It threatens the substantial and growing reliance of commerce, governments, and the public upon the information infrastructure to conduct business, carry messages, and process information. Cybercafé is one of the fastest growing non-violent crimes in the Asian region. It takes a great deal of technical expertise and co-operation, both local and foreign, in order to address such problems. This crime affects deferent countries In varying degrees, depending on the extent of the legislative enactment of each country.In the laws or amend existing laws to fully address cyber threats.
II. PHILIPPINE SITUATION A. Government Responses The public is aware of the importance of legislation that supports police efforts against computer crimes. Noel De Gunman, the Philippine dropout who, in August 2000, created and unleashed a remarkably dangerous computer virus called “l LOVE YOU”, cost several companies, governments, and citizens billions of US dollars in damages.Once received and opened in another computer, it replicates all that it did previously.
The replication went on and on, sweeping all computers where the email was received and opened, from Hong Kong, to Europe, to the United States, infecting and damaging computers and networks of small and big companies, private and government institutions. The damage was about SIS$ 5.
5 billion; some reports say US $ 10 billion. 2. Arrest of the SuspectAn international manhunt was conducted; the investigators traced the origin of the virus to its creator, a programming student (Noel De Gunman) at the AMA Computer University in Manila. When arrested (1 1 May 2000), the suspect apologized to the public and said he had no intention of causing such great harm. Government prosecutors filed cases against him, but even at the first stage, the indictment was dismissed as there was no law penalizing the act at the time (May 2000) in the Philippines. . Effect of the “l LOVE YOU” Virus The “l LOVE YOU” virus illustrated that a person armed with a computer could, from a assistant location, attack and/or disrupt computers and networks worldwide and cause severe damage.
This whole episode points to the need for a domestic law to address a particular criminal act, and international/ bilateral legal instruments to give “no- safe haven” to cyber-criminals (or would-be cyber-terrorists).The Philippine Congress subsequently passed a law that penalizes computer/cybercafés, although it did not cover cyber-terrorism. 4. Congress’ Response In order to curb the threat posed by cybercafé, the Philippine Congress enacted Republic Act (RA) 8792, otherwise known as the “Electronic Commerce Act of 2000”. RA 8792 provides for the legal recognition and admissibility of electronic data messages, documents and signatures. This was signed into law on 14 June 2000.The salient features of the Act are as follows: Provides for admissibility of electronic documents in court cases; Penalizes limited online crime, such as hacking, introduction of viruses damage incurred, and imprisonment of six months to three years, among others; Promotes e-commerce in the country, particularly in business-to-business and business-to-consumer transactions whereby business relations are enhanced and acclimated and consumers are able to find and purchase products online; Aims to reduce graft and corruption in government as it lessens personal interactions between government agents and private individuals.
RA 8792 is considered the landmark law in the history of the Philippines as a legitimate player in the global marketplace. It has placed the Philippines among the countries penalizing cybercafé. Likewise, the Supreme Court drafted the Rules on Electronic Evidence, which took effect on 1 August 2000, to emphasize the admissibility of evidence in electronic form, subject to its authenticity and reliability. This restriction intends to safeguard against accepting evidence of doubtful character.We have also the Access Devices Regulation Act of 1998 (RA 8484) which regulates the issuance and use of access devices, prohibiting fraudulent acts committed and providing penalties and for other purposes; and, Philippine Central Bank Circular 240 dated 7 April 2000 regulating the electronic banking services of financial institutions. While RA 8792 is already in place, it was found to have failed to address all forms of cybercafé that are enumerated in the Budapest Convention onCybercafé of 2001 , namely: Offenses against confidentiality, integrity and confidentiality of computer data and systems which include illegal access, illegal interception, data interference, system interference, misuse of devices; Computer- related offences which include computer forgery and computer related fraud; Computer-related offences such as child pornography; Computer-related to infringement of copyright and related rights. Furthermore, enforcing the law with the use of the existing guidelines embodied in the Revised Penal Code, as amended, may not work for cybercafé.
Unlike the traditional and terrestrial crimes which deal with corporeal evidence, cybercafé involves more electronic data which are intangible evidence. In order to cope with the daunting problem of cybercafé, the Department of Justice (DOC) created the Task Force on E- Government, Cyber-security and Cybercafé in 2007 to deal with cyber-security issues in relation to legislation and investigation. It was created to pursue the e- government agenda, institutionalize a cyber-security regime and implement laws.The said task force worked closely with the Council of Europe, a private organization, ND local experts composed of IT practitioners and other stakeholders. Among the top priorities of the Task Force was to work for the passage of the cybercafé prevention act, and the Task Force proposes the creation of e-courts to oversee all high-tech cases of hacking or crimes committed using Internet technology. Included in its effort is capacity-building of the technical knowledge of government prosecutors and Judges whose courtrooms will be designated e-courts.A related Technical Working Group (TWIG) on Cybercafé and Cyber-security consists of representatives from National Government Agencies, including law enforcement agencies like the Philippine National Police (PEN), National Bureau of Investigation (NIB), private companies and academia, which have Joined hands in order to address consolidate and make concrete the government’s efforts on cyber-security and to successfully implement measures to fight cybercafé.
The TWIG drafted and proposed a bill that will supplement the current RA 8792. The proposed cybercafé bill includes a definition of cybercafé, penalties and provisions on Internet piracy and provisions on co-operation with the international community. The proposed bill covers not only computers and computer networks but mobile devices as well. The bill will also have anti-spam measures, and will cover SMS or text messaging for mobile phones, treating mobile phones as “communication devices”.Another added provision concerns “corporate liability’ and proposes that a company can be held liable for cybercafés like hacking or virus attacks when its computer network is utilized in the commission of prohibited acts. The bill also proposes to create a Computer Emergency Response Council (CERCI) under the supervision and control of the Office of the President to formulate and implement a national action plan to address and combat cybercafé. The CERCI shall be headed by the Chairman of the Commission on Information and Communications Technology (CIT).
Other members shall be the Director of the National Bureau of Investigation (NIB) as Vice Chairman and Director General of the Philippine National Police (PEN), the Head of the National Prosecution Service (NAPS), the Head of the National Computer Center (NC), the Head of the Philippine Center on Transnational Crime (PACT), the Head of the Anti-Fraud and Computer Crimes Division (AFC) of the NIB and the Head of the Criminal Investigation and Detection Group (CICS) of the PEN, as well as three representatives room the private sector involved in information security, to be appointed by the President as members.On 26 September 2007, the Philippines signed the United Nations Convention on the Use of Electronic Communications in International Contracts at United Nations Headquarters in New York. Adopted by the United Nations General Assembly on 23 November 2005, the United Nations Convention on the Use of Electronic Communications in International Contracts aims to enhance legal certainty and commercial predictability where electronic communications are used in relation to international contracts. In October 2007, the “Legislators andExperts Workshop on Cybercafé”, led by the Commission on Information and Communications Technology (CIT), declared their support for Philippine accession to the Budapest Convention on Cybercafé and the expeditious passage of an implementing anti-cybercafé law to prevent, mitigate, and deter the commission of CIT related crimes, to foster co-operation within the CIT community, government, private sector and civil society in promoting an atmosphere of safe computing. The United Nations Commission on International Trade Law (UNCRITICAL) is the core legal body of the United Nations system in the field of international trade law.Its mandate is to remove legal obstacles to international trade by progressively modernizing and harmonize trade law. It prepares legal texts in a number of key areas such as international commercial dispute settlement, electronic commerce, insolvency, international payments, sale of goods, transport law, procurement and infrastructure development.
UNCRITICAL also provides technical assistance to law reform activities, including assisting member states to review and assess their law reform needs and to draft the legislation required to implement law. B. The Philippine National PoliceAt the forefront of this cybercafé information campaign is the Anti-Transnational Crime Division (TACT) of the Criminal Investigation and Detection Group (CICS) of the Philippine National Police (PEN). The TACT-CICS has a dedicated computer forensic laboratory manned by certified computer forensic examiners (Once) and trained computer crime investigators. At present, numerous reports of emerging cybercafés are emanating from the country, particularly cyber-sex and child trafficking rings. With this development, the PEN has focused its efforts on a cybercafé information campaign within the organization.It aims to promote a deeper understanding of the impact of cybercafé and to solicit the concerns and insights of the community on cybercafé-related incidents.
Likewise, it has also established links with foreign counterparts in order to successfully fight the threat posed by cybercafé operations. The first Filipino to be convicted of cybercafé, particularly hacking, was J] Maria Ginger. He was convicted in September 2005 by Manila MET Branch 14 Judge Arousal Misled-Local. Ginger pleaded guilty to hacking the government portal “gob. PH” and other government websites. He was sentenced to one to two years of imprisonment ND fined Phi,OHO.However, he immediately applied for probation, which was eventually granted by the court.
The conviction is now considered a landmark case, as he is the first local hacker to be convicted under section AAA of the E-commerce Law or Republic Act 8792. The Anti-Transnational Crime Division (TACT) of the Criminal Investigation and Detection Group of the Philippine National Police (PEN- CICS) was involved in the gathering of electronic evidence and the tracking down of the Filipino hacker with help from local Internet service provider Pittston Inc. , which hosted the gob. H portal when it was attacked by Ginger.Since its creation as a Division of the CICS in 2003, the TACT has encountered 2,624 referred cases of computer crimes both from government agencies and private individuals nationwide. Likewise, from ICY 2004 to ICY 2007, a total of 195 computer forensic examinations were also conducted. At present, based on records from the DOC Task Force on E- Government, Cyber-security and Cybercafés, more than 30 cybercafé cases were filed before Philippine courts on cases relating to website defacement’s, on-line pornography cyber-stalking, Internet libel, computer forgery, text scams, and privacy issues.
In order to beef-up its capabilities to handle various computer-related endeavourers, the TACT-CICS personnel received a total of 67 training sessions, both local and abroad, from 2003 to 2008. Likewise, a total of 13 training sessions were conducted for 426 personnel of the PEN nationwide. C. Philippine Emergency Response -ream (PECKER) The first computer emergency response team or CERT. in the Philippines is the PH- CERT.. PH-CERT.
provides assistance or responses to cyber incidents locally. PH-CERT. funding has to come from its membership fees and sponsorships, thus it cannot afford to have permanent staff and its services are purely voluntary.Its Concept of Operation of providing assistance is email-based and phone-based and on-site services are very minimal or do not exist. The organization has a strong co-ordination with law enforcement agencies through the conduct of technical training. However, lately, the operation of PH-CERT. encountered difficulty due to lack of financial support and human resources.
D. Government Computer Security and Incident Response Infrastructure (TIFFS) and its aim is to suppress, detect and investigate computer outwork intrusions and other related Internet or computer crimes.In research conducted by the SKIRT from ICY 2003 to ICY 2007, there was evidence of transnational attacks on computers and the information infrastructure and a total of 667 government websites were discovered defaced, or an aggregate of 133 government websites were attacked by defacers/hackers each year, an average of 1 1 incidents per month. Based on this research, it was found out that 134 coded defacers (both local and international) have attacked these government websites in that five-year period.Of the attacked/hacked government websites, 507 of the 667 overspent websites were using the Linux operating system (SO), free and openly available software. This operating system (SO) is the most prone to attacks by defacers/hackers. Ill.
ISSUES Despite the overwhelming efforts of the government and the private sector in combating cybercafé in the Philippines still much has yet to be done. The following issues hamper the effective security and protection of Philippine cyberspace: A.Legislation against Cybercafé The present laws are not sufficient to completely deter cyber-offenders and to protect the Philippines’ cyberspace. For instance, the most important cyber-security isolation in the country, which is Republic Act 8792 or the E-commerce Act, enacted on 14 June 2000, only penalizes hacking, cracking and piracy. It does not provide penalties for other cybercafés such as cyber-fraud and similar offences. B. Budgetary Constraints Though Government spending in CIT is rising, the amount intended for the security of CIT and cybercafé prevention is very minimal.
C.Overlapping Roles of IT Government Bodies There is no single overall government body that is mandated to address the problem of cybercafés and to institute policies on combating such. The proliferation of efferent CIT committees and task forces in the government yields multiple and murky CIT directions. D. Lack of Information Sharing, Co-ordination and Co-operation among the Stakeholders Although there have been conferences and multilateral co- operation undertaken by the government and the private sector to develop information sharing and intelligence, still there is no established contact point for co- operation and co-ordination.E. Lack of Proper Training of Law Enforcers Most law enforcers do not have the proper training on computer forensics, investigation and handling of digital evidence.
Worse, some do not have basic understanding of the concepts of cyber-security and cybercafé. F. Public Awareness Up to this time, the general public is not yet properly educated on the debilitating effect of cyber intrusions and improper computer ethics. The public should understand its role in securing the country cyberspace. V. CONCLUSION The challenge of controlling transnational cybercafé requires a full range of responses, including both voluntary and legally mandated co-operation. The government must actively pursue transnational initiatives, either voluntary, informal exchange of information, or multilateral treaties to establish a common and absentia degree of co-operation in the investigation and prosecution of cybercafé legal, regulatory, or policy environment concerning cybercafé.