Cybercrime Law: An Overview PDF
Document Details
Uploaded by HandsDownRainforest6295
Tags
Summary
This document provides an overview of cybercrime law, specifically focusing on the Philippine Cybercrime Prevention Act of 2012 (RA 10175). It discusses key aspects such as the different types of cybercrime offenses, the objectives of the module, and the elements of each offense. It also covers pertinent information about the law's history and background. Furthermore, the document touches on topics relating to computer-related offenses, including forgery, fraud, and identity theft.
Full Transcript
CYBERCRIME LAW: An Overview Module 9 March 2024 Objectives At the end of the module, you should be able to: Familiarize with the Philippine Cybercrime Laws Recognize the territoriality principle of penal law; Be aware of the need to protect and safeguard the integrity of compu...
CYBERCRIME LAW: An Overview Module 9 March 2024 Objectives At the end of the module, you should be able to: Familiarize with the Philippine Cybercrime Laws Recognize the territoriality principle of penal law; Be aware of the need to protect and safeguard the integrity of computer, communications systems, networks and databases, as well as the confidentiality and integrity of the data stored in a computer system; Philippine Digital State E-Commerce Use Social Media Use Overview of Philippine Cybercrime Laws Cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Most cybercrime is an attack on information about individuals, corporations, or governments. Cybercrime highlights the centrality of networked computers in our lives, as well as the fragility of such seemingly solid facts as individual identity. Where exactly does cybercrime take place? An important aspect of cybercrime is its non-local character: actions can occur in jurisdictions separated by vast distances. Cybercriminals leave clues as to their identity and location, despite their best efforts to cover their tracks. In order to follow such clues across national boundaries, though, international cybercrime treaties must be ratified. Cybercrime Prevention Act of 2012 (RA 10175) Year 2000 E-Commerce Law (Republic Act 8792) was passed The I Love You Virus case happened Efforts in registering the Philippine Computer Emergency Response Team (PH-CERT) started with the support of the National Computer Center. Year 2001 – 2002 Growing number of hacking attacks and cybercrimes were recorded. Convention on Cybercrime was proposed Anti-Cybercrime bill (2001) was filed Cybercrime Prevention Act of 2012 (RA 10175) Year 2004 Growth of home-based workers and BPO industries Year 2005 First cybercrime conviction happened with JJ Maria Giner convicted under the E-Commerce Law for hacking the government’s.gov.ph site. Year 2007 The CICT took a proactive role in advocating for various laws such as the Cybercrime Bill. Growth in cybersex and child trafficking rings were noted. Year 2008 E-Commerce Law was deemed lacking in prosecuting a growing number of forms of cybercrime 87% of emails Filipino received this year were spam. Year 2009 Katrina Hall and Hayden Kho sex scandal went viral as it involves computer theft and unauthorized access to information that got posted online. Cybercrime Prevention Act of 2012 (RA 10175) Year 2010 Norton reported that 9 out of 10 Filipinos are victims of various forms of cybercrime ranging from hacking attacks to online scams. Year 2011 Committee Report on Cybercrime Bill was submitted to the House of Representatives. Year 2012 Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, was signed into law by President Aquino on Sept. 12, 2012. Its original goal was to penalize acts like cybersex, child pornography, identity theft and unsolicited electronic communication in the country. Online libel was not part of the original bill proposed by the Department of Justice (DOJ) but was one of the amendments Punishes content-related offenses such as cybersex, child pornography and libel which may be committed through a computer system. It also penalizes unsolicited commercial communication or content that advertises or sells products or services. Anti-Photo and Video Voyeurism Act of 2009 The original version of the Cybercrime Law includes the main features of RA 9995, however, because Congress was forced to quickly enact the said law the said features were deleted from the Cybercrime Law. The mere videotaping of a sexual intercourse will not per se constitute violation of RA 9262 (Anti-Violence Against Women and their Children Act of 2004). The second element must be present because it is the proximate or immediate cause of the mental and emotional anguish, public ridicule or humiliation to the woman...” Even with the law in place, violations have been rapidly increasing on social media, where perpetrators could hide behind anonymity in using mobile phones and computers. Base from the data of the PNP Anti Cybercrime Group, there were 1,427 cases investigated from 2013 to mid of 2019. Anti-Photo and Video Voyeurism Act of 2009 Salient Features Section 4. Prohibited Acts. It is hereby prohibited and declared unlawful for any person: (a) To take photo or video coverage of a person or group of persons performing sexual act or any similar activity or to capture an image of the private area of a person/s such as the naked or undergarment clad genitals, pubic area, buttocks or female breast without the consent of the person/s involved and under circumstances in which the person/s has/have a reasonable expectation of privacy (b) To copy or reproduce, or to cause to be copied or reproduced, such photo or video or recording of sexual act or any similar activity with or without consideration; (c) To sell or distribute, or cause to be sold or distributed, such photo or video or recording of sexual act, whether it be the original copy or reproduction thereof; or (d) To publish or broadcast, or cause to be published or broadcast, whether in print or broadcast media, or show or exhibit the photo or video coverage or recordings or such sexual act or any similar activity through VCD/DVD, internet, cellular phones and other. Tasks Individual Case – Cybercrime Law CYBERCRIME OFFENSES: Computer Related Offenses & Content Related Offenses Module 11 Objectives At the end of the module, you should be able to: Identify between types of cybercrime offenses. Differentiate between forgery and fraud. Familiarize with the regulation for each offense. Manifest critical thinking skills in determining whether a series of acts will constitute a cybercrime offense. Computer Related Offenses Under Section 4(b) of RA 10175, there are only three (3) Computer related offenses: 1. Computer-related Forgery 2. Computer-related Fraud 3. Computer-related Identity Theft Computer Related Forgery The input, alteration, or deletion of any computer data without right resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible; or The act of knowingly using computer data which is the product of computer-related forgery as defined herein, for the purpose of perpetuating a fraudulent or dishonest design. “How can a person guilty of forgery in a general sense?” A person is guilty of forgery if: 1. With purpose to defraud or injure anyone; OR 2. With knowledge that he is facilitating a fraud or injury to be perpetrated by anyone, the actor: Alters any writings of another without his authority; Makes, completes, executes, authenticates, issues or transfers any writing so that it purports to be the act of another who did not authorize that act, or to have been executed at a time or place or in a numbered sequence other than was in fact the case, or to be a copy of an original when such original existed; or Utters any writing which he knows to be forged in a manner specified in the revised penal code; Computer Related Forgery Elements of Computer-related Forgery First Type of Offense “ACTIVE COMPUTER-RELATED FORGERY” There must be an input, alteration, or deletion of any computer data without right; The result is an inauthentic data; The intent is to use the inauthentic data to be considered or acted upon as if it is authentic; Second Type of Offenses “PASSIVE COMPUTER-RELATED FORGERY” There must be an existing inauthentic data brought about by the elements of ACTIVE computer-related forgery. Knowingly acting on the inauthentic data for the purpose of perpetuating a fraudulent or dishonest design. Penalty: Prision mayor (imprisonment of six years and 1 day up to 12 years) or a fine of at least Two hundred thousand pesos (P200,000) up to a maximum amount commensurate to the damage incurred or BOTH. Examples: Computer-related forgery involves impersonation of legitimate individuals, authorities, agencies, and other entities online for fraudulent purposes. Cybercriminals can impersonate people from legitimate organizations and agencies in order to trick them into revealing personal information and providing the offenders with money, goods and/or services. Computer Related Fraud The unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system, causing damage thereby with fraudulent intent: Provided, That if no damage has yet been caused, the penalty imposable shall be one (1) degree lower. This provision is almost the same with computer-related forgery except that in this offense, system interference, in addition to data interference is considered one of the means. Moreover, the main purpose under this offense is to cause damage to the computer system with the intent of procuring an economic benefit for oneself or another person or for the perpetuation of a fraudulent or dishonest activity. Computer Related Fraud Element of Computer-related fraud There is an unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system. The purpose is to cause damage to the computer system with fraudulent intent. Penalty: same as Computer Related Forgery Provided, that if no damage has yet been caused, the penalty imposed shall be one (1) degree lower. Examples: Computer-related fraud includes many online swindles that involve false or misleading promises of love and companionship (catphishing), property (through inheritance scams), and money and wealth (through lottery scams, investment fraud, inheritance scams, etc.). The ultimate goal of these scams is to trick the victim into revealing or otherwise providing personal information and/or funds to the perpetrator (a form of social engineering fraud). This tactic, as the name implies, uses social engineering, the practice of manipulating, deceiving, influencing, or tricking individuals into divulging confidential information or performing acts that will benefit the social engineer in some way. Computer Related Identity Theft The intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying information belonging to another, whether natural or juridical, without right: Provided, That if no damage has yet been caused, the penalty imposable shall be one(1) degree lower. The common definition of identity that is that it is a form of stealing someone’s identity in which someone pretends to be someone else by assuming that person’s identity, typically in order to access resources or obtain credit and other benefits in that person’s name. The victim of identity theft can suffer adverse consequences if he is held accountable for the perpetrator’s actions. Identity theft occurs when someone uses your personal identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes Computer Related Identity Theft Penalty: same as Computer Related Forgery, Provided, that if no damage has yet been caused, the penalty imposed shall be one (1) degree lower. Examples: Identity-related crime, whereby the perpetrator unlawfully assumes and/or misappropriates the identity of the victim and/or uses the identity and/or information associated with the identity for illicit purposes. The type of data targeted by criminals includes identity-related information, such as identification numbers (e.g., social security numbers), identity documents (e.g., passports, national identifications, driver's licenses, and birth certificates), and online credentials (i.e., usernames and passwords). Identity-related crime may or may not be financially motivated. For example, fraudulent identity documents (e.g., passports) could be purchased online for use in travel. Content Related Offenses Under Section 4(c) of RA 10175, there are three (3) Content-related offenses 1. Cybersex 2. Child Pornography 3. Unsolicited Commercial Communications Cybersex The willful engagement, maintenance, control, or operation, directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of a computer system, or favor or consideration. For a person to be guilty of cybersex as defined by the cybercrime law, all the following elements must be present. There must be a willful agreement, maintenance, control, or operation, directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity. The lascivious exhibition of sexual organs or sexual activity is done with the aid of or through the use of a computer system; The activity is done for a favor or consideration; Penalty: Prision mayor (imprisonment of six years and 1 day up to 12 years) or a fine of at least Two hundred thousand pesos (P200,000) but not exceeding One million pesos (P1,000,000) or BOTH. Child Pornography The unlawful or prohibited acts defined and punishable by Republic Act No. 9775 of the Anti-Child Pornography Act of 2009, committed through a computer system: Provided, That the penalty to be imposed shall be (1) one degree higher than that provided for in Republic Act No. 9775. If child pornography is committed through the use of a computer system, the penalty to be imposed is one (1) degree higher than that provided for in RA 9775. Section 4(c)(2) seems to merely expands the scope of the Anti-Child Pornography Act of 2009 (ACPA) to cover identical activities in cyberspace. In theory, nothing prevents the government from invoking the ACPA when prosecuting persons who commit child pornography using a computer system. Actually, ACPA’s definition of child pornography already embraces the use of “electronic, mechanical, digital, optical, magnetic or any other means.” Penalty: Penalty to be imposed shall be one (1) degree higher than that provided for in Republic Act 9775, if committed through a computer system. Unsolicited Commercial Communication The transmission of commercial electronic communication with the use of computer system which seek to advertise, sell, or offer for sale products and services are prohibited unless, (i) There is a prior affirmative consent from the recipient; or (ii) The primary intent of the communication is for service and/or administrative announcement from the sender to its existing users, subscribers or customers: or (iii)The following conditions are present: The commercial electronic communication contains a simple, valid, and reliable way for the recipient to reject receipt of further commercial electronic messages (‘opt-out’) from the same source; The commercial electronic communication does not purposely disguise the source of the electronic message; and The commercial electronic communication does not purposely include misleading information in any part of the message in order to induce the recipients to read a message. Penalty: Section 6. All crimes defined and penalized by the Revised Penal Code, as amended, and special laws, if committed by, through and with the use of information and communications technologies shall be covered by the relevant provisions of this Act: Provided, That the penalty to be imposed shall be one (1) degree higher than that provided for by the Revised Penal Code, as amended, and special laws, as the case may be. Tasks Group Work (2 members) Cite an example related to computer offenses under section4(b) and section4(c) of RA10175 Under Section 4(b) of RA 10175, there are only three (3) Computer related offenses: 1. Computer-related Forgery 2. Computer-related Fraud 3. Computer-related Identity Theft Under Section 4(c) of RA 10175, there are three (3) Content-related offenses 1. Cybersex 2. Child Pornography 3. Unsolicited Commercial Communications CYBERCRIME OFFENSES: Offenses Against Confidentiality and Availability of Computer Data and Systems Module 10 Objectives At the end of the module, you should be able to: Differentiate between the types of offenses Be aware of the need to protect and safeguard the integrity of computer, communications systems, networks and databases, as well as the confidentiality and integrity of the data stored in a computer system; Discuss the elements pf each of the cybercrime offense; Distinguish data interference with system interference; Confidentiality, Integrity and Availability Cybercrimes are primarily those that target systems, networks, and data, and seek to compromise their: confidentiality (i.e., systems, networks, and data are protected and only authorized users can access them), integrity (i.e., data is accurate and trustworthy and has not been modified) and availability (i.e., data, services, and systems are accessible on demand). Offenses 1. Illegal Access The access to the whole or any part of a computer system without right. A computer system means any device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data. Element of the Offense There must be an intentional access in whole or in part of a computer system. The person who attempts to, or is accessing, or had already accessed the data has no right of access to the system. Penalty Prison mayor (imprisonment of six years and 1 day up to 12 years) or a fine of at least P200,000 up to a maximum amount commensurate to the damage incurred or BOTH. If committed against critical infrastructure: Reclusion temporal (imprisonment for twelve years and one day up to twenty years) or a fine of at least P500,000 up to a maximum amount commensurate to the damage incurred or BOTH. Offenses 2. Illegal Interception The interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data. Elements of Illegal Interception it must be intentional; it must be by technical means; the person involved is without any to do with the interception the transmission of computer data to, from, or within a computer system is non-public; Penalty : same with Illegal Access Offenses 3. Data Interference The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses. Alteration refers to the modification or change, in form or substance, of an existing computer data or program (Sec. 3(b)). Interference is directed against the data itself, alteration only involves data. Authorized action can also be covered by this provision if the action of the person went beyond agreed scope resulting to damages stated in this provision. Penalty : same with Illegal Access Offenses 4. System Interference The intentional alteration or reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or electronic data message, without right or authority, including the introduction or transmission of viruses. Authorized action can also be covered by this provision if the action of the person went beyond agreed scope resulting to damages stated in this provision. The interference is directed against the functioning of a computer system. Alteration involves both data and computer program. Penalty : same with Illegal Access Offenses 5. Device Misuse (i) The use, production, sale, procurement, importation, distribution, or otherwise making available, without right, of: (aa) A device, including a computer program, designed or adapted primarily for the purpose of committing any of the offenses under this Act; or (bb) A computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed with intent that it be used for the purpose of committing any of the offenses under this Act. (ii) The possession of an item referred to in paragraphs 5(i)(aa) or (bb) above with intent to use said devices for the purpose of committing any of the offenses under this section. Penalty : same with Illegal Access except fine should be no more than P500,000. Offenses There are several forms of malware that can be used to infect systems: Worm. Standalone malicious software that spreads without the need for user activity. Virus. Malware that requires user activity to spread (e.g., an executable file with virus spreads when opened by the user). Trojan horse. Malware designed to look like legitimate software in order to trick the user into downloading the program, which infects the users' system to spy, steal and/or cause harm. Spyware. Malware designed to surreptitiously monitor infected systems, and collect and relay information back to the creator and/or user of the spyware. Ransomware. Malware designed to take users' system, files, and/or data hostage and relinquish control back to the user only after ransom is paid. Cryptoransomware (a form of ransomware) is malware that infects a user's digital device, encrypts the user's documents, and threatens to delete files and data if the victim does not pay the ransom. Doxware is a form of cryptoransomware that perpetrators use against victims that releases the user's data (i.e., makes it public) if ransom is not paid to decrypt the files and data. Offenses 6. Cybersquatting The acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same, if such a domain name is: (i) Similar, identical, or confusingly similar to an existing trademark registered with the appropriate government agency at the time of the domain name registration: (ii) Identical or in any way similar with the name of a person other than the registrant, in case of a personal name; (iii) Acquired without right or with intellectual property interests in it. Elements of the offense There must be an acquisition of a domain name over the internet; The acquisition is done in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same; In case of a juridical person, the domain name is similar, identical or confusingly similar to an existing trademark registered with the appropriate government agency at the time of the domain name registration; Identical or in any way similar with the name of a person other than the registrant in case the domain name involves a natural person. Penalty : same with Device Misuse