Philippine E-Commerce Act (R.A. 8792)

Questions and Answers

According to the context, what is primarily meant by 'Electronic Commerce'?

• Any transactions conducted through digital means, including business interactions and sales of goods. (correct)
• Exclusively business-to-business digital transactions.
• The utilization of electronic means for advertising consumer products.
• Transactions involving the sale of goods exclusively through online platforms.

What distinguishes a digital signature from a paper signature, based on the definitions provided?

• A digital signature principally serves as an authentication mechanism, similar to a paper signature. (correct)
• A digital signature requires manual creation, while a paper signature is automated.
• Paper signatures are easily forged, unlike digital signatures.
• Paper signatures carry more legal weight than digital signatures.

According to the E-Commerce Act, what condition must be met for a digital signature to attribute a message to the signer?

• The signer must use a publicly known key.
• The message must be encrypted.
• The digital signature does not need a key, it just needs to be attached to a message.
• A public and private key pair must be associated with an identified signer. (correct)

What is the main purpose of requiring the signer to use their private key when creating a digital signature, according to the text?

To confirm the signer is communicating a transaction with legal consequence. (D)

How does the E-Commerce Act aim to enhance efficiency in digital signatures?

By promoting automation in creating and verifying digital signatures. (D)

According to the 'Principles for Global Commerce', what role should the government take in electronic commerce?

The government should avoid undue restrictions on electronic commerce. (A)

What does the E-Commerce Act suggest about government involvement in electronic commerce when intervention is necessary?

Government involvement should aim to support and enforce a simple and consistent legal environment. (D)

What aspect of the internet does the government need to consider when creating policies for electronic commerce?

The unique qualities of the internet. (D)

According to the 'Declaration of Principles for Electronic Commerce,' what is the role of the private sector?

The development of electronic commerce shall be led primarily by the private sector in response to market forces. (B)

What approach should governments take regarding policies that affect electronic commerce?

Policies should be internationally coordinated and compatible. (C)

What does 'Neutral Tax Treatment' mean in the context of electronic commerce transactions?

Transactions using electronic commerce should receive neutral tax treatment in comparison to non-electronic transactions. (C)

According to the context, how should the protection of users, particularly regarding privacy and confidentiality, be pursued in electronic commerce?

Through policies driven by choice, individual anonymity, and content control. (B)

What does the government aim to accomplish by acting as a 'Model User' in electronic commerce?

To demonstrate the benefits of using new electronic means and promote their use. (B)

What is the role of the Government Information System Plan (GISP) in the context of the government as a 'Model User'?

To include online public information, cultural resources, and databases for health services. (C)

What is the significance of 'Convergence' in the context of electronic commerce?

Convergence of technologies is crucial to electronic commerce and will be supported by appropriate government policies. (B)

What is the government's role regarding the Domain Name System?

The Government supports initiatives to ensure that internet users will have sufficient voice in the governance of the domain name system. (C)

What approach does the government take towards dispute resolution in electronic commerce?

Government encourages the use of self-regulatory extra-judicial dispute settlement mechanisms. (D)

What is one of the salient features of the E-commerce Act regarding electronic data messages and electronic documents?

They have legal recognition, admissibility and evidential weight. (A)

What does the E-commerce Act say about electronic signatures?

Electronic signatures are recognized as valid. (B)

According to the provision of the E-commerce Act, what action is due within two years of the Act from government departments, bureaus, and offices?

They must express mandate within two years from departments, bureaus, offices, agencies, entities and instrumentalities, and government owned and controlled corporations to use and accept electronic data messages. (D)

Under the E-commerce act what does the reciprocity provision mean?

All benefits and privileges will be enjoyed only by parties whose country of origin grants the same benefits and privileges to Filipino citizens. (A)

According to the principles, what is the foremost element of E-Commerce Basic Legal Principles?

Electronic communications shall be the functional equivalent of paper documents. (D)

What activities are punishable under the Anti-Wire Tapping Law, R.A. 4200?

Causing any device or arrangement to secretly overhear, intercept, or record such communication by suing any device without authorization by all parties. (A)

What is the ultimate goal of incident response?

Limit harm and decrease recovery time and costs. (B)

What does 'Triage and Analysis' consist of?

Properly scope security incidents through bulk effort. (D)

What is the purpose of Coordinated Shutdown in incident response?

To execute a coordinated shutdown of devices that have been compromised. (B)

What is the purpose of the Computer Security Incident Response Team (CSIRT)?

To handle security incidents. (D)

What should happen once an incident is settled?

Any details that can be used to avoid similar events from occurring again in the future is properly recorded. (D)

What should you NOT do during an incident?

Do Not Execute Any Non-Forensic Software On the Infected Systems. (A)

What does the acronym MD5 stand for?

Message Digest 5. (B)

Who is responsible for communicating the precise specifications of accidents with high severity to the rest of the organization?

Incident Response Manager. (A)

If handling an incident, what types of communication should you avoid?

Email and messaging apps. (A)

According to the Cybercrime Response, which definition is accurate?

the actual police inside interference in a cybercrime incident (C)

What is the first thing to consider when securing a scene?

The protection of officers is always paramount. (B)

The Office of Cybercrime (OOC) was established within which division?

The DOJ (A)

Which of the following is NOT a function of the PNP Anti-Cybercrime Group (ACG)?

Cook for the PNP Chief. (C)

When was The Cybercrime Prevention Act signed into law?

September 12 by President Benigno Aquino III. (B)

When can The Act's provisions apply, irrespective of the position of commission, to all Filipino nationals according to the Act

Jurisdiction often lies when a punishable act is performed within the Philippines, if the erring apparatus is entirely or partly situated in the Philippines, or if any natural or lawful individual who was within the Philippines at the time of commission was affected. (A)

Flashcards

Electronic Commerce

Transactions conducted through digital means; includes business to business transactions and sales to consumers.

Digital Signature

An authentication mechanism used to verify the integrity and origin of a digital document.

Signer Authentication

Verifying that the digital signature attributes the message to a specific signer.

Affirmative Act

The act of the signer using their private key to create a digital signature.

Efficiency (Digital Signatures)

Creating and verifying a digital signature assures its genuinely the signers and allows automation.

Functional Equivalence

The concept that electronic communications should have the same legal standing as paper documents.

Autonomy of Contracts

Principles that uphold freedom to contract in electronic contexts.

Voluntariness Principle

The choice to use electronic communication is voluntary.

Solemnity of Contracts

Addresses formalities required for contracts.

Primacy of consumer protection laws

The principle that consumer protection laws take precedence.

Anti-Wiretapping Law

Prohibits unauthorized interception of private communications.

Incident Response

A coordinated approach to managing the aftermath of a security breach or cyberattack.

CSIRT

A team responsible for handling incident response operations.

Incident Response Plan (IRP)

A plan that outlines the response to network events, security incidents, and violations.

Preparation

A step that includes developing protocols, procedures, and agreements to manage incidents.

Detection and Reporting

Tracking security events to identify possible incidents.

Triage and Analysis

Correctly scoping and interpreting a security incident.

Containment and Neutralization

Containing the incident and neutralizing the threat.

Post-Incident Activity

Activities performed after an incident to prevent future occurrences.

SIEM

Software that gathers log and event data to consolidate into a unified platform.

RAM

Short-term data storage for quick data access.

Behavioral Analysis

Monitoring malicious programs in a VM to check its behavior.

Static Analysis

Reverse engineering malicious software to check its functionality.

Coordinated Shutdown

Shutting down compromised devices to prevent further damage.

Wipe and Rebuild

Wiping infected systems and restoring the OS.

Threat Mitigation Requests

Issued to block contact from domains known to be used by threat actors.

Incident Report

Document to strengthen the responses to and increase deterence of security incidents.

Cybercrime Response

The actual police interference in a cybercrime incident to help retain hardeware, software, and networks.

Secure the crime scene

Ensure safety, conserve fingerprints, restrict access, and isolate phone lines.

DOJ Office of Cybercrime (OOC)

Office that acts as the Central Authority for cybercrime matters.

PNP Anti-Cybercrime Group (ACG)

Police that responds to and works towards deterring cybercrime.

Admissibility of Digital Evidence

The legal guidelines that ensure technical evidence is properly collected and admissible in court.

Providing Details in Digital Evidence

In an impartial manner, mistakes and uncertainties should be disclosed, as well as shortcomings in the interpretation of results.

Standardization

Ensuring the standardization of digital investigation practices across jurisdictions.

Asymmetric Cryptosystem

A key pair having a private key for creating digital signatures and a public key for verification.

Certificate

Digital identification of other importatnt characteristics in someone.

Computer

Device that can receive, record, transmit, store, process, and retrieve

Digital Signature

Transforming data via asymmetric cryptosystem, using a public and private key.

Electronic Signature

Any distinctive mark in digital form used to authenticate a document.

Ephemeral Electronic Communication

Messages that aren't preserved or registered.

Study Notes

• Philippine Special Laws regulate electronics and commerce outlined in R.A. 8792, the Electronic Commerce Act of 2000.

Electronic Commerce

• E-commerce includes any transactions via digital means.
• It includes business-to-business transactions and sales of products to consumers.
• It originally meant selling things online but has evolved into conducting business online broadly.
• This includes customer service, sales, marketing, public relations and advertising.

Digital Signature vs. Paper Signature

• A digital signature serves as an authentication mechanism.
• Verifying and creating a digital signature aims to reproduce legal signature effects.

Signer Authentication

• The digital signature attributes a message to the signer if public and private key pair with an identified signer exist.
• A digital signature can't be forged unless the signer loses control of their private key, by:
  • Divulging it
  • Losing the media or device it is stored on

Affirmative Act

• Creating a digital signature requires using the signer's private key.
• This action alerts the signer about communicating a transaction with legal consequences.

Efficiency

• Creating and verifying a digital signature assures the signature is the signers, with complete automation of the processes.
• Requires human interaction on an exceptional basis only.
• Checks signature cards and labor-intensive paper methods are tedious and rarely used in practice.
• Digital signatures are assure security without needing higher resources for processing.

Principles for Global Commerce

• The private sector is expected to lead.
• No undue government restrictions on e-commerce.
• Government should support a simple, and predictable legal environment.
• Government must recognize the unique qualities of the Internet.
• E-commerce should be facilitated globally.

Principles for Electronic Commerce

• Section 29 of the Act mandates roles for:
  • The government must promote a stable environment, fair resource allocation and protect public interest.
  • Government intervention should be essential,clear, objective, non-discriminatory, proportional, adaptable and technologically neutral.
  • Promote private input in policy making.

Role of the Private Sector

• Private sector leads e-commerce development responding to market forces
• Participation in competitive markets.

International policies

• E-commerce is global and policies are compatible.
• Government policies facilitate interoperability
• This is within an international, voluntary and consensus-based environment.

Neutral Tax Treatment

• E-commerce gets neutral tax treatment like non-electronic transactions.
• Taxation of commerce is administered least burdening manner.

Protection of Users

• User protection emphasizes privacy, confidentiality via choice-driven policies, and individual anonymity.
• It follows industry-led solutions.
• Businesses needs to enable consumer means to exercise choice about their identifiable information.

Electronic Commerce Awareness

• Government and the private sector will inform society and business about e-commerce potentials and effects.

Small and Medium Size Enterprise

• Government to offer SMEs relevant information/education.
• An environment conducive to private sector investment in IT & capital access for SMEs will be created.

Skills Development

• Government to empowers workers share in employment via e-commerce.
• It will promote formal/non-formal skills programs.

Government as a Model User

• Government uses new e-means to deliver services, promoting such means.
• It will pioneer new tech, specifically the Government Information System Plan (GISP).
• GISP includes online info, cultural assets, database for health services and public libraries as they align with the Act and RPWEB.

Convergance

• Important to e-commerce.
• Supported by policies.

Domain Name System

• The government supports initiatives for internet user involvement in domain governance.

Access to Public Records

• The government provides equal access.

Dispute Mechanism

• The government promotes self-regulatory dispute settlements.
• Arbitration and mediation resolve electronic commerce disputes.

Salient Features of the E-commerce Act

• Legal recognition, admissibility of electronic data messages and documents.
• Acknowledges electronic signatures.
• Asserts that an electronic data message is an original document.
• Can authenticate electronic data messages through third-party ISPs or Certificate Authorities (CAs).
• Mandates government bodies use electronic signatures within 2 years.
• RPWEB promotes the use of electronic documents.
• The DTI directs e-commerce promotion with government coordination with private firms.
• The reciprocity provision grants benefits to Filipino citizens.
• Confidentiality obligations protect electronic keys and data, imposing sanctions for unauthorized conveyance.
• Penalizes unauthorized access, viruses, and hacking.
• Penalizes piracy of copyrighted works via telecommunications.

Basic Legal Principles for E-Commerce

• Electronic communications are treated as paper documents are.
• There's autonomy of contracts.
• Electronic communication is voluntary.
• Highlights solemnity of contracts
• Highlights statutory requirements of contracts
• It is a law applicable to form not substance, so contract formation continues to be governed by existing laws.
• Highlights primacy of consumer laws.

R.A. 4200, Anti-Wire Tapping Law

• It is illegal to do this without authorization from all parties the private communication or spoken word.
• Actions like tapping wires,intercepting, or possessing records are punishable.

Actions that are punishable under anti-wire tapping law

• Tapping wires or using devices to intercept communications.
• Knowing possession of wire or tape records.
• Replaying, communicating, or furnishing transcriptions of wiretapped content.
• Aiding in wiretapping activities.

Incident Response

• Incident response manages security breaches.
• The goal is to limit harm and reduce recovery time/costs.
• Incident response is handled by the Computer Security Incident Response Term (CSIRT)
• CSIRT includes IT and C-suite personnel
• Legal, HR, PR divisions may be included.
• Incident Response Team follows the plan for network events, incidents, and violations.
• Incident is an overall function that organization is reliable and decisions are quick.

Importance of Incident Response

• It prevents escalation of incidents.
• Protects data, minimizes costs.
• Rapidly minimizes losses, mitigates vulnerabilities, restores services and reduces future risks.

Five Measures in Incident Response

• There are five measures for response to address a wide range of incidents:
  • Preparation
  • Detection and Reporting
  • Triage and Analysis
  • Containment and Neutralization
  • Post-Incident Activity

Preparation

• Efficient incident response is planning.
• A strong strategy relies features like developing incident response policies and documentation.

Guidelines on Communication

• Guidelines on Communication helps seamless communication during and after an incident

Threat Intelligence Feeds

• Threat Intelligence Feeds help capture, evaluate, and synchronize threat intelligence.

Cyber Hunting Execises

• Organizational hazard hunting exercises proactively discovers incidents.

Threat Identification Capability Evaluation

• Threat Identification Capability Evaluation helps improves risk management.

Detection and Reporting

• It Identifies, warns, and reports security incidents.
• Monitors network events using firewalls, intrusion prevention and data loss prevention systems.

Detect

• Security Information and Event Management (SIEM) solution correlates warnings to detect incidents.
• Gartner coined software in 2005 to help manage user privileges, auditing etc.

Alert

• Analysts create incident tickets.
• Initial observations is recorded.

Report

• The reporting process includes regulatory escalations accommodations.

Triage and Analysis

• The effort to correctly scope the incident.
• Systems use tools.
• Needed for analysis are expertise, live analysis, digital forensics , memory analysis, malware analysis.
• It require three key areas:
  • Endpoint Analysis
  • Binary Analysis
  • Enterprise Hunting

Endpoint Analysis

• Determines threat actor traces that might be left behind.
• Appropriate objects gather a timeline.
• A bit-for-bit copy helps examine a system from a forensic perspective, and parse RAM to identify key objects.

Random Access Memory(RAM)

• RAM is short-term data used by the system.
• More memory means more programs.

Binary Analysis

• Examines features of malicious attacker tools performed in two ways.

Behavioral Analysis

• Execute a malicious program in a Virtual Machine (VM) to monitor behavior software tools.

Static Analysis

• Checks the entire function using reverse-engineering.

Containment and Neutralization

• Based on review process.
• Key parts of this:
  • Coordinate Shutdown
  • Wipe And Rebuild
  • Threat Mitigation Requests

Coordinate Shutdown

• Systems are shut down to remove a threat actor.
• A message sent to all IR.

Wipe and Rebuild

• Restore the operating system and change passwords.

Threat Mitigation Requests

• Block contact from command and control domains/IP addresses.
• Internet protocol(IP) address is located in devices or computers to identify the device.

Activity for Post-Incidents

• There is need to ensure similar events are avoided going forward.

Incident Reporting

• Complete an incident report that that strengthens the response plan.
• It increases security measures to deter future incidents.
• Monitor for the threat actors re-appearing via security log hawk analyzing SIEM data.
• Update feeds if threat information for the organization is available.
• Identify protective act new tech measures prevent accidents.
• It helps proper implementation of security policies.

Five Main Principles for Development

• Emphasizes responses to increasing incidents; there are five key factors.
• Even properly planned strategies are needed for the plan to perform the function.
• Important is a holistic approach including a pragmatic plan and responding quickly.

Criteria for Appropriate Incident Response

• Plan should be accurate in quickly determining relevant data.
• Has comprehensive roles for stakeholders during an incident
• Non-technical and professional teams like legal and compliance etc are part.
• Provide a system classifying the scale , vector, attack etc.
• Prioritize security needs.

Incident Response - Things to Avoid

• Do NOT panic.

Do Not Shut Down Infected Systems

• Avoid shutting down infected systems you lose data.

Do not discuss

• Avoid speaking about it with outside of those in the IR team assigned to the incident.
• Avoid domain admin when in the device environment.

Do Not Execute Non-Forensic Software's

• Avoid overwrites on the timelines associated with it as a system.

Things to Do During Incident

• To mitigate and repair:
  • Collect Much Data
  • Contain the Incident

In Incident you are to extract data and information

• Forensic tools help extract it.

Gather intelligence

• Analyze indicators of compromise.
• MD5 (Message Digest 5) common cryptographic hash function used to construct a digital signature message digest.
• Safeguard Systems and Other Media for Forensic Collection.
• Collect Suitable Logs, for example AV, fire walls , Windows events etc.

Building Incident Response Team

• The unified incident response is established in the company
• The team includes:
  • Incident Response Manager
    • Monitors emergency situations and communicates specs about incidents.
  • Security Analyst
    • Conducts Time, locale and specifics of incident.
  • Triage Analysts
  • Help keep intrustion at bay by filtering out false positives
  • Forensic Analysts
  • Guarantee a forensically and retrieval sound investigations of items

Threat Researchers

• To locate externall information over the internet

More Efficient Incident Responses

• There are two mains imperitives:
  • Minimise and clean
  • Prevent attackers a chance to launch an attack

Keep Incident response confidention

• Incidents should be secured , even when using apps/messaging systems due to the possibility of attacks

There are 3 tips to help better streamline the incident procedure in place:

• Be sure Communication does not involve using mics/ talking loudly in the corridoor
• Reset Credientials
• Use encrypted messaging systems/ end-to-end systems

System Shutdown

• The other party will know that they need to switch back laterally once a compromised server has been shutdown.

Incident Response

• Cybercrime response is the police actual procedures in these case for hardware or software that are tracebales
• Guidelines :The frist respond should secure capture and scan with these guiding questions
  • The questions determine tole and function of crime.

Procedures

• Secure the scene
  • Protection of officers
  • Preserve the Finger prints
• Secure Computer as evidence if its OFF dont tun it on/ if its ON ditto .

Extra Procedures for Evidence Collection etc

• If a specialist is not avaiable then photograph all connectors source and detach
• Mark connectors and cable ends properly as well
• Keep away from magnets

General guide for networking systems

• Use Expert
• Don’t pull plug

Electronics devices collection

• Do not acess if its accessible other wire you will reocrd the event.

Phones when collecting evidence from

• If its ON do not turn the phone OFF, document and secure its power cords
• If OFF bring to an expert and secure cords

Department of Justcie and Anti-cybercrime

• The department of Justice (DOJ) Establishe the cybercrime cyber related group in 2012
• Functions as Central AUthority, implementing Law for prosecuting

PNP

• Is the Philippine National Polic (PNP) launched to help with the rise of internet threat

PNP-ACG

• Believed components would increase the comabt betweem these parties
• They network of various agencies.
• PNP launched Government team in 2004
• Division support for internet breaches

Organizational functions

• The ACG include Director , deputy director
• The ARMD - The resource division
• The IM - Management division of Intelligence
• The CSU - The Cyber secirity unit of the police
• There are Field units

Capabilities of these groups

• Cyber repsonses Cyber security and forensics

Locations in 2013, were locations of the 6 locations full digital crime lab

• Camp Crame -Manila
• CBou City
• Davao city and others

Anti Cybercrime ops

• Financiers help assist in the op, and US assist as well
• Tele crime by china was a joint op

The Laws and E evidence

Cyber law to be Met

• The legal system to scan informtion, how reliabile they are

Assesment of Digital Evedience

• Courts see if they have the authorization to see what happened on technology

Legal

• A warrant that follows the order depending on state or region
• What the state you need is and what you need to scan

Feresnic Relevence

• It can help connect/ rule out victim/ suspect
• Provides lead for the suspect, details etc
• Shows crime happened

Consideration of Digital Evidence

• Digitals and methods used as evdience by experst

Experts explain

• Qualifications
• How devices and online are handled
• what phase and tools were used
• Why those tool we picked
• The outcome and interepreration and other events

To be an expert is not a standard

• Qualificatioin of differ by region

Technigues are reviewed to what competency they have

• The facilities of the labourtory
• The technology and personnel being employed

Digital evidence is acceptable if

• What is asserted is true
• During trial it has altered
• Analyses are verified and is pure

Finding will be made

• Is the uncertenities results
• standarzation

Definitions term in place

• Asymmetric key
• the secret key
• Business records
• Have lists that assist the business
• Certificate
• A digital to affirm
• Computer
• what the computer consists of that reads the function of what is
• Digitals signiture- A signiture with doc of the kind code .
• Digitaly sign - bearing , signiture

Electronically

• optical means and all else

Electronic keys- Codes

. electronic- any form person signiture

What rules has to be there

• Ephemeral electronic- is used in call and media not that are in text . Info and communication - systems for processing electronic records
• Key - pair - crypto relate
• private- is in key format
• publi - signature as weell
• electronics - follow code in writing from the code of evidence

Priviliged Comm

• Communication shall not be loosed even in electronics

best evidence - RULE

• Electronically is shown out to what it relates

Copy as of origin

• Can not be used it if in genuine/ unjust circumstances

Austenticaion of elections doc

• The records follows this rule if
• its been signed
• that it has that in the doc or code
• That judge believe the integrity

ELectronic Signatures Authenticion

• Method were it was made the signiture
• judge establishs
• if it does hurt the credits and what reasonable to doubt
• register/preserve

rules and exceptions

To hearing

• It doesnt apply as long both are done the witness
• Storages
• The record shall follow codes

types of forms

• The following form code that are in hearing
• The persson must validate and qualify of it
• A person witness may show all text code and rule 5 must appear
• Proof Is that a ffid avit will be made if

Withnesses exam- the code with electronics is

• If the persson
• All shall be recored correctly