Computer and Internet Crimes PDF
Document Details
Uploaded by Deleted User
Pamantasan ng Cabuyao
Tags
Summary
This document provides an overview of computer and internet crimes, covering various aspects, including types, effects, and risks related to computer crimes. It also includes basic information concerning security issues. The file is meant to be a learning resource for computer science students.
Full Transcript
Computer and Internet Crimes Intended Learning Outcomes (ILO) At the end of the lesson, you will be able to: 1. Recognize the internet and cybercrimes terms introduced in this lesson; 2. Understand the consequences of inappropriate online behavior; 3. Determine what information to s...
Computer and Internet Crimes Intended Learning Outcomes (ILO) At the end of the lesson, you will be able to: 1. Recognize the internet and cybercrimes terms introduced in this lesson; 2. Understand the consequences of inappropriate online behavior; 3. Determine what information to share and not to share online; Computer and Internet Crimes Security Types and Effects of Computer Crimes Governments, businesses, and people around the world have been affected immeasurably by the unprecedented advancement force of computer technology. The already enormous and exponentially growing capacities of electronic storage, transmission, and rapid manipulation of binary data changed the modern landscape virtually overnight. However, such fundamental restructuring in the society also resulted in certain disadvantages, on all levels. Our vulnerability increased with the perceived value of and reliance on this technology. Increased opportunities for the industrious to be more productive also allow the less-upright new avenues for malevolence. What is “Computer Crime”? The term "computer crime" could reasonably include a wide variety of criminal offenses, activities, or issues. It can be separated into two categories: (1) crimes facilitated by a computer; and (2) crimes where the computer is the target. The different Computer security issues and their effects We usually keep files containing a month's worth of work or confidential information in our computers. Protecting these data should be given careful attention. Almost every day, computer systems are being broken into, or computer viruses turn up on someone's computer. They are constant threats, making security even more critical. There are basically three overlapping types of Risks: 1. Bugs or misconfiguration problems that allow unauthorized remote users to: Steal confidential documents Execute commands on the host machine, allowing them to modify the system Gain information about the host machine, allowing them to break into the system Launch denial-of-service attacks, rendering the machine temporarily unusable 2. Browser-side risks, including: Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance The misuse of personal information knowingly or unknowingly provided by the end-user 3. Interception of network data sent from browser to server or vice versa via network eavesdropping The aspects of Computer Security Physical Security – The first and perhaps the easiest rule of computer security.Everyone knows that you need to lock your doors to keep your TV, refrigerator, and other appliances safe at home. The same idea applies to your computer as well. We have to make sure that our computers are attended, watched, or locked behind our doors. Viruses – Once you've started using your computer, viruses can start working on your computer too. The computer virus is one of those programs you don't want that usually gets sent to you by people through email. The aspects of Computer Security Malicious Logic – This usually affects your computer system while you are on the net. Commands are frequently present in web pages we visit while surfing the net. This type of computer security problem is usually deliberately created. Symptoms may include slow response time, system crashes, or uncooperative programs. Hacking – Hackers found ways to exploit holes in operating systems of local and remote systems. They developed methods to exploit security holes in various computer systems. Internal Misuse – Occasionally, some people use your computer and some files may be intentionally or unintentionally deleted. When permanently deleted from the system, this may mean that you will have to redo the work. System crashes can also occur when files needed by a program are deleted or altered. Spoofing – Network spoofing is an ingenious way for an intruder to gain access to the system. The intruder sets up a program that impersonates the sign-on routine of another system. Two categories of electronic crime types. There are many different ways to attack computers and networks to take advantage of what has made shopping, banking, investment, and leisure pursuits a simple matter of ― “dragging and clicking” for many people. The different types of electronic crime fall into two main categories: - crimes in which computer is the target of the attack, - and incidents in which the computer is a means of perpetrating a criminal act. The following is a list of some of the noted Computer crimes committed over the past years: The Morris Worm (November, 1988) – Robert Morris released what has become known as the Internet Worm. This was the first large-scale attack on the Internet and the worm infected roughly 10 percent of the machines then connected to the Internet and caused an estimated $100 million damages. Citibank and Vladimir Levin (June-October, 1994) – Levin reportedly accomplished the break-ins by dialing into Citibank‘s cash management system. This system allowed clients to initiate their own fund transfers to other banks. Kevin Mitnick (February, 1995) – Mitnick admitted to having gained unauthorized access to a number of different computer systems belonging to companies such as Motorola, Novell, Fujitsu, and Sun Microsystems. He also admitted to having used stolen accounts at the University of Southern California to store proprietary software he had taken from various companies. The following is a list of some of the noted computer crimes committed over the past years: Omega Engineering and Timothy Lloyd (July, 1996) – The program that run on July 30 deleted all the design and production programs for the company, severely damaging the small firm and forcing the layoff of 80 employees. Jester and the Worcester Airport (March, 1997) – Airport services to the FAA control tower as well as the emergency services at the Worcester Airport and the community of Rutland, Massachusetts were cut off for a period of six hours. This disruption occurred as a result of a series of commands sent by a teenage computer hacker who went by the name ― “jester”. Solar Sunrise (February, 1998) – A series of computer intrusions occurred at a number of military installations in the U.S. Over 500 domain name servers were compromised during the course of the attacks. Making it harder to track the actual origin of the attacks was the fact that the attackers made a number of ―hops‖ between different systems, averaging eight different systems before arriving at the target. The following is a list of some of the noted computer crimes committed over the past years: The Melissa Virus (March, 1999) – Melissa is the best-known early macro type viruses that attach themselves to documents for programs that have limited macro programming capability. The virus, written and released by David Smith, infected about a million computers. The Love Letter Worm (May, 2000) – Also known as the ― “ILOVEYOU” virus and the “Love Bug,” was written and released by a Philippine student named Onel de Guzman. The worm was spread via email with the subject line of “ILOVEYOU.” The virus spread via email attachments. When the receiver ran the attachment, it searched the system for files with specific extensions in order to replace them with copies of itself. The Code-Red Worm (2001) – This infection took only 14 hours to occur. The worm took advantage of a buffer-overflow condition in Microsoft‘s IIS web servers. The worm itself was memory resident so simply turning off an infected machine eliminated it. Adil Yahya Zakaria Shakour (August, 2001-May, 2002) – Shakour admitted to having accessed several computers without authorization, including a server at Eglin Air Force Base, computers at Accenture, a computer system at Sandia National Laboratories, and a computer at Cheaptaxforms.com. The Slammer Worm (2003) – It exploited buffer- overflow vulnerability in computers running Microsoft‘s SQL Server or Microsoft SQL Server Desktop Engine. Slammer_x0002_infected hosts were generating a reported 1TB of worm-related traffic every second. The worm doubled its number of infected hosts every 8 seconds. July 2009 cyberattacks – These were a series of coordinated cyberattacks against major government, news media, and financial websites in South Korea and the United States. The first wave of attacks occurred on July 4, 2009 and the last wave of attacks began on July 9, 2009. Shamoon (2012) – It is a computer virus discovered in 2012 that attacks computers running the Microsoft Windows operating system. It is also known as Disttrack. Shamoon is capable of wiping files and rendering several computers on a network unusable. There are a number of different threats to security and these are the following: Viruses and Worms – A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A worm is a type of malware and is a self-replicating program similar to a virus. Intruders – The act of deliberately accessing computer systems and networks without authorization is generally referred to as hacking. It also applies to the act of exceeding one‘s authority in a system. This includes authorized users who attempt to gain access to files or obtain permissions that they have not been granted. A script kiddie is a derogatory term for inexperienced crackers who use scripts and programs developed by others for the purpose of compromising computer accounts and files, and for launching attacks on whole computer systems. Elite hackers are people who are not only capable of writing scripts to exploit known vulnerabilities, but also capable of discovering new ones. Insiders – They have the access and knowledge necessary to cause immediate damage to an organization. They may also have all the access they need to perpetrate criminal activity such as fraud. Moreover, they have knowledge of the security systems in place and will be better able to avoid detection. Criminal Organizations – Attacks by criminal organizations can fall into the structured threat category, which is characterized by a greater amount of planning, a longer period of time to conduct the activity, more financial backing to accomplish it, and possibly, corruption of or collision with insiders. Terrorists and Information Warfare – An information warfare is conducted against information and information processing equipment used by an adversary. Computer security and network security Computer security is the effort to create a secure computing platform, designed so that agents (users or programs) can only perform actions that have been allowed. This involves specifying and implementing a security policy. Network security is a protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. CIA of security The original goal of computer and network security is to provide confidentiality, integrity, and availability. Confidentiality refers to the security principle that states that information should not be disclosed to unauthorized individuals. Integrity is the security principle that requires information to not be modified except by individuals authorized to do so. Availability applies to hardware, software, and data. All of these should be present and accessible when the subject (the user) wants to access or use them. Authentication deals with the desire to ensure that an individual is who they claim to be. On the other hand, non-repudiation deals with the ability to verify that a message has been sent and received and that the sender can be identified and verified the security principles. The three ways an organization can choose to address the protection of its networks are: - ignore security issues, - provide host security, and - approach security at a network level. Least privilege is applicable to many physical environments as well as network and host security. Least privilege means that an object should have only the necessary rights and privileges to perform its task, with no additional permissions. Layered Security It is important that every environment have multiple layers of security. Those layers may employ a variety of methods such as routers, firewalls, network segments, IDSs, encryption, authentication software, physical security, and traffic control. The layers are depicted, usually, starting from the top, with more general types of protection, and progressing downward through each layer, with increasing granularity at each layer as you get closer to the actual resource. Diversity of defense is a concept that complements the idea of various layers of security. Access is the ability of a subject to interact with an object. Access controls refers to devices and methods used to limit which subjects may interact with specific objects. Authentication mechanisms ensure that only valid users are provided access to the computer system or network. The following are the various methods to implement access controls: Discretionary Access Control – It is a means of restricting access to objects based on the identity of subject and/or groups to which they belong. Mandatory Access Control – It is a means of restricting access to objects that is based on fixed security attributes assigned to users and to files and other objects. Role-Based Access Control – It is an alternative to traditional access control models (e.g., discretionary or non-discretionary access control policies) that permits the specification and enforcement of enterprise-specific security policies in a way that maps more naturally to an organization's structure and business activities. Health Issues Why do few computer workstations give eyestrain and muscle fatigue? Why is the video recorder one of the most frustrating domestic items to operate? Why do some car seats leave you aching after a long journey? These questions and many others may leave us hanging on how we can handle such irritations and inconveniences. But these can be avoidable by applying ergonomics. Many computer-related health problems are minor and caused by a poorly designed work environment. Keyboards and computer screens may be fixed in place or difficult to move. Desks and chairs may also be uncomfortable. The computer screen may be hard to read, with problems of glare and poor contrast. The hazardous activities associated with these unfavorable conditions are collectively referred to as work sensors. Although these problems may not be of major concern to casual users of computer systems, continued stressors such as eyestrain, awkward posture, and repetitive motion, may cause more serious and long-term injuries. If nothing else, these problems can severely limit productivity and performance. The study of designing and positioning computer equipment, called ergonomics, has suggested a number of approaches to reduce these health problems. Ergonomics is an approach which puts human needs and capabilities at the focus of designing technological systems. The objective of ergonomics is to ensure that humans and technology work in complete harmony, with the equipment and tasks aligned to human characteristics. Another goal is to have “no pain” computing. The placement and design of computer tables and chairs, the positioning and design of display screens, and the slope of the keyboard have been carefully studied. Flexibility is a major component of ergonomics and an important feature of computer devices. People of differing sizes and preferences require different positioning of equipment for best results Different essential implications to achieve productivity, efficiency,safety, and health in work setting. Ergonomics has various applications to everyday domestic situations, but there are even more essential implications for productivity, efficiency, safety and health in work settings. Here are the following examples: Designing equipment and work arrangements to improve working posture and ease the load on the body, thus reducing instances of Repetitive Strain Injury/Work Related Upper Limb Disorder. Information design, to make the interpretation and use of handbooks, signs, and displays easier and less error-prone. Designing equipment and systems including computers, so that they are easier to use and less likely to lead to errors in operation – particularly important in high stress and safety-critical operations such as control rooms. Designing working environments, including lighting and heating, to suit the needs of the users and the tasks performed. Where necessary, design of personal protective equipment for work and hostile environments. Design of training arrangements to cover all significant aspects of the job concerned and to take account of human learning requirements. The design of military and space equipment and systems – an extreme case of demands on the human being. Designing tasks and jobs so that they are effective and take account of human needs such as rest breaks and sensible shift patterns, as well as other factors such as intrinsic rewards of work itself. In developing countries, the acceptability and effectiveness of even fairly basic technology can be significantly enhanced. The multi-disciplinary nature of ergonomics, sometimes called “Human Factors”, is immediately obvious. The ergonomist works in teams which may involve a variety of other professions: design engineers, production engineers, industrial designers, computer specialists, industrial physicians, health and safety practitioners, and specialists in human resources. The overall aim is to ensure that our knowledge of human characteristics is brought to bear on practical problems of people at work and in leisure. We know that, in many cases, humans can adapt to unsuitable conditions, but such adaptation leads often to inefficiency, errors, unacceptable stress, and physical or mental cost. Trace the origins of ergonomics. Ergonomics, a relatively new branch of science, celebrated its 50th anniversary in 1999. It relies on research carried out in many other older, established scientific areas, such as physiology, psychology, and engineering. The checklist for a use-friendly workstation. The following are equipment checklist for a Use-Friendly Workstation: Buying Tips Ask for equipment that meets American National Standards Institute (ANSI) standards. These are ergonomic standards applicable to computer terminals, associated furniture, and the work environment.Try equipment out before purchasing whenever possible. Computer Terminal Easy to use brightness and control knobs No perceptible screen flicker Detachable keyboard Reduced electromagnetic fields (EMF) emissions Tiltable screen Character size at least 3/16" Chair Back provides firm lower and mid-back support. Adjustable arm rests, if needed to prevent shoulder fatigue. Seat and back easily adjustable for height and tilt from seated position without use of tools. Seat upholstered and padded curves down at front edge. Five (5) casters for stability. Table Easily adjustable from seated position without use of tools Bi-level to allow independent adjustment of screen and keyboard Adequate leg room Adequate table top space for required tasks Accessories (As Needed) Foot rest for users whose feet don‘t rest flat on the floor Adjustable keyboard tray, if table is too high Wrist rest that is padded, movable, same height as keyboard home row Document holder adjustable to screen height Glare screen with grounding wire Lumbar support cushion, if chair doesn‘t support lower back Telephone headset Task lighting Reduce Glare to Avoid Eyestrain Lower lighting level to about half of normal office lighting Avoid placing computer directly under a bank of lights Avoid light shining directly into your eyes or onto your screen Use window curtains or blinds if necessary Position screen at right angle to window Hold a mirror in front of your screen to identify sources of glare Use task lighting if necessary Information Ethics Ethics is a set of principles which involves systematizing, defending, and recommending concepts of right and wrong behavior. Information ethics can be regarded as part of normal business ethics since to do otherwise would mean that normally unethical acts might be all right via computer. Business ethics is the “code of morals of a particular profession” and “the standards of conduct of a given profession”. Since morals are “principles if right and wrong in conduct”, information ethics, therefore, can be defined as an agreement among information systems professionals to do right and to avoid wrong in their work. Four Unique information systems attributes Addressed by information ethics Information ethics is a specific application of business ethics to information systems. Thus, they may be mistakenly assumed to be identical to business ethics. However, information ethics addresses issues unique to information systems. The following are the four (4) unique I.S. attributes: Location - With a computer, an unethical act can be committed from many locations. Time- Information systems make it possible to commit unethical acts quickly. Separation of Act from Consequences- Most people feel guilty when they see someone hurt by their actions. Individual Power- Would-be criminals often need help to misbehave. Privacy refers to the right of people to not reveal information about them. It is the right to keep personal information, such as personal email messages,medical histories, student records, and financial information from getting into the wrong hands. The right to privacy at work is also an important issue. Some experts believe that there will be a collision between workers who want their privacy and companies that demand to know more about their employees. Recently, companies that have been monitoring their employees have raised concerns. Workers may find that they are being closely monitored via computer technology. Email also raises some interesting issues about work privacy. Federal law allows employers to monitor email sent and received by employees. Furthermore, email messages that have been erased from hard disks may be retrieved and used in lawsuits because the laws of discovery demand that companies produce all relevant business documents. Alternatively, the use of email among public officials may violate “open meeting” laws. These laws, which apply to many local, state, and federal agencies, prevent public officials from meeting in private about matters concerning the state or local area. Information Accuracy For information to be accurate, it must be error-free, complete, and relevant to decisions that are to be based on it. Professional integrity is one of the guarantors of information accuracy. An ethical approach to information accuracy calls for the following: a. Individuals should be given an opportunity to correct inaccurate information held about them in database. b. Databases containing data about individuals should be reviewed at frequent intervals, with obsolete data discarded. c. System safeguards, such as control audits, are necessary to maintain information accuracy. Regular audits of data quality should be performed and acted upon. d. A professional should not misrepresent his or her qualifications to perform a task. e. A professional should inform his or her employer what consequences to expect if his or her judgment is overruled. Accessibility Access to files, both online and offline, should be restricted only to those who have a legitimate right to access – because they need those files to do their jobs. Many organizations keep a transaction log that notes all accesses or attempted accesses to data. Most LAN management software includes this function. Property Many networks have audit controls to track which files were opened, which programs and servers were used, and so on. This creates an audit trail, a record of how a transaction was handled from input through processing and output. The following are the federal computer crime laws: Fair Credit Reporting Act of 1970 (FCRA). Controls operations of credit- reporting bureaus, including how they collect, store, and use credit information. Freedom of Information Act of 1970. Ensures access of individuals to personal data collected about them and about government activities in federal agency files. Tax Reform Act of 1976. Regulates the collection and use of certain information by the Internal Revenue Service. Rights to Financial Privacy Act of 1978. Regulates government access to certain records held by financial institutions. Electronic Funds Transfer Act of 1979. Enumerates the responsibilities of companies that use electronic funds transfer systems, including consumer rights and liability for bank debit cards. Computer Matching and Privacy Act of 1988. Regulates cross-reference between federal agencies‘ computer files. Video Privacy Act of 1988. Prevents retail stores from disclosing video rental records without a court order. Telephone Consumer Protection Act of 1991. Limits telemarketers‘ practices. Cable Act of 1992. Regulates companies and organizations that provide wireless communication services, including cellular phones. Computer Abuse Amendments Act of 1994. Prohibits transmissions of harmful computer programs and code, including viruses. Children’s Online Privacy Protection Act of 1998. Establishes standards for sites that collect information from children. Its purpose is to prohibit unfair or deceptive acts or practices in connection with the collection, use, or disclosure of personally identifiable information from and about children on the Internet. Education Privacy Act. Restricts collection and use of data by federally funded educational institutions, including specifications for the type of data collected, access by parents and students to the data, and limitations on disclosure. The following are the federal computer crime laws: Copyrights Law. Sets standards on copyrights and computer programs. Fraud and False Statements Law. Standards against fraud and related activity in connection with access devices and computers. Espionage and Censorship. Sets standards in gathering, transmitting, or losing defense information. Mail Fraud Law General prohibition on pen register and trap and trace device use Pen Registers and Trap and Trace Devices Standards against fraud by wire, radio, or television Standards against Interception and disclosure of wire, oral, or electronic communications prohibited Wire and Electronic Communications Interception and Interception of Oral Communications Tips in preventing crimes on the Internet Internet security can include firewalls and a number of methods to secure financial transactions. A firewall includes hardware and software combinations that act as a barrier between an organization‘s information system and the outside world. A number of systems have been developed to safeguard financial transactions on the Internet. The following tips can be taken to help prevent crime on the Internet: Use of stand-alone firewall, including hardware and software with network monitoring capabilities. Use Internet security specialists to perform audits of all Internet and network activities. Develop effective Internet and security policies for all employees. Monitor managers and employees to make sure they are using the Internet for business purposes only. Data alteration/theft Data and information are valuable corporate assets. The intentional use of illegal and destructive programs to alter or destroy data is as much a crime as destroying tangible goods. Most common of these types of programs are viruses and worms, which are software programs that, when loaded into a computer system, will destroy, interrupt, or cause errors in processing. There are more than 53,000 known computer viruses today, with more than 6,000 new viruses and worms being discovered each year. Some viruses and worms attack personal computers, while others attack network and client/server systems. A personal computer can get a virus from an infected disk, an application, or e-mail attachments received from the Internet. A virus or worm that attacks a network or client/server system is usually more severe because it can affect hundreds or thousands of personal computers and other devices attached to the network. Workplace computer virus infections are increasing rapidly because of several viruses spread through e-mail attachments. Malicious Access Crimes involving illegal system access and use of computer services are a concern to both government and business. Federal, state, and local government computers are sometimes left unattended over weekends without proper security, and university computers are often used for commercial purposes under the pretense of research or other legitimate academic pursuits. A 28-year-old computer expert allegedly tied up thousands of US West computers in an attempt to solve a classic math problem. The individual reportedly obtained the passwords to hundreds of computers and diverted them to search for a new prime number, racking up ten years of computer processing time. The alleged hacking was discovered by a US West Intrusion Response Team after company officials noticed that computers were taking up to five minutes to retrieve telephone numbers, when normally they require only three to five seconds. At one point, customer calls had to be rerouted to other states, and the delays threatened to close down the Phoenix Service Delivery Center. Since the outset of information technology, computers have been plagued by criminal hackers. A hacker is a person who enjoys computer technology and spends time learning and using computer systems. A criminal hacker, also called a cracker, is a computer-savvy person who attempts to gain unauthorized or illegal access to computer systems. In many cases, criminal hackers are people who are looking for fun and excitement – the challenge of beating the system. Classification of Computer Viruses The two most common types of viruses are application viruses and system viruses. Application viruses infect executable application files, such as word processing programs. When the application is executed, the virus infects the computer system. A system virus typically infects operating system programs or other systems files. These files of viruses usually infect the system as soon as the computer is started. Another type of program that can destroy a system is a Logic bomb, an application or system virus designed to “explode” or execute at a specified time and date. Logic bombs are often disguised as a Trojan horse, a program that appears to be useful but actually masks the destructive program. Some of these programs execute randomly; others are designed to remain inert in software until a certain code is given. When it detects the cue, the bomb will explode months, or even years, after being “planted”. A macro virus is a virus that uses an application‘s own macro programming language to distribute itself. Unlike the viruses mentioned earlier, macro viruses do not infect programs, they infect documents. The document could be a letter created using a word processing application, a graphics file developed for a presentation, or a database file. Macro viruses that are hidden in a document file can be difficult to detect. As with other viruses, however, virus detection and correction programs can be used to find and remove macro viruses. Technologies’ Impact on Privacy LIVING IN THE IT ERA - WEEK 8-9 Learning Objectives: 1. Identify privacy issues associated with information technology; 2. Identify ethical issues associated with information technology; 3. Provide students the necessary knowledge for safe digital communication; and 4. Engage students in real-world problems by collaborating with others. The Right to Privacy in the Philippines The Facts: Mr. A has this estafa case and the case reached the Supreme Court. Unfortunately, he lost the case. As we all know, when a case reaches the Supreme Court, the same is published in every website discussing Philippine jurisprudence. Now, every time someone key-in his name in the web search engines, the estafa case is displayed as one of its results. Due to such, Mr. A suffered humiliation and embarrassment from people, who chanced upon such search result of his name. Because of this, he wants his name be removed from such websites and he therefore invokes his Constitutional right to privacy The Issue: Can a person request that his name be removed from such websites pertaining to Supreme Court decided cases as the same is a violation of his right to privacy? Why? Why not? The Answer: No. A person cannot ask for such removal as the same does not constitute as a violation of his right to privacy. The Philippines has no specific law on privacy. However, the 1987 Constitution tried to provide under its: Article III (Bill of Rights) provisions for the right to privacy, namely: Section 2. The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized. Section 3. (1) The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law. (2) Any evidence obtained in violation of this or the preceding section shall be inadmissible for any purpose in any proceeding. Note also that under Section 7, Article III of the Constitution, the right of the people to information on matters of public concern shall be recognized. A citizen has the right to access to official records, and to documents and papers pertaining to official acts, transactions, or decisions, subject to the limitations provided by law. Hence, the case being jurisprudence, one has the right to access such information. Given the situation, a person cannot invoke that his right to privacy has been violated because of the publication of his name along with the case he was in as the right to privacy does not prohibit the publication of matter which is of public or general interest. The National Identification System It‘s been two decades since the government first initiated the establishment of a national ID system. In 1996, then President Fidel Ramos issued Administrative Order No. 308 adopting a National Computerized Identification System. Unfortunately, the order was declared unconstitutional by the Supreme Court. In striking down A.O. 308, the Supreme Court emphasized that the Court is not per se against the use of computers to accumulate, store, process, retrieve and transmit data to improve our bureaucracy. The Supreme Court also emphasized that the right to privacy does not bar all incursions into the right to individual privacy. This right merely requires that the law be narrowly focused and a compelling interest justify such intrusions. Intrusions into the right must be accompanied by proper safeguards and well-defined standards to prevent unconstitutional invasions. The right to privacy is a constitutional right, granted recognition independently of its identification with liberty. It is recognized and enshrined in several provisions of our Constitution, specifically in Sections 1, 2, 3 (1), 6, 8 and 17 of the Bill of Rights. Zones of privacy are also recognized and protected in our laws, including certain provisions of the Civil Code and the Revised Penal Code, as well as in special laws (e.g., Anti-Wiretapping Law, the Secrecy of Bank Deposit Act and the Intellectual Property Code). The right to privacy is a fundamental right guaranteed by the Constitution. Therefore, it is the burden of government to show that A.O. 308 is justified by some compelling state interest and that it is narrowly drawn. The government failed to discharge this burden. A.O. 308 is predicated on two considerations: (1) the need to provide our citizens and foreigners with the facility to conveniently transact business with basic service and social security providers and other government instrumentalities and (2) the need to reduce, if not totally eradicate, fraudulent transactions and misrepresentations by persons seeking basic services. While it is debatable whether these interests are compelling enough to warrant the issuance of A.O. 308, it is not arguable that the broadness, the vagueness, the overbreadth of A.O. 308, if implemented, will put our people‘s right to privacy in clear and present danger. The heart of A.O. 308 lies in its Section 4 which provides for a Population Reference Number (PRN) as a “common reference number to establish a linkage among concerned agencies” through the use of “Biometrics Technology” and “computer application designs.” Biometry or biometrics is “the science of the application of statistical methods to biological facts; a mathematical analysis of biological data.” The methods or forms of biological encoding include finger-scanning and retinal scanning, as well as the method known as the “artificial nose” and the thermogram. A.O. 308 does not state what specific biological characteristics and what particular biometrics technology shall be used. Moreover, A.O. 308 does not state whether encoding of data is limited to biological information alone for identification purposes. The Solicitor General‘s claim that the adoption of the Identification Reference System will contribute to the “generation of population data for development planning” is an admission that the PRN will not be used solely for identification but for the generation of other data with remote relation to the avowed purposes of A.O. 308. The computer linkage gives other government agencies access to the information, but there are no controls to guard against leakage of information. When the access code of the control programs of the particular computer system is broken, an intruder, without fear of sanction or penalty, can make use of the data for whatever purpose, or worse, manipulate the data stored within the system. A.O. 308 falls short of assuring that personal information which will be gathered about our people will only be processed for unequivocally specified purposes. The lack of proper safeguards in this regard of A.O. 308 may interfere with the individual‘s liberty of abode and travel by enabling authorities to track down his movement; it may also enable unscrupulous persons to access confidential information and circumvent the right against self-incrimination; it may pave the way for “fishing expeditions” by government authorities and evade the right against unreasonable searches and seizures. The possibilities of abuse and misuse of the PRN, biometrics and computer technology are accentuated when we consider that the individual lacks control over what can be read or placed on his ID, much less verify the correctness of the data encoded. They threaten the very abuses that the Bill of Rights seeks to prevent. Identity Theft in the Philippines Today, personal information is captured, processed, and disseminated in a bewildering variety of ways, and through increasingly sophisticated, miniaturized, and distributed technologies: identity cards, biometrics, video surveillance, the use of cookies and spyware by websites, data mining and profiling, and many others. Identity theft is the deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name, and perhaps to the other person's disadvantage or loss. In the Philippines, many syndicated groups used skimming machine to perform such acts. ATM skimming is like identity theft for debit cards: Thieves use hidden electronics to steal the personal information stored on your card and record your PIN number to access all that hard-earned cash in your account. That's why skimming takes two separate components to work. The first part is the skimmer itself, a card reader placed over the ATM's real card slot. Always pay attention to objects mounted on the ATM or located close by. A pinhole or off-color piece of plastic could give away the camera's hiding place. Cameras could even be hidden in brochure racks. Some ATM skimming schemes employ fake keypads in lieu of cameras to capture PIN numbers. Just like the card skimmers fit over the ATM's true card slot, skimming keypads are designed to mimic the keypad's design and fit over it like a glove. If you notice that the keypad on your ATM seems to protrude oddly from the surface around it, or if you spy an odd color change between the pad and the rest of the ATM, it could be a fake. The Blogger’s Freedom of Expression and the Libel Law Scope of the Freedom of Expression Article III (Bill of Rights) Section 4 of the 1987 Philippine Constitution provides that ―No law shall be passed abridging the freedom of speech, of expression, or of the press, or the right of the people peaceably to assemble and petition the government for redress of grievances.‖ In addition, to protect the rights of people having an adverse political beliefs and aspirations, Article III Section 18 (1) further provides ― “No person shall be detained solely by reason of his political beliefs and aspirations.” Defamation Laws in the Philippines Under Article 353 of the Revised Penal Code of the Philippines, libel is defined as a public and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any act, omission, condition, status or circumstance tending to discredit or cause the dishonor or contempt of a natural or juridical person, or to blacken the memory of one who is dead. Thus, the elements of libel are: (a) imputation of a discreditable act or condition to another; (b) publication of the imputation; (c) identity of the person defamed; and, (d) existence of malice. [Daez v. Court of Appeals, G.R. No. 47971, 31 October 1990, 191 SCRA 61, 67] In libel cases, the question is not what the writer of an alleged libel means, but what the words used by him mean. Jurisprudence has laid down a test to determine the defamatory character of words used in the following manner, viz: “Words calculated to induce suspicion are sometimes more effective to destroy reputation than false charges directly made. Ironical and metaphorical language is a favored vehicle for slander. A charge is sufficient if the words are calculated to induce the hearers to suppose and understand that the person or persons against whom they were uttered were guilty of certain offenses, or are sufficient to impeach their honesty, virtue, or reputation, or to hold the person or persons up to public ridicule....” [Lacsa v. Intermediate Appellate Court, 161 SCRA 427 (1988) citing U.S. v. O‘Connell, 37 Phil. 767 (1918)] An allegation is considered defamatory if it ascribes to a person the commission of a crime, the possession of a vice or defect, real or imaginary, or any act, omission, condition, status or circumstances which tends to dishonor or discredit or put him in contempt, or which tends to blacken the memory of one who is dead. Presumption of Malice: The law also presumes that malice is present in every defamatory imputation. Thus, Article 354 of the Revised Penal Code provides that: Every defamatory imputation is presumed to be malicious, even if it be true, if no good intention and justifiable motive for making it is shown, except in the following cases: 1. A private communication made by any person to another in the performance of any legal, moral or social duty; and 2. A fair and true report, made in good faith, without any comments or remarks, of any judicial, legislative or other official proceedings which are not of confidential nature, or of any statement, report or speech delivered in said proceedings, or of any other act performed by public officers in the exercise of their functions. Paragraph 2 aforequoted refers to a qualifiedly privileged communication, the character of which is a matter of defense that may be lost by positive proof of express malice on the part of the accused. Once it is established that the article is of a privileged character, the onus of proving actual malice rests on the plaintiff who must then convince the court that the offender was prompted by malice or ill will. When this is accomplished the defense of privilege becomes unavailing. [Santos v. Court of Appeals, No. L-45031, 21 October 1991, 203 SCRA 110, 114] Prescinding from this provision, when the imputation is defamatory, as in this case, the prosecution need not prove malice on the part of the defendant (malice in fact), for the law already presumes that the defendant‘s imputation is malicious (malice in law). The burden is on the side of the defendant to show good intention and justifiable motive in order to overcome the legal inference of malice. In order to constitute malice, it will must be personal. So if the ill will is engendered by one‘s sense of justice or other legitimate or plausible motive, such feeling negatives actual malice. [Aquino, Ramon C., The Revised Penal Code, Vol. III, Bk. II, 1997 Ed., citing People v. de los Reyes, Jr., 47 OG 3569] It is established doctrine that the malice that attends the dissemination of the article alleged to be libelous must attend the distribution itself. It cannot be merely a resentment against a person, manifested unconnectedly several months earlier or one displayed at a much later date. How Committed: Under Article 355 of the Revised Penal Code, libel may be committed by means of writing, printing, lithography, engraving, radio, phonograph, painting, theatrical exhibition, cinematographic exhibition, or any similar means. Persons Responsible: Any person who shall publish, exhibit, or cause the publication or exhibition of any defamation in writing or by similar means, shall be responsible for the same. The author or editor of a book or pamphlet, or the editor or business manager of a daily newspaper, magazine or serial publication, shall be responsible for the defamations contained therein to the same extent as if he were the author thereof. Defenses: In every criminal prosecution for libel, the truth may be given in evidence to the court and if it appears that the matter charged as libelous is true, and, moreover, that it was published with good motives and for justifiable ends, the defendants shall be acquitted. Proof of the truth of an imputation of an act or omission not constituting a crime shall not be admitted, unless the imputation shall have been made against Government employees with respect to facts related to the discharge of their official duties. In such cases if the defendant proves the truth of the imputation made by him, he shall be acquitted. It is important to remember that any of the imputations covered by Article 353 is defamatory and, under the general rule laid down in Article 354, every defamatory imputation is presumed to be malicious, even if it be true; if no good intention and justifiable motive for making it is shown. There is malice when the author of the imputation is prompted by personal ill-will or spite and speaks not in response to duty but merely to injure the reputation of the person who claims to have been defamed. Truth then is not a defense, unless it is shown that the matter charged as libelous was made with good motives and for justifiable ends. Online Libel in the Philippines The Supreme Court (SC) of the Philippines upheld the constitutionality of most parts of the Cybercrime Prevention Act of 2012, including the contentious provision that punishes online libel. The execution of the law was suspended in October 2012 by a temporary restraining order issued by the Supreme Court, following criticisms and protests among the media and human rights advocates. However, with this new ruling of the Supreme Court, a person or entity who posts something (in words or pictures) — which can be proven false, and is intended to harm the reputation of another by tending to bring the target into ridicule, hatred, scorn or contempt of others — may be arrested, detained, and imprisoned because of libel.Yes, in the Philippines, libel is still a criminal offense. It is defamation in its very essence, but covers published work on print, television and other traditional media. The same is now true for new media like the internet. This online/internet libel law, however, punishes only the original author of the post. Those who “liked”, “shared,” “re-tweeted” or re-blogged a post will not be criminally liable, unless the person added a comment that may deemed to be libelous by a complainant. Computer Hackers and the Cybercrime Law The ILOVEYOU Virus Where were you when the ILOVEYOU bug started spreading on May 4th, 2000? Was your computer one of the tens of millions of PCs the Love Letter attacked? Sixteen years ago, a young Filipino computer student made history by unleashing the world‘s first global Internet-borne virus. Known as the Love Bug, the virus spread from East to West in a single day, inflicting $5.5 billion in damages, corrupting files, and shutting down computer systems at major corporations, newsrooms, Wall Street firms and government offices across the world. The worm arrived in people‘s email boxes with a provocative subject line, ― “I LOVE YOU: A love letter for you.” When recipients opened the attachment, ― “LOVE LETTER- FOR-YOU.TXT.vbs,” they unwittingly infected their own computer with the self_x0002_replicating worm as well as the computers of everyone in their contact list. The author of the virus is believed to be Onel de Guzman, then 25, a student at AMA Computer University in Makati. What many people did not realize at the time was that de Guzman‘s original intention for creating the worm was altruistic at its roots. In the Philippines, an hour‘s worth of Internet access cost as much as half a day‘s wage: 100 pesos, the equivalent of two dollars. For his graduation thesis in computer science, de Guzman wrote a program that would enable the average Filipino to get free Internet access by stealing passwords from the rich. His school rejected his thesis because of its bandit nature, so he could not graduate. Undeterred, de Guzman, with the help of friends, unleashed his virus the day before the university held its graduation ceremony. The Philippine authorities filed theft and other charges against Mr. de Guzman, but dropped them in August because of insufficient evidence. The case against him was weakened because at the time, the Philippines did not have laws governing computer espionage. Cybercrime Prevention Act of 2012 (Republic Act 10175) The following are the punishable acts according to Chapter II of the Cybercrime Prevention Act of 2012: SEC. 4. Cybercrime Offenses. — The following acts constitute the offense of cybercrime punishable under this Act: (a) Offenses against the confidentiality, integrity and availability of computer data and systems: (1) Illegal Access. – The access to the whole or any part of a computer system without right. (2) Illegal Interception. – The interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data. (3) Data Interference. — The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses. (4) System Interference. — The intentional alteration or reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or electronic data message, without right or authority, including the introduction or transmission of viruses. (5) Misuse of Devices. (i) The use, production, sale, procurement, importation, distribution, or otherwise making available, without right, of: (aa) A device, including a computer program, designed or adapted primarily for the purpose of committing any of the offenses under this Act; or (bb) A computer password, access code, or similar data by which the whole or any part of a computer system is capableof being accessed with intent that it be used for the purpose of committing any of the offenses under this Act. (ii) The possession of an item referred to in paragraphs 5(i)(aa) or (bb) above with intent to use said devices for the purpose of committing any of the offenses under this section. (6) Cyber-squatting. – The acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same, if such a domain name is: (i) Similar, identical, or confusingly similar to an existing trademark registered with the appropriate government agency at the time of the domain name registration: (ii) Identical or in any way similar with the name of a person other than the registrant, in case of a personal name; and (iii) Acquired without right or with intellectual property interests in it. (b) Computer-related Offenses: (1) Computer-related Forgery. — (i) The input, alteration, or deletion of any computer data without right resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible; or (ii) The act of knowingly using computer data which is the product of computer-related forgery as defined herein, for the purpose of perpetuating a fraudulent or dishonest design. (2) Computer-related Fraud. — The unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system, causing damage thereby with fraudulent intent: Provided, That if no damage has yet been caused, the penalty imposable shall be one (1) degree lower. (3) Computer-related Identity Theft. – The intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying information belonging to another, whether natural or juridical, without right: Provided, That if no damage has yet been caused, the penalty imposable shall be one (1) degree lower. (c) Content-related Offenses: (1) Cybersex. — The willful engagement, maintenance, control, or operation, directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of a computer system, for favor or consideration. (2) Child Pornography. — The unlawful or prohibited acts defined and punishable by Republic Act No. 9775 or the Anti-Child Pornography Act of 2009, committed through a computer system: Provided, that the penalty to be imposed shall be (1) one degree higher than that provided for in Republic Act No. 9775. (3) Unsolicited Commercial Communications. — The transmission of commercial electronic communication with the use of computer system which seek to advertise, sell, or offer for sale products and services are prohibited unless: (i) There is prior affirmative consent from the recipient; or (ii) The primary intent of the communication is for service and/or administrative announcements from the sender to its existing users, subscribers or customers; or (iii) The following conditions are present: (aa) The commercial electronic communication contains a simple, valid, and reliable way for the recipient to reject. receipt of further commercial electronic messages (opt-out) from the same source; (bb) The commercial electronic communication does not purposely disguise the source of the electronic message; and (cc) The commercial electronic communication does not purposely include misleading information in any part of the message in order to induce the recipients to read the message. (4) Libel. — The unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code, as amended, committed through a computer system or any other similar means which may be devised in the future. SEC. 5. Other Offenses. — The following acts shall also constitute an offense: (a) Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully abets or aids in the commission of any of the offenses enumerated in this Act shall be held liable. (b) Attempt in the Commission of Cybercrime. — Any person who willfully attempts to commit any of the offenses enumerated in this Act shall be held liable. The following are the punishment for such acts: SEC. 8. Penalties. — Any person found guilty of any of the punishable acts enumerated in Sections 4(a) and 4(b) of this Act shall be punished with imprisonment of prison mayor or a fine of at least Two hundred thousand pesos (PhP200,000.00) up to a maximum amount commensurate to the damage incurred or both. Any person found guilty of the punishable act under Section 4(a)(5) shall be punished with imprisonment of prison mayor or a fine of not more than Five hundred thousand pesos (PhP500,000.00) or both. If punishable acts in Section 4(a) are committed against critical infrastructure, the penalty of reclusion temporal or a fine of at least Five hundred thousand pesos (PhP500,000.00) up to maximum amount commensurate to the damage incurred ornboth, shall be imposed. Any person found guilty of any of the punishable acts enumerated in Section 4(c)(1) of this Act shall be punished with imprisonment of prison mayor or a fine of atleast Two hundred thousand pesos (PhP200,000.00) but not exceeding One million pesos (PhP1,000,000.00) or both. Any person found guilty of any of the punishable acts enumerated in Section 4(c)(2) of this Act shall be punished with the penalties as enumerated in Republic Act No. 9775 or the “Anti-Child Pornography Act of 2009”: Provided, That the penalty to be imposed shall be one (1) degree higher than that provided for in Republic Act No. 9775, if committed through a computer system. Any person found guilty of any of the punishable acts enumerated in Section 4(c)(3) shall be punished with imprisonment of arresto mayor or a fine of at least Fifty thousand pesos (PhP50,000.00) but not exceeding Two hundred fifty thousand pesos (PhP250,000.00) or both. Any person found guilty of any of the punishable acts enumerated in Section 5 shall be punished with imprisonment one (1) degree lower than that of the prescribed penalty for the offense or a fine of at least One hundred thousand pesos (PhP100,000.00) but not exceeding Five hundred thousand pesos (PhP500,000.00) or both. The Data Privacy Act (RA 10173): What is The Data Privacy Act of the Philippines? The Data Privacy Act (DPA), or Republic Act No. 10173 was passed by the Philippines Congress in 2012 and finally implemented five years later in 2016. RA 10173 assures the ―free flow of information to promote innovation and growth‖(Republic Act. No. 10173, Ch. 1, Sec. 2) while protecting the users‘ fundamental rights to privacy The Data Privacy Act (RA 10173): How is it implemented? RA 10173 protects and maintains the right of customers to confidentiality by setting a legal list of rules for companies to regulate the collection, handling, and disposal of all personal information. Companies legally responsible for keeping their customers‘ data protected from third parties or any form of misuse, internally or externally. The Data Privacy Act (RA 10173): What does that mean for data collectors/companies? The Act applies to any process of personal data by anyone in government or private sectors. All personal data must have legitimate reasons for collection as well as should be clear to both parties giving and receiving information. With that being said, all collection must be done with the customer the customers‘ proper consent. All personal information used must also be relevant solely used for its intended and state purposes. Companies must protect customer information from collection to proper disposal, avoiding access from unauthorized parties. The Data Privacy Act (RA 10173): What is “personal information?” “Personal information” refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual‖ (Republic Act. No. 10173, Ch. 1, Sec. 3) The Data Privacy Act (RA 10173): What is “sensitive personal information?” (1) About an individual‘s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (2) About an individual‘s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (3) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or cm-rent health records, licenses or its denials, suspension or revocation, and tax returns; and (4) Specifically established by an executive order or an act of Congress to be kept classified.‖(Republic Act. No. 10173, Ch. 1, Sec. ). The Data Privacy Act (RA 10173): What is “consent?” Consent of the data subject refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of the data subject by an agent specifically authorized by the data subject to do so (RA. No. 10173, Ch. 1, Sec. 1). The Data Privacy Act (RA 10173): What are the rights of the data subject? The data subject or the individual sharing his/her personal information has to be fully informed of several factors of the data collecting process. This list includes, but isn‘t limited to: (1) the reason for use (2) methods for access (3) the identity and contact details of the personal information controller (4) how long the information will be stored for (5) access to their rights. The Data Privacy Act (RA 10173): What steps do I need to take in compliance with the Data Privacy Act? Companies essentially have to ensure that their data collection methods are flawless as well as consistently share the entire process with data subjects, including a breach of security. To do this, companies should 1.Appointing a Data Protection Officer 2.Conducting a privacy impact assessment 3.Creating a privacy knowledge management program 4.Implementing a privacy and data protection policy 5.Exercising a breach reporting procedure The Data Privacy Act (RA 10173): What happens if I do not comply? Improper/unauthorized processing, handling or disposal of personal information can be penalized by imprisonment up to six years and a fine of not less than Five hundred thousand pesos (PHP 500,000). Sprout Solutions puts data privacy with the utmost priority and takes advanced measures to maintain confidentiality in information handling Freedom of Expression LIVING IN THE IT ERA - WEEK 10 Learning Objectives: 1. To apply the legal basis for the protection of freedom of speech; 2. To determine the types of speech that are not protected by law; 3. To identify the ways how internet present challenges in the area of freedom of expression; and 4. To relate the key free-speech issues to the use of information technology. China Stifles Online Dissent In 1995, the government of the People's Republic of China established the country's first Internet service provider (ISP). The decision reflected two conflicting needs. China's drive toward economic globalization requires the adoption of Western technologies that allow Chinese companies to market themselves to the West. The Communist Party's hold over the country rests on suppressing freedom of the press and freedom of expression. The party thus decided introduce government-controlled Internet, often referred to as the "Great Firewall of China." The firewall blocks citizens from accessing Western news Web sites such as CNN, the York Times, and Reuters. Freedom of Expression The Internet enables worldwide exchange of news, ideas, opinions, rumors, and information. Its broad accessibility, open- minded discussions, and anonymity make the Internet ideal communication medium. It provides an easy and inexpensive way for a speaker to send message indiscriminately to large audience, potentially thousands of people worldwide. In addition, given the right e-mail addresses, a speaker can aim a message laser accuracy at a select subset of powerful and influential people. 1987 Constitution of the Republic of the Philippines-Article III: BILL OF RIGHTS Section 3. (1) The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law. (2) Any evidence obtained in violation of this or the preceding section shall be inadmissible for any purpose in any proceeding. Section 4. No law shall be passed abridging the freedom of speech, of expression, or of the press, or the right of the people peaceably to assemble and petition the government for redress of grievances. Section 5. No law shall be made respecting an establishment of religion, or prohibiting the free exercise thereof. The free exercise and enjoyment of religious profession and worship, without discrimination or preference, shall forever be allowed. No religious test shall be required for the exercise of civil or political rights. Numerous court decisions have broadened the definition of speech to include non- verbal, visual, and symbolic forms-of expression, such as burning the flag, dance movements, and hand gestures. However, the following types of speech are not protected by the bill and may be forbidden by the government: obscene speech, defamation, incitement of panic, incitement to crime, "fighting words”, and sedition (incitement of discontent or rebellion against a government). Two of these types of speech, obscene speech and defamation, are particularly relevant to information technology. Obscene Speech The term "obscene" refers to material, content, or speech that is considered highly offensive, particularly in a sexual or prurient context. Obscenity typically involves explicit or graphic depictions of sexual conduct or explicit sexual content that goes beyond what is generally considered acceptable within a particular community or society. Miller vs. California is the Supreme Court case that established a test to determine if material is obscene and therefore not protected by the First Amendment. In its 1973 ruling in Miller vs. California, the Supreme Court determined that speech can be considered obscene and not protected based on the following three questions: 1. Would the average person, applying contemporary community standards, find that the work, taken as a whole, appeals to the prurient interest? 2. Does the work depict or describe, in a patently offensive way, sexual conduct specifically defined by the applicable law? 3. Does the work, taken as a whole, lack serious literary, artistic, political, or scientific value? These three tests have become standard for determining if something is obscene. Defamation The right to freedom of expression is restricted when the expressions, whether spoken or written, are untrue and cause harm to another person. The publication of statement of alleged fact that is false that harms another person is defamation. An oral defamatory statement is slander, and a written defamatory statement is libel. Freedom of Expression: Key Issues Information technology has provided amazing new ways to communicate with people around the world. With these new methods come responsibilities and new ethical problems. This section discusses number of key issues related to freedom of expression, including controlling access to Information on the Internet, anonymity, defamation, hate speech, and pornography. Internet Filtering An internet filter is software that can be Installed with Web browser to block access to certain Web sites that contain inappropriate or offensive material. The best Internet filters used a combination of URL filtering, keyword filtering, and dynamic content filtering. With URL filtering a particular URL or domain name is identified as an objectionable site and the user is not allowed access it. Keyword filtering uses keywords or phrases such as sex, Satan, and gambling to trigger the blocking of websites. With dynamic content filtering each web site's content is evaluated immediately before it is displayed, using such techniques as object analysis and image recognition. Network administrators may choose to install filters on employees’ computers to prevent them from viewing sites that contain pornography or other objectionable material. Employees who are unwillingly exposed to such material would have strong case for sexual harassment. The use of filters can also ensure that employees do not was their time viewing non- business web sites. Another filtering system is available through the Internet Content Rating Association (ICRA), a nonprofit organization whose members include Internet industryleaders such as AOL Europe, BellSouth, British Telecom, IBM, Microsoft, and Verizon. Another approach to restricting access to Web sites is to subscribe to an internet service provider (ISP) that performs the blocking itself. Anonymity The principle of anonymous expression allows people to state their opinions without revealing their identity. The freedom to express an opinion without fear of reprisal is an important right of a democratic society. Anonymity is even more important in countries that don't allow free speech. However, in the wrong hands, anonymous communication can be used as a tool to commit illegal or unethical activities. Maintaining anonymity on the Internet is important to some computer users. They might be seeking help in an online support group, reporting defects about manufacturer's goods or services, participating in frank discussions of sensitive topics, expressing a minority or antigovernment opinion in hostile political environment, or participating in chat rooms. Other Internet users would like to ban Web anonymity because they think that its use increases the risks of defamation, fraud, libel, and exploitation of children. Anonymous Remailers Maintaining anonymity is a legitimate need for some Internet activities; however,the address in an e-mail messenger news group posting clearly identifies its author. Internet users who want to remain anonymous can send e- mail to an anonymous remailer service, where a computer program strips the originating address from the message. Anonymous Remailers The use of a remailer keeps communications anonymous; what is communicated, and whether it is ethical or legal, is up to the sender. The use of remailers to enable people to commit unethical or even illegal acts in some states or countries has spurred controversy. Remailers are frequently used to send pornography, to illegally post copyrighted materials, and to send unsolicited advertising to broad audiences (spamming). A corporate IT organization may want to employ filters or set the corporate firewall to prohibit employees from accessing remailers, or to send warning message each time an employee communicates with remailer. John Doe Lawsuits In a John Doe lawsuit, the identity of the defendant is temporarily unknown. Such suits are common in Internet libel cases, where the defendant communicates using a pseudonym or anonymously. Corporations often file these lawsuits because they are upset by anonymous e-mail messages that criticize the company or reveal company secrets. Anonymity on the Internet is not guaranteed. By filing a lawsuit, companies gain immediate subpoena power, and many message board hosts released information right away, often without notifying the poster. Everyone who post comments in a public place on the Internet must consider the consequences if their identities are exposed. Furthermore, everyone who reads anonymous postings the Internet should think twice about believing what they read. Defamation and Hate Speech Speech that is merely annoying, critical, demeaning, or offensive enjoys protection under the law. Legal recourse is possible only when hate speech turns into clear threats and intimidation against specific hate citizens. Persistent or malicious harassment aimed at a specific person can be prosecuted under the law, but general, broad statements expressing hatred of an ethnic, racial, or religious group cannot. A threatening private message sent over the Internet to a person, a public message displayed on Web site describing intent to commit acts of hate-motivated violence, and libel directed at a particular person are all actions that can be prosecuted. Pornography Many adults and free-speech advocates believe that nothing is illegal or wrong about purchasing adult pornographic material made for and by consenting adults. They argue that the law protects such material. On the other hand, most parents, educators, and other child advocates are upset by the thought of children are deeply concerned about viewing pornography. They are deeply concerned about its impact on children and fear that increasingly easy access to pornography encourages pedophiles and sexual molesters. Spim, instant messaging spam, is also becoming a problem; more than 30 percent of IM users receive unsolicited instant messages. Intellectual Property LIVING IN THE IT ERA - WEEK 11 Learning Objectives: 1. Identify the coverage of intellectual property; 2. Examine strengths and limitations using copyrights, patents, and trade secret to protect property rights; and 3. Explain the essential between competitive intelligence and industrial espionage and how intelligence gathered. Intellectual Property Intellectual property is a term used to describe works of the mind, such as art, books, films, formulas, inventions, music, and processes, that are distinct and"owned" or created by a single person or group. Copyright law protects authored works such as art, books, fil, and music. Patent laws protect invention's success. Together, copyright, patent, and trade secret legislation form a complex body of law that addresses the ownership of intellectual property. Such laws can also present potential ethical problems for IT companies and users -for example, some innovators believed that copyrights, patent, and trade secrets stifle creativity by making it harder to build on the ideas of others. Copyrights Copyright and patent protection which specifies that government shall have the power "to promote the Progress Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Rights to their respective Writings and Discoveries.” A copyright grants the creators of "original l works of authorship in any tangible medium of expression, now known or later developed, from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of machine or device, the exclusive right to. distribute, display, perform, or reproduce the work, in copies, or to prepare derivative works. Term of Protection 1. The copyright in works shall be protected during the life of the author and for fifty (50 years after his death. This rule also applies to posthumous works. 2. In case of works of joint authorship, the economic rights shall be protected during the life of the last surviving author and for fifty (50) years after his death. 3. In case of anonymous or pseudonymous works, the copyright shall be protected for fifty (50) years from the date on which the work was first lawfully published: Provided, That where, before the expiration of the said period, the author's identity is revealed or is no longer in doubt, the provisions of above guidelines shall apply, as the case may be: Provided, further, That such works if not published before shall be protected for fifty (50) years counted from the making of the work. 4. In case of works of applied art the protection shall be for a period of twenty-five (25) years from the date of making. 5. In case of photographic works, the protection shall be for fifty (50) years from publication of the work and, if unpublished, fifty (50) years from the making. 6. In case of audio-visual works including those produced by process analogous to photography or any process for making audio-visual recordings, the term shall be fifty (50) years from date of publication and, if unpublished, from the date of making. Protection for Performers, Producers and Broadcasting Organizations (1.) The rights granted to performers and producers of sound recordings under this law shall expire: (a) For performances not incorporated in recordings, fifty (50) years from the end of the year in which the performance took place; and (b) For sound or image and sound recordings and for performances incorporated therein, fifty (50) years from the end of the year in which the recording took place. (2.) In case of broadcasts, the term shall be twenty (20) years from the date the broadcast took place. The extended term shall be applied only to old works with subsisting protection under the prior law. Software Copyright Protection Software copyright protection is a legal mechanism that provides creators of original software with exclusive rights to their work. The use of copyrights to protect computer software raises complicated issues of interpretation. Patents A patent is a grant of a property right to inventors. A patent permits its owner to exclude the public from making, using, or selling a protected invention, and it allows legal action against violators. Not only does a patent prevent copying, it prevents independent creation, unlike a copyright. Even if someone else invents the same item Independently and with no prior knowledge of the patent holder's invention, the second inventor is excluded from using the patented device without permission of the original patent holder. Prior art is the existing body of knowledge that is available to a person of ordinary skill in the art. An invention must pass the following four tests to be eligible for a patent: It must fall into one of five statutory classes of items that can be patented: processes, machines, manufactures (such as objects need by humans or machines), compositions of matter (such as chemical compounds), and new uses in any of the previous four classes. It must be useful. It must be novel. It must not be obvious to a person having ordinary skill in the same field. Patent Infringement It occurs when someone makes unauthorized use of another's patent. Unlike copyright infringement, there is no specified limit to the monetary penalty if patent infringement is found. In fact, if a court determines that the infringement is intentional, it can award up to three times the amount of the damages claimed by the patent holder. The most common defense against patent infringement is a counterattack on the claims of infringement and the validity of the patent itself. Even if the patent valid, the plaintiff must is still prove every element of at least one claim and that the infringement caused some sort of damage. Software Patents A software-patent "claims as all or substantially all of invention some function, or embodied instructions are executed on a computer. Applications software, business software, expert systems, and system software have been patented, as well as software processes such as compilation routines, editing and control functions, and operating system techniques. Even electronic font and icons have been patented. Submarine Patents and Patent Farming A standard is a definition or format that has been approved by a recognized standards organization or is accepted as a de facto standard by the industry. Standards exist for programming languages, operating systems, data formats, communications protocols, and electrical interfaces. Standards are extremely useful because they enable hardware and software from different manufacturers to work together. Submarine Patent - A patent that is hidden within a standard and does not surface until the standard is broadly adopted. Patent Farming - A devious patent holder might influence a standards organization to make use of its patented item without revealing the existence of the patent. Then, later, the patent holder might demand royalties from all parties that use the standard. Trade Secret Laws A trade secret was defined as business information that represents something of economic value, has secret required effort or cost to develop, has some degree of uniqueness or novelty, is generally unknown to the public, and is kept confidential. A trade secret is an "information, including a formula, pattern, compilation, program, device, method technique, or process, that: Derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by, persons who can obtain economic value from its disclosure or use. Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. Information is considered trade secret only if companies take steps to protect it. Trade secret protection begins by identifying all the information that must be protected-from undisclosed patent applications to market research and business plans and developing comprehensive strategy for keeping the information secure. Trade secret information should be labeled clearly as confidential and should only be accessible by a limited number of people. Most organizations have strict policies regarding nondisclosure of corporate information. Because organizations can risk losing trade secrets when key employees leave, they often try to prohibit employees from revealing secrets by adding nondisclosure clauses to employment contracts. Another option for preserving trade secrets is to have an experience member of the Human Resources Department conduct an exit interview with each departing employee. A key step in the interview is to review a checklist that deals with confidentiality issues. At the end of the interview, the departing employee is asked to sign an acknowledgment of responsibility not to divulge any trade secrets. Employees can also use noncompete agreements to protect intellectual property from being used by competitors when key employees leave. Such agreements require employees not to work for any competitors for a period of time, perhaps one to two years. KEY INTELLECTUAL PROPERTY ISSUES Plagiarism Reverse Engineering Open Source Code Competitive Intelligence Cybersquatting Plagiarism Plagiarism is the theft and passing off of someone's ideas or words as one's own. The explosion of electronic content and the growth of the Internet have made it easy to cut and paste paragraphs into term papers and documents without proper citation or quotation marks. Plagiarism is also common outside academia. Popular literary authors, playwrights, musicians, journalists, and even software developers have been accused of it Reverse Engineering Reverse engineering is the process of taking something apart in order understand it, build copy of it, or improve it. Reverse engineering was originally applied to computer hardware, but is now commonly applied to software as well. Reverse engineering of software involves analyzing it to create a new representation of the system in a different form or at a higher level of abstraction. Other reverse engineering issues involve tools called compilers and decompilers. A compiler Is a language translator that converts computer program statements expressed in a source language (such as COBOL, Pascal, or C) into machine language (a series of binary codes of Os and 1s) that the computer can execute. Decompilers and other reverse engineering techniques can be used to analyze a competitor's program by examining its coding and operation to develop a new program that either duplicates the original or that will interface with the program. Thus, reverse engineering provides a way to gain access to information that another organization may have copyrighted or classified as a trade secret. Software license agreements increasingly forbid reverse engineering. Reverse engineering can also be a useful tool in detecting software bugs and security holes. Open Source Code Open source code refers to any program whose source code is made available for use or modification as users or other developers see fit. The basic premise behind open source code is that when programmers can read, redistribute, and modify code, the software improves, can be adapted to meet new needs, and bugs can be the rapidly identified and fixed. Open source code advocates believe that this process produces better softwares than the traditional closed model. A considerable amount of open source code is available, including the Linux operating system; the MySQL AB, Ingres etc. Competitive Intelligence Competitive intelligence is the gathering of legally obtainable information to help acompany gain an advantage over its rivals. For example, some companies have employees who monitor the public announcements of property transfers to detect any plant or store expansions of a competitor. An effective competitive intelligence operation requires continual gathering, analysis, and evaluation of data with controlled dissemination of the useful information to decision makers. Competitive intelligence is often integrated into a company's strategic plans and decision making. Competitive intelligence is not industrial espionage, which employs illegal means to obtain business information that is not available to the general public. Industrial espionage is a serious crime that carries heavy penalties. Cybersquatting A trademark is anything that enables a consumer to differentiate one company's products from another's. A trademark may be a logo, package design, phrase, sound, or word. Consumers often cannot examine goods or services to determine their quality or source, so instead they rely on the labels attached to the products. Trademark law gives the trademark's owner the right to prevent others from using the same mark or a confusingly similar mark. Trademark protection lasts as long as a mark is in use. Companies that want to establish an Internet presence know that the best way to capitalize on the strength of their brand names is to make the names part of the domain names for their Web sites. Cybersquatters registered domain names for famous trademarks company names to which they had no connection, with the hope that the trademark‟s owner would buy the domain name for a large sum of money.