ITE101 Midterm Reviewer PDF

Summary

This document reviews computer and internet crimes, including security issues and different types of risks. It discusses various online threats like viruses and hacking. It also covers the aspects of computer security.

Full Transcript

LIVING IN THE IT ERA
ITE101| MIDTERM REVIEWER

LESSON 1: COMPUTER AND INTERNET B. Viruses – A computer virus is one of those programs
you don't want that usually gets sent to you by
CRIMES
people through email.

SECURITY: TYPES AND EFFECTS OF COMPUTER CRIMES
C. Malicious Logic – affects your computer system
- Governments, businesses, and people around the world
while you are on the net.
have been affected immeasurably by the unprecedented
- Commands are frequently present in web pages we
advancement force of computer technology.
visit while surfing the net.
- enormous and exponentially growing capacities of
- This type is usually deliberately created.
electronic storage, transmission, and rapid manipulation of
- Symptoms may include slow response time, system
binary data changed the modern landscape virtually
crashes, or uncooperative programs.
overnight. Such fundamental restructuring in the society
also resulted in certain disadvantages, on all levels.
D. Hacking – Hackers found ways to exploit holes in the
Increased opportunities for the industrious to be more
operating systems of local and remote systems. They
productive also allow the less-upright new avenues for
developed methods to exploit security holes in
malevolence.
various computer systems.
WHAT IS “COMPUTER CRIME”?
E. Internal Misuse – Occasionally, some people use
- could reasonably include a wide variety of criminal
your computer, and some files may be intentionally or
offenses, activities, or issues.
unintentionally deleted. When permanently deleted
from the system, this may mean that you will have to
It can be separated into two categories:
redo the work. System crashes can also occur when
(1) crimes facilitated by a computer
files needed by a program are deleted or altered.
(2) crimes where the computer is the target.

F. Spoofing – Network spoofing is an ingenious way for
THE DIFFERENT COMPUTER SECURITY ISSUES AND
an intruder to gain access to the system. The intruder
THEIR EFFECTS:
sets up a program that impersonates the sign-on
- We usually keep files containing a month's worth of work
routine of another system.
or confidential information on our computers. Protecting
these data should be given careful attention. Almost every
TWO CATEGORIES OF ELECTRONIC CRIME TYPES:
day, computer systems are being broken into, or computer
- There are many different ways to attack computers and
viruses turn up on someone's computer. They are constant
networks to take advantage of what has made shopping,
threats, making security even more critical.
banking, investment, and leisure pursuits a simple matter of
― “dragging and clicking” for many people.
Three overlapping types of Risks:

The different types of electronic crime fall into two main
1. Bugs or misconfiguration problems that allow
categories:
unauthorized remote users to:
1. crimes in which the computer is the target of the
Steal confidential documents
attack
Execute commands on the host machine, allowing
2. incidents in which the computer is a means of
them to modify the system
perpetrating a criminal act.
Gain information about the host machine, allowing
them to break into the system
LIST OF SOME OF THE NOTED COMPUTER CRIMES
Launch denial-of-service attacks, rendering the
COMMITTED OVER THE PAST YEARS:
machine temporarily unusable

THE MORRIS WORM (NOVEMBER, 1988) – Robert Morris
2. Browser-side risks, including:
released what has become known as the Internet Worm.
Active content that crashes the browser, damages
- first large-scale attack on the Internet and the worm
the user's system, breaches the user's privacy, or
infected roughly 10 percent of the machines then connected
merely creates an annoyance
to the Internet and caused an estimated $100 million
The misuse of personal information knowingly or
damages.
unknowingly provided by the end-user

CITIBANK AND VLADIMIR LEVIN (JUNE-OCTOBER, 1994)
3. Interception of network data sent from browser to server
– Levin reportedly accomplished the break-ins by dialing
or vice versa via network eavesdropping
into Citibank‘s cash management system. This system
allowed clients to initiate their fund transfers to other banks.
THE ASPECTS OF COMPUTER SECURITY

KEVIN MITNICK (FEBRUARY, 1995) – Mitnick admitted to
A. Physical Security – first and perhaps the easiest rule
having gained unauthorized access to several different
of computer security.
computer systems belonging to companies such as
- Everyone knows that you need to lock your doors to
Motorola, Novell, Fujitsu, and Sun Microsystems. He also
keep your TV, refrigerator, and other appliances safe
admitted to having used stolen accounts at the University of
at home. The same idea applies to your computer as
Southern California to store proprietary software he had
well. We have to make sure that our computers are
taken from various companies.
attended, watched, or locked behind our doors.
 OMEGA ENGINEERING AND TIMOTHY LLOYD (JULY, SHAMOON (2012) – It is a computer virus discovered in
1996) – The program that ran on July 30 deleted all the 2012 that attacks computers running the Microsoft Windows
design and production programs for the company, severely operating system. It is also known as Disttrack. Shamoon is
damaging the small firm and forcing the layoff of 80 capable of wiping files and rendering several computers on
employees. a network unusable.

JESTER AND THE WORCESTER AIRPORT (MARCH, 1997) NUMBER OF DIFFERENT SECURITY THREATS
– Airport services to the FAA control tower as well as the
emergency services at the Worcester Airport and the 1. Viruses and Worms
community of Rutland, Massachusetts were cut off for a
period of six hours. a. VIRUS - is a self-replicating program that
- This disruption occurred as a result of a series of spreads by inserting copies of itself into other
commands sent by a teenage computer hacker who went executable code or documents.
by the name ― “jester”.
b. WORM - a type of malware that is a
SOLAR SUNRISE (FEBRUARY, 1998) – A series of self-replicating program similar to a virus.
computer intrusions occurred at several military installations
in the U.S. Over 500 domain name servers were c. INTRUDERS – The act of deliberately accessing
compromised during the course of the attacks. Making it computer systems and networks without
harder to track the actual origin of the attacks was the fact authorization is generally referred to as
that the attackers made a number of ―hopsǁ between hacking.
different systems, averaging eight different systems before - act of exceeding one‘s authority in a system.
arriving at the target. This includes authorized users who attempt to
gain access to files or obtain permissions that
THE MELISSA VIRUS (MARCH, 1999) – Melissa is the they have not been granted.
best-known early macro type viruses that attach
themselves to documents for programs that have limited SCRIPT KIDDIE - a derogatory term for inexperienced
macro programming capability. crackers who use scripts and programs developed by
- The virus, written and released by David Smith, infected others to compromise computer accounts and files, and for
about a million computers. launching attacks on whole computer systems.

THE LOVE LETTER WORM (MAY, 2000) – Also known as ELITE HACKERS - people who are not only capable of
the ― “ILOVEYOU” virus and the “Love Bug,” was written writing scripts to exploit known vulnerabilities but also
and released by a Philippine student named Onel de capable of discovering new ones.
Guzman.
- The worm was spread via email with the subject line of INSIDERS – They have the access and knowledge
“ILOVEYOU.” The virus spread via email attachments. When necessary to cause immediate damage to an organization.
the receiver ran the attachment, it searched the system for Have all the access they need to perpetrate criminal activity
files with specific extensions in order to replace them with such as fraud. Moreover, they have knowledge of the
copies of itself. security systems in place and will be better able to avoid
detection.
THE CODE-RED WORM (2001) – This infection took only
14 hours to occur. The worm took advantage of a CRIMINAL ORGANIZATIONS – Attacks by criminal
buffer-overflow condition in Microsoft‘s IIS web servers. organizations can fall into the structured threat category,
The worm itself was memory resident so simply turning off which is characterized by a greater amount of planning, a
an infected machine eliminated it. longer period to conduct the activity, more financial backing
to accomplish it, and possibly, corruption of or collision with
ADIL YAHYA ZAKARIA SHAKOUR (AUGUST, 2001-MAY, insiders.
2002) – Shakour admitted to having accessed several
computers without authorization, including a server at Eglin TERRORIST AND INFORMATION WARFARE – conducted
Air Force Base, computers at Accenture, a computer system against information and information processing equipment
at Sandia National Laboratories, and a computer at used by an adversary.
Cheaptaxforms.com.
COMPUTER SYSTEM AND NETWORK SECURITY
THE SLAMMER WORM (2003) – It exploited
buffer-overflow vulnerability in computers running A. COMPUTER SECURITY - the effort to create a secure
Microsoft‘s SQL Server or Microsoft SQL Server Desktop computing platform, designed so that agents (users
Engine. Slammer_x0002_infected hosts were generating a or programs) can only perform actions that have
reported 1TB of worm-related traffic every second. The been allowed. This involves specifying and
worm doubled its number of infected hosts every 8 implementing a security policy.
seconds.
B. NETWORK SECURITY - protection of networks and
JULY 2009 CYBERATTACKS – These were a series of their services from unauthorized modification,
coordinated cyberattacks against major government, news destruction, or disclosure, and provision of assurance
media, and financial websites in South Korea and the United that the network performs its critical functions
States. The first wave of attacks occurred on July 4, 2009 correctly and there are no harmful side effects.
and the last wave of attacks began on July 9, 2009.
CIA OF SECURITY (SECURITY PRINCIPLE) Role-Based Access Control – an alternative to
- The original goal of computer and network security is to traditional access control models (e.g., discretionary
provide confidentiality, integrity, and availability. or non-discretionary access control policies) that
permits the specification and enforcement of
Confidentiality - states that information should not enterprise-specific security policies in a way that
be disclosed to unauthorized individuals. maps more naturally to an organization's structure
and business activities.
Integrity - requires information to not be modified
except by individuals authorized to do so. HEALTH ISSUES

Availability - applies to hardware, software, and Many computer-related health problems are minor and are
data. All of these should be present and accessible caused by a poorly designed work environment.
when the subject (the user) wants to access or use
them. Keyboards and computer screens may be fixed in place or
difficult to move.
AUTHENTICATION - deals with the desire to ensure that an Desks and chairs may also be uncomfortable.
individual is who they claim to be. The computer screen may be hard to read, with problems
of glare and poor contrast. The hazardous activities
NON-REPUDIATION - deals with the ability to verify that a associated with these unfavorable conditions are
message has been sent and received and that the sender collectively referred to as work sensors.
can be identified and verified by the security principles.
- continued stressors such as eyestrain, awkward posture,
The three ways an organization can choose to address the and repetitive motion, may cause more serious and
protection of its networks are: long-term injuries.
- ignore security issues
- provide host security ERGONOMICS - The study of designing and positioning
- approach security at a network level. computer equipment
- has suggested several approaches to reduce these health
LEAST PRIVILEGE - applicable to many physical problems.
environments as well as network and host security. - an approach that puts human needs and capabilities at the
- an object should have only the necessary rights and focus of designing technological systems.
privileges to perform its task, with no additional - the objective is to ensure that humans and technology
permissions. work in complete harmony, with the equipment and tasks
aligned to human characteristics.
LAYERED SECURITY - Another goal is to have “no pain” computing. The
- It is important that every environment have multiple layers placement and design of computer tables and chairs, the
of security. Those layers may employ a variety of methods positioning and design of display screens, and the slope of
such as routers, firewalls, network segments, IDSs, the keyboard have been carefully studied.
encryption, authentication software, physical security, and - a relatively new branch of science, celebrated its 50th
traffic control. anniversary in 1999. It relies on research carried out in many
- The layers are depicted, usually, starting from the top, with other older, established scientific areas, such as physiology,
more general types of protection, and progressing psychology, and engineering.
downward through each layer, with increasing granularity at
each layer as you get closer to the actual resource. FLEXIBILITY - a major component of ergonomics
and an important feature of computer devices. People
DIVERSITY OF DEFENSE - a concept that complements the of differing sizes and preferences require different
idea of various layers of security. positioning of equipment for best results

ACCESS - the ability of a subject to interact with an object. ERGONOMICS has various applications to everyday
domestic situations, but there are even more essential
ACCESS CONTROLS - refers to devices and methods implications for productivity, efficiency, safety, and health in
used to limit which subjects may interact with specific work settings.
objects.
AUTHENTICATION - mechanisms ensure that only examples:
valid users are provided access to the computer Designing equipment and work arrangements to improve
system or network. working posture and ease the load on the body, thus
reducing instances of Repetitive Strain Injury/Work Related
VARIOUS METHODS TO IMPLEMENT ACCESS CONTROLS: Upper Limb Disorder.

Discretionary Access Control – means of restricting Information design, to make the interpretation and use of
access to objects based on the identity of subjects handbooks, signs, and displays easier and less error-prone.
and/or groups to which they belong.
Designing equipment and systems including computers,
Mandatory Access Control – means of restricting so that they are easier to use and less likely to lead to errors
access to objects that are based on fixed security in operation – particularly important in high-stress and
attributes assigned to users and files and other safety-critical operations such as control rooms.
objects.
 Designing working environments, including lighting and Tiltable screen
heating, to suit the needs of the users and the tasks Character size at least 3/16" Chair
performed. Where necessary, design personal protective Back provides firm lower and mid-back support.
equipment for work and hostile environments. Adjustable arm rests, if needed to prevent shoulder
fatigue.
Design of training arrangements to cover all significant Seat and back easily adjustable for height and tilt from
aspects of the job concerned and to take account of human seated position
learning requirements. without use of tools.
Seat upholstered and padded curves down at front edge.
The design of military and space equipment and systems Five (5) casters for stability. Table
– an extreme case of demands on the human being. Easily adjustable from seated position without use of
tools
Designing tasks and jobs so that they are effective and Bi-level to allow independent adjustment of screen and
take account of human needs such as rest breaks and keyboard
sensible shift patterns, as well as other factors such as Adequate leg room
intrinsic rewards of work itself. Adequate table top space for required tasks

- In developing countries, the acceptability and Accessories (As Needed)
effectiveness of even fairly basic technology can be Foot rest for users whose feet don’t rest flat on the floor
significantly enhanced. Adjustable keyboard tray, if table is too high
Wrist rest that is padded, movable, same height as
- The multi-disciplinary nature of ergonomics, sometimes keyboard home row
called "Human Factors", is immediately obvious. Document holder adjustable to screen height
Glare screen with grounding wire
- The ergonomist works in teams which may involve a Lumbar support cushion, if chair doesn’t support lower
variety of other professions: back
Telephone headset
- design engineers Task lighting
- production engineers
- industrial designers Reduce Glare to Avoid Eyestrain
- computer specialists Lower lighting level to about half of normal office lighting
- industrial physicians Avoid placing computer directly under a bank of lights
- health and safety practitioners Avoid light shining directly into your eyes or onto your
- specialists in human resources. screen
Use window curtains or blinds if necessary
- The overall aim is to ensure that our knowledge of human Position screen at right angle to window
characteristics is brought to bear on practical problems of Hold a mirror in front of your screen to identify sources of
people at work and in leisure. Trace the origins of glare
ergonomics. Use task lighting if necessary

THE CHECKLIST FOR A USE-FRIENDLY WORKSTATION. INFORMATION ETHICS
- can be regarded as part of normal business
- Top of screen at eye level; lower for bifocal wearers ethics since to do otherwise would mean that
- Screen distance at arm's length (15-32') normally unethical acts might be all right via
- Document adjustable to screen height computer.
- Chair backrest provides firm lower back support
- Chair back and seat easily adjustable for height and ETHICS - set of principles which involves systematizing,
tilt by user defending, and recommending concepts of right and wrong
- Keyboard height promotes relaxed arms with behavior.
forearms parallel to floor
- Wrists straight (neutral) BUSINESS ETHICS - “code of morals of a particular
profession” and “the standards of conduct of a given
EQUIPMENT CHECKLIST FOR A USE-FRIENDLY profession".
WORKSTATION: - Since morals are “principles if right and wrong in
conduct”, information ethics, therefore, can be defined as
Buying Tips an agreement among information systems professionals to
- Ask for equipment that meets American National do right and to avoid wrong in their work.
Standards Institute (ANSI) standards. These are
ergonomic standards applicable to computer Four Unique information systems attributes Addressed by
terminals, associated furniture, and the work information ethics:
environment. Try equipment out before purchasing
whenever possible. Information ethics is a specific application of business
ethics to information systems. Thus, they may be mistakenly
Computer Terminal assumed to be identical to business ethics. However,
Easy to use brightness and control knobs information ethics addresses issues unique to information
No perceptible screen flicker systems.
Detachable keyboard
Reduced electromagnetic fields (EMF) emissions
The four (4) unique I.S. attributes: e. A professional should inform his or her employer
Location - With a computer, an unethical act can be what consequences to expect if his or her judgment
committed from many locations. is overruled.

Time- Information systems make it possible to commit ACCESSIBILITY
unethical acts quickly. - Access to files, both online and offline, should be
restricted only to those who have a legitimate right to
Separation of Act from Consequences- Most people feel access – because they need those files to do their jobs.
guilty when they see someone hurt by their actions. - Many organizations keep a transaction log that notes all
accesses or attempted accesses to data. Most LAN
Individual Power- Would-be criminals often need help to management software includes this function.
misbehave.
PROPERTY
PRIVACY - the right of people to not reveal information - Many networks have audit controls to track which files
about them. were opened, which programs and servers were used, and
- It is the right to keep personal information, such as so on. This creates an audit trail, a record of how a
personal email messages,medical histories, student transaction was handled from input through processing and
records, and financial information from getting into the output.
wrong hands.
THE FOLLOWING ARE THE FEDERAL COMPUTER CRIME
- The right to privacy at work is also an important issue. LAWS:
Some experts believe that there will be a collision between
workers who want their privacy and companies that Fair Credit Reporting Act of 1970 (FCRA).
demand to know more about their employees. - Controls operations of credit-reporting bureaus, including
how they collect, store, and use credit information.
- Email also raises some interesting issues about work
privacy. Federal law allows employers to monitor email sent Freedom of Information Act of 1970.
and received by employees. - Ensures access of individuals to personal data collected
about them and about government activities in federal
- Furthermore, email messages that have been erased from agency files.
hard disks may be retrieved and used in lawsuits because
the laws of discovery demand that companies produce all Tax Reform Act of 1976.
relevant business documents. - Regulates the collection and use of certain information by
- Alternatively, the use of email among public officials may the Internal Revenue Service.
violate “open meeting” laws. These laws, which apply to
many local, state, and federal agencies, prevent public Rights to Financial Privacy Act of 1978.
officials from meeting in private about matters concerning - Regulates government access to certain records held by
the state or local area. financial institutions.

INFORMATION ACCURACY Electronic Funds Transfer Act of 1979.
- For information to be accurate, it must be error-free, - Enumerates the responsibilities of companies that use
complete, and relevant to decisions that are to be based on electronic funds transfer systems, including consumer
it. rights and liability for bank debit cards.

PROFESSIONAL INTEGRITY - one of the guarantors of Computer Matching and Privacy Act of 1988.
information accuracy. - Regulates cross-reference between federal agencies'
computer files.
An ethical approach to information accuracy calls for the
following: Video Privacy Act of 1988.
- Prevents retail stores from disclosing video rental records
a. Individuals should be given an opportunity to without a court order.
correct inaccurate information held about them in
database. Telephone Consumer Protection Act of 1991.
- Limits telemarketers' practices.
b. Databases containing data about individuals should
be reviewed at frequent intervals, with obsolete data Cable Act of 1992.
discarded. - Regulates companies and organizations that provide
wireless communication services, including cellular phones.
c. System safeguards, such as control audits, are
necessary to maintain information accuracy. Regular Computer Abuse Amendments Act of 1994.
audits of data quality should be performed and acted - Prohibits transmissions of harmful computer programs and
upon. code, including viruses.

d. A professional should not misrepresent his or her Children's Online Privacy Protection Act of 1998.
qualifications to perform a task. - Establishes standards for sites that collect information
from children. Its purpose is to prohibit unfair or deceptive
acts or practices in connection with the collection, use, or
disclosure of personally identifiable information from and PERSONAL COMPUTER - can get a virus from an infected
about children on the Internet. disk, an application, or e-mail attachments received from
the Internet.
Education Privacy Act.
- Restricts collection and use of data by federally funded A virus or worm that attacks a network or client/server
educational institutions, including specifications for the type system is usually more severe because it can affect
of data collected, access by parents and students to the hundreds or thousands of personal computers and other
data, and limitations on disclosure. devices attached to the network.

Copyrights Law. - Workplace computer virus infections are increasing
- Sets standards on copyrights and computer programs. rapidly because of several viruses spread through e-mail
attachments.
Fraud and False Statements Law.
- Standards against fraud and related activity in connection MALICIOUS ACCESS
with access devices and computers.
Crimes involving illegal system access and use of
Espionage and Censorship. computer services are a concern to both government and
- Sets standards in gathering, transmitting, or losing business. Federal, state, and local government computers
defense information. are sometimes left unattended over weekends without
proper security, and university computers are often used for
Mail Fraud Law commercial purposes under the pretense of research or
- General prohibition on pen register and trap and trace other legitimate academic pursuits.
device use
- Pen Registers and Trap and Trace Devices A 28-year-old computer expert allegedly tied up
- Standards against fraud by wire, radio, or television thousands of US West computers in an attempt to solve a
- Standards against Interception and disclosure of classic math problem. The individual reportedly obtained
wire, oral, or electronic communications prohibited the passwords to hundreds of computers and diverted them
- Wire and Electronic Communications Interception and to search for a new prime number, racking up ten years of
Interception of Oral Communications computer processing time. The alleged hacking was
discovered by a US West Intrusion Response Team after
TIPS IN PREVENTING CRIMES ON THE INTERNET company officials noticed that computers were taking up to
five minutes to retrieve telephone numbers, when normally
Internet security can include firewalls and a number of they require only three to five seconds. At one point,
methods to secure financial transactions. customer calls had to be rerouted to other states, and the
delays threatened to close down the Phoenix Service
FIREWALL - includes hardware and software combinations Delivery Center.
that act as a barrier between an organization's information
system and the outside world. - Since the outset of information technology, computers
- A number of systems have been developed to safeguard have been plagued by criminal hackers.
financial transactions on the Internet.
HACKER - a person who enjoys computer technology and
tips to help prevent crime on the Internet: spends time learning and using computer systems.
Use of stand-alone firewall, including hardware and
software with network monitoring capabilities. CRIMINAL HACKER or CRACKER - a computer-savvy
Use Internet security specialists to perform audits of all person who attempts to gain unauthorized or illegal access
Internet and network activities. to computer systems
Develop effective Internet and security policies for all - people who are looking for fun and excitement – the
employees. challenge of beating the system.
Monitor managers and employees to make sure they are
using the Internet for business purposes only. CLASSIFICATION OF COMPUTER VIRUSES

DATA ALTERATION/THEFT APPLICATION VIRUSES - infect executable
- Data and information are valuable corporate assets. The application files, such as word processing programs.
intentional use of illegal and destructive programs to alter or When the application is executed, the virus infects
destroy data is as much a crime as destroying tangible the computer system.
goods.
- The most common of these types of programs are viruses SYSTEM VIRUS - typically infects operating system
and worms, which are software programs that, when loaded programs or other systems files. These files of
into a computer system, will destroy, interrupt, or cause viruses usually infect the system as soon as the
errors in processing. computer is started.
- There are more than 53,000 known computer viruses
today, with more than 6,000 new viruses and worms being LOGIC BOMB - Another type of program that can destroy a
discovered each year. system
- Some viruses and worms attack personal computers, - an application or system virus designed to "explode" or
while others attack network and client/server systems. execute at a specified time and date.
- disguised as a Trojan horse, a program that appears to be
useful but actually masks the destructive program. Some of
these programs execute randomly; others are designed to
remain inert in software until a certain code is given. When (2) Any evidence obtained in violation of this or the
it detects the cue, the bomb will explode months, or even preceding section shall be inadmissible for any purpose in
years, after being “planted”. any proceeding.

MACRO VIRUS - uses an application's own macro Section 7
programming language to distribute itself. The right of the people to information on matters of public
- do not infect programs, they infect documents. The concern shall be recognized. A citizen has the right to
document could be a letter created using a word processing access to official records, and to documents and papers
application, a graphics file developed for a presentation, or pertaining to official acts, transactions, or
a database file. decisions, subject to the limitations provided by law. Hence,
- macro viruses that are hidden in a document file can be the case being jurisprudence, one has the right to access
difficult to detect. As with other viruses, however, virus such information.
detection and correction programs can be used to find and
remove macro viruses. Given the situation, a person cannot invoke that his right to
privacy has been violated because of the publication of his
LESSON 2: TECHNOLOGIES IMPACT ON name along with the case he was in as the right to privacy
does not prohibit the publication of matter which is of public
PRIVACY
or general interest.

THE RIGHT TO PRIVACY IN THE PHILIPPINES
THE NATIONAL IDENTIFICATION SYSTEM

The Facts:
- It‘s been two decades since the government first initiated
Mr. A has this estafa case and the case reached the
the establishment of a national ID system.
Supreme Court. Unfortunately, he lost the case. As we all
- done after 20 years
know, when a case reaches the Supreme Court, the same is
published in every website discussing Philippine
ADMINISTRATIVE ORDER NO. 308 - (1996)
jurisprudence. Now, every time someone key-in his name in
- issued by President Fidel Ramos; adopting a National
the web search engines, the estafa case is displayed as one
Computerized Identification System.
of its results. Due to such, Mr. A suffered
- The order was declared unconstitutional by the Supreme
humiliation and embarrassment from people, who chanced
Court.
upon such search result of his name. Because of this, he
- In striking down A.O. 308, the Supreme Court emphasized
wants his name be removed from such websites and he
that the Court is not per se against the use of computers to
therefore invokes his Constitutional right to privacy
accumulate, store, process, retrieve, and transmit data to
improve our bureaucracy.
The Issue:
Can a person request that his name be removed from such
- The Supreme Court also emphasized that the right to
websites pertaining to Supreme Court decided cases as the
privacy does not bar all incursions into the right to individual
same is a violation of his right to privacy? Why? Why not?
privacy. This right merely requires that the law be narrowly
focused and a compelling interest justify such intrusions.
The Answer:
Intrusions into the right must be accompanied by proper
No. A person cannot ask for such removal as the same does
safeguards and well-defined standards to prevent
not constitute as a violation of his right to privacy.
unconstitutional invasions.

The Philippines has no specific law on privacy. However,
RIGHT TO PRIVACY - a constitutional right, granted
the 1987 Constitution tried to provide under its:
recognition independently of its identification with liberty.
- recognized and enshrined in several provisions of our
Article III (Bill of Rights) provisions for the right to privacy,
Constitution, specifically in Sections 1, 2, 3 (1), 6, 8 and 17
namely:
of the Bill of Rights.
- Zones of privacy are also recognized and protected in our
Section 2.
laws, including certain provisions of the Civil Code and the
The right of the people to be secure in their persons,
Revised Penal Code, as well as in special laws (e.g.,
houses, papers, and effects against unreasonable searches
Anti-Wiretapping Law, the Secrecy of Bank Deposit Act and
and seizures of whatever nature and for any purpose shall
the Intellectual Property Code).
be inviolable, and no search warrant or warrant of arrest
shall be issued except upon probable cause to be
- a fundamental right guaranteed by the Constitution.
determined personally by the judge after examination under
- Therefore, it is the burden of government to show that
oath or affirmation of the complainant and the witnesses he
A.O. 308 is justified by some compelling state interest and
may produce, and particularly describing the place to be
that it is narrowly drawn. The government failed to
searched and the persons or things to be seized.
discharge this burden.

Section 3.
A.O. 308 is predicated on two considerations:
(1) The privacy of communication and correspondence shall
be inviolable except upon lawful order of the court, or when
(1) the need to provide our citizens and foreigners with the
public safety or order requires otherwise, as prescribed by
facility to conveniently transact business with basic service
law.
and social security providers and other government
instrumentalities and
(2) the need to reduce, if not eradicate, fraudulent IDENTITY THEFT - deliberate use of someone else's
transactions and misrepresentations by persons seeking identity, usually as a method to gain a financial advantage
basic services. While it is debatable whether these interests or obtain credit and other benefits in the other person's
are compelling enough to warrant the issuance of A.O. 308, name, and perhaps to the other person's disadvantage or
it is not arguable that the broadness, the vagueness, and loss.
the overbreadth of A.O. 308, if implemented, will put our
people‘s right to privacy in clear and present danger. - In the Philippines, many syndicated groups used skimming
machine to perform such acts.
- The heart of A.O. 308 lies in its Section 4 which provides
for a Population Reference Number (PRN) as a “common ATM SKIMMING - identity theft for debit cards: Thieves use
reference number to establish a linkage among concerned hidden electronics to steal the personal information stored
agencies” through the use of “Biometrics Technology” and on your card and record your PIN to access all that
“computer application designs.” hard-earned cash in your account.

BIOMETRY or BIOMETRICS - “the science of the application Skimming takes two separate components to work:
of statistical methods to biological facts; a mathematical
analysis of biological data.” The first part is the skimmer itself, a card reader placed
- The methods or forms of biological encoding include over the ATM's real card slot.
finger-scanning and retinal scanning, as well as the method - Always pay attention to objects mounted on the ATM or
known as the “artificial nose” and the thermogram. located close by. A pinhole or off-color piece of plastic
could give away the camera's hiding place. Cameras could
- A.O. 308 does not state what specific biological even be hidden in brochure racks.
characteristics and what particular biometrics technology
shall be used. Some employ fake keypads in lieu of cameras to capture
PINs. Just like the card skimmers fit over the ATM's true
- A.O. 308 does not state whether encoding of data is card slot, skimming keypads are designed to mimic the
limited to biological information alone for identification keypad's design and fit over it like a glove. If you notice that
purposes. The Solicitor General‘s claim that the adoption of the keypad on your ATM seems to protrude oddly from the
the Identification Reference System will contribute to the surface around it, or if you spy an odd color change
“generation of population data for development planning” is between the pad and the rest of the ATM, it could be a fake.
an admission that the PRN will not be used solely for
identification but for the generation of other data with THE BLOGGER’S FREEDOM OF EXPRESSION AND THE
remote relation to the avowed purposes of A.O. 308. LIBEL LAW

- The computer linkage gives other government agencies Scope of the Freedom of Expression
access to the information, but there are no controls to guard
against leakage of information. When the access code of Article III (Bill of Rights) Section 4 of the 1987 Philippine
the control programs of the particular computer system is Constitution:
broken, an intruder, without fear of sanction or penalty, can No law shall be passed abridging the freedom of speech, of
make use of the data for whatever purpose, or worse, expression, or of the press, or the right of the people
manipulate the data stored within the system. peaceably to assemble and petition the government for
redress of grievances. In addition, to protect the rights of
- A.O. 308 falls short of assuring that personal information people having an adverse political beliefs and aspirations
that will be gathered about our people will only be
processed for unequivocally specified purposes. The lack Article III Section 18
of proper safeguards in this regard of A.O. 308 may No person shall be detained solely because of his political
interfere with the individual‘s liberty of abode and travel by beliefs and aspirations.
enabling authorities to track down his movement; it may
also enable unscrupulous persons to access confidential DEFAMATION LAWS IN THE PHILIPPINES
information and circumvent the right against
self-incrimination; it may pave the way for “fishing Article 353 of the Revised Penal Code of the Philippines:
expeditions” by government authorities and evade the right
against unreasonable searches and seizures. The LIBEL - defined as a public and malicious imputation of a
possibilities of abuse and misuse of the PRN, biometrics, crime, or of a vice or defect, real or imaginary, or any act,
and computer technology are accentuated when we omission, condition, status or circumstance tending to
consider that the individual lacks control over what can be discredit or cause the dishonor or contempt of a natural or
read or placed on his ID, much less verify the correctness of juridical person, or to blacken the memory of one who is
the data encoded. They threaten the very abuses that the dead.
Bill of Rights seeks to prevent.
Elements of libel are:
IDENTITY THEFT IN THE PHILIPPINES (a) imputation of a discreditable act or condition to another;
- personal information is captured, processed, and (b) publication of the imputation;
disseminated in a bewildering variety of ways, and through (c) identity of the person defamed;
increasingly sophisticated, miniaturized, and distributed (d) existence of malice. [Daez v. Court of Appeals, G.R. No.
technologies: identity cards, biometrics, video surveillance, 47971, 31 October 1990, 191 SCRA 61, 67]
the use of cookies and spyware by websites, data mining
and profiling, and many others. - In libel cases, the question is not what the writer of an
alleged libel means, but what the words used by him mean.
Jurisprudence has laid down a test to determine the malice. [Aquino, Ramon C., The Revised Penal Code, Vol. III,
defamatory character of words used in the following Bk. II, 1997 Ed., citing People v. de los Reyes, Jr., 47 OG
manner, viz: 3569]

- “Words calculated to induce suspicion are sometimes - It is established doctrine that the malice that attends the
more effective to destroy reputation than false dissemination of the article alleged to be libelous must
charges directly made. Ironical and metaphorical attend the distribution itself. It cannot be merely a
language is a favored vehiclefor slander. resentment against a person, manifested unconnectedly
- A charge is sufficient if the words are calculated to several months earlier or one displayed at a much later
induce the hearers to suppose and understand that date.
the person or persons against whom they were
uttered were guilty of certain offenses, or are How Committed:
sufficient to impeach their honesty, virtue, or
reputation, or to hold the person or persons up to Article 355 of the Revised Penal Code: libel may be
public ridicule.” [Lacsa v. Intermediate Appellate committed using writing, printing, lithography, engraving,
Court, 161 SCRA 427 (1988) citing U.S. v. O‘Connell, radio, phonograph, painting, theatrical exhibition,
37 Phil. 767 (1918)] cinematographic exhibition, or any similar means.

ALLEGATION - is considered defamatory if it ascribes to a Persons Responsible:
person the commission of a crime, the possession of a vice
or defect, real or imaginary, or any act, omission, condition, - Any person who shall publish, exhibit, or cause the
status, or circumstances which tend to dishonor or discredit publication or exhibition of any defamation In writing or by
or put him in contempt, or which tends to blacken the similar means, shall be responsible for the same. The author
memory of one who is dead. or editor of a book or pamphlet, or the editor or business
manager of a daily newspaper, magazine, or serial
PRESUMPTION OF MALICE: publication, shall be responsible for the defamations
contained therein to the same extent as if he were the
MALICE - present in every defamatory imputation. author thereof.

Article 354 of the Revised Penal Code: Every defamatory Defenses:
imputation is presumed to be malicious, even if it be true if
no good intention and justifiable motive for making it is In every criminal prosecution for libel, the truth may be
shown, except in the following cases: given in evidence to the court, and if it appears that the
matter charged as libelous is true and that it was published
1. A private communication made by any person to another with good motives and for justifiable ends, the defendants
in the performance of any legal, moral or social duty; and shall be acquitted.

2. A fair and true report, made in good faith, without any - Proof of the truth of an imputation of an act or omission
comments or remarks, of any judicial, legislative or other not constituting a crime shall not be admitted unless the
official proceedings that are not confidential, or any imputation shall have been made against Government
statement, report, or speech delivered in said proceedings, employees with respect to facts related to the discharge of
or of any other act performed by public officers in the their official duties.
exercise of their functions.
In such cases, if the defendant proves the truth of the
- Paragraph 2 afore quoted refers to a qualifiedly privileged imputation made by him, he shall be acquitted.
communication, the character of which is a matter of
defense that may be lost by positive proof of express malice - any of the imputations covered by Article 353 is
on the part of the accused. Once it is established that the defamatory and, under the general rule laid down in Article
article is of a privileged character, the onus of proving 354, every defamatory imputation is presumed to be
actual malice rests on the plaintiff who must then convince malicious, even if it be true; if no good intention and
the court that the offender was prompted by malice or ill justifiable motive for making it is shown. There is malice
will. When this is accomplished the defense of privilege when the author of the imputation is prompted by personal
becomes unavailing. [Santos v. Court of Appeals, No. ill-will or spite and speaks not in response to duty but
L-45031, 21 October 1991, 203 SCRA 110, 114] merely to injure the reputation of the person who claims to
have been defamed. Truth then is not a defense, unless it is
- Prescinding from this provision, when the imputation is shown that the matter charged as libelous was made with
defamatory, as in this case, the prosecution need not prove good motives and for justifiable ends.
malice on the part of the defendant (malice in fact), for the
law already presumes that the defendant‘s imputation is ONLINE LIBEL IN THE PHILIPPINES
malicious (malice in law).
- The Supreme Court (SC) of the Philippines upheld the
- The burden is on the side of the defendant to show good constitutionality of most parts of the Cybercrime
intention and justifiable motive in order to overcome the Prevention Act of 2012, including the contentious provision
legal inference of malice. that punishes online libel.

- In order to constitute malice, it will must be personal. So if - The execution of the law was suspended in October 2012
the ill will is engendered by one‘s sense of justice or other by a temporary restraining order issued by the Supreme
legitimate or plausible motive, such feeling negatives
Court, following criticisms and protests among the media (a) Offenses against the confidentiality, integrity and
and human rights advocates. availability of computer data and systems:

However, with this new ruling of the Supreme Court, a (1) Illegal Access. – The access to the whole or any part of
person or entity who posts something (in words or pictures) a computer system without right.
— which can be proven false, and is intended to harm the
reputation of another by tending to bring the target into (2) Illegal Interception. – The interception made by
ridicule, hatred, scorn or contempt of others — may be technical means without right of any non-public
arrested, detained, and imprisoned because of libel. transmission of computer data to, from, or within a
computer system including electromagnetic emissions from
- Yes, in the Philippines, libel is still a criminal offense. It is a computer system carrying such computer data.
defamation in its very essence, but covers published work
on print, television and other traditional media. The same is (3) Data Interference. — The intentional or reckless
now true for new media like the internet. alteration, damaging, deletion or deterioration of computer
data, electronic document, or electronic data message,
- This online/internet libel law, however, punishes only the without right, including the introduction or transmission of
original author of the post. Those who “liked”, “shared,” viruses.
“re-tweeted” or re-blogged a post will not be criminally
liable unless the person added a comment that may deemed (4) System Interference. — The intentional alteration or
to be libelous by a complainant. reckless hindering or interference with the functioning of a
computer or computer network by inputting, transmitting,
COMPUTER HACKERS AND THE CYBERCRIME LAW damaging, deleting, deteriorating, altering or suppressing
computer data or program, electronic document, or
The ILOVEYOU Virus electronic data message, without right or authority,
- Sixteen years ago, a young Filipino computer student including the introduction or transmission of viruses.
made history by unleashing the world‘s first global
Internet-borne virus. Known as the Love Bug, the virus (5) Misuse of Devices.
spread from East to West in a single day, inflicting $5.5
billion in damages, corrupting files, and shutting down (i) The use, production, sale, procurement, importation,
computer systems at major corporations, newsrooms, Wall distribution, or otherwise making available, without right, of:
Street firms, and government offices across the world.
(aa) A device, including a computer program,
The worm arrived in people‘s email boxes with a designed or adapted primarily for the purpose of
provocative subject line, ― “I LOVE YOU: A love letter for committing any of the offenses under this Act; or
you.” When recipients opened the attachment, ― “LOVE
LETTER-FOR-YOU.TXT.vbs,” they unwittingly infected their (bb) A computer password, access code, or similar
computer with the self_x0002_replicating worm as well as data by which the whole or any part of a computer
the computers of everyone in their contact list. system is capableof being accessed with intent that it
be used for the purpose of committing any of the
- The author of the virus is believed to be Onel de Guzman, offenses under this Act.
then 25, a student at AMA Computer University in Makati.
What many people did not realize at the time was that de (ii) The possession of an item referred to in paragraphs
Guzman‘s original intention for creating the worm was 5(i)(aa) or (bb) above with intent to use said devices for the
altruistic at its roots. In the Philippines, an hour‘s worth of purpose of committing any of the offenses under this
Internet access cost as much as half a day‘s wage: 100 section.
pesos, the equivalent of two dollars.
(6) Cyber-squatting. – The acquisition of a domain name
For his graduation thesis in computer science, de Guzman over the internet in bad faith to profit, mislead, destroy
wrote a program that would enable the average Filipino to reputation, and deprive others from registering the same, if
get free Internet access by stealing passwords from the such a domain name is:
rich. His school rejected his thesis because of its bandit
nature, so he could not graduate. Undeterred, de Guzman, (i) Similar, identical, or confusingly similar to an existing
with the help of friends, unleashed his virus the day before trademark registered with the appropriate
the university held its graduation ceremony. government agency at the time of the domain name
registration:
The Philippine authorities filed theft and other charges
against Mr. de Guzman, but dropped them in August (ii) Identical or in any way similar with the name of a person
because of insufficient evidence. The case against him was other than the registrant, in case of a personal
weakened because at the time, the Philippines did not have name; and
laws governing computer espionage.
(iii) Acquired without right or with intellectual property
Cybercrime Prevention Act of 2012 (Republic Act 10175) interests in it.
punishable acts according to Chapter II of the Cybercrime
Prevention Act of 2012: (b) Computer-related Offenses:

SEC. 4. Cybercrime Offenses. — The following acts (1) Computer-related Forgery. —
constitute the offense of cybercrime punishable under this
Act:
 (i) The input, alteration, or deletion of any (bb) The commercial electronic communication
computer data without right resulting in does not purposely disguise the source of the
inauthentic data with the intent that it be electronic message; and
considered or acted upon for legal purposes as
if it were authentic, regardless whether or not (cc) The commercial electronic communication
the data is directly readable and intelligible; or does not purposely include misleading
information in any part of the message in order
(ii) The act of knowingly using computer data to induce the recipients to read the message.
which is the product of computer-related
forgery (4) Libel. — The unlawful or prohibited acts of libel as
as defined herein, for the purpose of defined in Article 355 of the Revised Penal Code, as
perpetuating a fraudulent or dishonest design. amended, committed through a computer system or
any other similar means that may be devised in the
(2) Computer-related Fraud. — The unauthorized future.
input, alteration, or deletion of computer data or
program or interference in the functioning of a SEC. 5. Other Offenses. — The following acts shall also
computer system, causing damage thereby with constitute an offense:
fraudulent intent: Provided, That if no damage has yet
been caused, the penalty imposable shall be one (1) (a) Aiding or Abetting in the Commission of Cybercrime. –
degree lower. Any person who willfully abets or aids in the commission of
any of the offenses enumerated in this Act shall be held
(3) Computer-related Identity Theft. — The liable.
intentional acquisition, use, misuse, transfer,
possession, alteration or deletion of identifying (b) Attempt in the Commission of Cybercrime.
information belonging to another, whether natural or — Any person who willfully attempts to commit any of the
juridical, without right: Provided, That if no damage offenses enumerated in this Act shall be held liable.
has yet been caused, the penalty imposable shall be
one (1) degree lower. The following are the punishment for such acts:

(c) Content-related Offenses: SEC. 8. Penalties. — Any person found guilty of any of the
punishable acts enumerated in Sections 4(a) and 4(b) of
(1) Cybersex. — The willful engagement, this Act shall be punished with imprisonment of prison
maintenance, control, or operation, directly or mayor or a fine of at least Two hundred thousand pesos
indirectly, of any lascivious exhibition of sexual (PhP200,000.00) up to a maximum amount commensurate
organs or sexual activity, with the aid of a computer to the damage incurred or both.
system, for favor or
consideration. - Any person found guilty of the punishable act under
Section 4(a)(5) shall be punished with imprisonment of
(2) Child Pornography. — The unlawful or prohibited prison mayor or a fine of not more than Five hundred
acts defined and punishable by Republic Act No. thousand pesos (PhP500,000.00) or both.
9775 or the Anti-Child Pornography Act of 2009,
committed through a computer system: Provided, that - If punishable acts in Section 4(a) are committed against
the penalty to be imposed shall be (1) one degree critical infrastructure, the penalty of reclusion temporal or a
higher than that provided for in Republic Act No. fine of at least Five hundred thousand pesos
9775. (PhP500,000.00) up to maximum amount commensurate to
the damage incurred ornboth, shall be imposed.
(3) Unsolicited Commercial Communications. — The
transmission of commercial electronic communication - Any person found guilty of any of the punishable acts
with the use of computer system which seek to enumerated in Section 4(c)(1) of this Act shall be punished
advertise, sell, or offer for sale products and services with imprisonment of prison mayor or a fine of atleast Two
are prohibited unless: hundred thousand pesos (PhP200,000.00) but not
exceeding One million pesos (PhP1,000,000.00) or both.
(i) There is prior affirmative consent from the
recipient; or - Any person found guilty of any of the punishable acts
enumerated in Section 4(c)(2) of this Act shall be punished
(ii) The primary intent of the communication is with the penalties as enumerated in Republic Act No. 9775
for service and/or administrative or the “Anti-Child Pornography Act of 2009”: Provided, That
announcements from the sender to its existing the penalty to be imposed shall be one (1) degree higher
users, subscribers or customers; or than that provided for in Republic Act No. 9775, if
committed through a computer system.

(iii) The following conditions are present: - Any person found guilty of any of the punishable acts
(aa) The commercial electronic enumerated in Section 4(c)(3) shall be punished with
communication contains a simple, valid, imprisonment of arresto mayor or a fine of at least Fifty
and reliable way for the recipient to thousand pesos (PhP50,000.00) but not exceeding Two
reject. receipt of further commercial hundred fifty thousand pesos (PhP250,000.00) or both.
electronic messages (opt-out) from the
same source;
- Any person found guilty of any of the punishable acts numbers, previous or current health records, licenses or
enumerated in Section 5 shall be punished with their denials, suspension or revocation, and tax returns; and
imprisonment one (1) degree lower than that of the
prescribed penalty for the offense or a fine of at least One (4) Specifically established by an executive order or an act
hundred thousand pesos (PhP100,000.00) but not of Congress to be kept classified.ll(Republic Act. No. 10173,
exceeding Five hundred thousand pesos (PhP500,000.00) Ch. 1, Sec. ).
or both.
What is "consent?"
THE DATA PRIVACY ACT (RA 10173):
CONSENT - of the data subject refers to any freely given,
The Data Privacy Act (DPA), or Republic Act No. 10173 - specific, informed indication of will, whereby the data
was passed by the Philippines Congress in 2012 and finally subject agrees to the collection and processing of personal
implemented five years later in 2016. RA 10173 assures the information about and/or relating to him or her.
―free flow of information to promote innovation and
growthǁ(Republic Act. No. 10173, Ch. 1, Sec. 2) while - shall be evidenced by written, electronic, or recorded
protecting the users‘ fundamental rights to privacy means. It may also be given on behalf of the data subject by
an agent specifically authorized by the data subject to do so
How is it implemented? (RA. No. 10173, Ch. 1, Sec. 1).

- RA 10173 protects and maintains the right of customers to What are the rights of the data subject?
confidentiality by setting a legal list of rules for companies
to regulate the collection, handling, and disposal of all - The data subject or the individual sharing his/her personal
personal information. information has to be fully informed of several factors of the
- Companies legally responsible for keeping their data collecting process. This list includes, but isn't limited
customers‘ data protected from third parties or any form of to:
misuse, internally or externally.
(1) the reason for use
What does that mean for data collectors/companies? (2) methods for access
(3) the identity and contact details of the personal
The Act applies to any process of personal data by information controller
anyone in government or private sectors. (4) how long the information will be stored for
(5) access to their rights.
All personal data must have legitimate reasons for
collection as well as should be clear to both parties giving What steps do I need to take in compliance with the Data
and receiving information. With that being said, all collection Privacy Act?
must be done with the customer the customers‘ proper
consent. - Companies essentially have to ensure that their data
collection methods are flawless as well as consistently
All personal information used must also be relevant solely share the entire process with data subjects, including a
used for its intended and state purposes. Companies must breach of security.
protect customer information from collection to proper
disposal, avoiding access from unauthorized parties. To do this, companies should

What is “personal information?” 1. Appointing a Data Protection Officer
2. Conducting a privacy impact assessment
PERSONAL INFORMATION - refers to any information, 3. Creating a privacy knowledge management
whether recorded in a material form or not, from which the program
identity of an individual is apparent or can be reasonably 4. Implementing a privacy and data protection policy
and directly ascertained by the entity holding the 5. Exercising a breach reporting procedure
information, or when put together with other information
would directly and certainly identify an individual (Republic What happens if I do not comply?
Act. No. 10173, Ch. 1, Sec. 3)
- Improper/unauthorized processing, handling or disposal of
What is "sensitive personal information?" personal information can be penalized by imprisonment up
to six years and a fine of not less than Five hundred
(1) About an individual's race, ethnic origin, marital status, thousand pesos (PHP 500,000).
age, color, and religious, philosophical or political
affiliations; LESSON 3: FREEDOM OF EXPRESSION
(2) About an individual's health, education, genetic or
CHINA STIFLES ONLINE DISSENT
sexual life of a person, or to any proceeding for any offense
committed or alleged to have been committed by such
- In 1995, the government of the People's Republic of China
person, the disposal of such proceedings, or the sentence
established the country's first Internet service provider
of any court in such proceedings;
(ISP).

(3) Issued by government agencies peculiar to an individual
which includes, but is not limited to, social security
 types of speech: particularly relevant to information
The decision reflected two conflicting needs. technology.
China's drive toward economic globalization
requires the adoption of Western technologies that OBSCENE SPEECH
allow Chinese companies to market themselves to the - The term "obscene" refers to material, content, or speech
West. that is considered highly offensive, particularly in a sexual
or prurient context.
The Communist Party's hold over the country rests - Obscenity typically involves explicit or graphic depictions
on suppressing freedom of the press and freedom of of sexual conduct or explicit sexual content that goes
expression. The party thus decided introduce beyond what is generally considered acceptable within a
government-controlled Internet, often referred to as particular community or society.
the "Great Firewall of China."
Miller vs. California is the Supreme Court case that
The firewall blocks citizens from accessing Western news established a test to determine if material is obscene and
Web sites such as CNN, the York Times, and Reuters. therefore not protected by the First Amendment.

The Internet enables worldwide exchange of news, ideas, In its 1973 ruling in Miller vs. California, the Supreme Court
opinions, rumors, and information. Its broad accessibility, determined that speech can be considered obscene and not
open-minded discussions, and anonymity make the Internet protected based on the following three questions:
ideal communication medium.
1. Would the average person, applying contemporary
It provides an easy and inexpensive way for a speaker to community standards, find that the work, taken as a whole,
send message indiscriminately to large audience, potentially appeals to the prurient interest?
thousands of people worldwide. 2. Does the work depict or describe, in a patently offensive
way, sexual conduct specifically defined by the applicable
In addition, given the right e-mail addresses, a speaker law?
can aim a message laser accuracy at a select subset of 3. Does the work, taken as a whole, lack serious literary,
powerful and influential people. artistic, political, or scientific value?

1987 CONSTITUTION OF THE REPUBLIC OF THE These three tests have become standard for determining if
PHILIPPINES-ARTICLE III: BILL OF RIGHTS something is obscene.

Section 3. DEFAMATION
(1) The privacy of communication and correspondence shall - The right to freedom of expression is restricted when the
be inviolable except upon lawful order of the court, or when expressions, whether spoken or written, are untrue and
public safety or order requires otherwise, as prescribed by cause harm to another person. The publication of statement
law. of alleged fact that is false that harms another person is
defamation.
(2) Any evidence obtained in violation of this or the - An oral defamatory statement is slander, and a written
preceding section shall be inadmissible for any purpose in defamatory statement is libel.
any proceeding.
FREEDOM OF EXPRESSION: KEY ISSUES
Section 4.
No law shall be passed abridging the freedom of speech, of Information technology has provided amazing new ways to
expression, or of the press, or the right of the people communicate with people around the world. With these new
peaceably to assemble and petition the government for methods come responsibilities and new ethical problems.
redress of grievances.
- number of key issues related to freedom of expression,
Section 5. including controlling access to Information on the Internet,
No law shall be made respecting an establishment of anonymity, defamation, hate speech, and pornography.
religion, or prohibiting the free exercise thereof. The free
exercise and enjoyment of religious profession and worship, INTERNET FILTERING
without discrimination or preference, shall forever be - internet filter is software that can be Installed with Web
allowed. No religious test shall be required for the exercise browser to block access to certain Web sites that contain
of civil or political rights. inappropriate or offensive material.
- The best Internet filters used a combination of URL
- Numerous court decisions have broadened the definition filtering, keyword filtering, and dynamic content filtering.
of speech to include non- verbal, visual, and symbolic
forms-of expression, such as burning the flag, dance - With URL (Uniform Resource Locator) filtering a particular
movements, and hand gestures. URL or domain name is identified as an objectionable site
and the user is not allowed access it.
However, the following types of speech are not protected - Keyword filtering uses keywords or phrases such as sex,
by the bill and may be forbidden by the government: Satan, and gambling to trigger the blocking of websites.
obscene speech, defamation, incitement of panic, - With dynamic content filtering each web site's content is
incitement to crime, "fighting words", and sedition evaluated immediately before it is displayed, using such
(incitement of discontent or rebellion against a techniques as object analysis and image recognition.
government).
- Network administrators may choose to install filters on - Corporations often file these lawsuits because they are
employees’ computers to prevent them from viewing sites upset by anonymous e-mail messages that criticize the
that contain pornography or other objectionable material. company or reveal company secrets.

CONTENT RATING ASSOCIATION (ICRA) - Another filtering DEFAMATION AND HATE SPEECH
system Speech that is merely annoying, critical, demeaning, or
- a nonprofit organization whose members include Internet offensive enjoys protection under the law.
industryleaders such as AOL Europe, BellSouth, British Legal recourse is possible only when hate speech turns
Telecom, IBM, Microsoft, and Verizon. into clear threats and intimidation against specific hate
citizens.
- Another approach to restricting access to Web sites is to Persistent or malicious harassment aimed at a specific
subscribe to an internet service provider (ISP) that performs person can be prosecuted under the law, but general, broad
the blocking itself. statements expressing hatred of an ethnic, racial, or
religious group cannot. A threatening private message sent
ANONYMITY - The principle of anonymous expression over the Internet to a person, a public message displayed
allows people to state their opinions without revealing their on Web site describing intent to commit acts of
identity. hate-motivated violence, and libel directed at a particular
- The freedom to express an opinion without fear of reprisal person are all actions that can be prosecuted.
is an important right of a democratic society.
- even more important in countries that don't allow free PORNOGRAPHY
speech. However, in the wrong hands, anonymous Many adults and free-speech advocates believe that
communication can be used as a tool to commit illegal or nothing is illegal or wrong about purchasing adult
unethical activities. pornographic material made for and by consenting adults.
- Maintaining anonymity on the Internet is important to They argue that the law protects such material.
some computer users. They might be seeking help in an On the other hand, most parents, educators, and other
online support group, reporting defects about child advocates are upset by the thought of children are
manufacturer's goods or services, participating in frank deeply concerned about viewing pornography.
discussions of sensitive topics, expressing a minority or They are deeply concerned about its impact on children
antigovernment opinion in hostile political environment, or and fear that increasingly easy access to pornography
participating in chat rooms. encourages pedophiles and sexual molesters.
- Other Internet users would like to ban Web anonymity Spim, instant messaging spam, is also becoming a
because they think that its use increases the risks of problem; more than 30 percent of IM users receive
defamation, fraud, libel, and exploitation of children. unsolicited instant messages.

ANONYMOUS REMAILERS
LESSON 4: INTELLECTUAL PROPERTY
- Maintaining anonymity is a legitimate need for some
Internet activities; however,the address in an e-mail
messenger news group posting clearly identifies its author. - a term used to describe works of the mind, such as art,
- Internet users who want to remain anonymous can send books, films, formulas, inventions, music, and processes,
e-mail to an anonymous remailer service, where a computer that are distinct and "owned" or created by a single person
program strips the originating address from the message. or group.

The use of a remailer keeps communications COPYRIGHT LAW - protects authored works such as art,
anonymous; what is communicated, and whether it is books, fil, and music.
ethical or legal, is up to the sender.
The use of remailers to enable people to commit PATENT LAW - protect invention's success.
unethical or even illegal acts in some states or
countries has spurred controversy. Together, copyright, patent, and trade secret legislation
Remailers are frequently used to send pornography, form a complex body of law that addresses the ownership
to illegally post copyrighted materials, and to send of intellectual property.
unsolicited advertising to broad audiences
(spamming). - Such laws can also present potential ethical problems for
A corporate IT organization may want to employ IT companies and users -for example, some innovators
filters or set the corporate firewall to prohibit believed that copyrights, patent, and trade secrets stifle
employees from accessing remailers, or to send creativity by making it harder to build on the ideas of others.
warning message each time an employee
communicates with remailer. COPYRIGHT
- Copyright and patent protection which specifies that
JOHN DOE LAWSUIT government shall have the power "to promote the Progress
Science and useful Arts, by securing for limited Times to
JOHN DOE / JANE DOE - use for unknown identity. Authors and Inventors the exclusive Rights to their
respective Writings and Discoveries.”
- the identity of the defendant is temporarily unknown.
- Such suits are common in Internet libel cases, where the - grants the creators of "original l works of authorship in any
defendant communicates using a pseudonym or tangible medium of expression, now known or later
anonymously. developed, from which they can be perceived, reproduced,
or otherwise communicated, either directly or with the aid
of machine or device, the exclusive right to. distribute,
display, perform, or reproduce the work, in copies, or to An invention must pass the following four tests to be eligible
prepare derivative works. for a patent:

TERM OF PROTECTION 1. It must fall into one of five statutory classes of items that
1. The copyright in works shall be protected during the life can be patented:
of the author and for fifty (50 years after his death. This rule Processes
also applies to posthumous works. Machines
2. In case of works of joint authorship, the economic rights manufactures (such as objects need by humans or
shall be protected during the life of the last surviving author machines)
and for fifty (50) years after his death. compositions of matter (such as chemical
3. In case of anonymous or pseudonymous works, the compounds)
copyright shall be protected for fifty (50) years from the new uses in any of the previous four classes.
date on which the work was first lawfully published: ○ It must be useful.
Provided, That where, before the expiration of the said ○ It must be novel.
period, the author's identity is revealed or is no longer in ○ It must not be obvious to a person having
doubt, the provisions of above guidelines shall apply, as the ordinary skill in the same field.
case may be: Provided, further, That such works if not
published before shall be protected for fifty (50) years PATENT INFRINGEMENT
counted from the making of the work. - It occurs when someone makes unauthorized use of
4. In case of works of applied art the protection shall be for another's patent.
a period of twenty-five (25) years from the date of making. - there is no specified limit to the monetary penalty if patent
5. In case of photographic works, the protection shall be for infringement is found. In fact, if a court determines that the
fifty (50) years from publication of the work and, if infringement is intentional, it can award up to three times
unpublished, fifty (50) years from the making. the amount of the damages claimed by the patent holder.
6. In case of audio-visual works including those produced - The most common defense against patent infringement is
by process analogous to photography or any process for a counterattack on the claims of infringement and the
making audio-visual recordings, the term shall be fifty (50) validity of the patent itself. Even if the patent valid, the
years from date of publication and, if unpublished, from the plaintiff must is still prove every element of at least one
date of making. claim and that the infringement caused some sort of
damage.
PROTECTION FOR PERFORMERS, PRODUCERS AND
BROADCASTING ORGANIZATIONS SOFTWARE PATENTS
- "claims as all or substantially all of invention som