PHL could have cybercrime law by 2012

The way the cybercrime bills filed in both houses of Congress is moving, the Philippines may finally have its own cybercrime law in the next 12 months, an IT law expert said Thursday.

Lawyer Jose Jesus Disini of the UP College of Law shared during the launch of Norton's Cybercrime Report 2011 that the cybercrime bills filed in Congress are moving at a quick pace.

"The Senate version has already passed second reading in [the upper house]. Within the next 12 months, we'll probably see a cybercrime bill signed into law," Disini said.

Having a cybercrime law is essential to the country right now since the 11-year-old E-Commerce Act of the Philippines, while future-looking, doesn't address cybercrime threats which have evolved throughout the years, Disini said.

In fact, the Norton Cybercrime Report launched Thursday noted that cybercrime is becoming one of the top crimes worldwide in terms of financial repercussions, costing victims a total of $388 billion over the past year, higher than the illegal trade in marijuana, cocaine and heroin combined, which only amounts to $288 billion.

The same report revealed that cybercrime victimizes an average of 1 million people a day, or about 14 victims every second.

Cybercrime acts could range from the simple spreading of malware over the Internet to using stolen personal information for financial gain, Norton said.

In a text message to GMA News Online, Senator Edgardo Angara, author of the Senate version of the bill, said the passage of the law is "highly probable."

"The big hurdle in the Senate is time, because of the budget debate which takes priority [for now]," he said.

Keeping pace with the times

Disini, however, noted that at the time of its passage, the E-Commerce Act was one of the most advanced IT-related legislation in the world.

In fact, one of the acts penalized under the Act include interference with computer systems, which involved distributed denial-of-service (DDOS) attacks, which have only gained worldwide prominence recently.

Still, many sections of the law have ceased being relevant. "It's been more than 10 years, but this law has never been touched again. There have been many efforts, but it has never been a priority of the government, apparently," Disini stressed.

In particular, Disini pointed out that the existing E-Commerce act is considered mala prohibita, or a classification of crime which is considered wrong because it is prohibited by law.

If a crime is considered mala prohibita, according to Disini, those who spread malware through email even without their knowledge is still liable because it is punishable by the law.

In contrast, a law classified as mala in se looks at the intent of the act committed—whether it is deliberate or incidental—before considering it as a crime.

Disini said the law should be amended so that it can be classified as the latter, since many malware spreading over the Internet today are unwittingly passed by users and often take lives of their own.

Unskilled prosecutors

The presence of the law notwithstanding, the IT law expert likewise lamented the poor prosecution record of IT-related crimes in the past years.

Among the handful of convictions secured by government prosecutors over the years, Disini said the model they used do not necessarily prove their skill sets.

"The model by which they could get conviction is that they confront the accused with the evidence that they have, and the accused will typically plead guilty to just one instance of the crime to avoid jail time," he said.

These means most of cybercrime cases in the country have not prospered into full-blown trials, where electronic evidence could be presented by the prosecutors.

Despite this, Disini said that there is reason for hope in the recent establsihment of a cybercrime office under the Department of Justice, which seeks to centralize cybercrime efforts of the government. — TJD, GMA News