Tuesday, January 8, 2008

Remote Malefactors - How do we punish them?

It is almost impossible to surf internet sites nowadays without having cookies transferred to your computer. Cookies are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. Cookies are supposed to be harmless but advertisers sometimes use them to track consumer behavior by recording the web pages a user visits. Is that legal in the Philippines? Is that hacking as defined and penalized by the E Commerce Act?

SEC. 33. Penalties. - The following Acts shall be penalized by fine and/or imprisonment, as follows:

(a) Hacking or cracking which refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document shall be punished by a minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months

If using cookies to track consumer behavior is hacking or cracking as defined in Sec 33 a of the E- Commerce Act and if so against whom will it be enforced?

Furthermore, if Microsoft sends Filipino users computer updates that destroy or disable pirated software without any notification that the update is meant to perform the above mentioned functions and the Filipino user installs that update and suffers a loss of data, can Microsoft as a corporate entity be charged with hacking or cracking under Sec 33a of the E-Commerce Act as the update has accessed the computer in order to perform a function of destruction without the consent of the owner? Or is it merely a case of destruction of property?

I am of the opinion that both situations are instances of hacking as defined by Sec 33a of the E-Commerce Act but no jurisprudence on the matter seems to be available. I guess that for now I will have to simply wait and see.

No comments: