Finally, after years of discussions and countless cases of computer-related crimes, President Aquino recently signed into law Republic Act 10175, or the Cybercrime Prevention Act of 2012.
The law aims to prevent and combat the misuse and abuse of information and communications technology by facilitating their detection, investigation and prosecution at the domestic and international levels.
In an apparent effort not to be strait-jacketed by the legal principle that ambiguities in penal laws should be resolved in favor of the accused, the law enumerates, rather than defines (which is the standard practice), the acts that constitute cybercrime offenses.
The offenses are divided into three categories: offenses against the confidentiality, integrity and availability of computer data and systems; computer-related offenses; and content-related offenses.
The acts covered by the first category are illegal access, illegal interception, data interference, system interference, misuse of devices and cyber-squatting.
Consistent with existing laws on intellectual property rights, cyber-squatting is defined as the “acquisition of a domain name over the Internet in bad faith to profit, mislead, destroy reputation and deprive others from registering the same.”
Offenses
The act is prohibited if the domain name in question is similar, identical or confusingly similar to an earlier registered trademark; or if it is a personal name, is identical or similar to a person’s name other than its registrant; or is acquired without any legal basis.
This offense has been the bane of companies and personalities whose trade names or reputation have gained wide domestic or international recognition. Their websites or domain names are certified crowd drawers in their respective target markets.
Scam artists have been able to play on the gullibility of unwitting victims by using domain names and logos that closely resemble those of their rightful owners or look like the real thing.
Computer-related offenses refer to the inputting, alteration or deletion of existing computer data without legal or justifiable authority for the purpose of committing a fraudulent or dishonest design.
This includes identity theft, or the “intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying information belonging to another, whether natural or juridical, without right.”
On the other hand, content-related offenses pertain to cybersex, child pornography, libel and, what makes the blood pressure of cellular phone users shoot up, unsolicited commercial communication.
Communication
The law prohibits the use of computer systems that transmit, through electronic means, messages that advertise, sell or offer for sale products and services unless the recipient has given his prior consent to such transmission, or the transmission is limited to the sender’s existing users, subscribers or customers.
If the two situations mentioned are not present, communication would still be allowed under the following conditions:
•It contains a simple, valid and reliable way for the recipient to reject receipt of further commercial messages from the same source.
•It does not purposely disguise the source of the message.
•It does not purposely include misleading information in any part of the message in order to induce the recipient to read it.
Do these conditions ring a bell? They’re the incidents or ploys that many cell-phone users complain about and with good reason. Aside from being annoying, they eat up cell-phone load.
Not surprisingly, the telecom operators deny any complicity, direct or indirect, in the proliferation of spams or unwanted messages. But who else has a database on post- and pre-paid mobile phone numbers but them.
For the right price, these data can be made available to companies that want to advertise their products and services to cell-phone users.
Penalties
The law provides for a penalty of imprisonment from six years to 12 years, or fines ranging from P200,000 to P10 million, or both, for the commission of cybercrimes, depending on the manner they are committed and the gravity of the damage caused to the injured party.
If a violation of the law also constitutes a violation of any provision of the Revised Penal Code or a special law, the guilty party may be separately prosecuted and punished for such violation.
Unlike other penal laws where the punishment is usually imposed solely on the person who committed the crime, the instant law makes corporations equally liable if they are found to have played a role in its violation.
If any of the cybercrimes is knowingly committed by a person on behalf of or for the benefit of a corporation, acting individually or as part of an organ of that corporation, the latter shall be held liable for a fine equivalent to at least double the imposable fines up to a maximum of P10 million.
To make the crime committed by that person imputable to the corporation, the law requires proof that that person acted within the scope of the authority granted to him by the corporation, or is authorized to act on behalf of the corporation, or is authorized to exercise control within the corporation.
In other words, it must be clearly shown that the person who committed the cybercrime did so with the full blessings of his employer-corporation.
The maximum fine imposed may be reduced to P5 million if the corporation can prove that the commission of the cybercrime is attributable to negligence or lack of supervision or control over the said person.
Either way it goes, however, the person who committed the cybercrime is not exempt from prosecution on top of his corporation being ordered to pay the fines mentioned.
From the looks of it, the telecom companies and other service providers behind spams and other forms of unwanted electronic communications have reason to be worried about this.
(For feedback, write to <rpalabrica@inquirer.com.ph>.)