Category Archives: Cybercrime

Why there should be a Magna Carta for Philippine Internet Freedom

Opening Statement of Democracy.Net.Ph before the Senate Science and Technology Committee hearing on the Magna Carta for Philippine Internet Freedom delivered by Engineer Pierre Tito Galla, PECE

[Senator Ralph Recto, Senate President Pro-Tempore and chairman of the Committee on Science and Technology; Senator Francis Escudero, chairman of the Committee on Finance; Senator JV Ejercito;
Senator Manuel Lapid; and our sponsors, Senator Miriam Defensor-Santiago, chair of the Committee on Constitutional Amendments and Revision of Codes, and Senator Paolo Benigno Aquino IV, and author of the Magna Carta for Philippine Internet Freedom, or #MCPIF;

Honorable guests and representatives of the government, the media, the academe, and the Filipino niche of cyberspace;

Fellow citizens of the Republic of the Philippines, both online and offline;

Good day.]

Cyberspace is an alien world for many. Many are afraid; many more only grasp its fringes. Cyberspace exists as a domain of the mind, of zeroes and ones, of abstract concepts. It is not surprising, therefore, that the view of the Internet is one of the widest disconnect between a government and its people. Neither has walked in each other’s shoes.1

Our origins have been told many times: Democracy.Net.PH was formed when the Cybercrime Prevention Act was being signed into law2. We trooped not to EDSA or Mendiola, but on Twitter and on Facebook. We wrote and discussed over email, over social media, in the digital cloud, and over text messages and phone calls, what was wrong with Republic Act No. 10175. We brought together our expertise in technology, our advocacy of civil rights and Constitutional guarantees, and our common love for freedom.

We are ordinary citizens. We work for a living, like many of you, and like many of the people listening, and watching today. We have different political and philosophical leanings. Yet, we bonded in the shared belief that the awesome power of information and communications technology (ICT) is positive for the future of our country.

We appreciate being invited here today. We are humbled by the courage of Representative Kimi Cojuangco, who is our advocate in the House of Representatives, and by the enthusiasm of Senator Bam Aquino. We are deeply grateful to Senator Miriam Defensor-Santiago, for championing this cause, from the 15th Congress to this 16th Congress, when no one would give us the time of day; and to you, Mr. Chairman, Senator Recto, for this moment.

On behalf of Democracy.Net.PH, and of the netizens who helped craft the bill, thank you for the opportunity to discuss the Magna Carta for Philippine Internet Freedom.

Democracy.Net.PH and the Crowdsourcing Initiative of the #MCPIF
We have been constantly and pleasantly surprised by the reaction of OFWs to the #MCPIF; that of our friends on cyberspace; and that of the international community at large, who have constantly voiced that they were inspired by, and are watching the progress of the #MCPIF. We have been awed and inspired by the high praise that international digital rights advocacy group Electronic Frontier Foundation has given to our work, calling the Magna Carta for Philippine Internet Freedom “a success story”.3 At the 2013 Internet Governance Forum in Bali, we learned that other civil societies around the world want to copy and replicate the #MCPIF in their own countries. Because of the #MCPIF, the 2013 Web Index Annual Report has lauded Philippine lawmakers with the same praise they showered the parliamentarians of Brazil working towards a “Marco Civil da Internet”.4

With the #MCPIF, we have something special, something to show the rest of the world how netizens and Congress can work together to preserve, promote, and uphold our rights and freedoms.

Indeed, the Philippines is being cited as a model for participative democracy, that through crowdsourcing – the collaboration and direct participation of citizens enabled by the Internet and ICT – laws can be crafted that reflect most accurately our people’s aspirations.5

Promoting the “Freedom Doctrine”: The Holistic Approach of the #MCPIF for ICT Legislation
As we compared notes in the 2013 Internet Governance Forum in Bali, our belief that the #MCPIF is the right path has only deepened. In addressing the different and diverse issues of cyberspace and cybersecurity, what is needed is a holistic, rights-anchored law that will consistently uphold our rights online and offline.

Your honors, we understand where the government and Congress come from with respect to the cybercrime law. We understand its purpose: to curb prostitution, child pornography, and other nefarious crimes that have been perpetrated through and with the use of technology. We also understand where President Aquino is coming from: that there is perceived to be a need for responsibility and accountability with online speech.

We agree with the premise, the wants and desires.

We agree that there should be laws to curb cybercrimes. Malicious hacking is a crime. Those who take advantage of our women and children in cyberspace should be prosecuted and punished. A civilized 21st century Philippines cannot protect unjustified defamatory speech.

This, senators, honored guests, and friends, is where our common ground with the government ends.

Where the existing law is overly broad in what it seeks to curb, the definitions and elements of the crimes enumerated in the Magna Carta for Philippine Internet Freedom are narrow, specific, and clear in what they seek to prohibit. The #MCPIF restricts only and specifically the conduct necessary to prevent the evils we want to prevent. This much is to be expected, this much is required, of a law – any law – that affects our most basic and fundamental freedoms.

To enact a law affecting our people’s use of technology but focus on the punishment of petty crime misses the point. A law on the Internet and ICT cannot exist in a vacuum; the protection and promotion of rights and freedoms requires a more holistic approach than that offered by the Cybercrime Prevention Act.

To borrow from John F. Kennedy: We are here to promote the freedom doctrine.

The Four Pillars of the #MCPIF: Rights, Governance, Development, and Security
The Magna Carta for Philippine Internet Freedom is built on four pillars: rights, governance, development, and security.





The Magna Carta for Philippine Internet Freedom: Rights
The Magna Carta for Philippine Internet Freedom promotes civil and political rights, and upholds and promotes Constitutional guarantees in cyberspace, as they would and should be in our daily lives. The #MCPIF is anchored on this principle: that the Constitution is our foundation as citizens of the Republic and equally as Filipino netizens in cyberspace. Our rights online are our rights offline.

The Magna Carta for Philippine Internet Freedom: Governance
The Magna Carta for Philippine Internet Freedom provides for ICT governance that is anchored on Constitutional principles. The #MCPIF makes it clear that the state shall take the responsibility to ensure that the governance of the Philippine ICT framework is in keeping with the ideals and aspirations of the Filipino people. This is no more strongly advanced by the transparency and open governance advocacy of the administration which is well represented in the #MCPIF.

The Magna Carta for Philippine Internet Freedom: Development
The Magna Carta for Philippine Internet Freedom promotes the development of ICT in the Philippines. The World Bank says that investment in broadband boosts GDP: a 10-percentage point rise in broadband penetration provides an economic growth of 1.38-percentage points for low and middle income countries.6 The use of the Internet and ICT is an enabler for productivity, and is a job creator. In Brazil, broadband connectivity added 1.4% to the employment growth rate.7

Senators, honored guests, and friends, our people deserve no less an opportunity.

The Magna Carta for Philippine Internet Freedom: Security
The Magna Carta for Philippine Internet Freedom protects the Filipino people both online and offline. Whether the threats come from an evil cybercriminal or cyberterrorist, a hostile non-state actor, or a rogue nation state, the #MCPIF provides the mandate and the means for our leaders to defend our citizens from the threats present in cyberspace. We want to empower not just the Department of Justice, but also the Department of National Defense. China, with whom we have a dispute, is a heavy player on the Internet, reportedly having deployed a cyberspace-centric military unit in hacking operations against other countries.8 Our ally, the United States sees cyberspace as a new domain of warfare.9 With the leveling of the playing field that cyberspace grants, we must also learn how to defend our country, and have the ability to defend ourselves in the cyberspace battlefield.

In his inaugural address, President Benigno S. Aquino III said these words: “This is what democracy means. It is the foundation of our unity. We campaigned for change. Because of this, the Filipino stands tall once more. We are all part of a nation that can begin to dream again”.10

Mr. Chairman, honored guests, and friends online and offline: like the rest of our people, we began to dream. We share in our people’s belief in democracy. We share in that common foundation of unity. The Magna Carta for Philippine Internet Freedom rests on the foundation of democracy. The #MCPIF takes cognizance of our people’s rights, our country’s need to advance economically; our people’s desire for faster and reliable ICT services well worth the money we spend; our leaders’ thrust for transparency and open governance and, to our friends in the DOJ, our government’s need for tools and skills amidst great challenges to keep us safe. It is the hope of Democracy.Net.PH that we can all work together so that Congress can pass a law that upholds our rights online, and upheld offline. We ask the Senate to pass a law anchored on rights, governance, development and security. Let us, all of us, bridge this disconnect, this digital divide.

Senators, we humbly ask you to pass the Magna Carta for Philippine Internet Freedom.

Thank you.

End Notes

1. Dayao, C. Twitter.

2. de Santos, J. Yahoo! News. “The Wisdom of Crowds: Crowdsourcing Net Freedom.”

3. York, J. Electronic Frontier Foundation. “A Brief Analysis of the Magna Carta for Philippine Internet Freedom.”

4. 2013 Web Index Annual Report. The Web Index. Page 36.

5. McKenzie, J. “Crowdsourced Internet Freedom Bill a First for Filipino Lawmakers.” techPresident.

6. Kim, Y., Kelly, T., and Raja, S. “Building Broadband.” The World Bank.

7. UNESCO. “Broadband: A platform for progress.”

8. Sanger, D., Barboza, D., Perlroth, N. The New York Times. “Chinese Army Unit Is Seen as Tied to Hacking Against U.S.”

9. U.S. Department of Defense. “The Cyber Domain Security and Operations.”

10. President Benigno S. Aquino III. Inaugural address.

Debunking Errors in a Proposed Philippine Cybersecurity Framework


This is the inescapable conclusion one will have upon reading Francis Domingo’s opinion piece in the November 18, 2013 issue of Philippine Daily Inquirer, “Points to consider in securing Philippine cyberspace”. While Domingo raises a valid concern on the continual growth of the cybersecurity threat, his recommendations fail to address it. Worse, if followed, his recommendations may prove disastrous.


The Cybersecurity Threat Continuum 

“More people may decide to engage in cyber-attacks because of the low barriers to entry, anonymity and presence of others involved in similar activities.

“Performing various operations in cyberspace is not difficult because the resources and knowledge required to exploit and disrupt infrastructure are modest compared to the requirements of exploiting other domains of conflict such as land, sea, air and even space.

“Any individual with sufficient technical knowledge and has access to information communication technologies can execute cyber-attacks.”

F. Domingo, Philippine Daily Inquirer, November 18, 2013

Domingo points out correctly that cyberattacks will continue to grow in number, scope, and impact; he correctly points out that performing such attacks are less difficult than physical violence, and puts forward a valid observation that anonymity may be a factor in choosing to perpetrate crime or fraud, destruction and disruption, or enter into conflict via cyberattacks over conventional means.

The possibilities available, however, do not constitute a simple menu of choices. Cybersecurity threats are more accurately depicted in a continuum:


From left to right, the diagram describes two parallel concepts: first, that of actors — from an individual, through loosely-affiliated groups, to large, structured organizations — and, second, that of level of skill — how the increasing availability of skills and/or skilled manpower can be used as resources to plan, execute, and follow-through on a cyberattack.

From bottom to top, the diagram describes the potential damage that can result, especially from a deliberate cyberattack. For instance, the potential damage that can be caused by a prankster will be less than that of a dupe, as the former may be restrained by conscience while the latter is subject to the will of another person or group, who may feel no such restraint. Likewise, it is understandable that organized groups with larger pools of manpower and skillsets, as well as the drive to gain such skills and employ them, will have higher scales of potential damage than amorphous groups or individuals. It is equally interesting that the individuals and groups moving up the potential damage scale can be classed together into fairly distinct sets of motivations for cybercrime and cyberattack, as shown by the right-hand scale.

The cybersecurity continuum is by no means theoretical. Domingo appears to be familiar with the modes of cyberattack that have been used both locally and abroad, as well as the suspected perpetrators. As such, it is strange that Domingo clings to the notion that cyberattacks have limited impact; perhaps we must first define what a cyberattack is.


What is a Cyberattack?

In his opinion, Domingo provided no clear definition of a cyberattack. This vagueness may be the culprit of the erroneous premises upon which his arguments are based.

A US National Research Council’s report defines cyberattacks as “deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and/or programs resident in or transiting these systems or networks.”[2] Taking off from this definition, an article “The Law of Cyber-Attack” in the California Law Review proposes that a cyberattack “consists of any action taken to undermine the functions of a computer network for a political or national security purpose.”[3]

These definitions are so broad that they seem to conflate cyberattacks and cybercrime. In crafting the Magna Carta for Philippine Internet Freedom (#MCPIF) bill, the group Democracy.Net.PH and other contributors agreed to separate the definitions of cybercrime and cyberattack. The bill defines cyberattack as:

“[A]n attack by a hostile foreign nation-state or violent non-state actor on Philippine critical infrastructure or networks through or using the Internet or information and communications technology.”[4]

The bill includes in the definition of cyberattack as also possibly this:

“[A]n assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system.”[5]

The definition proposed in the #MCPIF acknowledges the cybersecurity threat continuum. This definition will serve as our basis in clarifying the flaws in Domingo’s op-ed piece.


A Cyberattack’s Impact Can be Lethal

“[C]yber-attacks have a limited impact on nation-states because the attacks rely on an electromagnetic spectrum, require man-made technology to function, and do not involve lethal action and physical violence.”

F. Domingo, Philippine Daily Inquirer, November 18, 2013

Domingo cites the distributed denial-of-service (DDoS) attack against Estonia in 2007 and the Stuxnet worm — used supposedly targeting Iran’s Natanz uranium enrichment facility and whose escape into the wild in 2010 led to its detection — as examples of cyberattacks. The modes exemplified by the Estonia attack[6] and Stuxnet[7] are similar to the Shamoon malware cyberattack on the state-owned oil firm Saudi Aramco[8], the DDoS attacks on US banks in 2012[9], the cyberattack on South Korean media and banking firms just this year[10], and so on.

It appears that Domingo’s position is that there has been no significant injury, loss of life, nor widespread physical damage to infrastructure. Ergo, damage is “limited.”

This is another shortsighted view.

While it is true that few, if at all, have so far been physically hurt by cyberattacks, the impact is nonetheless significant. The “ILOVEYOU” virus outbreak in 2000, a brainchild of one Onel de Guzman[11], a student of AMA Computer College, affected at the time about 45 million computers worldwide[12] and caused an estimated $10 billion dollars in damage[13]. The scale of damage caused by the ILOVEYOU worm, adjusted for inflation, is on a par with the scale of damage caused by Typhoon Yolanda.[14]

The perceived absence of injury to human beings does not render the damage from cyberattack limited; rather, such makes cyberattacks even more sinister. The disruption of networks that will result in the breakdown of services of government, power, communications, transport, finance, and other critical infrastructure can result in chaos in society. Instead of directly harming the populace, the attacker can create an environment where the populace will be motivated to destroy each other and themselves. Such damage mirrors that caused by enhanced radiation weapons, such as cobalt and neutron bombs, which are designed to kill but leave infrastructure and equipment relatively undamaged.[15]

Still eerily similar to atomic weapons of mass destruction, but to an even more sinister degree, is the ability of an attacker to design and control the degree of damage that is caused by the cyberattack. “Dial-a-yield” is the catchphrase often used to describe the capability to adjust a weapon to a desired scale of damage.

Domingo appears to make the error of failing to recognize that, with a cyberattack, the attacker not only can design the implementation but can practically specify the extent of damage from the narrowest of scopes up to unrestricted levels. Stuxnet was designed to go after a specific piece of equipment. Thus, the damage was limited only to the systems where the equipment was installed. If the global positioning system (GPS) navigation can be subject to an unrestricted cyberattack, which is now considered to be a distinct possibility[16], airplane crashes, ship groundings, and fatal mistaken identity incidents could occur at scales more horrific than simultaneous occurrences of incidents analogous to 9/11, Exxon Valdez, Aeroflot Flight 8381/ СССР-26492, MV Doña Paz/ MT Vector, and Korean Airlines Flight 007 combined.

There is no logical reason to wait until such catastrophic incidents occur, until lives are lost due to the lethality programmed into a cyberweapon, before establishing a robust cybersecurity framework.


Cyberattacks Do NOT Require High Technology; Cybersecurity Must Not Be Merely Technology-Centric

“[C]yber-attacks will not be successful if the spectrum is controlled or access to critical networks is blocked by accountable government units.”

F. Domingo, Philippine Daily Inquirer, November 18, 2013

Domingo mentions Stuxnet as a cyberattack; however, he may not be aware that the attack vector of Stuxnet was through the physical connection of an infected USB flash drive to a computer connected to the target network.

This, in hacker parlance, was a “sneakernet” attack. This attack was made via the crudest method of compromising a system — accessing the physical layer. The legal control of the allocation of the usable frequencies within the electromagnetic spectrum (for there is no means at present that can control the electromagnetic spectrum, short of repealing the laws of physics) by no means can prevent a sneakernet attack, or many other modes of attack for that matter. Restricting access to critical networks willy-nilly cannot likewise prevent such an attack since, by using the physical layer as the means of compromising the system, the data link, network, transport, session, presentation, and application layers are effectively bypassed.

Clearly, it is erroneous for Domingo to have posited that cyberattacks are solely technology-dependent, and thus for cybersecurity to be technology-centric.

In ensuring cybersecurity, there are two other aspects that must be considered and implemented. A cybersecurity plan must be based on a holistic combination of physical security, behavioral security, and electronic security means, policies, and procedures; to focus on a single defense aspect or potential threat axis would be analogous to building an iron door for a bank vault whose walls are made of paper.

Domingo has fallen into the trap of seeing a few trees and missing the forest.


Cybersecurity is Not Merely a Convenient Buzzword

“Security strategies are not definitive.”

F. Domingo, Philippine Daily Inquirer, November 18, 2013

Given that cybersecurity threats belong in a continuum, and that the actors, their motivations, the degrees of damage intended and programmed, and the level and breadth of skillsets are not one-dimensional – as he erroneously paints them to be – Domingo’s position of a one-size-fits-all approach to securing Philippine cyberspace is untenable.

Cybersecurity cannot be as casually relegated as Domingo proposes. The range of potential threats to the physical security of the Filipino citizen run the gamut of petty crime, organized crime, terrorism (domestic and otherwise), to unfriendly acts of foreign governments; it is well understood that the mandates to protect the life, liberty, and property of each Filipino that are given to the Philippine National Police, the National Bureau of Investigation, and the Armed Forces of the Philippines differ in level of threat and scope of action.

So, too, should be the cybersecurity mandate.

This is the approach taken by the drafters of the Magna Carta for Philippine Internet Freedom. The #MCPIF proposes that the Department of Justice (DOJ), the National Bureau of Investigation (NBI), and the Philippine National Police (PNP) shall be the competent law enforcement agencies to protect Filipino citizens from cybercrime, corollary to their mandates to protect Filipino citizens from non-ICT enabled or perpetrated crimes. Likewise, these law enforcement agencies, supported by other government offices—including the Department of Defense (DND) and the Armed Forces of the Philippines (AFP)—will be tasked with protecting the country from cyberterrorism and cyberespionage. This is no different from the current mandates given to the respective agencies of government to protect the country from terrorism and espionage.

As they are tasked with national defense and the protection of national critical infrastructure, it is therefore likewise logical that that the DND and the AFP will be tasked with national cyberdefense and the protection of national critical ICT infrastructure.

It should be pointed out that while he is correct that the Information Systems Security Society of the Philippines (ISSSP), the Information Systems Audit and Control Association (ISACA), and the Philippine Computer Emergency Response Team (PH-CERT), as well as scholars and government experts, can be resources and have actually been providing technical expertise on cybersecurity as private companies like Symantec, McAfee, and IBM, Domingo is wrong in saying that they can be agents to implement Philippine cybersecurity action and policy. There is no logic in this thinking, as it is analogous to using security guards as frontline troops in internal security operations against the New People’s Army. Security planning, while it may be enriched by inputs from those with the appropriate competencies and skills, is best put together by those who can see the forest and not just the trees.


RA 10175 is NOT a Good Basis for a Philippine Cybersecurity Framework


“[P]eople must be made aware of the rationale and scope of Republic Act No. 10175 and other laws that protect Philippine cyberspace.”

F. Domingo, Philippine Daily Inquirer, November 18, 2013

There is some merit, however limited, in Domingo’s vague proposals on how to implement cybersecurity for the Philippines, in so far as developing a culture of cybersecurity through education and information campaigns, ensuring resilience of institutions, and the development of multidisciplinary, multistakeholder teams for plans, policies, and programs to promote national cybersecurity. Clear proposals have been presented by the drafters of the Magna Carta for Philippine Internet Freedom and constitute an integral part of the bill.

Unfortunately, Domingo goes astray in promoting Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, as a basis for promoting cybersecurity.

The oft-quoted maxim of Benjamin Franklin, “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety,” points out the fatal flaw in Domingo’s promotion of the Cybercrime Prevention Act. As the law – fortunately suspended in its application – promotes such assaults into civil liberties such as the right to privacy, the right to due process of law, and the freedom of expression, it cannot be the basis for establishing cybersecurity for the Filipino people.

To be succinct: our rights online are our rights offline. Our cybersecurity thinking must be no different, therefore, from how we think of ensuring our physical security – holistic, properly-calibrated, competent, and rights-based.

To reduce it to vague buzzwords would be to endanger ourselves.



[1] Engr. Pierre Tito Galla, PECE, is one of the convenors of Democracy.Net.PH, an ICT and civil rights advocacy group that spearheaded the drafting of the Magna Carta for Philippine Internet Freedom. He is a practicing Professional Electronics Engineer with nearly a decade and a half in the information and communications technology sector, and is currently an executive in a Fortune 500 multinational whose networks span the globe.

[2]  Hathaway, et al. “The Law of Cyber-Attack.” <>.

[3]  Ibid.

[4] Democracy.Net.PH. “Full text of the Magna Carta for Philippine Internet Freedom.” <>.

[5] Ibid.

[6] The Associated Press. “A look at Estonia’s cyber attack in 2007.” 8 July 2009. <>.

[7] Kushner, D. “The Real Story of Stuxnet.” IEEE Spectrum. 26 February 2013. <>.

[8] Perlroth, N. “In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back.” The New York Times. 23 October 2012. <>.

[9] Ibid.

[10] Waterman, S. “Cyberattack hits South Korea’s banks, media.” The Washington Times. 20 March 2013. <>.

[11] Cluley, G. “Memories of the Love Bug worm.” Naked Security. 4 May 2009. <>.

[12] Ward, M. “A decade on from the ILOVEYOU bug.” BBC News. 4 May 2010. <>.

[13] Landler, M. “A Filipino Linked to ‘Love Bug’ Talks About His License to Hack.” The New York Times. 21 October 2000. <>.

[14] RSJ/ GMA News. “NDRRMC: Yolanda death toll continues to rise, now at 5,759; damage surpasses P35B.” GMA News Online. 5 December 2013. <>.

[15] Snow, D. “Strategic Implications of Enhanced Radiation Weapons.” Air University Review. July-August 1979. <>.

[16] Neal, R. “GPS Terrorism: Hackers Could Exploit Location Technology to Hijack Ships, Airplanes.” International Business Times. 29 July 2013. <>.

The mtrcb wants to ‘regulate’ the Internet

According to ABS-CBN, the Movie, Television Review and Classification Board announced that it plans to talk to the Department of Justice regarding sites that supposedly publish video of underage women.

First off, it is a bold move in that there should be protection for underage women. And there are laws like the anti-child pornography law. So it isn’t like there is no protection at all or to even suggest that the Philippines isn’t out stumping out this form of evil.

Second, it is one of those ridiculous and dangerous things— even taking into account protecting underage women. We have just gotten out of a really bad situation in Dubai— where the Internet fought to be kept open and free. And the Philippines signed off against U.N. regulation of the Internet.

Near as I can understand it, MTRCB is beyond its Authority. In fact, why skimpy women dance on noon time shows is a matter of much concern, if we are being moralist about it.

What’s dangerous here is government stepping up on censorship on the Internet. It never has ended well. Justifying it on moralist ground is a danger in and on itself. And that’s what they really are after here isn’t it? Justification for RA 10175 or the Cybercrime Prevention Act. The move of the MTRCB wishes to have some justification for law and the takedown clause in the cybercrime law.

The question here shouldn’t be a take down clause. It should be who is deciding what should be taken down and when. It can not be the cops or the prosecutor— in this case– the executive department of the government. It should be the court of law that should decide if someone has stepped out of bounce because that’s the equal protection we all enjoy.

What is to stop someone years down the road for using RA 10175 as justification for doing an Egypt-style crackdown on the Internet? Or a Chinese-style one? One of the biggest flaws of the cybercrime prevention act is that it doesn’t really fight cybercrime. Neither is it cognizant of what cyberwar could be.

@rom disagrees with me. He says, “I don’t think they can think at far ahead. LOL.”

@philippinebeat tweeted, “Here we go again. Afraid of the Internet and netizens?”

@ceso: wrote: “@philippinebeat i think it was just a knee-jerk reaction frm the complaint. good tho that people are thinking about internet freedom”

@gelolopez says, “@philippinebeat There are reasons why they are called MTRCB. Movie and TV.”

“@philippinebeat altho, drive vs. exploitation & trafficking of minors online is being strengthened under #MCPIF,” @ceso added.

@philippinebeat replied: “@ceso Likely. We need orgs that think something through carefully before they act. Clearly this goes beyond MTRCB’s mandate.”

@mobilemaui reminds us of another great idea: “BIR wants to tax online sellers.”

The answer really is the Magna Carta for Philippine Internet Freedom. What this does is fix the flaws of the Cybercrime Prevention Act. It does it better by starting with protecting rights enshrined in the bill of rights. It stands for an open and free Internet by balancing those rights out with the need of government to protect us. It doesn’t think of the Internet as a medium, but a living breathing ecosystem. We are giving the government the right tools, the proper mindset to go after the real bad guys, and at the same time being cognizant that the Internet is an economic driver.

Disclosure: the Author helped draft the Magna Carta for Philippine Internet Freedom.

[Editor's note: we updated this entry to reflect a few comments]

Crowdsourcing: The Story of the Drafting of the Magna Carta for Philippine Internet Freedom

Update: The Magna Carta for Philippine Internet Freedom (MCPIF) has been refiled for the 16th Congress.
PHNetDems statement when Senator Santiago filed the MCPIF in the Senate as Senate Bill No. 53
Statement of PHNetDems when Representative Kimi Cojuangco filed the MCPIF in the House of Representatives as House Bill 1086.

SBN3327 ScreencapThis is the story of how six ordinary, tech- and internet-savvy citizens, over three hundred online onlookers on Facebook, Twitter, and Google Docs, and a number of their politically-connected friends brought the dream of a Magna Carta for Philippine Internet Freedom to the august halls of the Senate of the Republic of the Philippines, and found in Senator Miriam Defensor Santiago a champion for civil and political rights in cyberspace.

Continue reading

Santiago Files Magna Carta for Philippine Internet Freedom

Senator Miriam Defensor Santiago
Senator Miriam Defensor Santiago, principal sponsor of SBN 3327

(Update 14 Nov 2012: SBN 3327 official PDF from Senate official website embedded below.)

Constitutional rights shall not be diluted in the Information Age.

This is the guarantee sought to be galvanized by Senate Bill 3327, filed on November 12, 2012, by the eminent constitutionalist and international law expert Senator Miriam-Defensor Santiago. In what is a first in Philippine legislative history, the provisions of the bill authored by Senator Santiago draw directly upon the suggestions of Filipino netizens solicited through online “crowdsourcing”. The proposed measure seeks to address not only the protection of  but also the establishment of the rights of Internet users in the Philippines. Also, guided by the expert knowledge of the diverse set of IT and legal specialists who advised on the bill, SBN 3327 seeks to establish a sensible, fact-oriented and balanced environment that defends Filipinos against against cybercrimes and cyberattacks.

Senate Bill 3327 is titled, appropriately enough, “An Act Establishing a Magna Carta for Philippine Internet Freedom, Cybercrime Prevention and Law Enforcement, Cyberdefense and National Cybersecurity.” Also known as the MCPIF to the netizens whose views helped shape the Bill, the Magna Carta for Philippine Internet Freedom is anchored on:

a. Rights
The MCPIF protects the civil and political rights of Filipinos, recognizing and asserting our guaranteed constitutional rights in cyberspace. Economic rights and consumer rights, especially as affected by the use of the Internet and information and communications technology (ICT), are also promoted and upheld.

b. Governance
The MCPIF promotes ICT in governance, translating into an empowered citizenry, a more efficient and responsive government, and more effective use and distribution of resources.

c. Development
The MCPIF provides government agencies with the mandate and the means to harness ICT for national development, thus promoting Philippine economic growth and ensuring Filipinos remain competitive in the information age.

d. Security
The MCPIF prepares Philippine law enforcement agencies and the armed forces for the current and emerging security challenges of the information age. It equips law enforcement with the capability to prevent, detect, and respond to cybercrime. With bolstered national defense and intelligence capabilities made possible through the MCPIF, the Philippines will be able to protect its critical infrastructure, reducing its vulnerability to attacks by cyber-terrorists and rogue or enemy states.

SBN 3327 has been referred to the Committee on Science and Technology for deliberations. It is expected that in the same spirit that animated the crafting of the Magna Carta for Philippine Internet Freedom, legislative deliberations will be enhanced by the active participation of the citizens online, and the other ICT stakeholders. The Internet has facilitated an unexpected next step in participatory democracy, and the forthcoming legislative process will harness that power.

SBN 3327 – An Act Establishing a Magna Carta for Philippine Internet Freedom, Cybercrime Prevention and Law Enforcement, and Cyberdefense and National Cybersecurity

[scribd id=113187011 key=key-yeze4eq6waidnxz1mpa mode=scroll]

(Photo credit: Senate official website,

(PDF credit: Senate official website,

Explanation required, Mr. President

My position regarding what has become Republic Act No. 10175, the Cybercrime Prevention Act of 2012, has not changed since I first went over the Senate version (Senate Bill No. 2796) several months ago: I maintain that it is a deeply flawed law that will not be able to properly address the problems it was ostensibly designed for, including, but not limited to, libel, cyber-bullying, and cyber-prostitution. Of course, back in February, I was content merely to air my anxiety, because I was fairly optimistic that the ill-conceived bill would not prosper, such optimism—or maybe I should say, with the benefit of hindsight, naïveté—being largely rooted in my reluctance to entertain the notion that the denizens of officialdom would act, to use a time-honored phrase, like a bunch of drooling incompetents.

It seems opportune to raise yet again the important question of whether our leaders understand what goes on in cyberspace, even as they attempt to engage the wired middle and upper classes—certainly not the general public, in view of extant data on the level of Internet penetration, not to mention access to electricity, in the country—by establishing and using all sorts of online properties, such as web sites, blogs, and social media accounts.

The massive outcry against the anti-cybercrime law, which, as of this writing, includes four separate petitions filed with the Supreme Court by various groups, has found the apparatchiks of this administration scrambling to defend the decision of President Benigno S. Aquino III to sign it into law. For instance, at a press briefing yesterday, September 27, Presidential Spokesman Edwin Lacierda, urging critics to wait for the pertinent Implementing Rules and Regulations (IRR), said that “freedom of expression is not absolute”, and that the law “[attaches] responsibilities in cyberspace”—pronouncements that are not without merit and would be difficult to disagree with, but tend to come across as incongruous at the very least, considering that Lacierda, along with other Palace functionaries, has been known to happily heckle political opponents—transport strike organizers and participants, say, or former Chief Justice Renato Corona—using his Twitter account, and could more convincingly serve as an exemplar of irresponsible online behavior than the opposite, especially because, by virtue of his position, he is supposed to speak with the voice of the Chief Executive.

Similarly irresponsible, as well as disingenuous, are the arguments advanced by Presidential Communications Development and Strategic Planning Office (PCDSPO) Undersecretary Manuel L. Quezon III, who, in response to blogger Jon Limjap’s tweet that the law, presumably on account of its provisions on libel, could be used “to silence political critics online“, replied that Limjap’s “sweeping” statement “ignores the [C]onstitution and its guarantees“, adding that the Act contained nothing that “any columnist hasn’t had to live with since time immemorial“. I would have thought that the following patently obvious things need not be said: first, the Constitution will not prevent—and in fact allows—the litigious from threatening to file or actually filing lawsuits, as Quezon himself knows from experience, whatever the courts eventually decide; second, the majority of people online are not columnists and have had no journalistic training, though pretenders do proliferate; and third, just because a particular state of affairs has persisted “since time immemorial” is not a reason to maintain said state.

None of the foregoing is to advocate that a kind of exceptionalism be observed with reference to cyberspace and the various activities that go on it it, as The Philippine Star columnist Federico J. Pascual seems to believe, rather strangely, of those against the anti-cybercrime law. I do think that there is much that deserves to be regulated online, although that requires a separate discussion. The process of law-making, however, ought to be undertaken with intelligence, sensitivity, and no small amount of caution. Given the disturbing implications of the Act in its current form, a severe shortage of precisely the aforementioned qualities may well be afflicting Congress and Malacañang, and now time, energy, and taxpayer money must be spent, if not squandered, in the fight against a law that, as Cocoy Dayao has pointed out, could have been crafted “far, far better“, and would therefore have been a more efficient use of national resources.

It is interesting to note that, according to a recent report, Aquino did not exercise his veto power over the Act because the office of Executive Secretary Paquito Ochoa, Jr. prepared a legal memorandum recommending the law for signing. Perhaps Ochoa or Aquino might be prevailed upon to release the contents of this memorandum to the public,  in order that the rationale behind the approval of the Act by a President who has repeatedly asserted his commitment to freedom and transparency might be understood by the people it will affect—the so-called bosses in whose interests he claims to work, and to whom he now owes a clear explanation.

Philippine Cybercrime Law: The Digital Divide and the Failure of the Tribe

When President Aquino was elected in 2010 there was much hope. It was the promise of a better Philippines. In many ways it has been a nation for the better. In many ways President Aquino’s election has been an eye opener to the myriad flaws in the way the nation operates. The botched hostage taking in August 2010 showed us how much inept our police are. The failure of the weather bureau and it’s slow subsequent transformation to a much better service is another example. Disaster preparedness is a lot better. The skirmishes with the Chinese highlighted the weakness in our nation’s armed forces. The death of Jessie Robredo likewise highlighted the lack of capability in rescue operations. Only now are we seeking signs of deep damage. What we have is a nation not unlike an old house requiring much renovation. And like these highlighted weaknesses, so too does the make, and passage of the Cybercrime law highlight another systemic flaw in our nation.

The Cybercrime Law highlights a digital divide between those who understand technology, and those who do not. It highlights the conservative thinking of our legislature, and the backward thinking in our politics balancing out the needs of tomorrow, with the need of a religious conservative society. It highlights the weakness too of our tribes, and how we have utterly failed to be proper ambassadors of technology, and the Internet so essential today. It is a startling example of where we are as a nation today: a dichotomy of the past with its provincial mentality, and a struggle for a more liberal future. In short, the cybercrime bill is an example of a digital divide between the technology savvy, and the not so.

The cybercrime law is a catch all law. It means that all the laws of the revised penal code automatically has an online equivalent. Lawyers, judges, and law enforcement have clamored for this.

The provision on cybersex is a response to the numerous cases of women and children being exploited online. Likewise, the cases of sex tapes being published. We are, after all, a very conservative society. Never mind if the source material was never intended to be published. Never mind if it was made by two consenting adults. The cybercrime law likewise doesn’t provide for provisions on sexual harassment, but since it is a catchall law, the laws already existing will serve as it. So if you’ve ever been sexually harassed on text message, watch for the implementing rules and regulations to be published because that’s how laws in the Philippines actually work, defined by what the executive says those rules and regulations are.

What else should you know about the Cybercrime bill? A wife being dissed on in social networks could not, they say file libel against a husband who has been bad mouthing her. And so, no libel case against someone online has prospered. So now libel means exactly what libel means in the print or broadcast world. Not that this too opens a whole can of worms.

Libel in the Philippines has always made the publisher and the editor-in-chief subject to libel by their writer. So a blog publisher will be subject to libel, as well as its editor-in-chief. In the American context, a site is not liable to a libelous comment left in its post. I have yet to figure out if the new Philippine Cybercrime Law follows similar thoughts, or if the publisher is equally liable. A casual reading of the published Cybercrime Law is silent on it. I wonder too how this would affect Twitter and Facebook. Would Tito Sotto for instance file a case against Twitter for publishing a libelous tweet against him? Again, the implementing rules and regulations could probably shed light on the matter.

Can you see how well-thought-of and well-written the CyberCrime Law is?

One of the provisions of the cybercrime law is on online libel. It means that libel on the Internet is the same kind of libel as it is on print.

Jon Limjap, a blogger, and a veteran and well-respected software developer wrote on his twitter saying that the Cybercrime law could now be used to “silence political critics online.”

“That sweeping statement ignores the constitution and its guarantees,” Wrote former columnist, and now Undersecretary Manolo Quezon III. “Anyone who really wants to say something will always find a way to write it.” He added, “In my humble opinion, nothing there that any columnist hasn’t had to live with since time immemorial.”

Undersecretary Quezon is right. There is nothing in the bill that no columnist has had to put up with for years. At the same time, Jon Limjap’s fears are equally valid. According to Jojo Malig, during the 103rd session of the United Nations Human Rights Committee, they ruled that “Philippine libel laws violate freedom of expression.”

Philippine law, coincidently defines libel as “public, and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any act, omission, condition, status, or circumstance tending to cause the dishonor, discredit, or contempt of a natural or juridical person, or to blacken the memory of one who is dead.”

And yes, bloggers ought to be aware of that. The rules of journalism ought to apply. Be careful how you write certain things.

Do the same rules apply to people leaving comments on websites, on Twitter, on Facebook, email and SMS? Do you want to find out?

So yes, there is a pressing need to revisit Philippine Libel law. And this very modern law now extends online.

As a victim myself of numerous attacks online, would this help protect me from trolls, innuendo and attack? Why doesn’t this law give me cause to rejoice?

The onus now too is on people who make the online world as a business. The cybercrime law says data must be kept up to six months. So yes, if you run a website, or own an online business, best to keep backup copies for up to six months. This is potentially more business for those in my line of work. Bad, if you own the business, which means more fees, and higher cost.

Is there anything good to come out of the cybercrime law? Well, yes, there is. For one thing, spam is now illegal. Which, I think we can all agree is a good thing. The second thing is that law says we should have a national cybersecurity policy. This is perhaps the best part of the law, and only part that gives me hope it is actually useful. Government will now (in theory) respond to cyberattacks on its websites and infrastructure. Again, the law is structured in such a way that the implementing rules and regulation will determine how well it is executed. If at all.

The cybercrime law highlights how flawed our legislature is. We have a group of people writing a law, drafting policy of which they barely understand, or construe the shape of, much less prepare the nation for the future that is without doubt coming. We have a nation trying to understand and grapple with technology that barely anyone understands, or comprehend the implications of. It is an epic struggle to bridge the 20th century, and the 21st. The political bench sadly is ill equip to deal with these struggles.

At the same time, the passage of the cybercrime law is an indictment of our tribes. We have failed us. We who understand technology have failed to bridge the digital divide. We are failing to educate how things are, and how things work. The tribes have failed to provide a constant campaign to be heard and to influence public opinion. We must now seriously reconsider how our collectivism can positively reshape society in the long term.

Where does this leave us then? We are left with a cybercrime law that for the most part reflects the tired past of Philippine governing, and law with a dash of what I hope could be a vision for the Philippines to engage in better cybersecurity.

Veteran News Anchor Twink Macaraig, in my humble opinion highlights the situation best. She tweeted, “I can hear our SC Justices now: ‘Tweeter kamo? And how is that different from Stumbler?’ Won’t be pretty.”

An Open Letter to the President, and to Filipinos everywhere on Cybercrime Bill and Internet Freedom

Dear President Aquino, and Filipinos everywhere,

I’m a nobody. I do not speak for the 29 Million Filipinos who have Facebook accounts. I do not speak for the 25 percent of Filipinos that according to the World Bank is on the Internet.

I do not speak for my fellow bloggers who write on this space with me, nor for the countless others across the Internet. I am an ordinary citizen, Mr. President. I am a small guy in a big pond. I run a web host business leasing infrastructure for a couple of dozen clients. So, the Internet is quite important for me. It is bread and cheese. That— and I believe in the daan na matuwid. I believe in what your government hopes to achieve, Mr. President. I recognize the constant uphill battle for real change. I am writing this because Congress recently passed the Cybercrime Bill. And with your signature, it becomes law.

Mr. President, I believe the Cybercrime Bill that Congress passed is a mistake. Not because we don’t need a cybercrime bill, but because I believe this bill does not do what it is suppose to do: protect women and children from abuse; empower law enforcement so they can capture the bad guys.

It does, however create a chilling effect. A real, clear and present danger to civil liberties. Even now, even before you sign this bill into law, Senator Tito Sotto is sending a clear message to his critics to beware of the cybercrime bill. Senator Sotto is being accused of plagiarism in his spirited defense of the Reproductive Health Bill. The accusation has gone worldwide, and no less than both the Washington Post and the New York Times have written articles against him.

Ordinary people such myself have come to rely on the Internet to give voice to our grievances to government. We have also come to use it to lend government a hand. People responded to bayanihan in a whole new level especially during the recent habagat crisis that sank the capital and nearby provinces. People turn to social media for help when relatives need blood or what some other need. And the community, has when the call to unite comes, have.

Yes, Mr. President those of us who live and breathe social media is just a small percentage of people. Many more of our people— the real ones in need are there in the far flung provinces of our nation. There are, parts that I’m sure you know have hardly anything at all. And yet, it was through in some small measure to social media that people rallied behind a lowly MMDA officer who was being abused, and disrespected by an ordinary citizen. People have such a fair sense of right and wrong. It was the first time that I know of, ordinary citizens defending an officer of the government.

The Internet is a place where scandals appear day in and day out. Misinformation by well meaning citizens, are but an example. And yes, certainly you for example have been victimized by baseless attacks online. In a nation such as ours, what is the defense of the ordinary citizen from reprisal?

If a Senator of the Republic threatens his critics with libel– what is our defense, Mr. President when he goes behind the podium in the Senate to give a speech that for many of us is wrong, and seek to debunk his story? Are we no longer allowed to think for ourselves? What is the defense Mr. President if he goes on television and cries that all his critics are funded by drug lords, and then comes around to threaten his critics, “just you wait for the cybercrime law.”

The Iraq war started out because no one sought to go for reason, and timely debate. No one sought to debunk, and to give proof with facts, about what was right. America set aside its sanity, and reasoning ability. How then, Mr. President are we to have a real democracy, with proper checks, balances, and real spirited discussion, based on issues, and not an attack? Where then Mr. President can we the people seek refuge from meanness, truthiness? How then can we have a nation that thinks for itself if our leaders hide behind the cloak of protection by being an official of the land?

Mr. President, we need a timely debate on what is our citizen’s rights online. United States Secretary of State Hilary Clinton gave remarks on Internet Freedom. It is, she said, about Freedom of Speech, Freedom of Expression, Freedom of Assembly, but instead of marching in the streets, it is on the virtual space we call The Internet. We need the right to connect, guaranteed first. It does a great disservice to democracy when Senator Sotto threatens ordinary citizens that we can not voice our disagreement with our elected officials, when we think they screw up.

The Internet is a beautiful place, Mr. President. It can do so much good, and as the Blackberry riots of London proved could be a mechanism for mayhem. There is a clear and present need Mr. President for a serious discussion amongst government, the business sector, and the citizenry about our Rights, and Limitations online. I believe, as well as many of my friends that it all starts with the Bill of Rights, of which we are all protected. There is also a sense of responsibility that we must exercise.

I urge anyone reading this to ask the President to reconsider signing this bill. To ask him to ask Congress to rethink this. I urge everyone to sit-down, hash things. We need a Magna Carta or a Bill of Rights online. What is our right as Netizens? What is the role of the telcos? What rights should we accord copyright holders? How do we cite sources, when is it permit-able to copy, and paste? And when is it lawful to file libel suits? And so many other questions. What is our responsibility as citizens while online? And how can we provide the government with the right tools to do the right job: hunt the bad guys.

Mr. President, I urge you to reconsider signing the Cybercrime bill. Yes, we need to protect our people. yes, we need to empower our police, and government, but we need a law that balances the incredible power of the Internet against its shortcomings. We need a cybercrime bill that actually fights, cybercrime, for the people.

Senate President Enrile has given a call to talk about rights online, and to write a law to that effect.

President Barack Obama on popular site Reddit wrote: “Internet freedom is something I know you all care passionately about; I do too. We will fight hard to make sure that the internet remains the open forum for everybody – from those who are expressing an idea to those to want to start a business.”

It is my wish, Mr. President, and to Filipinos everywhere, that we all hold this truth to be self-evident:

“We stand for a free and open Internet.

We support transparent and participatory processes for making Internet policy and the establishment of five basic principles:

Expression: Don’t censor the Internet.

Access: Promote universal access to fast and affordable networks.

Openness: Keep the Internet an open network where everyone is free to connect, communicate, write, read, watch, speak, listen, learn, create and innovate.

Innovation: Protect the freedom to innovate and create without permission. Don’t block new technologies, and don’t punish innovators for their users’ actions.

Privacy: Protect privacy and defend everyone’s ability to control how their data and devices are used”


It is my hope that you veto the cybercrime bill, Mr. President and make a new one. A Cybercrime bill that actually balances everyone’s interest. A cybercrime bill that actually protects people, and empower law enforcement. I urge you Mr. President, and everyone who has taken the time to read this to come together and discuss Internet Freedom, and what it means for all of us first, before we talk about punishing people with cybercrime, and what it really means to empower not just government but citizenry. We don’t need threats. We need for both Government and the Citizenry to work hand in hand towards a more equitable society, and in your watch, Mr. President we’ve seen the first step towards that illusive dream. I believe the Internet is a useful, equalizing tool. The Internet is drive economic growth, so powerful, the The Organization for Economic Growth and Development calculated in 2009 that “12% of the value added of the non-financial business sector in the United States could be attributed to Internet-related activities.” This could equalize our standing with our neighbors in Asia, should we choose to properly use it.

The Internet is a great place for good, and a great place to do business or a place for great evil to thrive. It is in The Internet’s openness that makes it a great place for a lot of people worldwide, and it is something Filipinos today and tomorrow, richly deserve. Please veto the cybercrime bill, and ensure expression, openness, access, innovation and privacy for Filipinos using the Internet.

Thank you.

With respect,

Cocoy Dayao