Cybercrime Laws in the Philippines PDF
Document Details
Uploaded by ThoughtfulSelenium
Saint Louis University
Tags
Related
- Laws Treating ICT-Related Crimes (RA 10175) Presentation PDF
- Philippine Cybercrime Laws Modules 9-11 PDF
- Cybercrime Opportunities and Challenges (PDF)
- Chapter 6 Cybercrime Laws in the Philippines PDF
- National Health Trends, Issues, Concerns and Their Existing Health-Related Laws PDF
- Cybercrime Prevention act of Philippines PDF
Summary
This document covers cybercrime laws in the Philippines, examining notable incidents such as the ILOVEYOU worm and the resultant legal responses. It also discusses relevant legal acts such as the Philippine E-commerce Act of 2000 and other pertinent provisions.
Full Transcript
Cybercrime Laws in the Philippines Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era A brief retrospective view How it all started...
Cybercrime Laws in the Philippines Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era A brief retrospective view How it all started 2 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era The ILOVEYOU worm On the year 2000, A Filipino named Onel De Guzman created a worm that sent messages through email with an attachment: “LOVE-LETTER-FORYOU.txt.vbs” ▣ when opened, the file activates a code that sends an instruction to forward the same email to all the contacts of the user. 3 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era The ILOVEYOU worm ▣ The worm spread to e-mail accounts across the globe, affecting even the accounts of U.S. Officials. ▣ This prompted the FBI to identify the source of the worm, which was then traced back to the Philippines. ▣ It is believed that the estimated damages caused by the worm reached 10 billion USD. 4 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions ▣ Q 1.1: Upon the arrest of Onel De Guzman, Were his actions illegal? 5 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era No Onel De Guzman was caught but was released shortly afterwards because there wasn’t any pre-existing laws in the country for which he can be prosecuted. 6 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Want big impact? Use big image. 7 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Beginnings of cybercrime in the philippines ▣ A serious threat was exposed due to Onel De Guzman’s actions. ▣ Prior to Onel De Guzman’s actions, there were no legal provision that criminalizes cybercrimes in any way, providing a way for internet-users to be exploited in a lot of different ways. ▣ Legislators scrammed to enact a law that would begin to cover this. 8 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Philippine E-commerce Act of 2000 Republict Act 8792 9 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Philippine E-commerce Act of 2000 ▣ R.A. 8792 is an act providing for the recognition and use of electronic commercial and non-commercial transactions and documents, penalties for unlawful use thereof and for other purposes. ▣ In addition, R.A. 8792 was also used to define certain illegal activities concerning the use of various devices in an effort to provide a legal provision to deter future actions similar to what Onel De Guzman did. 10 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Important provisions of R.A. 8792 ▣ Ch. II. Sec 6. Legal Recognition of Data Messages. □ Information shall not be denied legal effect, validity or enforceability solely on the grounds that it is in the data message purporting to give rise to such legal effect, or that it is merely referred to in that electronic data message. 11 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Important provisions of R.A. 8792 ▣ Ch. II. Sec 6. Legal Recognition of Data Messages. □ This provision gives text messages, e-mails, or any other similar modes communication done through electronic means such as unaltered screenshots, the same legal validity as physical messages. 12 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Philippine E-commerce Act of 2000 ▣ Ch. II. Sec 7. Legal Recognition of Electronic Documents. □ Electronic documents shall have the legal effect, validity or enforceability as any other document or legal writing. □ For evidentiary purposes, an electronic document shall be the functional equivalent of a written document under existing laws. 13 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Philippine E-commerce Act of 2000 ▣ Ch. II. Sec 7. Legal Recognition of Electronic Documents. □ This provision gives softcopy of documents, the same legal validity as physical documents. □ These documents should be recognized for as long as their authenticity is verified. 14 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Prohibited acts: Hacking ▣ Hacking / Cracking □ Unauthorized access into a computer system/server or information and communication system; □ Any access in order to corrupt, alter, steal, or destroy using a computer, … , without the knowledge and consent of the owner [of the computer system]; □ Introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document. 15 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Prohibited acts: Hacking ▣ Hacking / Cracking □ In order for anyone to be prosecuted for having performed these acts, it is important to focus on the exact wording of the law, which requires individual to: access a computer or computer system, with the intention to corrupt, alter, steal, or destroy. □ It is important for these intentions to be present for someone to be considered as “hacking” or “cracking”. 16 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Prohibited acts: Piracy ▣ Piracy □ Unauthorized copying, reproduction, storage, uploading, downloading, communication, or broadcasting of protected material, … , through the use of telecommunication networks, such as, but not limited to, the internet, in a manner that infringes intellectual property rights. 17 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Philippine E-commerce Act of 2000 ▣ Penalties □ Minimum fine of One Hundred Thousand Pesos (Php 100,000.00) and a maximum commensurate to the damage incurred, and; □ Mandatory imprisonment of 6 months to 3 years; 18 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions: R.A. 8792 ▣ Does connecting to an open WiFi Network (WiFi with no password), without the consent of the owner of the network, constitute to a violation of RA 8792? 19 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era No! By merely accessing it, there was no clear intent to “corrupt, alter, steal, or destroy”. At least according to RA 8792, this is not illegal. 20 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era “ More recently, the following law is the most comprehensive cybercrime law enacted in the Philippines. To date, this is the cornerstone of cybercrime protection for citizens in the Philippines. 21 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 Republict Act 10175 22 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ R.A. 10175 is an act that adopts sufficient powers to effectively prevent and combat cybercrime offenses by facilitating their detection, investigation, and prosecution at both the domestic and international levels, and by providing arrangements for fast and reliable international cooperation. 23 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 DEFINTION ▣ A cybercrime is a crime committed with or through the use of information and communication technologies such as radio, television, cellular phone, computer and network, and other communication device or application. 24 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 Three Types of Cybercrimes 1. Offenses against the confidentiality, integrity and availability (CIA) of computer data and systems; 2. Computer-related offenses; 3. Content-related offenses; ** There is a fourth offense, which refers to “offenses related to infringements of copyright and related rights”. This, however, is not included in the RA 10175 because a separate law is currently in that punishes such offenses. 25 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 Jurisdiction of RA 10175 Who can be charged with violations of this law? 1. Any violation committed by a Filipino national regardless of the place of commission. 2. Any of the elements was committed within the Philippines or committed with the use of any computer system wholly or partly situated in the country. 3. When by such commission any damage is caused to a natural or juridical person who, at the time the offense was committed, was in the Philippines. 26 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 Explanation 1. Pag isang Pilipino ang nagkasala, kahit nasaan pa siyang lupalop ng mundo, ay pwedeng kasuhan ng paglabag sa RA 10175. 2. Kung may kahit na anong parte ng krimen na nangyari sa Pilipinas, kasama na ang paggamit ng kahit na anong computer sa Pilipinas para sa gawaing maaaring maparusahan ng paglabas sa bata s na ito. 3. Kung ang biktima, sa panahon na nangyari ang isang krimen, ay nasa loob ng Pilipinas, ang sinumang gumawa ng krimen ay maaari din maparusahan. 27 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (a). CIA of Computer Data and Systems 1. Illegal Access □ The access to the whole or any part of a computer system without right. ▪ Without right means having no consent from the owner of the computer system. ▪ Access is the instruction, communication with, storing / retrieving data from, or [making] use of any resources of a computer system or communication network. 28 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions: R.A. 10175 ▣ Does connecting to an open WiFi Network (WiFi with no password) without the consent of the owner of the network constitute to a violation of RA 10175? 29 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era YES! Illegal access is to “make use of any resources” without right (consent). Even if this is not punishable under RA 8792, it is under RA 10175. 30 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (a). CIA of Computer Data and Systems 2. Illegal Interception □ The interception made by technical means without right of any non-public transmission of computer data. □ Interception is listening to, recording, monitoring or surveillance of the content of communications, (…), through the use of electronic eavesdropping or tapping devices, at the same time that the communication is occurring. 31 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (a). CIA of Computer Data and Systems 32 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Example: □ Have you experienced receiving coming from “bpionline.com.ph” with a subject line of “Update your security details now”? □ These e-mails ask the recipients to go to a site to login by placing their credentials. □ Unknown to many, the purpose of those websites is to intercept or to just get your user credentials so they can access your real online banking accounts. 33 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (a). CIA of Computer Data and Systems 3. Data Interference □ The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses. 34 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions: R.A. 10175 ▣ Consider this situation: □ You have a friend who will send a file to you through a flash drive. □ Unknown to both of you, the flash drive has a virus in it. □ After you copied the file you need from the flash drive of your friend, you noticed that your files and folders suddenly disappeared and only a shortcut icon appeared on your personal folder. ▣ Is your friend liable for any violation of RA 10175? 35 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era YES! Data interference includes “the intentional or reckless alteration, damaging, deletion or deterioration of computer data.” In the situation, even if you friend lent you his/her flash drive in good faith (has no intentions to infect your computer with a virus), it is still considered as recklessness in his/her part and it also caused an “alteration”, or “deletion”, or even “deterioration” of data. 36 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (a). CIA of Computer Data and Systems 4. System Interference □ The intentional alteration or reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or electronic data message, without right or authority, including the introduction or transmission of viruses 37 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Explanation ▣ This is more or less an extension of the previous offense, whereby the affected entity is not just data but the whole system. ▣ The previous situation can also apply here if, instead of just having the files “damaged” or “altered”, the whole computer system went into error. 38 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Data / System Interference ▣ Cryptojacking or Cryptomining Malware □ Refers to software programs and malware components developed to take over a computer's resources and use them for cryptocurrency mining without a user's explicit permission. □ There are reports that malware are now embedded on certain websites to run on a visitor's computer. 39 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Data / System Interference ▣ When you download through torrent sites like “thepiratebay”, you basically give them the authority to use your computer’s CPU (whether mobile or desktop) to “mine” cryptocurrencies. ▣ This is one of the reasons why, in most cases, downloading a lot of files can cause your computer to heat up. Your computer’s CPU is being used to calculate and solve blocks of encrypted data to mine cryptocurrencies. 40 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Data / System Interference ▣ Website defacing 41 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (a). CIA of Computer Data and Systems 5. Misuse of Devices □ The use, production, sale, procurement, distribution, or otherwise making available, without right, of a device or computer password designed primarily for the purpose of committing any of the offenses under this Act; □ The possession of an item referred to above. 42 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Misuse of Devices ▣ Use of Skimming Devices / Keyloggers 43 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Misuse of Devices Use of Skimming Devices □ Ivaylo Sashov Galapov was a Bulgarian man arrested in Pampanga, when the security guards of BPI Family Savings Bank noticed him inserting ATM cards in succession. □ He was arrested for violation of R.A. 8792 and Credits: ABS-CBN News Website R.A. 10175. 44 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (a). CIA of Computer Data and Systems 6. Cyber-squatting □ The acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same, if such a domain name is: i. Similar, identical, to an existing trademark (…) at the time of the domain name registration: ii. Identical with the name of a person other than the registrant; iii. Acquired without right or with intellectual property interests in it. 45 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Data / System Interference ▣ MikeRoweSoft □ In January 2004, Mike Rowe was a grade 12 student who operated a profitable web design business as a part time job. He registered the website with the domain name MikeRoweSoft.com. □ Lawyers from Microsoft asked him to stop using the website. Mike Rowe asked for $10,000 in return. □ Microsoft said no and proceeded to filing a case against him. 46 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Data / System Interference ▣ MikeRoweSoft □ Perhaps due to the stress that the whole process would entail, not withstanding the fact that this legal process would cost a lot of money, Mike Rowe decided to give away the website. □ News outlets reported that what he got in return was an XBOX console. □ But after some research, the following reddit thread appears apparently from Mike Rowe himself. 47 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Data / System Interference ▣ I found this on reddit, Mike Row had this to say: 48 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (b). Computer-Related Offense 7. Computer-Related Forgery □ The input, alteration, or deletion of any computer data without right resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic. 49 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Computer-Related Forgery ▣ Hacking into the iSLU portal to change your grade from 65 to 95. □ This has no monetary value and is therefore considered as “forgery” and not “fraud”. 50 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (b). Computer-Related Offense 8. Computer-Related Fraud □ The unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system, causing damage thereby with fraudulent intent. 51 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Computer-Related Fraud The only difference between forgery and fraud, it is now considered fraud instead of forgery if the damage incurred has “monetary value”. Some examples include: ▣ Hacking into a bank’s database and changing your account balance from “Php 500” to “Php 5,000”. ▣ Asking people to send you “prepaid load”, as they maliciously deceive you from believing that they are your “relatives from abroad”. 52 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (b). Computer-Related Offense 9. Computer-Related Identity Theft □ The intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying information belonging to another, whether natural or juridical, without right. 53 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example of Computer-Related Identity Theft ▣ Fake profiles in Facebook, Instagram, and other websites. □ There must be a use of “identifying information” which includes pictures of another person and his/her other personal details but not someone’s NAME. □ This is because it is completely possible for anyone to have the same name as another person, as well as for fan pages bearing the name of another person. □ If the intentions in the use of such profiles are for malicious purposes, such as pretending to be the actual person even if not, is already a violation of this law. 54 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (c). Content-Related Offense 10. Cybersex □ The willful engagement, maintenance, control, or operation, directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of a computer system, for favor or consideration. 55 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions on RA 10175 ▣ What if two individuals, who happen to be partners in life, gave their consent to each other to record any sexual act they are doing? ▣ Is this a case of cybersex? 56 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era NO! Even if both partied consented, and even if these acts are publicly denounced, they do not constitute to cybersex since the act is not done for “any favour or consideration”. For the purposes of this law, there must be an element of “engagement in business” for the act to be considered as prohibited. 57 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (c). Content-Related Offense 11. Child Pornography □ The unlawful or prohibited acts defined and punishable by Republic Act No. 9775 or the Anti-Child Pornography Act of 2009, committed through a computer system. □ Any representation, whether visual, audio thereof, by electronic, … , or any other means, of a child engaged or involved in real or simulated explicit sexual activities. 58 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions on RA 10175 ▣ Are “hentai” clips considered as a violation if this law? 59 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era NO! UNLESS: the hentai clip itself contains a character which is explicitly identified as a minor. If so, the said material is prohibited and the creator / distributor of the said material are liable for violations of this law. 60 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (c). Content-Related Offense 12. Online Libel □ Libel is the public and malicious imputation of a crime, real or imaginary, or any act, omission, condition, status, or circumstance tending to cause the dishonor, discredit, or contempt of a natural or juridical person, or to blacken the memory of one who is dead. 61 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Cybercrime Prevention Act of 2012 ▣ Ch. II. Sec 4 (c). Content-Related Offense 12. Online Libel □ Elements of Libel: 1. Allegation of a discreditable act or condition concerning another; 2. Publication of the charge; 3. Identity of the person defamed; and 4. Existence of malice. 62 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions on RA 10175 ▣ Consider the following post: □ “Hoy Maria David! Ikaw malandi ka! Alam naman ng lahat na kahit kanino pumapatol ka! Tuwing gabi nasa park ka, kasama mo nanay mo! Magkano ba ang rate natin ngayon? 500 hundred, tatlong oras? Ha? Pokpok! Pokpok! Pokpok kayo ng nanay mo!” 63 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions on RA 10175 ▣ Is the person who posted it liable for any crime? 64 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era YES! The statements in the post contains: 1. An allegation against Maria David; 2. Publicized since it was posted in a social media site; 3. The identity of Maria David was clear; 4. There was no doubt that the intentions were to defame Maria David, including her mother. All elements of libel are existent in this post. 65 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions on RA 10175 ▣ If you liked / reacted the said post, are you liable? 66 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era NO! Liking or reacting may be a sign of approval to the said post, but no statement was mentioned in anyway that makes any allegation towards Maria David. Hence, the first element of libel is not present. 67 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions on RA 10175 ▣ If you shared the said post, are you liable? 68 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era NO! The shared post might contain a message that is already established as libelous, BUT the statements were not made by the person who shared it. Thus, the person who shared the same post cannot be held liable. 69 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions on RA 10175 ▣ If you commented “OO NGA!”, are you liable? 70 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era NO! Similar to liking or reacting, commenting “oo” is a sign of approval but is not a statement that discredits or alleges Maria David. Thus, the person is not liable. 71 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions on RA 10175 ▣ If you commented “OO NGA! Pokpok talaga kayong mag-ina!!” on the post, are you liable? 72 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era YES! This statement is not merely an approval but also states an allegation towards Maria David herself. Thus making the person liable for libel since the comment can be seen publicly as well. 73 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era The concept of PRIVACY Privacy under the civil code Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era The Right to Privacy ▣ This is the right of an individual "to be free from unwarranted publicity, or to live without unwarranted interference by the public in matters in which the public is not necessarily concerned.” Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Question ▣ Does the state (government) have the right to disturb private individuals in their homes? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era No! The State recognizes the right of the people to be secure in their houses. No one, not even the State, except "in case of overriding […] and only under the stringent procedural safeguards," can disturb them in the privacy of their homes. 77 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Privacy in the Civil Code Art. 26. of the Civil Code of the Philippines: ▣ Every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other persons. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Prohibited Acts under the Civil Code 1. Prying into the privacy of another's residence; 2. Meddling with or disturbing the private life or family relations of another; 3. Intriguing to cause another to be alienated from his friends; 4. Vexing or humiliating another on account of his religious beliefs, lowly station in life, place of birth, physical defect, or other personal condition. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Question (Hing vs Choachuy, 2013) ▣ May an individual install surveillance cameras on his own property facing the property of another? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era No! A man’s house is his castle, where his right to privacy cannot be denied or even restricted by others. It includes any act of intrusion into, peeping or peering inquisitively into the residence of another without the consent of the latter. 81 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Privacy in the Civil Code ▣ On the installation of cameras: ▣ The installation of surveillance cameras, should not cover places where there is reasonable expectation of privacy, unless the consent of the individual, whose right to privacy would be affected, was obtained. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Question ▣ Does an employee / student have a reasonable expectation of privacy in the workplace / school? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Questions and Cases According to a court decision, employees in workplace have less or no expectation of privacy. Similarly, students have less or no expectation of privacy within school grounds. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example Case ▣ Case: (Zulueta vs C.A., 1996) □ Cecilia is the wife of Alfredo, a doctor of medicine. □ Cecilia entered the clinic of her husband and in the presence of witnesses, forcibly opened the drawers and cabinet and took 157 documents consisting of private correspondence between Dr. Martin and his alleged paramours, greetings cards, cancelled checks, diaries, Dr. Martin’s passport, and photographs. □ The said items were used as evidence in legal separation case. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Question ▣ Was the right to privacy of Dr. Alfredo Martin violated? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Yes! In the decision of the court: “A person, by contracting marriage, does not shed his/her integrity or his right to privacy as an individual and the constitutional protection is ever available to him or to her.” 87 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Example Case With respect to the legal separation case, what was the decision of the court? ▣ The documents and papers are inadmissible as evidence. ▣ The Court said: “the intimacies between husband and wife do not justify any one of them in breaking the drawers and cabinets of the other and in ransacking them for any telltale evidence of marital infidelity.” Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Reasonable Expectation of Privacy When does a person have a reasonable expectation of privacy? 1. When the person believes that one could undress in privacy without being concerned that an image of him or her is being taken; 2. When a reasonable person would believe that one’s private area would not be visible regardless of whether the person is in a public or private place. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Question Does a person have a reasonable expectation of privacy inside a fitting room while, say, trying out a set of clothes? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Yes! A person would normally expect to change his or her clothes without worrying about anyone who could see him / her. In addition, a fitting room is properly secluded to ensure that no one else can see what a person inside is doing. Thus, a person has a reasonable expectation of privacy inside a fitting room 91 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Photo and Video Voyeurism Act of 2009 Republic Act 9995 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Punishable Acts: R.A. 9995 1. The unconsented taking of a photo or video of a person or group of persons engaged in a sexual act or any similar activity, or capturing an image of the private area of a person, under circumstances in which the said person has a reasonable expectation of privacy; 2. The copying or reproduction of such photo or video recording of the sexual act; Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Punishable Acts 3. The selling or distribution of such photo or video recording; 3. The publication or broadcasting, whether in print or broadcast media, or the showing of such sexual act or any similar activity through VCD/DVD, the internet, cellular phones, and other similar means or devices without the written consent of the persons featured. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions The phrase “private area of a person” appears on the first punishable act under R.A. 9995. What does the “private area of a person” include? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions The “private area of a person” includes naked or undergarment-clad genitals, pubic area, buttocks, or the female breast. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Question Will one be liable for the non-commercial (simply sharing without asking for money) copying or reproduction of said photo or video? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Yes! The mere copying or reproduction of said material will make one liable under the law regardless of the reason or whether one profits or not from such act. In fact, the mere showing of the material on one’s cellphone would violate the law. 98 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions If the persons in the photo knew and consented to the video recording or taking of the photo; can anyone reproduce, distribute, or broadcast it? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era No! The person merely consented to the taking of the photo or the video recording and did not give written consent for its reproduction, distribution, and broadcasting. 100 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Penalty The penalty for the commission of any of the said prohibited acts would incur a penalty of: 3 years to 7 years imprisonment AND a fine of Php 100,000.00 to Php 500,000.00 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Data Privacy Act Republic Act 10173 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Data Privacy Act of 2012 1. Protects the privacy of individuals while ensuring free flow of information to promote innovation and growth. 2. Regulates the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of personal data. 3. Ensures that the Philippines complies with international standards set for data protection. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Important Definitions 1. Personal Information Controller ▣ The individual, corporation, or body who decides what to do with data. 2. Personal Information Processor ▣ One who processes data for a Personal Information Controller. The PIP does not process information for the PIP’s own purpose. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Important Definitions 3. Consent ▣ Where the data subject agrees to the collection and processing of his personal data. The agreement must inform: □ purpose, nature, and extent of processing; □ period of consent/instruction; □ rights as a data subject Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Definitions 4. Breach ▣ A security incident that: □ Leads to unlawful or unauthorized processing of personal, sensitive, or privileged information; □ Compromises the availability, integrity, or confidentiality of personal data. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era What is Personal Information? Personal Information Sensitive Personal Information ▣ Refers to any information or ▣ This is a type of personal opinion about a particular information that may be used to individual that can be used in harm or discriminate other identifying a person. This people when mishandled. This includes: include: □ name □ race or ethnic origin; □ address □ political opinions □ phone number □ religious affiliations; □ date of birth □ criminal record; □ E-mail address □ biometric information. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Processing Personal Information ▣ The processing of personal information shall be allowed and shall adhere to the following: □ Principles of transparency; □ Legitimate purpose; and □ Proportionality Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era PRINCIPLE OF TRANSPARENCY ▣ The data subject must know: □ The kind of personal data collected □ How the personal data will be collected □ Why personal data will be collected ▣ The data processing policies of the PIC must be known to the data subject. ▣ The information to be provided to the data subject must be in clear and plain language. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Legitimate Purpose Principle ▣ Data collected must be always be collected only for the specific, explicit, and legitimate purposes of the PIC. ▣ Data that is not compatible with the purpose for which the data was collected shall not be processed. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era PRINCIPLE OF PROPORTIONALITY ▣ The processing of personal data should be limited to such processing as is adequate, relevant, and not excessive in relation to the purpose of the data processing. ▣ Efforts should be made to limit the processed data to the minimum necessary. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era PROCESSING SENSITIVE PERSONAL INFO. 1. The data subject has given his or her consent; 2. The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract; 3. The processing is necessary for compliance with a legal obligation to which the personal information controller is subject; Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era PROCESSING SENSITIVE PERSONAL INFO. 4. The processing is necessary to protect vitally important interests of the data subject, including life and health; 5. The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority (…); or 6. The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller (…), except where such interests are overridden by fundamental rights and freedoms of the data subject (…). Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Rights of the Data Subject 1. Right to be informed. 2. Right to object. 3. Right to access. 4. Right to rectification. 5. Right to erasure or blocking. 6. Right to damages. 7. Right to data portability. 8. Right to file a complaint. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 1. Right to be Informed ▣ This is the right to be informed that your personal data shall be, are being, or have been processed, including the existence of automated decision-making and profiling ▣ The disclosure must be made before the entry of the data into the processing system or at the next practical opportunity Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 2. Right to Object ▣ The right to object to the processing of personal data, including processing for direct marketing, automated processing, or profiling. □ If you do not want to share any information, or you do not want any other person to collect information from you, then you have the right to say NO. ▣ This includes the right to be given an opportunity to withhold consent to the processing in case of any changes or any amendment to the information supplied or declared. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 2. Right to Object There are several exceptions where you cannot invoke your right to object: □ Personal data is needed pursuant to a subpoena issued by a court. □ Processing is necessary for or related to a contract or service to which the data subject is a party; □ Information is being processed as a result of a legal obligation. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 3. Right to Access ▣ The right to find out whether a PIC holds any personal data about you. ▣ The right to reasonable access to personal data that were processed, sources of personal data, names and addresses of recipients, manner/method of processing, information on automated process, date when personal data was last accessed and modified, designation, name or identity, and address of the PIC Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 4. RIGHT TO RECTIFICATION ▣ This involves the right to dispute the inaccuracy or error in the personal data and have the PIC correct it immediately. ▣ It also includes access to new and retracted information, and simultaneous receipt thereof. ▣ Recipients previously given erroneous data must be informed of inaccuracy and rectification upon reasonable request of the data subject. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 5. RIGHT TO ERASURE OR BLOCKING ▣ This is the right to suspend, withdraw, or order the blocking, removal, or destruction of his or her personal information from the personal information controller’s filing system Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 5. RIGHT TO ERASURE OR BLOCKING The right to erase or block can be invoked in the following circumstances: □ There are data which are incomplete, outdated, false, or unlawfully obtained. □ The data was used for unauthorized purposes. □ The data is no longer necessary for purposes of collection. □ The processing of data was found to be unlawful. □ The PIC or PIP violated the rights of the data subject. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 6. RIGHT TO DAMAGES ▣ This is the right to be indemnified (receive compensation) for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data. □ If there are circumstances where you discovered that your personal data was mishandled, you have the right to ask for compensation for the damage it has caused you. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 7. RIGHT TO DATA PORTABILITY ▣ The right to obtain a copy of data undergoing processing in an electronic or structured format, commonly used, and allows for further use by the data subject. ▣ Takes into account the right to have control over personal data being processed based on consent, contract, for commercial purposes, or through automated means. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era 8. RIGHT TO FILE A COMPLAINT ▣ In circumstances wherein the PIC or the PIP has breached the privacy of the data subject, a complaint may be filed through [email protected] ▣ National Privacy Commission – Government agency responsible for implementing R.A. 10173. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Questions and Cases May a teacher/professor search the contents of a student’s cellular phone? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era No! Any search through a student’s cellular phone without justification under a law or regulation is UNLAWFUL, and may be considered as unauthorized processing of data. 126 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Questions and Cases However, there are exceptions: ▣ If it was done with student’s consent ( except if the student is a minor.) ▣ If it is required by the student’s life and health, or by national emergency. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Questions and Cases Is an implied (indirect) form of consent valid? An example of this is the following paragraph that appears in several websites: ▣ “By continuing to avail of xxx products and services:, you explicitly authorize xxx, its employees, duly authorized representatives, related companies and third-party service providers, to use, process and share personal data needed in the administration of your xxx” Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era No! Consent under the Data Privacy Act has three requirements, none of which are seen in an implied consent: Consent must be freely given; Details about what consent is being asked must be specific. And there must be an informed indication of will. 129 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions Are handwritten signatures considered sensitive personal information? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era No! It is possible that one may share a similar signature as another person. Moreover, some signatures do not, in any way, show signs of identity of a person. Nonetheless, these may be considered personal information when used to identify an individual such as a signature affixed on the name of a person. 131 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions Are usernames, password, IP and MAC address, location cookies and birthday (month and day only) are considered personal information? Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Yes*! *Only when they are combined with other pieces of information that may allow an individual to be distinguished from others. Remember that a username, say “iloveyou3000”, does not identify any particular person unless it is combined with other information. 133 Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Guide Questions In addition: ▣ There are a lot of people who share the same birthday as others. This makes it impossible to use birthdays to identify any person. ▣ IP addresses alone cannot identify who a person is because it is possible that two or more people make use of a single computer / server. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Prohibited Acts: R.A. 10173 1. Unauthorized processing of personal information and sensitive personal information. ▣ Process (sensitive) personal information without the consent of the data subject or without being authorized under the Data Privacy Act or any other law. 2. Accessing personal information and sensitive personal information due to negligence. ▣ Provided access to (sensitive) personal information due to negligence or was unauthorized under the Data Privacy Act or any existing law. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Prohibited Acts: R.A. 10173 3. Improper disposal of (sensitive) personal information. ▣ Negligently dispose, discard or abandon the (sensitive) personal information of an individual in an area accessible to the public or placed the (sensitive) personal information of an individual in a container for trash collection. 4. Processing of personal information and sensitive personal information for unauthorized purposes. ▣ Process personal information for purposes not authorized by the data subject or not otherwise authorized by the Data Privacy Act or under existing laws. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era Prohibited Acts: R.A. 10173 5. Unauthorized access or intentional breach. ▣ Knowingly and unlawfully violate data confidentiality and security data systems where personal and sensitive personal information is stored. 6. Malicious disclosure. ▣ Discloses to a third party unwarranted or false information with malice or in bad faith relative to any (sensitive) personal information obtained by such PIC or PIP. Saint Louis University – SAMCIS - Computer Applications Department G.I.T. – Living in the IT Era