be hacked


20/130

IntrusionsIntrusions -- in a general sense,in a general sense,aside from hacking (the illegal entryaside from hacking (the illegal entry

into a secure database or network),into a secure database or network),these may also refer to thethese may also refer to theintroduction of various forms ofintroduction of various forms ofmalicious software, which can bemalicious software, which can be

malwaremalware, worms, viruses,, worms, viruses, trojantrojanhorses, fake antihorses, fake anti--virus software, andvirus software, andmay other covert programs,may other covert programs,


21/130

Virus / Worm attacksVirus / Worm attacks

VirusesViruses programs that attachprograms that attachthemselves to a computer or a file andthemselves to a computer or a file andthen circulate themselves to otherthen circulate themselves to otherfiles and to other computers on afiles and to other computers on anetwork. They usually affect the datanetwork. They usually affect the dataon a computer, either by altering oron a computer, either by altering ordeleting it.deleting it.

WormsWorms programs which makeprograms which makefunctional copies of themselves andfunctional copies of themselves and

do this repeatedly until they eat up alldo this repeatedly until they eat up allthe available space on a computer'sthe available space on a computer'smemory.memory.


22/130

TrojansTrojans program in which maliciousprogram in which maliciousor harmful code is disguised insideor harmful code is disguised insidesome apparently harmlesssome apparently harmless

programming or data (perhaps anprogramming or data (perhaps animage or sound file, or emailimage or sound file, or emailattachment). The victim is trickedattachment). The victim is trickedinto executing the program code byinto executing the program code by

opening the file or attachment,opening the file or attachment,initiating a malicious sequence ofinitiating a malicious sequence ofevent.event.


23/130

NameName YearYearreleasedreleased

Worldwide economicWorldwide economicimpactimpact

StormStorm 20072007 > $ 10 billion (> $ 10 billion (estest))

ILOVEYOUILOVEYOU 20002000 $ 8.75$ 8.75 10 billion10 billion

Code RedCode Red 20012001 $ 2.62 billion$ 2.62 billion

SirCamSirCam 20012001 $ 1.15 billion$ 1.15 billion

MelissaMelissa 19991999 $ 1.10 billion$ 1.10 billion

COST IMPACT OF WORMS


24/130

Cyber Attacks /Cyber Attacks / DoSDoSAttacksAttacks

Denial of Service (Denial of Service (DoSDoS)) -- involves flooding ainvolves flooding acomputer resource with more requests than itcomputer resource with more requests than itcan handle. This causes the resource (e.g. a webcan handle. This causes the resource (e.g. a webserver) to crash thereby denying authorizedserver) to crash thereby denying authorized

users the service offered by the resource.users the service offered by the resource.

Distributed Denial of Service (Distributed Denial of Service (DDoSDDoS)) -- thetheperpetrators are many and are geographicallyperpetrators are many and are geographicallywidespread. It is very difficult to control suchwidespread. It is very difficult to control such

attacks. The attack is initiated by sendingattacks. The attack is initiated by sendingexcessive demands to the victim'sexcessive demands to the victim's computer(scomputer(s),),exceeding the limit that the victim's servers canexceeding the limit that the victim's servers cansupport and making the servers crashsupport and making the servers crash


25/130

Cyber Attacks /Cyber Attacks / DoSDoSAttacksAttacks

In February 2000, these kinds of attacksIn February 2000, these kinds of attackswere able to bring Yahoo, eBay, Amazon,were able to bring Yahoo, eBay, Amazon,CNN and other popular websites to a haltCNN and other popular websites to a halt


26/130

SpamSpam

Unsolicited sending of bulk email forUnsolicited sending of bulk email forcommercial purposescommercial purposes

To send the same messageTo send the same messageindiscriminately toindiscriminately to

(large numbers of(large numbers of

recipients) on therecipients) on the

InternetInternet


27/130

EE--mail bombingmail bombing

Email bombing refers to sending aEmail bombing refers to sending alarge number of emails to the victimlarge number of emails to the victimresulting in the victim's emailresulting in the victim's emailaccount (in case of an individual) oraccount (in case of an individual) ormail servers (in case of a companymail servers (in case of a companyor an email service provider)or an email service provider)

crashingcrashing


28/130

2. THEFT OF GOODS,2. THEFT OF GOODS,

INFORMATION OR MONEYINFORMATION OR MONEY Diverting goods to the wrongDiverting goods to the wrong

destinationdestination

Unauthorized tapping into dataUnauthorized tapping into datatransmission lines or databasestransmission lines or databases

Using someone elseUsing someone elses credit cards credit card

Transferring payments to bogus bankTransferring payments to bogus bankaccountsaccounts


29/130

Salami attacksSalami attacks

Used for the commission of financialUsed for the commission of financialcrimes by altering raw data just before itcrimes by altering raw data just before itis processed by a computer and makingis processed by a computer and makingthe alteration so insignificant that in athe alteration so insignificant that in a

single case it would go completelysingle case it would go completelyunnoticed. (e.g. a bank employee insertsunnoticed. (e.g. a bank employee insertsa program, into the bank's servers, thata program, into the bank's servers, thatdeducts a small amount of money (suchdeducts a small amount of money (suchas 25 centavos a month) from the accountas 25 centavos a month) from the account

of every customer. No account holder willof every customer. No account holder willprobably notice this unauthorized debit,probably notice this unauthorized debit,but the bank employee will make a sizablebut the bank employee will make a sizableamount of money every month.amount of money every month.


30/130

"collect"collect--thethe--roundoffroundoff"" -- In this scam,In this scam,a programmer modifies arithmetica programmer modifies arithmeticroutines, such as interestroutines, such as interestcomputations. Typically, thecomputations. Typically, thecalculations are carried out to severalcalculations are carried out to severaldecimal places beyond thedecimal places beyond the

customary two or three kept forcustomary two or three kept forfinancial records.financial records.


31/130

3. THEFT OF COMPUTER TIME3. THEFT OF COMPUTER TIME

Involves the use of an employerInvolves the use of an employersscomputer resources for personalcomputer resources for personalworkwork

Considered a grey areaConsidered a grey area

Example: UsingExample: Using FacebookFacebook duringduringoffice hoursoffice hours


32/130

4. COMPUTER FRAUD4. COMPUTER FRAUD

May include preMay include pre--Internet scams suchInternet scams suchas pyramid schemes, chain letters,as pyramid schemes, chain letters,sales of counterfeit goods, and phonysales of counterfeit goods, and phonybusiness investment opportunitiesbusiness investment opportunities

Any fraudulent act with the use ofAny fraudulent act with the use ofcomputerscomputers


33/130

Computer FraudComputer Fraud

any dishonest misrepresentation of factany dishonest misrepresentation of factintended to let another do or refrain fromintended to let another do or refrain fromdoing something which causes lossdoing something which causes loss

may include credit fraud. Certainmay include credit fraud. Certaincomputer viruses can log keystrokes oncomputer viruses can log keystrokes onyour keyboard and send them to hackers,your keyboard and send them to hackers,who can then take your personal details,who can then take your personal details,

credit card number and home address.credit card number and home address.This information will be used by theThis information will be used by thehacker for his own meanshacker for his own means


34/130

PhishingPhishing

a kind of scam, especially practiceda kind of scam, especially practicedthrough ethrough e--mail, in which a cyber criminalmail, in which a cyber criminalsends a message that appears to be fromsends a message that appears to be from

the receiverthe receivers bank or business, or as bank or business, or agovernment agency, such as the BIRgovernment agency, such as the BIR

often they use these organizationsoften they use these organizationslogoslogosand design the message to appear theand design the message to appear thesame as legitimate esame as legitimate e--mail from themail from the

company. Once they have the recipientcompany. Once they have the recipientsstrust, they then ask for money, banktrust, they then ask for money, bankaccount numbers, and other personalaccount numbers, and other personalinformationinformation


35/130


36/130


37/130

5. CORPORATE ESPIONAGE5. CORPORATE ESPIONAGE

Theft of corporate assets or tradeTheft of corporate assets or tradesecrets from computer systems ofsecrets from computer systems ofcorporations which contain great dealcorporations which contain great dealof information such as productof information such as productdevelopment plans, customer contactdevelopment plans, customer contactlists, product specifications,lists, product specifications,

manufacturing process knowledge,manufacturing process knowledge,and strategic plans.and strategic plans.


38/130

6. IDENTITY THEFT6. IDENTITY THEFT

Not just theft of credit card numbers,Not just theft of credit card numbers,but also social security numbers,but also social security numbers,bank account details, addresses andbank account details, addresses andany other personal data that aany other personal data that aperson might use to verify theirperson might use to verify theiridentityidentity


39/130

7. FORGERY AND PIRACY7. FORGERY AND PIRACY

Using desktop publishing software,Using desktop publishing software,high resolution scanners and laserhigh resolution scanners and laserprinters to assist forgery, whether itprinters to assist forgery, whether it

be money, checks, passports, visas,be money, checks, passports, visas,birth certificates, identity cards, andbirth certificates, identity cards, anddegreesdegrees

Software piracySoftware piracy distribution ofdistribution of

illegal software and other intellectualillegal software and other intellectualproductsproducts


40/130

Piracy / Online theftPiracy / Online theft

act of copying copyrighted material. Theact of copying copyrighted material. Thepersonal computer and the Internet bothpersonal computer and the Internet bothoffer new mediums for committing suchoffer new mediums for committing such

crimecrime include fileinclude file--sharing or distributing songs,sharing or distributing songs,

movies, video games, and so on for freemovies, video games, and so on for free

Online TheftOnline Theft -- any type of 'piracy' thatany type of 'piracy' thatinvolves the use of the Internet to marketinvolves the use of the Internet to marketor distribute creative works protected byor distribute creative works protected bycopyrightcopyright


41/130

Copying in the workplace,Copying in the workplace,counterfeiting and various forms ofcounterfeiting and various forms ofillegal distribution of software costillegal distribution of software costthe Asia Pacific regionthe Asia Pacific regionUS$11.6US$11.6billionbillion in 2006in 2006


42/130


43/130

8. HARASSMENT AND8. HARASSMENT AND

SEXUALLY RELATED MATERIALSEXUALLY RELATED MATERIAL ComputerComputer--assisted sexual crimes,assisted sexual crimes,

from distribution of childfrom distribution of childpornography, to electronic forms ofpornography, to electronic forms ofsexual harassment and cyberstalkingsexual harassment and cyberstalking(use of e(use of e--mail and other electronicmail and other electronicmedia to harass or threaten a personmedia to harass or threaten a person

repeatedly)repeatedly)


44/130

Obscene or offensive contentObscene or offensive content

The content of websites and otherThe content of websites and otherelectronic communications may beelectronic communications may bedistasteful, obscene or offensive for adistasteful, obscene or offensive for avariety of reasonsvariety of reasons


45/130

Cyber harassment / bullyingCyber harassment / bullying

Directing of obscenities and derogatoryDirecting of obscenities and derogatorycomments at specific individuals focusingcomments at specific individuals focusingfor example on gender, race, religion,for example on gender, race, religion,

nationality, sexual orientation. This oftennationality, sexual orientation. This oftenoccurs in chat rooms, throughoccurs in chat rooms, throughnewsgroups, and by sending hate enewsgroups, and by sending hate e--mailmailto interested partiesto interested parties

May also refer to cyber bullying, cyberMay also refer to cyber bullying, cyberstalking, harassment by computer, onlinestalking, harassment by computer, onlinepredation, and internet libelpredation, and internet libel


46/130

CyberterrorismCyberterrorism

is distinguished from other acts ofis distinguished from other acts ofcommercial crime or incidents of hackingcommercial crime or incidents of hackingby its severityby its severity

intimidation or coercion a government orintimidation or coercion a government ororganization to advance political or socialorganization to advance political or socialobjectives by launching computerobjectives by launching computer--basedbasedattack against computers, network, andattack against computers, network, andthe information stored on themthe information stored on them

an act of terrorism committed through thean act of terrorism committed through theuse of cyberspace or computer resources.use of cyberspace or computer resources.


47/130


any act of cybercrime designed to cause terror.any act of cybercrime designed to cause terror.Like conventional terrorism,Like conventional terrorism,ee--terrorismterrorismisisclassified as such if the result of such cybercrimeclassified as such if the result of such cybercrimeis to cause enough harm to generate fearis to cause enough harm to generate fear

TerrorismTerrorism -- Any person who commits theAny person who commits thefollowing acts: Piracy and Mutiny, Rebellion orfollowing acts: Piracy and Mutiny, Rebellion orInsurrection, Coup de Etat, Murder, Kidnapping,Insurrection, Coup de Etat, Murder, Kidnapping,Crimes Involving Destruction, Arson, Hijacking,Crimes Involving Destruction, Arson, Hijacking,Illegal Possession of Firearms, thereby sowingIllegal Possession of Firearms, thereby sowing

and creating a condition of widespread andand creating a condition of widespread andextraordinary fear and panic among theextraordinary fear and panic among thepopulacepopulace, in order to coerce the government to, in order to coerce the government togive in to an unlawful demand (Section 3,give in to an unlawful demand (Section 3,Republic Act No. 9372)Republic Act No. 9372)


48/130


The medium of Cyberspace is being used byThe medium of Cyberspace is being used byindividuals and groups to threaten theindividuals and groups to threaten theinternational governments as also to terrorize theinternational governments as also to terrorize thecitizens of a country. This crime manifests itselfcitizens of a country. This crime manifests itself

into terrorism when an individual cracks into ainto terrorism when an individual cracks into agovernment or military maintained websitegovernment or military maintained website

In 2010, during the months leading to the MayIn 2010, during the months leading to the Mayautomated elections, five government websitesautomated elections, five government websites

(DOH, DOLE, DSWD, NDCC, and TESDA) were(DOH, DOLE, DSWD, NDCC, and TESDA) werehacked. There were widespread concerns that thehacked. There were widespread concerns that theautomated elections counting machines couldautomated elections counting machines couldalso be hacked.also be hacked.


49/130

Cyber warfareCyber warfare

May be an effective form of warfareMay be an effective form of warfarein the futurein the future

In August 2008, Russia allegedlyIn August 2008, Russia allegedlyconducted cyber attacks, this time inconducted cyber attacks, this time ina coordinated and synchronizeda coordinated and synchronizedcampaign against the country ofcampaign against the country of

GeorgiaGeorgia


50/130

Other cybercrimesOther cybercrimes

CybersquattingCybersquatting

TyposquattingTyposquatting

Copyright/Trademark infringementCopyright/Trademark infringement Internet plagiarismInternet plagiarism

Internet libel/defamationInternet libel/defamation

Bandwidth theftBandwidth theft


51/130

Cybercrime in the PhilippinesCybercrime in the Philippines

There have been 667 instances ofThere have been 667 instances ofgovernment websites defacementsgovernment websites defacementsbetween 2003between 2003--20082008

87 % of Filipinos have fallen to a87 % of Filipinos have fallen to avariety of attacks, which includevariety of attacks, which includemalware (virus and Trojan horse)malware (virus and Trojan horse)invasion, online or phishing scamsinvasion, online or phishing scams

73 % do not expect cybercriminals to73 % do not expect cybercriminals tobe brought to justicebe brought to justice


52/130


34% say it is acceptable to download34% say it is acceptable to downloadmusic and movies without paying formusic and movies without paying forthemthem

22% think that using an unsecured22% think that using an unsecuredWiFi access point is legal.WiFi access point is legal.


53/130


As of 2005, the number of cybercrimesAs of 2005, the number of cybercrimesrecorded were only 30recorded were only 30

CIDG has recorded 72 computerCIDG has recorded 72 computer--relatedrelated

crimes last year (2010) and 56 during thecrimes last year (2010) and 56 during thefirstfirst half of this yearhalf of this year

Effendy Ibrahim, head of Symantec AsiaEffendy Ibrahim, head of Symantec AsiassInternet Safety Advocate and ConsumerInternet Safety Advocate and ConsumerBusiness division, describes the growingBusiness division, describes the growingcybercrime problem in the Philippines as acybercrime problem in the Philippines as asilent epidemicsilent epidemic


54/130

Characteristics of PhilippineCharacteristics of Philippine

Criminal LawCriminal Law1.1. General ApplicationGeneral Application PhilippinePhilippine

criminal laws are binding on all personscriminal laws are binding on all personswho live or sojourn in the Philippines,who live or sojourn in the Philippines,

regardless of your nationality, religion,regardless of your nationality, religion,etc.etc.

2.2. TerritorialTerritorial our criminal lawour criminal lawundertakes to punish crimes committedundertakes to punish crimes committedonly within the Philippine territoryonly within the Philippine territory

3.3. ProspectiveProspective a criminal law cannota criminal law cannotmake an act punishable when it was notmake an act punishable when it was notpunishable when committedpunishable when committed


55/130

VBS_LOVELETTERVBS_LOVELETTER

better known as the Love Bug or the ILOVEYOU virusbetter known as the Love Bug or the ILOVEYOU virus Release in 2000, it caused major disruptions in emailRelease in 2000, it caused major disruptions in email

systems worldwide with costs escalating to an estimatedsystems worldwide with costs escalating to an estimated$10 billion in revenue loss.$10 billion in revenue loss.

The source came from a Filipino IT dropout,The source came from a Filipino IT dropout,Onel deOnel de

GuzmanGuzman, who created it as part of his thesis proposal with, who created it as part of his thesis proposal withfocus specifically on stealing passwords. Obviously, thefocus specifically on stealing passwords. Obviously, thethesis proposal was rejected, but the virus still found itsthesis proposal was rejected, but the virus still found itsway to the internet.way to the internet.

This incident marked the PhilippinesThis incident marked the Philippinesinfamous introduction onto the worldinfamous introduction onto the worldstage of cyber crime.stage of cyber crime.


56/130


57/130


58/130

Philippine Laws onPhilippine Laws on CybercrimesCybercrimes

and other related actsand other related acts


59/130

EE--Commerce Act of 2000Commerce Act of 2000

(RA No. 8792)(RA No. 8792) Punishable acts:Punishable acts:

1.1.Hacking or crackingHacking or cracking-- unauthorized access intounauthorized access intoor interference in a computer system/server oror interference in a computer system/server or

information and communication system; or anyinformation and communication system; or anyaccess in order to corrupt, alter, steal, or destroyaccess in order to corrupt, alter, steal, or destroyusing a computer or other similar information andusing a computer or other similar information andcommunication devices, without the knowledgecommunication devices, without the knowledgeand consent of the owner of the computer orand consent of the owner of the computer orinformation and communications system,information and communications system,

including the introduction ofincluding the introduction ofco m p u t e r v i r u se s co m p u t e r v i r u s e s and the like, resulting in the corruption,and the like, resulting in the corruption,destruction, alteration, theft or loss of electronicdestruction, alteration, theft or loss of electronicdata messages or electronic documentdata messages or electronic document


60/130

HackerHacker

Enjoys learning details of computerEnjoys learning details of computersystems and how to stretch theirsystems and how to stretch theircapabilitiescapabilities

Programs enthusiastically rather thanPrograms enthusiastically rather thanjust theorizing about itjust theorizing about it

Malicious inquisitive meddler whoMalicious inquisitive meddler who

tries to discover information bytries to discover information bypoking aroundpoking around


61/130

THECOMPUTERHACKER

Public interestPublic interest RevealReveal

wrongdoingwrongdoingVandalismVandalism

(Defacement)(Defacement)

Financial gainFinancial gain As a protestAs a protest The challengeThe challenge

(fun)(fun)


62/130

Type ofType of

perpetratorperpetratorTypical motivesTypical motives

HackerHacker Test limits of system and/or gainTest limits of system and/or gainpublicitypublicity

CrackerCracker Cause problems, steal data, andCause problems, steal data, andcorrupt systemscorrupt systems

Malicious insiderMalicious insider Gain financially and/or disruptGain financially and/or disruptcompanycompanys information systemss information systems

Industrial spyIndustrial spy Capture trade secrets and gainCapture trade secrets and gaincompetitive advantagecompetitive advantage

CybercriminalCybercriminal Gain financiallyGain financially

HacktivistHacktivist Promote political ideologyPromote political ideology

CyberterroristCyberterrorist Destroy infrastructureDestroy infrastructurecomponents of institutionscomponents of institutions


63/130

HackerHackerEthicsEthics

(established by the early hackers)(established by the early hackers) Access to computers should be unlimitedAccess to computers should be unlimited

and totaland total

All information should be freeAll information should be free

Mistrust authorityMistrust authority

Hackers should be judged by theirHackers should be judged by theirhacking, not bogus criteria such ashacking, not bogus criteria such asacademic excellence, age, race or positionacademic excellence, age, race or position

You can create art and beauty on aYou can create art and beauty on acomputercomputer


64/130

Hackers as public watchdogsHackers as public watchdogs

Reveal information the public has a rightReveal information the public has a rightto know, and exposing the truthto know, and exposing the truth

In a sense, continues a tradition toIn a sense, continues a tradition toinvestigative journalisminvestigative journalism

Example: Chaos Computer ClubExample: Chaos Computer Club releasedreleasedmore information to the public about themore information to the public about theChernobyl disaster than the governmentChernobyl disaster than the governmentitself.itself.

In this sense, it could be argued thatIn this sense, it could be argued thathackers can be intelligent and criticalhackers can be intelligent and criticalchecks against governments who withholdchecks against governments who withholdinformation or abuse their powerinformation or abuse their power


65/130

Hackers as security consultantsHackers as security consultants

Breaching of systems can provide moreBreaching of systems can provide moreeffective security in the future, so that,effective security in the future, so that,presumably less wellpresumably less well--intentioned hackersintentioned hackers

are prevented from causing real harmare prevented from causing real harm In the US, convicted hackers are regularlyIn the US, convicted hackers are regularly

approached by security and intelligenceapproached by security and intelligenceagencies with offers to join them in returnagencies with offers to join them in return

for reduction of their sentencesfor reduction of their sentences Others have established own computerOthers have established own computer

security firmssecurity firms


66/130

In May 2006,In May 2006, a Filipino call centera Filipino call centeragent was found guilty of hackingagent was found guilty of hackinginto the company he worked for andinto the company he worked for and

stealing credit card details. He wasstealing credit card details. He wasable to make online purchases worthable to make online purchases worthmore than $2,000 through illegalmore than $2,000 through illegal

means. He served a 2means. He served a 2--year prisonyear prisonsentence and had to pay over $5,000sentence and had to pay over $5,000in fines.in fines.


67/130

EE--Commerce Act of 2000Commerce Act of 2000

(RA No. 8792)(RA No. 8792)

Punishable acts:Punishable acts:

2.2.PiracyPiracy -- unauthorized copying, reproduction,unauthorized copying, reproduction,dissemination, distribution, importation, use,dissemination, distribution, importation, use,

removal, alteration, substitution, modification,removal, alteration, substitution, modification,storage, uploading, downloading, communication,storage, uploading, downloading, communication,making available to the public, or broadcastingmaking available to the public, or broadcastingof protected material, electronic signature orof protected material, electronic signature orcopyrighted works including legally protectedcopyrighted works including legally protectedsound recordings or phonograms or informationsound recordings or phonograms or information

material on protected works, through the use ofmaterial on protected works, through the use oftelecommunication networks, such as, but nottelecommunication networks, such as, but notlimited to, the internet, in a manner thatlimited to, the internet, in a manner thatinfringes intellectual property rightsinfringes intellectual property rights


68/130

AntiAnti--CamcordingCamcordingAct of 2010Act of 2010

(Republic Act No. 10088)(Republic Act No. 10088)

prohibits and penalizes unauthorized use,prohibits and penalizes unauthorized use,possession, and control, with the intent orpossession, and control, with the intent orattempt to use audiovisual recordingattempt to use audiovisual recording

devices to transmit or make a copy of anydevices to transmit or make a copy of anyperformance in an exhibition facility ofperformance in an exhibition facility ofcinematographic film or other audiovisualcinematographic film or other audiovisualwork.work.

camcordingcamcording activities declared for privateactivities declared for privateor domestic purposes is now alsoor domestic purposes is now alsopunishable by lawpunishable by law


69/130

Exhibition facilities are now mandated toExhibition facilities are now mandated toconspicuously display notices andconspicuously display notices and signagessignages atattheir premises including, but not limited to,their premises including, but not limited to,ticketticket--selling areas and theatre entrances to warnselling areas and theatre entrances to warn

their patrons of the consequences of illegaltheir patrons of the consequences of illegalcamcordingcamcording activities.activities.

The Law also allows authorized persons, evenThe Law also allows authorized persons, evenwithout warrant and payment of admission fee orwithout warrant and payment of admission fee orany charge, to enter and search any exhibitionany charge, to enter and search any exhibition

facility, seize any audiovisual recording device,facility, seize any audiovisual recording device,and detain any person should they haveand detain any person should they havereasonable ground to believe that a violationreasonable ground to believe that a violationunder this Act has been or is being committed.under this Act has been or is being committed.


70/130

AntiAnti--Child Pornography Act of 2009Child Pornography Act of 2009

(Republic Act No. 9775)(Republic Act No. 9775)

This law defines child pornography asThis law defines child pornography asanyanyrepresentation, be in visual, audio orrepresentation, be in visual, audio orwritten, combination thereof, bywritten, combination thereof, byelectronic, mechanical, digital, optical,electronic, mechanical, digital, optical,

magnetic or other means, of a childmagnetic or other means, of a childengaged in real or simulated explicitengaged in real or simulated explicitsexual activities.sexual activities.

Any person who produces, distributes,Any person who produces, distributes,publishes and commits other related actspublishes and commits other related acts

would be subject to penalties. Violatorswould be subject to penalties. Violatorsmay include internet service providers andmay include internet service providers andinternet content hosts.internet content hosts.


71/130

Anti Child Pornography Act of 2009Anti Child Pornography Act of 2009Republic Act No. 9775Republic Act No. 9775

Section 4. Unlawful or Prohibited Acts.Section 4. Unlawful or Prohibited Acts.(a) To hire, employ, use, persuade, induce or(a) To hire, employ, use, persuade, induce orcoerce a child to perform in the creation orcoerce a child to perform in the creation orproduction of any form of child pornography;production of any form of child pornography;

( b ) To p r o d u c e , d i r e c t , m a n u f a c t u r e o r ( b ) To p r o d u c e , d i r e c t , m a n u f a c t u r e o r c r e a t e an y f o r m o f ch i l d p o r n o g r a p h y ; c r e a t e a n y f o r m o f ch i l d p o r n o g r a p h y ;

( c ) T o p u b l is h o f f e r , t r a n sm i t , s e l l ,( c ) T o p u b l i s h o f f e r , t r a n sm i t , s e l l ,d i s t r i b u t e , b r o a d c a st , a d v e r t i s e , p r o m o t e ,d i s t r i b u t e , b r o a d c a st , a d v e r t i s e , p r o m o t e ,e x p o r t o r im p o r t a n y f o r m o f ch i ld e x p o r t o r im p o r t a n y f o r m o f ch i ld p o r n o g r a p h y ; p o r n o g r a p h y ;

(d) To possess any form of child pornography(d) To possess any form of child pornographywith the intent to sell, distribute, publish, orwith the intent to sell, distribute, publish, orbroadcast: Provided. That possession of three (3)broadcast: Provided. That possession of three (3)or more articles of child pornography of the sameor more articles of child pornography of the sameform shall be prima facie evidence of the intentform shall be prima facie evidence of the intentto sell, distribute, publish or broadcast;to sell, distribute, publish or broadcast;


72/130


(e) To knowingly, willfully and intentionally(e) To knowingly, willfully and intentionallyprovide a venue for the commission of prohibitedprovide a venue for the commission of prohibitedacts as, but not limited to, dens, private rooms,acts as, but not limited to, dens, private rooms,cubicles, cinemas, houses or in establishmentscubicles, cinemas, houses or in establishmentspurporting to be a legitimate business;purporting to be a legitimate business;

(f) For film distributors, theaters and(f) For film distributors, theaters andtelecommunication companies, by themselves ortelecommunication companies, by themselves orin cooperation with other entities, to distributein cooperation with other entities, to distributeany form of child pornography;any form of child pornography;(g) For a parent, legal guardian or person having(g) For a parent, legal guardian or person having

custody or control of a child to knowingly permitcustody or control of a child to knowingly permitthe child to engage, participate or assist in anythe child to engage, participate or assist in anyform of child pornography;form of child pornography;


73/130


(h) To engage in the luring or grooming of a(h) To engage in the luring or grooming of achild;child;(i) To engage in pandering of any form of child(i) To engage in pandering of any form of childpornography;pornography;

(j) To willfully access any form of child(j) To willfully access any form of childpornography;pornography;(k) To conspire to commit any of the prohibited(k) To conspire to commit any of the prohibitedacts stated in this section. Conspiracy to commitacts stated in this section. Conspiracy to commitany form of child pornography shall be committedany form of child pornography shall be committedwhen two (2) or more persons come to anwhen two (2) or more persons come to an

agreement concerning the commission of any ofagreement concerning the commission of any ofthe said prohibited acts and decide to commit it;the said prohibited acts and decide to commit it;andand(l) To possess any form of child pornography.(l) To possess any form of child pornography.


74/130


Internet content host refers to a person whoInternet content host refers to a person whohosts or who proposes to host internet content inhosts or who proposes to host internet content inthe Philippines.the Philippines.

Section 11. Duties of an Internet Content Host.Section 11. Duties of an Internet Content Host. --An internet content host shall:An internet content host shall:

(a) Not host any form of child pornography on its(a) Not host any form of child pornography on itsinternet address;internet address;

(b) Within seven (7) days, report the presence of(b) Within seven (7) days, report the presence ofany form of child pornography, as well as theany form of child pornography, as well as theparticulars of the person maintaining, hosting,particulars of the person maintaining, hosting,

distributing or in any manner contributing to suchdistributing or in any manner contributing to suchinternet address, to the proper authorities; andinternet address, to the proper authorities; and (c) Preserve such evidence for purposes of(c) Preserve such evidence for purposes of

investigation and prosecution by relevantinvestigation and prosecution by relevantauthorities.authorities.


75/130


An internet content host shall, upon the request of properAn internet content host shall, upon the request of properauthorities, furnish the particulars of users who gained orauthorities, furnish the particulars of users who gained orattempted to gain access to an internet address thatattempted to gain access to an internet address thatcontains any form of child pornography.contains any form of child pornography.

An internet content host who shall knowingly, willfully andAn internet content host who shall knowingly, willfully andintentionally violate this provision shall be subject to theintentionally violate this provision shall be subject to thepenalty provided under Section 15(j) of this Act: Provided,penalty provided under Section 15(j) of this Act: Provided,That the failure of the internet content host to remove anyThat the failure of the internet content host to remove anyform of child pornography within fortyform of child pornography within forty--eight (48) hourseight (48) hoursfrom receiving the notice that any form of childfrom receiving the notice that any form of childpornography is hitting its server shall be conclusivepornography is hitting its server shall be conclusiveevidence of willful and intentional violation thereof.evidence of willful and intentional violation thereof.

Section 12. Authority to Regulate Internet CafSection 12. Authority to Regulate Internet Caf or Kiosk.or Kiosk. --The local government unit (LGU) of the city or municipalityThe local government unit (LGU) of the city or municipalitywhere an internet cafwhere an internet caf or kiosk is located shall have theor kiosk is located shall have theauthority to monitor and regulate the establishment andauthority to monitor and regulate the establishment andoperation of the same or similar establishments in order tooperation of the same or similar establishments in order toprevent violation of the provisions of this Act.prevent violation of the provisions of this Act.


76/130

CybercrimeCybercrime Prevention Act of 2012Prevention Act of 2012

ORIGIN:ORIGIN:

Senate Bill No. 2796: "AN ACT DEFININGSenate Bill No. 2796: "AN ACT DEFININGCYBERCRIME, PROVIDING FORCYBERCRIME, PROVIDING FOR

PREVENTION, INVESTIGATION ANDPREVENTION, INVESTIGATION ANDIMPOSITION OF PENALTIES THEREFORIMPOSITION OF PENALTIES THEREFORAND FOR OTHER PURPOSESAND FOR OTHER PURPOSES

Consolidation ofConsolidation ofSBNosSBNos. 14, 52, 134, 275,. 14, 52, 134, 275,665, 828, 983, 1081, 1475, 1963, 2214,665, 828, 983, 1081, 1475, 1963, 2214,2451, 2534, 2674, and 2721, Taking Into2451, 2534, 2674, and 2721, Taking IntoConsiderationConsideration SRNosSRNos. 75, 164 and 254. 75, 164 and 254


77/130

Republic Act No. 10175*Republic Act No. 10175*

((CybercrimeCybercrime Prevention Act of 2012)Prevention Act of 2012)

Signed into law September 12, 2012. TookSigned into law September 12, 2012. Tookeffect October 3, 2012.effect October 3, 2012.

Petitioners questioned the constitutionalityPetitioners questioned the constitutionality

of the law before the Supreme Courtof the law before the Supreme Court On October 9, the Supreme Court issued aOn October 9, the Supreme Court issued a

TRO, effective for 120 days, against itsTRO, effective for 120 days, against itsimplementation/enforcement. Beforeimplementation/enforcement. Beforeexpiry of the period, the SC extended theexpiry of the period, the SC extended the

same indefinitelysame indefinitely On February 18, 2014, the Supreme CourtOn February 18, 2014, the Supreme Court

promulgated its Decisionpromulgated its Decision


78/130

Republic Act No. 10175*Republic Act No. 10175*

((CybercrimeCybercrime Prevention Act of 2012)Prevention Act of 2012)

ComputerComputer-- refers to an electronic, magnetic,refers to an electronic, magnetic,optical, electrochemical, or other data processingoptical, electrochemical, or other data processingor communications device, or grouping of suchor communications device, or grouping of suchdevices, capable of performing logical, arithmetic,devices, capable of performing logical, arithmetic,

routing, or storage functions and which includesrouting, or storage functions and which includesany storage facility or equipment orany storage facility or equipment orcommunications facility or equipment directlycommunications facility or equipment directlyrelated to or operating in conjunction with suchrelated to or operating in conjunction with suchdevice. It covers any type of computer devicedevice. It covers any type of computer deviceincluding devices with data processingincluding devices with data processingcapabilities like mobile phones, smart phones,capabilities like mobile phones, smart phones,computer networks and other devices connectedcomputer networks and other devices connectedto the internet.to the internet.


79/130

Offenses against the confidentiality, integrity andOffenses against the confidentiality, integrity and

availability of computer data and systemsavailability of computer data and systems

1.1. Illegal accessIllegal access -- intentional access to the wholeintentional access to the wholeor any part of a computer systemor any part of a computer system without rightwithout right(HACKING)(HACKING)

2.2. Illegal interceptionIllegal interception -- intentional interceptionintentional interceptionmade by technical meansmade by technical means without rightwithout rightof anyof anynonnon--public transmission of computer data to,public transmission of computer data to,from, or within a computer system includingfrom, or within a computer system includingelectromagnetic emissions from a computerelectromagnetic emissions from a computer

system carrying such computer datasystem carrying such computer data

3.3. Data interferenceData interference -- intentional or recklessintentional or recklessalteration of computer dataalteration of computer data without rightwithout right


80/130

Without rightWithout right-- refers to either:refers to either:

(i) conduct undertaken without or in(i) conduct undertaken without or inexcess of authority;excess of authority;

(ii) conduct not covered by(ii) conduct not covered byestablished legal defenses, excuses,established legal defenses, excuses,court orders, justifications, orcourt orders, justifications, or

relevant principles under the law.relevant principles under the law.


81/130



4.4.System interferenceSystem interference -- intentionalintentionalor reckless hinderingor reckless hindering without rightwithout rightof the functioning of a computerof the functioning of a computer

system by inputting, transmitting,system by inputting, transmitting,deleting or altering computer datadeleting or altering computer dataor program.or program.

i.e. introduction of viruses,i.e. introduction of viruses, trojantrojanhorses, worms, malicious software,horses, worms, malicious software,DOS attack,DOS attack,


82/130



5.5. Misuse of deviceMisuse of device -- use, production, sale, procurement,use, production, sale, procurement,importation, distribution, or otherwise making available,importation, distribution, or otherwise making available,without right, of:without right, of:

(a) a device, including a computer program, designed(a) a device, including a computer program, designedor adapted primarily for the purpose of committing any ofor adapted primarily for the purpose of committing any ofthe offenses under this Act; orthe offenses under this Act; or

(b) a computer password, access code, or similar data(b) a computer password, access code, or similar databy which the whole or any part of a computer system isby which the whole or any part of a computer system iscapable of being accessed with intent that it be used forcapable of being accessed with intent that it be used forthe purpose of committing any of the offenses under thisthe purpose of committing any of the offenses under thisAct.Act.

-- possession of an item referred to with intent to use saidpossession of an item referred to with intent to use said

devices for the purpose of committing any of hereindevices for the purpose of committing any of hereinoffensesoffenses


83/130

Misuse of DeviceMisuse of Device

DeviceDevicerefers to a cracking devicerefers to a cracking deviceor tools for hackingor tools for hacking

Penalizes the creation, possession,Penalizes the creation, possession,acquisition of any computer programacquisition of any computer programdesigned to crack or disrupt systemsdesigned to crack or disrupt systemsillegallyillegally


84/130



6. Cyber6. Cyber--squattingsquatting.. The acquisition of aThe acquisition of adomain name over the internet in bad faith todomain name over the internet in bad faith toprofit, mislead, destroy reputation, and depriveprofit, mislead, destroy reputation, and depriveothers from registering the same, if such aothers from registering the same, if such a

domain name is:domain name is: (i) Similar, identical, or confusingly similar to an existing(i) Similar, identical, or confusingly similar to an existing

trademark registered with the appropriate governmenttrademark registered with the appropriate governmentagency at the time of the domain name registration:agency at the time of the domain name registration:

(ii) Identical or in any way similar with the name of a(ii) Identical or in any way similar with the name of a

person other than the registrant, in case of a personalperson other than the registrant, in case of a personalname; andname; and

(iii) Acquired(iii) Acquired without rightwithout rightor with intellectual propertyor with intellectual propertyinterests in it.interests in it.


85/130

ComputerComputer--related Offensesrelated Offenses

1.1.ComputerComputer--related Forgeryrelated Forgery

(i) The input, alteration, or deletion of any computer data(i) The input, alteration, or deletion of any computer datawithout right resulting in inauthentic data with the intentwithout right resulting in inauthentic data with the intentthat it be considered or acted upon for legal purposes as ifthat it be considered or acted upon for legal purposes as ifit were authentic, regardless whether or not the data isit were authentic, regardless whether or not the data isdirectly readable and intelligible; ordirectly readable and intelligible; or

(ii) The act of knowingly using computer data which is the(ii) The act of knowingly using computer data which is theproduct of computerproduct of computer--related forgery as defined herein, forrelated forgery as defined herein, forthe purpose of perpetuating a fraudulent or dishonestthe purpose of perpetuating a fraudulent or dishonestdesign.design.

2.2.ComputerComputer--related Fraudrelated Fraud -- The unauthorized input,The unauthorized input,

alteration, or deletion of computer data or program oralteration, or deletion of computer data or program orinterference in the functioning of a computer system,interference in the functioning of a computer system,causing damage thereby with fraudulent intent:causing damage thereby with fraudulent intent:


86/130

ComputerComputer--related Offensesrelated Offenses

3. Computer3. Computer--related Identity Theftrelated Identity Theft -- TheTheintentional acquisition, use, misuse,intentional acquisition, use, misuse,transfer, possession, alteration or deletiontransfer, possession, alteration or deletionof identifying information belonging toof identifying information belonging to

another, whether natural or juridical,another, whether natural or juridical,without rightwithout right:: Provided,Provided, That if noThat if nodamage has yet been caused, the penaltydamage has yet been caused, the penaltyimposable shall be one (1) degree lower.imposable shall be one (1) degree lower.


87/130

ContentContent--related Offensesrelated Offenses

(1)(1)CybersexCybersex.. The willful engagement,The willful engagement,maintenance, control, or operation, directly ormaintenance, control, or operation, directly orindirectly, of any lascivious exhibition of sexualindirectly, of any lascivious exhibition of sexualorgans or sexual activity, with the aid of aorgans or sexual activity, with the aid of a

computer system, for favor or consideration.computer system, for favor or consideration.

(2) Child Pornography.(2) Child Pornography. The unlawful orThe unlawful orprohibited acts defined and punishable byprohibited acts defined and punishable by

Republic Act No. 9775Republic Act No. 9775 or the Antior the Anti--ChildChildPornography Act of 2009, committed through aPornography Act of 2009, committed through acomputer system:computer system: Provided,Provided, That the penalty toThat the penalty tobe imposed shall be (1) one degree higher thanbe imposed shall be (1) one degree higher thanthat provided for in Republic Act No. 9775.that provided for in Republic Act No. 9775.


88/130

ContentContent--related Offensesrelated Offenses

(3) Unsolicited Commercial(3) Unsolicited Commercial

Communications.Communications. TheThetransmission of commercialtransmission of commercial

electronic communication with theelectronic communication with theuse of computer system which seekuse of computer system which seekto advertise, sell, or offer for saleto advertise, sell, or offer for sale

products and services are prohibitedproducts and services are prohibited


89/130

EXCEPTIONS:EXCEPTIONS:

(i) There is prior affirmative consent from(i) There is prior affirmative consent fromthe recipient; orthe recipient; or

(ii) The primary intent of the(ii) The primary intent of thecommunication is for service and/orcommunication is for service and/oradministrative announcements from theadministrative announcements from thesender to its existing users, subscribers orsender to its existing users, subscribers or

customers;customers;


90/130

(iii) The following conditions are present:(iii) The following conditions are present:

((aaaa) The commercial electronic communication) The commercial electronic communicationcontains a simple, valid, and reliable way for thecontains a simple, valid, and reliable way for therecipient to reject. receipt of further commercialrecipient to reject. receipt of further commercial

electronic messages (optelectronic messages (opt--out) from the sameout) from the samesource;source;

(bb) The commercial electronic communication(bb) The commercial electronic communicationdoes not purposely disguise the source of thedoes not purposely disguise the source of the

electronic message; andelectronic message; and(cc) The commercial electronic communication(cc) The commercial electronic communication

does not purposely include misleading information indoes not purposely include misleading information inany part of the message in order to induce theany part of the message in order to induce therecipients to read the message.recipients to read the message.


91/130

This provision (on making unsolicitedThis provision (on making unsolicitedcommercial communications a crime)commercial communications a crime)was declared unconstitutional by thewas declared unconstitutional by the

Supreme Court:Supreme Court:Unsolicited advertisements areUnsolicited advertisements are

legitimate forms of expression.legitimate forms of expression.


92/130

The Government, represented by the SolicitorThe Government, represented by the SolicitorGeneral, points out that unsolicited commercialGeneral, points out that unsolicited commercialcommunications orcommunications or spamsspams are a nuisance thatare a nuisance thatwastes the storage and network capacities ofwastes the storage and network capacities of

internet service providers, reduces the efficiencyinternet service providers, reduces the efficiencyof commerce and technology, and interferes withof commerce and technology, and interferes withthe ownerthe owners peaceful enjoyment of his property.s peaceful enjoyment of his property.TransmittingTransmitting spamsspams amounts to trespass to oneamounts to trespass to onessprivacy since the person sending outprivacy since the person sending out spamsspams

enters the recipiententers the recipients domain without priors domain without priorpermission. The OSG contends that commercialpermission. The OSG contends that commercialspeech enjoys less protection in law.speech enjoys less protection in law.


93/130

But, firstly, the government presents no basisBut, firstly, the government presents no basisfor holding that unsolicited electronic ads reducefor holding that unsolicited electronic ads reducethe "efficiency of computers." Secondly, people,the "efficiency of computers." Secondly, people,before the arrival of the age of computers, havebefore the arrival of the age of computers, have

already been receiving such unsolicited ads byalready been receiving such unsolicited ads bymail. These have never been outlawed asmail. These have never been outlawed asnuisance since people might have interest in suchnuisance since people might have interest in suchads. What matters is that the recipient has theads. What matters is that the recipient has theoption of not opening or reading these mail ads.option of not opening or reading these mail ads.

That is true withThat is true with spamsspams. Their recipients always. Their recipients alwayshave the option to delete or not to read them.have the option to delete or not to read them.


94/130

To prohibit the transmission of unsolicited adsTo prohibit the transmission of unsolicited adswould deny a person the right to read his emails,would deny a person the right to read his emails,even unsolicited commercial ads addressed toeven unsolicited commercial ads addressed tohim. Commercial speech is a separate category ofhim. Commercial speech is a separate category of

speech which is not accorded the same level ofspeech which is not accorded the same level ofprotection as that given to other constitutionallyprotection as that given to other constitutionallyguaranteed forms of expression but isguaranteed forms of expression but isnonetheless entitled to protection. The Statenonetheless entitled to protection. The Statecannot rob him of this right without violating thecannot rob him of this right without violating the

constitutionally guaranteed freedom ofconstitutionally guaranteed freedom ofexpression. Unsolicited advertisements areexpression. Unsolicited advertisements arelegitimate forms of expression.legitimate forms of expression.


95/130

III. ContentIII. Content--related Offensesrelated Offenses

4.4.LibelLibel.. The unlawful or prohibited actsThe unlawful or prohibited actsof libel as defined in Article 355 of theof libel as defined in Article 355 of theRevised Penal Code, as amended,Revised Penal Code, as amended,committed through a computer systemcommitted through a computer system

or any other similar means which mayor any other similar means which maybe devised in the future.be devised in the future.


96/130

SC upheld the validity of thisprovision.

Indeed, cyberlibel is actually not a

new crime since Article 353, inrelation to Article 355 of the penalcode, already punishes it. In effect,Section 4(c)(4) above merely affirms

that online defamation constitutessimilar means for committing libel.


97/130

Aiding or Abetting

Sec. 5. Other Offenses. Thefollowing acts shall also constitute anoffense:

(a) Aiding or Abetting in theCommission of Cybercrime. Anyperson who willfully abets or aids inthe commission of any of the

offenses enumerated in this Act shallbe held liable.


98/130

Are online postings such as Likingan openly defamatory statement,Commenting on it, or Sharing it

with others, to be regarded asaiding or abetting?


99/130

In libel in the physical world, if Nestorplaces on the office bulletin board a smallposter that says, Armand is a thief!, hecould certainly be charged with libel. If

Roger, seeing the poster, writes on it, Ilike this!, that could not be libel since hedid not author the poster. If Arthur,passing by and noticing the poster, writeson it,Correct!, would that be libel? No,

for he merely expresses agreement withthe statement on the poster. He still is notits author.


100/130

But suppose Nestor posts the blog,Armand is a thief! on a social networkingsite. Would a reader and his Friends orFollowers, availing themselves of any of

the Like, Comment, and Sharereactions, be guilty of aiding or abettinglibel? And, in the complex world ofcyberspace expressions of thoughts, when

will one be liable for aiding or abettingcybercrimes? Where is the venue of thecrime?


101/130

Except for the original author of the assailedstatement, the rest (those who pressed Like,Comment and Share) are essentially knee-jerksentiments of readers who may think little or

haphazardly of their response to the originalposting. Will they be liable for aiding or abetting?And, considering the inherent impossibility ofjoining hundreds or thousands of respondingFriends or Followers in the criminal charge tobe filed in court, who will make a choice as to

who should go to jail for the outbreak of thechallenged posting?


102/130

The old parameters for enforcing thetraditional form of libel would be a squarepeg in a round hole when applied tocyberspace libel. Unless the legislature

crafts a cyber libel law that takes intoaccount its unique circumstances andculture, such law will tend to create achilling effect on the millions that use this

new medium of communication in violationof their constitutionally-guaranteed rightto freedom of expression.


103/130

The terms aiding or abettingconstitute broad sweep thatgenerates chilling effect on those

who express themselves throughcyberspace posts, comments, andother messages. Hence, Section 5 ofthe cybercrime law that punishesaiding or abetting libel on thecyberspace is a nullity.


104/130

In regard to the crime that targetschild pornography, when Googleprocures, stores, and indexes child

pornography and facilitates thecompletion of transactions involvingthe dissemination of childpornography, does this make

Google and its users aiders andabettors in the commission of childpornography crimes?


105/130

When a person replies to a Tweetcontaining child pornography, heeffectively republishes it whether

wittingly or unwittingly. Does thismake him a willing accomplice to thedistribution of child pornography?

The legislature needs to address this

clearly to relieve users of annoyingfear of possible criminal prosecution.


106/130

ISSUES/PROBLEM AREASISSUES/PROBLEM AREAS

Not all forms ofNot all forms ofcybercrimescybercrimes are coveredare coveredunder our existing laws, including theunder our existing laws, including theCybercrimeCybercrime Prevention Act of 2012.Prevention Act of 2012.

There will always be new types ofThere will always be new types ofcybercrimescybercrimes..

The human mind is ingenious enough toThe human mind is ingenious enough todevise new ways for perpetuating crime,devise new ways for perpetuating crime,especially when newer technologies areespecially when newer technologies aredeveloped.developed.


107/130


108/130


109/130

The security of informationThe security of informationtechnology used in business istechnology used in business isutmost importance. Confidentialutmost importance. Confidential

business data and private customerbusiness data and private customerand employee information must beand employee information must besafeguarded, and systems must besafeguarded, and systems must beprotected against malicious acts ofprotected against malicious acts oftheft or disruption.theft or disruption.

Ethical decisions regarding ITEthical decisions regarding IT


110/130


security:security:

If their firm is a victim of a computerIf their firm is a victim of a computercrime, should they pursue prosecution ofcrime, should they pursue prosecution ofthe criminals at all costs, maintain a lowthe criminals at all costs, maintain a low

profile to avoid the negative publicity,profile to avoid the negative publicity,inform the affected customers, or takeinform the affected customers, or takesome other action?some other action?

How much effort and money should beHow much effort and money should be

spent to safeguard against computerspent to safeguard against computercrime?crime?



111/130


security:security:

If their firm produces software withIf their firm produces software withdefects that allow hackers to attackdefects that allow hackers to attackcustomer data and computers, whatcustomer data and computers, what

actions should they take?actions should they take? What should be done if recommendedWhat should be done if recommended

computer security safeguards make lifecomputer security safeguards make lifemore difficult for customers andmore difficult for customers and

employees, resulting in lost sales andemployees, resulting in lost sales andincreased costs?increased costs?


112/130

Most Common Security IncidentsMost Common Security Incidents

TYPE OF SECURITY INCIDENT 2007 2008

VirusVirus 52%52% 50%50%

Insider AbuseInsider Abuse 59%59% 44%44%

Laptop theftLaptop theft 50%50% 42%42%

Unauthorized AccessUnauthorized Access 25%25% 29%29%

Denial of ServiceDenial of Service 25%25% 21%21%

Instant Messaging AbuseInstant Messaging Abuse 25%25% 21%21%

BotsBots 21%21% 20%20%

Implementing TrustworthyImplementing Trustworthy


113/130

Implementing TrustworthyImplementing Trustworthy

ComputingComputing

Trustworthy computingTrustworthy computing method ofmethod ofcomputing that delivers secure,computing that delivers secure,private, and reliable computingprivate, and reliable computing

experiences based on sound businessexperiences based on sound businesspracticespractices

Businesses and organizations areBusinesses and organizations are

now demanding thisnow demanding this


114/130

Risk AssessmentRisk Assessment

Process of assessing securityProcess of assessing security--relatedrelatedrisks to an organizationrisks to an organizations computerss computersand networks from both internal andand networks from both internal and

external threats.external threats.


115/130

Security risk assessment processSecurity risk assessment process

1.1. Identify the set of IT assets aboutIdentify the set of IT assets aboutwhich the organization is mostwhich the organization is mostconcerned. Priority is typically givenconcerned. Priority is typically given

to those assets that support theto those assets that support theorganizationorganizations mission and thes mission and themeeting of its primary businessmeeting of its primary businessgoals.goals.

2.2. Identify the loss events or the risksIdentify the loss events or the risksor threats that could occuror threats that could occur


116/130


3.3. Assess the frequency of events or theAssess the frequency of events or thelikelihood of each potential threat; somelikelihood of each potential threat; somethreats, such as insider fraud, are morethreats, such as insider fraud, are more

likely to occur than others.likely to occur than others.4.4. Determine the impact of each threatDetermine the impact of each threat

occurring. Would the threat have a minoroccurring. Would the threat have a minorimpact on the organization, or could itimpact on the organization, or could it

keep the organization from carrying outkeep the organization from carrying outits mission for a lengthy period of time?its mission for a lengthy period of time?


117/130


6.6. Determine how each threat can beDetermine how each threat can bemitigated so that it becomes muchmitigated so that it becomes muchless likely to occur or if it doesless likely to occur or if it does

occur, has less of an impact on theoccur, has less of an impact on theorganization.organization.

7.7. Assess the feasibility ofAssess the feasibility of

implementing the mitigation optionsimplementing the mitigation options

S i i k


118/130


7.7. Perform a costPerform a cost--benefit analysis to ensurebenefit analysis to ensurethat your efforts will be cost effective.that your efforts will be cost effective.

8.8. Make the decision on whether or not toMake the decision on whether or not to

implement a particular countermeasure.implement a particular countermeasure.If you decide against implementing aIf you decide against implementing aparticular countermeasure, you ned toparticular countermeasure, you ned toreassess if the threat is truly serious,reassess if the threat is truly serious,

and if so, identify a less costlyand if so, identify a less costlycountermeasure.countermeasure.


119/130

P tiP ti


120/130

PreventionPrevention

Installing a Corporate firewallInstalling a Corporate firewall

Intrusion Prevention systemsIntrusion Prevention systems

Installing Antivirus software,Installing Antivirus software,

Implementing safeguards againstImplementing safeguards againstattacks by malicious insidersattacks by malicious insiders

Conducting periodic IT Security AuditConducting periodic IT Security Audit


121/130

AUGMENTINGCOMPUTERSECURITY

AntiAnti--virusvirus

softwaresoftware

AuditAudit--controlcontrol

softwaresoftwarePasswordsPasswords

EncryptionEncryption

Access controlAccess control

softwaresoftware FirewallsFirewalls

BiometricsBiometrics

P dP d


122/130

PasswordsPasswords

One of the simplest and most widely usedOne of the simplest and most widely usedcomputer security measurescomputer security measures

Inherent weakness: can be too obvious orInherent weakness: can be too obvious oreasy to guesseasy to guess

Rigorously enforced password policiesRigorously enforced password policiesneed to be adhered to (at least 8need to be adhered to (at least 8characters, alphanumeric)characters, alphanumeric)

Changed on a regular basisChanged on a regular basis

Monitor logins (including unsuccessfulMonitor logins (including unsuccessfulones)ones)

E tiE ti


123/130

EncryptionEncryption

Useful to secure information in transit betweenUseful to secure information in transit betweenthe sender and receiverthe sender and receiver

EncryptionEncryption conversion of data into a formconversion of data into a form(called a cipher) that cannot be easily understood(called a cipher) that cannot be easily understood

by unauthorized receiversby unauthorized receivers DecryptionDecryption process of converting encryptedprocess of converting encrypted

data back into its original form, so it can bedata back into its original form, so it can beunderstoodunderstood

Ciphe

computer ethics - computer and internet crime 2016

Documents