Monday, November 07, 2005

Effects of Internet on the Practice of Law


By Atty. Jose Marie E. Fabella

I. Introduction

During the Philippine Judiciary’s pre-globalization era of information technology, there had been a limited and less-efficient approach towards the ideal way of proper administration of justice. Court research has been constrained to rely principally on hard copies of relevant but limited literature. Data processing was at a slow pace considering that most of the equipments are manually operated. Worse, there was no concrete and specific legislation against acts and omissions in violation of rights involving information technology. As the years passed by, the modern age of technology had constantly knocked on the doors of our Philippine courts. The growing complexities of controversies involving information technology have given the judiciary a handful of reasons to adapt a policy of modernization or face the consequences of an antiquated and inefficient method of dealing with such cases.

In 1999, the case of IBM Philippines vs. NLRC (G.R. No. 117221 [April 13, 1999]) discussed the issue of the admissibility of a termination letter sent by an employer through electronic message. The Supreme Court made the following comments:

“The computer print-outs, which constitute the only evidence of petitioners, afford no assurance of their authenticity because they are unsigned. The decisions of this Court, while adhering to a liberal view in the conduct of proceedings before administrative agencies, have nonetheless consistently required some proof of authenticity or reliability as condition for the admission of documents.”

This case has been one of the pioneers of reiterating the need for a specific set of rules that are relevant to matters of information technology. Thus, on June 14, 2000, the Philippine Senate approved Republic Act No. 8792:

"An Act Providing for the Recognition and Use of Electronic Commercial and Non-commercial Transactions and Documtents, Penalties for Unlawful Use Thereof and for Other Purposes."

that was considered a first step intended to meet the growing need of properly addressing information technology cases. The following year, the Supreme Court, under the Sub-Committee on E-Commerce headed by Mr. Justice Jesus Elbinias came up with the Rules on Electronic Evidence authored by Atty. Jesus Disini and Engineer Albert de la Cruz. While being faced with much criticism and negative feedback, the rules were meant to augment the previous law in terms of the appreciation of electronic evidence in connection with the provisions of the Rules of Court on Evidence.

After the passage of the foregoing, the stage was slowly being set for the coming of the era of information technology globalization. A dedicated effort is now being exerted to access worldwide information for the appreciation of the Judiciary in furtherance to its objectives. Hence, came different matters that need to be addressed ranging from related offenses up to the court’s adaptability to the ever growing demand for modernization. It is important to note however, that modern means and methods are not meant only for concerns of information technology breaches. Much is to be expected from modernization to significantly assist the judiciary in the proper dispensation of even non-computer related offenses.

II. Computer Forensics

In the field of Computer Forensics, Atty. Al. S. Vitangcol III, the Philippines' first and only Computer Hacking Forensic Investigator (CHFI) certified by the US-based International Council of E-Commerce Consultants (EC Council), wrote an article entitled: “Computer Hacking Forensic Investigation: The Art and Science of Gathering Digital Evidence.” It reads as follows:

“Dramatic changes in Information and Communications Technology (ICT) have made computers and computer-based information systems an integral part of everyday life. Likewise, there is a greater potential for these technologies to be used in unlawful, unauthorized, and unethical acts. Thus, computer-based information has become an important resource for evidence in criminal investigations and legal matters.”

“Computer forensics is both an art and a science. It is a highly scientific field where specialized software and hardware tools provide the conduit for an experienced, professional computer forensics investigator to acquire, extract and analyze digital data. An experienced computer hacking forensics investigator (CHFI) can perform numerous other tasks not readily apparent to the average computer user, all in compliance with existing rules of evidence simply, the art of digital evidence creation.”

“Securing electronic evidence is normally the major focus in computer-related disputes and criminal cases. For example, electronic evidence is critical in situations involving disloyal employees, computer break-ins, possession of pornography, breach of contract, industrial espionage, e-mail fraud, harassment, webpage defacements and theft of company-owned intellectual properties, among others.”

“Computer Forensics is known in United States' courts as "electronic discovery", which involves the collection of electronic evidence from all types of computer media utilizing electronic discovery tools and techniques to help corporations and lawyers obtain electronic evidence from computer systems for use in a court of law or other investigation purposes. Simply put, computer forensics is the discovery of computer-related evidence and data.”

“There are three kinds of crimes that require computer forensics investigation:

1. Crimes that are non-computer related (e.g. murder, drug trafficking) but its prosecution can be aided by digital evidence found in the suspect(s)' computer systems.

2. Non-computer crimes that are perpetuated using computers (e.g. fraud, intellectual property theft). Digital evidence can be recovered in the computers used in the perpetuation of the crime.

3. Computer-related crimes (e.g. computer hacking, computer piracy).”

“In computer forensics there is no 'typical case'. However, there are procedures that are consistently followed in all computer forensics investigation. This is the Four-Stage computer forensics process.

1. Acquire the Subject Computer. This stage consists of access to the subject computer, optionally removing the hard disk or acquiring the whole computer unit. This is necessary to prevent someone from permanently altering or deleting data in the computer at a later date.

2. Create an Exact Copy of the Hard Disk. This stage consists of creating an exact image of the entire disk. The disk is accessed using a special program which locks the disk drive so no contents can be altered.

3. Analyze the Evidence Disk. This stage consists of analyzing the evidence disk based on search parameters required by the case. Digital evidence are accumulated and carefully documented, for use in trial litigation, as the analysis phase progresses. Every aspect of the computer forensics investigation is thoroughly documented for potential legal consideration.

4. Record and Report the Evidence. This stage consists of producing reports both in hardcopy and on electronic form. The CHFI can now testify on all information contained in the final report and the methods used to acquire and process the evidence.”

“Computer Forensics can also be used for non-legal related purposes. Although the primary purpose of computer forensics is to gather electronic evidence for eventual use in a court of law or other investigation purposes, the former can also be resorted to for resolving common computer problems, which are not crime related, in the corporate world.”

“The field of computing investigations and forensics is constantly changing. A CHFI should stay current with the latest technical changes in computing hardware and software, networking, and computing forensics tools. He must learn about the latest investigation techniques that can be applied in computer forensics cases. He must maintain objectivity and confidentiality during an investigation and conduct himself with integrity.”

“There is no dedicated facility for computer forensics now existing in the Philippines. Admittedly, there are a few computer data recovery laboratories being maintained by hardware vendors and information system service providers, but none is dedicated to the thorough, efficient, and secure means of investigating computer crimes from initial discovery to expert witness testimony in a court of law.”

“A secured and dedicated computer forensics facility will give investigators control over the acquired computer media and possible digital evidence. The chain-of-custody and the integrity of the evidence will never be compromised with such a facility in place. Hence, a need for a National Computer Forensics Laboratory (NCFL). Once the NCFL is established, it is expected to benefit the police and other law enforcement agencies, ICT security officers, legal professionals, the judiciary, and other government agencies.” (Computer Hacking Forensic Investigation: The Art and Science of Gathering Digital Evidence by Atty. Al. S. Vitangcol III)

Computer Hacking Forensic Investigators will surely aid in the proper gathering, identification and preservation of electronic and digital evidence as well as other types of evidence for purposes of being made available in our courts of law. Unlike the past where investigation was confined to manual efforts, this new concept as adapted from the United States will certainly be a welcome improvement to the Philippine Justice System.

III. First Filipino Hacker Convicted

In year 2003, The United States of America expressed its plan to set up a computer crime unit in the Philippines within the year as part of its anti-terrorism drive. (Article by Maria Patricia Anne Perez, itmatters.com.ph/news, June 10, 2003)

Atty. Ivan John E. Uy, chairman of the subcommittee on e-commerce of the Rules of Court committee, said that the planned computer crime unit is envisioned to supervise all computer-related crimes that will be manned by Philippine government officials skilled in computer crime investigation and prosecution. The anti-terrorism assistance program's aims to prepare government units under the criminal justice in the area of IT to be up-to-date on how to prevent crimes committed through technology and how to obtain evidence and prosecute cyber crimes that are already committed, he said. He said the US plans to donate the same equipment and software the Federal Bureau of Investigation (FBI) is using for cyber crime investigation (Perez 2003).

Despite the absence of a comprehensive law in the Philippines that protects against cyber crime, the government and private sector are starting to take actions to fight it. Last June 18, 2003. the Information Technology and E-Commerce Council (ITECC), the National Bureau of Investigation (NBI), and the Philippine Center on Transnational Crime (PCTC) signed a cooperative technical assistance agreement that provides for IT security training for law enforcers (Perez 2003).

On September 28, 2005, Filipino hacker JJ Maria Giner was convicted for violation of Section 33 (a) of the E-Commerce law which involved the act of hacking the government portal "gov.ph" and other government websites. (Article by Erwin Lemuel Oliva, INQ7.net, September 28, 2005) The provision reads as follows:

“a) Hacking or cracking which refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document shall be punished by a minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years;”

According to Criminal Case No. 419672-CR filed at Branch 14 of the Metropolitan Trial Court of Manila under Judge Rosalyn Mislos-Loja, Giner was sentenced to one to two years of imprisonment and will pay a fine of 100,000 pesos. However, Giner immediately applied for probation, which was eventually granted by the court during Wednesday's arraignment (Oliva 2005).

Looking back Giner was accused of attacking the Philippine government portal "gov.ph" website and several other government websites. Judge Antonio Eugenio of the Manila Regional Trial Court Branch 24 eventually ordered the arrest of Giner on January 24, 2005 for violating section 33a of the Electronic Commerce Law. Giner, however, posted bail of 25,000 pesos. The Department of Justice (DoJ) decided early this year that there was enough evidence to file charges against Giner (Oliva 2005).

A copy of the DoJ's resolution indicated that Giner admitted to hacking the government websites but said he had no intention to "corrupt, alter, steal or destroy" files contained in the computer systems that were compromised. Giner penetrated government websites of the National Economic and Development Authority, National Book Development Board, the Philippine Navy, Dagupan City, and the web servers or computer systems hosting websites of local Internet service provider Bitstop and University of the Philippines' Visayas campus, according to the DoJ resolution (Oliva 2005).

Giner also launched attacks on the websites of the Office of the Presidential Management Staff in Malacañang, the Task Force on Security of Critical Infrastructure, the Professional Regulatory Board, the Department of Labor and Employment, and the Technical Educational and Skills and Development Authority, according to the resolution (Oliva 2005).

"It was discovered that the respondent attempted to penetrate the digital infrastructure of government agencies as well as private businesses. Several network infrastructure setups were first scanned by [Giner] for vulnerability exploits. Critical government infrastructure facilities were also probed. [Giner] allegedly listed all the possible attack scenarios and backdoor programs to penetrate the target systems," the resolution added (Oliva 2005).

In his counter-affidavit, Giner admitted to sending an e-mail to the National Economic and Development Authority (NEDA), informing the agency about the vulnerability of its website to hackers. With this admission, he argued that he would not have informed the agency if he had the intention of destroying or corrupting its systems (Oliva 2005).

Giner in his affidavit also denied launching a so-called "denial-of-service" attack on the Journal Group of Publications website that resulted in an overload of its host computer system. The DoJ resolution however said Giner had clearly violated section 33a of the E-commerce Law (RA8792) because he was not authorized to access government websites. "Intention is not essential in this mode as mere unauthorized access is a violation of the law," the resolution said (Oliva 2005).

While the punishment for the said offender was rather light, it can be gainsaid that a precedent has already been laid down and that there will be more convictions that will be expected in the years to come.

IV. The Supreme Court’s Response

On November 3, 2004, Mr. Chief Justice Hilario G. Davide, Jr. signed MEMORANDUM ORDER NO.70-2004: Authorizing the conduct of the project scoping workshop for the Judiciary’s Information and Communication Technology projects. It states in substance:

“Pursuant to the goal of assessing, reviewing, re-visiting and prioritizing the on-going ICT projects in the Judiciary and to determine the gaps and the critical succeeding steps required in the computerization of the courts, the Program Management Office (PMO), under the guidance of the Committee on Computerization, and in coordination with the Management Information Systems Office (MISO), will hold a one-day Project Scoping Workshop for the ICT projects of the Judiciary.”

“The general objective of the workshop is to determine the general direction which the Supreme Court and affiliate courts should pursue in ICT development. Specifically, the workshop aims to: (1) review the current initiatives and status of ICT-related projects; (2) identify possible gaps between and among the ICT-related projects; (3) determine areas for integration and complementation; and (4) determine and prioritize the critical succeeding steps in the Judiciary's computerization program.” (Memorandum Order No. 70-2004, November 3, 2004)

In an attempt to make judges familiar with information and communications technology, the judicial department recently put two courses on the Internet for pilot testing by judges located in at least 10 regions around the country. The courses on the Rules on Electronic Evidence and Psychological Incapacity in Marriage was opened to 100 judges last December 1, 2004 and will last until January 31, 2005. The judges were selected from different courts in key cities and municipalities in Metro Manila, Central Luzon, Cagayan, Ilocos, Southern Tagalog, Cordillera, Central and Western Visayas, as well as in Southern and Western Mindanao. The e-Learning project is intended to allow members of the bench to learn about new practices and opinions on legal issues relating to the courses that will help them evaluate and speed up rulings on pending civil and criminal cases. (Article by Melvin G. Calimag, Manila Bulletin on Line, December 19, 2004)

Subsequently, Philippine judges and justices received basic computer training starting 2005 in line with the Supreme Court's thrust to use information technology in de-clogging the country's court system. The Philippine Judicial Academy (PHILJA), the educational arm of the SC, said that computer and Internet literacy program will be made available to selected members of the 27,000-strong judiciary. Within 2005 alone, about 2,000 judges and justices are expected to receive elementary lessons on computers. Judges, justices and even personnel will come from all levels of regional trial courts, metropolitan trial courts and municipal circuit trial courts across the country. The computer literacy drive is an offshoot of SC's campaign to install one personal computer (PC) in each of the 2,000 courts in the Philippines. (Article by Kerlyn G. Bautista, itmatters.com.ph/news/, December 3-4, 2004) In this regard, it is worth mentioning that the Supreme Court has eyed possible partnerships with information technology educational institutions such as Netopia, AMA Computer College and Systems Technological Institute in its drive to train its employees before the end of 2005. (Ibid. February 18-19, 2005)

Recently, there has been a study to provide a legal service known as “Cyber Notarization.” This will enable notaries public to perform their notarial functions by way of the Internet paving the way to a more convenient and accessible manner of notarization of documents. With this, electronic documents and their digital signatures will be recognized. However, this study has yet to be ruled upon through a resolution by the Supreme Court en banc where it has been submitted for consideration. (Interview by the author with Atty. Ivan Uy, October 20, 2005)

V. Conclusion

In fine, it could be reasonably stated that the Philippine Judiciary has been prompted to exert effort in being “in tune” with advances of modern technology in relation to its duty of effectively promoting the administration of justice. However, the effect of information technology globalization towards the judiciary has been hardly felt. This is quite understandable considering that the level of adaptability and adjustment is still in its infancy. To date, the country has only one computer hacking forensic investigator, a single precedent in a case of computer hacking and a mile ahead towards a complete computer literacy rate in the judiciary. It is worth mentioning that laws are yet to be passed addressing information technology related offenses aside from the E-Commerce Law.

While judicial reforms are well on their way in decisively meeting the requirements of modernization as well as technological literacy, serious concern is being raised over its ability to cope up with the growing complexities of the legal system in terms of rapidly emerging breaches involving information technology. It may be that in a year or two, all the courts will have computers equipped with Internet capabilities. It may be that in a year or two, the judiciary has become computer literate. However, by that time, can we say that there will be no further advances that will occur demanding a higher degree of compliance?

It is fervently hoped that the positive reaction to information technology globalization by the judiciary be continuous and dynamic. It should not stop at being compliant but rather push the institution towards further advancement in order to have a better foresight at whatever possibilities that may arise. The Philippine Judiciary should not wait for what is new with respect to the outside world. It should be exploratory rather than reactive. Programs should be advanced to discover ways of continuously improving the judiciary. Funds should be set-aside in furtherance to this objective. In this manner, the administration of justice will be more preventive than punitive –- an effective deterrent to the commission of crimes and a hopeful ideal towards a peaceful and orderly society.