This document discusses computer engineering and IT laws. It covers topics like cybersecurity, data protection, information technology law, cybercrime types and laws in the Philippines. Some key Philippine IT laws discussed include the Cybercrime Prevention Act of 2012, E-Commerce Act of 2000, Data Privacy Act of 2012, and Anti-Photo and Voyeurism Act of 2009. International conventions on cybercrime like the Budapest Convention and examples of computer-related issues in the Philippines and worldwide are also summarized.
2. Cybersecurity and Data
Protection
• Cybersecurity – the practice of protecting systems, networks,
and programs from digital attacks. It is also one of the fastest-
growing challenges across the globe and is becoming
increasingly important. Furthermore, cybersecurity has
enormous implications for government security, economic
prosperity, and public safety. Cyber laws have been enacted by
every nation, including the United States, South Africa, Europe,
and the Philippines.
• Data Protection – the process of safeguarding important
information from corruption, compromise, or loss. The
importance of data protection increases as the amount of data
created and stored continues to grow at unprecedented rates.
3. • Information Technology (IT) Law refers
to the law of IT, including computing and
the Internet, that governs the digital
dissemination of both information and
software.
• Cybercrime is a crime committed with or
using information and communication
technologies such as radio, television,
smartphones, computer and network,
and other communication devices.
4. Types of Cybercrime in the
Philippines
There are various types
and kinds of cybercrimes.
The 2001 Budapest
Convention on Cybercrime
categorizes the cybercrime
offenses into the following:
• crimes against the
confidentiality, integrity,
and availability of
computer data and
systems;
• computer-related
offenses;
• content-related
offenses; and
• crimes related to
infringements of copyright
and related rights.
5. IT-related Laws in the
Philippines
• The first recorded cybercrime in
Philippines was in 2000 when Onel de
Guzman released the “I Love You”
virus but was dismissed at first stage
as there was no law punishing
cybercrimes at the time.
• Here are computer-related laws
enacted in the Philippines as of today:
6. 1. Cybercrime Prevention Act of
2012 (Republic Act No. 10175)
•– an act addressing crimes
committed against and through
computer systems, providing
protection and safeguarding
the integrity of computer,
computer and communications
systems, networks, and
plagiarism and databases.
7. 2. E-Commerce Act of 2000
(Republic Act No. 8792)
• – this act aims to facilitate domestic
and international agreements,
contracts, and exchanges and storage
of information through the utilization of
electronic, mode, instrumentality, and
technology to recognize the
authenticity and reliability of electronic
documents related to such activities,
and to promote the universal use of
electronic transactions in the
government and by the public.
8. 3. Access Device Regulation
Act of 1998 (Republic Act No.
8484)
• – an act regulating the issuance and use
of access devices, prohibiting fraudulent
acts committed, providing penalties, and
for other purposes. The State recognizes
the recent advances in technology and the
widespread use of access devices in
commercial transactions. The State shall
protect the rights and define the liabilities
of parties in such commercial transactions
by regulating the issuance and use of
access devices.
9. 4. Anti-Wiretapping Law
(Republic Act No. 4200)
• – an act to prohibit and penalize
wiretapping and other related
violations of the privacy of
communication and for other
purposes. It shall be unlawful for any
person, not being authorized by all
the parties to any private
communication or spoken word, to
tap any wire, to secretly overhear,
intercept, or record such
communication or spoken word by
using a device commonly known as a
dictagraph, walkie-talkie, or tape
recorder.
10. 5. Data Privacy Act of 2012
(Republic Act No. 10173)
•– enacted to protect individual
personal information in ICT
systems in the government and
the private sector. The National
Privacy Commission administers
and implements the provisions of
the law and ensure compliance of
the country with international
standards set for data protection
11. 6. Anti-Child Pornography Act
of 2009 (Republic Act No. 9775)
•– an act defining the crime of
child pornography, prescribing
penalties and for other purposes.
The State recognizes the vital role
of the youth in nation building and
shall promote and protect their
physical, moral, spiritual,
intellectual, emotional,
psychological, and social well-
being.
12. 7. Anti-Photo and Voyeurism
Act of 2009 (Republic Act No.
9995)
• – an act penalizing the crime of photo
and video voyeurism. Photo or video
voyeurism means the act of taking a photo
or video of a person or group of persons
performing a sexual act without the latter’s
consent. It also includes the act of selling,
reproducing, and broadcasting the photo,
video, or recordings of such sexual act
through the Internet and similar means or
device without the written consent of the
person/s involved.
13. Cybercrime Offenses in the
Philippines
•The following acts constitute the
offense of core cybercrime
punishable in the Philippines.
•A. Offenses against the
confidentiality, integrity, and
availability of computer data
systems
14. •1. Illegal Access – refers to the
access to the whole or any part of
a computer system without right.
•2. Illegal Interception – refers to
the interception made by technical
means without right of any non-
public transmission of computer
data to, from, or within a computer
system including electromagnetic
emissions from a computer system
carrying such computer data.
15. • 3. Data Interference – refers to the intentional
or reckless alteration, damaging, deletion, or
deterioration of computer data, electronic
document, or electronic data message, without
right, including the introduction or transmission
of viruses.
• 4. System Interference – refers to the
intentional alteration or reckless hindering or
interference with the functioning of a computer
or computer network by inputting, transmitting,
damaging, deleting, deteriorating, altering, or
suppressing computer data or program,
electronic document, or electronic data
message, without right or authority, including
the introduction or transmission of viruses.
16. •5. Misuse of Devices – refers to
the use, production, sale,
procurement, importation,
distribution, or otherwise making
available, without the right of a
computer program or a computer
password.
•6. Cyber-squatting – the
acquisition of a domain name over
the internet, in bad faith, to profit,
mislead, destroy reputation, and
deprive others of registering the
same name.
17. B. Computer-related
Offenses
• 1. Computer-related Forgery – the input,
alteration, or deletion of any computer data
without right, resulting in inauthentic data,
regardless of whether the data is directly
readable and intelligible.
• 2. Computer-related Fraud – the input,
alteration, or deletion of computer data or
program causing damage thereby with fraudulent
intent.
• 3. Computer-related Identity Theft – the
intentional acquisition, use, misuse, transfer, or
alteration of identifying information belonging to
another, whether natural or juridical, without right.
18. Overview of International IT-
related Laws
• Cybercrime is a growing concern to countries at
all levels of developments and affects both
consumers and sellers. While 154 countries
(79%) have enacted cybercrime legislation as of
2021, the pattern varies by region: Europe has
the highest adoption rate (93%) and Asia and the
Pacific the lowest (55%).
• The evolving cybercrime landscape and resulting
skills gaps are a significant challenge for law
enforcement agencies and prosecutors,
especially for cross-border enforcement.
19. Convention on Cybercrime
(Treaty #185 – Budapest
Convention)
• The Convention is the first international
treaty on crimes committed via the
Internet and other computer networks,
dealing particularly with infringements
of copyright, computer-related fraud,
child pornography and violations of
network security. It also contains a
series of powers and procedures such
as the search of computer networks
and interception.
20. • Its main objective, set out in the preamble,
is to pursue a common criminal policy
aimed at the protection of society against
cybercrime, especially by adopting
appropriate legislation and fostering
international cooperation.
• The convention happened on November
2001 and was drawn up by the Council of
Europe in Strasbourg, France, with the
active participation of the Council of
Europe's observer states Canada, Japan,
Philippines, South Africa, and the United
States.
21. HIPCAR Project - Harmonization of ICT
Policies, Legislation and Regulatory
Procedures in the Caribbeans (Cybercrime/e-
Crimes)
•HIPCAR was designed to support
the Caribbean countries in
improving their competitiveness by
harmonizing approaches to ICT
development. It brought together
the Caribbean governments,
regulators, service providers, civil
society, private sector, regional
and international organizations
involved in ICT.
22. African Union Convention on Cyber
Security and Personal Data
Protection (Malabo Convention)
• The AU convention objective is setting
the essential rules for establishing a
credible digital environment (cyber
space) and address the gaps affecting
the regulation and legal recognition of
electronic communications and electronic
signature; as well as the absence of
specific legal rules that protect
consumers, intellectual property rights,
personal data and information systems
and privacy online.
23. •The convention aims also to
set up a minimum standard
and procedures to reach a
common approach on the
security issues in Africa and
Address the need for
harmonized legislations
necessary to enhance
cooperation in cyber security in
Member States of the African
Union.
24. UNDERSTANDING
CONTEMPORARY ISSUES
• Computer-related Issues in the
Philippines
•To further understand the value of
enacting computer-related laws,
here are contemporary issues and
events in the Philippines
concerning computer-related
violations.
25. Aguirre files wiretapping
complaint against Hontiveros
• On September 12, 2017, former Negros
Oriental representative Jacinto “Jing”
Paras said that Senator Risa Hontiveros
was liable for wiretapping during a privilege
speech at the Senate.
• In her speech a day before, Hontiveros
presented a photo at the Senate (shown
below) during a privilege speech calling for
the resignation of then Justice Secretary
Vitaliano Aguirre II.
26. Figure 1. Text exchange between
Aguirre and a “CongJing”
•
27. • The photo shows Aguirre texting a
“CongJing”, later assumed as Jacinto
Paras. It was said to be taken on the
5th of September during a Senate
probe about the extrajudicial killing of
Kian delos Santos. The text says that
Paras should “expedite” or rush his
cases against Hontiveros to hopefully
divert her attention. In her privilege
speech on the 11th, Hontiveros claims
that the exchange was unethical, no
less in a hearing of an unrelated topic,
and should be a reason to force
Aguirre to resign.
28. • Paras argued that the content does not
matter, whether the text is real or not, but
finds Hontiveros’ action as a violation of
the law on the anti- wiretapping (Republic
Act No. 4200).
• Almost four (4) years later, the case was
brought up in December 2021 which
Hontiveros says she “was surprised that a
case from 2017 suddenly moved forward”.
She posted bail for PHP36,000 following
the release of the arrest order against her.
She calls for the dismissal of the case as it
was “worthless and baseless”.
29. Suspects arrested in December
2021 BDO Hacking
• In December 2021, Banco De Oro users took to social
media to complain about illegal transactions made using
their accounts to transfer money to the UninonBank
account of a certain “Mark Nagoyo”.
• A common pattern among the victims is that the alleged
cybercriminals were somehow able to access the victims’
BDO accounts even if they were careful about not clicking
any suspected phishing links and ensuring on not
revealing any of their banking details in public. BDO
Unibank was informed and advised their users to never
share their login information and OTP (One Time
Password), and to regularly change the passwords of their
online banking accounts.
30. •A month later, five (5) suspects of
the BDO hacking were arrested
and charged by the National
Bureau of Investigation (NBI).
They believe that Jherom Anthony
Taupa, Nwadi, Roneyln Panaligan,
Clay Revilosa and Nigerian
nationals Ifesincachi Fountain
Anaekwe and Chukwuemeka Pete
violated the Access Devices
Regulation Act of 1998 and the
Cybercrime Prevention Act of 2012
32. • Panaligan, one of the suspects, acts
as a “verifier” and pretends to conduct
a survey and ask victims for their
identification cards with photographs in
exchange for PHP50 in prepaid credit
loan for “participating in the survey”.
The information and photographs of
the victims, without their knowledge,
would be used to apply for verified
GCash or Paymaya accounts. And
after securing the debit cards, would
offer it for sale to other fraudsters
looking to cash out funds from
illegitimate sources.
33. • Revillosa, a third-year college student, was
found to be selling 800,000 mailing lists or
e-mail addresses containing login
credentials of online banking accounts for
PHP30,000. The mailing lists are used in
the preparatory stages of large-scale
fraudulent activities.
• As for Anaekwe and Nwadi, the DOJ said,
they are the brains behind the “Mark
Nagoyo Group” and provided access
devices such as bank accounts, crypto
wallets, or even point of sale (POS)
terminals of legitimate merchants to
fraudsters.
34. • On April 20 of 2016, Biteng admitted
defacing the COMELEC website last
March but denied NBI’s accusation that he
is a part of a group of hackers that led to
leakage of what appears to be a large
portion of the COMELEC's database,
including voters' personal identity
information. The incident is labeled as “the
biggest private data leak in the Philippine
history” exposing the personal information
of 55 million Filipino voters.
• Four (4) years later, a Manila court has
dismissed the cybercrime case against him
after the prosecution failed to prove him
guilty beyond reasonable doubt.
35. 80 people charged for COVID-19
Fake News and Misinformation
• Eighty people have been charged with various
cybercrimes related to the pandemic since March
of 2020, including 52 suspects spreading fake
news about the coronavirus disease.
• Gen. Guillermo Eleazar, Philippine National
Police (PNP) chief, said these range from illegal
online sale of medical supplies to online scams
and fake news as documented by Criminal
Investigation and Detection Group (CIDG) and
the Anti-Cybercrime Group (ACG).
36. • The data released by the PNP showed that 121
criminal complaints have been filed from March
9, 2020 – August 9, 2021. Of the total, 87
criminal complaints have already been filed in
court against 52 persons who used their social
media platforms to spread false information
about the pandemic.
• They have been charged with Unlawful Use of
Means of Publication and Unlawful Utterances
under Article 154 of the Revised Penal Code,
violation of Republic Act of 10175 and violation
of Presidential Decree No. 90 on
rumormongering and spreading false
information.
37. Overview of International
Computer-related Issues
• From cyberattacks to child abuse, the following
are some of the computer-related issues and
violations worldwide.
• Brazilian Ministry of Health suffer cyberattack
• On December 10, 2021, websites under Brazil's
Ministry of Health (MoH) have suffered a major
ransomware attack that resulted in the
unavailability of COVID-19 vaccination data of
millions of citizens.
38. •According to a message left by
the Lapsus$ Group, which has
claimed responsibility for the
attack, 50TB worth of data has
been extracted from the MoH's
systems and subsequently
deleted. The message "Contact
us if you want the data
returned" was seen on the
website alongside the contact
details for the authors of the
attack.
40. •Following the attack,
Brazilian health minister
Marcelo Queiroga said his
department holds a backup
of the data allegedly copied
and erased from the national
health service's databases
as the National Data
Protection Authority (ANPD)
said it is following up on the
case.
41. Cyber voyeur from United
Kingdom hacked computers to
spy on victims
• A man named Robert Davies, 32, from Nottingham,
England has been jailed for more than two (2) years after
admitting to illegally accessing several victims’ devices to
spy on to build a collection of indecent images of both
children and adults.
• Using crypters, a software that encrypt malwares to
bypass security programs, and remote administration tools
(RATs), he infects his victims’ phones or computers with
malicious software by disguising it with the crypters so
their anti-virus protection would not detect it. He then used
the RATs to gain remote access to their devices and steal
any sexual images, mainly of females, they had stored on
there.
42. • On September 2, 2021, Davies pleaded
guilty to 24 Computer Misuse Act
offenses, voyeurism, three counts of
possessing indecent images of children
(IIOC), making IIOC, and possessing
extreme pornographic images.
• He was sentenced on January 11, 2022,
at Nottingham Crown Court to 26 months
in prison. He was also placed on the sex
offenders’ register, given a 10-year
restraining order on five of the victims,
and a 10-year sexual harm prevention
order.
43. Information of Thailand Tourists
in the last 10 years leaked online
• More than 106 million travelers to Thailand had their
personal details leaked online in August of 2021. Britain-
based consumer security company Comparitech said in a
report that its head of cybersecurity research Bob
Diachenko found a database in August containing the
personal information of travelers.
• Comparitech said Diachenko also found his own name
and details about his entries into Thailand on the
database, which contained information dating back to
2011.
• Thailand's Cyber Crime Investigation Bureau said it was
unaware of the incident but was looking into it.
44. 3,906 cases of cybercrime
registered in fiscal year 2020-
2021 of Nepal
• The Cyber Bureau of the Nepal Police said that
as many as 3,906 cases of cybercrime have
been registered in the fiscal year 2020/21,
including 2,003 women and 1,471 men victims.
Not to mention the 1,108 minors who have also
become the victims of cybercrime during this
period.
• The Cyber Bureau Chief Nabindra Aryal said that
the cases of cybercrime have been increasing
drastically of late due to the greed for money as
people have been using the latest technology to
commit crimes.
45. • Police claimed that the children have been
becoming the victims as they have easy
access to social media and the Internet
and cites social media sites such as
Facebook, Viber, TikTok, and Instagram as
platforms where violators commit the
crime.
• As the social media sites used in Nepal
are being operated from abroad, Aryal said
that it is easy for people living outside the
country to commit the crime that is why
they are coordinating with the International
Police Organization (INTERPOL) to arrest
the criminals.
46. End of Chapter 2
• Materials will be sent through Schoology
• Chapter 2
• Assignment 2
• Preliminary Exam is scheduled next week.
• Online thru Schoology on Thursday, Feb. 2, 1pm