1.

3- What is Cybercrime
Cybercrime is a criminal activity or a crime that involves the Internet, a computer
system, or the computer technology.
This includes anything from downloading illegal music files to stealing millions of dollars
from online bank accounts. Cybercrime also includes non-monetary offenses, such as
creating and distributing viruses on other computers or posting confidential business
information on the Internet.
Cybercrime is a crime in which a computer is the object (target) of the crime (like
hacking, phishing, spamming), is used as a tool to commit an offense (child
pornography, hate crimes), or both.
Cybercriminals may use computer technology to access personal information, business
trade secrets, or use the Internet for exploitive or malicious purposes. Criminals can
also use computers for communication and document or data storage. Criminals who
perform these illegal activities are often referred to as hackers.
Cybercrime may also be referred to as computer crime.
 
Here are presentation videos that would help you understand more the nature of
cybercrime.

1.4 - Evolution of Cybercrime

The Industrial Revolution brought unprecedented knowledge and opportunities almost
two centuries ago. This revolution of automating common tasks provided privileges,
opportunities and  advances  which  were unheard in the past. Advances in
transportation increased the range of vacation destinations and enabled families to
remain in contact with relatives in distant places and abroad. In addition, sharp advances
in communication improved police efficiency and radically changed the courting behavior
of lovers. Individuals, families, and institutions were granted unprecedented access to
luxury items like cooling systems, and household maintenance was made easier thru
power tools, yard equipment, and the like. The automation of printing and the
introduction of mass media greatly enhanced information dissemination by increasing
the availability of reliable and credible sources of knowledge. Unfortunately, it also
increased levels of physical lethargy, obesity, complacency, desensitization, child
poverty, and criminal behavior. Today, American society has experienced similar
transformations as a direct result of the Information Revolution (aka Digital Revolution).
The introduction of the Internet has created unparalleled opportunities for commerce,
research, education, entertainment, and public discourse. A global marketplace has
emerged, in which fresh ideas and increased appreciation for multiculturalism have
flourished. The introduction of electronic encyclopedias, international consortia,
worldwide connectivity, and communications greatly enhanced quality of life for many
individuals. Indeed, the Internet can be utilized as a window to the world, allowing
individuals to satisfy their curiosity and develop global consciousness. It allows
individuals to experience those things that they have only dreamed about in the past.
They can find answers to the most complex legal or medical questions or search for their
soul mates. They can download coupons for their favorite restaurants or search for
recipes to their favorite dishes.  In addition, individuals, corporations, public
organizations, and institutions can more effectively advertise their products or services,
using graphically highlighted information and providing links to supplemental information
or support. In fact, computerized access to unprecedented information has cut across
traditional boundaries of communication.
Like other institutions, law enforcement have also benefited. The Internet has
successfully created a platform for information exchange by the citizens. In addition, the
speed and efficiency has enabled agencies to communicate with other agencies on a
global scale, solidifying relationships and increasing cooperation. Indeed, law
enforcement has been able to further its mission by simply extending the range of
audiences to whom it can communicate. Textual descriptions and graphic images of
wanted suspects or missing persons can be viewed by anyone with an Internet
connection, and concerned citizens can report suspicious activity in an efficient and
effective manner. However, the Internet and the increasing reliance on digital
technology and communications have also had negative repercussions – creating
seemingly insurmountable obstacles for law enforcement. Indeed, the same technology
that allows access to favorite recipes from Madagascar can be utilized to download
blueprints for weapons of mass destruction. Those same individuals surfing the Web for
vacation specials can stalk and harass targeted victims while enjoying the fruits of such
searches.   Indeed, the very advantages that make the Internet, wireless technologies,
and smart phones so attractive are often the same that pose the greatest risk.
Disadvantages to the Internet include increasing dependence on cyber information.
Many undergraduate (and even graduate) students rely exclusively on “knowledge”
gathered from what is posted in the web. Unfortunately, the quality of many information
found in cyberspace is often questionable.
Another disadvantage is dependence on artificial intelligence. Today, many softwares
and applications, including complex databases, are designed to collect and process data.
They have the so-called analytics power and more and more individuals and
organizations are relying on their output. This may result to displacement of humanity. 
More importantly, new technologies have a history of breeding new forms of socially
undesirable behavior, while enhancing traditional ones.
Just as the automation of the printing press and the introduction of mass media
exponentially increased the distribution of and demand for criminal contraband, like
pornography and illegal substances, the Internet has established a virtual cornucopia of
child exploitation and obscenity and has created an underworld marketplace for drugs
and weapons. In fact, the level and prevalence of criminal behavior and exchange of
visual or informational contraband is extremely high. The increasing availability of
wireless technologies, social networking, and smart phones has complicated the
investigative landscape even further, and authorities across the globe are struggling to
create and enforce laws and regulations inclusive of emergent technology.

2a - The First Cybercrime

With the advent of the Internet, there is an infinite expansion in the field of electronics
and communications. The Internet is a worldwide electronic computer network that
connects people and information. But every technology has its own advantages and
disadvantages. Internet has several advantages but it is considered as a heaven for cyber
criminals. The anonymity over the internet and the jurisdictional issues has given rise to
cybercrimes where crime is committed with the aid of computer.
Take note that a crime refers to an act that violates the existing  law. Cyber refers to a
computer or a computer network, the electronic medium in which online communication
takes place.
Cybercrime refers to criminal activity where a computer or network is the source, tool,
and target of a crime. These categories are not exclusive and many activities can be
characterized as falling in one or more category. Cybercrime is broadly used term to
describe criminal activity committed on computers or the Internet. Cybercrime is a
criminal activity involving an information technology infrastructure, including illegal
access, illegal interception, data interference, system interference, misuse of devices and
electronic fraud. The concept of cybercrime is not radically different from the concept of
conventional crime. Both include conduct whether act or omission, which results to
violation of law and counter balanced by the sanction of the state.
Cybercrime involves an offense in which a computer may be the object of the crime
(hacking, phishing, spamming) or a computer may be used as a tool to commit an offense
(child pornography, hate crimes). Cybercrime may also be referred to as computer crime.
Cybercriminals may use computer technology to access personal information, business
trade secrets, or use the Internet for exploitive or malicious purposes. (Techopedia.com
2016)
Cybercrime is crime that involves a computer and a network. The computer may have
been used in the commission of a crime, or it may be the target. Dr. Debarati Halder and
Dr. K. Jaishankar (2011) define cybercrimes as: "Offenses that are committed against
individuals or groups of individuals with a criminal motive to intentionally harm the
reputation of the victim or cause physical or mental harm, or loss, to the victim directly
or indirectly, using modern telecommunication networks such as Internet (Chat rooms,
emails, notice boards and groups) and mobile phones (SMS/MMS)". Such crimes may
threaten a nation’s security and financial health. Issues surrounding these types of crimes
have become high-profile, particularly those surrounding hacking, copyright
infringement, child pornography, and child grooming. There are also problems of privacy
when confidential information is intercepted or disclosed, lawfully or otherwise. Dr.
Debarati Halder and Dr. K. Jaishankar further define cybercrime from the perspective of
gender and defined 'cybercrime against women' as "“Crimes targeted against women
with a motive to intentionally harm the victim psychologically and physically, using
modern telecommunication networks such as internet and mobile phones”. 
Internationally, both governmental and non-state actors engage in cybercrimes, including
espionage, financial theft, and other cross-border crimes. Activity crossing international
borders and involving the interests of at least one nation state is sometimes referred to
as cyberwarfare. The international legal system is attempting to hold actors accountable
for their actions through the International Criminal Court. (Law.duke.edu 2011)
A report (sponsored by McAfee) estimates that the annual damage to the global
economy is at $445 billion. However, a Microsoft report shows that such survey-based
estimates are "hopelessly flawed" and exaggerate the true losses by orders of magnitude.
Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the
US.
 

THE FIRST FORM OF CYBERCRIME

( from http://www.gethackingsecurity.com/evolution-of-cybercrime/   (Links to an external
site.) )
The first recorded cybercrime took place in the year 1820!  That is not surprising
considering the fact that the abacus, which is thought to be the earliest form of a
computer, has been around since 3500 BC. in India, Japan and China. The era of modern
computers, however, began with the analytical engine of Charles Babbage.
In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom.
This device allowed the repetition of a series of steps in the weaving of special fabrics.
This resulted in a fear amongst Jacquard’s employees that their traditional employment
and livelihood were being threatened. They committed acts of sabotage to discourage
Jacquard from further use of the new technology. This is the first recorded cybercrime!
Today, computers have come a long way with neural networks and nano-computing
promising to turn every atom in a glass of water into a computer capable of performing a
billion operations per second.
In a day and age when everything from microwave ovens and refrigerators to nuclear
power plants are being run on computers, cybercrime has assumed rather sinister
implications.
Cybercrime can involve criminal activities that are traditional in nature, such as theft,
fraud, forgery, defamation and mischief. The abuse of computers has also given birth to
a gamut of new age crimes such as hacking, web defacement, cyber stalking, web jacking
etc.
A simple yet sturdy definition of cybercrime would be “unlawful acts wherein the
computer is either a tool or a target or both”.
The term computer used in this definition does not only mean the conventional desktop
or laptop computer. It includes Personal Digital Assistants (PDA), cellphones,
sophisticated watches, cars and a host of gadgets.
Recent global cybercrime incidents like the targeted denial of service attacks on Estonia
have heightened fears. Intelligence agencies are preparing against coordinated cyber-
attacks that could disrupt rail and air traffic controls, electricity distribution networks,
stock markets, banking and insurance systems etc.
Unfortunately, it is not possible to calculate the true social and financial impact of
cybercrime. This is because most crimes go unreported.

2b - Cybercrime Classification
Cybercrimes are normally related to computers. But it is better to classify them on the
basis person so affected by these crimes. It may affect an individual, or an organization,
or property or society as a whole. Some time it may happen crime classified under one
category may fall under another category at the same time. It is also one of the
difficulties in classifying the cybercrimes. For example, hacking may affect both
individual and organization at the same time.
Cybercrimes are broadly categorized into three categories, namely crime against:

1. Individual
2. Property
3. Government

 
Each category can use a variety of methods and the methods used vary from one
criminal to another.
Cybercrime against INDIVIDUAL PERSONS:
This type of cybercrime can be in the form of cyber stalking, distributing pornography,
trafficking and “grooming”. Today, law enforcement agencies are taking this category of
cybercrime very seriously and are joining forces internationally to reach and arrest the
perpetrators.
Cybercrime against PROPERTY:
Just like in the real world where a criminal can steal and rob, even in the cyber world
criminals resort to stealing and robbing. In this case, they can steal a person’s bank
details and siphon off money; misuse the credit card to make numerous purchases
online; run a scam to get naïve people to part with their hard earned money; use
malicious software to gain access to an organization’s website or disrupt the systems of
the organization. The malicious software can also damage software and hardware, just
like vandals damage property in the offline world.
Cybercrime against the GOVERNMENT:
Although not as common as the other two categories, crimes against a government are
referred to as cyber terrorism. If successful, this category can wreak havoc and cause
panic amongst the civilian population. In this category, criminals hack government
websites, military websites or circulate propaganda. The perpetrators can be terrorist
outfits or unfriendly governments of other nations.
 
Some websites categorize cyber-related crime in this manner:

1.
1. Fraud and financial crimes
2. Cyber-terrorism
3. Cyber-extortion
4. Cyberwarfare
5. Computer as a target
6. Computer as a tool
7. Obscene or offensive content (e;g;: cyber-bullying aka cyber-
harassment
8. Cyber drug-trafficking

Here selected video presentations that can give ideas about the nature of many forms of
cybercrimes.

LEGAL CLASSIFICATION OF CYBERCRIMES

In the Philippine setting, as provided by RA 10175, the following are the legal categories
of cybercrimes.
A. Offenses against the confidentiality, integrity and availability of computer data and
systems
 1. Illegal access
2. Illegal interception
3. Data interference
4. System interference
5. Misuse of devices
6. Cyber-squatting

B. Computer-related offenses

1. Computer-related forgery
2. Computer-related fraud
3. Computer-related identity theft

C. Content-related cyber offenses

1. Cybersex
2. Child pornography
3. Unsolicited commercial communications
4. Libel

D. Other cyber offenses

1. Aiding or abetting in the commission of cybercrime

2. Attempt in the commission of cybercrime

3a - Anti-cybercrime legislation in
the Philippines
The Convention on Cybercrime
The Convention on Cybercrime, also known as the Budapest Convention, is an
international treaty ratified by 42 states members and non-member of the COE. It seeks
to address computer and internet crimes by harmonizing National  laws, improving
investigative techniques, and increasing  cooperation among nations. Specifically, the
Convention aims to protect society against cybercrime "by providing for the
criminalization of such conduct and the adoption of powers sufficient for effectively
combating such criminal offenses, by facilitating their detection, investigation and
prosecution at both domestic and international  levels and by providing arrangements
for fast and reliable international cooperation."
The Convention is divided into three principal parts. The first part identifies the
substantive cybercrime offenses which each ratifying State is obliged to adopt in its
domestic law. The second part deals with investigative procedures that States must
implement. Lastly, the third part relates to mechanisms that will enhance international
cooperation.
To monitor the compliance of parties and update observers to the said Convention,  the
COE conducts a regular conference known as the Octopus Conference which is
preceded by the plenary meeting of the Cybercrime Convention Committee (T-CY).
On 31 August 2007, the DOJ through the office of former Undersecretary Ernesto
Pineda expressed the request of the Government of the Philippines to be invited for
accession to the Budapest Convention. In a letter  dated 15 June 2011, the COE
Secretary  General Thorbjorn Jagland formally invited the Philippines to accede to the
Budapest Convention.
 

Introduction to the Cybercrime Prevention Act of 2012

The Cybercrime Prevention Act (CPA) of 2012 is the first piece of legislation
comprehensively dealing with cybercrimes. Divided into 31 sections split across eight
chapters, the Act criminalizes several types of offenses such as illegal access, data
interference, device misuse, cybersquatting, computer fraud, cybersex, among  others. It
also reaffirms existing laws against child pornography punishable under RA 9775 (Anti-
Child  Pornography Act of 2009) and libel punishable under Article 355 of the Revised
Penal Code.
While it was RA 8792 which  first  penalized "cybercrimes,"   RA 8484 (Access Device
Regulation Act of 1998) and RA 4200 (Anti-wiretapping Law) had earlier recognized acts
done   using information and communication technology (JCT). More recently, but prior
to the effectivity of the CPA, RA 10173 or the Data Privacy Act of 2012 was enacted to
protect the fundamental human  right  of  privacy and of communication while ensuring
free flow of information to promote innovation and growth.
This paper thus traces the history and  development  of the CPA -  one of the  country's
most critical  and highly  debated  legislative  measures. Through the years, netizens
have been victims of numerous cybercrimes committed by criminals with impunity. The
CPA's eventual passage into law and the recent SO-page decision of the Supreme Court
confirming  its constitutionality, save for some provisions, finally opens  a new period for
law enforcement in cyberspace.
 
The Roots of the CPA
The actual work on the Cybercrime Bill started in 2001 under the Legal and Regulatory
Committee of  the former Information Technology and  e Commerce Council's (ITECC)
which later became the Commission on Information and Communication  Technology
(CICT). It was headed by former Secretary  Virgilio "Ver" Pena and the  Committee was
chaired  by Atty.  Claro Parlade. It was an  initiative of the Information Security and
Privacy Sub-committee chaired by Albert P.  dela Cruz who was the president of
PHCERT together with  then  NBI Anti-Computer  Crime and Fraud Division  Chief, Atty.
Elfren Meneses, Jr. The documentation  was handled by the Presidential Management
Staff (PMS) acting as the CICT secretariat.
Numerous public sector consultations   were  held.  In January  2004, the first  local
Cybercrime Conference was organized by Atty. Gigo A. Alampay with representatives
from the Department  of Justice of both the US and Canada.
These  activities   were   held  cognizant   of  the   limited   scope  of  the cybercrime
provisions in the E-commerce Act.
Meanwhile,  during  the  interim  years of 2006 and 2007, the  prototype Cybercrime
Prevention  Act  was substantially   crafted  and  was  later  finalized after the first
International  Cybercrime Conference on 25-26 October 2007, conducted  by the  DOJ
in partnership   with  the COE. During the first quarter  of 2008,  legislative  strategy  on
information   and communication  was created  by the government  focused mainly   in
adopting  a three-tiered  approach in  crafting related  laws to  underline  the  primacy  of
three  virtual  subjects,  namely:  data privacy, cybercrime,  and cybersecurity.
 

Thirteenth Congress  (2004-2007)

Initiatives to come up with a  law penalizing computer and computer•related crimes
originated after the internet was first used in the country. From 2004-2007, several bills
were submitted in the Senate. The first two bills were passed by then Senator Luisa "Loi"
Ejercito Estrada:  "Computer Crimes Act"11 and the "Anti-Computer Pornography
Act."12  On the other hand, Senator Sergio Osmena III  proposed the enactment of the
"Computer Abuse Act" through Senate Bill No. 464 which was patterned after the
United States Computer Fraud and Abuse Act (18 U.S. Code 1030), as amended in 1994
and 1996, as well as Title 18, Section3933 of the Pennsylvania Consolidated Statutes
(Crimes Code).  This bill outlaws, among others:

1. illegal access to computers, computer systems, computer networks, computer servers

and databases;
2. obtaining information on the financial records of a customer of a financial institution
without the proper authorization;
3. obtaining, publishing, and  giving  out  the  password to  another person's account;
and
 4. unleashing computer viruses.

On the other hand, Senator Miriam  Defensor-Santiago proposed the enactment of a

Computer Crimes Act consisting  of 10 sections. It  seeks to prohibit activities such as
but not limited to the following, namely:

1. use and operation of a computer or computer network primarily to facilitate criminal

activity or primarily to commit activities prohibited by the Penal Code and special
laws;
2. use of a computer network to transmit a communication intended to conceal or hide
the origin of money or other assets, tangible or intangible,  that were derived from
the commission of a crime;
3. use of a computer  or computer  network to conceal, obliterate,  or hide  the  identity
of  persons guilty  of  committing   a crime  or  an offense;  and
4. use of  a  computer   or  computer   network   to  conceal  or  hide commission of a
crime or an offense and the evidence

She also proposed the  enactment  of the "E-mail  User Protection  Act" which  seeks to
protect  consumers  and service providers  from  the  misuse of computer  facilities  by
others  sending  unsolicited  commercial  electronic  mail over such facilities.
Finally,  on  17  September   2004,  Senator  Ramon  B.  Magsaysay,  Jr. proposed the
enactment  of the "Anti-Computer  Fraud and Abuse Act of 2004." It defines  computer
fraud  and the  offenses  covered  by the  term  "computer• related fraudulent  activities"
and covers such acts as computer fraud, computer forgery,  damage to computer  data or
computer  programs, computer  sabotage, unauthorized  access and unauthorized
interception.  It imposes both a fine and a penalty of imprisonment  for violators. It also
accords authority  to the National Security Council to conduct investigations on
computer  related crimes vis-a-vis its effects on national security.
These bills did not make any significant  progress.
 

Fourteenth  Congress      (2007-2010)

Initiatives  to come up with a  law penalizing computer  crimes continued in 2007 during
the  14th  Congress.   In the Senate, Senate Bill No. 653 entitled "The Computer  Crimes
Act" was submitted  on 3 July 2007 by Senator Jinggoy Ejercito Estrada with the aim of
penalizing the use of computers and computer networks  in the commission of a crime.
With only nine sections, the bill defines what  a  computer  is and makes it unlawful  for
any person to use and operate a computer or computer  network to perform  any of the
following  acts, namely:  (a) to facilitate  criminal  activity or commit  any  of the  crimes
enumerated  in the  Revised Penal Code, (b)  to transmit  communication   intended  to
conceal or hide the  origin  of  money  or other  assets, tangible  or intangible,  which
were derived from  the commission of a crime,  (c) to conceal, obliterate,  or hide the
identity  of persons guilty  of committing  a  crime or an offense, or (d) to conceal or hide
the commission of a crime or an offense and the evidence thereof. The commission of
any of the above mentioned  acts subjects the offender  to 10 to 15 years of
imprisonment and a fine between  P20,000 and P50,000.
Within  the  same month,  Senator Loren Legarda introduced  Senate Bill No. 1377, "The
Anti-Computer  Fraud and Abuses Act of 2007." The proposed law  seeks to  penalize
several  defined  crimes  or offenses  such as computer fraud, computer forgery, damage
to computer data or computer programs, computer  sabotage,  unauthorized  access, and
unauthorized  interception.  The bill likewise  prescribes a  higher  penalty  -
imprisonment  of not  more than  20 years and a fine not more than P100,000.
Senator  Miriam Defensor-Santiago,  on the other  hand, introduced  four separate bills
on computer  and internet  usage, namely:

1. Senate Bill No. 1626, "Anti-Phishing  Act of 2007";

2. Senate Bill No. 1844, "Email User Protection Act of 2007";
3. Senate Bill No. 2053, "Anti-Spyware  Act of 2008";  and
4. Senate Bill No. 2176, "Consumer protection  Against Grayware Act of 2008."

 
Senator  Santiago's  version  of  the  anti-phishing   law  was  met  with  a slightly
different  version  in the form  of Senator Manny Villar's Senate Bill No. 2405, which 
penalizes the act of phishing in the internet  or instant messaging. Phishing or the act of
securing or getting  of sensitive personal information  for the  purpose  of  using  it  in
fraud,  or for  participating   in   fraudulent   business practices,  or  for  the  purpose  of
identity  theft   and  misrepresentation,   was proposed to  be penalized by imprisonment
for  at least 2 years but  not  more than 10 years or payment of a fine of not less than
P50,000 but not more than P500,000 or both at the discretion of the court.
By the  middle  of  2008, Senator Mar Roxas introduced  Senate Bill   No.2412,  the
"Computer  Abuse Act of  2008."  The  bill was  patterned  after  the United States
Computer Fraud and Abuse Act  as well as Title 18, Section 3933 of the Pennsylvania
Consolidated Statues (Crimes Code). It outlaws:

1.
1. illegal access to   computers,  computer  systems,  computer networks,
computer servers, and database;
2. 2) obtaining  information  relative  to  the  financial  records of  a customer
of   a     financial   institution   without   the    proper authorization;
3. obtaining, publishing, and giving out the password to  another person's
account; and
4. unleashing computer viruses.

Not long after, Senator Roxas introduced Senate Bill No. 2480 or the "Anti-
Cybersquatting Act of 2008". It declaresas unlawful the acquisition of a domain name
over the internet if there is bad faith, intent to profit,  mislead, destroy reputation, and
deprive others from registering,and such domain name is:  (a)  similar,  identical, or
confusingly similar to  an  existing trademark registered with the appropriate
government agency at the time of the domain name registration; (b) identical or in any
way similar with the name of a person other than the registrant, in case of a personal
name; or (c) acquired with no right or intellectual property interests in it.
The successive introduction of bills aimed at criminalizing detrimental acts with the use
of a computer or through the use of the internet resulted  in the first  draft  of a  Senate
bill dubbed as a  Cybercrime  Prevention Act.
Introduced  by Senator Juan Ponce Enrile on 21 April 2009, Senate Bill No. 3177
entitled  the  "Cybercrime  Prevention Act of 2009"  was divided  into seven chapters.14 
Chapter 1 defines significant terms such as computer system, computer  data,  computer 
program,  database,  service  provider,  traffic  data, among others.  Chapter 2
enumerates  acts punishable under the proposed law which  were  categorized  into  (a)
offenses against the  confidentiality,   integrity and availability  of computer  data and
systems,  such as illegal access, illegal interception,  data interference,  and system
interference;  (b) computer-related offenses  such  as computer-related   forgery  and
computer-related   fraud;  (c) content-related   offenses such as cybersex,  child
pornography,  and unsolicited commercial  communications.  Chapter 3  prescribes the
penalties imposable for each  violation.  The  same chapter  introduces  corporate
liability,  that  is, the imposition  of a fine amounting  to a maximum of Phpl0,000,000.00 
if the crime is committed  on behalf of or for the  benefit of a juridical  person, by a
natural person who has a leading position within  said juridical  person.
Chapter 4, on the other  hand, gives law-enforcement  authorities  power to collect and
preserve computer  data. Chapter 5 defines the jurisdiction  of the Regional Trial Courts
and empowers  them to hear and decide cases involving violations of the proposed law if
committed within the territory  of the Philippines or by a  Filipino national regardless of
the place of commission. Chapters 6 and 7 contain  provisions on international
cooperation  and final  provisions such as appropriations,  implementing   rules and
regulations, among others.
Less than a  month  later, Senator Antonio Trillanes IV came up with  his own version  of
the  CPA and introduced  Senate Bill No.  3213 on 6 May 2009. The  proposed  bill
contained  almost  similar  provisions  as the  earlier  version except that Senate Bill No.
3213 sought the creation of a Computer Emergency Response  Council  under  the
control  and  supervision  of  the  Office  of  the President. It is primarily  tasked to
formulate  and implement  a  national  plan of action to address and combat cybercrime.
It  is envisioned to be composed of the   Chairman   of   the   Commission   on 
Information    and   Communications Technology  (CICT) as Chairman;  the  Director  of
NBI as Vice-Chairman,  and other officials of the government  as members including the
Directorate-  General of PNP,  the Chief of the National Prosecution Service, the Head
of the National Computer  Center (NCC), the  head of the  Philippine Center for
Transnational Crime (PCTC), three  representatives  from the private sector, among
others.
These two  versions of the  CPA were  later merged forming  Senate Bill No. 3553 which
was prepared jointly  by the Committees on Science and Technology,  Constitutional
Amendments,  Revision of Codes and Laws, Justice and Human Rights, and Finance.
Senate Bill No. 3553 maintained  most of the provisions   contained   in  Senator  Enrile's
version  of  the  CPA such  as  the categorization   of  the  punishable  acts  and  the  law
enforcement   authorities' power to collect and preserve computer data.  It incorporated
Senator Trillanes' proposal to create a body tasked to formulate and implement the
national cyber security  plan, however, this  time,   it  was referred to  as the  Cybercrime
Investigation  and Coordinating Center composed of  a  smaller number of people,
namely: (a) the Chairman of the Commission on Information  and Communications
Technology as the Chairman with (b) the Director of the NBI as Vice- Chairman, (c) the
Chief of the PNP,  (d) the Chief of the National Prosecution Service and (e) the Head of
the National Computer Center as members. More importantly, Senate Bill  No. 3553
proposed the creation of the Office of Cybercrime (OOC) in the Department of Justice,
which would be responsible for  extending  immediate assistance in  the  investigation
and prosecution of criminal offenses related to computer systems and data, and ensure
that the provisions of the proposed law are duly complied with.
In the meantime, House Bill No. 6794, which is the counterpart bill of Senate Bill No.
3553 in the House of Representatives, was approved on third reading on 18 January
2010. This was transmitted to and received by the Senate on 20 January 2010.
The CPA of 2009 was not enacted into law at this stage.
 
If you are still interested to know what transpired next after the 13th Congress and

thereafter, you can continue by browsing this file: RA 10175 legislation history 
Download RA 10175 legislation history

3b - Government policy against

cybercrime
Through the Cybercrime Prevention Act of 2012, the Philippine government emphasized
3 policies in fighting cybercrimes.

1. The State recognizes the vital role of information and communications industries,
such as content production, telecommunications, broadcasting, electronic commerce
and data processing, in the State’s overall social and economic development.
 2. The State recognizes the importance of providing an environment conducive to the
development, acceleration, and rational application and exploitation of information
and communications technology to attain free, easy, and intelligible access to
exchange and/or delivery of information; and the need to protect and safeguard the
integrity of computer, computer and communications systems, networks and
databases, and the confidentiality, integrity, and availability of information and data
stored therein from all forms of misuse, abuse and illegal access by making punishable
under the law such conduct or conducts.
3. The State adopts sufficient powers to effectively prevent and combat such offenses
by facilitating their detection, investigation and prosecution at both the domestic and
international levels, and by providing arrangements for fast and reliable international
cooperation.

Why are these government policies necessary? If these policies were formalized in 2012
when RA 10175 was enacted, take a look at the cybercrime threat landscape in the
Philippines in 2013.  By reading the PNP-ACG report published on August 8, 2013, you
will understand the need for these policies.
 

CYBERCRIME THREAT LANDSCAPE IN THE PHILIPPINES

I. Executive Summary
The Philippines continues to face the challenge of effectively addressing the problem of
illegal cyber activity and cybercrime victimization, a challenge it shares among
developing countries in South East Asia and in other parts of the world.
The utilization of technology as it expands and develops in various industries and sectors
in the country is expected to increase, due to the lack of necessary safeguards to
prevent, and in some cases because of the lack of understanding on the risks involved
regarding its misuse.
The geography of the Philippines and its present socio-economic conditions as it
continuously works to strengthen political stability and national security is a perfect
condition in which different kinds of illicit cyber activities flourish. The anonymity in the
Internet, the legal and jurisdictional issues involved in technology-facilitated crimes, and
the vast victim and recruitment source and lure of easy money, motivates a culture of
cyber criminality which may later lead to more serious organized criminal underground.
The threat of transnational organized criminal groups operating in the country poses a
serious concern as it affects the economic and political stability of the country.
This situation, however, is slowly changing as government and international attention is
increasing and the rate of cybercrime or cyber-attacks on industry and on innocent
citizens also begins to rise. Victims or concerned citizens are now surfacing to report
cybercrime incidents to the police.
The private industry particularly the major Internet Service Providers (ISPs), has begun to
collaborate on issues of cyber security and cybercrime prevention, but much work
remains to be done especially in the manner of preservation and providing evidence
stored in them.
The cyber-criminal underground in the country continually evolve into a sophisticated
transnational criminal activity and in some cases has links with terrorist characters. The
cyber offenders have become audacious due to challenges being faced by government in
their detection, apprehension and prosecution than their counterparts elsewhere.

II. The Philippines Cyber Landscape

The Philippines, just like its ASEAN neighbors, is continuously utilizing technology in
almost every sector in its society and economy.  The country has an estimated
population of 103,775,002 as of 2012.  An estimated 31.33% or 33,600,000 of its 2011
population use the Internet.  As of 2011, an estimated 84.91% or 88,119,840 Filipinos
are mobile phone subscribers while 25.77% or 26,752,000 have active social networking
profiles. Of the Internet users in the country, 75% use personal computers while 25%
use their mobile phones to access the Internet, whether for personal or business
purposes.
The average age for Internet users in the country is estimated to be 23 years old and
below, and most of them spend around 21.5 hours per week browsing the Internet and
51% of Internet users have active YouTube profiles.  As of 2012, the Philippines ranked
6th in the total number of Internet users in Asia and 3 rd in the world in the number of
Facebook users where 48% are male and 52% are female.
 

III. Cybercrime Status
The use of technology in the commission of traditional crimes and the new found ways
of committing crime in the country pose an investigative challenge to the Philippine
National Police.  There is a rising incidence of financially motivated cybercrime and
politically motivated cyber-attacks on government by cyber actors in the Philippines.
From CY 2003 up to CY 2012, a total of 2,778 cybercrime related offenses was recorded
by the PNP. While the country awaits the implementation of a comprehensive
cybercrime law, cyber criminals continue to use technology both in conducting criminal
activity and preventing its detection. This trend in criminal activity necessitates the need
for a dedicated unit within the PNP to go after these offenders and improve its cyber
security posture.
Compared to its ASEAN neighbors, the Philippines has yet to enact and implement its
own comprehensive anti-cybercrime law.
From CY 2010 to CY 2012, the PNP has recorded a total of 1,184 incidents with the
highest being the attacks targeting government websites where a total of 940 website
defacements have been recorded.
Another recent attack perpetrated by cyber criminals is the exfiltration of usernames and
passwords from the DNS Gov.Ph registration site with an estimated 2,338 records and
allegedly claimed by AnonTaiwan group. These attacks increased when the Philippines
had its political, security and jurisdictional issues on the Luneta Bus Hostage taking
incident, Scarborough Shoal stand off, Sabah incident involving the Sultanate of Sulu,
and the Taiwanese Fisherman killed in Balintang Channel.  The country was also
victimized by botnet infection where the Philippines is ranked 6 th in the world for BotNet
location.
Police intervention against cybercrime in the country resulted in the arrest of 505
foreign nationals. As with traditional crimes, the cyber-criminal actors and organizations
still resemble the same criminal characters and setup, the difference lies in the way
organized criminal groups are structured from a hierarchical form to a flat organization
operating independently similar to the cell Terrorist concept.
The most likely cybercrimes committed in the country either through the use of
technology or the target of the crime is the technology itself, falls generally on the areas
of national security matter, financially motivated offenses, crime directed against a
person or the property and those that involve crimes that violate public morals.
For national security concerns, the likely cybercrime threats deal on espionage activity,
disruption, sabotage, politically motivated attacks and those which involve terrorism
activities. Nowadays, Terrorists are using the Internet in their recruitment, propaganda,
planning, teach-ins, financing, and even operational implementation. Swindling, estafa,
scam or other form of computer fraud, counterfeiting and forgery are some of the
financially motivated cybercrime threats. Cybercrime against a person usually involves
theft or unlawful use of personal information, threat, extortion, harassment and
disclosure of privacy related matters. Property related cybercrime on the other hand,
such as theft, the sale of stolen or lost item, illegal use of and damage to property, maybe
committed. Finally, cybercrime which involve public morals are those which likely involve
obscene and indecent publication, child pornography, human trafficking and those who
make use of technology like the Internet to show acts of cruelty or violence.
 

IV.  Police Response
In order to address the increasing incidence of cybercrime, the PNP Anti Cybercrime
Group was activated on March 20, 2013.  The establishment of a PNP Anti-Cybercrime
Group is a strong signal to criminals that the PNP is very serious in addressing
cybercrime in the country.
The PNP-ACG has conceptualized and believed that to fight cybercrime and to
strengthen cyber security, there must be a synergy among the following components:
Competence and Capability building of the Organization and Personnel; Public and
Private Partnership; strong International Cooperation; Advocacy and Public Awareness
and; the implementation of strong Laws, Policies and Regulations.
To date, the PNP currently has six (6) fully functional Digital Forensic Laboratories
nationwide located in Camp Crame, Legazpi City, Cebu City, Davao City, General Santos
City and Zamboanga City. These PNP offices are capable of conducting computer,
mobile, and audio and video forensic examinations and can respond to investigate
incidence of cybercrime activities within their geographical areas of responsibility. The
PNP envisions to have cyber-forensic laboratories in all its regional offices in the future.
Since 2003, the PNP has continuously received various digital forensic equipment grants
because cybercrime is a technology-based crime and the PNP needs to have the
technological capability to address such crimes.  A cyber training facility was also
commissioned through the assistance of the US Anti-Terrorism Assistance Program.
Along this line is the continuous technical training of police officers to increase
competence in cybercrime investigation where a total of 90 local and international
trainings were received while 31 local trainings were provided to the regional offices.
Another aspect in the fight against cybercrime is the concern on online child
victimization. In response to this international priority, the PNP is strengthening its
children protection program by establishing a special taskforce “Angel Net” purposely to
address Internet or technology-related child abuse and exploitation.
International cooperation and partnership in strengthening cyber security and the fight
against cybercrime is another activity in which the PNP actively participates. Increasing
the PNP’s competence and capability, continuous Public awareness, Active Private-
Public partnership, Enforcement of effective laws, and International cooperation are the
PNP’s approach in strengthening cyber security and combating cybercrime.

V.  Notable Anti-Cybercrime Operations

     A.   Terrorist Financing “Telecom Fraud Scam”
         On November 24, 2011, PNP conducted search and seizure operation against
suspected group of telecom hackers victimizing a US telecom company with the
cooperation of FBI and US Embassy in Manila. More than $2M in lost revenues. The
criminal group is allegedly connected to a foreign terrorist financing group reponsible for
financing the terrorist attack in Mumbai, India in 2008.
    B.   Transnational Telecom Fraud Scam “Chinese & Taiwanese Fraud Ring”
       On May 26, 2012 the PNP together with police from China and CIB, Taiwan,
arrested 37 suspected members of an international telecom fraud ring in separate raids
in Manila. Searched and seized were assorted ICT equipment that the syndicate used in
their illegal operations. The suspects were charged for violation of R.A. 8484 “ Access
Device Regulation Act of 1998”.
   C.   Transnational Telecom Fraud Scam “Chinese & Taiwanese Fraud Ring”
       On August 23, 2012, PNP-CIDG, PAOCC, NISF, BID, DOJ, China and Taiwan
Embassies conducted simultaneous search and seizure warrant operation in Manila and
Rizal resulting to the confiscation various computer and telecom devices and 380
arrested, mostly Chinese and Taiwanese nationals. Suspects were charged for violation
of R.A. 8484 “Access Device Regulation Act of 1998”.
   D.   ATM / Credit Card Fraud Syndicate
       On April 20, 2013, three Malaysian nationals were arrested by police in Iloilo City
suspected of siphoning off money from ATM card holders. A small camera and a
skimming device are placed in ATM booths. Credit card information stolen is cloned
using sophisticated card tools to withdraw money from the victim’s bank account.
Suspects were charged for violation of R.A. 8484 “ Access Device Regulation Act of
1998”.
   E.   Internet Fraud/Scam “ WakaNetwork.com”
       On May 15, 2013, PNP-ACG together with Mabolo Police Station conducted search
and seizure warrant at Interface Techno-Phil Cebu City. The said call center was offering
fraudalent waka gift vouchers to US nationals. Suspects were charged for violation of
R.A. 8484 “ Access Device Regulation Act of 1998” and Article 212 of the Revised Penal
Code “Corruption of Public Officials”.
   F.    Illegal Internet Pharmacy Operation
       On July 11, 2012 ATCCD-CIDG conducted search and seizure warrant at “724 Care
Call Center” located at Mandaue City, Cebu for marketing and selling alleged counterfeit
Pfizer medicines to US nationals. They were suspected of violating of R.A. 8484 “Access
Devices Regulation Act of 1998”.
   G.   Corporate Illegal System Hacking
       On October 4, 2011, ATCCD-CIDG arrested SHIN UN-SUN in Batangas Province by
virtue of an international warrant issued by Interpol and KNP for alleged hacking into
Hyundai  customer database stealing around 420,000 customer records and extorted
money from Hyundai. The suspect SUN was turned over to the Immigration Bureau for
deportation to South Korea.

VI.  Assessment / Forecast
For the past ten years, cybercrime in the country continued to evolve both in the
manner of commission and in the use of mechanisms by cyber criminals to deter police
investigation.  With the continuing advancement in cyber technology and the rising
popularity of social networking sites over the internet, the Philippines will remain open
to cybercrime operations.
In view of this, the opportunity for the commission of cybercrimes must be identified
and duly addressed.  Those who use the Internet, email, social media and vulnerable
computers will be the likely victims.  Financially-motivated cybercrimes will likely be the
preferred choice for criminals due to the ease of getting money, sourcing of victims and
its difficulty in detection and apprehension.
Cybercrime will persist in the country as with other parts of the world. The current
environment in the Philippines attracts transnational cybercrime groups to continuously
operate in the country.  Espionage such as data exfiltration, sabotage or disruption and
politically motivated attacks will continue to target government institutions.  An
effective country strategy, legal framework, awareness program, capability and capacity
building programs, and local and International cooperation will mitigate and effectively
address cybercrime victimization.
The PNP, as the country’s premier law enforcement institution remains unwavering in
facing these challenges valiantly and has made significant gains in thwarting cyber
offenders, especially the transnational organized criminal groups, from making the
country a sanctuary for their criminal operations.

3c - Anti-cybercrime laws
Other than RA 10175, there are other laws that were enacted as an effort to combat
cybercrimes. Prior to RA 10175, there were to earlier laws that came into being as
attempt to prohibit the early forms of cybercrimes. These are:

 RA  8484 or the "Access Devices Regulation Act of 1998"

 RA  8792 or the "Electronic Commerce Act of 2000"
 RA 9995 or the "Anti-Photo and Video Voyeurism Act of 2009"
 RA 10173 or the "Data Privacy Act of 2012"

After RA 10175 was enacted, there are other national laws that followed to prohibit
cyber-related offenses that were not covered in the Cybercrime Prevention Act of
2012.  These include RA 10627 or the "Anti-Bullying Act of 2013".
Click on the links provided below to open/download copy of these related laws.

 RA  8484   
 RA  8792  
 RA 9995   
 RA 10173  
 RA 10627   
Browse/read these laws so that you will be able to accomplish what is required in the
learning task on our next meetings.