A key author of the Philippines' E-Commerce Act of 2000 on Friday disputed a complaint by the nation's chief prosecutor that the law is inadequate to prosecute future suspects in cases like the dissemination in May of the ILOVEYOU virus.
Chief State Prosecutor Jovencito R. Zuno said Wednesday that the E-Commerce Act, approved and signed in June to wide acclaim, is not specific enough for cases such as the infamous ILOVEYOU virus. The virus apparently originated in the Philippines and wreaked havoc in data systems worldwide.
Zuno spoke after charges were dropped against Onel de Guzman, who had been suspected of disseminating the virus.
The E-Commerce Act, which includes provisions against hacking as well as providing legal status and guidelines for online transactions could not be applied retroactively against de Guzman, Zuno said.
However, the law as it stands is also not specific enough for future prosecutions in similar cases, Zuno said. He added he was pushing for additional laws to cover such crimesCongressman Leandro Verceles Jr., who says he was the principal author of the law, refuted Zuno's complaints in an e-mail message Friday.
"I beg to disagree with the opinion of [Zuno]. The law is sufficient enough to penalize hackers or crackers. Section 33 of the E-Commerce Act states the conditions that must occur before a person can be held liable for a committed felony such like spreading the ILOVEYOU virus," Verceles wrote.
The three basic conditions are unauthorized access to a computer system, intent to steal or destroy and lacking the knowledge and consent of the computer system owner, he wrote. Introducing a virus that causes destruction, corruption, theft or loss of data is also covered, he added.
"The act of hacking and cracking in this case can definitely be penalized," Verceles wrote.
The defense attorney for an earlier suspect in the case also said the law is specific enough to do the job.
"I think it's clear," said J.J. Disini, managing partner at Disini & Disini Law Office, in Manila. Disini is a specialist in Internet law and represented Reomel Ramones, who earlier this year was held on suspicion of disseminating the ILOVEYOU virus.
However, Disini added that computer crime is a moving target.
Technology always moves faster than the law, so there are things hackers will do that will not be covered by the law," Disini said.
De Guzman, 23, a former student from Amable Mendoza Aguiluz Computer College in Manila, was charged in June with theft under a Philippines law that traditionally covers credit card fraud and faced a maximum sentence of 20 years in prison and a fine of 10,000 pesos (US$222) or more. [See "Charges Filed Against Love Bug Student," June 29.] He has been released from custody, Zuno said.
The DOJ dismissed the criminal charges, which were filed by the National Bureau of Investigation.
Archimedes Manabat, one of the member-prosecutors of the three-man DOJ panel that reviewed the case, confirmed to Computerworld Philippines that the justice department cleared De Guzman of all charges in a resolution approved by Zuno early last week.
"We found that there is no prima facie case against De Guzman, so in our formal resolution we sought for the charges to be dropped against him," said Manabat, adding that the panel came out with the draft on August 14.
De Guzman, suspected of writing the virus with college friend Michael Buen, was charged with theft and violating the Access Device Regulation ActThe National Bureau of Investigation is continuing to investigate de Guzman's involvement in the case, Zuno said, but he would not specify under what law the government hopes eventually to charge de Guzman.
Complementary laws that will flesh out the criminal provisions of the E-Commerce Act are now moving through the House of Representatives and Senate, said Ramon Ike Villareal Seneres, director general of the government's National Computer Center, in a telephone interview on Tuesday.
Despite the dropping of charges against a suspect in one of the most infamous hacking cases in history, the Philippines is heading off a reputation as a threat to Internet security, Villareal Seneres said.
"The whole community will see it as a positive move on our part that we've passed the E-Commerce Act," Villareal Seneres said in a telephone interview Tuesday.
Within government, Villareal Seneres is leading an initiative to coordinate all agencies' security systems to defend against attack, he added. The National Information Infrastructure Protection System will be a national data-sharing system that lets government departments communicate securely. Efforts by individual agencies will continue and be coordinated.
"This is an area where I'd be happy to see multiple redundancies," Villareal Seneres said.
The "ILOVEYOU" computer virus was released on May 4 and quickly crippled e-mail servers around the globe. Estimates by research analysts peg financial damages caused by the "ILOVEYOU" virus at US$8.7 billion.
The bug was sent to approximately 84 million users, and 2.5 million to 3 million were actually affected.
Additional reporting by Computerworld Philippines Staff Writer Jennifer Bagalawis.