MANILA, Philippines — A provision in the newly enacted Cybercrime Prevention Act giving power to the Department of Justice (DOJ) to restrict or block access to a website without court order could be very dangerous to site owners and Internet users, lawyers said Tuesday.
The specific clause, covered in Section 19 of the Act, states that the DOJ has the power to issue an order to “restrict or block access” to computer data considered as “prima facie” in violation of the law’s provisions.
Prima facie is a legal term that refers to a matter that upon first examination is sufficient to raise a certain presumption.
“[Section 19] is very dangerous,” stressed Atty. JJ Disini, professor at the University of the Philippines College of Law, in a phone interview. “It gives the DOJ the power to order the shutdown of websites at first appearance, sa unang tingin pa lang. Wala pang malinaw na violation, may order to restrict access na.”
For example, a certain blog post, which only appears to be in violation of libel laws could easily be ordered taken down by the DOJ, Disini added.
The particular provision had earlier been pointed out to be contentious by Internet and information security experts, stressing how “prima facie” evidence in the digital world can easily be faked.
“A highly skilled person who wants to frame another person could just create a lot of prima facie evidence against him, or an entire community of people,” said Drexx Laggui, a digital forensics expert, in an earlier interview.
Lawyer Romel Regalado Bagares, on the other hand, said the provision actually gives the DOJ powers already outside its usual jurisdiction.
“They should at least require an ex parte court hearing on the issuance of such an order, and it is the court that should issue the order, not the DOJ,” Bagares told InterAksyon.com.
Mounting opposition
Disini also raised concern over how the law enables enforcement agencies to collect traffic data from Internet users without a court warrant.
“They may be able to compile non-content data, such as a subscriber’s mobile number and the number of a text message’s recipient, but that doesn’t stop them from independently finding who the owner of that number is,” he explained.
Laggui meanwhile said that the provision restricting use of “hacking tools” could potentially impact the profession of security experts and licensed penetration testers.
“This new law makes [these tools] illegal. There are so many tools out there, and the law does not differentiate between a good tool and a bad tool,” Laggui said, adding that these tools are often used to test vulnerability in networks, network quality, and penetration testing.
Internet users and various media groups have also chimed in, noting how the inclusion of libel in the forms of cybercrimes constitutes a step back in the administration’s efforts for a transparent government, considering how it is currently fence-sitting on the passage of the Freedom of Information (FOI) bill.
The Center for Media Freedom and Responsibility (CMFR), in a statement, said that the passage of the Cybercrime Law could herald further government measures restricting freedoms connected with the use of the Internet.
“It can signal the opening of the floodgates of Internet regulation that will affect Filipino netizens, given the restrictive mindset of the country’s leaders,” it said.
Law guidelines coming
The government’s Information and Communications Technology Office (ICTO) said it is about to start working on the implementing rules and regulations (IRR) of the newly enacted Cybercrime law, which should allay the fears and issues raised by some sectors.
ICTO Executive Director Louis Casambre told reporters on the sidelines of the Infocomm Technology Association of the Philippines (ITAP) General Membership Meeting on Tuesday that a group is now being convened to specifically tackle the drafting of the Cybercrime Prevention Act’s IRR.
“We’re forming the national ICT advisory council, which I will head. And one of the first things on their plate is to convene a multi-sectoral group to work on the IRR,” Casambre said.
The ICTO is the agency tasked by the new law to oversee drafting of the controversial measure’s IRR. Casambre said the council will be an 11-member body, with the government taking one seat and the private sector taking the rest of the positions.
The ICTO official, while acknowledging that there are contentious provisions in the law, called for understanding considering the new measure had just been signed into law.
“No law is really perfect, we will perfect it over time as we go along. A new law has to go through a phase of clarification and definition as jurisprudence is developed,” he said.
He was not, however, forthcoming in pegging a specific date for the release of the IRR, but Casambre said he hopes “it’ll only take us a few months.”
“I think as long as we can find consensus especially on contentious issues, we can have it soon enough,” he added.
Since President Benigno Aquino III signed the bill into law last week, various camps have registered strong opposition against certain provisions of the bill, with some sounding the alarm on possible government censorship on the Internet.
Cybercrime law to protect PH businesses
But while there are objections, some sectors of society have welcomed the passage of the Cybercrime law, stressing how the importance of the Internet to local businesses needs protection from various nefarious activities committed online.
“Since we’ve now seen the legitimacy of cyberspace in business activities, we should make sure that there is a way to capture and counter criminals online,” said Dondi Mapa, president of ITAP.
He noted, however, that the cybercrime law should be viewed hand-in-hand with the recently passed Data Privacy Act, since they are “two sides of the same coin.”
“The Cybercrime law gives leeway [for the government] to snoop into certain activities of suspected criminals, but at the same time the Data Privacy Act makes sure that the rights of people are protected,” he explained.
The Business Process Association of the Philippines (BPAP), meanwhile, stressed how having a cybercrime legal framework will protect the local BPO sector, where a huge volume of transactions are done electronically.
“It’s good to have rules and regulations within the digital economy,” said BPAP President and CEO Benedict Hernandez.
