According to a list compiled by Stein Schjolberg, a Norwegian judge active in cyber jurisprudence, thirty-seven countries now have statutes dealing with "unauthorized access" to computers and computer systems.5 Unfortunately, the laws are not uniform and there are no international treaties governing cybercrime. It is indispensable that the international community formulate a uniform law since the internet transcends national borders. Incidentally, there is now a model law drafted by the United Nations Convention in International Trade Law or UNCITRAL, from which was patterned the proposed law on electronic commerce now pending in Philippine congress.
The applicable criminal law in US Federal law is the Computer Fraud and Abuse Act. The law imposes a $250,000 fine or a five year prison term, or both, for each offense. An offense does not merely refer to the start-up of sending the virus, but that would be for each computer that was interfered with.6 The law essentially criminalizes anyone who gains unauthorized access to computer systems. Civil actions may be initiated under state laws governing theft, violation of privacy and even stalking. It was reported that internet legislation is pending in some 17 states.
The German government wants to make spreading computer viruses a crime. Berlin is working with its European Union partners to enact such legislation. The 41-nation council of Europe, working with the United States, Canada, Japan and South Africa, is drafting a treaty to standardize cybercrime laws. The European treaty would require countries to pass laws against hacking, computer fraud and online child pornography, and set penalties, preserve evidence and cooperate in international investigations. It must be emphasized that such a measure would o n l y be effective if instituted on a global scale.
Several other countries, including India,Thailand and Singapore, are independently considering laws against computer crimes and electronic commerce. Singapore has Electronic Transactions Act.
Malicious Mischief
According to the NBI, the author of the virus could be charged with Malicious Mischief, under Article 327 of the Revised Penal Code. Malicious Mischief is the willful damaging of another's property for the sake of causing damage due to hate, revenge or other evil motive.7
When primary suspect Onel de Guzman was interviewed by the media, he neither confirmed nor denied that he created the virus. De Guzman did acknowledged he might have accidentally released the virus. The word "accidentally" is very crucial in determining Onel's criminal liability because under the Revised Penal Code, to be guilty of malicious mischief, the offender should DELIBERATELY caused damage to the property of another. It follows that, in the very nature of things, malicious mischief cannot be committed through negligence, since culpa and malice are essentially incompatible.8 Obviously, Onel had been advised by his lawyer on this aspect because it has been anticipated that the said offense will be charged against him. Nonetheless, if there is no malice in causing the damage, Onel is still liable civilly under Article 2176 of the New Civil Code. The said provision states that "whoever by act or omission causes damage to another, there being fault or negligence, is obliged to pay for the damage done. Such fault or negligence, if there is no pre-existing contractual relation between the parties is called a quasi-delict."
"Bug" the Congress
Senate President Franklin Drillon urged the House leadership to expedite the passage of the Electronic Commerce Act prescribing heavier fines and penalties for hacking and cracking of computer systems in the country. Under Section 29 of Senate Bill No. 1902, hacking or cracking which refers to unauthorized access into or interference in a computer system/server by or through the use of a computer or a computer system in the computer or in another computer, without the knowledge and consent of the owner of the computer or system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of data messages shall be punished by a minimum fine of One hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years.
It is unfortunate that the Philippines was subjected to global embarrassment by the disclosure that although the virus seems to have been launched here, there is little that can be done about it. It is such a shame!
Trivia: This is not the first time the Philippines landed on the international virus map. More than a decade ago, the C-Brain virus from Cebu, which infected the now-obsolete DOS platform from Microsoft, became one of the most common viruses in the PC world. In 1992, Jonathan Gumba became notorious for spreading the Possessed! Virus.9
* LLB. 2000, Article Editor, UB Law Journal
1 "Whats the love bug and what does it do" Philippine Daily Inquirer, May 6, 2000
2 "Computer virus suspect released" Manila Bulletin, May 10, 2000
3 Washington Post Foreign Service, May 9, 2000
4 "President can veto extradition", Philippine Daily Inquirer, July 1999, Raul Palabrica
5 Findlaw legal news
6 George Clark, CNN.com, May 9, 2000
7 The Revised Penal code, by Luis Reyes, p.753
8 Quizon vs. Justice of the Peace, et. al, 97 Phil.342
9 Philippine Daily Inquirer, Leo Magno, May 8, 2000