Thursday, January 21, 2010

*January 22 ICT lecture

    Cybercrime draft law
    -sponsored by Angara
    -problem: malapit na mag-elections, kaya baka di mahimay nang mabuti
    Builiding Consumer Trust:
    CNET news.com…
    -there's a password stealing program being investigated by NBI
    -Google vs. China: Google suspects that there's an internal threat to their program
    Internet and law enforcement
    -marami criminal conduct in short life of internet (janet reno)
    -cybercrimes do not respect national/geographical boundaries/jurisdictions
    CYBER-CRIME LAWS IN RP
    In RP, the latest is E-Commerce Act
    We don't need it: We have RPC and it can cover all possible crimes; use of computer is just a mode, the animus is still the same
    *kwento on ship-sinking: marami sink na ships…wait, ano connect?
    We need it: growth of internet, RPC provisions may not be sufficient anymore
    *1.7B has access, 24M in RP (but concept of access problematic: a person, who after walking 15minutes, would have access to a computer - problem: even if you have computer, it doesn't necessarily have an internet + you might have no money to use it) - internetworldstats.com
    *…eto na ang connect ng ship sinking: ung penalties dun ng mga ship captain and crew is mababa vs. ung dapat - reckless imprudence through homicide lang siguro, wala namang intent to kill the passengers
    *Concept of property rights: property theft usually involves only tangible properties (taking something away from someone…andun pa rin naman if digital/electronic data)
  1. Cyber-crimes and the Challenges they present
  2. *cybercrimes may be serious or simple but they both foster lack of trust on online transactions
    >Spamming
    >list-linking (ung sa groups)
    >Spoofing
    >linking/framing
    >phising (you get mail from yourself from other websites)
    *Cracking: act of gaining unauthorized access + subsequent destroying, defacing, corrupting or altering data
    Examples: web face defacements, denial of service attacks, vulnerability attacks, sending of viruses
    …sabi ni sir, dati tuwa kana sa 64kbps. Pero ngayon, bumagal lang ung internet nyo, nagrereklamo na kayo. You're risking your security
    *Cyberstalking: where the victim is repeatedly bombed w/ messages of threatening nature
    Research Challenges
    _not wikepedia!
    -if you're in a developed country, your country would probably be able to counter cybercrime; vs. developing countries where there are other problems more important than cybercrime
    Technological problems
    -NBI may not possess the technical expertise and personnel required
    e.g. hanggang ngayon, yung web defacements di pa rin alam kung sino gumawa. May chismis na ginawa un nung mga naghack just to show politicians that they could hack the results of the automated elections
    LEGAL challenges
    I love you virus. Di mo alam kung anong ififile na kaso sa gumawa nung wala pang cybercrime law. Mababa lang ung penalty na ipapataw under RPC (Malicious Mischief lang ang pede)
    Resource Challenges
    *sufficient number of experts?
  3. International efforts towards laws against cyber crimes
  4. *US Statutes (marami: mahilig mag-extraterritorial applications)
    *European Council Convention on Cybercrime: offenses against confidentiality, integrity and availability of computer data and systems
    -binding among European countries - mas madali implement sa kanila
    *APEC: they had efforts 20 years ago (pero sabi nila "immediate") -
    "In the end, unless you bring up children to develop a sense of responsibility in the use of computer, wala talaga. May RPC ka, may Consti ka, may pumapatay pa rin ng tao eh. " - Sir Rudy
    *ASEAN
    PHILIPPINE RESPONSE
    -E-commerce law pa rin
    -may draft na on cybercrime
    -certainty in enforcement of law, not the existence of the law which imposes a penalty, should be ensured.
    Procedural aspects of the proposed cybercrime prevention act
    Jurisdiction: madaling sabihin kung saan nangyari, pero effects may be worldwide
    -RP: claims jurisdiction on certain things…
    >extraterritorial application of the proposed cybercrime (RPC, Art2 meron na)
    …Section 21 of the proposed bill provides
    *basta committed here
    -problem: baka di mo mahanap!
    *or the effects of the crime felt in RP
    -you cannot erase this damage.
    "proper court" would take jurisdiction here
    -it's impossible for both to concur in one place
    -w/o prejudice to filing of cases in other courts
    Joint cybercrime investigation unit
    -combat cybercrimes and computer-related offenses
    -investigate, prosecute….coordinate w/ all other agencies
    -who will man:
    *NBI (Anti-fraud and Computer Crimes Division)
    *Centers for Transnational crime (PNP)
    *CIDG
    …now laws have IRRs and w/o an IRR, the law would not be implemented. This gives rise to subordinate legislations (executive would make the laws, but the problem is if IRR gives additional provisions which out not in the main law from which the IRR is based)
    -powers (Section 15 of the proposed bill)
    -role of service providers
    Under E-commerce law
    j. Service provider refers to a provider of -
    (i) On-line services or network access, or the operator of facilities therefor, including entities offering the transmission, routing, or providing of connections for online communications, digital or otherwise, between or among points specified by a user, of electronic documents of the user's choosing; or
    (ii) The necessary technical means by which electronic documents of an originator may be stored and made accessible to a designated or undesignated third party;
    Such service providers shall have no authority to modify or alter the content of the electronic data message or electronic document received or to make any entry therein on behalf of the originator, addressee or any third party unless specifically authorized to do so, and who shall retain the electronic document in accordance with the specific request or as necessary for the purpose of performing the services it was engaged to perform.
    *Proposed rules require that data be preserved for 6 months
    -before, pede pa preserve computer data and traffic record up to 6 months kasi MB pa. Ngayon GB na kaya mahirap na if maliit lang ang capitalization…
    …need lawful order from court to look at computer data and traffic record (or else fishing expedition - plain view)
    Internet Libel
    e.g. Belo filed libel case vs. Archie Guevarra
    Search, Seizure and Collection of Computer Data - can only be done by virtue of a court order/writ….
    International Cooperation
    -cooperate w/ other states to prosecute cybercrime
    -reciprocity
    -grounds for refusal to cooperate: you don't really put it in the law, it's a basic function of DFA

No comments:

Post a Comment