The Department of Justice published a short, “easy to read and simple to understand” three-page primer on cybercrime on November 26, 2012 (DOJ releases Primer on Cybercrime). Being short, it is also appallingly devoid of intelligent discussion about how the infamous Cybercrime Prevention Act of 2012 (RA 10175) is perceived as a full-on attack on one of the foundations of democratic freedom, that of freedom of expression. Here’s the text of the Primer in full:
PRIMER ON CYBERCRIME
This primer, outlined in a question and answer format, aims to make the Filipino public aware of the nature, history and extent of cybercrime occurrence in the country. It also makes the people informed of the latest development in anti-cybercrime efforts and activities by the Philippine Government.
- What is a cybercrime? A cybercrime is a crime committed with or through the use of information and communication technologies such as radio, television, cellular phone, computer and network, and other communication device or application.
- How is a cybercrime different from a real-world crime? The main difference between a cybercrime and crime committed in the physical world is that cybercrime is committed with or through the use of information and communication technology. Furthermore, cybercrimes are punishable under special cybercrime laws and subject to distinct law enforcement provisions.
- What are the types of cybercrime?There are various types and kinds of cybercrimes. The 2001 Budapest Convention on Cybercrime categorizes cybercrime offenses into four: (1) offences against the confidentiality, integrity and availability of computer data and systems; (2) computer-related offences; (3) content-related offences; and (4) offences related to infringements of copyright and related rights.
- What is the global trend of cybercrime? Cybercrime is one of the fastest growing crimes globally. According to Norton Cyber Crime Report, 431 million adults worldwide were victims of cybercrimes in 2011. The costs that cybercrimes caused in 2011 amounted to $114 billion. Globally, the top cybercrimes in 2011 were (1) computer viruses or malware – 54% overall; (2) online Scams – 11% overall; and (3) phishing – 10% overall.
- What is the trend of cybercrime in the Philippines?In a 2010 report of the security software firm Symantec, 87% of Filipino internet users were identified as victims of crimes and malicious activities committed online. The following activities were: (1) malware (virus and Trojan) invasion; (2) online or phishing scams; (3) sexual predation; and (4) services in social networking site like Facebook and Twitter.The Anti-Transnational Crime Division (ATCD) of the Criminal Investigation and Detection Group (CIDG) of the Philippine National Police (PNP) has encountered 2,778 referred cases of computer crimes from government agencies and private individuals nationwide from 2003 to 2012.
- What are the cybercrime-related laws in the Philippines? The cybercrime-related laws in the country are (1) RA 10175 – Cybercrime Prevention Act of 2012, which is currently suspended due to a TRO issued by the Supreme Court; (2) RA 9995 – Anti-Photo and Voyeurism Act of 2009; (3) RA 9725 – Anti-Child Pornography Act of 2009; (4) RA 9208 – Anti-Trafficking in Persons Act of 2003; (5) RA 8792 – E-Commerce Act of 2000; (6) RA 8484 – Access Device Regulation Act of 1998; and (7) RA 4200 or Anti- Wiretapping Law.
- What and when was the first recorded cybercrime in the Philippines?In 2000, Onel de Guzman released the “I Love You” virus. The case filed against De Guzman was dismissed at the first stage because there was no law punishing the deed as of that time in May 2000, in the Philippines.
- When was a law penalizing computer crimes or cybercrimes passed? On 14 June 2000, RA 8792 or the Electronic Commerce Act was signed into law. RA 8792 positioned the Philippines as the third country to enact an e-commerce law, next to Singapore and Malaysia. The E-Commerce Act placed the Philippines on the list countries which penalize cybercrime.
- In the Philippines, have we already convicted a cybercriminal? Yes. The first one was pursued by the PNP-CIDG; a person was convicted in September 2005 for pleading guilty of hacking the government portal “gov.ph” and other government websites. The NBI pursued a cybercrime case that led to the second cybercrime conviction; the person used the BPO call center provider Sitel Philippines Corporation to illegally secure credit card information from the company’s sister firm, Sitel USA. The two convictions were secured under the Section 33(a) of RA 8972 that penalizes hacking.
- What is the latest development in anti-cybercrime effort of the Philippine government? President Benigno Aquino signed into law RA 10175 or the Cybercrime Prevention Act of 2012 on September 12, 2012, which adopted the provisions of the first International Convention on Cybercrime. But the implementation of the new law which started on October 3, 2o12 [sic] was put on hold after 6 days, when the Supreme Court issued a temporary restraining order against the law last October 9, 2012, after 15 petitions were filed against it.As of the moment, cybercrime-related cases are dealt with using existing laws.
The primer is useless as a guide to discussion of the need for laws to regulate speech on the Internet, never mind the reasons why “cybercrime” occupies the mind of netizens and policymakers, and how the Constitutionality of RA 10175 has been challenged before the Supreme Court. This primer doesn’t “make the people informed,” lacking as it does clarity of thought about why laws need to be enacted governing electronic communication in the first place. It displays a degree of sophistication suitable to be found in a high school term paper outline, but not barely enough to bring home real issues surrounding this phenomenon called “cybercrime.”
Simply put, laws cannot be absent from the space of civilized exchanges between persons, to secure what we need for our well being, and in exercise of our rights and obligations as citizens. It makes perfect sense that the State should take interest in regulating communication activities on the Net, even to police certain types of activity – particularly criminal activities – that infringe upon citizens’ ability to make full use of the Net for fit purposes.
Piecing these paragraphs together, we are given the impression that our government, acting on our behalf, is concerned with averting harm to citizens arising from others’ criminal behavior facilitated by use of electronic communication tools. This would be a very, very generous interpretation of the primer’s badly-written text, as it omits some very important bits of information:
- Discussion of “cybercrime” is incomplete without discussion of specific crimes enumerated in the Cybercrime Prevention Act, the penalties that arise from violation of the provisions of RA 10175.
- Because libel is included among cybercrime offenses, the impact of the law on civil liberties – particularly on the operation of news media, and of social networks – should be explicitly described. A “primer” should, at the very least, summarize Department of Justice opinions on the matter published elsewhere. An item on the “I Love You” virus, extracted from year 2001 news is hardly germane here.
- Statistics on threat incidence (those bits about Symantec 2010 stats, and mentioning 2,778 “referred cases”) have to be interpreted. What proportion of those 2,778 cases represent incidents of computer-mediated crime resulting in real financial cost? Do those cases include ones where the State was able to prevent real losses from being incurred? What is the PNP-CIDG case “success rate”? What problems do law enforcement agencies have in combating “cybercrime”, and is there a sufficient legal framework to pursue convictions?
Bureaucrats and leaders in this government are not naïve to the politics of information technology – our politicians, specifically, are all products of our patronage and personality-cult politics. They understand that transparency and information are not necessarily virtues and goods that serve their aspirations well. That these items of information were obviously omitted is not because a high school child of some DoJ staffer was asked to write the primer: The information omitted is politically significant, and it’s exclusion simplifies the work of keeping this bastard Cybercrime Prevention Act of 2012 away from the media spotlight. This primer isn’t published in the interest of informing the public; it is about doing the minimum possible thing, a pro forma nod to “being transparent”, that is wholly lacking in seriousness.
Our State is choosing to say the least possible thing about the issues that gave rise to the Supreme Court restraining order, and as a citizen I find this disturbing, never mind that Secretary de Lima permitted this misleading text to be published under her watch.