Cybercrime Prevention Act
Sponsorship speech
"Quashing Cybercrime"
Senator Edgardo J. Angara

The Philippines gained notoriety in May 2000 when one of the most destructive computer viruses of all time was traced to a then 23-year-old computer science dropout in Manila. In just one day, the infamous "I Love You virus" spread to 55 million computers around the world, wreaking US$10 billion in software damage and lost businesses.

But there was another cause for notoriety. While investigators were able to arrest Onel de Guzman, the alleged creator of the computer worm, he could not be prosecuted because at that time we still had no law governing malware and related activities. In short, we were unable to bring to justice a wrongdoer who caused harm to millions of people and companies around the world.

We tried to remedy the situation. In July 2000, we passed the E-Commerce Law to protect electronic transactions. Eleven years have passed since, however, more than enough time for new threats and dangers to have emerged in the Internet. The rapid rate of technological development has outpaced our capacity to effectively police a borderless realm.

Rampant cybercrime

The Internet was born in the early 1960's. Yet, Internet regulations were only drawn up in the late 1990's.

Today, the Internet is an indispensable tool, having revolutionized the way we learn, interact, govern and manage business. It has liberated communication and different kinds of transactions from constraints of geography and time.

This freedom, however, comes with a cost. Internet usage - as well as abuse - has skyrocketed in the absence of any appropriate legal framework.

The ubiquity of the Internet has given rise to the proliferation of cybercrime - which spans hacking, identity theft, spamming, phishing, denial-of-service ("DoS") attacks, malware, and child pornography and cyber prostitution. This can be attributed to the inherent lack of security of the Internet architecture and the relative anonymity of users.

The cybercrime industry has grown huge. The U.S. government's Cyber Security Policy Review shows that losses from intellectual property and data theft alone in 2008 amounted to as much as US$1 trillion1.

Various statistics show how extensive cybercrime's reach is. IBM, in its latest report2 released in March, said that 2010 had the largest number of vulnerability disclosures to date at 8,562. This has significant implications on managing large IT networks. More vulnerabilities mean more time spent on fixing and securing compromised systems. IBM added that financial institutions are the top target of phishing, or attempts to acquire sensitive information by pretending to be a credible entity.

Furthermore, the U.S. Internet Crime Complaint Center (IC3)3 of the U.S. disclosed that it received in 2010 the second-highest number of complaints since its inception about 10 years ago. Complaints totaled 303,809 and averaged 25,317 per month.

Just last month, the consumer electronics giant Sony suffered two massive security breaches. First, it discovered that its Playstation Network was hacked, which resulted in the theft of personal information - including credit card details - of approximately 77 million users worldwide. A week later, it announced that the Sony Online Entertainment PC games network was also hacked, and data from another 25 million accounts may have been stolen.

Symantec, a leading security software firm, revealed in its report4 that nearly two-thirds, or 65 percent, of adults globally have been a victim of some form of cybercrime. In our country, about 87 percent of Filipinos have fallen to a variety of attacks, including malware invasion, online or phishing scams, and "sexual predation".

There are approximately 30 million Filipinos who use the Internet regularly. Undetected cybercrime attacks translate to an average loss over 28 days of US$223 or P12,203. As Internet penetration deepens, the potential market for cybercrime will also enlarge.

Gaps to fill

Cybercrime is a silent epidemic. People are aware that it is happening - or have even experienced it - but they are often uncertain how to deal with it. Which agency should cybercrime victims report to - the PNP, NBI, DTI or the bank and the online seller - for example.

At bottom, we lack the framework that adequately defines cybercrime and prescribes punishment for it. The United Nations country report on cybercrime5 in the Philippines notes that our E-Commerce Law does not address all forms of cybercrime listed in the Budapest Convention on Cybercrime, such as fraud and pornography.

Apart from the issue of definition, enforcement also poses great challenges. Cybercrime requires the proper technical training of law enforcers in identifying and acquiring intangible evidence of its commission.

Cyber Law is more complicated than traditional laws primarily because the range of activities it seeks to govern is largely technology driven. Hence, we need a law that can satisfactorily respond to such a dynamic and fast growing threat.

Filling the void

The Cybercrime Prevention Act will fill the legislative void. It punishes the following: offenses against the confidentiality, integrity and availability of computer data and systems; computer-related offenses such as forgery and fraud; and content-related offenses like cybersex, child pornography and unsolicited commercial communications.

The Cybercrime Prevention Act also covers mobile devices - an emerging target of cyber threats. IBM said mobile devices represent a platform for sophisticated attackers. IBM noted that related attacks are still limited because mobile devices do not yet provide the same financial opportunities as personal computing machines. But when e-commerce on our mobile phones surges, so will cyber threats.

We seek to hold liable not only individual perpetrators, but also corporate organizations that knowingly abet cybercrime.

In closing, I cannot overemphasize one fundamental principle: that central to the Cybercrime Law is collaboration. It promotes international collaboration because cybercrime is beyond the purview of any single government. On the contrary, all governments should have an equal responsibility in developing international internet governance. We cannot ensure the stability, security and continuity of the Internet on our own.

Mr. President, cybercrime poses real and present danger to global efforts to foster a global information economy. We must not let this silent epidemic continue to wreak havoc on our people.

Thank you.