SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

National Highway, Crossing Rubber, Tupi, South Cotabato

ETHICS FOR I.T. PROFESSIONALS

with Legal Aspects in Computing

___________________________________________________

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 1 of
 LEARNING MANUAL
FOR
IT 223: ETHICS FOR I.T. PROFESSIONALS
_____________________________________________________

WEEK 15-16

COURSE OUTLINE

COURSE CODE : IT 223

TITLE : ETHICS FOR I.T. PROFESSIONALS
TARGET POPULATION : All College of Information Communication Technology Students
INSTRUCTOR : MR. FRANKLIN R. TAMAYO, MIT.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 2 of
 EXTENT OF LIABILITY OF ICT PROFESSIONAL AND OTHER COMPUTER RELATED LAWS
INTENDED LEARNING OUTCOMES
At the end of this chapter, the student is expected to:

● Recognized the rights of a bona fide credit card holder;

● Discuss the prohibited acts under RA8484 or the Access Devices Act of 1998;
● Conclude whether or not the author of any "Computer Virus" may be prosecuted under RA 8484;
● Resolve the extent of liability of an ICT professional in a particular case;
● Enumerate and discuss the salient features of the E-Commerce Law;
● Decide whether or not the author of any "Computer Virus" may be prosecuted under the E-Commerce Law;
and
● Discuss how the secret-key encryption works in providing security in an E-Commerce business.

INTRODUCTION
Protecting the Right of a Bonafide Credit Card Holder from a system Generated Error
many businessmen are carrying with them credit cards and/or check instead of cash. Although credit cards and
checks are NOT legal tender, they are widely used and accepted in the business community as a substitute for cash.
Nowadays, it is too difficult to carry with us a huge amount of money, thus VISA • Three Credit Cards by Petr
Kratochvil

RA 8484. The Access Devices Regulation Act of 1998.

RA 8484 is an act regulating the issuance and use of access devices and prohibiting the fraudulent acts
committed relative thereto, among others. By enacting this legislation, the State recognizes the recent advances in
technology and the widespread use of access devices in commercial transactions (Sec. 2).

What is an "Access Device"?

Access Device - means any card, plate, code, account number, electronic serial number, personal
identification number, or other telecommunications service, equipment, or instrumental identifier, or other means
of account access that can be used to obtain money, good, services, or any other thing of value or to initiate a
transfer of funds (other than a transfer originated solely by paper instrument.

What is a "credit card"?

Credit Card - means any card, plate, coupon book, or other credit device existing for the purpose of
obtaining money, goods, property, labor or services or anything of value on credit.

What shall you do if you lose your credit card or other access devices?

In case of loss of an access device, the holder must notify the issuer of the access device of the details and
circumstances of such loss upon knowledge of the loss. Full compliance with such procedure would absolve the
access device holder of any financial liability from fraudulent use of the access device from the time the loss or theft
is reported to the issuer.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 3 of
What are the prohibited acts under RA 8484?
Section 9. Prohibited Acts. - The following acts shall constitute access device fraud and

a. producing, using, trafficking in one or more counterfeit access devices;

b. trafficking in one or more unauthorized access devices or access devices fraudulently
c. using, with intent to defraud, an unauthorized access device,

are hereby declared to be unlawful: applied for;

d. using an access device fraudulently applied for:

e. possessing one or more counterfeit access devices or access devices fraudulently applied for:
f. producing, trafficking in, having control or custody of, or possessing device-making or altering equipment without
being in the business or employment, which lawfully deals with the manufacture, issuance, or distribution of such
equipment;
g. inducing, enticing, permitting or in any manner allowing another, for consideration or otherwise to produce, use,
traffic in counterfeit access devices, unauthorized access devices or access devices fraudulently applied for;
h. multiple imprinting on more than one transaction record, sales slip or similar document, thereby making it appear
that the device holder has entered into a transaction other than those which said device holder had lawfully
contracted for, or submitting, without being an affiliated merchant, an order to collect from the issuer of the access
device, such extra sales slip through an affiliated merchant who connives therewith, or, under false pretenses of
being an affiliated merchant, present for collection such sales slips, and similar documents;
i. disclosing any information imprinted on the access device, such as, but not limited to, the account number or
name or address of the device holder, without the latter's authority or permission;
j. obtaining money or anything of value through the use of an access device, with intent to defraud or with intent to
gain and fleeing thereafter,
k. having in one's possession, without authority from the owner of the access device or the access device company,
an access device, or any material, such as slips, carbon paper, or any other medium, on which the access device is
written, printed, embossed, or otherwise indicated;
l. writing or causing to be written on sales slips, approval numbers from the issuer of the access device of the fact of
approval, where in fact no such approval was given, or where, if given, what is written is deliberately different from
the approval actually given;
m. making any alteration, without the access device holder's authority, of any amount or other information written
on the sales slip;
n. effecting transaction, with one or more access devices issued to another person or persons, to receive payment or
any other thing of value;
o. without the authorization of the issuer of the access device, soliciting a person for the purpose of:

1. offering an access device; or

2. selling information regarding or an application to obtain an access device; or
3. without the authorization of the credit card system member or its agent, causing or arranging for another
person to present to the member or its agent, for payment, one or more evidence or records of transactions
made by credit card.

Art. 1467. A contract for the delivery at a certain price of an article which the vendor in the ordinary course of
business manufactures or procures for the general market, whether the same is on hand at the time or not, is a
contract of sale, but if the goods are to be manufactured specially for the customer and upon his special order, and
not for the general market, it is a contract for a piece of work.

Analyzing the above provision, it gives two (2) tests for distinction:

of software. Article 1467 of our Civil Code is persuasive thus:

1. Manufacturing or developing in the ordinary course of his business. This covers contract of sale;
2. Manufacturing or developing upon special order of customers. This covers contracts for piece of work.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 4 of
The E-Commerce Law
Six weeks after the "I LOVE YOU" virus attack, the government has outlawed some computer crimes through the E-
Commerce Law. The Electronic Commerce Act of 2000 or Republic Act 8792 was signed into law on June 14, 2000. It
was a landmark legislation as it was the country's response to the changes brought about by the information age. It
focuses more on electronic evidence and common online crimes such as hacking and copyright violations.

The Philippine Congress enacted R.A. 8792 in order to provide a legal framework for internet-based services
such as electronic commerce. It has given an electronic document and electronic signature58 legal binding effect
same as that of a paper-based document. Aside from the provisions on e-commerce, the law also seeks to punish
perpetrators of cybercrimes particularly computer hacking, introduction of viruses and piracy of copyrighted works
by providing penal sanction thereof. Thus, Section 33 of the law provides.

Security: A Very Important concern in E-Commerce

If there is one reason why corporations and businessmen would not enter into an e-commerce business, it
must be in the issue of security. The general security concerns in e-commerce involve the following:

• User authorization
• Data and transaction security.

How do you ensure user privacy and information security in an open network like the Internet?

The available authorization schemes which make sure that only authorized users and programs can gain
access to information resources such as user accounts, files, and databases, are:

• Password protection
• Encrypted smart cards
• Biometrics
• Firewalls

What are the available data transaction security schemes?

For purposes of protecting the privacy, integrity and confidentiality of business transactions must be held private
transactions and messages, the following data and transaction security schemes may be used:

• Secret-key encryption
• Public/private-key encryption

What are the basic requirements of transaction security?

and intact,

Transaction privacy. This simply means that transactions must be held private and intact, with unauthorized users
unable to understand the message content.

Transaction confidentiality. This implies that traces of transactions must be dislodged from the public network. No
intermediary is permitted to hold copies of the transaction unless authorized to do so.

Transaction integrity. This simply means that transactions should be protected from unlawful interference they
must not be altered or modified.

What is Encryption?

Encryption is a set of secret codes which defends sensitive information that crosses over public channels
(such as the Internet). It is a mutation of information in any form (text, video, and graphics) into a form decipherable
only with a decryption key. The purpose of encryption is to make data impossible for a stranger who obtains the
ciphertext (encrypted information) while in a transit across the network, to understand it, while enabling the
intended recipient to decode and recover the original message - unaltered and not tampered with.

What are the kinds of encryption?

1. Secret-key encryption (single-key)
2. Public/private-key encryption A key is a very large number, a string of zeroes and ones.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 5 of
What is a Digital Signature?

A digital signature is a cryptographic mechanism - the counterpart of a written signature on a paper-based

transaction. Its basic function is to verify the origin and contents of a message for sender authentication purposes. It
allows the computer to notarize the message, to assure the intended recipient that the message has not been while
the network traversed.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 6 of
Name: Section:
Date: Score:

ASSESSMENT TASKS 1
Juan is commissioned by TABAKO Corporation to develop for them a software which will be used by the Production
department. Juan developed the system but intentionally designed it, such that, on January 1, 2016, or five years
after its release, the system hang and would NOT function anymore. According to Juan, Tabako is compelled to call
him and hence, he would get additional maintaining fees. Did Juan violate any provision of the e-commerce law?

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 7 of
Name: Section:
Date: Score:

ASSESSMENT TASKS 2

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 8 of