Interpellation notes on the anti-cybercrime bill

By Raymond Palatino

House Bill 5808 (Committee Report 1818) or the Cybercrime Prevention Act of 2012 was tackled by the Lower House last Wednesday, May 9. This representation and Rep. Tonchi Tinio interpellated the sponsor of the measure, Rep. Sigfrido Tinga, who is also the chairman of the Committee on Information Communications Technology. Below is the outline of my interpellation.

1. During the 14th Congress, I was the only House Member who voted ‘No’ to the Anti-Cybercrime bill. I argued that the definition of cybercrime in the bill is “vague and its scope overly-broad that it may criminalize ordinary electronic activities of internet users.”

I warned that it may violate the people’s right to privacy since Section 9 of the bill empowers the government to access the private accounts and monitor activities of persons suspected of committing cybercrimes.

I pointed out that the anti-cyber sex provision (Section 4) of the bill prohibiting the recording, distribution and exhibition of recorded private acts and ‘other obscene and indecent acts’ might be used to stifle freedom of expression, speech and the press. If cybersex is the target, then why include non-sexual private acts? Besides, who will decide if a behavior is indecent or obscene?

The sponsor assured me that my concerns have been addressed already during the committee deliberations. He added that the bill is not a Filipino version of the controversial SOPA and PIPA bills in the United States because it’s not about protecting intellectual property.

There are 10 anti-cybercrime bills filed in the 15th Congress and the version submitted by Rep. Owen Singson was used as the working draft. The consolidated bill is listed as a priority measure of Malacanang.

2. I recognize some of the amendments made by the Technical Working Group. The new provision on cybersex now states:

“… includes any form of interactive prostitution and other forms of obscenity through the cyberspace as the primary channel with the use of webcams, by inviting people either here or in other countries to watch men, women and children perform sexual acts.”

Perhaps to highlight the intent of targeting cybersex, the bill made reference to several related laws such as RA 9775 or the Anti-Child Pornography Act of 2009, and RA 9995 or the Anti-Photo and Video Voyeurism Act of 2009.

I also acknowledged that the proposed amendments of Rep.Tinio were incorporated in Sections 10 and 12 of the consolidated bill.

Section 10. Real-time Collection of Computer Data. – Law enforcement authorities, with due cause, and upon securing a court warrant, shall be authorized to collect or record computer data by technical or electronic means.

Section 12. Disclosure of Computer Data.– Law enforcement authorities, upon securing a court warrant, shall issue an order requiring any person or service provider to disclose or submit subscriber’s information

The sponsor confirmed that in the new version of the bill, a court order will be required before authorities can collect and disclose computer data.

The sponsor informed the body that the Senate has adopted the amendments discussed in the TWG. The Senate has in fact already approved the cybercrime bill on third reading a few months ago.

3. There are three cybercrime general offenses identified in the bill: a) Offenses against confidentiality, integrity and availability of computer data and systems; b) Computer-related offenses; and c) Content-related offenses.

I asked about the extent of cybercrimes in the Philippines. What is the impact in terms of economic losses? How can cybercrimes undermine national security? Why should ordinary internet users worry about them? What will be the consequences if we fail to pass an anti-cybercrime law? Will it hinder internet development in the country?

The sponsor mentioned a figure of $114 billion but according to him it’s a conservative estimate and it’s not limited to the Philippines. Instead of estimates, I think the committee in consultation with other government agencies should come up with a more detailed report on the cost of cybercrimes to the local economy.

The sponsor identified computer-related offense, which includes credit card fraud and identity theft among others, as the principal cybercrime threat in the country. But how can the cybercrime law resolve these threats?

4. It’s not accurate to describe the proposed cybercrime law as the first attempt to regulate online criminal behavior. The landmark E-Commerce Law of 2000 actually penalizes hacking or cracking.

Section 33, subsection a. Hacking or cracking which refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document shall be punished

The sponsor discussed the limitations of the law and the necessity of providing authorities with better and broader legal tool to run after cybercriminals. Because the law can’t be used against the new variants of cybercrimes, the sponsor reiterated the need for a comprehensive anti-cybercrime legislation. He rejected my proposal to simply amend the E-Commerce Law.

In some countries, human rights groups are opposed to cybercrime legislation because it’s being used by repressive regimes to clamp down on legitimate dissent. By expanding the E-Commerce Law, we will send a message that we are more interested in preventing cybercrimes that harm businesses and everyday transactions rather than giving broad powers to the state which can be used by abusive authorities against innocent civilians, critics, and imagined cybercriminals.

5. I opposed the inclusion of cyberthreats and cyberdefamation in the consolidated bill. They are not part of the original measure. We will legislate online libel which is a step backward in our long-term aim of decriminalizing libel.

Cyberthreats. – Threatening the life, security or property of another person, whether natural or juridical, or otherwise committing threats and coercions as defined in the Revised Penal Code and other laws, with the aid of or through the use of a computer system, whether using one’s real name or an assumed name; and

Cyberdefamation. – The maligning or besmirching the name or reputation, or intriguing against the honor of another person whether natural or juridical, or otherwise committing libel or slander as defined under the Revised Penal Code and other laws with the aid of or through the use of a computer system, whether using one’s real name or an assumed name.

Were the cyberthreat is coupled with a cyberdefamation as defined in Sections 4(C)(3) and 4(C)(4), the penalty to be imposed on the guilty person shall be prision mayor or a fine of at least Five Hundred Thousand Pesos (P500,000.00) but not exceeding One Million Pesos (P1,000,000.00) or both.

How big and extensive is the crime of cyberdefamation in the Philippines to warrant its inclusion in the bill?

One of the benefits of the internet is that it provides anonymity to individuals, whistleblowers, truth crusaders, democracy activists, and human rights workers who wish to protect their identities. But the Philippine anti-cybercrime law will empower authorities to compel webmasters and web companies to reveal the names of their anonymous users accused of cyberthreat and cyberdefamation. A court order needs to be presented first, according to the sponsor, but it’s not clearly stated in the bill.

The anti-cybercrime law is supposed to be the legal instrument of the NBI, DOJ, and other agencies in running after hackers, malicious spam and virus senders, cybersex operators, and hi-tech gangs that engage in phishing, credit card fraud, among others. But the inclusion of cyberthreat and cyberdefamation in the list of dangerous cybercrimes would fundamentally affect and alter the implementation of the law. Woe to the NBI agent and DOJ prosecutor who will be swamped with cybercrime cases filed by showbiz actors, politicians, business tycoons, and other untouchables who want to punish their online critics. Instead of dealing with cyberwarfare, our agents will be investigating online libel.

This will restrict freedom of speech in the country. The bill if passed into law can be used to suppress truth. A politician can easily file charges against ‘hostile and combative’ critics and witnesses by claiming that virtual protesters have threatened his life and property. Censorship will lead to repression once an activist or reform advocate has been labeled a cybercriminal.

I acknowledge that hate speeches proliferate in the web. There are irresponsible internet users. But the solution is not to lump them with notorious cybercriminals. We should focus instead on giving social media education and aggressive promotion of responsible and lawful online behavior. We should target the young.

The sponsor surprisingly described the bill as a watered-down version; a compromise bill that balances privacy protection, human rights, rule of law, and the right of the state to perform its duty of protecting the citizens.

6. On realtime collection of data. I asked about privacy protection. Despite the court order requirement, I still fear that the privacy of individuals will be violated. Will authorities specify the particular file folder to be collected or will they simply download all computer data? I discussed some of the safety measures adopted in other countries. For example, a search warrant issued by the courts should be limited to only one user. The suspect must be informed what data have been collected by authorities so he can appropriately respond about the case. He must have the right to demand the permanent deletion of data collected by authorities if the case is dismissed. In short, data storage should not be permanent and the user must have awareness and control of the data gathered by private and state agencies.

7. Other offenses. Section 5 Aiding or abetting, or attempting to commit cybercrime.

(a) Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully abets,aids or financially benefits in the commission of any of the offenses enumerated in this Act shall be held liable; or

(b) Attempt to Commit Cybercrime. – Any person who willfully attempts to commit any of offenses enumerated in this Act shall be held liable.

Again, this is too general. Any person surfing the web, innocently sharing some virus-infected files, can be accused of aiding or attempting to commit cybercrime. This should be reformulated.

8. There are non-negotiables in drafting internet policies. Legislation should maintain the openness or the free, public character of the internet. There must be transparency and law enforcers must be accountable for their actions. National regulation is futile since cybercrimes operate globally and virtually. The main concern should be the protection of internet users. Discussion of cybercrimes must also include the draconian measures usually adopted by the state in the name of protecting public interest like the use of filtering technology, surveillance technology, illegal collection of data, and internet shutdown. These are cybercrimes. These must be declared as anathema in a democracy. Cybercrimes, whether committed by state or non-state actors, are threats that need to be seriously addressed.

What amendments would you suggest to the committee?

The author is a member of the Congress representing Kabataan Party-list