IT under Arroyo: Growth without security

By David Dizon,

Posted at Jul 27 2009 05:54 PM | Updated as of Jul 30 2009 10:48 PM

MANILA - Internet usage in the Philippines has grown by leaps and bounds since Gloria Arroyo became president after a four-day bloodless revolt in January 2001. According to Internet World Stats, Internet users in the Philippines grew from two million in the year 2000 to 20,650,000 as of March of this year.

This places the country as the 7th in terms of number of Internet users in Asia.

A recent survey by the Nielsen Company and Yahoo Philippines said the number could go up to as high as 35 million, or more than a third of the Philippines' population of 90 million.

Price seems to be no barrier to usage. The Nielsen survey, which was conducted from October to November 2008,  showed that 85 percent of all online users from total urban Philippines are from the Class D and E socioeconomic class while the rest are from Class ABC.

Jay Bautista, Nielsen Company executive director for media, said lack of a PC or Internet access at home is no longer a hurdle for most Filipinos to access the Internet.

"From dial-ups, we are now able to access the Internet via broadband in our homes. We also have wireless hotspots all over the landscape. Access is improving because of the infrastructure and the cost for access has also gone down," Bautista told

All this usage, however, comes with the accompanying risks.

The latest Symantec Internet Threat Security Report launched in April showed that malicious Internet activity coming from the Philippines comprised two percent of the total in the Asia-Pacific region. The Philippines, according to the report, was the second highest reporting country for the imaut worm, which spread via instant messaging programs in 2008.

It gets worse. Last March, the research team Information Warfare Monitor found evidence that suspected cyber-spies from the Chinese mainland have hacked into computers of at least three government offices in the Philippines as well as the Asian Development Bank office based in Manila.

In the study titled “Tracking Ghostnet: Investigating a Cyber Espionage Network”, the team said a cyber spy network based almost entirely in China had hacked into computer networks around the world, stealing classified information from governments and private organizations in more than 100 countries including the Philippines.

The Ottawa-based think tank, composed of SecDev Group and University of Toronto’s Munk Center for International Studies, said the cyber-espionage network compromised 1,295 infected computers in 103 countries. Thirty percent of the infected computers are considered high-value and include the ministries of foreign affairs of Iran, Brunei, Bangladesh, Latvia and Indonesia.

In the Philippines, the cyber-espionage system has infected one computer in the Department of Foreign Affairs, two computers in the Department of Science and Technology, one computer in the Bureau of International Trade Relations of the Department of Trade and Industry and at least one computer in the Asian Development Bank.

Need for cybercrime law

Angelo Timoteo Diaz de Rivera, director-general of the National Computer Center, said there is a need to implement a nationwide cybersecurity program to keep hackers at bay.

He said there have been several attempts to put up cybersecurity groups including a long-term National Cybersecurity Plan in 2004. That plan, however, fizzled out before it could be implemented.

Currently, most online and computer-related crimes are handled by the Anti-Fraud and Computer Crimes Division of the National Bureau of Investigation.

Suk Ling Gun, Kaspersky Lab managing director for Southeast Asia, earlier said the Philippines must pass legislation that would deter and punish cybercriminals.

“Cyber crime is really up increasing everywhere in every country. These criminals know the loopholes of the cyber criminal law. A country is in danger if it doesn’t have a law like this. These crimes have no boundaries. Just one outbreak will eventually cost billions of dollars," Gun told

She added that cyber stealing of credit card and banking information is one of the most profitable, illicit businesses in the world.

The proposed cybercrime law defines several acts as computer crimes including illegal access, illegal interception, misuse of devices and unsolicited commercial communications.

It also imposes penalties on computer sabotage, which it defines as "input, alteration, erasure or suppression of computer or communication data or computer or communication programs, or interference with computer and communication system or network." Acts filed under computer sabotage include data interference, system interference, computer fraud and computer forgery.

Lawyer JJ Disini, who helped Congress draft the implementing rules and regulations of the E-Commerce Law, says the law proposes the creation of a computer emergency response council that will formulate and implement a plan of action to combat cyber crime. The council will be headed by the chairman of the Commission on Information and Communications Technology with the director of the NBI as vice-chairman.

Internet child porn covered by bill

The bill also covers all offenses related to cyber sex, including production of child ponorgraphy for the purpose of distribution, offering or making available child pornography through a computer or computer network; distribution of child pornography, possession, prostitution or solicitation of any form of cyber sex, operation of internet café or any type of establishment which engages in cyber sex and promotion and advertisement of any form of cyber sex.

Disini says the bill makes a clear distinction between pornography in general and child pornography. He says that while adult pornography, particularly in the United States, is protected as free speech, “there is no form of child pornography that is permissible.”

“Child pornography by definition is exploitative. Possession of child pornography should be criminal behavior. The mere fact that you have possession of child pornography means you are feeding the demand for this type of content,” he said.

He said this includes online forums that do not host the images but still link to sites that promote child pornography.

Under the proposed bill, those found guilty of computer crimes or computer sabotage could be fined P100,000 up to a maximum amount commensurate to the damage incurred plus a jail sentence of six to 12 years. Those found guilty of computer facilitated crimes could be fined P200,000 to P800,000 and a mandatory imprisonment of six to 12 years provided that the maximum penalty, as provided for by law, is imposed.

Gov't IT services still wanting

Aside from security, there is also much to be desired in terms of online availability of government services.

According to blogger Abe Olandres, the industry needs to work to consolidate its efforts to promote the need to go online especially the government agencies.

"That means that all resources and services and information should be placed online. A lot of people are very dependent on the [Social Security System] online inquiry to update them of the status of their contributions and their loans but some of these sites are very unreliable," he said.

"Government should be the most consistent and reliable in terms of online systems because they are needs. If you are an employer, you need to check your SSS and GSIS. If you are a resident, you will eventually need to get a birth certificate. These are properties that should be available online all the time because every single Filipino will eventually need to access them," he added.

Last year, several online forums reported glitches in the SSS website that barred users from seeing their SSS records. Some users interviewed by revealed that they even saw SSS information of Philippine residents that were not their own.

Last month, the Government Service Insurance System and IBM Philippines sued each other over alleged defective software that crashed GSIS' online database system.

He said that user experience of government's online services should set the standard in terms of privacy and security especially with the help of the private sector. He also said that increase in user satisfaction for government's IT services could lead to a rise in e-commerce in the country.

"The government needs to provide engagement. Once there is a mindset that these government sites are secure and easy to use, it will be easier to teach people to use other sites without fear. It will teach them that transacting online is safe and easy [and] trust in e-commerce will grow," he said.