Why the Philippine Cybercrime Law makes everyone is a criminal, even the government

Many believe that the Philippine Cybercrime law is only evil because of the libel provisions. What if I told you that, everyone would be a criminal by merely using a computer with a firewall? Or for that matter, Corporations in the Philippines using natural defenses?

The Cybercrime law mentions interception four times in the bill.

First:

(m) Interception refers to listening to, recording, monitoring or surveillance of the content of communications, including procuring of the content of data, either directly, through access and use of a computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at the same time that the communication is occurring.

Second:

(m) Interception refers to listening to, recording, monitoring or surveillance of the content of communications, including procuring of the content of data, either directly, through access and use of a computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at the same time that the communication is occurring.

Third:

(2) Illegal Interception. – The interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data.

And fourth:

SEC. 15. Search, Seizure and Examination of Computer Data. — Where a search and seizure warrant is properly issued, the law enforcement authorities shall likewise have the following powers and duties.

Within the time period specified in the warrant, to conduct interception, as defined in this Act

So, OK. Here’s the thing. “Application-layer firewalls, which emerged in the 1990s, look still deeper into network traffic” Application firewalls were the first real “deep packet inspection” devices, checking the application protocols within the packets themselves, as well as searching for patterns or keywords in the data they contain.

So yeah, every PC and every Mac is in violation of the law because every device does, by definition of the law is eavesdropping.

Every company in the Philippines filtering Facebook off their network because, hey, no one wants to pay an employee to Facebook (unless of course you’re in that sort of business) is in violation of the law. An employee for example can sue the government for illegal interception of his private correspondence. Just so you know, how web filtering does— including intrusion detection analyzes packets sent over the network— you know, “listening” to it. Looks at all of it and says, ok this one passes, this one doesn’t. Or, oh hey mister systems administrator, this packet looks like bit torrent!

Not to mention every legitimate network administrator is now susceptible to violating the law because they use such tools like wireshark (network protocol analyzer), or scanny (“a powerful multifunctional networking instrument for finding connected devices, looking up detailed device information, network troubleshooting, scanning ports, testing network security and firewalls.”). And they would be scanning packets with private correspondence.

An email traveling from your workstation in the office is almost always unencrypted. What if it was a private email sent to a loved one? What if it was a private chat message? What if it was a direct message on twitter? The company network will still be inspecting it. And by definition of this law, that person can sue the company, and the administrator because they peaked into private correspondence.

The president’s merry men of course justified all this as wait– before you complain, wait for the implementing rules and regulation. The thing is, as much as President Aquino is benevolent, future governments may not be. The thing is, will implementing rules and regulation prevent frivolous lawsuits? Can an IRR make garbage sweet smelling? Are we then going to wait for jurisprudence to correct the legislature and the executive, when surely the law could have been written far, far better? And the thing is, good an idea to have a cybercrime law, it is just a terribly written law. The thing is, the President got bad advice from the legal memorandum the executive secretary’s office prepared. So yeah, since every firewall on a modern Computer does some inspection, right now, you are a cybercriminal. Also, the law that supposedly protects people from such things like fraud, spam, hackers and such requires you to actually open the doors and let ’em all in creating a chicken and the egg problem.

Brilliant move, no?

Cocoy Dayao

Cocoy is the Chief Technology Officer of Lab Rats Technica, a Digital Consulting company that specialises in DevOps, iOS, and Web Apps, E-Commerce sites, Cybersecurity and Social Media consulting. He is a technology enthusiast, political junkie and social observer who enjoys a good cup of coffee, comic books, and tweets as @cocoy on twitter.


Cocoy is also the Managing Director and Editor-in-Chief of the ProPinoy Project.


Cocoy considers himself to be Liberal.


  • UPnnGrd

    Would it not be great if PersiNoynoy were to humbly state (Ilike Chiz Escudero had done)…. would it not be great if PersiNoynoy were to humbly state that he was mistaken to have signed the document?