ADDRESSING CYBERCRIMES IN THE PHILIPPINES:

A LEGAL FRAMEWORK IS CRUCIAL

Lizan E. Perante-Calina

I. Introduction

A. Background of the Study

The era of globalization has introduced myriad of concerns and developments in the growth of
modern and sophisticated communication technology. With its emergence, it makes everyday life
activities easier and economical through the use of global internet or the World Wide Web
(www).

The unprecedented growth of these information technologies appear to have advantages and
disadvantages. People from all walks of life are forced to cope with the demands of the digital
era for different reasons like for academic, business or socialization purposes. However, with
easy access and availability, there appears to have apparent drawbacks on its uses. One prevalent
drawback is making the internet and computer system a means to commit crimes which in the
international parlance are referred to as cybercrimes.

Cybercrimes are any crime that is committed using a computer, a network, or hardware device.
Attacks include keystroke loggers, viruses, root kits or Trojan horses, phishing, pharming, theft
or manipulation of data or services via hacking or viruses, identity theft and bank or e-commerce
fraud (Merrit 2010:15).

A policy paper submitted to UP-NCPAG as part of the course requirement in PA 247 (Policy Paper), SY 2011-2012

Page 1 of 45

According to the Tenth United Nations Congress on the Prevention of Crime and the Treatment
of Offenders, cybercrime is any crime capable of being committed in an electronic
environment, where crime refers to behavior generally defined as illegal or likely to be
criminalized. Its commission can be done through a computer system or network, in a computer
system or network or against a computer system or network (Corell 2000:2).

From the viewpoint of the Council of Europe on the Convention on Cybercrime which is the
only binding international instrument on issue, cybercrime is one of the most global of all
transnational crimes and it poses major challenges for the law enforcement and criminal justice
systems (Council of Europe 2009). The pervasiveness of these computer crimes is in fact
growing, reaching to an annual revenue of $1 trillion (Leyden, 2009:1) and is estimated to
exceed the revenues of international drug trafficking (Council of Europe 2009 and Security
Watch 2009).

Various literatures articulate that cybercrimes are evolving, fast-growing, and sophisticated and
can happen anytime, anywhere and to anybody at a different level. It goes beyond the technical,
transnational dimension and it involves offenders who deliberately fashion their attacks to
exploit the potential weaknesses present in the infrastructures transnational nature. In the Asian
region, these are also one of the fastest growing non-violent crimes (Sosa 2009:1).

Cybercrime groups use botnets, computers that transmit spam and viruses via the Internet to
other computers without their owners knowing about it. The botnets can steal credentials, credit
card details and other sensitive information. They can also carry out the pay-per-install and pay-

per-click schemes. Cybercriminals can utilize search engines like Goggle and social networking
sites such as Facebook and Twitter (spot.ph/the-feed/47838/cyber-threat-intensifying-in-ph-saysanti-vi..., Cybercrime Threat Intensifying in PH Says Anti-Virus Firm,

Page 2 of 45

Spot, The Feed 2011: 1).

Cybercrimes may take several forms. Table 1 indicates an explanation of the different forms of
cybercrimes.

Table 1. Forms of Cybercrimes

Black Market/Underground
An efficient, online global marketplace where stolen goods and fraudEconomy
related services are regularly bought and sold.
Bot or Botnet
Short for robot, a bot is a small hidden application that is sent by

cybercriminals to unsuspecting computers like yours. It then uses your

computer to perpetrate criminal activities such as sending spam emails or

phishing attacks. Botnets are networks of bots working together to

perpetuate massive attacks in thousands or even millions of computers.

Crimeware
Includes programs that may be classified as bots, keystroke loggers,

spyware, backdoors and Trojan horses.

Hacking
Person or group of people who use unauthorized methods to access a

computer or network of computers, usually for illegal purposes.

Keystroke Logger
A simple, readily available spyware application, loaded onto target

computers via spam or click fraud Trojans, that records every keystroke

on your computer, and sends your information back to the cybercriminal.

Phishing
Spam email that appears to be legitimate but is not. Its goal is to get you

to send personal information to the cybercriminal.

Spam
Spam is a catch-all term for any unsolicited email. Much of it is just

bothersome correspondence from legitimate businesses. But some of it

has criminal intent, whether phishing for information, attempting to load

malicious code onto your computer, trying to enlist you in a scam, or

trying to seduce children.

Trojan
Trojans are applications sent to your computer, either via spam or click

fraud that sit silently on your computer and download spyware bots or

other malicious applications to your computer.

Source: Cybercrime Exposed, Symantecs Internet Safety Advocate, 2009

Cybercrime is one of the most complicated problems in the digital era faced by both

Page 3 of 45

developed and developing countries. It can be one of the species of conventional crimes. What
makes it distinctly different is the usage of a computer device or a system. Data heavens
represent one of the greatest threats against security in the information age. Attacks against
critical infrastructures can be carried out from countries which lack cybercrime regulations
implying serious problem of jurisdiction (Picotti and Salvadori 2008:4).

Being a global offense, cybercrime needs a global answer through international cooperation. As
early as 1984, the United States of America (USA) started its campaign against cybercrime
problems by enacting its first law on Computer Fraud and Abuse Act (18 U.S.C. 1030). Seven
years later, the Department of Justice (DOJ) created a specialized unit to address computer issues
known as the Computer Crime and Intellectual Property Section (CCIPS) which evaluates
computer crime problems, offers legislative and policy proposals to address computer crimes
(Kowalski 2002).

In the United Kingdom (UK), an Internet Crime Forum was formed in 1999 which brought
together representatives from the government, the law enforcement agencies and the internet
industry to develop and maintain a working relationship in the protection of legitimate internet
communications (Kowalski 2002). The Forum has identified significant gaps in addressing
cybercrime cases in UK.

The Canadian Government has also its share in addressing the endemic spread of cybercrimes. It
initiated major initiatives in addressing cybercrimes by actively participating in G8 Group of
Senior Experts on Transnational Organized Crime, the Committee of Experts on Crime in
Cyberspace of the Council of Europe and the Organization of American States Group of
Government Experts on Cyber-Crime. It also conducts Global summits, international studies and
has helped in drafting the Council of Europe Convention on Cybercrime. In fact, Canada was
one of the first countries to enact criminal laws in the area of computer crime (Kowalski

Page 4 of 45

2002) in consonance to the Convention on Cybercrime 2001. A study of the United Nationssponsored network of Internet policy officials articulate that Canada is ahead of nearly two-thirds
(2/3) of the 52 countries surveyed in enacting laws to crack down cybercrimes (Kowalski 2002
citing Chu 2000).

In November 2001, the Council of Europe crafted the Convention on Cybercrime (CoC) with
the participation of Canada, Japan, South Africa, and the USA. The Convention took effect on
July 1, 2004. Considered as the only binding international instrument on the issue of cybercrime,
the Convention serves as a guide for any country to develop a comprehensive national legislation
on cybercrime. The CoC also operates as a framework for international cooperation between
signatory countries (Council of Europe 2009).

In 2010 there were about 1.9 billion internet users all over the world (Internet World Stats
2010) and this is expected to grow each year as information technologies are evolving. New
models, versions, software and programs are launched every year to keep pace with the demands
of the time.

Moreover, the Internet Crime Complaint Center (IC3) received more than three hundred thirty
six thousand (336,000) complaints for the period of January to December 2009 covering only the
United States (see Figure 1). Less than half of the complaints were referred to local, state and
federal law enforcement agencies of the country for further investigation. Most of the referred
cases involved internet fraud resulting to financial loss.

Page 5 of 45

Figure 1. Yearly Comparison of Complaints Received via the IC3 Complaint Website

(2000-2009)

Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)
National White Collar Crime Center (NW3C),

Bureau of Justice Assistance, U.S. Department of Justice

Faced by massive cyberthreats, United States President Barack Obama issued a Presidential
Proclamation on October 2010 declaring the month of October as the National Cybersecurity
Awareness Month. (See Annex A). In other parts of the world, cybercrime complaints are on the
rise as computer internet users are also increasing as shown in Tables 2, 2.1., 2.2., 2.3 and 2.4 on
World Internet Usage and Population Statistics (see Annex B).

The tremendous influence of information communication technologies (ICT) is certainly making

a great wave on the economic, political and social situations of every nation. But too much
dependency will basically generate vulnerabilities if such use cannot be regulated. The
prevalence of cybercrime activities has signaled that there is a need for some countries to
Page 6 of 45

strengthen their cybercrime framework using the Convention on Cybercrime as a guideline or

model law. These countries include Argentina, Benin, Botswana, Brazil, the countries of the
Caribbean, Chile, Colombia, Costa Rica, the Dominican Republic, India, Indonesia, Morocco,
Mexico, Niger, Nigeria, Pakistan, Sri Lanka, and Philippines (See Figure 1, Annex C)

(Council of Europe 2009).

B. Problem Statement

The researcher feels the need to conduct this study to fill in the gaps of the policy of the
Philippine Government to address the prevalence of cybercrimes. By answering the questions on
how to address cybercrimes in the Philippines and how to strengthen the existing pillars of the
judicial system, the policy study will be able to identify the issues faced by the country and the
possible recommendations to the problems.

C. Objectives

The main objective of the paper is to analyze and examine the present situation of the Philippines
as a developing country on how it responds to the information technology advancement, with
particular focus on the doom side of seamless access to internet where proliferation of
cybercrime cases is apparent.

The researcher aims to make the policy paper a useful instrument for Congress and the
Philippine bureaucracy to enact a legislative measure which will define the nature and scope of
cybercrimes in accordance with the provisions of Convention on Cybercrime of the Council of
Europe. As mentioned earlier cybercrimes are not only a domestic but a global concern, thus,

there is a need to harmonize domestic laws with international treaties.

Page 7 of 45

D. Methodology

The study employed in the paper is the descriptive method in analyzing and evaluating the policy
gaps in the prevention of cybercrimes in the country. The gathering of the data is based on
interview of key persons as the primary source of information. Secondary materials, such as
books, journals, newspapers and internet sources, were also utilized. The study focusses on how
the Philippine Government deals with the prevention and prosecution of cybercrime cases.

E. Definition of Terms

Botnets/Zombies - are armies of computers infected with malware that can serve many
purposes, from launching distributed denial of service attacks, to sending spam, stealing
confidential information, installing additional adware and rogueware, performing click fraud or
facilitating phishing

Cyberterror - The deliberate destruction, disruption or distortion of digital data or information

flows with widespread effect for political, religious or ideological reasons.

Cyber-utilization - The use of on-line networks or data by terrorist organizations for supportive
purposes.

Cybercrime - The deliberate misuse of digital data or information flows

Cracking - is a higher form of hacking in which the unauthorized access culminates with the
process of defeating the security system for the purpose of acquiring money or information
and/or availing of free services

Page 8 of 45

Computer virus - is a computer program that can copy itself and infect a computer without
permission or knowledge of the user. The original may modify the copies or the copies may
modify themselves

Hacking - is the act of illegally accessing the computer system/network of an individual, group
or business enterprise without the consent or approval of the owner of the system

Phishing/Pharming emails and websites that mimic legitimate businesses with the intent of
getting you to disclose usernames, passwords, credit card numbers, and accounts.

Spyware is a computer program that collects personal information about a user without their
consent, such as a key stroke logger (Lozano 2011).

Review of Literature

The prevalence of cybercrimes worldwide has been considered as a threat to democracy.

The growing danger from crimes committed against computers, or against information on
computers, is beginning to claim attention in national capitals (McConnel 2000:1). The
information technology revolution has influenced the society in handling everyday activities. It
has in one way or the other pervaded almost every aspect of human activities (Convention on

Cybercrime, ETS 185, Explanatory).

Cybercrimes are harmful acts committed from or against a computer or network. According to
German criminologists, cybercrimes are computer crimes that infringe property interests when
electronic information is deliberately modified (computer manipulation), destroy (computer
sabotage) or used to misappropriate computer time. Other popular definitions are those
committed in the sphere of computer information and those perpetrated by using the computer
(Polivanyuk 2009).

Page 9 of 45

Furthermore, cybercrimes differ from most terrestrial crimes in four ways. First, committing
these crimes can easily be learned; second, there are few resources relative to the potential
damage caused; third, cybercrimes can be committed in a jurisdiction without being physically
present; and fourth, cybercrimes are often not clearly illegal (McConnel 2000).

The emergence of these crimes can be attributed to Information and Communication

Technology (ICT) which is a set of activities that facilitate by electronic means the processing,
transmission, and display of information which has become the center of the new society

(Asian Development Bank 2003). ICT is also defined as tools that facilitate the production,
transmission, and processing of information. The advent of ICT has promised a potential
advancement in economic, politics and social activities with the improvement in the generation,
sharing and use of information and knowledge to induce collaboration across different
boundaries within and among nation-states (Ocampo 2008:100). The undeniable success of ICT
created a great impact which some countries and organizations described ICTs effectiveness in
superlative terms like time-space compression and the death of distance, spaces of flows
instead of spaces of places, simultaneous globalization and localization processes

(glocalization), and creation of the information society and information polity as well as
information highways (Ocampo 2008:100).

Along these lines, ICT has brought unprecedented increase in the usage of internet and other
wireless technologies so as the burgeoning of countless internet activities. With its evolution, it
perked-up both economic and social opportunities like increase in peoples income, business
investments and connectivity. Globalization has also given much emphasis to the role of ICT
where there is profound transformation in the world economy. Over the last decade, globalization
and ICT have gone hand in hand in the rapid spread of the use of ICT as both an outcome and
determinant of globalization as a key enabler

(http://www.cict.gov.ph/images/files/Philippine_ICT_Roadmap.pdf Philippine CICT Road Map

Page 10 of 45

2006).

The information revolution has opened a wide spectrum for individuals to cross borders in a
seamless way. Almost all aspects of the worlds infrastructure sectors like banking,
communications, energy, health, emergency services, agriculture, water supply, government
services, manufacturing, strategic commercial centers, and even religious and cultural
institutions are operated and maintained with the use of computer systems.

With an increasingly mobile population, information technologies are also useful in maintaining
family ties and have stemmed migration because businesses have outsourced various processes
to developing countries (Haslam et al. 2009). Doing business for entrepreneurs is even made
accessible from online procurement to payment and to the delivery of goods and services. With
ICT, the markets and its clienteles can efficiently transact businesses without spending on
transaction costs.

The way of life of every individual has been made easier by the birth of new and modern
technology and its primary function is actually social in nature, allowing people to keep in
touch, rather than in the economic sphere for which they may have originally been intended

(Alampay 2006). ICTs magnetism received diversity of views on how it will affect the society
and development. There are, of course, superfluity of observations on the benefits and drawbacks
made by economists and scholars. Taking from the viewpoint of the optimists, they see the use of
information technology as a necessity that helps encourage the sustainable development of
individuals, communities, and nations.

The use of ICT was considered crucial to development as it can be used in public administration,
business, education, health, and environmental protection as cited during the

Page 11 of 45

World Summit on the Information Society (WSI) in 2003. The growing share of ICT in world
economic output has been cited as evidence of its importance. It also provides developing
countries an opportunity to leapfrog stages of development and achieve the level of
development like of the West (Haslam, Schafer and Beaudet 2009).

On the other hand, the pessimistic view contends that ICT will only aggravate the existing
inequalities and social divides. Evidence for this perspective is taken from cases demonstrating
that areas have been long benefited from excellent physical access and have been dominant
politically and economically are the ones benefitting from greater access to information
technologies. Based on history, telecommunications roll-out has generally increased inequality,
benefited mostly the wealthy, and had little impact on the quality of life for the poor (Haslam et
al. 2009).

According to a pragmatic view, ICT has a role in a countrys development if applied

appropriately. Contradicting the point of view of the pessimists, access to telephone can have a
dramatic effect on the quality of life of the rural poor. An anecdotal evidence show that the

Grameen Village phone ladies in Bangladesh have been celebrated as a good model for areas
where there is widespread access to telephones. At one point, village phone ladies were earning
three times the national average income (Haslam, et al. 2009). This only shows that ICT are
useful for development.

In developed countries, information technology and the internet have helped globalize
production and capital markets. It also speeds up innovation by reducing the time for designing
new products, through powerful computers that make it easier and cheaper to process large
amounts of data (Asian Development Bank 2003).

Page 12 of 45

ICT and globalization have spurred economic development as economic interdependence of

nations and regions around the world deepens. This global information society has too much
potential that even developing countries are seeing the possibility of bringing ICT infrastructure
in their countries to cope with globalization and experience the surge of economic boom. Access
to modern information technology which is grounded on the principles of affordability,
accessibility and quality of basic telecommunication services and the universal service and
universal access has also posed drawbacks detrimental to end users with particularity on the
online computer related crimes or cybercrimes.

The use of internet around the world grew rapidly either for social use or otherwise. The growth
of internet has introduced positive and negative developments. One of the negative developments
is the proliferation of fraudulent internet activities which is not only limited to hacking and
introduction of viruses but it also include telecommunications and computer crimes; fraudulent
identification including identity theft; fraudulent government securities; electronic fund transfer
fraud; auction fraud; Intellectual Property Rights (IPR) abuses; economic espionage (theft of
trade secrets); online extortion; international money laundering; and work-at-home and online
business opportunities schemes (FBI 2006). And these are commonly known as internet crimes
or cybercrimes.

Studies revealed that the existence of the new technologies has challenged the traditional legal
concepts of every nation as information and communication flow effortless around the world
with no more boundaries between territories. Criminals are increasingly located in places other
than where their acts produce their effects (Convention on Cybercrime, ETS 185, Explanatory).

Proving that crime follows opportunity, virtually every advancement has been accompanied by a
corresponding niche to be exploited for criminal purposes, referred to as

Page 13 of 45

cybercrimes. Ensuring security against the widespread cybercriminalities is a global challenge

that can be learned from the experience of other jurisdictions (Clough 2010).

Review of Foreign Policies

One of the claimed benefits of the Internet is that it connects people with common interests
(Nasso 2000) regardless of territorial boundaries. The cyberspace where all electronic
communications pass through is considered by many as the most dangerous place as unexpected
attacks and threats on privacy can occur anytime in just a click of the cursor. The phenomenon of
cybercrime activities can cause economic and political sabotage on the critical infrastructures of
both government and private sectors.

Figure 2. Cyberspace and the Internet Users

CYBERSPACE

World Wide Web (WWW)

PLDT

GLOBE DSL

BAYANTEL /

OTHER ISP

SKYINET

INTERNET USERS
Source: NBI- Head Agent Palmer Mallari, 2010

Page 14 of 45

The call to fight against cybercrime activities is a global concern that countries around the world
should stand united as the ends of information are after all human ends. The logic of
information must ultimately be the logic of humanity. For all informations independence and
extent, it is people, in their communities, organizations, and institutions, who ultimately decide
what it all means, and why it matters (Brown and Duguid 2000:18, cited in Alampay 2009: 23).

The Council of Europe Convention on Cybercrime, which is the only binding international
instrument in addressing cybercrimes, has been open for signatures for both member and non
member States of the Council of Europe since 2001. Countries that have signed and ratified the
Convention include Denmark, France, Germany, Romania and Ukraine. Non member States, like
Canada, Japan and South Africa, have signed the Convention but have not ratified yet. The
United States of America is the only non member State that has ratified the Convention in 2006.
Table 2 shows the status of member and non member States on the Convention on Cybercrime.
Based on the latest data dated January 2011, the Philippines have not signed the Convention but
it was noted the country has delegates to the conferences and trainings of the Council. Efforts in
the international arena in addressing cybercrimes are overwhelming as issues and concerns are
evolving each day. And more than one hundred (100) countries are now strengthening its legal
framework in consonance with the provisions of the Convention.

One of the most pressing concerns in addressing cybercrime is the difficulty for the police,
judicial and administrative and other law enforcement authorities not only in identifying
cybercriminals but also in determining the locus commissi delicti (place of the commission of the
crime ) and tempus commissi delicti (time of the commission of the crime) since difficulties in
determining the extent and impact of the criminal acts committed through the use of new
technologies exist (Picotti et al. 2008:51).

Page 15 of 45

Table 2. Status on the Ratification of Participating Countries to the

Convention on Cybercrime (As of January 16, 2011)

Convention on Cybercrime
CETS No.: 185

Treaty open for signature by the member States and the non-member States
which have participated in its elaboration and for accession by other non-member
States
Entry into force
Opening for
signature

Conditions: 5 Ratifications including at least 3

member States of the Council of Europe

Place: Budapest
Date :
23/11/2001

Date : 1/7/2004

Status as of: 16/1/2011 Member States of the Council of

Europe

States

Signature

Ratification

Entry into

Notes

R.

D.

A.

T.

C.

O.

force

Albania

23/11/2001

20/6/2002

1/7/2004

Andorra

Armenia

23/11/2001

12/10/2006

1/2/2007

Austria

23/11/2001

Azerbaijan

30/6/2008

15/3/2010

1/7/2010

Belgium

23/11/2001

Bosnia and Herzegovina

9/2/2005

19/5/2006

1/9/2006

Bulgaria

23/11/2001

7/4/2005

1/8/2005

Croatia

23/11/2001

17/10/2002

1/7/2004

Cyprus

23/11/2001

19/1/2005

1/5/2005

Czech Republic

9/2/2005

Denmark

22/4/2003

21/6/2005

1/10/2005

Estonia

23/11/2001

12/5/2003

1/7/2004

Finland

23/11/2001

24/5/2007

1/9/2007

France

23/11/2001

10/1/2006

1/5/2006

Page 16 of 45

Georgia

1/4/2008

Germany

23/11/2001

9/3/2009

1/7/2009

Greece

23/11/2001

Hungary

23/11/2001

4/12/2003

1/7/2004

Iceland

30/11/2001

29/1/2007

1/5/2007

Ireland

28/2/2002

23/11/2001

Italy

5/6/2008

1/10/2008

Latvia

5/5/2004

14/2/2007

1/6/2007

Liechtenstein

17/11/2008

Lithuania

23/6/2003

18/3/2004

1/7/2004

Luxembourg

28/1/2003

Malta

17/1/2002

Moldova

23/11/2001

12/5/2009

1/9/2009

Monaco

Montenegro

7/4/2005

3/3/2010

1/7/2010

55

Netherlands

23/11/2001

16/11/2006

1/3/2007

Norway

23/11/2001

30/6/2006

1/10/2006

Poland

23/11/2001

Portugal

23/11/2001

24/3/2010

1/7/2010

Romania

23/11/2001

12/5/2004

1/9/2004

Russia

San Marino

Serbia

7/4/2005

14/4/2009

1/8/2009

55

Slovakia

4/2/2005

8/1/2008

1/5/2008

Page 17 of 45

Slovenia

24/7/2002

8/9/2004

1/1/2005

Spain

23/11/2001

3/6/2010

1/10/2010

Sweden

23/11/2001

Switzerland

23/11/2001

The former Yugoslav

23/11/2001

15/9/2004

1/1/2005

Republic of Macedonia

Turkey

10/11/2010

Ukraine

23/11/2001

10/3/2006

1/7/2006

United Kingdom

23/11/2001

Non-member States of the Council of Europe

States

Signature

Ratification

Entry into force

Notes

R.

D.

A.

T.

C.

O.

Argentina

Australia

Canada

23/11/2001

Chile

Costa Rica

Dominican Republic

Japan

23/11/2001

Mexico

Philippines

South Africa

23/11/2001

United States of

23/11/2001

29/9/2006

1/1/2007

America

Total number of signatures not followed by ratifications:

17

Total number of ratifications/accessions:

30

Notes: (55) Date of signature by the state union of Serbia and Montenegro. a: Accession - s: Signature
without reservation as to ratification - su: Succession - r: Signature "ad referendum". R.: Reservations D.: Declarations - A.: Authorities - T.: Territorial Application - C.: Communication - O.: Objection.

Source : Treaty Office on http://conventions.coe.int/

The Council of Europe Convention on Cybercrime has introduced procedural and

Page 18 of 45

substantive measures that will serve as guidelines for all States in adopting its domestic law on
cybercrime as the communication highway has opened new doors for cybercriminals, changing
not only the traditional commission of the crimes but also some substantial aspects of the
criminal law and criminal procedure (Picotti et al. 2008:51).

As mentioned earlier, countries of France, Germany and Romania have ratified have already
ratified the CoC in 2006, 2009 and 2004, respectively. These countries have good practices to
share as described in the succeeding paragraphs.

In France, the Convention on Cybercrime (CoC) was signed in November 2001 and ratified in
January 2006. Prior to its ratification, the country had already experienced some cybercrime
offenses. In 1988, the French Parliament adopted its first law concerning computer fraud. Other
pertinent laws were also successively passed. Majority of computer crime and cybercrime
offenses are embodied in the Penal Code of France but it does not necessarily cover all
provisions of the Convention even though France has ratified the same. It does not have any
specific provision regarding computer-related forgery and computer related fraud but these two
offenses seem to fall within the ambit of its traditional provision on fraud (Picotti et al. 2008:6).

French cybercrime legislation is at the forefront in fighting new cyberthreats, criminalizing

illegal acts such as hacking, cracking and input of malicious codes causing a modification of
data. The acts of installing illegal programs as spyware or sniffer and phishing are punishable

offenses with corresponding stiffer penalties. Today, France is faced by problems on spam or
unsolicited commercial e-mail. To reduce such menace to the privacy and correct functioning of
the computer systems and networks, a law was enacted criminalizing the act of sending
unsolicited messages with a fine of 750 euros for each mail sent (Picotti et al 2008:6).

The German government on September 2009 has ratified the Convention on Cybercrime

Page 19 of 45

(CoC). Its criminal code and other laws on preventing cybercrime largely comply with the
requirement of the CoC even before its ratification. Most of cybercrime offenses concerning
illegal interception, data interference, computer fraud and copyright infringements are in
consonance with the provisions of the Convention. A limited review on illegal access and misuse
of devices and identity seem to be not covered by German legislation (Picotti et al. 2008:6).

The Romaninan Government, has already implemented all the provisions of the CoC by creating
specific cybercrime offenses without referring to the provisions of its traditional laws. The
implementation was done prior to the ratification of the CoC in May 2004. What the Romanian
legislature did was to formulate its cybercrime law based on the provisions of the CoC as its
guide model. Today, Romania has the modern cybercrime law coherent with the provisions of
CoC which certainly a good practice that can be thought of by other countries that have no
cybercrime legislation yet (Picotti et al. 2008:8).

The U.S. Government has a well established legal framework in combating cybercrimes. All
segments of the society are being assisted, educated and informed about the drawbacks of the
digital age. It has also signed and ratified the CoC, the first non member State to do so. An
Internet Crime Complaint Center (IC3) was also established in May 2000 as the Internet Fraud
Complaint Center in partnership with the National White Collar Crime Center (NW3C) and the
Federal Bureau of Investigation (FBI). Among the common complaints referred to IC3 can be
categorized in the figure shown below and also the number of perpetrators per 100,000 in the
different areas of the country (IC3 Annual Report 2009).

Figure 7. 2009 Top 10 Most Referred IC3 Complaint Categories, 2010

(Percent of Total Complaints Referred)

Page 20 of 45

Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)

National White Collar Crime Center (NW3C),Bureau of Justice Assistance, U.S. Department of Justice

Table 10. Perpetrators per 100,000 People, 2010

Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)

National White Collar Crime Center (NW3C),Bureau of Justice Assistance, U.S. Department of Justice

Below are illustrations showing top 10 countries where cybercrimes are prevalent based

Page 21 of 45

on the information given by perpetrators to their victims.

Figure 8. Top 10 Countries by Count: Perpetrators (Number by Rank), 2010

Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)

National White Collar Crime Center (NW3C), Bureau of Justice Assistance, U.S. Department of Justice

Figure 9. Top 10 Countries by Count: Individual Complainants (Number by Rank), 2010

Source: 2009 Internet Crime Report, Internet Crime Complaint Center (IC3)
National White Collar Crime Center (NW3C), Bureau of Justice Assistance, U.S. Department of Justice

IV. Philippine Situation - The Case of I LOVE YOU Virus

Page 22 of 45

In the Philippines, the pervasiveness of cybercrimes using the definition of an international body
is apparently ubiquitous. In 2000, the infamous I LOVE YOU virus was created and unleashed
by Onel De Guzman, a Filipino student. It caused damage and infected computers and networks
of companies, private and government institutions in Asia (particularly in Hong Kong), Europe
and United States which was estimated to have reached to US$ 10 billion. Emanating from the
Philippines, the virus was received in e-mail inboxes in Hong Kong which erases and blurs the
graphics and data in the computer and gets the contact address in the computer directory and
sends the same email to all contacts listed therein. Once received and opened in another
computer, it replicates the same harm (Sosa 2009:80). A thorough international manhunt was
conducted resulting to De Guzmans arrest. However, the cases filed against him were dismissed
based on the principle of nullum crimen, nulla poena sine lege (for there is no crime committed
when there is no law punishing the same).

Following that incident, the Philippine government enacted Republic Act (RA) Number 8792, or
the Electronic Commerce Act of 2000 which provides for the legal recognition and
admissibility of electronic data messages, documents and signatures. Under this law, the first
Filipino to be convicted of cybercrime particularly on hacking was JJ Maria Giner. He pleaded
guilty to hacking the governmental portal gov.ph in violation of Section 33a of the ECommerce Law.

The said particular section is only limited to hacking or cracking which refers to unauthorized
access into or interference in a computer system/server or information and communication

system. It can also be an access to corrupt, alter, steal or destroy using a computer or other
similar information and communication devices, without the knowledge and

Page 23 of 45

consent of the owner of the computer or information & communications systems, including the
introduction of computer viruses resulting in the corruption, destruction, alteration, theft or loss
of electronic data messages or document (RA 8792).

Based on the statistics of the Anti-Fraud and Computer Crimes Division (ATCD) of the Criminal
Investigation and Detection Group (CIDG) of the Philippine National Police (PNP), the
Philippines is experiencing numerous and evolving computer crime cases since 2003 to 2010
(See Figure 3) and it is even becoming worst in the next year up to present. From the inception of
the (ATCD) under the (CIDG), it has received more than 3,000 referred cases of computer crimes
emanating from government agencies and private individuals nationwide (See Table 3).

Figure 3. Computer Related Crime Cases Investigated (1,759)

2003 October 2010

Source: ATCD-CIDG-PNP, 2011

Page 24 of 45

Table 3. Cases Investigated by Year (2003-2010)

COMPUTER
2003
2004
2005
2006

2007

2008
2009
2010
TOTAL

CRIMES

Child Pornography/Internet

3
1
9

24
5
4
51
Pornography

5
2
2

20
6
25
41
Internet Fraud

1
5
6
16
Phishing

1
4
6

1
9
3
27
Hacking/Intrusion

51
26

4
81
On-Line Game Hacking

35
23
78
466

54

101
223
162
1,032
Web Defacement

3
7
7

19
7
4
50
Malicious Email

8
VOIP(Voice Over Internet

protocol)

1
1

4
4
Identity Theft

1
8
6

15
Intellectual Property

(Computer Related Piracy)

1
3
3
3

10

5
1
5
31
Credit Card Fraud

88

129
12
8
237
Other Crime (Computer

Aided Crime)

TOTAL
38
50
155
523

171

300
268
173

1,726

Source: ATCD-CIDG-PNP

Page 25 of 45

As to forensic examinations conducted it has reached to around one hundred ninety-five

(195) cases.

Figure 4. Computer Forensic Examinations Conducted

CY: 2003 2009

100

90

80

65

2009

70

2008

60

37
49

2007

50

35

99

2006

40

21

30

2005

20

2004

10

2003

2003
2004
2005
2006
2007
2008
2009

Source: ATCD-CIDG-PNP, 2010

Figure 5. Digital Forensic Examination Conducted CY: 2010

No. of Forensic Cases = 54; No. of Digital Evidence Examined = 239

Source: ATCD-CIDG-PNP, 2010

Page 26 of 45

Based on the records of the Department of Justice (DOJ) Task Force on E-Government,
Cybersecurity and Cybercrimes, there were more than thirty (30) cybercrime cases were filed
before the Philippine Courts. These are mostly website defacements, on-line pornography,
cyberstalking, internet libel, computer forgery, text scams and privacy issues (Sosa 2009).

While the National Bureau of Investigation (NBI), another law enforcement agency which
addresses cybersecurity and cybercrimes in the Philippines is receiving an average of three (3) to
five (5) complaints a day in Metro Manila involving different forms of cyber crimes (Congzon
2010).

Figure 6. Government Website Defacements (2003-2010)

Source: ATCD-CIDG-PNP

The common cybercrimes handled by the NBI include the following as shown in Table 4, while
the ATCD-CIDG-PNP had also cataloged cybercrime cases received as shown in Table 5.

Page 27 of 45

Table 4- Classified as Cyber Crime Cases by NBI

Website Defacement

Hacking/Cracking

Malicious email sending

Internet pornography

Launching of harmful computer viruses

Distributed denial of service attacks (DOS)

Acquiring credit card information from e-commerce website

Internet shopping using fraudulently acquired credit cards

On-line auction fraud

Wire transfer of funds from a fraudulently acquired credit card

Source: NBI-Manila, 2010

Table 5 Classified as Cyber Crime Cases by ATCD-CIDG-PNP

Government Website Defacement

Hacking

Malicious E-mail
Extortion through Telephone

Cellular Phone, E-mail and Facebook Threat

Internet Pornography

Internet Fraud
Libel through Internet

On-line Game Hacking

Credit Card Fraud

Phishing
VOIP (Voice Over Internet Protocol)

Intellectual Property (Software Piracy)

Unauthorized posting of Cellular Phone Number in the Internet

Internet Scam
Fake Facebook Account

Letter from Interpol Berne on Child Pornography

Hacked Yahoo E-mail

Letter from Interpol Ottawa on On-line Child Pornography

On-line Sexual Exploitation

Fake and Defamatory Facebook Account

Source: ATCD-CIDG-PNP, 2009

Page 28 of 45

Furthermore, the above-stated cybercrime cases cannot be successfully prosecuted under

the existing laws of the country like the Revised Penal Code (Act 3815), Access Device
Regulation Act of 1998 (RA 8484), E-Commerce Act of 2000 (RA 8792), Anti-Photo and
Video Voyeurism Act of 2009 (RA 9995), Intellectual Property Code of the Philippine (RA
8293), Consumers Act of the Philippines (RA 7394), Special Protection of Children Against
Abuse, Exploitation and Discrimination Act (RA 7610), Anti-Trafficking in Persons of 2003
(RA 9208), Anti-Wire Tapping Law (RA 4200). The provisions of these laws require
corporeal evidence for traditional and terrestrial crimes while in cybercrime cases it
require intangible evidence. A comparative table (Table 6) of Philippine Laws showing the
punishable offenses and its corresponding penalties (see Annex D).

The countrys legal framework is challenged by the emergence of new languages in

technological advancements. And the need to collaborate with international treaties is crucial as
cybercrime is considered a transnational crime that can undermine democracy if not given
attention at an early stage.

A. Cybercrime Case Handled by NBI Credit Card Fraud

One of the many cases handled by the National Bureau of Investigation is the case of a Makatibased company PENGENGREGALO.COM.PH engaged in the business of delivering

merchandise via internet to its customers. To avail of the services, customers are required to
encode credit card details, delivery and email addresses.

In March 2004, an internet client using an email address greedyme@yahoo.com ordered

electronic supplies valued at eighty thousand pesos (Php80,000.00) through a credit card. When
the transaction was completed, the buyer requested that the delivery be made at McDonalds

Restaurant in Boni Avenue, Mandaluyong City. Days after the delivery, the company received a

Page 29 of 45

notice from the credit card company saying that the card owner submitted a dispute resolution
denying that he made an order of such merchandise. A subsequent investigation by the company
revealed that they have been victimized by a buyer using fraudulently acquired credit card
information.

The National Bureau of Investigation (NBI) conducted an investigation through the following
procedure:

i. Extraction of the Internet Protocol (IP) Address upon verification with the Internet
Service Provider (ISP) , it was found out that the static IP

Address belongs to a subscriber who maintains an internet caf in

Mandaluyong City. An ocular inspection was then conducted in the internet caf and resulted to
the dearth of records about internet logs of its users. However, the employee of the caf was able
to describe how the workstation user looks like. A cartographic sketch was made based on the
descriptions given by the witness and presented to the delivery man and confirms the same.

Verification with YAHOO! USA a request was made through the United States Department of
Homeland Security for the release of all possible IP Address pertinent to those used by email
address greedyme@yahoo.com. Various addresses were provided by YAHOO! USA. The three
(3) IP Addresses correspond to the IP Address of the said cyber caf. The YAHOO logs also
pinpoint to the first IP Address used in creating the YAHOO account.

Domain Check/Trace Routing of IP Addresses this led to the identification of the local IP
Address. Upon review of the logs of the ISP, it pointed out to the telephone number used to
access the internet by dial-up

phone company and provides the subscribers telephone number and address

pointing the residential apartment in Baranca Drive, Mandaluyong City.

Search Warrant Application was made and followed by filing a suit.

Page 30 of 45

Service of search warrant resulted to the confiscation of the computer used to

open YAHOO account and the offender was arrested

Forensic Examination the confiscated hard disc revealed that there was an email made by the
offender address to his friend dated March 5, 2004 offering the sale of electronic supplies.

Separate Search Warrant was applied for the recovery of electronic

supplies from the offender for violating the provisions of the Anti-Fencing

Law (Mallari 2009).

Based on the actual case discussed above, it is apparent that the NBI underwent a tedious
procedure in identifying the offender. It needs to tie-up with the law enforcement authorities in
the USA before it can proceed with its investigation. Another observation is the application of a
traditional law which does not necessarily correspond with the offense made.

The Anti-Fencing law of the Philippines was crafted in 1979 and the penalties imposed therein
though tough yet the rationale of the law was to deter robbery and thievery and impose heavy
penalties on persons who profit from the effects of the said crimes. Different search warrants and
different suits were issued and filed against the offender as there is no comprehensive set of rules

that govern cybercrimes. This is one of the problems that confront the Philippine law
enforcement authorities.

B. Evidence of Problems

The following are the issues identified based on interviews of key persons and secondary pieces
of evidence:

Page 31 of 45

There is an endemic proliferation of cybercrime incidents all over the country as shown in
the investigation conducted by the governments law enforcement agencies like the
National Bureau Investigation (NBI) and Philippine National Police (PNP);

Lack of tools and methodology in prosecuting cybercrime complaints;

Lack of government support in enhancing capability building seminars and trainings for
the law enforcement authorities, the prosecution and the judiciary;

Lack of awareness and educational program for the citizenry and stakeholders;

Lack of cooperation from telecommunication companies, internet service providers and

commercial hotspots offering Wifi internet connection;

Lack of coordination from the five (5) pillars of the judicial system;

Cybercrime victims are silent on the incident with certainty that their complaints cannot
be acted upon;

Cybercrime perpetrators are increasing for there is no law punishing their acts; and

Lack of legal framework which defines the nature, scope, punishable offenses and
5

penalties of cybercrime cases;

C. Efforts to Solve the Problem

The Philippine Government in its effort to prevent future cyberthreats and as a lesson

Page 32 of 45

learned from the first computer offense which hacked the computer systems and launched
viruses, enacted Republic Act (RA) Number 8792 or the Electronic Commerce Act of 2000.

But experts on cybercrime cases in the Philippines who underwent training abroad argued that
RA 8792 is limited only to hacking and launching of viruses. The law has limitations as to its
provisions on penalties and sanctions on the deterrence of cybercrime cases.

From the perspective of law enforcement authorities, among the limitations include the
following:

The Internet Service Providers (ISP) under the law are not obliged to maintain important logs
and cooperate with law enforcement in the investigation of computer crimes;

The Telecommunications companies are not obliged to cooperate with law enforcement in the
investigation of computer crimes;

Internet Cafes/Cyber Cafes where most of the computer crimes perpetrators perform the
violations are not obliged to maintain records of clients and customers;

Other offenses committed with the use of computers and/or the internet are not penalized under
said law like internet Gambling, internet pornography, cyber terrorism (Mallari 2010)

The Philippine laws (see Table 6, Annex D) that have been considered pertinent to cybercrimes
were considered insufficient as the provisions are not applicable to cybercrime cases which
require a different specie of evidence. And these traditional laws are no longer attuned to the
demands of time specifically with ICT. Apparently, the country lacks a comprehensive set of
regulations on cybercrimes as there are no hard and fast rules defining its nature and scope.

Page 33 of 45

Aside from these pertinent legislations, Executive Order No. 62, Creating the Philippine Center
on Transnational Crime (PCTC) to Formulate and Implement a Concerted Program of Action of

All Law Enforcement, Intelligence and Control of Transnational Crime was issued on January
15, 1992 by then President Joseph E. Estrada (see Annex E). The PCTC is under the Office of
the President but under the general supervision and control of the National Police Commission
7

(Napolcom) . The main objective of PCTC is to serve as a nerve center, a think tank, and a
central database for the monitoring, detecting, and investigating of transnational crimes. Among
the pressing concerns of the PCTC is the state of vulnerability in the field of telecommunications
and electronic commerce.

In this era of globalization, the country, have been witness to hostile computer related attacks in
the past few years, some rather incongruous, others just as devastating as the Melissa and the
Love Bug viruses. But nothing can prepare the country to face future attacks against the
information infrastructure systems if at this point in time measures are not exerted in order to
address these threats (PCTC 2000).

Other agencies like the Philippine National Police (PNP), the National Bureau of Investigation
(NBI), the Commission on Information and Technology Communication (CICT) and the
Department of Justice (DOJ) are in the forefront in combating cybercrimes in the Philippines.
However, the efforts exerted by these agencies to curb cyberthreats are not adequate. Thus, there
is a need to have a legal framework that prosecutes computer crimes and punishes offenders.

In 2007, the DOJ created a Task Force on E-Government, Cybersecurity and Cybercrime to
pursue the e-government agenda, institutionalize a cyber security regime and implement laws.
The said task force worked closely with the Council of Europe, a private organization, and local

Page 34 of 45

experts of IT practitioners and other stakeholders. To intensify the efforts of the PNP in
preventing cybercrimes, another task force was established in August 2004 under the ATCDCIDG known as the Government Computer Security and Incident Response Team (GCSIRT). It
serves as the center for reporting incidents on computer attacks on government information and
communication systems and provides coordinated support system in response to such incidents.

There was an evidence of transnational attacks on computers and the information infrastructure
in the periods of CY 2003 to CY 2007 (GCSIRT). There were 667 government websites defaced,
or an aggregate of 133 government websites were attacked by defacers/hackers each year, an
average of 11 incidents per month. Furthermore, it was found out that 134 coded defacers (both
local and international) have attacked these government websites in that five-year period. Of the
attacked/hacked government websites, 507 of the 667 government websites were using Linux
operating system (OS), free and openly available software. This operating system (OS) is highly
vulnerable to attacks by defacers/hackers (Sosa 2009).

The Philippine National Police ATCD-CIDG has also intensified capacity building seminars and
trainings of the Philippine law enforcement authorities both at the national and international
levels. Partnership and cooperation initiatives with other government agencies like National
Bureau of Investigation, P.A.C.E.R, Intelligence Service of the Armed Forces of the Philippines
(AFP), Philippine Center on Transtional Crimes (PCTC)-Interpol Secretariat Manila, National
Security Council (NSA), National Intelligence Coordinating Agency (NICA), Anti-Money
Laundering Council, and Commission on Information and Communication Technology (CICT)
are also continuing.

Page 35 of 45

Table 7. Computer Crime Incident Response Course

March 2005-October 2009

DATE & PLACE CONDUCTED

NO. OF

NO. OF

TOTAL

STUDENTS

STUDENT

(PNP-CIDG)

(OTHER PNP

UNIT)

March 14-18, 2005 HCIDG

42

42

September 5 9,2005 HCIDG

30
30

October 17 21, 2005 Cebu

25

20
45

October 24 28, 2005 Davao

15
45
60

Aug 21 25, 2006 Cagayan De

14

36
50

Oro

August 28 Sept 1, 2006 Cebu

12
40
52

Sept 4 8, 2006 Pampanga

16

50
66

July 2 6, 2007 Davao

13
31
44

August 13 17, 2007 HCIDG

37

37

Oct 12 16, 2009 Zamboanga(2)

52
52

TOTAL

204

274
478

Source: ATCD-CIDG-PNP, 2010

Table 8. Trainings and Seminars Conducted

Credit Card Fraud Executive Seminar (Sponsored by Credit Card Association of the
Philippines)
Intermediate Computer Crime Investigators Course

Cyber-Security: Understanding and Preventing Computer Crimes

Introduction to Local Area Network (LAN), Wide Area Network (WAN) & Wireless
Networks

Identity Theft

Hardware requirements, Configuring a modem, Configuring Internet Connection and

Email Services

Anti-Money Laundering Act of 2001, E-Commerce Act of 2000 and Access Devices
Regulation Act of 1998

Internet Protocols and their functions, how to access the Net, how the Internet works
and E-mail

Source: ATCD-CIDG-PNP, 2010

Page 36 of 45

The PNP-CIDG-ATCD initiated a partnership program between international and regional law
enforcement. One is with the INTERPOL 24/7 Contact person on High Tech Crimes, Cybercrime
Technology Information Network System (CTINS) which is open for ten (10) countries to share
information among cybercrime law enforcement units in Asia. Among these countries include
China, Hongkong, India, Indonesia, Korea, Malaysia, Philippines, Singapore, Thailand and
Japan.

Figure 6. Ten (10) Countries in Asia Sharing Cybercrime Information

CTINS - Cybercrime Technology Information Network System

CTINS United Kingdom

CTINS

CTINS China
Korea

CTINS JAPAN

CTINS India

CTINS Hong Kong

CTINS Thailand

CTINS Philippines

CTINS Malaysia

CTINS Singapore

CTINS Indonesia

Source: PNP-CIDG-ATCD, 2010

Private sector and government partnership in the local arena are also part of the undertaking like
the Microsoft-Security Program (GSP) and the Philippines Emergency Response Team
(PHCERT) which is the first computer emergency team in the Philippines. It is a non profit
organization which aims to provide reliable and trusted point of contact for computers, Internet
and other information technology related emergencies (NCC 2011).

Page 37 of 45

IV.

Recommendations

Having discussed the issues and problems on cybercrimes that confront the country, it is just
apropropriate to recommend doable measures that will address the present issues that the country
is experiencing in order to protect the interest of various stakeholders like the end-users and the
civil society. The society needs to be protected by the government to enjoy the freedom of using
the World Wide Web as it facilitates easy access and free flow of information being the main
objective. The principles of accessibility, affordability and universal access without crossing the
boundary of privacy should be espoused.

Putting an end to cybercrime is not an easy task especially the country has not provided punitive
consequences on online crimes. More and more individuals are encouraged to commit such and
at the same time, victims of these illegal activities will choose to remain silent because of the
uncertainties that their complaints could not be acted upon for lack of legal remedy.

The issue in addressing cybercrimes in the Philippines is a serious problem that needs attention
not only by the police force but by legislators themselves. Anecdotal and empirical evidence as
stated in the previous discussions claim that enacting a piece of legislation is crucial to avoid
future downfall of the information infrastructure of government and private sectors which if not
given attention will eventually result to economic, political and social quandary.

The problems on cybercrime prevention posed by various stakeholders demand for a policy
action which is the enactment of a Cybercrime Prevention Act. Policymaking involves a complex
round or cycles and can also be understood in a variety of meanings and perspectives. First,
public policy is political and as such it is open to differing interests and stakes; second,
stakeholders with varied motives try to influence the outcome of the policy; third, a view on

Page 38 of 45

management of policymaking is that stakeholders/social actors (including their resources) both

government and nongovernment contribute to the shaping of policy; and fourth, public policy
formulation requires not only political keenness but also managerial smartness (Co 1998:296).

The paper suggests that in policy formulation, various actors and stakeholders are vital in
infusing rational decisions to solve the issue at hand. Other nations also become an important
part of the environment when foreign and domestic policies are involved. Social change and
conflict stimulate demands for government action (Anderson 2000:49). And the countrys IT
infrastructure play a significant role in the economic, political and social developments, thus
formulating a national policy on how to prevent cybercrimes is an important concern that needs
governmental attention.

Indeed, the enactment of a comprehensive law that will deter cybercrimes in the Philippines in
conformity with the international standards is imperative. Cybercrime is not only a domestic but
a global concern. Cybercrime knows no boundaries. Criminals operate in countries where
regulations and enforcement capacities are weak. Classified as transnational crime, the country
needs to accede with international laws and other treaties but foremost, it must have its own
domestic policy. Accordingly, a legislative measure to be known as Cybercrime Act of

2011 must embody the following provisions:

Strengthen the present infrastructure, facilities and capability established by law enforcement
agencies like the ATCD-CIDG-PNP and NBI with the former as the lead agency. Said agencies
must coordinate with the DOJ. This will address the issue on the endemic proliferation of
cybercrime incidents all over the country as shown in the investigation conducted by the said
government law enforcement agencies. However, budgetary contrainsts pose a problem in
strengthening the present infrastructure and facilities. As previously discussed, the infrastructure
and facilities used by law

Page 39 of 45

enforcement agencies were donations and grants from foreign countries and international
bodies. Considering the scarcity of government resources, such recommendation may not be
prioritized for now but can be considered as part of the long term goal of the government.
Savings from the national budget can be appropriated to realize the goal. As to the capability
of law enforcement agencies, organizational constraints may be a hindrance especially in a
bureaucratic type of an organization thus, limiting the effectiveness and efficiency of
programs.

Conduct capacity building seminars and trainings to the different pillars of the judicial
system which include the law enforcement agencies of the government like, the NBI and
PNP; the prosecutors (DOJ) who conduct preliminary investigations; the judiciary which is
composed of judges and justices who adjudicate cases filed and renders judgment; and the
community which is composed by different stakeholders. By doing this activity, lack of
tools, methodology in prosecuting cybercrime complaints will be addressed as well as the
lack of training and capability enhancement programs. Capacity building seminars and
trainings are activities that can easily be achieved in terms of budget and participation.
Sponsors or organizers can come from government institutions or from private sectors.
Achievement of this goal can easily be attained. Education is a key to progress and order.

Registration of all laptop computers and desktop units with the National Telecommunications
Commission (NTC) upon purchase by the buyer and upon trading by the seller to monitor
users of Wifi and broadband connectivity in educational institutions and commercial hotspots
where most cybercrime cases happen. This will address the problems of cybercrime
activities using WIFI connection in cybercafes and in coffee shops where most of the
incidents are taking place. The proliferation of broadband connection using prepaid internet,
calls for the registration of desktop computers. By registering laptop and desktop computers,
according to the NBI, will help

Page 40 of 45

law enforcement agencies easily track perpetrators. It is high time for the government to
register information gadgets including cellular phones as these are commonly used as
instruments to perpetrate crimes. By registering computer laptops and desktops, such action
can help government monitor and prevent cybercrimes as well as examine economic activities
for tax purposes. The NTC can issue a policy on this regard with no much constraints as this is
only an administrative function.;

Compel all Internet Service Providers (ISP), telecommunication companies and internet cafs
to maintain important logs and data of its users and submit all data required for the
investigation of cybercrimes committed. As previously discussed from the point of view of
NBI, telecommunication companies and internet service providers are vital in the prevention
of cybercrime activities and in the prosecution of cybercrimes committed. The government can
use its police power to compel telecommunication companies and internet service providers as
they are the very core of internet activities. They can keep track every transactions that are
taking place in the cyberspace which cannot be seen by anyone. They are also capable of
storing data that can be used as pieces of evidence in the future. Such recommendation is
practical as there can no be legal nor budgetary constraints on the part of the government.
Business incentives can be extended to these private companies as a reciprocal obligation.

Adopt the provisions on all forms of cybercrime in consonance with those enumerated in the
Budapest Convention on Cybercrime of 2001 (a) Offences against confidentiality, integrity
and availability of computer data and systems which include illegal access, illegal
interception, data interference, system interference, misuse of devices; (b) Computer-related
offences which include computer-related forgery and computer-related fraud; (c) Contentrelated offences such as child pornography; (d) Offences related to infringement of copyright
and related rights; (e) Establish treaties with other countries for mutual cooperation; and (f)
Assent to the Convention on Cyber Crime Council of Europe in

Page 41 of 45

which non member States like Canada, Japan, South Africa have signed the Convention while
the USA had already signed and ratified it. - By adopting the provisions of the Budapest
Convention on Cybercrime, the countrys legal framework will harmonize with international
laws and the country can easily request useful data or information from other signatory countries
as the nature of cybercrime is considered global. The CoC is the only international instrument
that is in existence and binding. This recommendation will help countries to pursue a common
cybercrime policy and foster international cooperation.

Embodying a provision on the participation of the private sector in educating the public on the
drawbacks of using internet and install cooperation with the government and civil society to
strengthen its campaign to combat cybercrimes. The role of the private sector is indispensable
in nation building. By involving them in the campaign against cybercrime will help educate and
inform the public of the possible ill effects of the internet and the prevention of illegal activities
through the world wide web. There are no constraints on this recommendation as the Philippine
Constitution recognizes the active role of the private sector as partner in development. There are
some activities that the government cannot perform well in which the private sectors assistance
is desired.

Such recommendations will not only answer the questions on how to prevent cybercrimes but
also on who will fight cybercrimes. The involvement of various actors in fighting cybercrimes is
interdependent with each other. The PNP and NBI alone cannot deter such crimes. Legislators,
criminal justice professionals, IT community and the community in general must be educated in
understanding the technicalities of this novel issue. The legal process is just one way to fight

cybercrime. The best methods are proactive rather than reactive that is, it is best to prevent the
crime before it happens (Shinder 2000:41).

Page 42 of 45

VI.

Conclusions

Cybercrimes are evolving. Every day different strains of cybercrimes appear which is beyond
users protection and while it is evolving, more and more individuals and corporations are
victimized by illegal internet activities. The problem of why is there a proliferation of
cybercrimes can be traced on the lack of domestic policies of a country in addressing such.

The efforts of the countrys law enforcement agencies like, the NBI and PNP in addressing
cybercrimes are overwhelming amidst absence of budget and capacity building assistance from
the government. Ironically, assistance like provision for equipment , technical knowledge,
training and capacity building seminars are coming from foreign grants and international
agencies. This only show that they are more concerned on how to address the issues on
cybercrimes that the country is facing today because since the 2000 I LOVE YOU virus
incident took place, there was only one legislative measure enacted and is now considered
limited as to its provisions.

To warrant deterrence of cybercrime cases, it is just appropriate that investigation and

prosecution of offenses be supported by a modern piece of a comprehensive legislation against
cybercrimes. The role of technology in a modern society is vital. Developing countries like
Philippines cannot shy away from development toward an e society as people from all walks of
life have great dependency on the World Wide Web. But knowing the drawbacks of internet, it is

pivotal that all strata of the e society will be able to prevent the occurrence of cybercrimes by
being educated and informed. The community, business and government sectors need to work
hand in hand to better achieve the call to combat cybercrimes.

Under the theory of broken windows, a broken window if left unrepaired in a building

Page 43 of 45

sends a signal that there is a lack of concern about the building and if left unattended it will lead
to more broken windows (www.usmayors.org/USCM/us_mayor_newspaper/documents/11_04,

National Summit on Building Clean, Livable Cities, DeLong 1999). In relation to cybercrimes,
if the government will not take a concrete action on solving its prevalence, it will cause a chain
reaction among perpetrators that such wrong doings are acceptable behaviors which will
eventually create fear and deterioration in the community.

The importance to enact a legislative measure against cybercrimes is to prevent the prevalence of
cybercrimes and to build up the confidence of various national and international stakeholders. As
aptly said, the government is good in steering rather than in rowing (Osborne and Gaebler).
The need to enact policies that are attuned to the demands of time is vital as technology plays a
vital role in the economic, social and political spheres of the Philippine Administrative System.
And as the country embraces digitization to efficiently and effectively deliver services to its
citizenry, it is proper that the State, the market and the community must collaborate to protect the
information technology infrastructure of the country. The management of public affairs is not,
and should not be treated as, the exclusive domain of the government. The affairs of government
are the affairs of all. The problems of society are the problems of all

(Carino 2003:66). Thus, the role of the state, the market and the civil society is crucial in
promoting sustainable development. And in order to attain sustainability, we need to embrace the
concept of good governance wherein accountability, participation, predictability and
transparency is espoused.

But one may ask, is cybercrime really a serious problem in the Philippines? According to a news
article which quoted Trend Micro senior threat researcher Nart Villeneuva, the lifeblood of
cybercrime is theft, and the Philippines is an emerging market in online banking and purchasing.
With the boom of Business Process Outsourcing (BPO) and medical tourism, cybercrime will
follow (spot.ph/the-feed/47838/cyber-threat-intensifying-in-ph-says-anti-vi...

Cybercrime Threat Intensifying in PH Says Anti-Virus Firm, Spot, The Feed 2011: 1).

Page 44 of 45

Thus, the call of various stakeholders that a Cybercrime Prevention Act be enacted should be
given due importance by the legislators. Based on the discussions above, the paper incorporates a
draft House Bill bill entitled Cybercrime Prevention Act of 2011 (See Annex G ) as a
recommendation.

Endnotes

Council of Europe(CoE) is a private organization founded on May 5, 1949 by 10 countries. It seeks to

develop a common and democratic principles based on the European Convention on Human Rights and
other reference texts on the protection of individuals throughout Europe. Based in Strasbourg (France),
CoE has 47 member countries.

International Crime Complaint Center (IC3) was established in partnership with the National White
Collar Crime (NW3C) and the Federal Bureau of Investigation (FBI). It began its operation in May 2000
as the Internet Fraud Complain Center. It operates as a medium to receive, develop, and refer criminal
complaints about the pervasiveness of cybercrimes.

The Convention on Cybercrime (CoC) (ETS No. 85) took effect on July 1, 2004 which was open for
signature by member States of the Council of Europe and by non member States which participate in
Budapest Convention in November 23, 2001. The Convention is the first international treaty on crimes
committed via the Internet and other computer networks, dealing particularly with infringements of
copyright, computer related fraud, child pornography and violations of network security. It also contains a
series of powers and procedures such as the search of computer networks and interception. Four years in
the making, the Conventions main objective is to pursue a common criminal policy aimed at the
protection of society against cybercrime, especially by adopting appropriate legislation and fostering
international cooperation. Among the countries that contributed to its success include United States,
Canada, Japan and other countries which are not members of the Organization.

Presidential Decree No. 1612 or the Anti-Fencing Law defines fencing as the act of any person who, with
intent to gain for himself or for another, shall buy, receive, possess, keep, acquire, conceal, sell or dispose
of, or shall buy and sell, or in any other manner deal in any article, item, object or anything of value
which he knows, or should be known to him, to have been derived from the proceeds of the crime of
robbery or theft.

This is based on the interviews conducted with the law enforcement authorities of the National Bureau of
Investigation (NBI) and the Philippine National Police (PNP) who are in the forefront of addressing
cybercrimes in the country.

PCTC is currently holding its office at the Philippine National Police (PNP) Compound in Camp Crame,
Quezon City

Page 45 of 45