I posted the full text for RA 10175 Philippines Cybercrime Prevention Act of 2012 and I promised that I will post an update here at menardconnect.com but I was occupied with lots of official stuff for the last two weeks. And since today is Blog Action Day, I am posting my notes on RA 10175  Philippines Cybercrime Prevention Act of 2012.

Aside from the lack of technical depth of RA 10175 with regards to actual cyber crime happening globally, I am  writing about two points that in my opinion is worth looking into. Again, this is coming from my experience as a infosec (information security) practitioner and blogger.

That Libel Clause

That libel clause is really the root of all clamor against this bill. When the Senate announced the bill (link to Senate announcement/PR here and PDF link here), there is really _NO_ libel clause. I am just surprised that in its final form (signed RA) this clause:

(4) Libel. — The unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code, as amended, committed through a computer system or any other similar means which may be devised in the future.

was added.

Netizens will really have doubts and may even theorize that this insertion has something to do with the Comedian Senator snafu (sorry he is NOT fit to be mentioned in the post).

I hope they can modify this part (Sorry I don’t know the correct legal term, is it repeal or amend or ?).

That Viruses Reference

RA 10175 mentions something about computer viruses. Specifically:

(3) Data Interference. — The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.

(4) System Interference. — The intentional alteration or reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or electronic data message, without right or authority, including the introduction or transmission of viruses.

My opinion is that the legislators should the use the word malware instead of the word viruses. Malware (yes its plural without the “s”) is the correct technical term so that we can include the other malicious stuff that is also prevalent with global cyber crime.

Quoting Wikipedia (so that there will be NO selosan which AV/Security Vendor’s definition I will use)

Malware, short for malicious software, is software used or created to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. ‘Malware’ is a general term used to refer to a variety of forms of hostile or intrusive software.

Malware includes computer viruses, worms, trojan horses, spyware, adware, and other malicious programs. In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states.
“

Let’s not alienate the trojans, worms, backdoors and malicious scripts from the law and coverage because they are equally used in cyber crime.

That’s all for now!

(I’m still thinking if I can safely post my experience about lawyers + blogging + social media fail that happened to me and my blog some years ago.)

Some useful links/defs on malware, viruses, and libel.

As a support to the Philippine Internet Freedom Alliance, I am posting their link here, kindly visit their site, (I’m still assessing the scripts prior to deployment).

Before I end this post, some disclosure:

I work at Trend Micro. The views expressed in this blog post are my personal opinion and do not represent my employer’s positions, strategies or opinions.
To know more on what I do full-time, kindly visit my about page.
To know more about my blog’s full disclosure policy, kindly visit my disclosure page.