ITE101 Midterm Reviewer PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document reviews computer and internet crimes, including security issues and different types of risks. It discusses various online threats like viruses and hacking. It also covers the aspects of computer security.
Full Transcript
LIVING IN THE IT ERA ITE101| MIDTERM REVIEWER LESSON 1: COMPUTER AND INTERNET B. Viruses – A computer virus is one of those programs you don't want that us...
LIVING IN THE IT ERA ITE101| MIDTERM REVIEWER LESSON 1: COMPUTER AND INTERNET B. Viruses – A computer virus is one of those programs you don't want that usually gets sent to you by CRIMES people through email. SECURITY: TYPES AND EFFECTS OF COMPUTER CRIMES C. Malicious Logic – affects your computer system - Governments, businesses, and people around the world while you are on the net. have been affected immeasurably by the unprecedented - Commands are frequently present in web pages we advancement force of computer technology. visit while surfing the net. - enormous and exponentially growing capacities of - This type is usually deliberately created. electronic storage, transmission, and rapid manipulation of - Symptoms may include slow response time, system binary data changed the modern landscape virtually crashes, or uncooperative programs. overnight. Such fundamental restructuring in the society also resulted in certain disadvantages, on all levels. D. Hacking – Hackers found ways to exploit holes in the Increased opportunities for the industrious to be more operating systems of local and remote systems. They productive also allow the less-upright new avenues for developed methods to exploit security holes in malevolence. various computer systems. WHAT IS “COMPUTER CRIME”? E. Internal Misuse – Occasionally, some people use - could reasonably include a wide variety of criminal your computer, and some files may be intentionally or offenses, activities, or issues. unintentionally deleted. When permanently deleted from the system, this may mean that you will have to It can be separated into two categories: redo the work. System crashes can also occur when (1) crimes facilitated by a computer files needed by a program are deleted or altered. (2) crimes where the computer is the target. F. Spoofing – Network spoofing is an ingenious way for THE DIFFERENT COMPUTER SECURITY ISSUES AND an intruder to gain access to the system. The intruder THEIR EFFECTS: sets up a program that impersonates the sign-on - We usually keep files containing a month's worth of work routine of another system. or confidential information on our computers. Protecting these data should be given careful attention. Almost every TWO CATEGORIES OF ELECTRONIC CRIME TYPES: day, computer systems are being broken into, or computer - There are many different ways to attack computers and viruses turn up on someone's computer. They are constant networks to take advantage of what has made shopping, threats, making security even more critical. banking, investment, and leisure pursuits a simple matter of ― “dragging and clicking” for many people. Three overlapping types of Risks: The different types of electronic crime fall into two main 1. Bugs or misconfiguration problems that allow categories: unauthorized remote users to: 1. crimes in which the computer is the target of the Steal confidential documents attack Execute commands on the host machine, allowing 2. incidents in which the computer is a means of them to modify the system perpetrating a criminal act. Gain information about the host machine, allowing them to break into the system LIST OF SOME OF THE NOTED COMPUTER CRIMES Launch denial-of-service attacks, rendering the COMMITTED OVER THE PAST YEARS: machine temporarily unusable THE MORRIS WORM (NOVEMBER, 1988) – Robert Morris 2. Browser-side risks, including: released what has become known as the Internet Worm. Active content that crashes the browser, damages - first large-scale attack on the Internet and the worm the user's system, breaches the user's privacy, or infected roughly 10 percent of the machines then connected merely creates an annoyance to the Internet and caused an estimated $100 million The misuse of personal information knowingly or damages. unknowingly provided by the end-user CITIBANK AND VLADIMIR LEVIN (JUNE-OCTOBER, 1994) 3. Interception of network data sent from browser to server – Levin reportedly accomplished the break-ins by dialing or vice versa via network eavesdropping into Citibank‘s cash management system. This system allowed clients to initiate their fund transfers to other banks. THE ASPECTS OF COMPUTER SECURITY KEVIN MITNICK (FEBRUARY, 1995) – Mitnick admitted to A. Physical Security – first and perhaps the easiest rule having gained unauthorized access to several different of computer security. computer systems belonging to companies such as - Everyone knows that you need to lock your doors to Motorola, Novell, Fujitsu, and Sun Microsystems. He also keep your TV, refrigerator, and other appliances safe admitted to having used stolen accounts at the University of at home. The same idea applies to your computer as Southern California to store proprietary software he had well. We have to make sure that our computers are taken from various companies. attended, watched, or locked behind our doors. OMEGA ENGINEERING AND TIMOTHY LLOYD (JULY, SHAMOON (2012) – It is a computer virus discovered in 1996) – The program that ran on July 30 deleted all the 2012 that attacks computers running the Microsoft Windows design and production programs for the company, severely operating system. It is also known as Disttrack. Shamoon is damaging the small firm and forcing the layoff of 80 capable of wiping files and rendering several computers on employees. a network unusable. JESTER AND THE WORCESTER AIRPORT (MARCH, 1997) NUMBER OF DIFFERENT SECURITY THREATS – Airport services to the FAA control tower as well as the emergency services at the Worcester Airport and the 1. Viruses and Worms community of Rutland, Massachusetts were cut off for a period of six hours. a. VIRUS - is a self-replicating program that - This disruption occurred as a result of a series of spreads by inserting copies of itself into other commands sent by a teenage computer hacker who went executable code or documents. by the name ― “jester”. b. WORM - a type of malware that is a SOLAR SUNRISE (FEBRUARY, 1998) – A series of self-replicating program similar to a virus. computer intrusions occurred at several military installations in the U.S. Over 500 domain name servers were c. INTRUDERS – The act of deliberately accessing compromised during the course of the attacks. Making it computer systems and networks without harder to track the actual origin of the attacks was the fact authorization is generally referred to as that the attackers made a number of ―hopsǁ between hacking. different systems, averaging eight different systems before - act of exceeding one‘s authority in a system. arriving at the target. This includes authorized users who attempt to gain access to files or obtain permissions that THE MELISSA VIRUS (MARCH, 1999) – Melissa is the they have not been granted. best-known early macro type viruses that attach themselves to documents for programs that have limited SCRIPT KIDDIE - a derogatory term for inexperienced macro programming capability. crackers who use scripts and programs developed by - The virus, written and released by David Smith, infected others to compromise computer accounts and files, and for about a million computers. launching attacks on whole computer systems. THE LOVE LETTER WORM (MAY, 2000) – Also known as ELITE HACKERS - people who are not only capable of the ― “ILOVEYOU” virus and the “Love Bug,” was written writing scripts to exploit known vulnerabilities but also and released by a Philippine student named Onel de capable of discovering new ones. Guzman. - The worm was spread via email with the subject line of INSIDERS – They have the access and knowledge “ILOVEYOU.” The virus spread via email attachments. When necessary to cause immediate damage to an organization. the receiver ran the attachment, it searched the system for Have all the access they need to perpetrate criminal activity files with specific extensions in order to replace them with such as fraud. Moreover, they have knowledge of the copies of itself. security systems in place and will be better able to avoid detection. THE CODE-RED WORM (2001) – This infection took only 14 hours to occur. The worm took advantage of a CRIMINAL ORGANIZATIONS – Attacks by criminal buffer-overflow condition in Microsoft‘s IIS web servers. organizations can fall into the structured threat category, The worm itself was memory resident so simply turning off which is characterized by a greater amount of planning, a an infected machine eliminated it. longer period to conduct the activity, more financial backing to accomplish it, and possibly, corruption of or collision with ADIL YAHYA ZAKARIA SHAKOUR (AUGUST, 2001-MAY, insiders. 2002) – Shakour admitted to having accessed several computers without authorization, including a server at Eglin TERRORIST AND INFORMATION WARFARE – conducted Air Force Base, computers at Accenture, a computer system against information and information processing equipment at Sandia National Laboratories, and a computer at used by an adversary. Cheaptaxforms.com. COMPUTER SYSTEM AND NETWORK SECURITY THE SLAMMER WORM (2003) – It exploited buffer-overflow vulnerability in computers running A. COMPUTER SECURITY - the effort to create a secure Microsoft‘s SQL Server or Microsoft SQL Server Desktop computing platform, designed so that agents (users Engine. Slammer_x0002_infected hosts were generating a or programs) can only perform actions that have reported 1TB of worm-related traffic every second. The been allowed. This involves specifying and worm doubled its number of infected hosts every 8 implementing a security policy. seconds. B. NETWORK SECURITY - protection of networks and JULY 2009 CYBERATTACKS – These were a series of their services from unauthorized modification, coordinated cyberattacks against major government, news destruction, or disclosure, and provision of assurance media, and financial websites in South Korea and the United that the network performs its critical functions States. The first wave of attacks occurred on July 4, 2009 correctly and there are no harmful side effects. and the last wave of attacks began on July 9, 2009. CIA OF SECURITY (SECURITY PRINCIPLE) Role-Based Access Control – an alternative to - The original goal of computer and network security is to traditional access control models (e.g., discretionary provide confidentiality, integrity, and availability. or non-discretionary access control policies) that permits the specification and enforcement of Confidentiality - states that information should not enterprise-specific security policies in a way that be disclosed to unauthorized individuals. maps more naturally to an organization's structure and business activities. Integrity - requires information to not be modified except by individuals authorized to do so. HEALTH ISSUES Availability - applies to hardware, software, and Many computer-related health problems are minor and are data. All of these should be present and accessible caused by a poorly designed work environment. when the subject (the user) wants to access or use them. Keyboards and computer screens may be fixed in place or difficult to move. AUTHENTICATION - deals with the desire to ensure that an Desks and chairs may also be uncomfortable. individual is who they claim to be. The computer screen may be hard to read, with problems of glare and poor contrast. The hazardous activities NON-REPUDIATION - deals with the ability to verify that a associated with these unfavorable conditions are message has been sent and received and that the sender collectively referred to as work sensors. can be identified and verified by the security principles. - continued stressors such as eyestrain, awkward posture, The three ways an organization can choose to address the and repetitive motion, may cause more serious and protection of its networks are: long-term injuries. - ignore security issues - provide host security ERGONOMICS - The study of designing and positioning - approach security at a network level. computer equipment - has suggested several approaches to reduce these health LEAST PRIVILEGE - applicable to many physical problems. environments as well as network and host security. - an approach that puts human needs and capabilities at the - an object should have only the necessary rights and focus of designing technological systems. privileges to perform its task, with no additional - the objective is to ensure that humans and technology permissions. work in complete harmony, with the equipment and tasks aligned to human characteristics. LAYERED SECURITY - Another goal is to have “no pain” computing. The - It is important that every environment have multiple layers placement and design of computer tables and chairs, the of security. Those layers may employ a variety of methods positioning and design of display screens, and the slope of such as routers, firewalls, network segments, IDSs, the keyboard have been carefully studied. encryption, authentication software, physical security, and - a relatively new branch of science, celebrated its 50th traffic control. anniversary in 1999. It relies on research carried out in many - The layers are depicted, usually, starting from the top, with other older, established scientific areas, such as physiology, more general types of protection, and progressing psychology, and engineering. downward through each layer, with increasing granularity at each layer as you get closer to the actual resource. FLEXIBILITY - a major component of ergonomics and an important feature of computer devices. People DIVERSITY OF DEFENSE - a concept that complements the of differing sizes and preferences require different idea of various layers of security. positioning of equipment for best results ACCESS - the ability of a subject to interact with an object. ERGONOMICS has various applications to everyday domestic situations, but there are even more essential ACCESS CONTROLS - refers to devices and methods implications for productivity, efficiency, safety, and health in used to limit which subjects may interact with specific work settings. objects. AUTHENTICATION - mechanisms ensure that only examples: valid users are provided access to the computer Designing equipment and work arrangements to improve system or network. working posture and ease the load on the body, thus reducing instances of Repetitive Strain Injury/Work Related VARIOUS METHODS TO IMPLEMENT ACCESS CONTROLS: Upper Limb Disorder. Discretionary Access Control – means of restricting Information design, to make the interpretation and use of access to objects based on the identity of subjects handbooks, signs, and displays easier and less error-prone. and/or groups to which they belong. Designing equipment and systems including computers, Mandatory Access Control – means of restricting so that they are easier to use and less likely to lead to errors access to objects that are based on fixed security in operation – particularly important in high-stress and attributes assigned to users and files and other safety-critical operations such as control rooms. objects. Designing working environments, including lighting and Tiltable screen heating, to suit the needs of the users and the tasks Character size at least 3/16" Chair performed. Where necessary, design personal protective Back provides firm lower and mid-back support. equipment for work and hostile environments. Adjustable arm rests, if needed to prevent shoulder fatigue. Design of training arrangements to cover all significant Seat and back easily adjustable for height and tilt from aspects of the job concerned and to take account of human seated position learning requirements. without use of tools. Seat upholstered and padded curves down at front edge. The design of military and space equipment and systems Five (5) casters for stability. Table – an extreme case of demands on the human being. Easily adjustable from seated position without use of tools Designing tasks and jobs so that they are effective and Bi-level to allow independent adjustment of screen and take account of human needs such as rest breaks and keyboard sensible shift patterns, as well as other factors such as Adequate leg room intrinsic rewards of work itself. Adequate table top space for required tasks - In developing countries, the acceptability and Accessories (As Needed) effectiveness of even fairly basic technology can be Foot rest for users whose feet don’t rest flat on the floor significantly enhanced. Adjustable keyboard tray, if table is too high Wrist rest that is padded, movable, same height as - The multi-disciplinary nature of ergonomics, sometimes keyboard home row called "Human Factors", is immediately obvious. Document holder adjustable to screen height Glare screen with grounding wire - The ergonomist works in teams which may involve a Lumbar support cushion, if chair doesn’t support lower variety of other professions: back Telephone headset - design engineers Task lighting - production engineers - industrial designers Reduce Glare to Avoid Eyestrain - computer specialists Lower lighting level to about half of normal office lighting - industrial physicians Avoid placing computer directly under a bank of lights - health and safety practitioners Avoid light shining directly into your eyes or onto your - specialists in human resources. screen Use window curtains or blinds if necessary - The overall aim is to ensure that our knowledge of human Position screen at right angle to window characteristics is brought to bear on practical problems of Hold a mirror in front of your screen to identify sources of people at work and in leisure. Trace the origins of glare ergonomics. Use task lighting if necessary THE CHECKLIST FOR A USE-FRIENDLY WORKSTATION. INFORMATION ETHICS - can be regarded as part of normal business - Top of screen at eye level; lower for bifocal wearers ethics since to do otherwise would mean that - Screen distance at arm's length (15-32') normally unethical acts might be all right via - Document adjustable to screen height computer. - Chair backrest provides firm lower back support - Chair back and seat easily adjustable for height and ETHICS - set of principles which involves systematizing, tilt by user defending, and recommending concepts of right and wrong - Keyboard height promotes relaxed arms with behavior. forearms parallel to floor - Wrists straight (neutral) BUSINESS ETHICS - “code of morals of a particular profession” and “the standards of conduct of a given EQUIPMENT CHECKLIST FOR A USE-FRIENDLY profession". WORKSTATION: - Since morals are “principles if right and wrong in conduct”, information ethics, therefore, can be defined as Buying Tips an agreement among information systems professionals to - Ask for equipment that meets American National do right and to avoid wrong in their work. Standards Institute (ANSI) standards. These are ergonomic standards applicable to computer Four Unique information systems attributes Addressed by terminals, associated furniture, and the work information ethics: environment. Try equipment out before purchasing whenever possible. Information ethics is a specific application of business ethics to information systems. Thus, they may be mistakenly Computer Terminal assumed to be identical to business ethics. However, Easy to use brightness and control knobs information ethics addresses issues unique to information No perceptible screen flicker systems. Detachable keyboard Reduced electromagnetic fields (EMF) emissions The four (4) unique I.S. attributes: e. A professional should inform his or her employer Location - With a computer, an unethical act can be what consequences to expect if his or her judgment committed from many locations. is overruled. Time- Information systems make it possible to commit ACCESSIBILITY unethical acts quickly. - Access to files, both online and offline, should be restricted only to those who have a legitimate right to Separation of Act from Consequences- Most people feel access – because they need those files to do their jobs. guilty when they see someone hurt by their actions. - Many organizations keep a transaction log that notes all accesses or attempted accesses to data. Most LAN Individual Power- Would-be criminals often need help to management software includes this function. misbehave. PROPERTY PRIVACY - the right of people to not reveal information - Many networks have audit controls to track which files about them. were opened, which programs and servers were used, and - It is the right to keep personal information, such as so on. This creates an audit trail, a record of how a personal email messages,medical histories, student transaction was handled from input through processing and records, and financial information from getting into the output. wrong hands. THE FOLLOWING ARE THE FEDERAL COMPUTER CRIME - The right to privacy at work is also an important issue. LAWS: Some experts believe that there will be a collision between workers who want their privacy and companies that Fair Credit Reporting Act of 1970 (FCRA). demand to know more about their employees. - Controls operations of credit-reporting bureaus, including how they collect, store, and use credit information. - Email also raises some interesting issues about work privacy. Federal law allows employers to monitor email sent Freedom of Information Act of 1970. and received by employees. - Ensures access of individuals to personal data collected about them and about government activities in federal - Furthermore, email messages that have been erased from agency files. hard disks may be retrieved and used in lawsuits because the laws of discovery demand that companies produce all Tax Reform Act of 1976. relevant business documents. - Regulates the collection and use of certain information by - Alternatively, the use of email among public officials may the Internal Revenue Service. violate “open meeting” laws. These laws, which apply to many local, state, and federal agencies, prevent public Rights to Financial Privacy Act of 1978. officials from meeting in private about matters concerning - Regulates government access to certain records held by the state or local area. financial institutions. INFORMATION ACCURACY Electronic Funds Transfer Act of 1979. - For information to be accurate, it must be error-free, - Enumerates the responsibilities of companies that use complete, and relevant to decisions that are to be based on electronic funds transfer systems, including consumer it. rights and liability for bank debit cards. PROFESSIONAL INTEGRITY - one of the guarantors of Computer Matching and Privacy Act of 1988. information accuracy. - Regulates cross-reference between federal agencies' computer files. An ethical approach to information accuracy calls for the following: Video Privacy Act of 1988. - Prevents retail stores from disclosing video rental records a. Individuals should be given an opportunity to without a court order. correct inaccurate information held about them in database. Telephone Consumer Protection Act of 1991. - Limits telemarketers' practices. b. Databases containing data about individuals should be reviewed at frequent intervals, with obsolete data Cable Act of 1992. discarded. - Regulates companies and organizations that provide wireless communication services, including cellular phones. c. System safeguards, such as control audits, are necessary to maintain information accuracy. Regular Computer Abuse Amendments Act of 1994. audits of data quality should be performed and acted - Prohibits transmissions of harmful computer programs and upon. code, including viruses. d. A professional should not misrepresent his or her Children's Online Privacy Protection Act of 1998. qualifications to perform a task. - Establishes standards for sites that collect information from children. Its purpose is to prohibit unfair or deceptive acts or practices in connection with the collection, use, or disclosure of personally identifiable information from and PERSONAL COMPUTER - can get a virus from an infected about children on the Internet. disk, an application, or e-mail attachments received from the Internet. Education Privacy Act. - Restricts collection and use of data by federally funded A virus or worm that attacks a network or client/server educational institutions, including specifications for the type system is usually more severe because it can affect of data collected, access by parents and students to the hundreds or thousands of personal computers and other data, and limitations on disclosure. devices attached to the network. Copyrights Law. - Workplace computer virus infections are increasing - Sets standards on copyrights and computer programs. rapidly because of several viruses spread through e-mail attachments. Fraud and False Statements Law. - Standards against fraud and related activity in connection MALICIOUS ACCESS with access devices and computers. Crimes involving illegal system access and use of Espionage and Censorship. computer services are a concern to both government and - Sets standards in gathering, transmitting, or losing business. Federal, state, and local government computers defense information. are sometimes left unattended over weekends without proper security, and university computers are often used for Mail Fraud Law commercial purposes under the pretense of research or - General prohibition on pen register and trap and trace other legitimate academic pursuits. device use - Pen Registers and Trap and Trace Devices A 28-year-old computer expert allegedly tied up - Standards against fraud by wire, radio, or television thousands of US West computers in an attempt to solve a - Standards against Interception and disclosure of classic math problem. The individual reportedly obtained wire, oral, or electronic communications prohibited the passwords to hundreds of computers and diverted them - Wire and Electronic Communications Interception and to search for a new prime number, racking up ten years of Interception of Oral Communications computer processing time. The alleged hacking was discovered by a US West Intrusion Response Team after TIPS IN PREVENTING CRIMES ON THE INTERNET company officials noticed that computers were taking up to five minutes to retrieve telephone numbers, when normally Internet security can include firewalls and a number of they require only three to five seconds. At one point, methods to secure financial transactions. customer calls had to be rerouted to other states, and the delays threatened to close down the Phoenix Service FIREWALL - includes hardware and software combinations Delivery Center. that act as a barrier between an organization's information system and the outside world. - Since the outset of information technology, computers - A number of systems have been developed to safeguard have been plagued by criminal hackers. financial transactions on the Internet. HACKER - a person who enjoys computer technology and tips to help prevent crime on the Internet: spends time learning and using computer systems. Use of stand-alone firewall, including hardware and software with network monitoring capabilities. CRIMINAL HACKER or CRACKER - a computer-savvy Use Internet security specialists to perform audits of all person who attempts to gain unauthorized or illegal access Internet and network activities. to computer systems Develop effective Internet and security policies for all - people who are looking for fun and excitement – the employees. challenge of beating the system. Monitor managers and employees to make sure they are using the Internet for business purposes only. CLASSIFICATION OF COMPUTER VIRUSES DATA ALTERATION/THEFT APPLICATION VIRUSES - infect executable - Data and information are valuable corporate assets. The application files, such as word processing programs. intentional use of illegal and destructive programs to alter or When the application is executed, the virus infects destroy data is as much a crime as destroying tangible the computer system. goods. - The most common of these types of programs are viruses SYSTEM VIRUS - typically infects operating system and worms, which are software programs that, when loaded programs or other systems files. These files of into a computer system, will destroy, interrupt, or cause viruses usually infect the system as soon as the errors in processing. computer is started. - There are more than 53,000 known computer viruses today, with more than 6,000 new viruses and worms being LOGIC BOMB - Another type of program that can destroy a discovered each year. system - Some viruses and worms attack personal computers, - an application or system virus designed to "explode" or while others attack network and client/server systems. execute at a specified time and date. - disguised as a Trojan horse, a program that appears to be useful but actually masks the destructive program. Some of these programs execute randomly; others are designed to remain inert in software until a certain code is given. When (2) Any evidence obtained in violation of this or the it detects the cue, the bomb will explode months, or even preceding section shall be inadmissible for any purpose in years, after being “planted”. any proceeding. MACRO VIRUS - uses an application's own macro Section 7 programming language to distribute itself. The right of the people to information on matters of public - do not infect programs, they infect documents. The concern shall be recognized. A citizen has the right to document could be a letter created using a word processing access to official records, and to documents and papers application, a graphics file developed for a presentation, or pertaining to official acts, transactions, or a database file. decisions, subject to the limitations provided by law. Hence, - macro viruses that are hidden in a document file can be the case being jurisprudence, one has the right to access difficult to detect. As with other viruses, however, virus such information. detection and correction programs can be used to find and remove macro viruses. Given the situation, a person cannot invoke that his right to privacy has been violated because of the publication of his LESSON 2: TECHNOLOGIES IMPACT ON name along with the case he was in as the right to privacy does not prohibit the publication of matter which is of public PRIVACY or general interest. THE RIGHT TO PRIVACY IN THE PHILIPPINES THE NATIONAL IDENTIFICATION SYSTEM The Facts: - It‘s been two decades since the government first initiated Mr. A has this estafa case and the case reached the the establishment of a national ID system. Supreme Court. Unfortunately, he lost the case. As we all - done after 20 years know, when a case reaches the Supreme Court, the same is published in every website discussing Philippine ADMINISTRATIVE ORDER NO. 308 - (1996) jurisprudence. Now, every time someone key-in his name in - issued by President Fidel Ramos; adopting a National the web search engines, the estafa case is displayed as one Computerized Identification System. of its results. Due to such, Mr. A suffered - The order was declared unconstitutional by the Supreme humiliation and embarrassment from people, who chanced Court. upon such search result of his name. Because of this, he - In striking down A.O. 308, the Supreme Court emphasized wants his name be removed from such websites and he that the Court is not per se against the use of computers to therefore invokes his Constitutional right to privacy accumulate, store, process, retrieve, and transmit data to improve our bureaucracy. The Issue: Can a person request that his name be removed from such - The Supreme Court also emphasized that the right to websites pertaining to Supreme Court decided cases as the privacy does not bar all incursions into the right to individual same is a violation of his right to privacy? Why? Why not? privacy. This right merely requires that the law be narrowly focused and a compelling interest justify such intrusions. The Answer: Intrusions into the right must be accompanied by proper No. A person cannot ask for such removal as the same does safeguards and well-defined standards to prevent not constitute as a violation of his right to privacy. unconstitutional invasions. The Philippines has no specific law on privacy. However, RIGHT TO PRIVACY - a constitutional right, granted the 1987 Constitution tried to provide under its: recognition independently of its identification with liberty. - recognized and enshrined in several provisions of our Article III (Bill of Rights) provisions for the right to privacy, Constitution, specifically in Sections 1, 2, 3 (1), 6, 8 and 17 namely: of the Bill of Rights. - Zones of privacy are also recognized and protected in our Section 2. laws, including certain provisions of the Civil Code and the The right of the people to be secure in their persons, Revised Penal Code, as well as in special laws (e.g., houses, papers, and effects against unreasonable searches Anti-Wiretapping Law, the Secrecy of Bank Deposit Act and and seizures of whatever nature and for any purpose shall the Intellectual Property Code). be inviolable, and no search warrant or warrant of arrest shall be issued except upon probable cause to be - a fundamental right guaranteed by the Constitution. determined personally by the judge after examination under - Therefore, it is the burden of government to show that oath or affirmation of the complainant and the witnesses he A.O. 308 is justified by some compelling state interest and may produce, and particularly describing the place to be that it is narrowly drawn. The government failed to searched and the persons or things to be seized. discharge this burden. Section 3. A.O. 308 is predicated on two considerations: (1) The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when (1) the need to provide our citizens and foreigners with the public safety or order requires otherwise, as prescribed by facility to conveniently transact business with basic service law. and social security providers and other government instrumentalities and (2) the need to reduce, if not eradicate, fraudulent IDENTITY THEFT - deliberate use of someone else's transactions and misrepresentations by persons seeking identity, usually as a method to gain a financial advantage basic services. While it is debatable whether these interests or obtain credit and other benefits in the other person's are compelling enough to warrant the issuance of A.O. 308, name, and perhaps to the other person's disadvantage or it is not arguable that the broadness, the vagueness, and loss. the overbreadth of A.O. 308, if implemented, will put our people‘s right to privacy in clear and present danger. - In the Philippines, many syndicated groups used skimming machine to perform such acts. - The heart of A.O. 308 lies in its Section 4 which provides for a Population Reference Number (PRN) as a “common ATM SKIMMING - identity theft for debit cards: Thieves use reference number to establish a linkage among concerned hidden electronics to steal the personal information stored agencies” through the use of “Biometrics Technology” and on your card and record your PIN to access all that “computer application designs.” hard-earned cash in your account. BIOMETRY or BIOMETRICS - “the science of the application Skimming takes two separate components to work: of statistical methods to biological facts; a mathematical analysis of biological data.” The first part is the skimmer itself, a card reader placed - The methods or forms of biological encoding include over the ATM's real card slot. finger-scanning and retinal scanning, as well as the method - Always pay attention to objects mounted on the ATM or known as the “artificial nose” and the thermogram. located close by. A pinhole or off-color piece of plastic could give away the camera's hiding place. Cameras could - A.O. 308 does not state what specific biological even be hidden in brochure racks. characteristics and what particular biometrics technology shall be used. Some employ fake keypads in lieu of cameras to capture PINs. Just like the card skimmers fit over the ATM's true - A.O. 308 does not state whether encoding of data is card slot, skimming keypads are designed to mimic the limited to biological information alone for identification keypad's design and fit over it like a glove. If you notice that purposes. The Solicitor General‘s claim that the adoption of the keypad on your ATM seems to protrude oddly from the the Identification Reference System will contribute to the surface around it, or if you spy an odd color change “generation of population data for development planning” is between the pad and the rest of the ATM, it could be a fake. an admission that the PRN will not be used solely for identification but for the generation of other data with THE BLOGGER’S FREEDOM OF EXPRESSION AND THE remote relation to the avowed purposes of A.O. 308. LIBEL LAW - The computer linkage gives other government agencies Scope of the Freedom of Expression access to the information, but there are no controls to guard against leakage of information. When the access code of Article III (Bill of Rights) Section 4 of the 1987 Philippine the control programs of the particular computer system is Constitution: broken, an intruder, without fear of sanction or penalty, can No law shall be passed abridging the freedom of speech, of make use of the data for whatever purpose, or worse, expression, or of the press, or the right of the people manipulate the data stored within the system. peaceably to assemble and petition the government for redress of grievances. In addition, to protect the rights of - A.O. 308 falls short of assuring that personal information people having an adverse political beliefs and aspirations that will be gathered about our people will only be processed for unequivocally specified purposes. The lack Article III Section 18 of proper safeguards in this regard of A.O. 308 may No person shall be detained solely because of his political interfere with the individual‘s liberty of abode and travel by beliefs and aspirations. enabling authorities to track down his movement; it may also enable unscrupulous persons to access confidential DEFAMATION LAWS IN THE PHILIPPINES information and circumvent the right against self-incrimination; it may pave the way for “fishing Article 353 of the Revised Penal Code of the Philippines: expeditions” by government authorities and evade the right against unreasonable searches and seizures. The LIBEL - defined as a public and malicious imputation of a possibilities of abuse and misuse of the PRN, biometrics, crime, or of a vice or defect, real or imaginary, or any act, and computer technology are accentuated when we omission, condition, status or circumstance tending to consider that the individual lacks control over what can be discredit or cause the dishonor or contempt of a natural or read or placed on his ID, much less verify the correctness of juridical person, or to blacken the memory of one who is the data encoded. They threaten the very abuses that the dead. Bill of Rights seeks to prevent. Elements of libel are: IDENTITY THEFT IN THE PHILIPPINES (a) imputation of a discreditable act or condition to another; - personal information is captured, processed, and (b) publication of the imputation; disseminated in a bewildering variety of ways, and through (c) identity of the person defamed; increasingly sophisticated, miniaturized, and distributed (d) existence of malice. [Daez v. Court of Appeals, G.R. No. technologies: identity cards, biometrics, video surveillance, 47971, 31 October 1990, 191 SCRA 61, 67] the use of cookies and spyware by websites, data mining and profiling, and many others. - In libel cases, the question is not what the writer of an alleged libel means, but what the words used by him mean. Jurisprudence has laid down a test to determine the malice. [Aquino, Ramon C., The Revised Penal Code, Vol. III, defamatory character of words used in the following Bk. II, 1997 Ed., citing People v. de los Reyes, Jr., 47 OG manner, viz: 3569] - “Words calculated to induce suspicion are sometimes - It is established doctrine that the malice that attends the more effective to destroy reputation than false dissemination of the article alleged to be libelous must charges directly made. Ironical and metaphorical attend the distribution itself. It cannot be merely a language is a favored vehiclefor slander. resentment against a person, manifested unconnectedly - A charge is sufficient if the words are calculated to several months earlier or one displayed at a much later induce the hearers to suppose and understand that date. the person or persons against whom they were uttered were guilty of certain offenses, or are How Committed: sufficient to impeach their honesty, virtue, or reputation, or to hold the person or persons up to Article 355 of the Revised Penal Code: libel may be public ridicule.” [Lacsa v. Intermediate Appellate committed using writing, printing, lithography, engraving, Court, 161 SCRA 427 (1988) citing U.S. v. O‘Connell, radio, phonograph, painting, theatrical exhibition, 37 Phil. 767 (1918)] cinematographic exhibition, or any similar means. ALLEGATION - is considered defamatory if it ascribes to a Persons Responsible: person the commission of a crime, the possession of a vice or defect, real or imaginary, or any act, omission, condition, - Any person who shall publish, exhibit, or cause the status, or circumstances which tend to dishonor or discredit publication or exhibition of any defamation In writing or by or put him in contempt, or which tends to blacken the similar means, shall be responsible for the same. The author memory of one who is dead. or editor of a book or pamphlet, or the editor or business manager of a daily newspaper, magazine, or serial PRESUMPTION OF MALICE: publication, shall be responsible for the defamations contained therein to the same extent as if he were the MALICE - present in every defamatory imputation. author thereof. Article 354 of the Revised Penal Code: Every defamatory Defenses: imputation is presumed to be malicious, even if it be true if no good intention and justifiable motive for making it is In every criminal prosecution for libel, the truth may be shown, except in the following cases: given in evidence to the court, and if it appears that the matter charged as libelous is true and that it was published 1. A private communication made by any person to another with good motives and for justifiable ends, the defendants in the performance of any legal, moral or social duty; and shall be acquitted. 2. A fair and true report, made in good faith, without any - Proof of the truth of an imputation of an act or omission comments or remarks, of any judicial, legislative or other not constituting a crime shall not be admitted unless the official proceedings that are not confidential, or any imputation shall have been made against Government statement, report, or speech delivered in said proceedings, employees with respect to facts related to the discharge of or of any other act performed by public officers in the their official duties. exercise of their functions. In such cases, if the defendant proves the truth of the - Paragraph 2 afore quoted refers to a qualifiedly privileged imputation made by him, he shall be acquitted. communication, the character of which is a matter of defense that may be lost by positive proof of express malice - any of the imputations covered by Article 353 is on the part of the accused. Once it is established that the defamatory and, under the general rule laid down in Article article is of a privileged character, the onus of proving 354, every defamatory imputation is presumed to be actual malice rests on the plaintiff who must then convince malicious, even if it be true; if no good intention and the court that the offender was prompted by malice or ill justifiable motive for making it is shown. There is malice will. When this is accomplished the defense of privilege when the author of the imputation is prompted by personal becomes unavailing. [Santos v. Court of Appeals, No. ill-will or spite and speaks not in response to duty but L-45031, 21 October 1991, 203 SCRA 110, 114] merely to injure the reputation of the person who claims to have been defamed. Truth then is not a defense, unless it is - Prescinding from this provision, when the imputation is shown that the matter charged as libelous was made with defamatory, as in this case, the prosecution need not prove good motives and for justifiable ends. malice on the part of the defendant (malice in fact), for the law already presumes that the defendant‘s imputation is ONLINE LIBEL IN THE PHILIPPINES malicious (malice in law). - The Supreme Court (SC) of the Philippines upheld the - The burden is on the side of the defendant to show good constitutionality of most parts of the Cybercrime intention and justifiable motive in order to overcome the Prevention Act of 2012, including the contentious provision legal inference of malice. that punishes online libel. - In order to constitute malice, it will must be personal. So if - The execution of the law was suspended in October 2012 the ill will is engendered by one‘s sense of justice or other by a temporary restraining order issued by the Supreme legitimate or plausible motive, such feeling negatives Court, following criticisms and protests among the media (a) Offenses against the confidentiality, integrity and and human rights advocates. availability of computer data and systems: However, with this new ruling of the Supreme Court, a (1) Illegal Access. – The access to the whole or any part of person or entity who posts something (in words or pictures) a computer system without right. — which can be proven false, and is intended to harm the reputation of another by tending to bring the target into (2) Illegal Interception. – The interception made by ridicule, hatred, scorn or contempt of others — may be technical means without right of any non-public arrested, detained, and imprisoned because of libel. transmission of computer data to, from, or within a computer system including electromagnetic emissions from - Yes, in the Philippines, libel is still a criminal offense. It is a computer system carrying such computer data. defamation in its very essence, but covers published work on print, television and other traditional media. The same is (3) Data Interference. — The intentional or reckless now true for new media like the internet. alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, - This online/internet libel law, however, punishes only the without right, including the introduction or transmission of original author of the post. Those who “liked”, “shared,” viruses. “re-tweeted” or re-blogged a post will not be criminally liable unless the person added a comment that may deemed (4) System Interference. — The intentional alteration or to be libelous by a complainant. reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, COMPUTER HACKERS AND THE CYBERCRIME LAW damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or The ILOVEYOU Virus electronic data message, without right or authority, - Sixteen years ago, a young Filipino computer student including the introduction or transmission of viruses. made history by unleashing the world‘s first global Internet-borne virus. Known as the Love Bug, the virus (5) Misuse of Devices. spread from East to West in a single day, inflicting $5.5 billion in damages, corrupting files, and shutting down (i) The use, production, sale, procurement, importation, computer systems at major corporations, newsrooms, Wall distribution, or otherwise making available, without right, of: Street firms, and government offices across the world. (aa) A device, including a computer program, The worm arrived in people‘s email boxes with a designed or adapted primarily for the purpose of provocative subject line, ― “I LOVE YOU: A love letter for committing any of the offenses under this Act; or you.” When recipients opened the attachment, ― “LOVE LETTER-FOR-YOU.TXT.vbs,” they unwittingly infected their (bb) A computer password, access code, or similar computer with the self_x0002_replicating worm as well as data by which the whole or any part of a computer the computers of everyone in their contact list. system is capableof being accessed with intent that it be used for the purpose of committing any of the - The author of the virus is believed to be Onel de Guzman, offenses under this Act. then 25, a student at AMA Computer University in Makati. What many people did not realize at the time was that de (ii) The possession of an item referred to in paragraphs Guzman‘s original intention for creating the worm was 5(i)(aa) or (bb) above with intent to use said devices for the altruistic at its roots. In the Philippines, an hour‘s worth of purpose of committing any of the offenses under this Internet access cost as much as half a day‘s wage: 100 section. pesos, the equivalent of two dollars. (6) Cyber-squatting. – The acquisition of a domain name For his graduation thesis in computer science, de Guzman over the internet in bad faith to profit, mislead, destroy wrote a program that would enable the average Filipino to reputation, and deprive others from registering the same, if get free Internet access by stealing passwords from the such a domain name is: rich. His school rejected his thesis because of its bandit nature, so he could not graduate. Undeterred, de Guzman, (i) Similar, identical, or confusingly similar to an existing with the help of friends, unleashed his virus the day before trademark registered with the appropriate the university held its graduation ceremony. government agency at the time of the domain name registration: The Philippine authorities filed theft and other charges against Mr. de Guzman, but dropped them in August (ii) Identical or in any way similar with the name of a person because of insufficient evidence. The case against him was other than the registrant, in case of a personal weakened because at the time, the Philippines did not have name; and laws governing computer espionage. (iii) Acquired without right or with intellectual property Cybercrime Prevention Act of 2012 (Republic Act 10175) interests in it. punishable acts according to Chapter II of the Cybercrime Prevention Act of 2012: (b) Computer-related Offenses: SEC. 4. Cybercrime Offenses. — The following acts (1) Computer-related Forgery. — constitute the offense of cybercrime punishable under this Act: (i) The input, alteration, or deletion of any (bb) The commercial electronic communication computer data without right resulting in does not purposely disguise the source of the inauthentic data with the intent that it be electronic message; and considered or acted upon for legal purposes as if it were authentic, regardless whether or not (cc) The commercial electronic communication the data is directly readable and intelligible; or does not purposely include misleading information in any part of the message in order (ii) The act of knowingly using computer data to induce the recipients to read the message. which is the product of computer-related forgery (4) Libel. — The unlawful or prohibited acts of libel as as defined herein, for the purpose of defined in Article 355 of the Revised Penal Code, as perpetuating a fraudulent or dishonest design. amended, committed through a computer system or any other similar means that may be devised in the (2) Computer-related Fraud. — The unauthorized future. input, alteration, or deletion of computer data or program or interference in the functioning of a SEC. 5. Other Offenses. — The following acts shall also computer system, causing damage thereby with constitute an offense: fraudulent intent: Provided, That if no damage has yet been caused, the penalty imposable shall be one (1) (a) Aiding or Abetting in the Commission of Cybercrime. – degree lower. Any person who willfully abets or aids in the commission of any of the offenses enumerated in this Act shall be held (3) Computer-related Identity Theft. — The liable. intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying (b) Attempt in the Commission of Cybercrime. information belonging to another, whether natural or — Any person who willfully attempts to commit any of the juridical, without right: Provided, That if no damage offenses enumerated in this Act shall be held liable. has yet been caused, the penalty imposable shall be one (1) degree lower. The following are the punishment for such acts: (c) Content-related Offenses: SEC. 8. Penalties. — Any person found guilty of any of the punishable acts enumerated in Sections 4(a) and 4(b) of (1) Cybersex. — The willful engagement, this Act shall be punished with imprisonment of prison maintenance, control, or operation, directly or mayor or a fine of at least Two hundred thousand pesos indirectly, of any lascivious exhibition of sexual (PhP200,000.00) up to a maximum amount commensurate organs or sexual activity, with the aid of a computer to the damage incurred or both. system, for favor or consideration. - Any person found guilty of the punishable act under Section 4(a)(5) shall be punished with imprisonment of (2) Child Pornography. — The unlawful or prohibited prison mayor or a fine of not more than Five hundred acts defined and punishable by Republic Act No. thousand pesos (PhP500,000.00) or both. 9775 or the Anti-Child Pornography Act of 2009, committed through a computer system: Provided, that - If punishable acts in Section 4(a) are committed against the penalty to be imposed shall be (1) one degree critical infrastructure, the penalty of reclusion temporal or a higher than that provided for in Republic Act No. fine of at least Five hundred thousand pesos 9775. (PhP500,000.00) up to maximum amount commensurate to the damage incurred ornboth, shall be imposed. (3) Unsolicited Commercial Communications. — The transmission of commercial electronic communication - Any person found guilty of any of the punishable acts with the use of computer system which seek to enumerated in Section 4(c)(1) of this Act shall be punished advertise, sell, or offer for sale products and services with imprisonment of prison mayor or a fine of atleast Two are prohibited unless: hundred thousand pesos (PhP200,000.00) but not exceeding One million pesos (PhP1,000,000.00) or both. (i) There is prior affirmative consent from the recipient; or - Any person found guilty of any of the punishable acts enumerated in Section 4(c)(2) of this Act shall be punished (ii) The primary intent of the communication is with the penalties as enumerated in Republic Act No. 9775 for service and/or administrative or the “Anti-Child Pornography Act of 2009”: Provided, That announcements from the sender to its existing the penalty to be imposed shall be one (1) degree higher users, subscribers or customers; or than that provided for in Republic Act No. 9775, if committed through a computer system. (iii) The following conditions are present: - Any person found guilty of any of the punishable acts (aa) The commercial electronic enumerated in Section 4(c)(3) shall be punished with communication contains a simple, valid, imprisonment of arresto mayor or a fine of at least Fifty and reliable way for the recipient to thousand pesos (PhP50,000.00) but not exceeding Two reject. receipt of further commercial hundred fifty thousand pesos (PhP250,000.00) or both. electronic messages (opt-out) from the same source; - Any person found guilty of any of the punishable acts numbers, previous or current health records, licenses or enumerated in Section 5 shall be punished with their denials, suspension or revocation, and tax returns; and imprisonment one (1) degree lower than that of the prescribed penalty for the offense or a fine of at least One (4) Specifically established by an executive order or an act hundred thousand pesos (PhP100,000.00) but not of Congress to be kept classified.ll(Republic Act. No. 10173, exceeding Five hundred thousand pesos (PhP500,000.00) Ch. 1, Sec. ). or both. What is "consent?" THE DATA PRIVACY ACT (RA 10173): CONSENT - of the data subject refers to any freely given, The Data Privacy Act (DPA), or Republic Act No. 10173 - specific, informed indication of will, whereby the data was passed by the Philippines Congress in 2012 and finally subject agrees to the collection and processing of personal implemented five years later in 2016. RA 10173 assures the information about and/or relating to him or her. ―free flow of information to promote innovation and growthǁ(Republic Act. No. 10173, Ch. 1, Sec. 2) while - shall be evidenced by written, electronic, or recorded protecting the users‘ fundamental rights to privacy means. It may also be given on behalf of the data subject by an agent specifically authorized by the data subject to do so How is it implemented? (RA. No. 10173, Ch. 1, Sec. 1). - RA 10173 protects and maintains the right of customers to What are the rights of the data subject? confidentiality by setting a legal list of rules for companies to regulate the collection, handling, and disposal of all - The data subject or the individual sharing his/her personal personal information. information has to be fully informed of several factors of the - Companies legally responsible for keeping their data collecting process. This list includes, but isn't limited customers‘ data protected from third parties or any form of to: misuse, internally or externally. (1) the reason for use What does that mean for data collectors/companies? (2) methods for access (3) the identity and contact details of the personal The Act applies to any process of personal data by information controller anyone in government or private sectors. (4) how long the information will be stored for (5) access to their rights. All personal data must have legitimate reasons for collection as well as should be clear to both parties giving What steps do I need to take in compliance with the Data and receiving information. With that being said, all collection Privacy Act? must be done with the customer the customers‘ proper consent. - Companies essentially have to ensure that their data collection methods are flawless as well as consistently All personal information used must also be relevant solely share the entire process with data subjects, including a used for its intended and state purposes. Companies must breach of security. protect customer information from collection to proper disposal, avoiding access from unauthorized parties. To do this, companies should What is “personal information?” 1. Appointing a Data Protection Officer 2. Conducting a privacy impact assessment PERSONAL INFORMATION - refers to any information, 3. Creating a privacy knowledge management whether recorded in a material form or not, from which the program identity of an individual is apparent or can be reasonably 4. Implementing a privacy and data protection policy and directly ascertained by the entity holding the 5. Exercising a breach reporting procedure information, or when put together with other information would directly and certainly identify an individual (Republic What happens if I do not comply? Act. No. 10173, Ch. 1, Sec. 3) - Improper/unauthorized processing, handling or disposal of What is "sensitive personal information?" personal information can be penalized by imprisonment up to six years and a fine of not less than Five hundred (1) About an individual's race, ethnic origin, marital status, thousand pesos (PHP 500,000). age, color, and religious, philosophical or political affiliations; LESSON 3: FREEDOM OF EXPRESSION (2) About an individual's health, education, genetic or CHINA STIFLES ONLINE DISSENT sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such - In 1995, the government of the People's Republic of China person, the disposal of such proceedings, or the sentence established the country's first Internet service provider of any court in such proceedings; (ISP). (3) Issued by government agencies peculiar to an individual which includes, but is not limited to, social security types of speech: particularly relevant to information The decision reflected two conflicting needs. technology. China's drive toward economic globalization requires the adoption of Western technologies that OBSCENE SPEECH allow Chinese companies to market themselves to the - The term "obscene" refers to material, content, or speech West. that is considered highly offensive, particularly in a sexual or prurient context. The Communist Party's hold over the country rests - Obscenity typically involves explicit or graphic depictions on suppressing freedom of the press and freedom of of sexual conduct or explicit sexual content that goes expression. The party thus decided introduce beyond what is generally considered acceptable within a government-controlled Internet, often referred to as particular community or society. the "Great Firewall of China." Miller vs. California is the Supreme Court case that The firewall blocks citizens from accessing Western news established a test to determine if material is obscene and Web sites such as CNN, the York Times, and Reuters. therefore not protected by the First Amendment. The Internet enables worldwide exchange of news, ideas, In its 1973 ruling in Miller vs. California, the Supreme Court opinions, rumors, and information. Its broad accessibility, determined that speech can be considered obscene and not open-minded discussions, and anonymity make the Internet protected based on the following three questions: ideal communication medium. 1. Would the average person, applying contemporary It provides an easy and inexpensive way for a speaker to community standards, find that the work, taken as a whole, send message indiscriminately to large audience, potentially appeals to the prurient interest? thousands of people worldwide. 2. Does the work depict or describe, in a patently offensive way, sexual conduct specifically defined by the applicable In addition, given the right e-mail addresses, a speaker law? can aim a message laser accuracy at a select subset of 3. Does the work, taken as a whole, lack serious literary, powerful and influential people. artistic, political, or scientific value? 1987 CONSTITUTION OF THE REPUBLIC OF THE These three tests have become standard for determining if PHILIPPINES-ARTICLE III: BILL OF RIGHTS something is obscene. Section 3. DEFAMATION (1) The privacy of communication and correspondence shall - The right to freedom of expression is restricted when the be inviolable except upon lawful order of the court, or when expressions, whether spoken or written, are untrue and public safety or order requires otherwise, as prescribed by cause harm to another person. The publication of statement law. of alleged fact that is false that harms another person is defamation. (2) Any evidence obtained in violation of this or the - An oral defamatory statement is slander, and a written preceding section shall be inadmissible for any purpose in defamatory statement is libel. any proceeding. FREEDOM OF EXPRESSION: KEY ISSUES Section 4. No law shall be passed abridging the freedom of speech, of Information technology has provided amazing new ways to expression, or of the press, or the right of the people communicate with people around the world. With these new peaceably to assemble and petition the government for methods come responsibilities and new ethical problems. redress of grievances. - number of key issues related to freedom of expression, Section 5. including controlling access to Information on the Internet, No law shall be made respecting an establishment of anonymity, defamation, hate speech, and pornography. religion, or prohibiting the free exercise thereof. The free exercise and enjoyment of religious profession and worship, INTERNET FILTERING without discrimination or preference, shall forever be - internet filter is software that can be Installed with Web allowed. No religious test shall be required for the exercise browser to block access to certain Web sites that contain of civil or political rights. inappropriate or offensive material. - The best Internet filters used a combination of URL - Numerous court decisions have broadened the definition filtering, keyword filtering, and dynamic content filtering. of speech to include non- verbal, visual, and symbolic forms-of expression, such as burning the flag, dance - With URL (Uniform Resource Locator) filtering a particular movements, and hand gestures. URL or domain name is identified as an objectionable site and the user is not allowed access it. However, the following types of speech are not protected - Keyword filtering uses keywords or phrases such as sex, by the bill and may be forbidden by the government: Satan, and gambling to trigger the blocking of websites. obscene speech, defamation, incitement of panic, - With dynamic content filtering each web site's content is incitement to crime, "fighting words", and sedition evaluated immediately before it is displayed, using such (incitement of discontent or rebellion against a techniques as object analysis and image recognition. government). - Network administrators may choose to install filters on - Corporations often file these lawsuits because they are employees’ computers to prevent them from viewing sites upset by anonymous e-mail messages that criticize the that contain pornography or other objectionable material. company or reveal company secrets. CONTENT RATING ASSOCIATION (ICRA) - Another filtering DEFAMATION AND HATE SPEECH system Speech that is merely annoying, critical, demeaning, or - a nonprofit organization whose members include Internet offensive enjoys protection under the law. industryleaders such as AOL Europe, BellSouth, British Legal recourse is possible only when hate speech turns Telecom, IBM, Microsoft, and Verizon. into clear threats and intimidation against specific hate citizens. - Another approach to restricting access to Web sites is to Persistent or malicious harassment aimed at a specific subscribe to an internet service provider (ISP) that performs person can be prosecuted under the law, but general, broad the blocking itself. statements expressing hatred of an ethnic, racial, or religious group cannot. A threatening private message sent ANONYMITY - The principle of anonymous expression over the Internet to a person, a public message displayed allows people to state their opinions without revealing their on Web site describing intent to commit acts of identity. hate-motivated violence, and libel directed at a particular - The freedom to express an opinion without fear of reprisal person are all actions that can be prosecuted. is an important right of a democratic society. - even more important in countries that don't allow free PORNOGRAPHY speech. However, in the wrong hands, anonymous Many adults and free-speech advocates believe that communication can be used as a tool to commit illegal or nothing is illegal or wrong about purchasing adult unethical activities. pornographic material made for and by consenting adults. - Maintaining anonymity on the Internet is important to They argue that the law protects such material. some computer users. They might be seeking help in an On the other hand, most parents, educators, and other online support group, reporting defects about child advocates are upset by the thought of children are manufacturer's goods or services, participating in frank deeply concerned about viewing pornography. discussions of sensitive topics, expressing a minority or They are deeply concerned about its impact on children antigovernment opinion in hostile political environment, or and fear that increasingly easy access to pornography participating in chat rooms. encourages pedophiles and sexual molesters. - Other Internet users would like to ban Web anonymity Spim, instant messaging spam, is also becoming a because they think that its use increases the risks of problem; more than 30 percent of IM users receive defamation, fraud, libel, and exploitation of children. unsolicited instant messages. ANONYMOUS REMAILERS LESSON 4: INTELLECTUAL PROPERTY - Maintaining anonymity is a legitimate need for some Internet activities; however,the address in an e-mail messenger news group posting clearly identifies its author. - a term used to describe works of the mind, such as art, - Internet users who want to remain anonymous can send books, films, formulas, inventions, music, and processes, e-mail to an anonymous remailer service, where a computer that are distinct and "owned" or created by a single person program strips the originating address from the message. or group. The use of a remailer keeps communications COPYRIGHT LAW - protects authored works such as art, anonymous; what is communicated, and whether it is books, fil, and music. ethical or legal, is up to the sender. The use of remailers to enable people to commit PATENT LAW - protect invention's success. unethical or even illegal acts in some states or countries has spurred controversy. Together, copyright, patent, and trade secret legislation Remailers are frequently used to send pornography, form a complex body of law that addresses the ownership to illegally post copyrighted materials, and to send of intellectual property. unsolicited advertising to broad audiences (spamming). - Such laws can also present potential ethical problems for A corporate IT organization may want to employ IT companies and users -for example, some innovators filters or set the corporate firewall to prohibit believed that copyrights, patent, and trade secrets stifle employees from accessing remailers, or to send creativity by making it harder to build on the ideas of others. warning message each time an employee communicates with remailer. COPYRIGHT - Copyright and patent protection which specifies that JOHN DOE LAWSUIT government shall have the power "to promote the Progress Science and useful Arts, by securing for limited Times to JOHN DOE / JANE DOE - use for unknown identity. Authors and Inventors the exclusive Rights to their respective Writings and Discoveries.” - the identity of the defendant is temporarily unknown. - Such suits are common in Internet libel cases, where the - grants the creators of "original l works of authorship in any defendant communicates using a pseudonym or tangible medium of expression, now known or later anonymously. developed, from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of machine or device, the exclusive right to. distribute, display, perform, or reproduce the work, in copies, or to An invention must pass the following four tests to be eligible prepare derivative works. for a patent: TERM OF PROTECTION 1. It must fall into one of five statutory classes of items that 1. The copyright in works shall be protected during the life can be patented: of the author and for fifty (50 years after his death. This rule Processes also applies to posthumous works. Machines 2. In case of works of joint authorship, the economic rights manufactures (such as objects need by humans or shall be protected during the life of the last surviving author machines) and for fifty (50) years after his death. compositions of matter (such as chemical 3. In case of anonymous or pseudonymous works, the compounds) copyright shall be protected for fifty (50) years from the new uses in any of the previous four classes. date on which the work was first lawfully published: ○ It must be useful. Provided, That where, before the expiration of the said ○ It must be novel. period, the author's identity is revealed or is no longer in ○ It must not be obvious to a person having doubt, the provisions of above guidelines shall apply, as the ordinary skill in the same field. case may be: Provided, further, That such works if not published before shall be protected for fifty (50) years PATENT INFRINGEMENT counted from the making of the work. - It occurs when someone makes unauthorized use of 4. In case of works of applied art the protection shall be for another's patent. a period of twenty-five (25) years from the date of making. - there is no specified limit to the monetary penalty if patent 5. In case of photographic works, the protection shall be for infringement is found. In fact, if a court determines that the fifty (50) years from publication of the work and, if infringement is intentional, it can award up to three times unpublished, fifty (50) years from the making. the amount of the damages claimed by the patent holder. 6. In case of audio-visual works including those produced - The most common defense against patent infringement is by process analogous to photography or any process for a counterattack on the claims of infringement and the making audio-visual recordings, the term shall be fifty (50) validity of the patent itself. Even if the patent valid, the years from date of publication and, if unpublished, from the plaintiff must is still prove every element of at least one date of making. claim and that the infringement caused some sort of damage. PROTECTION FOR PERFORMERS, PRODUCERS AND BROADCASTING ORGANIZATIONS SOFTWARE PATENTS - "claims as all or substantially all of invention som