Professional Documents
Culture Documents
Week 8-9
Learning Objectives:
1. Identify privacy issues associated with information technology;
2. Identify ethical issues associated with information technology;
3. Provide students the necessary knowledge for safe digital communication; and
4. Engage students in real-world problems by collaborating with others.
The Facts:
Mr. A has this estafa case and the case reached the Supreme Court.
Unfortunately, he lost the case. As we all know, when a case reaches the Supreme
Court, the same is published in every website discussing Philippine jurisprudence. Now,
every time someone key-in his name in the web search engines, the estafa case is
displayed as one of its results. Due to such, Mr. A suffered humiliation and
embarrassment from people, who chanced upon such search result of his name.
Because of this, he wants his name be removed from such websites and he therefore
invokes his Constitutional right to privacy.
The Issue:
Can a person request that his name be removed from such websites pertaining to
Supreme Court decided cases as the same is a violation of his right to privacy? Why?
Why not?
The Answer:
1
Living in the Information Technology Era
No. A person cannot ask for such removal as the same does not constitute as a
violation of his right to privacy.
The Philippines has no specific law on privacy. However, the 1987 Constitution tried to
provide under its
Article III (Bill of Rights) provisions for the right to privacy, namely:
Section 2. The right of the people to be secure in their persons, houses, papers,
and effects against unreasonable searches and seizures of whatever nature and
for any purpose shall be inviolable, and no search warrant or warrant of arrest
shall issue except upon probable cause to be determined personally by the judge
after examination under oath or affirmation of the complainant and the witnesses
he may produce, and particularly describing the place to be searched and the
persons or things to be seized.
Basically, we can draw out what the Constitution guarantees, as with regard to
right to privacy, are the rights against unreasonable searches and seizures; and the
privacy of communication and correspondence. The situation brought up by such facts
neither falls in the said classification.
Note also that under Section 7, Article III of the Constitution, the right of the
people to information on matters of public concern shall be recognized. A citizen has the
right to access to official records, and to documents and papers pertaining to official
2
Living in the Information Technology Era
acts, transactions, or decisions, subject to the limitations provided by law. Hence, the
case being jurisprudence, one has the right to access such information.
Given the situation, a person cannot invoke that his right to privacy has been
violated because of the publication of his name along with the case he was in as the
right to privacy does not prohibit the publication of matter which is of public or general
interest.
In 1996, then President Fidel Ramos issued Administrative Order No. 308
adopting a National Computerized Identification System.
3
Living in the Information Technology Era
the Civil Code and the Revised Penal Code, as well as in special laws (e.g., Anti-
Wiretapping Law, the Secrecy of Bank Deposit Act and the Intellectual Property Code).
A.O. 308 is predicated on two considerations: (1) the need to provide our citizens
and foreigners with the facility to conveniently transact business with basic service and
social security providers and other government instrumentalities and (2) the need to
reduce, if not totally eradicate, fraudulent transactions and misrepresentations by
persons seeking basic services. While it is debatable whether these interests are
compelling enough to warrant the issuance of A.O. 308, it is not arguable that the
broadness, the vagueness, the overbreadth of A.O. 308, if implemented, will put our
people‘s right to privacy in clear and present danger.
The heart of A.O. 308 lies in its Section 4 which provides for a Population Reference
Number (PRN) as a ―common reference number to establish a linkage among
concerned agencies‖ through the use of ―Biometrics Technology‖ and ―computer
application designs.‖ Biometry or biometrics is ―the science of the application of
statistical methods to biological facts; a mathematical analysis of biological data.‖ The
methods or forms of biological encoding include finger-scanning and retinal scanning,
as well as the method known as the ―artificial nose‖ and the thermogram. A.O. 308 does
not state what specific biological characteristics and what particular biometrics
technology shall be used.
Moreover, A.O. 308 does not state whether encoding of data is limited to
biological information alone for identification purposes. The Solicitor General‘s claim
that the adoption of the Identification Reference System will contribute to the
4
Living in the Information Technology Era
―generation of population data for development planning‖ is an admission that the PRN
will not be used solely for identification but for the generation of other data with remote
relation to the avowed purposes of A.O. 308. The computer linkage gives other
government agencies access to the information, but there are no controls to guard
against leakage of information. When the access code of the control programs of the
particular computer system is broken, an intruder, without fear of sanction or penalty,
can make use of the data for whatever purpose, or worse, manipulate the data stored
within the system.
A.O. 308 falls short of assuring that personal information which will be gathered
about our people will only be processed for unequivocally specified purposes. The lack
of proper safeguards in this regard of A.O. 308 may interfere with the individual‘s liberty
of abode and travel by enabling authorities to track down his movement; it may also
enable unscrupulous persons to access confidential information and circumvent the
right against self-incrimination; it may pave the way for ―fishing expeditions‖ by
government authorities and evade the right against unreasonable searches and
seizures. The possibilities of abuse and misuse of the PRN, biometrics and computer
technology are accentuated when we consider that the individual lacks control over
what can be read or placed on his ID, much less verify the correctness of the data
encoded. They threaten the very abuses that the Bill of Rights seeks to prevent.
5
Living in the Information Technology Era
Identity theft is the deliberate use of someone else's identity, usually as a method to
gain a financial advantage or obtain credit and other benefits in the other person's
name, and perhaps to the other person's disadvantage or loss.
6
Living in the Information Technology Era
press, or the right of the people peaceably to assemble and petition the government for
redress of grievances.‖ In addition, to protect the rights of people having an adverse
political beliefs and aspirations, Article III Section 18 (1) further provides ―No person
shall be detained solely by reason of his political beliefs and aspirations.‖
From the two constitutional provisions mentioned earlier, it is clear that the
elements of freedom of expression are the freedom from prior restraint or censorship
and freedom from subsequent punishment.
In libel cases, the question is not what the writer of an alleged libel means, but
what the words used by him mean. Jurisprudence has laid down a test to determine the
defamatory character of words used in the following manner, viz:
7
Living in the Information Technology Era
v. Intermediate Appellate Court, 161 SCRA 427 (1988) citing U.S. v. O‘Connell, 37 Phil.
767 (1918)]
On the other hand, to satisfy the element of identifiability, it must be shown that
at least a third person or a stranger was able to identify him as the object of the
defamatory statement. In the case of Corpus vs. Cuaderno, Sr. (16 SCRA 807) the
Supreme Court ruled that ―in order to maintain a libel suit, it is essential that the victim
be identifiable (People vs. Monton, L-16772, November 30, 1962), although it is not
necessary that he be named (19 A.L.R. 116).‖ In an earlier case, the high court also
declared that‖ … defamatory matter which does not reveal the identity of the person
upon whom the imputation is cast, affords no ground of action unless it be shown that
the readers of the libel could have identified the personality of the individual defamed.‖
(Kunkle vs. Cablenews-American and Lyons 42 Phil. 760).
8
Living in the Information Technology Era
Presumption of Malice:
The law also presumes that malice is present in every defamatory imputation. Thus,
Article 354 of the Revised
9
Living in the Information Technology Era
In order to constitute malice, ill will must be personal. So if the ill will is
engendered by one‘s sense of justice or other legitimate or plausible motive, such
feeling negatives actual malice. [Aquino, Ramon C., The Revised Penal Code, Vol. III,
Bk. II, 1997 Ed., citing People v. de los Reyes, Jr., 47 OG 3569]
It is established doctrine that the malice that attends the dissemination of the
article alleged to be libelous must attend the distribution itself. It cannot be merely a
resentment against a person, manifested unconnectedly several months earlier or one
displayed at a much later date.
How Committed:
Under Article 355 of the Revised Penal Code, libel may be committed by means
of writing, printing, lithography, engraving, radio, phonograph, painting, theatrical
exhibition, cinematographic exhibition, or any similar means.
Persons Responsible:
Any person who shall publish, exhibit, or cause the publication or exhibition of
any defamation in writing or by similar means, shall be responsible for the same. The
author or editor of a book or pamphlet, or the editor or business manager of a daily
newspaper, magazine or serial publication, shall be responsible for the defamations
contained therein to the same extent as if he were the author thereof.
Defenses:
In every criminal prosecution for libel, the truth may be given in evidence to the
court and if it appears that the matter charged as libelous is true, and, moreover, that it
was published with good motives and for justifiable ends, the defendants shall be
acquitted.
10
Living in the Information Technology Era
In such cases if the defendant proves the truth of the imputation made by him, he
shall be acquitted.
11
Living in the Information Technology Era
However, with this new ruling of the Supreme Court, a person or entity who posts
something (in words or pictures) — which can be proven false, and is intended to harm
the reputation of another by tending to bring the target into ridicule, hatred, scorn or
contempt of others — may be arrested, detained, and imprisoned because of libel.
Yes, in the Philippines, libel is still a criminal offense. It is defamation in its very
essence, but covers published work on print, television and other traditional media. The
same is now true for new media like the internet.
This online/internet libel law, however, punishes only the original author of the
post. Those who ―liked,‖ ―shared,‖ ―re-tweeted‖ or re-blogged a post will not be criminally
liable, unless the person added a comment that may deemed to be libelous by a
complainant.
Sixteen years ago, a young Filipino computer student made history by unleashing the
world‘s first global Internet-borne virus. Known as the Love Bug, the virus spread from
East to West in a single day, inflicting $5.5 billion in damages, corrupting files, and
shutting down computer systems at major corporations, newsrooms, Wall Street firms
and government offices across the world.
The worm arrived in people‘s email boxes with a provocative subject line, ―I
LOVE YOU: A love letter for you.‖ When recipients opened the attachment, ―LOVE-
LETTER-FOR-YOU.TXT.vbs,‖ they unwittingly infected their own computer with the self-
replicating worm as well as the computers of everyone in their contact list.
12
Living in the Information Technology Era
The author of the virus is believed to be Onel de Guzman, then 25, a student at
AMA Computer University in Makati.
What many people did not realize at the time was that de Guzman‘s original
intention for creating the worm was altruistic at its roots. In the Philippines, an hour‘s
worth of Internet access cost as much as half a day‘s wage: 100 pesos, the equivalent
of two dollars.
For his graduation thesis in computer science, de Guzman wrote a program that
would enable the average Filipino to get free Internet access by stealing passwords
from the rich. His school rejected his thesis because of its bandit nature, so he could not
graduate. Undeterred, de Guzman, with the help of friends, unleashed his virus the day
before the university held its graduation ceremony.
The Philippine authorities filed theft and other charges against Mr. de Guzman,
but dropped them in August because of insufficient evidence. The case against him was
weakened because at the time, the Philippines did not have laws governing computer
espionage.
The following are the punishable acts according to Chapter II of the Cybercrime
Prevention Act of 2012:
13
Living in the Information Technology Era
(1) Illegal Access. – The access to the whole or any part of a computer
system without right.
14
Living in the Information Technology Era
(ii) Identical or in any way similar with the name of a person other
than the registrant, in case of a personal name; and
15
Living in the Information Technology Era
(ii) The act of knowingly using computer data which is the product
of computer-related forgery as defined herein, for the purpose of
perpetuating a fraudulent or dishonest design.
16
Living in the Information Technology Era
SEC. 5. Other Offenses. — The following acts shall also constitute an offense:
17
Living in the Information Technology Era
Any person found guilty of the punishable act under Section 4(a)(5) shall be
punished with imprisonment of prison mayor or a fine of not more than Five hundred
thousand pesos (PhP500,000.00) or both.
If punishable acts in Section 4(a) are committed against critical infrastructure, the
penalty of reclusion temporal or a fine of at least Five hundred thousand pesos
(PhP500,000.00) up to maximum amount commensurate to the damage incurred or
both, shall be imposed.
Any person found guilty of any of the punishable acts enumerated in Section
4(c)(1) of this Act shall be punished with imprisonment of prison mayor or a fine of at
least Two hundred thousand pesos (PhP200,000.00) but not exceeding One million
pesos (PhP1,000,000.00) or both.
18
Living in the Information Technology Era
Any person found guilty of any of the punishable acts enumerated in Section
4(c)(2) of this Act shall be punished with the penalties as enumerated in Republic Act
No. 9775 or the ―Anti-Child Pornography Act of 2009‖: Provided, That the penalty to be
imposed shall be one (1) degree higher than that provided for in Republic Act No. 9775,
if committed through a computer system.
Any person found guilty of any of the punishable acts enumerated in Section
4(c)(3) shall be punished with imprisonment of arresto mayor or a fine of at least Fifty
thousand pesos (PhP50,000.00) but not exceeding Two hundred fifty thousand pesos
(PhP250,000.00) or both.
Any person found guilty of any of the punishable acts enumerated in Section 5
shall be punished with imprisonment one (1) degree lower than that of the prescribed
penalty for the offense or a fine of at least One hundred thousand pesos
(PhP100,000.00) but not exceeding Five hundred thousand pesos (PhP500,000.00) or
both.
---------------------------------------------------------------------------------------------------------------------
The Data Privacy Act (RA 10173):
What is The Data Privacy Act of the Philippines?
The Data Privacy Act (DPA), or Republic Act No. 10173 was passed by the Philippines
Congress in 2012 and finally implemented five years later in 2016. RA 10173 assures
the ―free flow of information to promote innovation and growth‖(Republic Act. No. 10173,
Ch. 1, Sec. 2) while protecting the users‘ fundamental rights to privacy.
How is it implemented?
RA 10173 protects and maintains the right of customers to confidentiality by setting a
legal list of rules for companies to regulate the collection, handling, and disposal of all
personal information.
19
Living in the Information Technology Era
Companies legally responsible for keeping their customers‘ data protected from third
parties or any form of misuse, internally or externally.
All personal information used must also be relevant solely used for its intended and
state purposes. Companies must protect customer information from collection to proper
disposal, avoiding access from unauthorized parties.
(2) About an individual‘s health, education, genetic or sexual life of a person, or to any
proceeding for any offense committed or alleged to have been committed by such
20
Living in the Information Technology Era
person, the disposal of such proceedings, or the sentence of any court in such
proceedings;
(3) Issued by government agencies peculiar to an individual which includes, but not
limited to, social security numbers, previous or cm-rent health records, licenses or its
denials, suspension or revocation, and tax returns; and
What is “consent?”
Consent of the data subject refers to any freely given, specific, informed
indication of will, whereby the data subject agrees to the collection and processing of
personal information about and/or relating to him or her. Consent shall be evidenced by
written, electronic or recorded means. It may also be given on behalf of the data subject
by an agent specifically authorized by the data subject to do so (RA. No. 10173, Ch. 1,
Sec. 1).
The data subject or the individual sharing his/her personal information has to be
fully informed of several factors of the data collecting process. This list includes, but isn‘t
limited to:
(1) the reason for use
(2) methods for access
(3) the identity and contact details of the personal information controller
(4) how long the information will be stored for
21
Living in the Information Technology Era
What steps do I need to take in compliance with the Data Privacy Act?
Companies essentially have to ensure that their data collection methods are
flawless as well as consistently share the entire process with data subjects, including a
breach of security. To do this, companies should
1. Appointing a Data Protection Officer
2. Conducting a privacy impact assessment
3. Creating a privacy knowledge management program
4. Implementing a privacy and data protection policy
5. Exercising a breach reporting procedure
Sprout Solutions puts data privacy with the utmost priority and takes advanced
measures to maintain confidentiality in information handling.
-------------------------------------------------------------------------------------------------------------------
Case Study:
Cambridge Analytica Ltd (CA) was a British political consulting firm which
combined misappropriation of digital assets, data mining, data brokerage, and data
analysis with strategic communication during the electoral processes. It was started in
2013 as an offshoot of the SCL Group. After closing operations with legal proceedings
including bankruptcy, members of the SCL Group have been continuing operations
22
Living in the Information Technology Era
under the legal entity Emerdata Limited. The company closed operations in 2018 in the
course of the Facebook–Cambridge Analytica data scandal, although related firms still
exist
CA's data analysis methods were to a large degree based on the academic work of
Michal Kosinski. In 2008, Kosinski had joined the Psychometrics Centre of Cambridge
University where he then developed with his colleagues a profiling system using general
online data, Facebook-likes, and smartphone data. He showed that with a limited
number of "likes", people can be analysed better than friends or relatives can do and
that individual psychological targeting is a powerful tool to influence people.
23
Living in the Information Technology Era
Regarding CA's use of Facebook users, a speaker for CA indicated that these users
gave permission when signing up with the provider, while Facebook declared that
"misleading people or misusing information" is in violation of Facebook's policies. In
2015, Facebook indicated that it was investigating the matter. In March 2018, Facebook
announced that it had suspended the accounts of Strategic Communication
Laboratories for failing to delete data on Facebook users that had been improperly
collected
24