The Joy of Information Technology

This infotech class, aside from teaching me different sorts of stuff about information technology and the relevant laws, has also given me an opportunity to do some blogging. I had a blog and even a website but I really could not maintain them, I was just too busy as a graduating law student, Research Assistant and UP OLA Law Intern, not to mention a dutiful son. And I knew about this from the very start, so I didn’t tell other people about my blog. Alas, my blog feels really lonely (to be expected, since nobody knows about it). I know some actually maintain really nice blogs on top of their busy schedules, but I couldn’t, not right now anyway. Plus, I felt I needed a bit more interaction than just someone making comments on my posts.

These final few weeks before graduating - of course with the help of my kind and wonderful professors (read: oh, please let me and the rest of the people graduate) – I suddenly feel nostalgic. And it appears so have my classmates back in high school. By some twist of fate someone in my batch (batch 1999, Manila Science High School) thought of putting up a forum. It’s only a few weeks old but its been a blast! We’ve had two batch e-groups currently running but they never reached the level of activity that our new forum has reached.

The excitement may be attributed to the fact that its new, but I really think it goes beyond that. In our e-groups, only a number of people dominate it – people composing 3 or 4 sections (out of 8) of our batch, with people from the rest of the sections posting only every once in a while. I was one of the latter. The reason, I feel is that a new message seemed to be out of place whenever it did not respond to the current topic. Of course we could have made a separate topic for it, but it seems that nobody really bothered with it. Some were really active posters so being lazy can’t account for the whole reason.

In any case, we suddenly realized that a forum is much less linear, much more anything goes. Its like having a bigger room where you can pull people aside and have more intimacy and yet still having the opportunity to meet up and join the bigger crowd. The e-groups, in contrast, felt like a hall-cum-waiting-room, either you sat quietly or you engaged people in the current topic. Doing otherwise appeared impolite.

With this more relaxed atmosphere, suddenly, we had posters who we never heard from the last 8 years (almost). Those outside the country have suddenly come alive again. Suddenly, we’re talking of mini-reunions, practice reunions and grand reunions. Even those abroad have said they would come – amazing!

I think, in the end information technology should give us this feeling – a great and happy feeling.

-by Stanley Cabrera

Otakon 06

As the summer vacation comes nearer and nearer, I suddenly recalled how the past Christmas vacation started – a few hours before my block Christmas party. On that fateful Saturday afternoon, I got to school well before my class (!) and so I headed to the Bahay ng Alumni, where an, uh, Otakon, or anime convention was being held. It’s called an Otakon since it’s a conference of anime crazed people (like, uh, yours truly) who are called Otakus.

So, what do Otakus do in an POtakon? Why, they infringe copyrights, that’s what they do! Uh, hmm, maybe I should rephrase that. Wait a sec….

Okey so I cant put a nice (credible) on it, people were burning copyrighted material (anime or Japanese cartoons and the accompanying soundtracks for such) and selling them left and right. That it did not get raided is quite a puzzle to me, but in the same time a joy. Maybe the industry get a whiff of it. Maybe they did but they didn’t care. Maybe the organizers didn’t care. In any case, I went to see their wares.

As a would be lawyer who actually took electives in IPL and Infotech, I had quite an odd feeling. Well, maybe the fact that I was in a dark red polo shirt and jeans while everyone else were in cosplay mode (this is when otakus wear the silly costumes of their favorite anime characters) and were giving me a semi-puzzled-semi-hostile look added to the odd feeling. Anyways, I said to myself “to heck with you people, I’m playing a communist anime character, if ever there was one. I was able to shrug off their stares.

Anyways, it is of note that in Japan Otakon is a bigger thing for Doujinshi than for original copyrights owners/creators of anime. Doujinshi are basically different versions of copyrighted material made by fans of the original, and instead of curtailing such, creators often allow them. It appears that for them it is a mark that their creation is valuable and is well loved. An analogy in local terms could be made with the spoofs done by Bubblegang, as people have recognized the fact that a commercial spoofed by the said show indicates the popularity and strength of such commercial. Thus, almost no complaints are made. This is just logical considering that after a spoof (or Doujinshi), the original becomes even more stronger.

Thus, to my mind it would be a interesting experiment that instead of having pirated materials it would be best to actually have our own spin on the creations of others, the goal being that ultimately such an exercise would nurture our creativity. After all, its been said over and over that we Filipinos can adapt things very easily. Why not stretch it a bit and therefore be more creative?

-by Stanley Cabrera

Attack of the Black CDs

A few weeks back a lecture was delivered regarding the duplication and copying of CDs. It was quite amusing to me, personally, since I have done a little research on the matter. Why so? Well for the simple reason that I am an aspiring (okey, so maybe hopeless wannabe) audiophile. Yeah, one of those blokes who think paying for a stereo set-up with a check good enough to get a brand new car is rational. Somehow.

Personally, I dream of acquiring a set-up with Pipe Dreams 9 stereo speakers powered by Athmasphere tube amps with Meridian electronics and Kimber Cable wires. However, since such a set-up could easily cost more than that of a Porsche, I will continue to dream for the rest of my life. The belief of audiophiles that such pricing is justified is just one of their odd ideas. They also have this idea that a duped CD sounds better than an original, factory pressed CD. Not only that, some believe a black duped CD sounds the best. Weird, huh?

What’s more weird is the fact that they’ve actually gotten an explanation for it. The gist is supposedly since original CDs are pressed from the label side, the pits of a master CD are actually turned to bumps which, in reflecting the laser beam of a CD player, reflect some of the light to the rim of the CD (and thus justifies another odd belief of audiophiles, the use of “edge treatments” to improve the sound of CDs. This means that there is a bigger chance for, uh, noise or distortion. On the other hand, duped CDs made by CD burners actually have pits which tend to have a more controlled reflection of laser beams, and thus, allegedly, less noise. Yes, this despite the fact that “a bit is a bit”, the idea being that what matters is that how such a bit is made. Try GooglingBlack Memorex CD Stereophile.

With regards to black CDs, this time they seem to have run out of an explanation. Could it be that the color black is supposed to absorb light rays and therefore the errant (and thus weaker) light from unnecessary reflections of the laser beam is also absorbed, ultimately leaving just the “bit” and stripping it of noise? Nobody has offered this an explanation, only that black CDs usually do sound better than other CDs. Although supposedly Gold CDs also sound nice. Of course, “sound nice” is a qualitative term which, depending on what audiophile school of belief you belong in, should be controlling (i.e. its more important that it sounds better – colored, even – as opposed to being 100% true to the recorded sound, which might be edgy). What complicates matters is that, naturally, some say they hear it differently, and some say they don’t hear a difference.

Me? I think black CD-Rs look cooler, but as for the sound, hmmmm…….

-by Stanley Cabrera

Texting – What’s Next? (part 2)

Some thought that MMS would make texting obsolete. MMS, which was very much hyped before and during its launch, can basically be understood as texting with some multimedia with it – such as a picture or even a video clip. Years ago, the prospect appeared to be really enticing – remember the Globe commercial featuring Donita Rose and had the catch word “Proof!”?

In the first seen, a pair of apparently conyo guys were chatting, with one saying to the other (more or less), “Hey, x is in Hong Kong (or is it Singapore?) right? Guess who he met?” Then he shows his phone, where apparently the text of their friend x was displayed – that x had met Donita Rose. The conyo guys laughed out loud. Then Globe shows a MMS with Donita hugging x and the word “Proof!” is flashed. It was an amusing concept, and in that particular instance it was actually put to some use. It seemed that MMS would be the next wave of the future.

Fast forward to the future and, well, Donita has a kid and is married and MMS hasn’t really caught up fire. Not that people didn’t use it – some actually did. It was a major selling point of the newer generation of higher priced phones – MMS enabled used to be the critical element. But since it was originally priced at 30 plus Pesos a message, only a few could afford it. It also posed a problem regarding compatibility, as not everyone had a compatible phone and, however fashionable it was to have the top of the line phone, it sure was lonely for some people. MMS is not a total failure, but to say that it’s a success in the Philippines would be stretching it.

Meanwhile, texting has not slowed down. It has gotten bigger. People from other countries have also noted that we like to text. It seems that there’s a certain appeal to twiddling our thumbs on those tiny keyboards – with perfect muscle memory. You can notice it most when you use another person’s phone or you yourself changes to a new one – your fingers seem to know how many times to press. As such, when you switch to a different brand (say from Nokia which is regarded as having the most user-friendly interface, to Sony Ericsson, which has more characters assigned to buttons) you find your fingers stopping from typing even though what is displayed in the screen is a different character (meaning that your mind/finger has memorized how many taps it needs to get to a character – that’s why some people can text even while doing something or looking at something else).

Lately, they have offered text messages with different font colors. It sounds amusing, and since a lot of people do have phones with colored screens, it might actually be compatible. Whether or not it catches fire, we will know in the future.

-by Stanley Cabrera

Free Speech/IP Rights, Pornography and Technology

Pornography has had bad press. Constitutionally, it virtually enjoys no protection at all, lodged in a category called, unceremoniously, unprotected speech. This notwithstanding, the pronography industry has boomed, from its lowly (pun intended) origins and has grown to be a billion dollar industry. The only rationalization could come from the human male's (almost always the client) unsatiable need for visual stimulation.

The industry's survival despite the absence constitutional protection is nothing short of remarkable. The relevant issue at hand, however, is whether the industry could effectively utilize intellectual property protection.

In intellectual property law, the only relevant category which creates an ip right in favor of an individual (natural or juridical) is originality. The standard is relatively low in most jurisdictions, such that work which possess no creative idea whatsoever behind it could qualify for originality, provided that it can be proven that it is not copied from somewhere/someone else.

In pornography, the industry's possible use for IP enforcement is endless. However, difficulties do arise. In particular, jurisdictions like the Philippines which typically pursue repressive measures against these type of media. Concretely, one could fancy being a lawyer for Hustler, walk up to the IPO Office and demand IP protection. In this jurisdiction, one might either be laughed out of the office or arrested for indecency. (The latter is an exaggeration)

When they classified IP rights as territorial, they could have said that it was cultural as well.

by nestor gadrinab

Enforceability of Online Contracts

Now that online contracts have become commonplace in the the digital West (formerly, The West), it may be well to examine the extent to which the same degree of development in this country, if only to assess the extent to which digital contract making is possible.

The availment of the benefits of online contract making has been attested to by the Filipino online consumer's use of such sites as Ebay, ostensibly to purchase goods. Anecdotal evidence suggests that most online retail stores do deliver. However, the test of most laws lies in the cases where there is breach. There lies the rub. What if the online stores do not deliver?

Initially, subject matter jurisdiction could most probably not be exercised by Philippine Courts. Most online stores are almost entirely based in foreign jurisdictions and maintain no offices here, upon whom summon could be served. Neither can the notion of "doing business" be applied, absent registration. So the remedy would essentially lie in filing a suit within the foreign corporation's domicile. That would definitely entail cost.

Assuming that a suit is filed for specific performace, the Philippine system has been kind enough to enact the rules on electronic evidence, ostensibly to give to online documents the same probative value as ordinary, paper-based documents. All that remains now is the Philippine Court's appreciation of such evidence.

That might be asking a lot.

by nestor gadrinab

Viacom v. Google: A Case of Copyright Infringement

Google’s move in purchasing YouTube for $1.65 billion, may be much costlier than it paid for. Viacom, which controls such media brands as CBS, MTV, Comedy Central and Paramount Pictures, is suing Google for copyright infringement over YouTube clips found in the net.

According to media giant, Viacom, such use of its copyrighted materials are in clear violation of copyright laws. Viacom demanded that YouTube remove more than 100,000 of its video clips. Not only that, Viacom is also suing Google in the Manhattan federal court for “massive intentional copyright infringement” and is demanding $ 1 billion in damages.

If Viacom wins, Google will lose billions in its investment in YouTube. According to experts, Google will most probably argue that YouTube is covered by the Digital Millenium Copyright Act (DMCA). Under said statute, a “safe harbor” provision is created for ISP providers so much so that they couldn’t be sued for infringement merely by transmitting or posting copyrighted materials. The reasoning behind this was that it wasn’t fair for the “secondary” infringer, the ISP, to be held responsible since it was just an intermediary.

The question right now is whether or not this defense will hold considering the extent of copyrighted materials being “infringed” by YouTube. If judgment is rendered against Google, YouTube might end up like Kazaa and Napster. Whatever the outcome this case may bring, it would bring light to questions involving copyright infringement.

by bryan tan

Search Engines and Privacy

Privacy in the internet is a highly debated topic. Search engines such as Google, Yahoo, AOL, MSN and others retain information as to the specific search requests made by its subscribers worldwide. According to Google and its rivals, they keep information about their users so they can learn more about them as they strive to deliver the most relevant responses.

In the United States, the U.S. Justice Department has already made use of information retained by these search engines. While gathering evidence for a case involving online pornography, it subpoenaed major search engines for lists of search requests made by their users. Yahoo, MSM and AOL complied. Google did not.
In refusing to provide a list for search requests, Google acted in behalf of their clients, protecting their right to privacy. The federal judge which ordered Google to turn over the small sampling of Web addresses contained in its search index, later on decided that the company did not have to reveal the search requests sought by the government.
In its quest to provide better privacy protection to its subscribers, Google will remove key pieces of identifying information from its system every 18 to 24 months. Not only that, Google will also wipe out eight bits of the Internet protocol, or IP, address that identifies the origin of specific search requests. It will also depersonalize computer “cookies”.

Such measures adopted by the Search Engine Giant will be appreciated by its subscribers worldwide. Privacy, being a primordial right of every individual, deserves to be protected in all manners and forms.

by bryan tan

Red Hat Linux 5: An Alternative to Windows Vista

Red Hat has just recently unveiled Red Hat Enterprise Linux 5, its latest version of its Linux operating software. Red Hat Enterprise Linux 5 is an open-source software and like its other Linux based predecessors, its products are “free” and users are allowed to view and edit the software’s code.

The new operating system supports “virtualization” which will help companies consolidate their technology into one server. It ensures that servers are used more efficiently and effectively which in turn equates to savings in energy, space and money.
Companies are not the only ones benefited by the new software. For its individual clients, the new system has advances in security to protect it from external and internal attacks. This ensures individual users that their units are safe from attacks.
The new Red Hat software will be a good alternative to the Windows Vista. Users are able to afford it at a fraction of the cost it takes. It even has an added benefit of having better “security measures” employed. The reason for the cheaper prices of the Red Hat software is that Red Hat earns its profits from the technical service it provides and not from the sale of their software.

by bryan tan

CYBERCRIME: LOCATING AND PENALIZING THE DIGITAL OFFENDER

continued

The initial legislative response to cybercrime has been an outright prohibition and criminalization of the acts which constitute the same as defined by statute. Mere prohibition, however, is insufficient. It may be well to emphasized that the fundamental territorial limitations of criminal law apply most strongly to cybercrime. Often, the offender is miles, nay jurisdictions, away from the actual site of injury. The latter is where most criminal jurisdiction is based.

One tack has been to shift the burden of liability to the manufacturer of software, on the theory that defects in its manufacture enable the perpetration of cybercrime. This, however, unduly shifts the burden because the cost of enforcement, i.e. award of damages in civil cases, is ultimately borne by consumers of digital products. In an emerging economy like the Philippines, it is ultimately unjust to undertake this type of shifting.

Ultimately, the solution lies in international cooperation between states, with respect to law enforcement. Although cybercrime may be perpetrated in cyberspace, the infrastructure which supports cyberspace remain quintessentially real, in terms of location of equipment, servers and phone lines. These elements may constitute the basis for jurisdiction. A close coordination of cybercrime statutes is also necessary in order to effectively stamp out cybercrime anywhere in the world.

Such coordination should be possible. Otherwise, what is the global village---cyberspace in techspeak---for?

by nestor gadrinab

CYBERCRIME: LOCATING AND PENALIZING THE DIGITAL OFFENDER

part 4

Several theories have been advances as to when access becomes unauthorized. Before the advent of legislation, computer crimes involving unauthorized access were essentially absorbed by other common crimes like theft and burglary. This eventually proved to be insufficient as both crimes involved actual prejudice to property interests, where such could not be proven in crimes involving computers. The net result was a body of jurisprudence where the scope of the crime became very large and where proof of the actual property loss became very difficult, a combination that severely weakened enforcement. Thus:

Although not fully articulated at the time, the harm of misuse was that it interfered with the intended function of computers by either exceeding or denying intended privileges. The intrusion itself seemed worth prohibiting, much like a burglary or a trespass. Traditional property crime laws could address computer misuse only when the misuse triggered a consequential harm, however. As a result, the existing law had no clear remedy for many instances of misuse. Although commentators did not have a specific sense of where the line should be drawn, they tended to agree that misuse alone should be a new trigger of criminal liability.

Statutes were later enacted to remedy the initial disparity between traditional law and computer crimes but these proved to be insufficient inasmuch as the conceptual assumptions remained grounded in the old regime of anti-theft and burglary laws, resulting in statutes that are unnecessarily broad

Any standard for the punishment of crime must necessarily be strictly drawn in order not to unduly infringe upon the rights of individuals. In this respect, the functional definition of unauthorized access must set an absolute threshold. It may be as simple as the violation of password-protected files inside a computer. This example meets both the stringent threshold for criminal legislation and the broad need for protection by ordinary computer users.

Substantially the same standards and criticism apply to any access which is expressly unauthorized. In this case, however, the criminal act is much more patent inasmuch as the express lack of authority clearly delineates the crime. The more relevant issue in this instance is evidentiary in character: whether the intrusion has been monitored electronically and whether such electronic evidence is sufficient to produce a conviction.

Responses to Cybercrime

The basic issue for dealing with cybercrime can be summarized thus:
Cybercrime presents a conundrum that taps into the larger issue of how the law handles new technologies. Occasionally, the law singles out crimes that use more efficient means as deserving of special punishment (e.g., wire and mail fraud), and other times it does not (e.g., crimes performed with an automobile). The relationship between technology and law is an ever-evolving one, where innovations that benefit consumers frequently prove a boon to offenders as well. Cybercrime forces us to confront the role of criminal law and the limitations of public enforcement, just as the criminal law forces us to rethink the role of technology and the advancement of a heretofore largely unregulated marketplace.

by nestor gadrinab

CYBERCRIME: LOCATING AND PENALIZING THE DIGITAL OFFENDER

(part 3)

An example of this is child pornography, which is proscribed in most jurisdictions. That the pornographic images are digital i.e. stored in a computer, does not alter the basic elements of the crime. The basic change in this case is merely procedural in character, whether or not digital evidence is sufficient to produce a conviction. Sec. 33 (b) of the E-Commerce Act, insofar as penalized intellectual property violations with the use of a computer, belongs to this category. In this respect, O’Neill’s observation holds, inter alia:

Cybercrime is unique only to the extent that it is often a more efficient means by which to commit certain types of offenses. In particular, the Internet fosters certain efficiencies that may make detection and subsequent prosecution considerably more difficult. Identity on the Internet, for example, is more easily cloaked, thus making detection more challenging. Computers also may increase the expected return from criminal conduct and decrease the fixed costs of undertaking the criminal activity, thereby making cybercrime more attractive to potential offenders.
It would appear, therefore, that the conceptual blur occurs between the confines of the second category, where the computer is the subject of the offense. The core criminal activity which clearly comes into the fore in this are is “hacking” or “cracking” Under Philippine law, the set of acts constitutive of either are enumerated:

a) Hacking or cracking which refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communication system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic documents shall be punished by a minimum fine of One hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years;

Broken down into elements, two crimes are provided for under the said provision of law, i.e.: i) unauthorized access ii) any access without the knowledge or consent of the owner resulting in the specified damage or injury.

On the one hand, the phrase “unauthorized access” as it appears in Sec. 33(a) of the E-Commerce Act has been subject to much controversy. Kerr observes that:

What does it mean to "access" a computer? Under what circumstances does access become "unauthorized?" The few courts that have reached these questions have offered inconsistent interpretations. Commentators have ignored these questions entirely. The result is an odd situation in which nearly every Anglo-American jurisdiction has an unauthorized access statute that carries serious felony penalties, but no one seems to know what these new laws cover. (emphasis supplied)


One might as well include Philippine jurisdiction in the latter category. No formal definition has been provided in the E-Commerce Act itself. The hiatus cannot be filled with “persuasive” American jurisprudence, since the state decisions have themselves been the source of much confusion.

-by Nestor Gadrinab

CYBERCRIME: LOCATING AND PENALIZING THE DIGITAL OFFENDER

part 2

Cybercrime: Conceptual Problems

An conceptual stumbling block in the legal analysis of cybercrime is the absence of any definition which commands consensus. Domestically, Congress has not adopted a formal definition for cybercrime. Instead, it has opted for an enumeration of acts constitutive of cybercrime. The enumeration is found in the penal provisions of the E-commerce Act.

Elsewhere, the US Department of Justice broadly defines computer crime as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution." A narrower definition has not been found feasible. On the contrary, it has been observed that:

Because of the diversity of computer-related offenses, a narrower definition would not be adequate. While the term "computer crime" includes traditional crimes committed with the use of a computer, the rapid emergence of computer technologies and the exponential expansion of the Internet have spawned a variety of new, technology-specific criminal behaviors that must also be included in the category of "computer crimes." As a result, there has been a dramatic increase in specialized legislation to combat these new criminal behaviors.
O’Neill makes a rather graphic characterization:

Although the fundamental nature of offenses being committed in this manner are really no different from garden variety thefts, copyright violations, securities frauds, or invasions of privacy, what makes cybercrime unique is that the means of undertaking the criminal conduct is substantially different from dropping into the local liquor store, hitting the proprietor over the head, and running away with the till…

In lieu of a formal definition, three distinct categories have been adopted to classify acts which constitute cybercrime. These categories either treat the computer as the object of a crime, the subject of a crime or an instrumentality to commit a crime.
In the first category, the computer’s hardware or software is the subject of the offense. In most instances, it involves the theft of the unit itself or the data stored within the unit. Under Philippine law, the actual taking of the unit may either be robbery or theft depending upon the circumstances surrounding the taking. Thus, it comes outside the purview of cybercrime and is properly a felony under the Revised Penal Code. This aspect fits the traditional notion of crime and presents few new issues for criminal law.
The same line of analysis could very well be applied to the third category, where the computer is used as an instrumentality of a crime. The issues remain basically the same and it readily appears to be immaterial that the crime was committed using a computer.

posted by n. gadrinab

CYBERCRIME: LOCATING AND PENALIZING THE DIGITAL OFFENDER

(the following is an article written by Nestor Gadrinab, to be published in parts)

Introduction:

The growth of technology, particularly computers, has altered the very face of and conception of reality. It is a wave of change that goes well beyond technological innovation. Computers, in particular, have made information the veritable new medium of exchange. Such phenomenon encompasses the social, economic, political and cultural spheres. Its pervasiveness and impact upon everyday life inevitably makes its encounter with the law a difficult one. For one, technological change is characterized by extraordinary speed. In less than two decades, it has managed to reduce the world into a “global village”, emphasizing connectivity. On the other hand, legal development has always been, to put matters lightly, slow. This has often been justified on the ground of stability and the relatively slow pace of the agricultural and industrial eras has made it a virtue on the part of the law. In the information age, however, this stability has made the law lag behind. The growing disparity between the law and technological development makes the former unresponsive. This disparity shall be explored in this paper in the area of penal legislation vis-à-vis cyberspace, an area which for the nonce shall be designated as cybercrime.

Criminal Law, Realspace and Cyberspace

Philippine criminal law has three main characteristics: general, territorial and prospective. Of the three attributes, two are pertinent viz cybercrime. One is generality and the other, territoriality. Generality is defined in relation to the Civil Law in that Philippine Criminal Law is binding on all persons who live or sojourn in Philippine territory. Territoriality is expressed in the Revised Penal Code, where the provisions of the said code shall be enforced within the Philippine Archipelago, including its atmosphere, its interior waters and its maritime zone.

The traditional scope of criminal law occurs in realspace as opposed to the criminal acts perpetrated in cyberspace typically designated as cyberspace. The designation, however, appears to be arbitrary inasmuch as the operative acts constituting cybercrime can occur in either category. In the context of this paper, locating the offender is both conceptual and real. In the former sense, the offender must be formally defined under the law. This will entail the identification of conceptual blurs and its clarification. In the latter sense, the effectivity of criminal legislation would depend upon whether the offender could be actually apprehended: essentially a matter of criminal procedure.

Internet Mafia

(Internet Extortion continued)

In an earlier post I had made, I pointed out the burgeoning underground internet extortion (utilizing the dreaded Denial Of Service, or DOS, attacks) that has become more and more prevalent, especially with the online sports betting industry. In this post, I’d like to detail the modus operandi of the online mob.

A typical internet extortion would usually involve four stages. The first stage would be the “stake-out” or a reconnaissance of the online sports betting websites. At this stage the hacking syndicate would determine the probable finances (revenues, expenses, profits and the like), peak seasons, vulnerabilities, estimated duration and cost in loss of revenues of downtime and costs to repair the server system (that is, the going rate of the IT security advisory firms) of the website. This way the hacking syndicate knows just which ones to attack, how to attack, when to attack and just how much it would price the “blood money” (usually a figure below the cost of repairing the system).

The second stage would involve giving the online sports betting firm a sample of what would happen if the “blood money” is not paid, a “drive-by” of sorts. This would involve a temporary and controlled attack on the system which can be followed by several other similar attacks, usually increasing in severity, as needed.

The third stage would be the “blackmail”, where an e-mail is sent to the owner/operator of an online sports betting firm, with threats for more attacks and the demand for blood money, as well as the instructions on how to make the pay-off. The second and third stages could be repeated until a decision is made by the online sports betting firm and the latter sticks to it. This would then lead to the fourth stage.

The fourth stage could either be a “whacking”, a “tip-off” or a “pay-off”. In a whacking the online sports betting firm would refuse to pay and would try to fight off the attack, usually by employing the expertise of IT security firms. This often translates to considerable costs in downtime (thus lost revenues from bettors) and the fees of the IT experts brought in.

A tip-off would involve bringing in the law enforcement authorities. It may or may not involve bringing IT experts to help defend against the attack and also, may or may not involve a pay-off intended to entrap the extortionists. This will probably lead to retaliatory attacks and might alert and scare off bettors.

The third option, a pay-off, would usually be the best solution in terms of damage control and usually would mean that that particular hacking syndicate would not attack the paying firm for some time, though there is no guarantee to this.

-by Stanley Cabrera

Internet Extortion

For the past decade or so, the internet has been the place to make enormous sums of money for the smallest of investments. It used to be through the setting up of internet firms which promised the stars, sending the stock market a frenzy with hyped up business models and IPOs. When the IT economy began to slow down, online entrepreneurs and innovators shifted from one idea to the other, from variations of retailing to advertising to outsourcing and even to networking, each time creating hefty profits. Though the “tech bubble” had burst, the internet still created money, Big Money, in fact. And where Big Money can be made, Big Crime can be too.

One of the ideas which was successfully made into a reality was the creation of online casinos, particularly those which specialize on sports betting. The latter became very popular as bettors felt it more secure (i.e. the website operators had less control) to bet on the outcome of actual sporting events, such as the winner of the Wimbledon or the World Cup, as opposed to betting on simulated roulette machines. Another reason for the popularity is that the prices are much larger due to the volume of bets being placed on actual sporting events which have a following. As a result, online sports betting firms attracted millions of bettors and their billions of dollars of bets. Indeed, some online sports betting firms gross $2 billion in revenues a year. Considering that these firms don’t have the staggering capital and maintenance costs involved in running actual casinos, the net profits can easily run into the hundreds of millions for the biggest outfits. This, in turn, attracted the attention of criminal minds who wanted a piece of the action. Thus the cyber-mob was born.

Just as bogus start-ups cropped up by the hundreds and gobbled the “investments” of unwary pensioners and brokers alike during the days before the tech bubble burst, as early as 1999 cyber-mobs and their affiliated hacking syndicates have begun to proliferate with the prospect of earning tons of pay-offs from shakedown activities conducted on e-commerce websites, most notably the aforesaid sports betting firms. In true Mafioso style, those who don’t pony up the “blood money” get “whacked”.

The latter is an example of the continuing evolution of cybercrime, which is itself an evolution of crime (as caused by the evolution of technology). It is imperative, therefore, for anti-cybercrime law and enforcement to have its own evolution, if not revolution, in order to keep up with the times, lest the cyber-mob gives a drive-by.

posted by stanley cabrera

Texting – What’s Next? (part 1)

Just as texting revolutionized the way we communicate with each other, the development of prepaid cards, and some time later, E-load, revolutionized just how often we communicate with each other.

A decade ago, cellular phones were still postpaid, one had to register for a line and as such provide certain information and wait for his or her application to be approved. The costs involved were quite high, and as such having a cellphone back then often meant that either your rich or the company your working for is. Also, having a bill in the tens of thousands happened to some individuals, executives who really had to be in touch with their staff 24/7 wherever they are (or at least wherever there’s a cellsite).

And then came texting, which at the start was offered for free and as such became a craze. People were hooked and for a time the telcos (Smart and Globe) fought out the interconnection battle between themselves. Texting lowered the cellphone bills since it allowed for a free alternative to making calls (which were billed) and the telcos noticed this fact. More importantly, the telcos noticed that texting was becoming more and more prevalent and represented a tremendous volume of messages which, they figured, could be translated to tremendous revenues as well.

Of course, the telcos stated that the massive texting services had to be billed since it added to their costs and strained their facilities therefore forcing them to upgrade. As such, people suddenly had to pay for something they had gotten for free. But it worked out very well for the telcos. People found it worth their money to pay for texting. In any case, it was still much cheaper than making a call.

Some people argue that texting wouldn’t have been such a success if it weren’t for the fact that it was initially offered for free and for such reason it had hooked a lot of people early on. Stated in the negative, it wouldn’t have clicked had it been a billed service from the start. It’s like getting hooked on the samples they give away at the grocery (those meats and what have you on toothpicks which they offer to shoppers, usually the moms, who do the grocery, and the kids, who nag mom what groceries to buy) and then eventually liking it so much that purchases are made. But in the case of texting, it’s like the meats got sold out, what with the addiction of our people to it. Of course, the telcos say it wasn’t on purpose (in fairness to them, it seems clear that nobody ever expected texting o be such a good hit).

Then of course came the prepaid cards, which allowed easier ownership and maintenance of cellphones, and the now ubiquitous e-load stations, which gives each and everyone of us access to load practically anywhere we go. With all these innovations, the question arises, what’s next for texting?

-by Stanley Cabrera

Note Re: Posts and Psoters

Considering that the three of us started this blog with one account, under my name (that is, Stanley Cabrera), the posts have been credited as such even though we have each made our posts.

So from now on we'd be indicating the author of each post by placing the name of the author at the end of each article.

Thanks very much!

MySpace and Internet Predators

Who among us haven’t heard of MySpace or Friendster? Chances are a lot of us have heard about it and a majority of people we know have accounts in either MySpace or Friendster… maybe even in both.

MySpace and Friendster are just some of the many internet social network service providers. They cater to both young and old, bridge gap between races, and provide an enjoyable past time. Yet with all the benefits and conveniences provide by MySpace, Friendster or any other social network service provider, the danger of abuse and misuse is not far behind.

In an article written by Paula Lehman for Business Week Online[1], she tells us that MySpace is currently facing a $30 million lawsuit concerning a 14-year-old Texas girl who said she was assaulted by a predator she met on MySpace. She further informs us that U.S. lawmakers were lobbying to have social networks banned from schools and libraries.

For its part, MySpace has bolstered its security measures. Hemanshu Nigam, MySpace Chief Security Officer, announced a partnership with the National Center for Missing & Exploited Children to use MySpace to disseminate word of child abductions through the Amber Alert system. He also said that the site will implement an e-mail verification system and an “over/under” privacy tool that prevents contact in either direction between users above the age of 18 with younger users[2].

Novel as these efforts may seem, these measures are insufficient to counter the existing dilemma. Pedophiles and other internet predators need simply fool people into believing that they are minors. By simply typing a “falsified” age entry, these individuals could still continue making contacts with minors. No one would know whether the entry is falsified or not due to the millions, if not billions, of users worldwide.

Strict policy guidelines should be implemented not only by internet social service providers but also by States to help curb this problem. A lot of laws have been passed to prevent child pornography, abuse and abduction but an efficient “monitoring system” is at want. Such a suggestion may not be acceptable to many since it might create a “privacy issue”, but its need is evident. Without such a system, the danger of the proliferation of internet predators will continue.

by: Bryan Tan

---

[1] This article may be viewed at http://www.msnbc.msn.com/id/16789338/

[2] Ibid.

To FOSS or Not to FOSS, that is the Question

The FOSS revolution is quite a tale. The concept of cooperation between programmers from all over the world to come up with something very much productive is awe inspiring, really. One wonders, how did they pull it off?

Of course, when one thinks about it, if you’d post some code on the net and ask for suggestions in improving it, you’d get a whole lot of sorts of responses. There would be the helpful ones, the useful ones, the absurd ones and even the harmful ones. Why? That’s because there are so many people on the net nowadays that you’d have a multitude of weirdoes who’d want to put in their stuff, often malicious.

Back in the early years of the internet and when the call for help in the GNU and the Linux projects were made (okey, so the internet, or at least it’s predecessor, was in existence for quite sometime before that but it was still in it’s early years in the popular vernacular), it was still quite exclusive to those in the know. It was either your in the computing or telecommunications industry or a certified geek to get into the internet. That carries with it competence with programming and computers and, more or less, a close-knit (and often competitive) community who know each other (at least when compared to current standards of internet interaction). Such are ingredients for a more organized and efficient effort.

True, the increased popularity of the internet and computing has also increased knowledge and competence regarding it. However, such improvements are often skewed to quantity and sometimes to the detriment of quality. You have lots of young kids fresh out of computer school, bored, unemployed and hankering to make a mark. Thus you get lots of these viruses springing up all the time. What that means is that although there are a lot more potential contributors, the effort becomes more and more difficult to organize, with forks cropping up every so often.

Granted, it does not mean that the current batch of FOSS collaborations cannot be as productive, as can be seen in the Mozilla Firefox series of software. It just means that Linux is that special. With majority of the contributors being old timers, the code for Linux was made in C, which has the advantage of being near to machine language and thus more reliable than the subsequent programming languages. Ergo, Linux is as steady a program as it gets. And that distinguishes it from Microsoft Windows. The comparison becomes more skewed when you factor in the disparity in the price. That’s the appeal of Linux, ditto with other FOSS packages. Since in terms of functionality (the useful ones, at least) the gap between the “commercial” types and the FOSS ones is becoming smaller and smaller. Now that it’s clear that FOSSing has its advantages.

The only question is, to FOSS or not to FOSS?

point-and-click-and-hitch

A few years ago, at around the time that E-commerce became quite a hot topic, or shall we say, “fashionable”, in the country, the promise of shopping for imported goods without budging from one’s house (or seat, for that matter) appeared on the horizon. Suddenly, one need not badger his or her relatives in the States or elsewhere to buy some coveted stuff for him/her and have it Fed-exed to Manila. One could actually just “point and click” and after some time, (given sufficient credit card balance) the a guy in a blue and white uniform knocks on the door and hands over the thing. At least, that was the promise.

As expected though, some hassles and kinks had to be smoothed out. Amongst the very first purchases of my sister were books from Amazon.com which took 4 months to reach us, no kidding. The frustrating thing is that they had actually been delivered to the country within a month of her order, but were held up due to customs duties issues (which we discovered much later). This was around the time that a new set of issuances were released (at least that’s what they told us) and the people on the field were quite confused as to what would actually be charged. That experience brought to light the vast improvements required on the logistical aspects of E-commerce activities. But still we were hopeful that it would improve in time.

Fast forward a few years and the operation of E-commerce is still bogged down by logistical concerns. Just the other day I read in Yes! magazine (uh, I visited my mom back in our old house and had nothing else to read) that brand name luxury goods, if they so happen to be unavailable in Rustan’s (or in Greenbelt) can be bought online, though you risk them getting stolen by unscrupulous cargo handlers (this was an article where Gretchen Barretto showcased the particular brands of shoes, clothes, accessories and make-up which make Tonyboy Cojuangco a bit poorer by the day). That would give new meaning to the term “traveling bag”. Considering that the imported goods which are worth buying online would surely be the ones which cost a bundle, buying online and having them shipped when such vulnerabilities still exist becomes less attractive (except maybe for fashion-minded and naughty-handed customs personnel). Very unfashionable.

Considering also that at best one can only see a video (usually just a picture, which maybe from a sample and not the particular stock your buying, or more commonly just words describing the item for sale) before buying something, even if indeed the thing arrives at the buyer’s doorstep (after escapes delay and more importantly, disaster (theft, that is)) another concern is genuineness: whether the “LV” you bought is THE LV. Then again, at least they’re offering stuff for sale and to be delivered to us. Apple’s iTunes has so far snubbed Asia (wont sell downloads outright). Now that’s one hitch.