Friday, May 4, 2012

Direct Denial of Justice


Disclaimer: This essay is for academic purposes only, written in order to fulfill the requirements of Technology and the Law subject. This is in no way to be construed as legal advice. It is merely a statement of opinion of the writer.


Direct Denial of Justice: Or, How the Hackers Will Get Off Scot-Free For Destroying Government Property

Recently, the tension between China and Philippines regarding their claims on Scarborough Shoal intensified as OccupyPhilippines hackers defaced the website of the University of the Philippines. Replacing the contents of website is a map and a simple message: “We come from China! Huangyan Island is Ours!” The territorial claims are a subject for another discussion. Doubtless, legion have a better grasp of the territorial issues than I. What is interesting to answer is the question of, how can the Philippine government make the hackers liable?

I believe that it cannot, primarily because there is a lack of avenues by which the Philippine government can make them liable. Issues of jurisdiction and rules of evidence come to the fore.

Jurisdiction

First, there is an applicable law that penalizes the act of hacking. In 2000, RA 8792, otherwise known as the E-Commerce Law, was passed into being. Section 33 (A) of the Republic Act defines hacking in its various forms as follows: “Hacking or crackling with refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system… resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic documents…” However, RA 8792 is only a Philippine law. It is not a treaty between China and the Philippines. Therefore, it can only penalize Filipino citizens or those violators who have committed the same in Philippine territory. While some may argue that the internet, the scene of the crime in this case, is an international stage accessible by any country, it is undeniable that RA 8792 cannot unjustly increase its scope for Philippine jurisdiction to encroach on other countries’ jurisdiction. In that matter alone, the idea of holding the foreigner hackers must fail.

The principles of public international law provide some understanding regarding jurisdiction. The five principles of jurisdiction are the Territoriality Principle, the Nationality Principle, the Protective Principle, the Universality Principle, and the Passive Personality Principle. Among these principles, the ones which could have extended RA 8792’s scope in the present case are the Protective Principle and the Passive Personality Principle. Joaquin G. Bernas, S.J., in his book “Introduction to Public International Law,” says that the Protective Principle states that “a state may exercise jurisdiction over conduct outside its territory that threatens its security, as long as that conduct is generally recognized as criminal by states in the international community.”[1] This principle must, however, fail in its application over the present case because of the limitations discussed in Bernas’ book: the threat must be direct and specific.[2] Was the hacking a direct and specific threat to national security? Not necessarily. To claim that the hacking was more than a juvenile message to the citizens of the Philippines and that it is terrorism in one of its lesser forms is to permit a deliberate distortion of the facts of the case. Certainly, it gives a broader scope to the Human Security Act of 2007, which presently does not include hacking as a form of terrorism.

The Passive Personality Principle, which Bernas defines as, “a state may apply law – particularly criminal law – to an act committed outside its territory by a person not its national where the victim of the act was its national,” must also fail her since it is mostly applied to extraordinary crimes.[3] Hacking, in this case not so grave and heinous as to constitute terrorism, could not then be filed against the foreigner-perpetrators in international courts. It is merely an ordinary crime done in an extraordinary time.

Rules on Electronic Evidence

Second, assuming that for some reason, all concerns of jurisdiction were exempted for this case, and by some miracle of extradition the Chinese authorities handed over the hackers, there would still be no manner by which the hackers would be brought to justice. Supreme Court resolution A.M. NO. 01-7-01-SC pertaining to rules on electronic evidence provide that it applies only to “all civil actions and proceedings, as well as quasi-judicial and administrative cases.”[4] Therefore, electronic evidence, through which the hackers could be prosecuted, cannot be offered by the prosecutors to the court against the hackers. The case is further defeated by the Supreme Court decision in Rustan Ang v. Court of Appeals, which categorically provides: “… the [Rules on Electronic Evidence] [Rustan Ang] cites do not apply to the present criminal action. The Rules on Electronic Evidence applies only to civil actions, quasi-judicial proceedings, and administrative proceedings.”[5]

It is in my opinion, however, that the Supreme Court grievously erred in promulgating a resolution so flawed as to have limited the scope of the law which it intends to complement. A.M. NO. 01-7-01-SC clearly states that its creation was fueled by the E-Commerce Law. The same law presents criminal sanctions to acts such as hacking and piracy. This resolution must then be challenged for spoiling legislative intent. As my professor in Criminal Law II frequently said, the Supreme Court is always supreme, but it is not always right. In any case, the resolution and the Rustan Ang case existing as they do, there is no way by which the hackers could be prosecuted using Philippine rules of evidence.

An Alternative Approach

Since there is no way by which the Philippine government could hold the hackers liable through Philippine venues, I would suggest that the government use a different approach instead. If there were any way by which the property of some other country, or of the nationals of that country, were damaged by the act of the hackers, then maybe that other country could prosecute the hackers, provided that country has a treaty with China regarding cybercrime. Say, for example, the website of the University of the Philippines was hosted by an American company, and America has a cybercrime treaty with China, then the American company, with the urging of the Philippine government, could prosecute the hackers.

Recommendations

As it stands, the Philippine government cannot hold the hackers liable for defacing the website of the University of the Philippines, which is government property. The best way to remedy this situation in the future is for Philippines to enter a cybercrime treaty with China, which looks more and more like an unlikely scenario at the moment. In addition, a review of the rules on electronic evidence would be most favorable to the Philippine legal system.

[1] Bernas, Joaquin G. “Introduction to Public International Law.” Quezon: Rex Printing Company, Inc., 2009. Page 156.
[2] United States vs. Yunis 681 F.Supp. 896 (1988)
[3] Ibid. Page 167
[4] A.M. NO. 01-7-01-SC.- Re: Rules On Electronic Evidence
[5] Rustan Ang y Pascua v. The Honorable Court of Appeals and Irish Sagud. G.R. No. 182835. April 20, 2010.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)