CHALLENGES AND MORE CHALLENGES

The growth of the internet has certainly made life easy but performance of law enforcement work extra difficult- if not impossible. With the new medium, traditional crimes are now being performed the high-tech way and criminals get to perform their stuff with sophistication and ease, in the process maintaining their anonymity. The old method of robbing a bank wherein perpetrators would have to visit their target area to do surveillance, gather a group of “daring” men and sufficient firepower is now a thing of the past. With sufficient knowledge of the bank’s computer system, a hacker while sipping coffee from a nearby Starbucks store or in the comforts of his home can rob money from the bank with less risk of arrest and identification. Whereas before, an intended victim receives a threatening letter with a black ribbon and “bullet” on the side, nowadays, threats come in the form of emails and text messages which are cheaper, faster and again the most dreaded anonymity. The uses of technology to the criminal mind are now becoming limitless.

By far, the only existing law in the Philippines against cybercrime is Republic Act 8792 otherwise known as the Electronic Commerce Act yet a careful perusal of the law would suggest that it contains only two provisions defining and penalizing three acts: unauthorized access (hacking) launching of harmful viruses and copyright infringement with the use of the internet. All other “damaging” and “malicious” activities such as but not limited to internet gambling, internet pornography, cyber terrorism, email scams, malicious and libelous blogs, threat emails, online auction frauds, text scams, identity theft and several others are not defined and penalized under the said law. Being so, these activities get to be investigated and filed before the Prosecutors Office if need be, using old existing laws, more particularly the Revised Penal Code (R.A. 3865), which is roughly 75 years old. Whenever crimes are committed the high-tech way, the usual difficulty law enforcement encounters is how to justify the applicability of the provisions of old laws to investigate and prosecute subjects who used modern methods.

But more than the absence of these laws, the other difficulty which has remained unheeded is the lack of laws to define the manner by which law enforcement would secure the evidence needed to trace an internet activity and eventually prosecute offenders.

Investigation of computer crimes is like investigating drug offenses. In drug cases, swift action by law enforcement is a must since drugs and paraphernalia are easily disposed of and the same holds true with cyber crimes where files are easily deleted from the system, harddiscs easily replaced and pulled out from casings, and the computer itself moved from one place to another. These among others require swift action from investigators that under a best case scenario, the computers and paraphernalia utilized to commit an offense need to be confiscated immediately from the time the crime took place.

But best case scenarios are imaginations that only take place in the movies.

While law enforcement is capable of identifying the Internet Service Provider (ISP) which facilitated the internet access, the moment an investigator goes to the ISP to request for information, the same is either denied or given a run around. The usual reason given by ISPs is confidentiality - that is they are bound by an agreement with their subscribers not to divulge information without the latter’s approval and worse- without a Court Order. Oftentimes, to appease law enforcement, ISPs would claim to discuss the matter first with their legal departments which would take a lifetime to resolve, in most cases unfavorable to law enforcement. The final resolve then is for law enforcement to file Petitions in Court just so that the latter would be the one to require ISPs to produce the needed information, but the same too becomes useless at times when by the time the Order comes out, the needed information have already been deleted or recycled from the system logs of the ISP. Under the present set up, an ISP may claim to have a retention period of only one month so as to avoid participating in litigation, when in reality his system allows a longer period of retention. Other than the lack of law to define information sharing, it seems that retention period itself is an area of concern.

I certainly do not fault ISPs or Telcos for if I were in their place too, I would shy away from instances that may drag my office into participating into court litigations as witnesses. This would unnecessarily take man hours from the employees who would be sent to attend these hearings and the lost time definitely translate to costs. For this reason, I may have to cite confidentiality too when the investigators request for information when in reality there is no such agreement found in the subscription agreement or any contract for that matter.

Another difficulty would have to be the non-regulation of internet cafes. Obviously, anyone who intends to perform illegal things in the internet would not do it in the computer situated in his house or office and instead visit an internet café. Again, while law enforcement is capable of pinpointing to the origin of an internet activity in a café (hypothetically if the ISP shares information), the difficulty lies in identifying the actual suspect from the so many users who used the computers thereat. As we all know, majority of internet cafes do not maintain a logbook of their users because as long as one can pay for the rental of the computer, why bother to ask a customer his name and ID? A system that would require customers to do so is not only time consuming but would necessarily drive away customers to another café that does not institute such.

Other than those discussed above, another difficulty lies in identifying users of the internet in hotspots. Hypothetically, if an investigator breezes through the challenges posed by the ISPs/telcos and identifies an internet activity to have originated from a hotspot, the system only stores the MAC-ID of the device used in the access and nothing else. Since local laws never regulate the use of laptops, mobile devices capable of internet access and even sim cards, the efforts are put to a halt the moment when no other information is generated from the MAC-ID secured from the system.

Among sex offenses, we have heard about postings and account creations being done with sites based or webhosted abroad such as that of Yahoo! Friendster, YouTube and others. In doing investigations of sex offenses, there is a need to coordinate with their offices abroad in order to request on domain registrants, account owners, internet protocol addresses on account creations and updates and several other related information. Majority of requests to these offices abroad are ignored for the obvious jurisdictional reasons and law enforcement in the Philippines would have to contend with Mutual Legal Assistance between our country and the United States, which would entail a lengthy judicial process in both jurisdiction. While this was taking place, law enforcement and the victims have no choice but to endure the long wait and the pains of anticipation.

The bottom line is that the lack of laws has indeed taken its toll on the efforts of law enforcement against high-tech crimes. Sometimes, it takes a very sensational case to take place before legislators realize the need to legislate and when they do so, they fall short in coming up with a comprehensive and effective law.

Take the case of the LOVE BUG. Months before the occurrence of the LOVE BUG, the then bill on Electronic Commerce Act had been pending in Congress but was readily deliberated upon when the Philippines received blame for the said virus which caused US$ 12 billion worldwide. When the bill became a law, the other important aspects of the internet and high-tech investigations were never part of the Act.

Likewise, resource persons have been invited years back to share their insights on efforts to criminalize sex offenses in the internet and yet not one of which successfully made it to the end game. The debates on the applicability of the law to use in the KHO-HALILI case would have been avoided if legislators had put their acts together to pass the more important laws that society needs more than the bickering related to perpetuating their stay in power.

I for one have been advocating for the passage of the laws to cater to the above difficulties. You may call me bias for advocating that which would make my works easier, but let’s face it, the easier we do our jobs, the more that we can solve the problems that come your way. As the NBI saying goes: “The difficult we do immediately, the impossible takes us a little longer.”

I will see you next time.