SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

National Highway, Crossing Rubber, Tupi, South Cotabato

ETHICS FOR I.T. PROFESSIONALS

with Legal Aspects in Computing

___________________________________________________

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 1 of 8
 LEARNING MANUAL
FOR
IT 223: ETHICS FOR I.T. PROFESSIONALS
_____________________________________________________

WEEK 10-11

COURSE OUTLINE

COURSE CODE : IT 223

TITLE : ETHICS FOR I.T. PROFESSIONALS
TARGET POPULATION : All College of Information Communication Technology Students
INSTRUCTOR : MR. FRANKLIN R. TAMAYO, MIT.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 2 of 8
 COMPUTER HACKERS AND THE CYBERCRIME LAW
INTENDED LEARNING OUTCOMES
At the end of this chapter, the student is expected to:
 Recognize the territoriality principle of penal laws;
 Be aware of the need to protect and safeguard the integrity of computer, communications systems,
networks and databases, as well as the confidentiality and integrity of the data stored in a computer system.
 Recite the different cybercrime offenses and explain how such was being8 Committed;
 Discuss the elements of each of the cybercrime offenses;
 Distinguish data interference with system interference; and
 Manifest critical thinking skills in determining whether a series of acts will constitute cybercrime offenses.

INTRODUCTION
Explanatory Note of Senator Angara

Internet use in the Philippines has grown rapidly in the past decade. It has given rise to countless
opportunities to a lot of Filipinos in every field imaginable. It has served as venue for growth and development in
businesses, trade, engineering, arts and sciences and has speed up the exchange of information about practically all
aspects of life. It has since been an integral part of our daily lives.

However, the internet also has its own disadvantages and one of these is cybercrime, Ordinarily, cybercrime
is defined as any illegal and criminal activity committed on the internet. These include unlawful acts where
information technology is used either a tool or target, or both, in the commission of such unlawful acts. Any criminal
activity that employs a computer either as an instrumentality, target or a means for the commission of other illegal
acts also goes within the range of cybercrime.

In recent years, we have witnessed how cybercrime has emerged as the latest and most complicated
problem in the cyber world. Criminal activities in the cyberspace are on the rise. Computers today are being misused
for illegal activities like e-mail espionage, credit card fraud, spams, and software piracy, which not only invade our
privacy but also offend our senses. On many instances, the computer has been utilized as an instrument in the
following illegal activities: financial crimes, sale of illegal or stolen articles, pornography, online gambling, crimes
impinging on intellectual property rights, e-mail spoofing, forgery, cyber defamation, and even cyber stalking.

On the other hand, the computer may have also been the object of other unlawful acts such as, but not
limited to, illegal access or hacking, theft of information contained in electronic form, e-mail bombing, virus attacks,
internet time thefts and so forth. Examples of these types of conducts include illegal access or access to the whole or
any part of a computer system without proper authorization, illegal interception or the interception without right
made by technical means, of non-public transmission of computer data to, from or within a computer system, data
interference or the damaging, deletion, deterioration, alteration or suppression of computer data without proper
authority, system interference or the serious hindering without right of the functioning of a computer system by
inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data, misuse of devices,
forgery and fraud.

Cybercrime is an actual danger to democracy, human rights and the rule of law. It is a dangerous reality
which has to be taken seriously at the highest level. Measures to fight and prevent cybercrime must be based on
laws that fully respect civil rights. Thus, it is of utmost importance that an efficient protection and prevention
method be developed to combat cybercrime.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 3 of 8
complicated and large to be considered a computer system. Thus, a simple enrollment EL

State Policy Regarding Cybercrimes

The State recognizes

1) the viral/role of information and communications industries such as content production, telecommunications,
broadcasting, electronic commerce, and data processing, in the nation's overall social and economic development.

2) the importance of providing an environment conducive to the development, acceleration, and rational application
and exploitation of information and communications technology to attain free, easy, and intelligible access to
exchange and/or delivery of information;

3) the need to protect and safeguard the integrity of computer, computer and communications systems, networks,
and databases, and the confidentiality, integrity, and availability of information and data stored therein, from all
forms of misuse, abuse, and illegal access by making punishable under the law such conduct or conducts;

In this light, the State shall adopt sufficient powers to effectively prevent and combat such offenses by facilitating
their detection, investigation, and prosecution at both the domestic and international levels, and by providing
arrangements for fast and reliable international cooperation,

Cybercrimes Offenses
The following are some of the cybercrime offenses defined by the Cybercrime Law.

1. Offenses against the confidentiality, integrity and availability of computer data and systems.

A. ILLEGAL ACCESS. The intentional access to the whole or any part of a computer system without right.

To better understand this offense, one should be able to know what a computer system is. A
computer system means any device or a group of interconnected or related devices, one or more of which,
pursuant to a program, performs automatic processing of data. It covers any type of computer device
including devices with data processing capabilities like mobile phones and also computer networks. The
device consisting of hardware and software may include input, output and storage facilities which may stand
alone or be connected in a network or other similar devices. It also includes computer-data storage devices
or medium
Example:
A good example is a computer system used in banking transactions, transaction processing systems used by
cashiers in a mall and others. A system need NOT be so system used by the university registrar is also a
computer system.

Elements of a Computer System

1. There must be a device a group of interconnected or related devices; These devices are of any type with
data processing capabilities including mobile phones and computer networks;

2. At least one of the devices performs automatic processing of data pursuant to a program;

3. The device need NOT be connected in a network as long as it consists of both hardware and software and
have input, output and storage facilities.

Elements of the Offense of Illegal Access

1. There must be an intentional access in whole or in part of a computer system

2. The person who attempts to, or is accessing, or had already access the data has no right of access to the system.

An authorized person may not be authorized. In the foregoing that, successfully illustration, the Chief Registrar may
be guilty of illegal access if he/she adds into the records of Student X a grade of 90 in the course Thesis II where in
fact Student X has NOT yet taken the said course! Take note and/or storing data into the computer system without
right.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 4 of 8
B. ILLEGAL INTERCEPTION. The intentional interception made by technical means without right of any non-public
transmission of computer data to, from, or within a computer system including electromagnetic emissions from
computer system carrying such computer data: Provided, however, That it whose facilities are used in the
transmission of communications, to intercept, shall not be unlawful for an officer, employee, or agent of a service
provider, disclose, or use that communication in the normal course of his employment while engaged in any activity
that is necessary to the rendition of his service or a to the protection of the rights or property of the service
provider, except that the latter shall not utilize service observing or random monitoring except for mechanical or
service control quality checks; Before we illustrate this cybercrime offense, let us first define interception as used by
the law, thus:

Interception - refers to listening to recording, monitoring or surveillance of the content of communications,

including procuring of the content of data, either directly, through access and use of a computer system or
indirectly, through the use of electronic eavesdropping or tapping devices, at the same time that the communication
is occurring.

Elements of Illegal Interception

1. It must be intentional;
2. It must be by technical means;
3. The person involved is without any right to do the interception
4. The transmission of computer data to, from, or within a computer system is non-public;
5. It must not fall in any exemption.

Exemption:

An officer, employee, or agent of a service provider, whose facilities are used in the transmission of
communications, to intercept, disclose, or use that communication in the normal course of his employment while
engaged in any activity that is necessary to the rendition of his service or to the protection of the rights or property
of the service provider.

Exemption from the exemption:

 Random monitoring or full utilization of service observation

 Except in of case mechanical or service control quality checks
 If you Will read between the lines of the provisions of this law, the spirit of this statue is to protect the
privacy rights of the authorized users in the computer system.

Illustration Example: Suppose five (5) large companies as business partners are using Electronic Data interchange
(EDI). However, one of them was able, through technical means, to install ware in order to procure the content of
data, through access and use of the said EDI.

C. DATA INTERFERENCE. The intentional or reckless alteration of compute data without right.

Alteration on the other hand refers to the modification or change, in form or substance, of an
existing computer data or program.

D. SYSTEM INTERFERENCE. The intentional or reckless hindering without right of the functioning of a computer
system by inputting, transmitting, deleting or altering computer data or program. The crime offenses?

Cybersex and Child Pornography

Cybersex, Any person who establishes, maintains or controls, directly or indirectly, any operation for sexual activity
or arousal with the aid of or through the use of a computer system, for a favor or consideration.

For a person to be guilty of cybersex as defined by the cybercrime law, all the following elements
must be present.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 5 of 8
 1. There must be an operation for sexual activity or arousal;
2. The sexual activity or arousal is done with the aid of or through the use of a computer system
3. The activity is done for a favor or consideration;
4. The operation is/was established, maintained or controlled by a person directly or indirectly.

Computer-related Offenses:

1. Computer-related Forgery - (a) the intentional input, alteration, or deletion of any computer data without right
resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were
authentic, regardless whether or not the data is directly readable and intelligible; (b) the act of knowingly using
computer data which is the product of computer-related forgery as defined herein, for the purpose of perpetuating a
fraudulent or dishonest design.

A person is guilty of forgery if:

(a) with purpose to defraud or injure anyone; OR

(b) with knowledge that he is facilitating a fraud or injury to be perpetrated by anyone; the actor:

1) alters any writings of another without his authority:

2) makes, completes, executes, authenticates, issues or transfers any writing so that it purports to be the act
of another who did not authorize that act, or to have been executed at a time or place or in a numbered
sequence other than was in fact the case, or to be a copy of an original when no such original existed; or
3) utters any writing which he knows to be forged in a manner specified in the revised penal code.

To illustrate, A is a staff of a Municipal Civil Registrar, he has with him blank forms which were already
signed by the Chief Municipal Civil Registrar. His neighbor Sean, who is a player in an inter-barangay Sports Fest
needs to secure an evidence that he is still below 21 years old because as a fact, he is already 24 years old. Since
Sean was born in the said municipality, Sean asks a favor from A to change his date of birth from "1987" to "1991".
Because they are good neighbor, A provided Sean with the said document.

2. Computer-related Fraud - the intentional and unauthorized input, alteration, or deletion of computer data or
program or interference in the functioning of a computer system, causing damage thereby, with the intent of
procuring an economic benefit for oneself or for another person or for the perpetuation of a fraudulent or dishonest
activity Provided that if no damage has yet been caused, the penalty imposable shall be one degree lower.

3. Unsolicited Commercial Communications. - The transmission of commercial electronic communication with the
use of computer system which seek to advertise, sell, or offer for sale products and services are prohibited unless

a. There is a prior affirmative consent from the recipient; or

b. The following conditions are present:

i. The commercial electronic communication contains a simple, valid, and reliable way for the recipient to
reject receipt of further commercial electronic messages ('opt-out) from the same source;
ii. The commercial electronic Communication does not purposely disguise the source of the electronic
message; and
iii. The commercial electronic communication does not purposely include misleading information in any part
of the message in order to induce the recipients to read the message.

The Katrina Halili vs. Hayden Kho Case and the Anti-Phos or Video Voyeurism Act of 2009

The original version of the cybercrime Law includes the main features of RA ogg5 or the Anti-Photo or Video
voyeurism Act of 2009. However, because Congress forced to quickly enact the said law (RA 9995) due to the Sex
Video Scandal of Dr Hayden Kh0 and Ms. Katrina Halilı, the said features were deleted from the Cybercrime Law. For
all we know, the sex videos of Ms. Halili and Dr. Kho were uploaded to the to watch the said internet. Almost all
people of legal age during that time were able to watch the said videos which in a way revived the song "Careless
Whisper" because the said song was made part of the video. Only the indifferent won't be able to watch the video
because it is available in a friend's mobile phone, CDs and even in the market. In every office, the topic of the Halili
and Kho video were prevalent. Because of the humiliation, embarrassment and dishonor, Katrina sues Hayden for
violation of RA 9262, otherwise known as Anti-Violence Against Women and their Children Act of 2004. On

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 6 of 8
December 10, 2010, Pasig City Judge Rodolfo Bonifacio of the RTC Branch 59 dismissed the case for "lack of merit",
the one hundred million pesos (P100,000,000) civil damages claimed by Katrina Halili against Hayden Kho. Many
people opinea that Katrina did not win the case because of the absence of cybercrime laws in the Philippines.
It is undisputed thata man will be guilty of violating RA 9262 (with reop Halili vs. Kho) if:
1) he secretly, without the consent of the woman. videotaped their stA and
2) he uploaded the same to the internet causing "mental and emotional ar public ridicule or humiliation to the
woman..."

Name: Section:
Date: Score:

ASSESSMENT TASKS 1
Mr. Jay Ferson is the Department Chair of the Computer Science (CS) Department O TABAKO University
while Ms. Lee Jane is Mr Darcon's secretary. Tabako University is using a computer system where faculty members
are required to personally encode the grades of students, print the grade sheet and submit the signed grade sheet
to the department Secretary. The department secretary will then submit the grade sheet to the department s Chair
concerned for signature before submitting the hard copy to the Registrar's office. Even if the grade sheets are not
printed, the same is stored in the computer system and a student concerned will have his grade in the transcript of
his records. The printed grade sheet is Just a back-up copy of the computer system in case of a system failure.

On March 21, 2011 all the grade sheets were already submitted by all CS instructors to Ms. Jane. However,
Jane could not submit the same to the registrar's office because the grade sheets were NOT yet signed by Mr.
Person who attended an intensive Java Boot Camp Seminar being held in Mindanao. Without the knowledge of Mr.
Person,Ms. Jane forged the signature of Mr. Person and personally signed on the grade sheet. Jane told herself, "if I
will NOT do it, we will be late in the submission of grade sheets, anyway Sir Jay's signature is only a formal
requirement'".

Questions:

1. Is Ms. Jane guilty of Computer related forgery? Why? Why not?

2. Is she guilty of forgery under the Revised Penal Code? Why? Why not?

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 7 of 8
Name: Section:
Date: Score:

ASSESSMENT TASKS 2
Sam and Perla are having a distant relationship. It has been their habit to engage in cybersex, which Perla
did in an Internet Cafe located in Quezon City, Philippines and Sam from the United States. Both the said Internet
cafe are promoting cybersex and in fact generate huge income from that activity from their customers.

Sean, a special agent of the National Bureau of Investigation (NBI) through his bubwit, JD an effective
informer and deep penetrating agent (DPA) was able to secure a search warrant and warrant of arrest from Judge
Eugenia Garcia of RIC Quezon City. Upon the raid, Sean arrested Perla while the latter is engaged in Cybersex with
Sam. Sam, through the webcam saw Sean arresting Perla. Sam showed a dirty finger to Sean.

Question:

1. Can Sean, in the future arrest Sam from the US? Why or Why not?

2. If Perla and Sam were engaged in Cybersex but did it in their respective private room, can they be held
liable? Give your reasons.

IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 8 of 8
IT 223: Fundamentals of Database System

SOUTH EAST ASIAN INSTITUTE OF TECHNOLOGY, INC.

Page 9 of 8