Dissecting the proposed Philippine Anti-Cybercrime bill

Cyber Crime

Why the Anti-Cybercrime bill is about wiretapping, and less about fighting child pornography.

“People from all walks of life,” Congresswoman Arroyo started, “may fall prey to fraudsters, and other unlawful attacks such as committing fraud, child pornography, intellectual property infringement, stealing of identities and privacy violation.”

Mr. Angara in the explanatory note on Senate Bill 52 wrote on a whole hodgepodge of issues relating to cyber crime.

Both Mrs. Arroyo and Mr. Angara are right and they are both utterly wrong. They are right in so far there is truth to their words. They are wrong in the approach that they deem prudent.

Both versions of the Anti Cybercrime bill in the Senate and the House of Representatives tackle a slew of issues from cybersex to anti-child pornography to cracking into computer systems, and warrantless eavesdropping. Though these “crimes,” use computer systems, they are each different issues that the law must tackle independently. They each lead to a creation of an agency that will help government in dealing with cybercrime as well as to force private companies to do their snooping for them. In short it seeks a blanket authority in all these crimes, which shouldn’t be the case. Each crime should be treated separately, and justly. To mix and muddle different issues into one blanket law is a mistake.

Let me explain.

One bill to rule them all

The bill actually creatively circumvents, paragraph 1, Section 26, Article VI of the 1987 Constitution which reads, “Every bill passed by the Congress shall embrace only one subject which shall be expressed in the title thereof” by making it appear that Cybersex, Anti-Child Pornography, cracking into computer systems, and others are all one topic under one blanket bill. They are clearly distinct issues that coincidently use Cyberspace as a mechanism for the crimes they perpetuate.

On Cybersex

House bill 6794:

Chapter 2, Subsection C, Section 4, described as “Content-related Offenses,” defines what Cybersex is. It goes that it is,

“engaging in establishing, maintaining or controlling, directly or indirectly any operation for sexual activity or arousal with the aid of or through the use of a computer system for a favor or consideration;”

Then it follows:

“Recording private acts including, but not limited to, sexual acts, without the consent of all parties to the said acts or disseminating any such recording by any electronic means with or without the consent of all parties to the said acts.”

It blabbers on about exhibiting live or recorded shows, the posting of obscene or indecent pictures, as well as the financing of cybersex operation and coercion, threatening or intimidating or inducing anyone to participate.

The Angara Senate bill 52 limits itself to:

“Cybersex – any person who establishes, maintains or controls, directly or indirectly, any operation for sexual activity, or arousal with the aid of or through the use of a computer system, for a favor or consideration.”

In the United States, Bill Clinton signed into law the Communications Decency Act of 1996.   The United States Congress meant to regulate pornographic material on the Internet.

In 1997 a landmark ruling by the United States Supreme Court, “Reno v. American Civil Liberties Union,” came out and where all nine justices struck down the anti-indecency provisions of the Communications Decency Act.

This section on Cybersex is clearly in response to the whole Hayden Kho sex tape series. What’s clear in that case, which eludes the distinguished men and women of the Congress, is that Mr. Kho may have recorded his activities and in some cases the women were clearly aware of the recording. That shouldn’t be a crime. The crime should have been that it was distributed without the permission of either Mr. Kho or the women involved. That was the crime, and that’s where the law must focus on— the distribution of private content without the consent of those people involved.

The problem here isn’t that Cybersex is defined, but the problem here is that government is legislating what is obscene and what is indecent and what goes on in the bedroom. The favor or consideration doesn’t even have to be with malice. The favor or consideration could be between a husband and wife enjoying something they both want. The house bill clearly identifies that all distributed recording is distributed is illegal whether both parties consented to it or not. There shouldn’t be a problem if both adults consent to it. A husband travels abroad and wants the sex tape and made with his wife available on his personal laptop. The wife agreed to it, and may even have put it there. A girlfriend letting her boyfriend have the same kind of fun, shouldn’t be prevented to do so. Why shouldn’t they be given that freedom of expression?

Not every part of the bill– particularly of HB6794, is wrong. There is subsection h, which reads “the coercing, threatening, intimidating or inducing anyone to participate in a cybersex operation,” is considered as an offense. And that’s good; that’s the only thing that ought to be there. When there is no longer consent from one party, then it should be illegal, but then the new Senate Bill 52 is silent on this matter.

Angara’s senate bill 52 is remarkably silent on those points when women are coerced, threatened, intimidated, induced, or forced in a cybersex operation or even harassed via digital devices or messages.

On child pornography

There is actually nothing wrong in how the both bills depicted what child pornography is. As it stands, there shouldn’t be an argument against it. Child Pornography is evil and must be properly punished.

Turning ISPs into Big Brother

The Angara Bill is actually weird. In the first part it defines Illegal Interception.

Illegal Interception – The intentional interception made by technical means without right of any non-puhlic transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data: Provided, however, That it shall not be unlawful for an officer, employee, or agent of a service provider, whose facilities are used in the transmission of communications, to intercept, disc lose, or use that communication in the nonnal course of his employment while engaged in any activity that is necessary to the rendition of his service or to the protection of the rights or property of the service provider, except that the latter shall not utilize service observing or random monitoring except for mechanical or service control quality checks;

So it is unlawful for an officer or employee or agent of a service provider to intercept transmissions. They’re not allowed to monitor unless for service or quality control checks.

In section 9 of the bill, the Law basically deputizes each ISP to act as an agent of the government. Basically when a Court Order says, to aid law enforcement, government is not only authorized to collect or record by technical or electronic means, but

“service providers are required to collect or record by technical or electronic means and/or to cooperate and assist law enforcement authorities in the collection or recording of, traffic data, in real-time, associated with specific communications transmitted by means of a computer.”

In plain speak, government is deputizing a business to do its dirty work.

Then the bill goes on—

“The integrity of traffic data and subscriber information relating to communication services provided by a service provider shall be preserved for a minimum period of six (6) months from the date of the transaction. Content data shall be similarly preserved for six (6) months from the data of receipt of the order from law enforcement authorities requiring its preservation.”

Note that, the ISP in this case shouldn’t even have this capability turned on.

So an ISP is supposed to not collect the data, but is also required by law to have the capability to preserve something that they were not in the first place suppose to have?

Convoluted logic isn’t it?

The Bill is being vague at a point that it shouldn’t be vague.

Unsolicited Commercial Communications
The Anti-Cybercrime bill has a provision on what it calls, unsolicited commercial communications, which it defines as

“The transmission of commercial electronic communication with the use of computer system which seek to advertise, sell, or offer for sale products and services are prohibited unless:

a. There is prior affirmative consent from the recipient or the following conditions are present:
1. the commercial electronic communication contains a simple, valid and reliable way for the recipient to reject receipt of further commercial electronic messages (‘opt-out’) from the same source;
2. The commercial electronic communication does not purposely disguise the source of the electronic message, and
3. The commercial electronic communication does not purposely include misleading information in any part of the message in order to induce the recipients to read the message.”

The way this section is written, could very well mean all advertising on the web is illegal. That means Google ads are illegal. That means Apple iAds are illegal.

What the proponent of the bill must be trying to do is for SMS messages that service provider push unnecessarily to customers. So why not just say it out loud? This should be a separate bill in itself. It should define what SMS is. One may even argue that there shouldn’t be a law on this, but rather a clear and strict policy by the National Telecommunications Commission.

So advertising is now going to be a crime. It does send a strange message don’t you think?

Illegal access provision
The Anti-cybercrime bill also proposes to define what illegal access is. In the E-Commerce Act of 2000, specifically paragraph a, section 33 has already defined what hacking is. In both the existing law and the proposed bill, “Fraud,” “Forgery” in SB 52 and the term, “hacking,” under the E-Commerce Act of 2000 are synonymous.

Why does the Anti-Cybercrime bill have to redefine the existing law?

Why not an amendment to the E-Commerce Act?

The proposed anti-cybercrime bill as it is written dabbles in too many subjects. It meddles with the bedroom, defining what is indecent, and on the verge of breaking that sacred right— freedom of expression.

The bill also fall short on giving government teeth when it needs it. Creating a Cyber Investigation and Coordination Center, but creating a bureaucracy rather than actually doing something to fight crime.

What’s more, the crime of this bill is that it is vague when it ought to be clear.

If the intent of the Bill is to fight Child Pornography, then it best do it and come out right and write a bill that says, “An Act Defining Child Pornography Providing for prevention, investigation and penalties.”  If the Bill is about defining what pornography is, we must ask ourselves, is that too high a price for freedom of speech and expression?  If the Bill is to give the government some teeth in combating crimes online, this bill in its present form is only adding needless bureaucracy, threatening freedom of expression and speech and the right to privacy.   It does not balance the need for the government to do its job, the needs of the future and ensuring that the rights of Filipinos are protected.

Any future cybercrime bill must not be silent when women are coerced, threatened, intimidated, induced, or forced in a cybersex operation or even harassed via digital devices or messages.

What else? What are the future needs of the Philippines?  What are those rights that Filipinos need to have?  And how should we define a comprehensive national cyber strategy that accounts for all that, and the future? How do we create a Cyber Crime Police that does the job it was suppose to do— protect our women and children from abuse?

To be continued…

image credit: Some rights reserved by digital_monkey

Cocoy Dayao

Cocoy is the Chief Technology Officer of Lab Rats Technica, a Digital Consulting company that specialises in DevOps, iOS, and Web Apps, E-Commerce sites, Cybersecurity and Social Media consulting. He is a technology enthusiast, political junkie and social observer who enjoys a good cup of coffee, comic books, and tweets as @cocoy on twitter.

Cocoy is also the Managing Director and Editor-in-Chief of the ProPinoy Project.

Cocoy considers himself to be Liberal.