As if a response to the prevalent hacking of government and popular websites in the past few days, House Bill 6794, also known as the Cybercrime Prevention Act of 2009 was passed in congress yesterday. I read through the entire bill and it looks like this will have an impact on internet marketing practices in the Philippines, especially with e-mails. While a bit vague, the bill also might affect online gaming publishers and their respective communities. Let me go through some of the major highlights of the bill and how it can affect our lives.
CHAPTER II – PUNISHABLE ACTS
SEC. 4. Cybercrime Offenses: The following acts constitute the offenses of cybercrime punishable under this Act:
A. Offenses against the confidentiality, integrity and availability of computer data and systems:
1. Illegal Access. – the intentional access to the whole or any part of a computer system without right.
2. Illegal Interception. – the intentional interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data: Provided, That it shall not be unlawful for an officer, employee, or agent of a service provider, whose facilities are used in the transmission of communications, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity that is necessary to the rendition of his service or to the protection of the rights or property of the service provider, except that the latter shall not utilize service observing or random monitoring except for mechanical or service control quality checks:
3. Data Interference – the intentional or reckless alteration of computer data without right;
4. System Interference – the intentional or reckless hindering without right of the functioning of a computer system by inputting, transmitting, deleting or altering computer data or program;
5. Misuse of Devices –
(a) The use, production, sale, procurement, importation, distribution, or otherwise making available, without right, of:
(i) a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offenses under this Act; or
(ii) a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed with the intent that it be used for the purpose of committing any of the offenses under this Act;
(b) The possession of an item referred to in paragraphs A,5(a) (i) or (ii) herein with the intent to use said devices for the purpose of committing any of the offenses under this Section: Provided, That no criminal liability shall attach when the use, production, sale, procurement, importation, distribution, or otherwise making available, or possession of computer devices/data referred to is for the authorized testing of a computer system.
B. Computer-related Offenses:
1. Computer Forgery –
(a) The intentional input, alteration, or deletion of any computer data, without right resulting in unauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible; or
(b) The act of knowingly using a computer data which is the product of computer-related forgery as defined herein, for the purpose of perpetuating a fraudulent or dishonest design.
2. Computer-related Fraud – the intentional and unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system, including but not limited to phishing, causing damage thereby, with the intent of procuring an economic benefit for oneself or for another person or for the perpetuation of a fraudulent or dishonest activity: Provided, That if no damage has yet been caused, the penalty imposable shall be one degree lower.
This particular section will basically criminalize hacking. It’s very vague though since it just says “computer data or program”. It’s pretty obvious that this will safeguard the rights of website owners from hackers but does this also extend to social networks, e-mails, and other online programs where your account can be hi-jacked by other malicious users? Other than that, does this affect the online gaming accounts of the youth where hacking is very much happening almost daily?
If all the above are included in the scope of the bill then the body that will handle cybercrime complaints should prepare themselves for a deluge of cases as soon as this is public. The lack of detail in the bill makes me think if the people who wrote this bill actually had social media experts and internet mavens as consultants? Because that would have definitely helped them out a lot.
Anyway, the bill also talks about how content can be considered an offense. See below.
C. Content-related Offenses:
1. Cybersex – engaging in any of the following acts:
(a) Establishing, maintaining or controlling, directly or indirectly, any operation for sexual activity or arousal with the aid of or through the use of a computer system, for a favor or consideration;
(b) Recording private acts, including but not limited to sexual acts, without the consent of all parties to the said acts or disseminating any such recording by any electronic means with or without the consent of all parties to the said acts;
(c) Coercing, intimidating, or fraudulently inducing another into doing such indecent acts for exhibition in the internet with the use of computer technologies;
(d) Exhibiting live or recorded shows depicting sexual or other obscene or indecent acts;
(e) Posting of pictures depicting sexual or other obscene or indecent acts;
(f) Establishing, financing, managing, producing, or promoting a cybersex operation;
(g) Participating, in whatever form, in the cybersex operation;
(h) Coercing, threatening, intimidating, or inducing anyone to participate in the cybersex operation;
2. Child Pornography – engaging in any of the following acts:
(a) Producing child pornography for the purpose of distribution through a computer system;
(b) Offering or making available child pornography through a computer system;
(c) Distribution or transmitting child pornography through a computer system;
(d) Procuring child pornography through a computer system for oneself or for another person; or
(e) Possessing child pornography materials in the computer system or on a computer data storage device or medium.
For the purposes of this Section, the term “child pornography” shall include pornographic material that visually depicts: (a) a minor engaged in sexually explicit conduct; (b) a person appearing to be a minor engaged in sexually explicit conduct, or (c) realistic images representing a minor engaged in sexually explicit conduct.
Now I have some questions here. It says in the first part: “Establishing, maintaining or controlling, directly or indirectly, any operation for sexual activity or arousal with the aid of or through the use of a computer system, for a favor or consideration.”
Does this mean that any website which can “arouse” you will be considered criminal? If that’s the case then Summit should appeal this because their beloved FHM website will be in violation of this bill. Even more affected will be the adult run forums and websites which have gathered a lot of traffic and attention in the past few years like Manila Tonight. Also, what about free thinking bloggers who love to post their adventures like celebrity Mocha Uson? Case and point in the screenshot below.
So is this a cybercrime because it can arouse people?
Again, the bill is a bit vague when it comes to defining the actual criminal points in the “cybersex” section.
3. Unsolicited Commercial Communications. — the transmission of commercial electronic communication with the use of computer system which seek to advertise, sell, or offer for sale products and services are prohibited unless:
(a) There is a prior affirmative consent from the recipient; or
(b) The following conditions are present:
(i) The commercial electronic communication contains a simple, valid, and reliable way for the recipient to reject receipt of further commercial electronic communication from the same source, also referred to as opt-out;
(ii) The commercial electronic communication does not purposely disguise the source of the electronic message; and
(iii) The commercial electronic communication does not purposely include misleading information in any part of the message in order to induce the recipients to read the message.
SEC. 5. Other Offenses. The following acts shall also constitute an offense:
(a) Aiding or Abetting in the Commission of Cybercrime – any person who willfully abets or aids in the commission of any of the offenses enumerated in this Act shall be held liable; or
(b) Attempt to Commit Cybercrime – any person who willfully attempts to commit any of offenses enumerated in this Act shall be held liable.
SEC. 6. Liability under Other Laws. A prosecution under this Act shall be without prejudice to any liability for violation of any provision of Republic Act No. 3815, as amended, otherwise known as the Revised Penal Code, or any other law.
Now this is for the internet marketers. You can’t spam the e-mail inboxes of people anymore with newsletters unless it has an opt-out feature. Since the wording is “or” in the first section, you can still send unsolicited e-mails but under the condition of the opt-out. Not that I advise doing this though since you’ll just piss off the potential customer by sending them e-mail that they don’t want to read in the first place.
To sum everything up, I think that this bill was too hastily made and lacked inputs from industry experts from the private sector. There are so many loopholes and it’s really vague on which sites and businesses will be affected.
we have a group page in Multiply as a temporary site for the anti-HB6794 campaign.
we also have a facebook cause: http://apps.facebook.com/causes/432261/40013542?m=71bb3202
While I agree with the critique on the vague definition of some of the terms of the bill (i.e., computer data’, ‘recording of private acts’), I am more worried on the provisions of the bill on data collection and retention. Under Section 10, law enforcement agencies are authorized to collect or record ‘traffic data.’ Meanwhile, Section 11 states that services providers are ordered to preserve data for six months or up to 1 year if so ordered by law enforcement authorities.
More on my blog http://bleakgarden.blogspot.com/
Nice points Joey.
Haven’t really read through the whole bill, but for the excerpts you placed here I agree with you that there are certain loopholes and/or redundant statements.
While I am not for child pornography the statement about B and C are a bit bothersome.
“For the purposes of this Section, the term “child pornography” shall include pornographic material that visually depicts: (a) a minor engaged in sexually explicit conduct; (b) a person appearing to be a minor engaged in sexually explicit conduct, or (c) realistic images representing a minor engaged in sexually explicit conduct.”
i.e. isn’t (a) and (c) the same? Unless you count unrealistic images (i.e. cartoon spoof pronz like say I dunno, Pokemon–hey they’re minors, right? so does that count as child pronz now?)
La lang. And in part (b), doesn’t that just count as pornography and not really child pornography since the person is not really a minor but just appearing to be?
More than anything, why can’t bills and law stuff be translated to the vernacular so that everyone can easily understand it. -__-
this was so very interesting to learn because every time you encounter such like the situation given,,,,you can easily know what is the punishment…
..it helps me a lot in my research paper about cyber crime… good!