Philippine Lawbytes 236: IBP Dipolog (Part 2): The Impact of Artificial Intelligence (A.I.) on Cyberlaw Practice and Ethics in the Philippines, by Dr. Atty. Noel G. Ramiscal

My second MCLE lecture for the IBP Dipolog was “Cyber Law Practice Hazards in the Regime of the 2023 Code of Professional Responsibility and Accountability (CPRA)” last June 21, 2023. This was the first lecture I did this year that addressed the effects of A.I. on the legal profession which directly referred to the 2023 CPRA, which is the revised version of the 1988 Code of Professional Responsibility for lawyers. For 2022 and the first quarter of this year, I have discussed Cyberlaw Practice and Ethics in conjunction with the 2022 draft of the CPRA.   

Dr. Atty. Noel G. Ramiscal prior to his June 21, 2023 MCLE Lecture on Cyberlaw Practice Ethics Hazards in the 2023 CPRA

As I have discussed extensively last year and this year, we are now in the age of the 4^th Industrial Revolution, in which A.I., together with Augmented Reality, Internet of Things (IoT), Cloud Computing, Additive Manufacturing, Big Data Analytics, Nanotechnology, Cryptography and Quantum Computing, are the driving forces that will alter our lives, and the way we make our living, way beyond significantly.

How are these technological developments which have various impacts on the personal and professional lives of lawyers, reflected in the 2023 CPRA? Well, apparently, they are not. As I told the IBP Dipolog MCLE participants, the word “technology” was not even mentioned in the 2022 Draft of the CPRA which I critiqued in my 2022 UPIAJ Commissioned Report entitled “A.I., Technology, Gender and Morality in the Philippine Code of Professional Responsibility (CPR) for Lawyers”. The 2023 CPRA, like the 2022 Draft, focused merely on social media and the ethical obligations that lawyers have toward their usage of it. But social media is not the be all and end all of technology for cyberlaw practitioners. My 2022 UPIAJ Commissioned Report delved on different types of technological innovations and tools that have greatly influenced and changed legal practice all over the world. The gist of some of my recommendations and suggestions in my Commissioned Report can be found here:

Philippine Lawbytes 224: The Cyber Ethics of Technological Competence and the 1988 Philippine Code of Professional Responsibility for Lawyers

https://noelthecyberlawyer.wordpress.com/2023/02/28/philippine-lawbytes-224-the-ethics-of-technological-competence-and-the-1988-philippine-code-of-professional-responsibility-for-lawyers-by-dr-atty-noel-g-ramiscal/

In my Dipolog lecture, I delineated the possible legal and ethical frameworks of dealing with A.I. used in the legal industry as “legaltech” and the possible bases for liability, of law firms or lawyers acting as operators of these tools, in cases they go rogue or is implicated in uses that harm humans. In the possible scenarios I gave, I showed the European Parliament and other sources where I culled, or which inspired my discussion.     

Dr. Atty. Noel G. Ramiscal during his June 21, 2023 MCLE Lecture on Cyberlaw Ethics Hazards in the 2023 CPRA

One vital matter in any legaltech and ethical discussion of the future of lawyering is the anthropocentric conception of legal practice, which can be reduced to that hapless phrase “as that which lawyers do” [Cayetano v. Monsod, G.R. No. 100113, September 3, 1991, 201 SCRA 210 (1991)], that is still prevalent in the Philippine legal and judicial professions. Since 2015, I have discussed in my cyberlaw ethics lectures the case of Lola v. Skadden [620 F. App’x 37, 45 (2d Cir. 2015)], where the court ruled that a lawyer who used an A.I. e-discovery tool to do his function of reviewing documents, and used no independent legal judgment because such documents were already pre-marked by the A.I. tool, did not perform any “legal practice”.

With this type of judicial mindset, many of the tasks performed by junior associates in Philippine law firms that do not require any exercise of independent legal judgment on their part (e.g. inputting client data into pro forma affidavits, motions or pleadings, checking for grammatical and typographical errors in legal documents, checking case citations, using e-discovery tools like the one used in Lola, for legal process outsourcers in the Philippines, etc.) do not constitute legal practice. In fact, A.I. tools can do these tasks better, as I showed in several examples where experienced document review attorneys were pitted against A.I. tools which devastatingly outperformed them in all levels. Human lawyers are NOT the gold standard for tasks like these, A.I. tools are. And what is also most disturbing is that A.I. tools can perform their tasks 24 hours a day, 7 days a week, without taking rest or leaves, without getting sick, without needing promotions, and without asking for any job benefits!

Dr. Atty. Noel G. Ramiscal at the Dapitan Heritage house of Aniano Adasa with paintings of Jose Rizal, June 21, 2023

A.I. is also the main reason why law firms and lawyers in different jurisdictions have joined forces with non-lawyers and non-legal entities (like business service firms and I.T. solutions/software firms) to form Alternative Business Structures (ABS) or Alternative Legal Service Providers (ALSPs) or accept investments in their firms from non-lawyer investors.

In this type of set-up, non-lawyers can be partners of lawyers, to the extent that non-lawyers are even legally allowed to manage these firms! This arrangement has been successful because it answers several pressing needs of lawyers and law firms. It provides financial capital that is much needed for the expansion of their legal practice. It also enables law practitioners to have access to technological and other types of resources to offer value added services to their clients, which can make them attract more clients.

Dr. Atty. Noel G. Ramiscal at the Dapitan Heritage house of Aniano Adasa, June 21, 2023

Australia was the first to do this in the early 2000s. U.K. and certain European countries followed. For the longest time, the U.S.A. held out due to the American Bar Association’s (ABA) view that non-lawyers are not allowed to partner with law firms and lawyers, to do “legal” tasks, and to share in legal fees to safeguard the independence of lawyers and protect the legal profession. But during the pandemic in 2020, the Utah Supreme Court allowed the first NON-LAWYER OWNED LAW FIRM, called LAW ON CALL to be established to provide legal services to Utah residents. Arizona then followed suit, while other States like California, Indiana, and even the ABA are considering allowing this type of arrangements.

In the Philippines, we are still saddled with the same restrictions followed by the ABA. The 2023 CPRA canonized the non-sharing of legal fees with non-lawyers in Canon III, Section 43.

Dr. Atty. Noel G. Ramiscal at the Dr. Jose Rizal landing installation marker, Dapitan, June 21, 2023

Judging from the fact that only social media was the one touched on by the current CPRA, it is unfortunate that there appeared to be no discussion, or even awareness, from those who drafted it, of the many complex technological developments that have changed the legal profession around the world.

But maybe this is changing. I consider it providential that I was able to meet during the IBP Dipolog MCLE dinner, one of the members of the Subcommittee that drafted the CPRA rules in 2022, Atty. Fina Tantuico, who was also a lecturer in the MCLE seminar. We had a lengthy discussion about some of these developments and I acquired the consent of the UPIAJ Director, Atty. Emerson Bañez, to share with her, and her Subcommittee co-members my 2022 Commissioned Report.

Dr. Atty. Noel G. Ramiscal with IBP Dipolog Pres. Atty. Augustus Alegarbes and Vice Pres. Atty. Fevie Gador, June 21, 2023

Once again, I am grateful to all the IBP Dipolog officers, Atty. Alegarbes, Atty. Gador, and the rest for their generous reception, to the MCLE Committee members headed by Atty. Lim, and all the IBP staff who made sure we were comfortable. To all the fabulous IBP Dipolog lawyers, who are seekers of Truth and Justice, may your tribe increase!

Philippine Lawbytes 235: IBP Dipolog (Part 1): The Bane of Digital Forensic Fraud In the Philippines’ Legal and Judicial Professions, by Dr. Atty. Noel G. Ramiscal

The Integrated Bar of the Philippines (IBP) Dipolog Chapter, in the Zamboanga del Norte province, thru the Head of its Mandatory Continuing Legal Education (MCLE) Committee, and former Dean of the MDCL Law School, Atty. Kenneth Lim, invited me to give two MCLE lectures for their members. I have been to Dipolog twice in the past, and I consider the people here as supremely friendly and supportive. The place is surrounded by magical waters, and steeped in humanistory and lore. So it was with great excitement that I accepted their generous invitation. My 81 year old mother, who had never been to Dipolog, accompanied me on this trip, with our food and lodging courtesy of the IBP, so it was double the pleasure!

Dr. Atty. Noel G. Ramiscal at Dipolog Beach Boulevard Bay Walk, June 20, 2023

We landed on a rainy day, but we were greeted in the airport with the warm company of Atty. Carl Alejandrino, and Mr. Muyco, the driver of the IBP Dipolog President, Atty. Augustus Alegarbes. We were driven to Hotel Ariana, which had comfortable executive suites, and certainly one of the better restaurants in this part of the world, Chloe’s Bistro. A blink of an eye later, it was already June 20, 2023, and my first official day as lecturer with Atty. Ron Enriquez welcoming us, on the way to the venue.  

Dr. Atty. Noel G. Ramiscal prior to his IBP Dipolog June 20 2023 MCLE Lecture on Digital Forensic Fraud

My lecture entitled “Protecting the Legal and Judicial Profession from Digital Forensic Fraud” is the result of my encounters in legal practice with dubious cyberforensic or digital forensic investigators (DFIs) who are tasked with collecting, acquiring, preserving, examining, and reporting the electronic evidence from cybercrimes, and other infractions that are pertinent in civil and administrative cases.

I told the participants that the Philippine Supreme Court and IBP have yet to come up with rules or even initiatives defining with clarity the ethical and legal obligations of digital forensic investigators, the lawyers who present them as experts in Philippine courts, as well as the duties of judges in determining the validity of the qualifications of DFIs, the credibility of their digital forensic investigation reports (DFIRs), and the reliability of the methods and processes they use.

Dr. Atty. Noel G. Ramiscal during his MCLE Lecture on Digital Forensic Fraud with some of the lawyer attendees, June 20, 2023, IBP Dipolog

Lawyers, as agents of the court, and judges are de facto burdened with the task of being evidentiary gatekeepers and weeding out the bad DFIs from the good ones, as well as inadmissible DFIRs, from the acceptable ones. I imparted to the participants several tips and strategies in doing this.

I introduced to the participants the actual educational framework developed by the Commission on Higher Education (CHED) for all forensic scientists, that include DFIs. This little known CHED standard was reviewed by me when I was the Technical Consultant of the former CHED Chairperson, Dr. Patricia Licuanan. I revealed to the participants some of the professional certifications relevant to the work of DFIs and the required proof for presenting these certifications. These are all relevant now due to the revisions made under the 2019 Amendments to the 1989 Revised Rules on Evidence (A.M. NO. 19-08-15-SC).

The significance of the 2018 Rules on Cybercrime Warrants cannot be gainsaid. Private DFIs have argued in criminal cases where the evidence they collected, acquired, investigated, reported and testified in court, are not covered by the rigorous requirements of these Rules. But I have argued to the contrary. While the rules do cover cases where cybercrime warrants were issued, the general import and intent of the rules, as well as the provisions, apply to all cybercrime cases, in terms of gathering and surrendering the electronic evidence to the court that acquired jurisdiction over these cases.

I exposed the major arguments and tactics I experienced which government employed and private DFIs use in avoiding the requirements of these Rules, so they would not turn over any electronic evidence they acquired to the courts. One disingenuous strategy they employ is to foist their DFIR as the actual legal substitute for the electronic evidence itself, in attempts to hoodwinking the courts and preventing the opposite parties to examine the electronic evidence by their own DFIs. I gave the participants the arguments I used in thwarting this highly irregular and unethical strategy in actual cybercrime cases where I served as the consultant of acquitted accused.

Dr. Atty. Noel G. Ramiscal with Atty. Vince; the MCLE Committee Head, Atty. Kenneth Lim; and the IBP Dipolog Pres., Atty. Augustus Alegarbes, June 20, 2023 presentation of plaque of appreciation

Another very important evidentiary stronghold that unethical DFIs would attempt to bypass is presenting evidence of the Chain of Custody (CoC) they should have established and recorded from the time they collected the e-data up to the time they turned such data to the courts. The DFIRs I have encountered in my practice do not contain any log sheet or any record of everyone who had, apart from the DFI, accessed, examined, or handled in any way, any of the e-data that the DFI acquired for his/her investigation. In my view, without the proper presentation and validation of the evidence of the CoC, the DFIRs, even the testimony of the DFIs should be disregarded because there is no proof that the original e-data collected, acquired, preserved, and examined by the DFI had not been altered in any way, by any party. The evidentiary requirement of CoC is a must in all types of cases where the evidence is quite volatile or easily corruptible, like e-data.

As many lawyers are not trained in law schools and even in MCLE seminars in the technological aspects of their practice, I told them they must persevere in their own pace and time, in learning about these matters and must not be intimidated by the task of perusing DFIRs. They must remember that no matter how technical the processes and the reports apparently seem, they still must conform with the rudimentary requirements stated in our evidentiary rules and the Constitutional right to due process. 

Dr. Atty. Noel G. Ramiscal at the Dipolog City Center, June 20, 2023

I cannot thank enough the forward thinking MCLE Committee Head, Atty. Lim, who is himself, a cyberlaw specialist, and the entire IBP Dipolog officers and members headed by their gregarious President, Atty. Alegarbes, their accommodating Vice Pres. Atty. Fevie Gador, the gracious lawyers (Attys. Vince and Byrne) who took my pictures using my ancient mobile phone, before it conked out, and all the participants for their generosity of Spirit! God Bless!

Philippine Lawbytes 229: The First “Live” Digital Forensic Fraud Lecture in the Philippines, Dr. Atty. Noel G. Ramiscal

My MCLE lecture for the University of Cebu Law School (UCLS) last May 6, 2023 was quite historic for me because it was the first “live” lecture on “Digital Forensic Fraud” by any lawyer in the Philippines, and it was certainly the longest, clocking in at three hours.

I had the opportunity to lecture on this topic for the MCLE provider ACCESS twice last year, via Zoom, but my lectures were just two hours each, so their scope had to be curtailed for me to impart the most essential tips and strategies for lawyers to recognize the indicia of fraud committed by digital forensic investigators and how they can legally respond to these instances of fraud. You can read about it here:

Philippine Lawbytes 222: The First Digital Forensic Fraud Lectures in the Philippine Mandatory Continuing Legal Education (MCLE) History

For the UCLS, I was able to discuss the essential elements in electronic discovery procedures in US civil cases which had been judicially refined thru decades of groundbreaking cases and synthesized into concise rules contained in the Federal Rules of Civil Procedure. Unfortunately, these rules had been transplanted in the Philippines by the National Privacy Commission in their own administrative procedures, even though the legal history, awareness, and the nuances in the judicial application of such rules and appreciation of the corresponding sanctions, are all lacking in the Philippine legal milieu.

Dr. Atty. Noel G. Ramiscal in his May 6, 2023 MCLE Lecture on Digital Forensic Fraud for the University of Cebu Law School MCLE Program

As an example of the complexities involved in e-discovery of digital evidence in civil cases that requires the utilization of digital forensic investigators (DFIs), I gave the recent case of Red Wolf Energy Trading LLC v. BIA Capital Mgmt., C. A. 19-10119-MLW, C. A. 19-10119-MLW (D. Mass. Sep. 8, 2022). It involved among others, the e-discovery of incriminating messages between the defendants contained in the web messaging platform “Slack”, which the plaintiff’s e-discovery expert found, but which the defendants did not disclose to the court. Defendants claimed to have hired a DFI who had no experience with “Slack” resulting in the alleged non-discovery of the messages, which the plaintiff’s expert witness countered could have been discovered by the simple use of a free in-built e-discovery tool in “Slack”, and the use of a standard e-Discovery tool which could have costed only US$10,000. In the end, the Court found for the plaintiff and rendered a judgment by default against the defendants for failure to produce all the relevant documents in the case, not once but several times, disobeying the court’s original 2019 order and delaying the trial of the case for three years. This type of nuanced judgment involving the technicalities of e-discovery of electronic evidence, using the US Federal Rules of Civil Procedure, which the NPC merely copied in their administrative procedures, have no parity with any Philippine court decision that I have encountered in my law practice, research, and advocacy.

Dr. Atty. Noel G. Ramiscal bringing his advocacy against “Digital Forensic Fraud” closer to the lawyers who attended his lecture on this matter at UCLS, May 6, 2023

I was able to also discuss the involving her conviction for the Bangladesh Bank heist that involved the Jupiter, Makati, branch of RCBC where she worked as a branch manager. The RTC Judge in January 2019 convicted her solely for being responsible for the loss by the Bangladesh Bank of US$81 million, which the court, thru the testimony of Rafael Echaluse, the Anti-Money Laundering Council (AMLC) secretariat officer who investigated the case. The court deemed that she used “her position in the bank and her banking knowledge and experience, hence accused Deguito was able to execute and implement these illegal transactions with ease”. This conviction was affirmed by the Court of Appeals in February 6, 2023. But what is disturbing in this case, which I discussed with the UCLS participants is the lack of digital forensic evidence presented against her by the prosecution, or in her support, by the defense counsel. I then presented to the attendees, the complicated series of cyber events that eventually led to the cyberheist. Ms. Deguito, even with her “banking knowledge and experience” could not have pulled off, what is largely a very technical cyber operation that could only be done by a State actor, or agents of a State actor, in the span of almost a year, involving several banks in different continents. Evidence of the operation and even the identity of the perpetrators, as investigated by the US FBI, can be found online, but these were apparently not introduced in the Deguito case. It is in cases like this, where the services of a competent reliable DFI is a crucial element to support and safeguard the rights of the accused, and the right of the Philippine general public and the RCBC depositors to know the whole truth.

Another thing that my UCLS lecture afforded me is the opportunity to discuss the importance of ascertaining the complete destruction of electronic evidence which could be by lawful or unlawful means. Since destruction of e-data necessarily entails the prevention of their e-discovery, which could be abused by digital forensic investigators, I showed to the participants how to prove the destruction of e-data in a lawful manner. I also gave tips and strategies on how lawyers and law firms can protect themselves against any legal action involving the destruction of e-data that is potentially subject to e-discovery for future litigation.

Dr. Atty. Noel G. Ramiscal receiving the UCLS MCLE Certificate of Appreciation from Prof. Atty. Ella Mae Mendoza, May 6, 2023 on Digital Forensic Fraud

Of course, I discussed the many ways that digital forensic investigators can perpetrate fraud against any party in any case, and against the Courts. As I emphasized to the participants, they have to know the right educational degrees and professional certification/s of the DFIs. I brought to their attention the sole legal educational standard developed by the Commission on Higher Education (CHED) on forensic scientists that was promulgated in 2012, that can apply to DFIs. I reviewed this standard prior to its passage, as the Technical Consultant of the CHED Chair, Dr. Patricia Licuanan, during that time.

Lawyers must familiarize themselves with the content of a Digital Forensic Investigation Report (DFIR), and know what the content actually translates to in the legal context. And most importantly, they have to understand and relate to the DFIR some of the most crucial concepts I discussed which could indicate if the DFIs did a great job or committed fraud, including digital hashing, hash collisions, write blockers, chain of custody, etc. As lawyers, and agents of the court, they must know the evidentiary tricks of DFIs, which I discussed, so they can act as gatekeepers to safeguard the judicial system from the admission of fraudulent evidence concocted by DFIs who do not act in the interest of Truth and Justice, but rather collude with agents of the State, or with third parties, to falsely incriminate innocent parties, and misdirect the Courts.

University of Cebu Law MCLE Certificate of Appreciation to Dr. Atty. Ramiscal re: Digital Forensic Fraud lecture given on May 6, 2023

Despite the three-hour period given to me, I was not able to cover all the relevant areas that are subject of digital forensic fraud. The thoughtful questions and insightful comments raised by the participants during my lecture and in the written comments they provided showed their high level of engagement and desire for more knowledge and training on this matter. Some expressed their desire for an internship, a full course, or a continuing course on the subject by me. One particularly expressed the wish of being trained by me. The hankering for more information and training on this subject which is not taught in any law school or even in previous MCLE seminars given by any MCLE provider, were also reflected in the comments given by the participants in the previous two ACCESS lectures I conducted last year.

Dr. Atty. Ramiscal with his mother, Atty. Archival, Atty. Mendoza, Ms. Che, & Mr. Tambolero, at Rico’s Lechon, May 6, 2023

Deepest gratitude to the UC MCLE “family” consisting of their founder, Atty. Augusto W. Go, their current Dean, Atty. Al-Shwaid Ismael, the MCLE Program Director, Atty. Josh Carol Ventura, the UC Bar Review Director, Atty. Lorenil Archival, and the MCLE support staff (Mr. Miculo Tambolero), for all their generosity in accommodating us at the very classy Waterfront Hotel, and for providing for all our needs, and to Mr. Macky, for serving as our chauffeur. We also would like to thank Attys. Archival and Mendoza, and Mr. Tambolero, who treated us to Cebuano specialties at Rico’s Lechon before we left. To all the UC MCLE “live” participants who made the seminar even livelier, including Attys. Parcon, Montenegro, Cabahug, Tan, and Dano, and all the generous comments given by the participants, who inspire me to better myself as a communicator, creator, and advocate of relevant legal content and knowledge for the betterment of service to clients and the protection of the Philippine legal and judicial systems, “Salamat gyud kaayo”!

Philippine Lawbytes 228: The First “Predictive Justice” Lectures in the Philippines’ Mandatory Continuing Legal Education (MCLE) Seminars, Dr. Atty. Noel G. Ramiscal

Always looking for innovative topics for MCLE lectures, I was inspired to create a whole new lecture on “Predictive Justice” in 2023, after the Supreme Court came out with its 2022 “Justice in Real Time: A Strategic Plan for Judicial Innovations 2022-2027 (A.M. 22-04-26, June 28, 2022) or the “SPJI”. In order for Philippine courts to be relevant in the age of Artificial Intelligence (A.I.) and the 4^th Industrial Revolution, the SPJI talked about a “re-engineered court system” that will have a digital infrastructure based on a “system wide process mapping” (Outcomes and Activities, p 10), that can contribute to the competence of its members. In doing so, the Supreme Court identified three areas where A.I. can come in: Transcription services, Legal research tools, and Case monitoring.

I had in the past delved on the use of “LegalTech” that incorporate A.I. algorithms and software to make the lawyers’ jobs easier, to the extent that some of these e-tools can replace some of the paid legal functions that lawyers do. But the prospect of developing a three hour lecture on “JudgeTech” tools that can be used for augmenting the jobs of judges, which can affect the way “Justice” is dispensed, profoundly intrigued me. It was the ACCESS MCLE provider that gave me the first chance to impart my newly minted lecture last March 18 and April 13, 2023.

ACCESS Certificate of Appreciation to Dr. Atty. Ramiscal’s synchronous MCLE Lecture on Predictive Justice April 13, 2023

In May 5, 2023, the University of Cebu (UC) Law School, as MCLE provider, gave me another opportunity to do so, but this time, it was in a “live” setting, i.e., in the UC Banilad Building Hall, in Cebu City.

My whole lecture focused on three parts: Delineation and Appreciation of the Context and Risks of “Predictive/Algorithmic Justice” particularly as “Legal Research Tools”; the Technical and Ethical Competence of Judges; and Judicial Viral Misconduct.

Dr. Atty. Noel G. Ramiscal during his May 5, 2023 MCLE lecture for the University of Cebu Law School on Predictive Justice

For this article, I would delve on A.I. tools, software and systems which had been utilized, or are currently being used by judges and justices in several countries. The term “predictive justice” has been applied to the dispensation of justice, by using any algorithmic tool or software that can analyze large and relevant datasets and come up with recommendations based on statistics and probabilities that judges can take into account in making their decisions in certain types of cases.

In Brazil, an A.I. software is being used by the Brazilian Supreme Court in conducting preliminary case analysis to reduce some of the research burdens on the Court. In India, an A.I. portal called Supreme Court Portal for Assistance in Courts Efficiency (SUPACE) was established for criminal cases, to help judges in their legal research and case monitoring. In Canada, the first A.I. driven online dispute resolution (ODR) settlement via an online ODR tool that analyzes the parties bidding tactics and strategies was made.

While plans in Estonia, to establish a robot judge to settle small claims disputes had fizzled, in China, some Shanghai courts have replaced clerks of court with A.I. assistants, and in Beijing, in 2017, some internet courts using A.I. software have been resolving cases without the assistance of human judges, and 98% of the decisions have not been appealed.

In the Philippines, there was a study made by DOST ASTI concerning the use of software in analyzing the decisions of the Supreme Court to predict the outcome of future criminal cases.  I have analyzed in detail the legal and technological implications of this research in some of my previous blogs.

Dr. Atty. Noel G. Ramiscal being interpellated by Atty. Montenegro, at his UCLS MCLE Lecture, May 5, 2023 on Predictive Justice

The SPJI alluded to the unnamed “risks” that A.I. poses when and if used in the Philippine judicial system (Outcome 2: Innovations, p 17). Unfortunately, the SPJI did not even provide any general guideline or standard that can help determine the legality and ethicality of using A.I. tools in assisting the work of judges and in helping them provide for example, a correct framework for assessing the merits of current cases, or the potential of any accused to recidivate. To provide a useful guidance on this matter, I discussed the controversies in the U.S.A., regarding software algorithms which had been used in determining bail amount and probation.

Due to the way A.I. algorithms are constructed and how A.I. tools “learn” from the data they are fed, they had been discovered to incorporate the biases of their creators, and discriminate against women, LGBTQIA+ people, people of color, or ethic minorities. They can be programmed by unscrupulous developers to assist in government corruption. They can also contain source code errors, and can suffer from “software rot”, which their creators and sellers try to hide by using the veil of intellectual property rights.

Ever since I started lecturing on the Law and Ethics involving A.I. in 2022, I have cited and discussed different international standards and frameworks that can actually serve as guidelines which can be used by Philippine legislators and regulators. Amongst these are: (European Parliament resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence (2020/2014(INL)); Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL LAYING DOWN HARMONISED RULES ON ARTIFICIAL INTELLIGENCE (ARTIFICIAL INTELLIGENCE ACT) AND AMENDING CERTAIN UNION LEGISLATIVE ACTS, 2021/0106; the Asilomar Principles; and even Isaac Asimov’s Laws of Robotics. For Predictive Justice, I discuss the European Ethical Charter on the use of Artificial Intelligence in Judicial Systems and their Environment (2018), which was adopted by the European Commission for the Efficiency of Justice (CEPEJ).

Dr. Atty. Ramiscal’s Predictive Justice ACCESS MCLE lecture, with sample comment from a participant, March 18, 2023

I delved into the issue if A.I. tools, or “robo-judges”, or the “predictions” they provide to judges can be “legal” or “ethical”. Without going thru the philosophical and political underpinnings of such an endeavor, and basing my analysis exclusively on the constitutional, legal and regulatory standards that exist in the Philippines, I came to the conclusion that they are neither “legal”, nor “ethical”, nor permissible under the 1987 Constitution, and the relevant regulatory framework pertaining to judges, which all require judges to be “human”. The Philippine legal milieu would have to be adjusted or tweaked in order for A.I. tools or “robo-judges” dispensing some form of “legal” prediction or “decision” to gain legal acceptance.

Since the Philippines has no current law that actually regulates A.I., and no specific guidelines as to the use and regulation of A.I. predictive tools used in the judiciary, I brought to the attention of the participants several matters that can be used for developing safeguards as to what these A.I. predictive tools or systems should be fed on, in terms of judicial data. For instance, there has to be parameters set on what these data should include, from what courts should these data be sourced, and the establishment of the provenance of such data for authenticity and verifiability purposes. Content wise, I discussed several Supreme Court decisions that can be considered “bad” for their general and specific legal repercussions on the Philippine public welfare. Any predictive tool or software must, from the very start, incorporate a system of determining and excluding “bad decisions” from being part of the equation of “predictions” that these tools would suggest or recommend to judges.

In order to avoid mistakes that have happened in several jurisdictions (which I also noted in my critique of the DOST ASTI research), where the predictive tools were created by developers who have no expertise on the areas where the tools were going to be used, “multidisciplinarity” is key to the success of these tools. So for predictive justice tools, aside from judges, prosecutors, and lawyers, some of the professionals that can be tapped can, and should include, economists, sociologists,  philosophers, computer engineers, biologists, physicists, mathematicians, statisticians, psychiatrists, and medical doctors, to provide a wholistic view of how predictive justice can achieve its aim of assisting judges.

University of Cebu Law MCLE Certificate of Appreciation to Dr. Atty. Ramiscal re: Predictive Justice given May 5, 2023

I would like to especially thank the ACCESS management, their founders, Atty. Peaches Aranas and Mr. Alex Canata, the Adamson University College of Law, headed by Dean, Atty. Ada Abad, and the ACCESS technical support staff, for giving me the first opportunity to share my research and insights on this complex and very challenging topic via their synchronous MCLE sessions. Special note of thanks to all the ACCESS MCLE participants who gave me some of the greatest feedback I have received during my 15 years as MCLE lecturer, and it happened via Zoom!

Dr. Atty. Noel G. Ramiscal receiving the UCLS MCLE Certificate of Appreciation from its MCLE Director, Atty. Josh Carol Ventura, May 5, 2023 on Predictive Justice

Of course, greatest heaps of thanks go to the UCLS Founder, Atty. Augusto W. Go, the UC Law School Dean, Atty. Al-Shwaid Ismael, the UC MCLE Committee, headed by Atty. Josh Carol Ventura, the UC Bar Review Director, Atty. Lorenil Archival, the technical and support staff, and all the gorgeous, wonderful lawyers who gave me their valuable attention, and their insights, during my lecture, making my first “live” MCLE lecture since March 2020, all the more fun and memorable!

Philippine Lawbytes 227: Law, Technology, and the Culture of Violence, by Dr. Atty. Noel G. Ramiscal

On May 4, 2023, I conducted two, two-hour lectures for the University of Cebu students and faculty, in their Banilad Campus, which serves as home to different colleges including their College of Law. I have lectured in this campus several times prior to the pandemic, and one thing that I can say, then and now, is that it is run very professionally and the facilities are quite clean. It is also one of the very few places that I truly felt that innate rush of academic adrenaline that is specially invigorating when one is about to share insights and experiences via lectures.

For my first lecture, I set out to briefly discuss some of the important drivers of the Fourth Industrial Revolution. I delved more in detail on two.

The first is “Artificial Intelligence” or “A.I.” I broke down the component technologies that comprise A.I., and showed how these actually contribute to the impression that A.I. technologies seem “intelligent”, and appear to have “autonomy” whereas in fact, they do not apply any logic or reasoning processes, but are mere crunchers of big data and statistical correlators of lexical connections, that have nothing to do with what we know as “intelligence”. These A.I. technologies like ChatGPT, rely on big data, which takes up a lot of power to process, and do not guarantee accuracy, nor authenticity, as the unfortunate February 2023 Google Bard incident showed.

Dr. Atty. Noel G. Ramiscal at the start of his lectures for the University of Cebu audience, May 4, 2023

Aside from reporting falsities, A.I. technologies can, because of the way they are programmed, learn biases and reflect the horrifying discriminations from netizens and from online information that they interact with. What is also disconcerting to some is the real and actual threat of A.I. systems and tools to displace several workers and professionals in various industries. Since the Philippines does not have any existing legal or regulatory framework that applies specifically to A.I., I introduced several legal standards and ethical frameworks developed in some jurisdictions concerning the development, roll-out and applications of A.I. As I told the attendees, the coming 5 to 10 years would be crucial for the Philippines to get things right, A.I. wise. 

The second is additive manufacturing or 3D printing. Instead of building things by subtracting materials, thereby leading to wastage, 3D printing builds materials layer by layer through the use of “ink” materials made from special filaments that could range from ABS (a form of plastic), to stainless steel, to food substances like chocolate, etc., by various processes. I showed the audience how many industries, particularly those in manufacturing, are greatly affected by it.

My Ph.D Law alma mater, the University of Queensland in Australia, for example, has one of the best aerospace student programs in, dare I say it, the world, UQSpace. It has been using 3D printing to print rocket parts sustainably and with faster completion times. A team of UQSpace students/engineers won an award last March 2023 for their 3d printed rocket engine powered by oxygen and hydrogen that produce zero CO₂ emissions.

UQSpace 3D printed rocket from Dr. Atty. Ramiscal’s Ph.D alma mater, the University of Queensland, Australia

The most important part of whatever process the 3D printed materials is created, is definitely the Computer Assisted Design (CAD) file that serves as the “blueprint” for the finished material. I delved on the several layers of legal issues from a technological and intellectual property right perspective that surround the CAD files.

I introduced the participants to the work of Dr. Lee Cronin, the brilliant “mad” chemist who is trying to computerize all the known formulae and processes that go into the production of medical drugs, put them all in a “chempiler”, that has the ability to analyze all the information, even from scientific papers, and work with 3D printers that print any selected drug on demand. His vision of 3D printing drugs anywhere anytime is nothing short of earth shattering, particularly for the pharmaceutical and related industries.

Aside from 3D printers being used in printing medical devices, prosthetic devices and even human organs, it is also now utilized in the fast food industry. McDonald’s was supposedly set to debut its 3D printed burgers and buns in 2020 and in 2022, but has been delayed due to the pandemic. But 3D printed vegan burgers made from chickpeas, printed in restaurants, are now made available by SavorEats from Israel.

All of these bring their host of legal, philosophical, religious and even health issues that have to be scrutinized under the Philippine legal and cultural milieu.

The second lecture I delivered dealt with the use of some of these technological drivers of the 4^th I.R. to facilitate gender based or SOGIE based violence. I delved on how abusers have increasingly used technological tools and devices to actually perpetrate sexual abuse and crimes against their prey. One of these drivers, the Internet of Things (IoT) have specially been crucial in technologically gaslighting vulnerable victims to doubt their own sense of reality, and erode their self-confidence, so they are at the absolute mercy and control of their abusers.

What is crucial in understanding this type of violence is that the manifestations can be intrusive, constant, and psychologically devastating. But because most of the time, there is no physical sign of abuse on the person of the victim, law enforcement authorities minimize or ignore its dangers, until the violence escalates into the victim’s injury or worse, death.

Another technological driver, augmented reality, which is crucial in the “Metaverse”, that the former FaceBook, now Meta, and other big players like Microsoft, RoBlox, etc., are striving to build, had already been shown to be susceptible to being corrupted by predators. Virtual worlds built by Meta (which are accessible through e-devices like Meta’s Oculus Rift), VRChat and Rec Room had been turned into e-dens for virtual sexual assaults, sexism and racism, despite the technological safeguards built by the creators of these worlds. 

I emphasized that the Philippines actually has more than adequate laws to protect targets of this type of violence. While there are certainly huge gaps in the implementation of these laws by the authorities, my own assessment is that gender based or SOGIE based violence, in whatever form, continues to exist rabidly in the Philippines due to the wide acceptance of religious, cultural and social beliefs that tolerate and justify the degradation and oppression of women and LGBTQIA+ peoples.

Dr. Atty. Noel G. Ramiscal amongst the audience in his May 4, 2023 lectures at the University of Cebu, Banilad

I gave examples of specific ancient literature, rites and practices in different religions and countries all over the world which are still currently extant and taught in these states. I apprised the participants that the World Health Organization several years ago, came out with a list of beliefs that engender violence and discrimination against women and those in the LGBTQIA+ community. It is more than apparent that these beliefs can be traced back to the writings and practices I briefly discussed. It was truly a great thing that my audience was quite diverse consisting of lawyers, other professionals, and students from various disciplines including law, and education. Some of them confirmed the existence of these beliefs and practices in their own personal and professional spheres.

Atty. Emy Parcon sharing her insights at Dr. Atty. Ramiscal’s UC Lecture, May 4, 2023

Before I end this, I also discussed those false sexual and gender myths circulated about women and LGBTQIA+ peoples that help perpetrate the vicious cycle of online and real time violence. I apprised them of the current trend of regression seen in several countries around the world that threaten to erode the rights and autonomy of women over their bodies, and the legal rights of trans people, particularly the trans youth and transwomen, who are arguably, and currently, the most discriminated class of people, globally, due to the prevalent legal trend of binding the definition of gender to biological chromosomes. It is saddening that the Philippines has no current law that gives trans people the legal protection they deserve and need.

Group shot with some of the students and professionals that attended Dr. Atty. Ramiscal’s UC lectures, May 4, 2023

Kudos and heartfelt thanks to the University of Cebu MCLE Committee and staff, and in particular, Atty. Lorenil Archival who actually did her best to promote the lectures, up to the very hours I was lecturing! Thank you to the hosts, the technical people, and the wonderful participants, including the several law students who contributed their questions and insights to the discussion, and the slew of lawyers, especially Atty. Emy Parcon, who gave her perspective and generous feedback on the matters that my lectures raised. The four hours went by like a breeze! God Bless!

Philippine Lawbytes 226: The Grace to Survive SOGIE Based Violence, Dr. Atty. Noel G. Ramiscal

In early 2022, the University of the Philippines (UP) Cebu Office of Anti-Sexual Harassment (OASH) and Gender and Development Office, thru their OASH head, Atty. Archill Capistrano, requested me to create two course modules for their first Anti-Sexual Harassment (ASH) Training program. I developed the modules based on my experience and practice as an advocate of the rights of women and LGBTQIA+ peoples, and as a lawyer and litigator with particular emphasis on using electronic evidence and strategies for keeping victims and survivors of physical and e-violence safe.

The gist of the first module can be found here;

Philippine Lawbytes 213: The First Responders’ and Survivor’s Training in Electronic Evidence on Online Sexual Harassment and Violence in the UP Cebu System

The second module’s thrust and summary are noted here:

Philippine Lawbytes 216: The Terrains of Sexual and Gender Based Violence Against Women and LGBTQIA+ (or the Vast Unacknowledged Sexual and Gender Variants)

What is gratifying is that I was informed by Atty. Capistrano that their Anti-Sexual Harassment (ASH) Training program, which included these two modules I created for them, received a commendation from the Philippine Commission on Women (PCW) and NAPC last October 2022.

UP Cebu PCW NAPC Special Citation October 2022

As part of the ongoing training by the UP Cebu OASH and GAD Office for its students and ASH trainees, I was again invited by Atty. Archill to conduct a third training module session on the World Girls ICT Day. Instead of conducting it in Zoom like the previous two, I suggested to do it live in May, because I was invited by the University of Cebu Law School (UCLS) to conduct two MCLE lectures there and two separate lectures for UC students from May 4-6. As the sponsor for my plane fare, I asked the University of Cebu Law School (UCLS) MCLE Committee headed by Atty. Josh Carol Ventura, and Atty. Lorenil Archival, if I could fly earlier to Cebu to conduct the training session with the UP Cebu students, with UP Cebu answering for my accommodations, and they agreed. I am so grateful to them for that.

UP Cebu Certificate of Recognition to Dr. Atty. Noel Ramiscal May 3, 2023, which recognized his two prior lectures as integral to UP Cebu’s Ist Responders’ Drill on Anti-Sexual Harassment in 2022 which led to UP Cebu’s special citation from the NAPC and PCW

UP Cebu is truly a must site for its historic importance and for three particular places: their Lobby (clustered with so many paintings), the Joya Museum (filled with provocative art installations) and the famous FabLab, which is part of its business hub that offers 3D printing services for businesses and interested parties in that area.

Dr. Atty. Noel G. Ramiscal at the UP Cebu FabLab 3D Printing Area, May 3, 2023, with his self-designed jacket that is an homage to the late great designer Vivienne Westwood, who was an LGBTQIA+ ally

We did a quick tour of these facilities and I had a chat with the manager of the FabLab, Mr. Fidel Ricafranca, regarding the safety protocols concerning the open printing of the 3D printers with common plastic filaments that emit ultra fine particles that could be a health hazard for those who inhale them.

Dr. Atty. Noel G. Ramiscal at the UP Cebu Joya Museum, May 3, 2023

Next up were my almost 4 hour lectures. I planned to give two, then I decided to concentrate on the SOGIE based violence lecture, and interweave the relevant technologies in the age of A.I. that are used to facilitate this type of violence.

Atty. Archill Capistrano giving the rationale for the #ASH Drill and Dr. Atty. Ramiscal’s Lectures

To continue the two course modules I delivered last year, I went deeper into the social, political, religious and cultural literatures and contexts embedded in different societies which, despite all the laws that we have right now, appear to condone, justify, mitigate, minimize or make invisible the actual physical and inner violence inflicted on vulnerable peoples within families, tribes and communities on a global scale due to their sexual orientation, gender identities, expression and characteristics.

Dr. Atty. Noel G. Ramiscal with the Brave representation of his UP Cebu lectures, May 3, 2023

I cited specific passages, rites and beliefs in various religions and cultures that demonize women, and target the LGBTQIA+ peoples for their perceived weaknesses, and perversity all rooted in baseless prejudices, written and interpreted (almost, if not always) by men, through various millennia and passed off as eternal truths. All these forms of harmful beliefs manifest, and escalate into actual violence at the intersections where women and the LGBTQIA+ peoples meet and share the spectrum of genders and sexualities.

I cited statistics of how the effects of SOGIE based violence, real, or inflicted online, and discrimination can impact a country’s macroeconomic and microeconomic status to a significant degree. The World Bank for example, had estimated that 1 to 5 years of life are lost in women ages 15 to 44 through death or disability resulting from domestic violence. In Australia, violence against women and children costs an estimated $11.38 billion per year. Domestic violence alone costs approximately $32.9 billion in England and Wales.

Research indicates that the cost of violence against women, including those in the LGBTQIA+ community could amount to around 2 per cent of the global gross domestic product (GDP). In 2023, this is equivalent to US$11 trillion (https://worldpopulationreview.com/countries/by-gdp, accessed May 29, 2023)! As advocates for these peoples, I told the audience that we should be strategic with our information and figures, particularly in dealing with legislators who may not be able to see beyond their prejudices, but can appreciate monetary figures and their implications.

Dr. Atty. Noel G. Ramiscal at the UP Cebu AVR for his lectures, May 3, 2023

As an essential addition to my lecture, I gave the attendees the gender and sexual myths about rape and sexual assault, and discussed a 2022 Supreme Court decision that calibrated the physical penetration of the penis into a vagina in order for a rape to be considered consummated. In doing so, I also discussed the reprehensible gender stereotyping and discrimination against women and LGBTQIA+ peoples by judges in different jurisdictions, including the Philippines, that unfortunately exist even at this time.

To cap off my lecture, I expounded on the many forms of technology facilitated violence, including recent examples of virtual sexual assault and rape in online worlds, and how the virtual safeguards in these worlds, including Meta’s MetaQuest have failed to protect women and minors. I gave my recommendations and suggestions on what metaverse, virtual games and app creators need to do more, in terms of built in security and safety features, developmental philosophy and ethical codes for creators and programmers to follow. They should not be allowed to hide behind the A.I. source codes and questionable or absent legal frameworks. It is up to us, the advocates to actually be vigilant and knowledgeable in the technologies and the possible legal implications to educate our clients and stakeholders of the risks that lurk in the new Meta frontiers of human and A.I. interactions.

Dr. Atty. Noel G. Ramiscal receiving his Certificate of Recognition from Atty. Archill Capistrano and the students who attended his lectures, May 3, 2023

The open forum followed with very interesting questions that showed the participants’ lively and knowledgeable interests in the matters I discussed. One matter that cropped up was the issue of surrogacy, and I remember discussing this at length in one of my MCLE lectures about 8 years ago on online human, organ and womb trafficking. When I was very young and full of untested philosophical theories, I thought I knew exactly the absolute answer or stand to take on issues like these. But when I got older, and had clients whose experiences challenged the very foundations of what I believed in, I can no longer look at this as a general, philosophical and clinical legal issue that can be answered easily. These “gestational carriers” (the euphemism coined to reduce these women to objects), are individuals who have undergone so much, to the extent that many of them have condemned themselves. So, in response to the question, I said I would not take any stand that does the same. As an advocate, I am here for them, and I know well enough to look past academic theories and unrealistic principles, to uphold their humanity, and defend them if necessary.   

I trust that with events like these, and the dissemination of life altering information that challenge hateful beliefs, the recipients of such information can find the grace and will to survive and end the cycles of SOGIE based violence in their lives.

Group shot with some of the joyous audience members in Dr. Ramiscal’s UP Cebu lectures, May 3, 2023

Shout out to Atty. Archill Capistrano for being an indefatigable and brilliant educator and human rights activist in her sphere, and her husband, Prof. Nilo Capistrano from the University of San Carlos, who gave us an afternoon tour of some of the important sights in Cebu City. To Atty. Archill’s very promising and engaging students (including Sandrine Mariñas & Gelyn Puracan who assisted us at the FabLab, the student hosts, reactors, and the one who created the “Brave” slide); those who attended my lecture, including former PCW Chair, Dr. Rhodora Buyco, and former UP Cebu VCA, Dr. Weena Jade Gera; to UP Cebu Chancellor Atty. Leo Malagar, who approved of the event, and the UP Cebu administration for graciously putting us in Harold’s Evotel; and to the FabLab people, including their coordinator, Mr. Fidel Ricafranca, who 3D printed an Oblation statue for me, my most heartwarming Thank Yous! God Bless!

Philippine Lawbytes 224: The Cyber Ethics of Technological Competence and the 1988 Philippine Code of Professional Responsibility for Lawyers (by Dr. Atty. Noel G. Ramiscal)

The Philippine Code of Professional Responsibility (CPR) had not been amended since it was promulgated in 1988. The Committee on the CPR, under the aegis of the Supreme Court circulated a Draft of the CPR since July 2022 to various law schools and relevant organizations for their feedback all over the country. The Supreme Court will hold a National Summit next March this year to presumably present the results of this endeavor.

To address this important development, the University of the Philippines Institute of Administration of Justice (UPIAJ) held a symposium in July 2022 concerning the future of lawyers vis a vis the CPR, with student and faculty presentations that contained suggestions on how to navigate the possible ethical morass in a globalized digitized world which the members of the legal profession have had to face during the pandemic.

UPIAJ commissioned me to write a Report that would incorporate the relevant inputs in the Symposium, with emphasis on the technological impact on the ethical practice of law, since that has been one of the greatest focal points in all my Mandatory Continuing Legal Education (MCLE) lectures for the UPIAJ. Moreover, it trusted me enough to include my own perspective, insights and recommendations culled from my own cyberlaw practice and experiences. This Report (which I entitled “A.I., Technology, Morality, Gender and the Code of Professional Responsibility”), the body of which contained over a hundred pages, was summarized, and submitted to the CPR Committee.

TECHNICAL COMPETENCE EQUATED WITH LEGAL ETHICAL RESPONSIBILITY

For the purpose of this blog, I desire to highlight some of the important suggestions I made for the CPR amendments and beyond that. Probably the most significant lack in the Committee’s CPR draft (which is 113 pages long), is that it has no provision which delves into the technical competence of lawyers, as part of their professional responsibility. While the Draft has copious sections on social media, it did not even mention the word “technology”. In all my seminars on “Cyber Ethics” since 2011, I have always propounded the view, with legal and technological bases, that the competency of lawyers in using technological products and internet innovations to serve their clients should be an important factor in determining, and inherently connected with, their professional ethical responsibility.

The global pandemic placed technology in front, back and center of a lawyer’s service to their clients. Zoom, Microsoft Teams, Skype and other types of conference technologies occupied a great part of how we communicated, legally transacted and appeared in court for the past three years. The Supreme Court allowed a limited form of electronic notarization, and MCLE lectures became synchronous or asynchronous.

But even before these transpired, A.I. technologies had already penetrated the legal profession in different jurisdictions including the Philippines. My report discussed the existence and success of these technologies deployed by Alternative Legal Service Providers (ALSPs), Legal Process Outsourcers (LPOs), Alternative Business Structures (ABS) and Multi-Disciplinary Structures (MDS), which I had discussed in my lectures was back in 2011. Concerns on the Metaverse, Fintech like cryptocurrencies, Non-fungible tokens (NFTs), etc., as they affect legal transactions, are rife.

In order to place importance on the technological competence of lawyers in ethically serving their clients, I came up with this provision that delineates the ethical obligations and courses of action a lawyer can take when technological matters or services are at stake, as a suggested amendment to the current Rule 5 of the 1988 CPR:

Rule 5.01 – TO MAINTAIN THEIR PROFESSIONAL COMPETENCE, A LAWYER SHALL KEEP ABREAST ABOUT THE TECHNOLOGICAL DEVELOPMENTS AND PROCESSES THAT IMPACT ON THEIR ABILITIES TO SERVE THEIR CLIENTS. THEY CAN TAKE THE NECESSARY STEPS TO ACQUIRE KNOWLEDGE AND UPDATE THEIR TECHNICAL SKILLS.

TECHNOLOGICAL INCOMPETENCE OR IGNORANCE IS NOT AN EXCUSE FOR ANY LAWYER TO AVOID PROFESSIONAL LIABILITY.  AS SUCH, IF A LAWYER IS NOT COMPETENT IN THE AREA OF LAW THAT REQUIRES TECHNOLOGICAL SKILLS AND EXPERIENCE, THEY MUST DISCLOSE THESE TO THEIR CLIENT. THE LAWYER SHOULD NOT ACCEPT THE CASE AND INSTEAD REFER THE MATTER TO ANOTHER LAWYER WHO CAN COMPETENTLY REPRESENT THE CLIENT’S INTERESTS AND HANDLE THE TECHNOLOGICAL DEMANDS OF THE CASE.

DESPITE PRIOR DISCLOSURE AND NOTICE, IF THE CLIENT STILL DESIRES AND AGREES TO THEIR REPRESENTATION, THE LAWYER WITH THE CLIENT’S PRIOR CONSENT, MUST SECURE THE ASSISTANCE OF A COMPETENT COUNSEL AND/OR EXPERT TO HELP IN THE CASE.

This, of course was the result of many considerations, and developments in several jurisdictions, which are noted in my Report, but which I cannot get into, in this blog article.

THE ESTABLISHMENT OF A COMMITTEE ON LAW AND TECHNOLOGY (CLT)

The CPR has not been updated for 34 years and it is not certain when the current task of revising the CPR would end. During that span of time and now, technological innovations were, and are launched with tenacious regularity that impact on the legal profession and affect the way that lawyers deliver their services. I therefore proposed that a select collaborative body of information technologists, scientists, doctors, engineers, mathematicians, business people and lawyers be formed as a regular body, i.e., a Committee on Law and Technology, that can meet on a regular basis to thresh out technological issues that are relevant to the legal profession and to their industries.

The CLT can be hosted or supported by the Supreme Court or the Integrated Bar of the Philippines (IBP) or both. It can serve the functions done by the American Bar Association or state bar committees in the U.S., or those in Canada that come out with advisory ethics opinions and proposed professional standards on the usage of technology. It can collaborate with other Supreme Court Committees that are involved in projects that have major technological components. 

SOME EXIGENT MATTERS THAT NEED SCRUTINY AND ETHICAL AND TECHNICAL GUIDANCE FROM THE SUPREME COURT, IBP, CLT AND OTHER RELEVANT ENTITIES

New and emerging technologies come around on a regular basis, and some of them, seemingly out of nowhere. So, these suggestions of mine are not exclusive or exhaustive.

PERMANENT E-NOTARIZATION SOLUTION/S

In my Report, I discussed the proposal on the establishment of some form of virtual notarization that will subsist as a regular and permanent, not an interim, form of notarization, with the important note that the validity of the notary public’s commission should not be tied to the exclusive territorial jurisdiction of the court that issued the notarization. An e-notary’s commission should cover the whole Philippine archipelago, so that the e-notarized document can be recognized in any Philippine court. This of course would require an in-depth study of possible e-notarization tools, including the use of blockchains, or distributed ledger technologies, which I reported, can render human notaries public irrelevant.

AMENDING THE ELECTRONIC EVIDENCE RULES

The Electronic Evidence Rules was amended last 2002. Due to the length of time, some of the concepts and rationale for some of its provisions have become passe. This can actually lead to errors in the appreciation of evidence submitted to court and in actual decisions. The CLT can take a long hard look at these rules and draft the amendments.

ASSESSING THE VALIDITY, EFFICACY AND FEASIBILITY OF THE ELECTRONIC DISCOVERY RULES FOR ELECTRONIC DATA OF THE NATIONAL PRIVACY COMMISSION (NPC)

The NPC in its NPC Circular 16-04 – Rules of Procedure (https://www.privacy.gov.ph/memorandum-circulars/npc-circular-16-04-rules-of-procedure/) which it promulgated last December 15, 2016 transplanted the governing principles that dictate the procedures of electronic discovery of civil cases in the U.S.

In 2007, I discussed the legal ramifications of the U.S. e-discovery rules for the Philippine Financial Executives Institute (FINEX) during their Information Technology Month. As I elucidated then, and it is true even now, the e-discovery principles and procedures have been, and are still being finetuned under American jurisprudence.

Prior to 2016, the Philippines had no existing rules or even jurisprudential understanding of many of these concepts. The NPC merely imported these rules without much understanding of what their consequences and implications for the stakeholders in litigation in the Philippines. The NPC had not come up with an extensive guidance as to the application of these Rules. E-discovery costs and the legal consequences in litigation in the U.S. are quite high! It would be best to have these rules of procedure scrutinized by those well verse in e-discovery techniques and tools, and determine their economic and legal feasibility.

THE STUDY AND REVISION OF THE 2018 RULES ON CYBERCRIME WARRANTS

This very important set of rules contain technological misconceptions that can be used to undermine or defeat the due process rights and data privacy rights of an accused or defendant. There are some procedures delineated that can impact on the proper preservation and destruction of electronic evidence, which can be legally deleterious for the accused.  Also, awareness about the proper procedures for these warrants and what they are need to be done more, so defense counsels can competently prepare the defense of their clients.

THE RE-VISIONING OF LEGAL EDUCATION AND THE LEGAL PROFESSION WITH A SOLID TECHNOLOGICAL PERSPECTIVE AND FOUNDATION

In a separate part of my Report, I proposed a sketch plan or a blueprint for making the GEN Z and the next generation lawyers relevant and capable of surviving the A.I. crunch, including new tech courses for lawyers and new careers in law with scientific and technological components. When I did my Master of Laws (Advanced) degree at the University of Queensland over 20 years ago, the “Law and Internet” class I took was held in a computer laboratory and we were given computer exercises pertaining to relevant technologies that were featured in actual controversies. Thus in 2000, I was able for the first time to test and use the Pretty Good Privacy (PGP) encryption software of Phil Zimmerman and decrypted the first encrypted word ever sent to me: apple! I know of no other Philippine lawyer at that time who was using this type of technology. Since then I’m a firm believer in educating lawyers and law students on these types of technologies. But currently, there is no law school I know of, or any MCLE provider that provides full hands on technology training with a legal purpose.

The proposed CLT, can cooperate with the Legal Education Board, the Commission on Higher Education, the IBP, the Supreme Court, the Philippine Bar Association, and other pertinent government agencies and tech companies in fleshing these out, or in coming with other viable alternative paths for legal practitioners, in case A.I. systems start displacing lawyers from certain types of jobs that are really not making them better lawyers.

DEVELOP A LEGAL ETHICAL FRAMEWORK FOR A.I. + QUANTUM TECHNOLOGY

In a different part of my Report, I talked about the necessity of studying and exploring the legal and ethical framework that need to be in place when the effects of A.I. systems and machines impact all of our lives, which is actually happening now, as evidenced by ChatGPT 4, and the e-discovery A.I. tools employed by ALSPs in different jurisdictions. The CLT can spearhead studies or research on legal and ethical issues involving quantum computing, quantum cryptography, quantum cryptanalysis, quantum money, etc. and how they can transform our economic, security, safety, and data privacy spheres.

One of the most exigent issues I raised is setting the framework for attribution and liability in an A.I. + Quantum technology world. The Philippines does not have this type of framework or even standards as of now. There is so much to explore, analyze and understand, legally, in all of these technological innovations and developments, if only one is open, willing to look and learn, and forego of the big ego and vanity of lawyers reflected in several Supreme Court decisions that hark back to the 1920s-1950s (which are still echoed today), of the somehow “sacredness” and “supremacy” of the legal profession over “commercial” professions, and the  anthropocentric view that any function done by a human lawyer (even if it’s just checking citations and footnotes) is an act of lawyering.

Philippine Lawbytes 223: A VAWLGBTQIA+ Free 2023: Combatting Violence Against Women and LGBTQIA+ Peoples by Examining and Changing Our Beliefs, by Dr. Atty. Noel Guivani Ramiscal

Several government agencies led by the Philippine Commission on Women engaged in an 18 days (November 25 to December 12, 2022) campaign to end violence against women and girls. This is part of an annual worldwide campaign that started way back in 2008 under the leadership of the UN Secretary-General. Such program had been christened to “UNiTE by 2030”, and is considered essential to attain the 2030 Agenda for Sustainable Development. Certainly, this will be launched again this 2023. Already, allied entities like the One Billion Rising Organization (https://www.onebillionrising.org) had started with their “Rise for Freedom” 2023 campaign against “Patriarchy and from all its progeny….capitalism, impunity, poverty, oppression, division, exploitation, shame, control, individualism, greed, violence”.

Onebillionrising.org Rise for Freedom 2023 campaign

The Mines and Geosciences Bureau (MGB) of the DENR, Region 2, thru its Chief of the Mining Division, Engr. Ellen Grace Galiste, and its Regional Director, Engr. Marcelo Noble, gave me the opportunity to speak at their agency’s event supporting this campaign, held last December 1, 2022 at the Bayview Hotel in Manila.

Due to my advocacy, I have sat thru a lot of lectures given by different speakers from various professions on this subject. On my part, I have on many occasions lectured on how technological innovations have been used by abusers to perpetrate online violence against women and the members of the LGBTQIA+ community. In 2022 for example, I was privileged to contribute to the Anti-Sexual Harassment First Responders’ Kit and training of the relevant members of the University of the Philippines Cebu system, particularly on electronic evidence, and gender identity issues surrounding not merely women, but also LGBTQIA+.

VAWFree Philippine Commission on Women Campaign 2022

But if the goal is to end violence against these vulnerable sectors by 2030, I thought long and hard what I will present to the MGB that are not commonly addressed or even mentioned in the usual lectures concerning the law, regulations and jurisprudence on this area. So two hours before my actual lecture, I decided to highlight some of the age-old beliefs that most of us hold, that had been ingrained in our countries, cultures, religions, tribes, and in our homes, which define women, and those who are different, as inferior and subservient to straight dominant cismen due to their supposed weakness in mind, body and spirit, their impurity, and their being the cause of sin, evil and temptation.  I chose to do this with the mindset that we will never be free of violence as long as we do not understand its root causes that lie in these beliefs, then question, change and liberate ourselves from them.

 

DENR MGB Region 2 VAWFree Program, December 1, 2022

My approach is informed by the World Health Organization (WHO) which in 2012 came out with a list of views culled from different communities all over the world based on their religious, ancestral and traditional practices and beliefs that WHO identified as “norms and beliefs that support violence against women” which also are relevant in violence against the LGBTQIA+ peoples. Some of these worldwide beliefs are:

• A man has a right to assert power over a woman and is considered socially superior
• A man has a right to physically discipline a woman for ‘incorrect’ behaviour
• There are times when a woman deserves to be beaten

In India, female feticide, dowry killings, widow burnings, and even gang rapes in very public places like traveling buses had surged in recent years, and the offenders have largely gone unpunished. The recent death of a 16 year old girl for wearing denim jeans by hanging from the hands of her male relatives who viewed the jeans as sexually provocative, is another item in the innumerable crimes against women, which can be understood, (and others have tried to justify) in the context of a very ancient complex caste society fueled by religious beliefs that uphold the superiority and even god-like status and privilege of men over the lives and bodies of women.  

A similar thing can be said about the motivations and beliefs about the honor killings of women in middle eastern, African and eastern European countries. These are still prevalent today because despite apparent laws that prohibit these actions, the offenders subscribe to their ancient religious and tribal beliefs that subjugate women to extreme and even fatal measures, which they consider worthy of pursuing, despite the consequences to their physical liberties. It must also be mentioned that in predominantly Muslim countries and societies, some of the Islamic writings or “hadith” about the prophet Mohammad, and some passages of their Qu’ran or Koran are not women friendly. In fact, I showed the MGB attendees four translations of the passage in Qur’an 4:34. All of these translations by Islamic scholars prescribe the beating of women by men who find them disobedient. 

China, like India, has a skewed population in favor of men. If one considers their millennia of cultural history, rites, religious beliefs, art, literature and even government policies, they are not flattering, and in fact, are quite harmful to women. This has been resulted in female feticide, femicide and human trafficking. There are over 50 to 100 million women missing in China. In some provinces, the female shortage is so severe that infant girls are purchased by men who raise them as their brides.     

In some Catholic countries, extremely conservative legislators have passed laws, implemented by ultra-conservative judges that absolutely take away the women’s autonomy over their bodies. In El Salvador for example, abortion, for any reason, even if it is done to save the life of the woman is completely criminalized. This has given rise to the phenomenon of the victimization by the legal and judicial system of very young, poor, and even illiterate girls and women, like Evelyn Beatriz Hernandez Cruz, who have been subjected to incest and gang rapes, who are suspected of terminating their pregnancies intentionally, even without any medical or legal evidence. Ms. Cruz, who was a teenager was raped many times by a gang member, passed out in a toilet, with a dead infant found beside her. There was no evidence if it died in the womb or during the birth or if she killed it. All the same, the judge sentenced her to 30 years in prison!  

Civil strife and war also escalate the violence against women and LGBTQIA+ peoples. In fact, rape as a weapon of war is terrifyingly illustrated in the ongoing Russian war on Ukraine. The patterns and incidents of sexual violence in Ukraine done by Russian soldiers have been reported in the U.N. Report of the Independent International Commission of Inquiry on Ukraine, A/77/533, released last October 18, 2022.

It must also be emphasized that in 2022, the human rights of women and LGBTQIA+ peoples have taken severe curtailment and regression in progressive countries like the U.S.A., see in particular the US Supreme Court decision in Dobbs v. Jackson Women’s Health promulgated in June 24, 2022 which denied a woman’s right to abortion. When this decision was handed down, I searched for a copy from the Cornell Law School’s Legal Information Institute, and much to my chagrin, the majority decision penned by J. Samuel Alito relied on a dubious and copious historical analysis (many, many pages) of the absence of abortion rights from the 18^th to the 19^th centuries, without taking into consideration the current 21^st century norms and advances in technology.

As with Dobbs, most of the founders, writers and interpreters of religions, religious texts and dogmas are men, many of whom insist on a historical, even literal, and absolutist interpretations of ancient texts which could not have foreseen the vast and multitudinous changes in our contemporary ethos and technological discoveries.  

Signed Certificate of Appreciation by DENR MGB Region 2 officials to Dr. Atty. Noel G. Ramiscal, December 1, 2022

As I said in my MGB lecture, the current laws, rules and jurisprudence that we have which appear to protect the rights and interests of women and LGBTQIA+ are merely reactive and palliative. They only and partially address the physical and online consequences, but do not address the root cause of all these violence. Unless and until all of humankind engage in a continuing discussion, soul-filled revision and liberation from their ancient beliefs and traditions concerning women and LGBTQIA+ peoples, a VAWLGBTQIA+ free world may seem to be a mere (vanished) ideal by 2030.

To all the DENR MGB Region 2 officials and participants, to Mr. Macandog and Engrs. Galiste and Noble, thank you wholeheartedly for allowing me to be part of your agency’s campaign. I salute you all! To all subscribers, readers and friends, An Empowering, Enlightening and Grace filled 2023!!!

Philippine Lawbytes 222:The First Digital Forensic Fraud Lecture in the Philippine Mandatory Continuing Legal Education (MCLE) History, by Dr. Atty. Noel G. Ramiscal

The Philippines does not have any Supreme Court jurisprudence on the proper conduct and standards pertaining directly to digital forensic investigation, nor the commission of digital forensics fraud. The current revised rules on civil and criminal procedure have no provisions relative to these matters. The Rules on Electronic Evidence which had been amended last 2002 (yes that’s right, 20 years ago) have no applicable relevant provisions that address these.

To be fair, the Philippines had adopted several ISO/IEC standards on the acquisition, preservation, examination of electronic data and the presentation of the digital forensic investigation report (DFIR) by the cyber forensic investigator (CFI). But the tragedy is, apparently, most, if not all, of the Philippine cybercrime court judges, prosecutors and defense counsels are not aware of these standards. These are not taught in law schools and even in MCLE seminars. Even the CFIs that I have encountered are not aware, or if they are aware, they do not follow these standards. 

Some of the lawyers who attended Dr. Atty. Noel G. Ramiscal’s Digital Forensic Fraud MCLE lecture, October 14, 2022

I first experienced dealing with CFIs and analyzing their DFIRs more than a decade ago, first in administrative cases, then in cybercrime cases. I had always desired to do a full pledged half day seminar on these matters containing my experiences, but since I am not an established training provider, I have to scout for one that can accommodate my advocacy for ethical digital forensic investigation and reporting. The Alternative Center for Continuing Education and Seminar Solutions, Inc. (ACCESS) and Adamson University College of Law trusted me to give a 2 hour lecture for their MCLE Synchronous series last October 14, 2022. I confirmed from the MCLE Monitoring Unit of the Philippine Supreme Court that it was the first lecture on Digital Forensics Fraud in the history of the Philippine MCLE.

The response was quite positive that I was invited to give another lecture last December 9, 2022 for ACCESS and Adamson College of Law, on the same subject. But of course, I changed some portions and included new portions.

Dr. Atty. Noel G. Ramiscal’s MCLE Lecture for ACCESS and Adamson College of Law, Digital Forensic Fraud, December 9, 2022

In both lectures, I made clear to the participants that I am not a certified CFI, nor have I represented myself to be one at any time. I serve as a cyber law expert witness and my qualifications have been recognized by Philippine cybercrime courts. In doing my tasks, I look primarily at the content of the DFIRs, and I analyze them according to the germane international and national technological and industry standards and regulations, appropriate jurisprudence from different jurisdictions, and significant scientific and academic literature that validate the technological tools and processes that were employed by the CFIs.

I delineated the technological “musts” in gathering, securing, and examining the electronic data that CFIs had copied from the original suspect devices and systems, from which no deviation is generally allowed. I utilized the framework of Dr. Turvey in his book “Forensic Fraud: Evaluating law enforcement and forensic science cultures in the context of examiner misconduct” published by Elsevier.

Certificate of Appreciation from ACCESS and Adamson University College of Law on Dr. Atty. Ramiscal’s MCLE lecture, October 14, 2022

I presented to the attendees several patterns in the DFIRs that I have examined, the testimonies under cross-examination of the CFIs, and their alleged bodies of work, which underscore the fact that these CFIs rely on the ignorance of judges and lawyers concerning the nature of electronic data, and the proper procedures in their collection, the safeguarding of their original content, including their metadata, the correct examination procedures, and the ethical presentation of the findings of the CFIs in the DFIRs in courts and quasi-judicial bodies. The actuations of these CFIs, in my opinion, are tantamount to digital forensic fraud, bolstered with my analyses of the characterizations of forensic fraudsters provided by Dr. Turvey.

Another indication of digital forensic fraud are the misrepresentations by the CFIs of their educational qualifications, their professional certifications, their employment history, their technical publications, and their alleged non-confidential bodies of work (e.g., Manuals, IRRs, SOP pamphlets, etc.) that they have presented to government agencies that supposedly employed them as consultants. I apprised the participants of the necessity of going thru all of the evidence presented by these CFIs on these matters, including examining the content of the CFIs’ social media accounts, to find out signs of untruthfulness in their declarations, that are sufficient enough to dismiss them as charlatans or “quack” experts.

Due to the fact that electronic evidence is now implicated or involved in all types of cases, it is imperative that the Philippine legal profession, and the judiciary should actually take a closer look at how these CFIs operate in terms of gathering, securing, examining and presenting electronic evidence; what and how their qualifications are presented; and the quality and truthfulness of their DFIRs. CFIs impact on the proper administration of Justice in the Philippines, as well as the lives of those people (mostly accused), who find themselves on the receiving end of the unethical and criminal acts of these CFIs. The stakeholders in the Philippine legal and judicial systems need to be more vigilant because unfortunately, these CFIs (who are not holders of licenses administered by the Philippine Regulatory Commission, or who are not regulated by any government or private agency) cannot be held accountable by any Philippine professional entity, except by filing criminal and civil cases against them in court. The presentation and admission of their fraudulent DFIRs and their testimonies taint the whole judicial system, and if not stopped, can lead to the admission of fraudulent “junk science” in Philippine jurisprudence.

Philippine Lawbytes 221: The Potential Consequences of Artificial Intelligence on the Future of Philippine Lawyers, by Dr. Atty. Noel G. Ramiscal

September 23, 2022 was truly an unforgettable day for my professional advocacies. I was privileged to conduct two new lectures for two Mandatory Continuing Legal Education (MCLE) providers in the Philippines: the University of the Philippines Institute of Administration of Justice (UPIAJ) and the Alternative Center for Continuing Education and Seminar Solutions, Inc. (ACCESS) in partnership with Adamson University College of Law. Both lectures which focused on the legal and ethical impact of Artificial Intelligence (A.I.) on the Philippine legal profession were confirmed by the MCLE Monitoring Unit of the Supreme Court as the first of their kind conducted in the Philippine MCLE history.

Dr. Atty. Noel G. Ramiscal’s MCLE Lecture on “A.I., Technology and the Future of Lawyering” for UPIAJ on September 23, 2022

Since there is no universally accepted definition of A.I., I gave the participants several definitions culled from the European Parliament’s Resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence and the 2021 Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, as well as from other sources. A.I. has always been associated with software and robots that operate with a certain degree of autonomy.

While the Philippines has one law that mentioned A.I. (Digital Workforce Competitiveness Act or R.A. 11927) and the importance of formulating a digital skills roadmap for the 21^st century Philippine workforce, there is no existing specific legal framework that tackles questions arising from the displacement of A.I. of certain types of professionals, or issues arising from the liability caused by the acts directly attributed to the acts of an A.I. system or tool. So, I presented certain crucial provisions in the European Parliament’s pronouncements because they provide useful guidelines that may be considered in the (very near future, I trust) by the Philippine legislature on A.I. related matters.

Dr. Atty. Noel G. Ramiscal’s MCLE Lecture on “The Legal Profession: A.I. and Technology: Where Exactly Are We?, for ACCESS on September 23, 2022

In researching my lecture, I came across a supposed myth noted in a Philippine website devoted to the Internet of Things (IoT). The whole portion I quote thus:

Myth 4: Artificial intelligence will displace humans and make contact center jobs obsolete

This is an apparent misconception in relation to picturing technology taking over humans, like in sci-fi movies. AI-equipped robots and machines are only carrying out work reserved for the most highly trained and professional members of society (e.g., doctors, nurses, lawyers)…(The Future of Artificial Intelligence: A Basic Guide to AI in the Philippines, https://www.iotphils.com/artificial-intelligence-philippines/

So according to this website, A.I. will only displace the jobs of certain types of professionals that include lawyers. And in my ensuing discussion I gave different examples of how A.I. enabled legal technology have penetrated the legal professions in different jurisdictions, and how the legal profession in those countries have had to adapt to the changes and the possible future repercussions. One of the most significant and undeniable inroads that A.I. technology had made in the legal profession is the automation of certain legal tasks previously done only by human lawyers, paralegals, would be lawyers/law graduates and legal secretaries. These include document drafting, legal research, legal analysis of documents for e-discovery, and contract/document reviews, which are now being done more efficiently and cheaply by A.I. software and systems. I gave examples of the legal cases and an actual experiment that pitted human lawyers with A.I. software, which went against the lawyers.

The irreversible verdict is when it comes to crunching millions and billions of electronic data for e-discovery, contract/document review, and litigation, human lawyers cannot beat A.I. software in terms of speed, efficiency and accuracy. These are part of the reasons why Technology Assisted Review (TAR) are required in several jurisdictions to bring down the legal fees of lawyers and lessen the time of litigation, to ease the burden on clients and the courts.

Certificate of Appreciation from ACCESS and Adamson University College of Law on Dr. Atty. Ramiscal’s MCLE lecture, September 23, 2022

Another important matter I discussed, which is not even thought of, or taught in Philippine law schools and MCLE lectures (other than mine) is, the rise of Alternative Legal Service Providers (ALSPs), and the creation of Alternative Business Structures (ABSs) and Multi-Disciplinary Practices (MDPs) which actually began in Australia way back in early 2000s, and has now permeated the legal and related industries in U.K., the European Union, and even the United States. These types of business structures are a combination of law firms partnering with other professional non-law firms like accounting, architectural, PR, insurance firms, etc. to create a one-stop service shop for their clients.

The operation of these firms would necessarily violate the strict non-sharing of legal fees with non-lawyers rule, and other pertinent rules under the Philippine Code of Professional Responsibility for Lawyers, which had not been revised since 1988! As a cyberlaw ethicist and legal futurist, I have been lecturing on these matters ever since I did my first lecture on Internet/Cyber Ethics way back in 2010 for the UPIAJ. It is unfortunate that these continuing developments in the legal arena which had already crept their way in the Philippine legal profession had not been addressed directly, indirectly, or even remotely by the concerned stakeholders and regulatory bodies in the Philippine legal profession. Stay tuned for more updates!

Philippine Cyberlawbytes 219: The Online Ghosting Bill as Dross and Discriminatory to the LGBTQIA+ peoples, Copyright by Dr. Atty. Noel Guivani Ramiscal

This is one of my blogs that should have been published early August 2022, were it not for some vicissitudes of life.

Anyway, in my August 3, 2022 Mandatory Continuing Legal Education (MCLE) Seminar lecture for the lawyers who availed of the MCLE seminars offered by the UP Institute of the Administration of Justice, I discussed many legal and ethical issues that pertain to the cyberlaw practice of lawyers who harness the Internet as part of their legal services. I also dealt with several legal developments that can impact the cyber transactions and relationships of Philippine netizens.

Dr. Atty. Noel G. Ramiscal’s August 3, 2022 MCLE Lecture

One of these developments is the Online Ghosting Bill filed by Philippine House of Representative member, Mr. Teves, which is currently pending with the House Committee on Health since July 27, 2022. This had rightfully earned its global notoriety for various reasons. It is a sample or a crash course on how not to draft a piece of legislation.

It begins with the Introductory Note that he hoped would explain the rationale or necessity for the bill numbered 661, filed in the present 19^th Congress, entitled “An Act Declaring Ghosting as an Emotional Offense”. It states:

“Ghosting-— when someone cuts off all forms of communication can be mentally, physically, and emotionally exhausting to the “ghosted” person. Studies have shown that social rejection of any kind activates the same pain pathways in the brain as physical pain, meaning there’s a biological link between rejection and pain. That goes for friends and partners, alike.

Ghosting is a form of spite that develops feelings of rejection and neglect. Ghosting has adverse effects on the mental state of the one being ghosted and his or her emotional state is still adversely affected as he or she will constantly be thinking of the welfare or the unexplained reasons of the one being ghosted. The ambiguity with ghosting, is that there is no real closure between the parties concerned and as such, it can be likened to a form of emotion cruelty and should be punished as an emotional offense because of the trauma it causes to the “ghosted” party.”

What was his basis for linking online ghosting as a form of “emotional abuse” which he desired to be criminalized? It was a sole article written by Adam Popescu entitled “Why People Ghost and How to Get Over it” accessed at: https://www.nytimes.com/2019/01/22/smarter-living/why-people-ghost-and-how-to-get-over-it.html. This article does not even pretend to be an extensive medical or psychological examination of the phenomenon of online ghosting, and it cannot hardly be considered a solid foundation for a piece of legislation that would necessarily and inherently intrude into peoples’ private relationships. If the government, specifically Mr. Teves, desires to oversee and regulate peoples’ online and real time personal relationships, there should be an essential and overriding necessity that could justify the erosion of personal privacy of Philippine citizens that are enshrined in the 1987 Constitution and protected by the Data Privacy Law (R.A. 10173). A mere article in the New York Times would not do that.

Several articles have derided the fact, and rightly so, that this bill, instead of providing some form of tangible redress or legal measure of any kind, to the aggrieved party. The actual Bill only contained five Sections. The first Section is the Title of the bill. The second Section defined three terms/phrases which are: emotional abuse; ghosting; and dating relationship.  The third Section is the Separability Clause which provided “If any provision of this Act is declared unconstitutionally inoperative, the other provisions not so declared shall remain in full force and effect”. The fourth Section is the Repealing Clause which stated: All laws, decrees, orders, rules and regulations or parts thereof inconsistent with the Act or rules and regulations promulgated pursuant thereto are hereby repealed or amended accordingly. The last Section is the Effectivity Clause which stipulated that the “Act shall take effect fifteen (15) days after its complete publication in the Official Gazette or in at least two (2) newspapers of general circulation, whichever comes first”.

Any first-year law student or anyone versed in the law would tell you that this Bill actually lacked the crucial element of being a criminal law. It purports to declare an act, specifically “ghosting” as an “offense”, but it did not exactly, clearly and definitively provided the criminal elements for such an offense. Equally important, it did not provide for any criminal measure, penalty or fine for the act.

Most revoltingly, this bill contains a very discriminatory slant, which has not been called out by many commentators on this bill from different parts of the world. In my August 3, 2022 MCLE lecture, I honed on the fact that the bill recognized this type of offense to happen only for heterosexual/straight/cis couples.

Dr. Atty. Noel G. Ramiscal August 3, 2022 MCLE Lecture Sample Picture with Lawyers Participants

The bill defined ghosting as “a form of emotional abuse and happens once a person is engaged in a dating relationship with the opposite sex which affects the mental state of the victim.” It also defined “dating relationship” as “refers to a situation wherein the parties live as husband and wife without the benefit of marriage or are romantically involved over time and on a continuing basis during the course of the relationship”.

In excluding LGBTQIA+ peoples and their relationship from the scope of his bill’s offense, Mr. Teves was probably thinking any of these assumptions:

1. LGBTQIA+ peoples’ romantic and emotional relationships are perfect, for they do not ghost one another;
2. LGBTQIA+ peoples’ romantic and emotional relationships are not existent, because these types of people are incapable of any deep, romantic, loving relationships;
3. LGBTQIA+ peoples’ romantic and emotional relationships should not be included because to do so would legitimize their immoral, and possibly illegal relationships.

All of these assumptions are repugnant to the humanity and reality of the existence of LGBTQIA+ peoples and their relationships. Actual scientific studies have proved that ghosting happens not merely to heterosexuals but to all people in the gender spectrum. If Mr. Teves broadened his legislative inquiry, his scientific research and investigation, and if he opened his eyes and his mind, he would realize that LGBTQIA+ peoples experience, feel, and are traumatized just the same as heterosexuals in dealing with ghosting and other emotional debris caused by separation and loss of their partners.  [From swiping to ghosting: Conceptualizing rejection in mobile dating, Chad Wiele & Jennifer Campbell, 2019; and I Guess I’ll Never Know… : Non-Initiators Account-Making After Being Ghosted, LeFevre, Rasner, Allen 2020, Journal of Loss and Trauma].

It is legally dubious and morally repugnant that Mr. Teves would only value heterosexual relationships to the extent of attempting to legislate protection only for heterosexual individuals ghosted by their partners, and not recognizing the same valid pain and trauma experienced by LGBTQIA+ peoples who have undergone similar occurrences in their lives. In effect, this is another way used by the heterosexual/cis legislators of delegitimizing, and totally denying the presence, status, plight, rights and interests of LGBTQIA+ peoples.  The Bill deserves its place in the annals of legislative trash and shame.

Philippine Lawbytes 220: Revisioning Bank Negligence and Liability for Phishing, Spamming, and KYC in Cryptocurrency Transactions (Copyright by Dr. Atty. Noel Guivani Ramiscal)

This is another blog article that should have been published in August 2022.

One thing that I look forward to is a thoughtful question or comment from a reader of my blogs asking my input on some tricky and complex area of cyberlaw. Weeks ago, I received a comment on one of my blog articles from a 4^th year law student from Ateneo Law School doing her thesis on bank liability for cybersecurity breaches and fraud arising from interbank transfers. As basis for her contacting me, she  specifically cited my blog article that can be accessed here:

Philippine Lawbytes 209: Why the “Nagoyo” BDO Hacking is a Data Privacy Breach and a Directed Attack Against the Insecure BDO Online System

She wrote further:

“In my thesis, I argue that banks should be held liable for unauthorized fund transfers resulting from both cybersecurity breaches and cyberfraud (including phishing) unless the bank is able to show that the customer was grossly negligent. In your blog post you shared the bitpinas article that Unionbank should not be blamed for the incident. I would like to ask for your thoughts on the opinion that Unionbank should also be blamed for being a channel for money muling or not having sufficient KYC verification methods. In addition to this, I would also like to ask about your thoughts on holding banks liable for phishing incidents except when the customer is grossly negligent. Currently the rule is that banks are not liable because the customer is said to be negligent in clicking the phishing link. However, phishing emails nowadays look more credible than they did in the past and can be hard to decipher”.

Her missive actually intrigued me. For the longest time, the legalized inequality between banks and their customers have been reflected in all the adhesion contracts, laws, rules and regulations, that favored banks over their customers. But there is no question that the Banco De Oro (BDO) liability in last year’s hacking had already been established due to its negligence of relevant security standards that made it possible for the criminals to hack their website and steal the personal information and money of its targeted customers. Proof of this is the relatively swift response of the bank to reimburse all of its customers who lost their deposits due to the hacking. 

ON BANK LIABILITY FOR PHISHING

It was also clear from the BDO hacking, there was no phishing involved. As established by the evidence brought forth by the victims who are astute bank customers, they did not click on any link on any fake message that would have led them to reveal any of their sensitive personal information and bank details. What is interesting in Ms. Casano’s thesis is that she apparently wants to reverse the burden of establishing non-negligence for phishing attacks on the banks, instead of the customers.

SPAMMING AS LEGAL IN THE PHILIPPINES AND WHY THIS BOLSTERS OR STRENGTHENS THE ACTIVITY OF PHISHING

The virulence of phishing had been noted most recently even by the Philippine senators and the NPC had tasked the mobile telcos to actually send warning text messages to their subscribers regarding the

If one were to make my case as an advocate for the bank customer, one would emphasize that phishing, which the National Privacy Commission (NPC) had observed that many Philippine netizens are vulnerable to, is one of the terrible consequences of spamming. But spamming was unfortunately decriminalized by the  Philippine Supreme Court in its en banc decision in February 11, 2014 regarding those consolidated cases against the 2012 Philippine Cybercrime Prevention Act (R.A. 10175) [See the consolidated cases of Biraogo v. NBI and PNP, G.R. No. 203299; ALAB NG MAMAMAHAYAG et al. v. Office of the President et al., G.R. No 203306; Adonis et al. v. Exec. Secretary et al., GR 203378; Disini et al v. DOJ Secretary et al., G.R. 203335; Senator Guingona III v. Executive Secretary et al, G.R. No. 203359; Bagong Alyansang Makabayan et al. v. Aquino III, GR 203407; Ateneo Human Rights Center v. Exec. Sec. et al, GR 203440; National. Union of Journalists, PPI, et al, v. Exec. Sec., GR NO. 203454; Castillo, Andres v. DOJ Sec. et al., GR No. 203454; Cruz et al, v. Aquino III, et al., GR 203469; Philippine Bar Association v. Pres. Aquino III, GR NO. 203501; Bayan Muna v. Exec. Sec., GR 203509; National Press Club v. Aquino III, GR 203515; and Philippine Internet Freedom Alliance v. Exec. Sec., et al, GR 203518].

The Supreme Court viewed spamming as a form of allowed commercial expression that the recipient can just ignore, and the messages can just be deleted.

Dr. Atty. Noel Guivani Ramiscal April 6, 2016 GlobeTelcom MCLE Lecture, telling Globe lawyers of the Supreme Court’s legalization of spamming and its ramifications

I have written, discussed and lectured extensively why and how the legalization of spamming in the Philippines is actually against the welfare of Philippine netizens. Please see my past blogs here:

https://noelthecyberlawyer.wordpress.com/2016/08/21/lawbytes-114-dr-ramiscals-cyberlaw-on-spamming-why-the-supreme-courts-legalization-of-spamming-should-be-overturned-and-what-the-npc-dcit-and-the-ntc-should-do-part-2-copyright/

And here:

https://noelthecyberlawyer.wordpress.com/2016/08/21/lawbytes-113-dr-ramiscals-cyberlaw-on-spamming-why-the-bangko-sentral-ng-pilipinas-and-telcos-are-violating-the-spamming-law-in-the-philippines-part-1-copyright-by-dr-atty-noel-g-ram/

I actually sought an Advisory Opinion from the National Privacy Commission (NPC) concerning this. My formal request for such an opinion can be read here:

Philippine Lawbytes 172: Dr. Atty. Noel Guivani Ramiscal’s Request for Advisory Opinion on the Legality of Spamming to the National Privacy Commission

Since the decisions of the Supreme Court form part of the law of the Philippines, it is no surprise that the NPC would not dare overturn the finding of the Supreme Court that spamming is legal, despite the fact that spamming is an illegal activity in many jurisdictions worldwide. Their response to my request can be accessed here:

Philippine Lawbytes 173: The National Privacy Commission’s Response to Dr. Atty. Noel Guivani Ramiscal’s Request for Advisory Opinion on Spamming’s Legality and Effects

Since phishing emails and text messages are sent via spamming, it could be argued that the Philippine bank customer has NO PROTECTION whatsoever at all from phishing, due to the legality of spamming in the Philippines. On the contrary, as I have pointed out in the past, phishers and spammers are even given a valid defense by the 2014 decision of the Supreme Court. They can always say in their defense that their activity has the legal approbation of the Supreme Court because they are engaged merely in protected commercial expression.

Viewing it this way, one can then shift the burden of proving the liability for the fraud perpetrated by phishers on bank customers, to the banks themselves. Presumably, because these banks are in the best position to ascertain attacks on their e-systems, and protect the data privacy and monetary accounts of their customers, the simple regular reminders on their bank customers against phishing are no longer sufficient. Despite the many bank emails or SMS sent to bank customers, these warning messages can be argued as NOT adequate to excuse the bank from liability against the cyberfraud perpetrated against their customers, if the banks do not upgrade their financial and security systems geared to addressing cyberattacks and cyberfraud incidents.  

There has to be a reassessment by the Bangko Sentral ng Pilipinas (BSP) of Circular 1019, series 2018 on Technology and Cyber-Risk Reporting and Notification Requirements, particularly on the technological systems and safeguards that banks need, and the obligation of these banks to update their systems and the knowledge of their personnel, in handling all potential and actual cybersecurity risks they face.

KYC STANDARDS FOR CRYPTOCURRENCIES: THE NEED TO ESTABLISH LEGAL STANDARDS OF LIABILITY FOR A.I. TOOLS AND BLOCKCHAIN

Another provocative matter brought out by the query of Ms. Casano is the underlying premise that UnionBank does not have a sufficient or effective Know Your Customer (KYC) procedures that can make it possible that some of those who use the cryptocurrency banking system of UnionBank in the BDO hack, were mere dummies or mules for the real perpetrators. This is a loaded assumption, and one that cannot be feasibly argued without any evidence at all.

This article of mine would steer clear of this. I just like to mention the fact that UnionBank apparently used the services of Informatica. In the world of Big Data Analytics, the use of A.I. tools in crunching numbers and finding those interesting connections and conceptions from data sets to data subjects is essential. So if one is going to look for weaknesses and flaws in the KYC procedures of any bank that deals with cryptocurrencies, one must delve and investigate the data analytical service providers of these banks, and the soundness of the A.I. tools and systems these providers use. Of importance too is the security features of the blockchain or distributed ledger technology used in the cryptocurrency transactions.

This brings me to another point. The whole Philippine legal system is not equipped at all to deal with damages or injuries caused by A.I. tools and machines, that may even be self-autonomous and self-correcting.

Assuming these service providers use these A.I. tools to screen the banks’ clients, and these self-autonomous and self-correcting tools made a mistake, causing hundreds of thousands of the banks’ cryptocurrency clients to suffer damage, who or what entity should be held responsible? Should these be the banks, or the service providers, or the creators of the A.I. tools and machines, or (some would even posit) the A.I. tools and machines themselves?

Unlike the European Union that has been actively engaged in the exploration, studies and legal strategies in dealing with damages caused by A.I. tools for many years, the Philippines’ Civil Code, and banking laws, and the regulatory issuances of the BSP provide no clear answer on the liability for the use of A.I. tools in cases of cyberfraud and damages. I am not aware of any Philippine study, government proposal or bill specifically addressing these matters.

One further point I would like to make in wrapping up this article is to stress that the Philippines has no current legal and regulatory framework to examine and assess the impact of alleged and actual fraudulent cryptocurrency transactions that have already been validated by the miners of the blockchains where these transactions were made, using the consensus mechanisms of the same blockchains.

I would refer everyone to read my two part analysis of the only bill in the Philippine legislature filed in the last 18^th Congress that pertain to the blockchain.  These can be accessed here:

Philippine Lawbytes 187: The Erroneous Appreciation of the Nature of the “Blockchain” and its Characteristics in the Blockchain Technology Development Act of the Philippines, Hb 7864, Oct 12, 2020 (Part 1), Copyright by Dr. Atty. Noel Guivani Ramiscal

And here:

Philippine Lawbytes 188: The Non-appreciation of the Real Threats to the “Blockchain” in the Blockchain Technology Development Act of the Philippines, HB 7864 Oct. 12, 2020 (Part 2), Copyright by Dr. Atty. Noel Guivani Ramiscal

As I have clarified and established in my blog articles, the generic bill does not provide any clear legal answer or direction to the technological and legal issues that have plagued some cryptocurrency blockchains that I have discussed. There certainly is no provision in the bill that remotely even delved on these fraudulent but validated blockchain transactions that can be possible if the A.I. tools used in KYC procedures, are defective.

Finally, in the Industrial Revolution (I.R.) 4.0, I would like to say that some of the relevant BSP regulations, particularly CIRCULAR LETTER NO. CL-2021-013 (Anti-Money Laundering Council (AMLC) Regulatory Issuances on the Amendments to Certain Provisions of the 2018 Implementing Rules and Regulations (IRR) of the AMLA, as amended, Targeted Financial Sanctions (Related to Proliferation of Weapons of Mass Destructions and Proliferation Financing), and Amendments to Certain Provisions of ARI No. 4, Series of 2020) and Circular 1019, series 2018 on Technology and Cyber-Risk Reporting and Notification Requirements, should be amended to reflect the technological requirements and legal risks that Philippine investors, depositors, and clients in blockchains and other forms of distributed ledger technologies that are devoted to cryptocurrencies and financial transactions, face in this era.

Philippine Lawbytes 218: Metaverse, HELDAs, and NFTs from Tweets to Vaginas of Cara Delevingne and Madonna, Copyright by Dr. Atty. Noel Guivani Ramiscal

As a legal futurologist and cyberlaw ethicist, I am always looking for opportunities to share my advocacy on new technologies that can impact the future and practice of law with lawyers and other stakeholders. The current and outdated ethical rules and Code of Professional Responsibility for Philippine lawyers do not include any legal and ethical guidelines for lawyers who are engaged in virtual legal practice and use technologies that the Supreme Court and the IBP might not be cognizant of. This is the reason why I have taken it as part of my core mission to dissect and discuss with anyone in, and outside of the legal profession, who are interested in the ramifications of these technologies to be aware and be better prepared for new challenges ahead.    

Last June 15, 2022 was no different.  I had the privilege of introducing my brothers and sisters in the Law at the Philippine Ports Authority, via Zoom, to one of the most exciting developments that have sprung in very recent times, which will also shape the Metaverse, the non-fungible tokens or NFTs.

Powerpoint Title Slide of Dr. Atty. Ramiscal’s MCLE PPA lecture June 15, 2022

An NFT pertains to anything that is turned into a digital asset. The asset could be a verse, a video, a piece of music, an image, a 3D model, or any type of creative work that can be digitized. In genomics, DNA sequences, had also been turned into digital assets. This digital asset is represented by the NFT, a digital token, which is actually a digital address to a specific digital object. It can be thought of as a key that allows access to that digital object. The token is “non-fungible” because the asset it represents is unique, and being digital, it would not be prone to any wear and tear, unlike generic objects, for example, a Php 1,000 bill that can be traded for any purpose, shredded, eaten by rodents, or even used to start or stoke a fire.

The digital asset represented by the NFT is traded into the blockchain, which is a form of distributed ledger technology that is accessible to anyone who has internet connection and knows the URL where the blockchain can be found. As of now, one of the most popular blockchains for trading NFTs is Etherium. Etherium records the information about NFTs in its distributed database. The NFT information comprises the transaction data, the owner/creator of the NFT, the buyer, a time stamp and is organized in linked “blocks” as the transaction is verified and recorded. Essentially, the NFT operates as a certification or authentication mechanism. One transaction is recorded in a block, and the subsequent related transaction is recorded in another block that is ultimately linked to the first one. All of these are connected, secured, protected and verified by cryptography. Theoretically, no one can alter any information on any block without altering all the blocks.

RANDOM PICTURE OF PPA LAWYERS WHO ATTENDED DR. RAMISCAL’S JUNE 15, 2022 LECTURE

The possibilities of marrying creative works, with digital tokens embedded in the blockchain have fueled the imagination of many artists, entrepreneurs and businesses to bring digital versions of their works into NFT platforms that are actually impacting the development of the Metaverse that is to fully come, some say, by ten years from now.  

For tech historians, geeks and sentimentalists, the first Tweet issued on the Tweeter platform was made by the former CEO of Tweeter, Jack Dorsey. Dorsey decided to sell it $2.9 million in 2021 to crypto entrepreneur Sina Estavi on the NFT platform “Valuables” run by Cent, a blockchain-powered social media network. Estavi attempted to sell the tweet for $48 million last April 6, 2022 on the NFT platform “OpenSea”. But when the deadline of April 13, 2022 arrived, the best offer was less than $10,000. Estavi said he may never sell it, unless he got a very high unspecified bid. It is, he said “the Monalisa of the digital world”.

Dr. Atty. Ramiscal’s Screenshot of Jack Dorsey’s Tweet, the First Ever Tweet on Tweeter

The rise of high end luxury digital assets (HELDAs) in NFT platforms has already began. The first digital watch NFT was created by Jacob & Co. and auctioned at ArtGrails. It was inspired by the real Epic SF24 Tourbillon watch made by Jacob & Co. that featured names of cities. In the virtual watch, the cities were replaced by the names of cryptocurrencies. It has no physical counterpart.

A 3D digital house, imagined and created by Krista Kim, said it “represents the next generation of NFTs…a sign of things to come, as we enter an [augmented reality] interfaced future, …Art, NFTs, cryptocurrencies. . .these sweeping changes and ideas of how we will live with digital assets is becoming a reality and will create a global paradigm shift.” It was listed for sale on SuperRare  and sold to the Art on the Internet foundation for 288 Ethereum (ETH) coins, which were worth $514,557.79 at the time of the sale which was March 2021.

Dr. Atty. Ramiscal’s Screenshot of Cara Delevingne’s Vagina Video Clip NFT

NFTs had also become a means and a space for women and LGBTQIA+ empowerment. Cara Delevingne, one of the world’s famous supermodels who had announced that she is pansexual, came out with an NFT video clip posted on the NFT platform “This is Number One” last year, about her vagina, and how she owns it. The auction for the clip was by invitation only and the proceeds went to her foundation which support women’s rights, the LGBTQ community, mental health and environmental causes. In celebrating the NFT, she said “I want this to remind people of how incredibly powerful they are, what a beautiful thing their bodies are and to take pride in that”.

Dr. Atty. Ramiscal’s Screenshot of One of Madonna’s Vaginal NFT 2022 Triptych Mother of Nature

And everybody else’s Material Girl, Madonna, teamed up with the current highest selling NFT digital artist Beeple, to create three NFT images centered on her accurately 3D scanned vagina. Released in May 2022, entitled “Mother of Nature”, “Mother of Evolution”, and “Mother of Technology”, the images show her giving birth to trees, butterflies and mechanical insects. In addressing the concept for the vagina triptych, she said “I wanted to investigate the concept of creation, not only the way a child enters the world through a woman’s vagina but also the way an artist gives birth to creativity”. The proceeds of the images that were auctioned in the NFT platform “Superrare” would go to three organizations that are concentrated on helping women and children in need around the world, which are The City of Joy, The Voices of Children Foundation, and Black Mama’s Bail Out.

Are NFTs known in the Philippines? Of course, they are. In fact, there was a 2021 survey from Finder.com of 20 countries (including the UK, USA, UAE, Japan, Australia) which found that Philippine citizens own the most NFTs. Philippine entities and creators have taken advantage of the NFT craze to sell their own digital assets.  For fans of the Idol Philippines, several limited digital merchandise, including animated cards relative to the contestants. In 2021 Ms. Universe Philippines, sold over 9,000 NFT units of digital cards made of head and body shots of the top 30 contestants. For followers of Philippine horror genre author Yvette Tan, she dropped her NFT book “The Last Moon” at the opensea NFT marketplace (https://opensea.io/collection/thelastmoon). Some entities and collectives have used their art works to further environmental awareness and causes. An example of this is the Masungi Georeserve located in Rizal, which partnered with Artificial Intelligence Inc. In 2021, they launched “five one-of-one NFTs of endemic species found inside the georeserve to support rangers and wildlife research” with the important note that “(f)or these NFTs, the energy requirements shall be offset by direct reforestation efforts on the ground”. The reserve entity further stated that “(i)n future projects, we look forward to the upgrade and emergence of carbon-negative NFT platforms and technologies” (https://www.facebook.com/masungigeoreserve/posts/3181254478827428).

As interesting and arresting as some of these NFTs are, I told the PPA lawyers that NFTs are still within the long arms of the law, as far as they affect real time interests and rights of people and various entities, which have been so ingrained in all the legal and metaphysical systems over the world, that even cyberspace or metaverse cannot eschew or escape them. 

NFTs only give the illusion of ownership, and bragging rights to having access to the original copy of the digital asset, which amounts to nothing really, because a digital asset can be digitally copied with 100% precision, that it’s practically impossible to tell which was the first or original copy.

NFTs, partaking of cryptographic protection, cannot escape the possible future cryptanalytical attacks enabled by quantum computers that can render the strongest encryption tools protecting blockchains, based on classical mathematics, useless.

Depending on how they are characterized and transacted, NFTs can also be subject to taxation and securities regulation. The Philippine BIR is now cracking on online businesses and YouTubers, and the SEC is quite hot on regulating purveyors of cryptocurrencies, as evidenced by its many SEC Advisory opinions, although it has yet to release its final Rules on Initial Coin Offerings. Under the Bangko Sentral ng Pilipinas 2021 Memorandum Circular 1108, NFTs can be considered as “Virtual Assets” which was stated as “any type of digital- unit that can be digitally traded, or transferred, and can be used for payment or investment purposes. It can be defined as a “property”, “proceeds”, “funds”, “funds or other assets”, and other “corresponding value”. It is used as a medium of exchange or a form of digitally stored value created by agreement within the community of VA users”. The thrust of the circular is the multifarious licensing and legal obligations imposed on “Virtual Assets Service Providers” (VASPs) which can pertain to NFT platforms. It’s policy statement declared that VASPs should not be misused for money laundering, terrorist financing and proliferation financing activities. Owners of VAs are warned about “the attendant risks in VAs considering the higher degree of anonymity involved, the velocity of transactions, volatility of prices, and global accessibility”.

Data privacy issues abound particularly when the digital asset represented by the NFT is extremely personal and specific to an individual, like the person’s DNA sequence. Obviously, the commercial exchange of this type of asset must take into account the data privacy safeguards that must be reflected in the coding of smart contracts that would govern the NFTs.

Furthermore, probably the most visceral real time impact of NFTs is their environmental and health effects. Due to the fact that they are minted on blockchains by pools of miners that verify the transactions by proof of work thru massive computational processes, these use up a lot of electrical energy that produce gargantuan carbon emissions. In a study of the Bitcoin blockchain’s annual emission for the year 2021 alone, for example, it was found out that the proof of work emissions produced by the miners would be responsible for around 19,000 future deaths. These are some of the known and not so known legal and life altering effects of the NFT and the blockchain technologies that I think everyone should know about, so they can make responsible choices for their future.

As always, thank you to the UPIAJ and all the PPA people who listened to me and appreciated what I had to say. The future is here and now, and it is up to all of us, to educate ourselves, so we can knowingly and responsibly participate in its formation.

Philippine Lawbytes 216: The Terrains of Sexual and Gender Based Violence Against Women and LGBTQIA+ (or the Vast Unacknowledged Sexual and Gender Variants), © by Dr. Atty. Noel G. Ramiscal

A brief Backgrounder:

The University of the Philippines Cebu System instituted, via its Office of Anti-Sexual Harassment and its Gender and Development Office, the first responders’ Drill training on Anti-Sexual Harassment. The training is quite novel and radical because the perspective is that anyone can be a first responder to any victim of sexual harassment, not just persons of authority. I was fortunate to have been hired by them to conduct two training sessions. I wrote about the first session in “Philippine Lawbytes 213: The First Responders’ and Survivor’s Training in Electronic Evidence on Online Sexual Harassment and Violence in the UP Cebu System“, which you can read in the April 2022 content of this blogsite.

Title Slide Powerpoint of Dr. Atty. Noel G. Ramiscal June 6 2022 Training Course UPCEBU Anti-Sexual Harassment Drill for First Responders

In my second training session, I chose to apprise the participants of several different things which I noticed have not been done, or not sufficiently done by Philippine training providers on this same subject, so as to give them a broader view of why violence against women and LGBTQIA+ people are rampant, particularly in South and Southeast Asia. Situationally, China and India are the biggest skewers of sex preference for males. In a 2021 world population count according to biological sex, the ratio of males to females would be 1 to 1 if these two countries would be excluded. Their inclusion upped the ratio to 1.07 to 1 in favor of males. Culturally, these two countries are among several states where female infanticide is practiced, and the discrimination, violence and even killings of women are deeply rooted in their beliefs and institutions. Infant brides are a reality in China and dowry killings are still practiced in India.

UPCEBU Poster June 6 2022 Training lecture Dr.Atty.Noel G. Ramiscal for First Responders on Anti-Sexual Harassment

Apart from the statistics of violence, I showed the first responders examples of philosophies, religious beliefs, rituals, and historical evidence where the supposed inferiority of women and those of alternative sexual and gender ideations (LGBTQIA+) are inculcated, rationalized and used to subjugate, abuse and kill them, or equally worse, make them invisible in society. The extrajudicial killings of gay men, the “curative” raping of lesbians, the institutional treatment of transwomen as prostitutes, the real and online hate crimes perpetrated against those who cross some imaginary gender line, are an actual day to day reality, and yet too few statistics, and studies have been made on these. In fact, most statistics on sexual violence and abuse all over the world, and not surprisingly in the Philippines, do not factor sexual orientation and gender identity of the victim. This is a subtle way of not recognizing the existence, and therefore the human rights and interests of people who profess and practice their sexual and gender variance, from the dominant cisgender society.

UP CEBU ZoomYouTube Photoop June 6 2022 First Responders’ Training on Anti-Sexual Harassment

One of the most effective ways of keeping the status quo is making people ignorant of the vast and rich sexual and gender variance of people across countries, cultures and humanistories. Most Philippine people would probably know of only five genders: girl, boy, bakla/bading, tomboy/tibo, and trans. In my personal and professional journey, I have uncovered over (ninety) 90 sexual and gender variants, and I think there is more. Philippine training providers do not delve so much on these variances for reasons I cannot fathom. So, to differentiate and make my training session useful, I discussed about (sixteen) 16 sexual and gender variances, to help pave the way for understanding and normalizing the truth about these variances, which is: they are an essential part of a human’s being, character, growth, expression, and Life. To deny these variances would be to deny the Humanity and Life of the person.

In keeping with the recognition of sexual and gender variances, I made special mention of the use of the correct pronouns in addressing people. I lauded the fact that the person who introduced me in the first training session for UP Cebu, specifically asked for my pronouns. To most Philippine people there are only two sets of personal pronouns that they know and recognize: he/him/his and she/her/hers. They would probably more than raise their eyebrows if a person would come to them and say “I am they/them/theirs” which would be what pansexuals would use to refer to themselves. Moreover, as the world and language evolve in understanding sexual and gender variance, neopronouns have sprung-up to articulate this reality. Thus, I introduced the first responders to the neopronouns that include “xe/xem/xyrs” and “ne/nem/nirs”. Using the correct pronouns is a sign of respect for the sexual/gender variant person. Ignoring this had ended relationships in different parts of the world.

Comment on Dr. Atty. Noel G. Ramiscal’s June 6 2022 UPCEBU LGBTQIA+ Training Session

I spent some time discussing the plight of intersex people, because again, this is another matter that Philippine training providers do not generally discuss. Intersex people are those who are born with genitalia that are quite ambiguous, or do not conform to the usual appearance or “standard” of what a penis or vagina should look like or be, or in rare cases, have both genitalia. I cannot find any Philippine study or survey regarding the existence and treatment of people with this condition. We have one Supreme Court case, Republic v. Cagandahan, where the court recognized the right of an intersex person to change their name and “sex” on public records to conform to the later development of their genitalia, their chosen sexual orientation, and their gender identity. That is well and good, but that is just one case. Horrible cases with tragic consequences have been documented around the world, of genital mutilation performed by doctors on intersex infants who thought they can train these babies to act, mature and live the way they should with the genitalia these brazen doctors assigned and carved out/from the skin and tissues of these children. The Philippine medical, healthcare, legal and social welfare professions and industries should address the current gaps in understanding the situation and hazards faced by Philippine intersex people.

UP CEBU JUNE 6 2022 Certificate of Appreciation to Dr. Atty. Noel G. Ramiscal

Furthermore, I discussed the travails of some of the most vulnerable LGBTQIA+ people which include transpersons, neurodivergent and differently abled people, indigenous peoples, and the elderly who have suffered much abuse of all types, as documented by several UN and other international organizations involved with the protection of human rights. Of most pressing concern are the LGBTQIA+ who are elderly with debilitating diseases that result in loss of memory, and those who belong to the autistic spectrum disorder class who are non-verbal. Both groups are in danger of suffering the most virulent types of sexual abuse and violence by opportunistic predators like their caregivers. So I gave the first responders some of the signs and telltale warnings of sexual abuse of these people. Again, these matters are not tackled by training providers in the Philippines, for reasons that I have yet to understand.

I would like to thank the UP Cebu OASH, GAD Office and the insightful inimitable Atty. Archill Capistrano who has valiantly led this progressive program for the UP Cebu System, for allowing me full autonomy to create my training course and the space to share my knowledge and advocacy for LGBTQIA+ rights borne from over three decades of searching for the answers to my own questions and those of my clients. And a big shout out to all the first responders who completed my training sessions and were able, I trust, to connect the issues, philosophies, facts, evidence and beliefs I brought to their attention, and come up with a deeper understanding of the bravery and authenticity of existence that women and LGBTQIA+ survivors of sexual violence bear.

As we celebrate the Pride Month of 2022, and in the future, here is to a kinder and less judgmental world!

Philippine Lawbytes 217: Ada Lovelace and Alan Turing: Two Figures that Stand Starkly Against the Toxic Masculinity in the STEM Industries, © Dr. Atty. Noel Guivani Ramiscal

It is a reality that women and LGBTQIA+ people in the science, technology, engineering and mathematics (STEM) fields are actually vastly underrepresented, and in some cases, bear the brunt of sexual and other forms of abuses.

One very recent example was the 2021 suit brought against Activision Blizzard, the very popular developer of online games like World of Warcraft, Call of Duty, and Guitar Hero, by the California’s Department of Fair Employment and Housing. The state suit alleged among many others, the company is a “breeding ground for sexual harassment, with male workers fostering a “frat bro” culture full of rape jokes, crude comments and groping, that even drove one female employee to suicide… due to a sexual relationship that she had been having with her male superior.” At a holiday party before her death, the woman’s male co-workers allegedly passed around a photo of her vagina, and after her death, police reportedly found that her unnamed male supervisor had “brought a butt plug and lubricant on this business trip.”

In March 29, 2022, Judge Dale Fischer of the U.S. District Court for California’s Central District, approved of a US$18,000,000 settlement by Activision Blizzard with the U.S. Equal Employment Opportunity Commission after the government agency found evidence of sexual harassment, pregnancy discrimination and related retaliation at the company. The settlement comes in the wake of Microsoft’s pending acquisition of Activision Blizzard for $68.7 billion, as part of its bid for becoming a major player in the creation of the Metaverse.

UPCEBU Poster June 6 2022 Training lecture Dr.Atty.Noel G. Ramiscal for First Responders on Anti-Sexual Harassment

In my second training session for the University of the Philippines Cebu system for their first responders in Anti-Sexual Harassment drill, an undercurrent theme is “Girls in ICT”. I provided examples of two real historical persons that can serve as inspirational figures to women and LGBTQIA+ people who are wondering if they are enough, or questioning their abilities and their beings, after suffering bullying and other forms of abuses in the STEM fields.

ADA LOVELACE (1815-1852): THE FIRST COMPUTER PROGRAMMER

Lady Ada King, later Countess of Lovelace, was born to royalty and her mother, Anna Isabella Milbanke, encouraged her to study and pursue mathematics and science so she would not suffer the “lunacy” of her father, the Romantic poet Lord George Byron who had affairs with both men and women, and who was abusive to her mother, which caused their early separation.  

Ada was an English mathematician and writer, and known arguably as the first computer programmer. She befriended Charles Babbage, the renowned mathematician, who worked on a machine called the Analytical Engine, which he never completed. Mathematician Luigi Menabrea wrote a short article on this machine for a Swiss academic journal. Ada translated it from French to English and expanded the article with her own notes, turning an 8,000-word essay into a 20,000-word paper in 1843 (Who is Ada Lovelace and why are we celebrating her?, Medium, 2021).

Ada Lovelace daguerreotype by Antoine Claudet circa 1843-1850

Ada described with great clarity and completeness how the machine would work and its potential uses, including calculating a long sequence of Bernoulli numbers and creating language and music. Her elaborate descriptions transformed the machine into a computer program. Her notes were lost then recovered and published in 1953. A hundred years after the fact, and long before any computer was invented, her notes contained the basis for a computer language (see Elizabeth Hilfrank, Ada Lovelace, Kids National Geographic, 2021). It was due to these that scientists and historians generally consider her as the first computer programmer or the inventor of scientific computing.

The Babbage historian Bruce Collier however had argued that her contribution had been greatly overstated, saying “it is no exaggeration to say that she was a manic depressive with the most amazing delusions about her own talents and a rather shallow understanding of Charles Babbage and the Analytical Engine.” (Medium article). The criticisms were all directed at her “emotional” state as a woman, and not as an intellectual and mathematical equal of Babbage.

Her work with Babbage had inspired mathematics greats like Alan Turing who was instrumental in furthering computer science. In 1979, the U.S. Department of Defense named a new computer language “Ada” in her honor. The blockchain Cardano, named its cryptocurrency “Ada” in recognition of her achievements. Every October 12 is celebrated as Ada Lovelace Day, since 2009, by women in STEM the world over.

ALAN TURING (1912-1954): THE GAY FATHER OF COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE

Some of you may know of Alan Turing because of his portrayal by Benedict Cumberbatch in the movie “Imitation Game”. A brilliant mathematician, Turing had so many groundbreaking achievements that this very short article cannot cover. One of them is the Turing Machine based on algorithms, with an infinite memory capable of processing any set of instructions, through a mechanical process, which is basically a forerunner of the modern computer. Another is the COLOSSUS, a vacuum based electronic computer, which was considered by many as the world’s earliest working programmable electronic digital computer.

His paper “Computer Machinery and Intelligence,” published in 1950, in response partly to Ada Lovelace’s theory that you can only tell the computer what to do, dealt with the concept of artificial intelligence and what is now known as the Turing Test. This test stipulates that for a computer to be intelligent, it must deceive a human observer into believing it is human.

Alan Turing’s picture at sitn.hms.harvard.edu

As cryptanalyst for the British government during WWII, he improved on the Rejewski bombe, an electromechanical machine that enabled him and his team to decrypt German encrypted messages re: the war, and German U-boat raids. His efforts and those of his team reduced WWII by 2 to 4 years, and helped win the war against Hitler. According to Prof. Jack Copeland, Turing’s efforts in cracking the German codes, saved 14 to 21 million lives. After WWII, his work with the UK Government was sealed and classified but he continued to work as mathematician for this government.

He was a homosexual who did not hide his sexual orientation, as a sign of his personal authenticity and courage. In 1952, his home was the subject of a robbery. He told the police about the identity of the felon, and when he was asked how he came to know this, he unhesitatingly replied that his male lover knew the criminal. The police arrested him for his same sex relationship, and he was eventually convicted for “gross indecency”. This resulted in the revocation of his state clearance, which meant he was officially restricted from working with the UK government, dealing with state secrets, and doing his mathematical and scientific projects and experiments.

Alan Turing “Victim of Prejudice”, headstone on his statue located at Turing Memorial Sackville Gardens, Manchester, U.K.

Instead of prison, he chose state therapy of injections of oestrogen which allegedly was intended to neutralize his libido, but instead made him numb and depressed.

He was found by his cleaner on June 8, 1954, dead from cyanide poisoning, from a half-eaten apple beside his bed. The official coroner’s pronouncement was suicide, but there are those who to this day, attribute his death to some sort of conspiracy. Anyway one looked at his case, it was definitely the UK government’s deep seated prejudice and discrimination against gays that caused his death. Never mind his invaluable and utter priceless service for the Crown and for the World.

On December 24, 2013, he was granted pardon under the Royal Prerogative of Mercy by Queen Elizabeth II. It was a pardon fifty nine years too late, and totally unnecessary because he committed no crime in loving a man.

(Note: Much of the information in this short article on Alan Turing came from the majestic and unforgettable biography of his life, Alan Turing: The Enigma, written by a fellow brilliant gay mathematician, Andrew Hodges).

I trust that by writing these short articles on quite obscure, but legendary giants in the STEM fields, women, and LGBTQIA+ peoples who read them can hold their heads high, and know they absolutely have the right to be here, and they did not make any mistakes in treading the paths walked by these worthy exemplars of achievements and humanity.

Lawbytes 215: The Future of Philippine Lawyers and the DEPED’s Digital Literacy Alternative Learning Strand in the Age of A.I. and Industrial Revolution 4.0, Copyright by Dr. Atty. Noel G. Ramiscal

In last year’s Philippine Bar examinations, 11,402 law graduates undertook the bar, and about 8,241 or 72% of them passed. The Philippines has a population of 112,353,189 based on projections of the latest United Nations data. The UN estimates the July 1, 2022 Philippine population at 112,508,994 (https://worldpopulationreview.com/countries/philippines-population, accessed May 28, 2022). While the high percentage of the bar passing rate is a cause of celebration because there is a need for lawyers, particularly in the underserved provinces of the country, there is also the current reality of technological innovations that have increasingly encroached on, and are threatening to overtake, what were once the exclusive domains of lawyers like legal document drafting, contract reviews, evidence discovery and legal research.

2007 was the first year I participated in the Philippine Mandatory Continuing Legal Education (MCLE) seminars as a lecturer. My first lecture was entitled “Information Technology Law Updates” for the University of the Philippines Institute of Judicial Administration (UPIJA). From that time forward, I have always tackled legal and ethical issues connected with technological innovations. Then UPIJA Director, Atty. Rowie Daroy Morales gave me permission to lecture on the topic I termed as “Cyberlaw Ethics” in their MCLE seminars. It turned out to be UPIJA’s first MCLE offering on Cyberlaw Ethics. Since then, I have been fortunate enough to be trusted by what is now the University of the Philippines Institute of Administration of Justice (UPIAJ), and its current Director, Atty. Emerson Bañez, and other MCLE providers for lecturing on this matter for 15 years running. One practice I have always followed is to revise all of my Cyberlaw Ethics lectures by including new matters, because technology always outpaces the law, and tweak them to fit the needs of the audience, particularly if they come from any specific government agency or private entity.

When I was given the privilege of lecturing for the Department of Education (DEPED) lawyers last May 24, 2022, I took it as a rare honor to truly engage their attention by focusing on the legal and ethical impact of massive technological advancements over the past decade on the future of lawyering, and also on the DEPED’s Alternative Learning Strategy strands that involves the “Digital Literacy” program for K to 12 students, who may at some time be interested in becoming lawyers.

Dr. Atty. Noel Guivani Ramiscal’s DEPED MCLE lecture Powerpoint Title Slide

My lecture titled “Cyber Law Ethics and the Future of Lawyering in I.R. 4.0” was from the perspective of a legal futurist, trying to find some purpose or relevance for those who may want to join the legal profession at a time when A.I. tools and alternative legal service providers can actually do what many junior lawyers, paralegals, legal secretaries and stenographers can do, only better, and at a fraction of the cost.

I told the DEPED lawyers that we are now in the age of the fourth iteration of the Industrial Revolution (I.R.), only this time, more powerful computers, and complex technologies that are self-aware and self-correcting, are the drivers of this revolution. In fact, A.G.I. or Artificial General Intelligence is actually being developed to the extent that it can one day exceed human intelligence. While others posit a longer period, Ray Kurzweil, the famous transhumanist advocate and computer scientist believed that A.G.I. could happen sometime in 2029. One could point to the huge advancements and services made by IBM’s Watson, and the grant of state citizenship to the robot Sophia, to bolster this belief.

Dr. Atty. Ramiscal’s May 24, 2022 DEPED lecture opening

I apprised the DEPED lawyers of other technological indicators of this revolution.

There is the Internet of Things (IoT), the vast universe of objects embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet, or over any network, which some believe is the building foundation for I.R. 4.0. Cloud computing, which essentially allows one to ‘plug into’ and use computing resources from infrastructure via the internet, without installing and maintaining these onsite, has made possible the storage and analysis of Big Data, from many sources including social media platforms. This in turn has opened so many entrepreneurial models of harnessing the power of information, with certainly the concomitant data security and privacy concerns present. Cybersecurity measures thus weigh in heavily in I.R. 4.0. with advances in cryptography securing fintech, cryptocurrencies, blockchains and distributed ledger technologies.

The third iteration of the Internet, which some companies are pushing for realization as the Metaverse, would consist of the blurring of the physical and real, with the virtual and simulated worlds, with the use of augmented reality technologies. On the manufacturing side, the development of 3D and 4D printing technologies have made headlines with their possibilities of ending scarcity of vital resources, but with attendant intellectual property rights, environment and health issues.

Finally, nanotechnology which is concerned with the science of harnessing very, very, very, very, very small things for curing diseases, for cybersecurity, and even for the cyborgization of human beings, can actually change the way we will live, experience and remember the world around us.

K to 12 Digital Literacy Learning Strand 2017 DEPED Alternative Learning Strategy

With many of these technologies coming in waves within the first decade of the 21^st century, the DEPED’s 2017 “Digital Literacy” K to 12 Basic Education Curriculum for the Alternative Learning System, with its emphasis on basic “Digital Concepts”, “Digital Applications” mainly of Office Applications, “Digital Devices” pertaining mostly to mobile devices and “Digital System Network” that did not mention the deep and dark webs and the IoT, is certainly obsolete and cannot serve the needs of our brilliant elementary to Senior High School students who are digital natives. I gave several recommendations as to how the DEPED should revise this program, and other matters that must be done to make it relevant and conducive for our students to take the technological path in their vocation.

As for lawyers, there is actually no point in competing with A.I. tools, like in e-discovery of evidence. These tools are infinitesimally better than humans in processing millions and trillions of all types of data, be they numbers, information or images, and can analyze them in a very short time, to look for patterns, correlations and possible solutions that may prove elusive to humans. But what humans can excel at is asking the right questions to these A.I. tools, to lead to the best possible solutions. For now, humans are arguably more creative than A.I., so human lawyers can excel at thinking on their feet, particularly in negotiations and trials/hearings, to find the best resolution for their clients’ causes. So, it is in the best interest of human lawyers to familiarize themselves with the use of A.I. technologies which they can use merely as tools, that’s right, as tools, for their practice.

There is also the possibility of human lawyers being actually implanted with neural wires in their brains that are connected to the vast network that make up the known and unknown parts of the internet, or knowledge stored in computing clouds. Their implants can give them the speed like qualities of A.I. to scan and analyze extensive knowledge files that can assist them in serving their clients. There are now several companies and entities like DARPA and Elon Musk’s Neuralink, that are engaging in this type of research and endeavors to address, primarily, health issues concerning the human brain and tissues.

Dr. Atty. Ramiscal answering a question from Atty. Busain during his DEPED May 24 2022 MCLE lecture

Finally, I stated that the current pedagogical methods of teaching law, and the usual educational foundations for lawyers have to be revised. Human lawyers to stay relevant in the incoming years, have to be very open and must possess interdisciplinary skills and abilities. There should be the opening of new possibilities of linking law with neurobiology, computer engineering, nanoscience and complex mathematics. Lawyers can be managers of A.I. technologies. They can also be the developers of A.I. tools for the law profession.

I closed with the recommendations where DEPED, CHED, the LEB and PRC can address the needs and requirements of students who are going to pursue the path and profession of lawyering in the I.R. 4.0. Deepest gratitude for the DEPED and UPIAJ for making this opportunity for engagement possible, and to all the DEPED lawyers, 171 of them, many of which gave very positive and encouraging comments, and some very interesting questions and insights in the Zoom chat which I addressed at the Q & A portion. It was indeed, an exceptional sharing, and one which I truly desire to continue with those at the helm of the digital and legal education in the Philippines.

Lawbytes 213: The First Responders’ and Survivor’s Training in Electronic Evidence on Online Sexual Harassment and Violence in the UP Cebu System, Copyright by Dr. Atty. Noel G. Ramiscal

The University of the Philippines Cebu System (UPCS) reached out to me, through its Office of Anti-Sexual Harassment (OASH) Coordinator, the very dedicated and brilliant Atty. Archill Nina F. Capistrano, to deliver two training seminars for the First Responders to victims of sexual harassment and offenses under the Safe Spaces Act. This undertaking I learned, had been planned since last year by the OASH, the Gender and Development Office, and the Office of Student Affairs. The premise of their program is to capacitate anyone, be it a student, faculty, administrative employee or official of the UPCS, to adequately respond to the needs of any UPCS constituent who had been victimized by sexual harassment, in real or virtual time, who comes out to them, for help and assistance, or simply for comfort and understanding.

UP Cebu First Responders’ & Survivors’ ASH Training Poster April 22 2022

In the past seminars I have conducted for different government agencies, private corporations, as well as higher education institutions, the training was always geared for lawyers, HR practitioners and other professionals who might actually be dealing with issues related to sexual harassment in the workplace. The genius stroke in the UPCS program is its inclusivity, which is something that should be mandated across all workplaces and educational institutions all over the Philippines.

One of the training seminars I conducted for the UPCS was last April 22, 2022. In order to contribute something of true value to the UPCS program, I decided to, first, concentrate on electronic evidence collection, which is something that I know Gender and Development (GAD) or Anti-Sexual Harassment (ASH) seminars given by various training providers in the Philippines do NOT provide.

Second, I decided to include in my training seminar, the very essential aspect of addressing the electronic evidentiary interests and needs of the survivors. I have successfully won all the anti-sexual harassment cases I have filed for my clients who are the survivors, and I can honestly say that no training of this nature is given to survivors that I am aware of.

UP Cebu First Responders’ Anti-Sexual Harassment Training Slide

One of the very crucial things that should happen in order to have a successful survivor-first responder (FR) relationship is the building of trust. Survivors would only volunteer information to the FR, if they feel they can trust the FR, with their reputation and their lives. This can only happen if the FR is non-judgmental and can absolutely keep the sacrosanct duty of safeguarding the confidentiality of the information given to them by the survivor.

I emphasized at this point that, as I have found in my own experiences with my clients, the process of collecting, gathering and piecing the electronic evidence can be therapeutic and empowering for the survivors. It provides them with a way of taking control of the situation, taking back their self-respect in realizing that they were not responsible for the abuse they suffered, and directing the narrative against the offender.

Dr. Atty. Noel G. Ramiscal Title Slide Powerpoint UPCebu presentation

One important form that I have actually used in documenting online abuses is the Technology Log-in Abuse Form (TLAF), which can take the form of an Excel spreadsheet, or even a diary of the survivor. What is important is that no matter what form it takes, the documentation would include all the relevant details of the abuse/harassment/violence committed by the offender, like the technology used, the context and the content of the offending act, the date and time stamps, and other relevant metadata.

The amount of documentation would obviously depend on the type of the electronic evidence and the relevance of such evidence. I showed the participants different types of electronic evidence and some of the protocols of introducing and presenting these pieces of evidence in administrative disciplinary tribunals like the Committee on Decorum and Investigation (CODI), which must rule on these cases using the “substantial evidence” standard.

Dr. Atty. Noel G. Ramiscal UP Cebu FR Survivor Training ASH1st2022 Random Group Photo

I stressed several times that the survivor’s right to data privacy must be respected relative to the electronic data that are present in the electronic devices that may be subjected to examination by the CODI. The FR can help the survivor determine in the first instance, what maybe the types of electronic evidence that are possible for presentation, and the CODI members can inform the survivor, during the hearing that s/he must only present electronic data that are vital in helping the CODI decide the validity of his/her case. For instance, if the electronic evidence consisted mostly of text messages, the survivor must present not merely the content and screenshots of the most offending text message/s sent by the offender. The survivor must present the entire conversation between the offender and her/him, which might consist of several/many text messages. It is also important for the survivor to present the screenshots of these text messages with the date and time stamps. The number of the mobile device from where the messages originated, which can be attributed to the offender, can also be presented via a screenshot of the directory from the survivor’s mobile phone.

The CODI has no lawful right to demand from the survivor the examination of the entire electronic data in the survivor’s mobile phone. This would exceed the relevancy requirement, and it could also allow the offender access or knowledge to information that s/he might use later on to further harass or wreak damage to the survivor.

One of my recommendations is that aside from a lawyer, an I.T. person should be part of the CODI when electronic evidence is material to the investigation. This I.T. person must be knowledgeable about the technical standards and protocols for collecting electronic data so that s/he can advice the CODI on essential matters like when can an electronic data be considered to have been altered, tampered with or spoliated.

Dr. Atty. Noel G. Ramiscal Certificate of Appreciation from UPCebu April 22 2022

Kudos, and utmost gratitude to Dr. Clement C. Camposano, the OIC Chancellor for the UPCS, Dr. Patricia Anne G. Nazareno, the Vice Chancellor for Academic Affairs of the UPCS (who both declared my lecture “cutting edge” in their signed Certificate of Appreciation), and Atty. Capistrano for giving me this opportunity to share an important part of my advocacies. Thank you to Mr.  Michael Andrew Galorio, and the TLRC, who took care of the technical requirements for the seminar. Of course, a great shout-out to all the students of Atty. Capistrano, all the other students from UPCS, their respective tribes, the faculty members from some colleges and members of the public who viewed the event via Zoom and FaceBook Livestream. It has been my privilege to share these with all of you. God Bless Us!

Philippine Lawbytes 212: Data Security and Privacy Breaches, Malicious State Actors and Cyber Warfare, Copyright by Dr. Atty. Noel G. Ramiscal

Last March 25, 2022, I had the great privilege to open the Mandatory Continuing Legal Education (MCLE) seminars of the University of Cebu Law School (UCLS) for the 7^th Compliance period, with my lecture on “Protecting Personal and Financial Data from Theft, Privacy and Security Breaches” for the 108 lawyers/attendees via Zoom. This was quite especial because the UCLS is celebrating its 20^th Anniversary this year.

Dr. Atty. Noel G. Ramiscal University of Cebu MCLE lecture March 25, 2022

For this undertaking, I had to apprise every one of the very real cyber threatscape looming over the Philippines. In 2020, more than 7,000 Philippine companies encountered ransomware attacks, and that web threats in the Philippines increased more than 59 percent to some 44.4 million detections in 2020, compared to the year before, according to a Kaspersky report. From January to June of 2021, cyberattacks on Philippine government agencies and the private sector numbered to 5,608,320 (STATISTA, https://www.statista.com/statistics/1268283/philippines-amount-of-cyberattacks/). In the first quarter of 2022, cyberattacks have been revealed against Smartmatic-TIM last January 2022 and the Senate actually conducted a hearing last March 17, 2022. Converge also notified the NPC, last March 10, 2022 of a data privacy breach on its GoFiber app that affected its customers.

The Introductory Slide of Dr. Atty. Noel G. Ramiscal’s University of Cebu MCLE Lecture Powerpoint Presentation

To counter such attacks, I discussed the importance of putting security first in our daily transactions and work ethic. It is unfortunate that the Philippines, like other countries, appear to prioritize data privacy over data security, in terms of its legal framework and the way these two concepts are operationalized and implemented. While data privacy is considered a legal issue, data security is viewed mainly as a technical and business issue. But the reality is, data privacy cannot be achieved without first establishing data security, not the other way around. So it is very important, to have the right kind of people at the helm of an organization’s I.T. infrastructure and operations, implementing and enforcing proper security measures, like encryption, strong passwords, multi-factor authentication, proper backing up of copies of e-data, backing up the back-ups of those e-data copies, applying early and regularly, security patches, and most importantly, educating all the officials and employees about their observance and responsibility for doing the reasonable cyberhygiene practices that can prevent data breaches, particularly at this time, when many people work from home, outside the relative secure confines of the organization’s network system.

It is very important, for organizations, including law firms to be up to date on data security practices. I explicated on why, for example, virtual private networks (VPNs) are considered on the way out, and why the concept and implementation of “Zero Trust Network Access” (ZTNA) should take its place, with the primary objective of properly containing data security threats. For the very first time, I discussed and distinguished between two types of ethical hacking that are not tackled in data security MCLE lectures for lawyers: penetration testing and red teaming. I delved in detail as to what the qualifications these ethical hackers should have, the methodologies they should know, the content of their evaluation report, and the obligations they must comply with, in respect to the organization that hired them to test the network infrastructure and applications this organization utilizes.

The resplendant and brilliant Atty. Josh Carol Ventura giving the Introductory Remarks for the UC MCLE 7th Compliance Period March 25, 2022

One very crucial point that I made is the fact that Philippine law firms of whatever size are attractive targets of hackers for the very rich trove of information they have about their clients. Hackers have used social engineering tactics like phishing and spear phishing to make lawyers, their employees and clients download malware, or click on links to scammy sites that make them reveal important personal information. One of the tips I gave the attendees is to never reveal in their websites or social media accounts the names of their clients, particularly those who are quite prominent, or those in the I.T. industry, or discuss the cases they are handling which involve the sovereignty and claims of the Philippine government.

Aside from rogue employees who would betray their employers’ secrets in the caverns of the dark web, an unfortunate reality that we all must deal with is the presence of malicious state actors that engage in cyberattacks for espionage, IP rights theft, money heists, and lately, ransomware. A cautionary tale I presented was the NanHaiShu malware, a Remote Access Trojan (RAT) that was spread as a file attachment in spear phishing email messages that targeted the Department of Justice of the Philippines, the organizers of the Asia-Pacific Economic Cooperation (APEC) Summit and a major international law firm which was involved in a dispute centering on the West Philippine Sea. enSilo, which investigated the malware, named the Chinese cyber espionage group called the Advanced Persistent Threat (APT) group 10 as responsible for the attacks.

In my February 11, 2022 MCLE lecture for the Legal Management Council of the Philippines, I dissected, as one of the case studies I presented, the Bangladesh Bank heist, and presented never before seen evidence (certainly not in an MCLE lecture) as to the real hackers behind the heist which siphoned of US$81 million from the bank, through various conduits that included the Jupiter branch in Makati, of the RCBC. The heist had been attributed to the Lazarus group, affiliated with North Korea.

In the ongoing war by Russia against Ukraine, the Russian government of course had resorted to its army of hackers, as part of its military campaign. The Microsoft Threat Intelligence Center (MSTIC) reported this year that it detected a malware installed on devices belonging to “multiple government, non-profit, and information technology organizations” in Ukraine. The software, named DEV-0586, and attributed to Russia, was designed to look like ransomware, but it does not have any recovery feature. The MSTIC reported that the malware was programmed to execute when the targeted device was powered down. It was reported that the malware would overwrite the master boot record (MBR) and all the files with certain extensions from a predetermined list, which would delete all data contained in the targeted files.  Even if one paid the ransom, one would not be able to retrieve any data. So its destructive purpose is laid bare. Due to the fact that this type of malware cannot be contained within the boundaries of Ukraine, it is therefore imperative that all of us must be extra careful in opening emails and attachments from unknown sources.   

Prior to the new normal, I had given several MCLE lectures for the UCLS, and special lectures for their students, as well as students from other law schools in Cebu. One thing that struck me with UCLS is, its commitment to excellence and it has an academic culture that values integrity and top notch research. It is therefore an honor to be part of the endeavors of UCLS in bringing relevant and current matters of interest to the Cebu legal community, so thank you to Atty. Stephen Yu for inviting me. It was also such a pleasure to see and hear the resplendent and brilliant Atty. Josh Carol Ventura give the introductory remarks. The vivacious Atty. Lorenil Archival moderated the whole event.

A random photo from Dr. Atty. Ramiscal’s UCMCLE lecture with wonderful comment from a UCMCLE participant, March 25, 2022

To all the MCLE attendees, thank you for giving me a truly gracious and warm reception and for your wonderful comments about my lecture! And to UCLS, Congratulations on your 20^th Anniversary and many, many, more decades of Excellence to Come! God Bless Us Always In All Ways!

Philippine Lawbytes 211: Virtual Rape in the Metaverse and the Continuing Online Violence Against Women and LGBTQIAS, Copyright by Dr. Atty. Noel G. Ramiscal

In honor of the Women’s National Month in the Philippines, I am posting this article to raise awareness on the continuing violence committed against women (biological and trans) and the LGBTQIAs online. I am an advocate against any form of this violence for most of my adult life, and I have successfully handled all the sexual harassment cases where I represented the women and LGBTQIA victims.

In 2021, the Worldwide Web Foundation (WWWF) published a letter that was signed by over 200 influential women all over the world. It was actually a pledge to end the “pandemic of online abuse against women and girls”. The entity then known as FaceBook, Google, TikTok and Twitter all came out with statements that align with the pledge. Unfortunately, like all promises made by tech giants sealed in the ethers of the Internet, none of these have yet to be actualized in concrete mechanisms and measurable metrics.

The recognition though, that this form of abuse is of “pandemic” proportions was a long time coming. Remember the case of Brianna Wu, one of the targets of male organized online violence (Gamergate) against women in the video gaming industry? She was subjected to relentless online death and rape threats, on a daily basis and was forced to flee her house with her husband after her address was doxed, all because she was a woman who made a well-received successful videogame.

Anita Sarkeesian’s online critical comments about the male dominated videogame industry and the violent games created by men had earned her unceasing online rape and death threats, racist and sexist comments, and like Wu, was forced to leave her house and had to forego a speaking engagement at the Utah State University after receiving messages that she would be gunned down, and it would be the biggest massacre in an American university.

Literature and anecdotes around the world abound concerning the constant online abuse received by women and girls who play online games like Call of Duty, Valorant, and Xbox Live, etc.  Just recently, Alex Hanna wrote “On Racialized Tech Organizations and Complaint: A Goodbye to Google” and alluded how “white tech” supremacist organizations like Google, Meta, Amazon, Apple and Microsoft treat black people, particularly black women, queers, trans, those with disabilities, and indigenes (February 3, 2022, Medium.com). It must be mentioned that the recent 2022 acquisition by Microsoft of the gaming company Activision had caused a stir because of the many sexual and racial discrimination complaints levelled against this company by its employees.

In the Internet that most people know today, such online abuse may consist only of words, sound and images (moving or not). But in the third iteration of the Internet (or Web 3.0), which has been dubbed as the “Metaverse”, all of these may translate into something that the victim can literally feel.

Dr. Atty. Ramiscal’s Introductory Slide, MCLE Lecture for OSG lawyers, March 14, 2022

In my March 14, 2022 Mandatory Continuing Legal Education (MCLE) lecture for the 280 plus lawyers from the Office of the Solicitor General (OSG) via Zoom, administered by the UPIAJ, I seized the opportunity to discuss, in my lecture on “Cyberlaw Ethics”, some of the legal and ethical issues that we would all be confronted with when the metaverse becomes something more, and real, than the holograms presented by Mark Zuckerberg, when he changed the old “FaceBook” into the new “Meta” last October 2021.

Dr. Atty. Ramiscal’s MCLE Lecture on “Cyberlaw Ethics” for OSG lawyers, March 14, 2022

“Metaverse” was actually a term coined by Neal Stephenson in his 1992 novel “Snow Crash”. If realized, it would definitely be more than an extension of the virtual reality, that some people have now become so used to, or had actually began to live their actual lives in. Through virtual and augmented reality technologies that are pluggable or wearable like headphones with goggles, people can participate in this “virtual world” and have experiences that simulate “live” events, replete with human emotions and gestures. The crucial difference is, unlike any other video game that can be paused or finished, the metaverse has an independent existence from all the players that populate it. The virtual interaction  will mean that a plugged-in human being is able to react to the virtual objects as if they are real.

FULL DISCLOSURE

The “metaverse”, at least the one that “Meta”, Microsoft, Epic Fortnite, Roblox and other current players are pushing for is not really new. Versions of earlier metaverses have existed and some are still around. A good example of this is “Second Life” which started in 2003, in which I have to admit, I joined almost a decade ago.

Dr. Atty. Ramiscal’s Screenshot of Second Life homepage circa 2014

It is not a game, it is actually a virtual world that one can explore and connect with other beings through avatars. My avatar is still male (you can choose or create your own avatar, of any gender, of any specie, with any look that moves your fancy) and apparently a “human” (as opposed to a god/goddess/vampire/wolf/beast).

An avatar does not come with genitals. One can choose some free ones, which may not be a perfect fit, size, shape or color. One can create a customized penis or vagina with the perfect skin tone if one knows how to use the LSL, the Second Life computer language. But to make it easy, one can buy the desired genital with the currency “Linden” dollars. Of course, to experience some form of virtual sexual intimacy, not only do you have to download Second Life, you must know how to use your avatar’s sexual organ, and sex toys that one can buy inworld. Don’t worry, there are instructions, and “parlors” for these, as well as other avatars who can service you for a tip.

SEX AND VIOLENCE IN THE METAVERSE

Since Second Life has been in existence for quite a while (two decades), the rules of engagement and enjoyment of virtual sex have become sort of laid down. One does not encounter any significant literature of sexual violence regarding Second Life. But in the bigger metaverse, which still has yet to become fully realized, its beta stage had already produced the first claim of virtual rape. And where did this happen? Of course, in Zuckerberg’s Meta.

Screenshot of portion of https://www.ninajanepatel.com

Nina Jane Patel, the VP of Metaverse Research of Kabuni, who is a beta tester of Meta’s Horizon Worlds,  shared with Medium.com in December 21, 2021 her “virtual rape”:

…Within 60 seconds of joining — I was verbally and sexually harassed — 3–4 male avatars, with male voices, essentially, but virtually gang raped my avatar and took photos — as I tried to get away they yelled — “don’t pretend you didn’t love it” and “go rub yourself off to the photo”. A horrible experience that happened so fast and before I could even think about putting the safety barrier in place. I froze. It was surreal. It was a nightmare.

I have no idea how Meta will implement “virtual intimacy” across its Horizon Worlds. According to Nina Patel, they’re aiming for the five senses, so the player/gamer can even experience the “smell” of a virtual good or act. I know that there are ever improving VR goggles, and even jackets that a player can wear, by which s/he can physically experience the pain of a virtual bullet.

More than just the “skins” of Second Life, will Meta strive for devices that a player can strap on the genitals to feel the sensations of penetrating, or being penetrated?

Dr. Atty. Ramiscal Screenshot with some OSG lawyers in his MCLE lecture, March 14 2022

As I told the OSG lawyers, there is actually no precedent as to how the Philippine law will account for virtual rape. “Rape” as a crime in the Philippines under R.A. 8353, is punishable upon proof that any of the victim’s orifices, that can include the mouth, vagina, or anus, was forcibly and physically penetrated by the accused with the use of any instrument or object, without the victim’s consent.

We must consider the words of Nina Patel who summed up the reality of how she felt about the virtual rape:

Virtual reality has essentially been designed so the mind and body can’t differentiate virtual/digital experiences from real. In some capacity, my physiological and psychological response was as though it happened in reality.

So, feeling the rape from a virtual assault, is obviously not the same as physically experiencing it, but the trauma induced by the virtual experience, is nonetheless, and undeniably real.

We must also consider the perpetrator here. Do we now assign criminal liability to avatars, or more accurately, the owners of avatars, who may reside in jurisdictions that Philippine courts may not be able to reach.

To my fellow advocates of the rights and interests of women and LGBTQIAs, may this seminal missive of mine on this topic alert you, and put you on guard, that our work would become even more nuanced, complex and challenging, once the Metaverse being pushed for by the likes of Meta, arrives. If you have any comments as to how we can counter or respond to this by legal means, please comment below.

Thank you for reading this far.

Dr. Atty. Ramiscal, with comments from some OSG lawyers, March 14 2022 MCLE LECTURE

A big shout out to all the OSG lawyers (it was my second time to lecture for them) whose appreciative comments about the innovativeness of my lecture, my style, and my “sharp” looks, have certainly added more spring to my stride! God Bless You All!

Philippine Cyber Lawbytes 210: Why Data Security Matters: Attention to the National Privacy Commission: The CBPRS website is Not Safe Nor Secure According to Four Web Browsers!

In February 11, 2022, the Legal Management Council of the Philippines (LMCP) and the UP Institute of Administration of Justice (UP IAJ) invited me to give a three (3) hour Mandatory Continuing Legal Education (MCLE) lecture on Data Privacy. The LMCP is a prestigious organization comprised of legal executives and managers of top law firms and Fortune 500/2000 companies in the Philippines. For this engagement, I decided to do a full lecture on the important intersections between “Data Privacy” and “Data Security” which had not been emphasized or even done in any MCLE lecture on data privacy in the Philippines.

The whole point of my lecture is that data privacy is not achievable without data security. Data security is the most vital requirement and prerequisite to data privacy, not the other way around. Thus, the legal importance given to data privacy, without any equal emphasis on the legal significance of data security is misplaced and is rife with grave repercussions. I illustrated this by giving detailed case studies, culled from the cases I have handled, and from my research.

One of the most important developments in the field of data privacy as far as the Philippines is concerned is being accepted as one of the members of the APEC Cross-Border Privacy Rules System (CBPRS).  Endorsed by APEC Leaders in 2011, this is a voluntary, accountability-based system that facilitates privacy-respecting data flows among APEC economies. It provides the recognition criteria for organizations, or countries, wishing to become an APEC CBPR System certified Accountability Agent. It establishes a regulatory cooperative arrangement to ensure that each of the APEC CBPR system program requirements can be enforced by participating APEC economies.

In order to join this system, applicant countries or organizations must fill-up an intake questionnaire, and their responses will be evaluated based on assessment criteria. The current nine participating APEC CBPR system economies: USA, Mexico, Japan, Canada, Singapore, the Republic of Korea, Australia, Chinese Taipei, and the Philippines. The website itself contains all the documentary submissions officially submitted by the member countries.

As is part of my due diligence tests for every website I visit, critique, document and present in my research and presentations, the CBPRS website failed that one vital requirement that all websites dedicated to data privacy must have: data security. According to these four web browsers I used, the CBPRS website is NOT SECURE and UNSAFE, even DANGEROUS. Please take note of the yellow marker encircling the areas where these warnings and indications are visible. The web browsers all note the insecurity of these websites even today, February 19, 2022.

---

1. MOZILLA FIREFOX

---

---

---

---

2. GOOGLE CHROME

---

---

---

3. MICROSOFT BING

---

---

---

---

4. OPERA

---

---

---

THE NATIONAL PRIVACY COMMISSION WEBSITE

In contrast, the National Privacy Commission’s website, in all four web browsers tested safe and secure. I will just give one example, the following were screenshots from the web browser Mozilla Firefox:

---

---

---

---

IMPLICATIONS:

---

The CBPRS.org does not have the “https” or “hypertext transfer protocol secure” protocol. This shows that the CBPRS.org site is not encrypted via the Transport Layer Security (TLS) encryption. TLS encryption protects all information that passes through the browser to the server, including logins and passwords, and even the web administration credentials. With the four web browsers’ warning of the website being “Not Secure”, it means that all transfer of information to and from this website, cannot be trusted.

The security warnings of the four web browsers show that the identity of CBPRS.org had not been validated by a legitimate 3^rd party source. According to the Opera Guidelines, the “best guarantee of a website’s identity is provided by Extended Validation (EV) certificates. Extended Validation means that the details of the organization buying the certificate have been audited by an accountable, third-party entity, who can therefore verify that the certificate owner is who it claims to be. EV websites are indicated by a black  security badge with a padlock in the address field”.

In contrast to all these, the NPC website follows the “https” encryption protocol and it is verified by Cloudflare Inc.

The non-encrypted state and non-secure state of the CBPRS website entails it is more prone to viruses and hacking attacks. A TSL Certificate provides an additional barrier that can prevent malicious actors from gaining access to the  information in this site, for example, by introducing fake documents, or uploading malicious scripts on the site. This is all the more pressing because the Philippines’ official documents submitted by the NPC, and all the other documents of the 8 member economies, which are retrievable from this site, are not secured.

---

---

Moreover, the “Not Secure” warnings also means that anyone that visits this site does not have any privacy while browsing. There will always be a risk of local attackers, users on other computers of the same network, to be able to monitor, view the pages that the viewer is browsing as well as the information s/he is sending or receiving. It does not provide trust or security to the viewing experience.

Unlike the NPC website, the CBPRS website is not privacy compliant at all. It is all the more baffling considering that the CBPRS website should be a paragon of data privacy standards for a website, given the fact that it houses the official documentations submitted by its member countries.

I therefore respectfully request for the NPC, as the representative of the Philippine economy in APEC to notify the CBPRS body about their website’s insecurity, and the probable consequences if this is not addressed. It behooves the NPC to inform the CBPRS organization about its website’s insecurity and unencrypted state, for it is truly horrendous and unexcusable that a website devoted to data privacy, can violate security standards, potentially breach the privacy of internet viewers, and be open for possible defacement, and even the deletion or alteration of the official public documents submitted by APEC member economies.

Philippine Lawbytes 209: Why the “Nagoyo” BDO Hacking is a Data Privacy Breach and a Directed Attack Against the Insecure BDO Online System

In my Mandatory Continuing Legal Education (MCLE) lecture last February 11, 2022, for the Legal Management Council of the Philippines (LMCP), I used this hacking scandal that hung over the Christmas holidays last year as a case study of how not having data security can lead to data privacy violations. Sure, the NPC as of its last pronouncement on this matter had never really come out in the open to declare that this incident resulted in a data privacy breach.

Briefly, over 700 BDO online bank depositors had money stolen from their bank accounts ranging from P 25,000 to as much as P 100,000 starting from November 29 to December 9, 2021. All the victims never received any One Time Pin (OTP). They just received messages that someone has logged into their account. Some of them received email alerts that a new device was added or a password had changed without receiving an SMS prompt or OTP. These alerts came together with the notifications of the fund transfer. Some of them got charged more than the daily limit of P 50,000. It was revealed that a UnionBank Account #1094211022533, to which the funds were diverted, was used to buy Bitcoin worth P5M pesos from the cryptocurrency market on December 11. This was traced to an account name “Mark Nagoyo”.

WHY WAS THIS A CASE OF DATA PRIVACY BREACH?

One of the victims, Ellard Chua who lost P50,000 in the attacks, claimed that the criminals tried to put the blame on him by naming him in a doxxing campaign. He told ABS-CBN and Manila Bulletin that the perpetrators attached his name to one of the UnionBank accounts, and released his work number, making it appear he received money from the victims.

“If they’ve seen my name in their BDO emails saying money was transferred to Ellard Chua, then I am telling them na nothing was transferred to my account…Somebody used my name. I am not sure why they chose my name. But the beneficiary account number is not mine and not a single peso went into my account“. This was his FaceBook statement about the incident:

ABS-CBN also found three other victims who had the same experience Chua had. One of them was Charisse Matanguihan, whose name and phone numbers were also used by the criminals as the alleged recipient of stolen money from BDO accounts. She had received death threats because of this. She had posted in her FaceBook account her story about the incident, and attached the text messages she received and other relevant documents that prove her side. These are some of them:

THE MOST CONVINCING PROOF THAT THE BDO HACKING WAS A DATA PRIVACY BREACH

The police arrested several members of a syndicate group comprising of Nigerians and Filipinos who worked together. They opened BDO accounts using fake documents. One member created a hacking software. His name is Clay Revillosa who said to NBI:

“Pinapasok ko po ‘yong website and then naglalagay ako ng backdoor and then ilalagay ko ng isang extracting tool na para sa database para i-extract mga information ng mga tao.”

Source: NBI Arrested 4 Alleged Suspects of BDO Missing Money, January 21, 2022, https://philnews.ph/2022/01/21/4-suspects-behind-unauthorized-bdo-transfers-arrested-by-nbi/

THE EVIDENCE INDICATE

Clearly, this was no phishing or smishing attack that can be blamed on the depositors. This was a directed attack against the insecure BDO online website, via software that was able to establish a backdoor into the BDO online bank system, extract the personal information of certain individuals, who had enough money on their accounts that were sufficient for the criminals to take.

The fact that the criminals were able to get the names and work phone numbers of some of the victims, which they used to thwart or divert suspicion and attention from themselves is proof that the hacking software that Clay Revillosa admitted to have made was quite effective in ferreting the personal, sensitive and confidential information of BDO depositors who were their subject victims. There is no point in delaying the finding that there was a data privacy breach, because the victims had already suffered from the effects of such breach.

This is also an overwhelming indication of the insecurity of the 10 year old online BDO banking system. The weakness of such system had been known for quite sometime in the business and tech community.

In fact, bitpinas published an article with a screenshot of the comments of several people who were not happy about the perception that cryptocurrency, and UnionBank share some of the blame in the hacking incident (https://bitpinas.com/fintech/crypto-community-bdo-hack-incident/). No one should be blamed but the apparent gross negligence of the BDO management, particularly its CISO/CIO/CTO/CDO, and to a certain extent its DPO. This was a spectacular failure of the C-Suite executives and the Compliance Officer of not complying with the legal obligations under R.A. 10173, and the technical and industry standards and protocols that cover data security.

This was one of several case studies I presented for LMCP members, who comprise some of the legal luminaries in the Philippines. I desire to give a shout out in particular to one lawyer. I have always asked, declared, and wished that some lawyers would attend my lectures in formal wear. And in this sort of global lock down that we are still experiencing, my wish came true!

Kudos to Atty. Gabionza for looking so dashing and dapper in his tuxedo! He said he had a speaking engagement after my lecture, and it must have been some kind of engagement! And of course, thank you to all the 133 lawyers who attended and the UPIAJ staff who handled the technological logistics for this event.

Philippine Lawbytes 208: Online Vote Buying, Digital Forensic Fraud, and Other Cybercrimes: Dr. Atty. Ramiscal’s Lecture for the Philippine National Police, Police Regional Office II

Several years ago, I had the privilege of lecturing on several courses for the Philippine National Police (PNP), NCR. Due to the global halt that has happened, the PNP training programs have to evolve online. In December 1, 2021, I had the honor of being invited by the UP and the PNP to lecture on “Cybercrimes” for the peace and security frontliners of the PNP Police Regional Office 2, at Camp Adduru, Tuguegarao, Cagayan, via Zoom. The attendees who were over 180 in all had to share Zoom accounts (2 people per Zoom account) in order to manage the logistics of bringing the lecture to them.

Since it is a four hour lecture, in order to add special value, I decided to incorporate certain developments in the understanding of cybercrimes and electronic evidence issues that our brothers and sisters in blue might encounter if they are the first electronic responders to any cybercrime investigation.

I discussed several classes of cybercrimes starting with those that have a sexual component to them, then progressed to digital sextortion, online facilitated prostitution, online human trafficking and minorgraphy, that is, pornography created by minors. The next class of cybercrimes I explicated are those related to our personal data or information, then those that are considered truly “high tech crimes” that involve the use of specialized digital tools, and those that implicate state actors.

Considering that the May 2022 elections is upon us, one of the attendees, PCol. Tumibay asked about online vote buying and if it is difficult to get the evidence to go after perpetrators. I told him that every digital transaction, every deal, every conversation about buying and selling votes done via electronic devices would leave traces, even if the parties thought they had deleted them. In these cases, the services of truly qualified, competent, ethical digital forensic investigators are needed. They have to identify the electronic devices and relevant digital evidence, collect, preserve and investigate them, using the precautionary measures and safeguards that are laid down in industry protocols stated in several ISO/IEC standards. If they do not observe these, and present unsubstantiated findings, they can be held liable for digital forensic fraud.

The Bangko Sentral ng Pilipinas (BSP) came out with Memorandum M-2021-074, issued last December 31, 2021, to mitigate the possible use of electronic channels like online banking and mobile wallets in vote-buying or selling activities. Such advised the banks to calibrate their electronic fraud management systems and monitor the following:

Concentration and/or significant number of account registrations in the area or locality where vote-buying/selling is identified to be rampant;

Large cash transactions during election period;

Unusual transaction flows between accounts, including the velocity and frequency of transactions (i.e., many-to-one, one-to-many); or Unusual volume and/or value in cash in/cash out channels (agents).

The major issue and grave oversight in this BSP Memorandum is that these transactions would in all probability, not go through the banking system. In a 2019 investigation report by Joyce Ilas of CNN Philippines, she stated that those who sell their votes in the Philippines do so for about five hundred (P500) to one thousand (P1,000) pesos.

Since many Philippine citizens are unbanked, those who buy votes will not ask the vote sellers to open bank accounts, specially in this pandemic time, and for what can be considered such measly amounts. Vote buyers pay vote sellers in cash. In fact, these cash payments are made only after proof presented by the vote seller that they voted for the vote buyer’s candidate. If these vote sellers do have access to digital platforms, they may probably prefer G-cash, or call load credit, or even cash transfers in online shopping sites like Shopee or Lazada. So, the BSP Memorandum does not hit the mark, and maybe quite useless.

Anyway, what is essential in all digital investigations of cybercrimes conducted by qualified PNP members or private forensic investigators is that the electronic evidence they collected, preserved and examined would be proved by them, not to have been altered, contaminated or spoliated at any time during these processes, up to the time they had been turned over to the custody of the court that had acquired jurisdiction over the cybercrime cases.

Great many thanks to the UP Institute of Legal Reform and the PNP for inviting me to be part of this important series of seminars for our guardians in blue. Thank you also to all the over 180 strong PNP officials and members who actually sat through my 4 hour lecture. I trust they learned something they can use in their professional tasks of protecting and serving all of us.

Philippine Lawbytes 207: Online Trolling, Fake News, UnSafe Spaces, and Other Cybercrimes: Dr. Atty. Ramiscal’s lecture for the Batong Malake Lupon Tagapamayapa, Los Baños, and DILG

November 24, 2021 was a historic first for me because it was the first time I had the opportunity to reach out and share my knowledge and advocacies with a Lupon Tagapamayapa and the Department of Interior Local Government (DILG) Southern Luzon. The Lupon is the Batong Malake Lupon Tagapamayapa (BMLT) of Los Baños. Their inimitable Barangay Captain, Ian Kalaw, and the erstwhile BMLT Justices, coordinated with the DILG, represented by Ms. Michiko Escalante, to bring to their constituents, and more than 10 other barangays in Southern Luzon, plus people from Alaminos, Pampanga, the Bureau of Jail Management and Penology, and the CSC, a webinar on cybercrime. Justice Freddy Fajardo was the one who actually contacted me and arranged for my Zoom lecture on “Law and Internet: Introduction and Overview”.  

The Philippine Australian Alumni Association (PA3i) Laguna Chapter, through its current President, Dr. Nel Bantayan (whose also the current Vice Chancellor for Research and Extension of the University of the Philippines Los Baños), gave the technical support for the event. The BMLT Justices, particularly Tina Malinao and Fajardo meticulously planned and hosted the event, while Justices Bejo and Mijares moderated the Open Forum, and Justice Bacalangco presented the certificates of appreciation.

One of the coolest things about this event is the forward thinking of the BMLT and DILG. Even if most cybercrimes are beyond the jurisdiction of the BMLT, they pushed for this webinar (the first time, in their history, as well), because they wanted their constituents to be educated, and be aware on how they can protect themselves and their loved ones, in matters that have technological components with real time consequences on their lives. “Cyber” is no longer a nebulous word, and is frequently attached to all activities nowadays.

In a span of over two hours, I endeavored to give the attendees the specific principles with illustrations that guide the recognition and prosecution of different cybercrimes in the Philippines. I gave them also the latest legal developments on matters that they may encounter in their professional and personal lives, like online trolling, cyber bullying, online libel, online safe spaces, fake news, phishing and other types of online fraudulent activities. The audience’s interest in the subject can be gauged by the many questions they asked in the open forum which lasted for just over forty five minutes.

I would like to again extend my heartfelt thanks, through this blog, to the BM Captain Kalaw, the BMLT Justices, and all the attendees and those connected with the event, who had given me one of the most genuinely cordial receptions. With their proactive stance and staunch commitment to public service, it is no wonder that they have won recognition from the LTIA Provincial Assessment. Kudos to these true public servants!

Philippine Lawbytes 193: A View of the “Public Entrepreneurship and Grand Corruption in the Digital Age” the Carnegie Mellon University Australia (CMU-A) Master Class of Prof. Emil Bolongaita, copyright by Dr. Atty. Noel Guivani Ramiscal

Last March 26, 2021, Prof. Emil Bolongaita, the Distinguished Service Professor of Public Policy and Management and the Head of CMU-A, delivered the last of the series of Master classes of CMU-A, for now. It was an information packed lecture on “grand corruption” which is always a relevant discussion to have in this country, particularly now when people are raising issues about the government payment and alleged kickbacks for the needed vaccines against the pandemic.

Dr. Atty. Ramiscal’s screenshot of Prof. Emil Bolongaita in his CMU Masterclass March 26, 2021

Just several months ago, the whole country was riveted to the Senate and Congress hearings on the widespread corruption in the PhilHealth (the country’s primary health care provider to over 110 million citizens) of its officials, using their positions, to defraud the PhilHealth fund, together with their favored cohorts, certain hospitals and health care providers, with massive unexplained or incomprehensible payoffs. The onset of the pandemic just made the corrupt activities more pronounced and noticeable with PhilHealth pronouncements and acts of its officials that threatened to bankrupt the PhilHealth fund by 2022.

Using the World Bank definition of corruption which is “the abuse of public office for private gain”, Prof. Emil situated “grand corruption” in this manner:

Dr. Atty. Ramiscal’s screenshot of Prof. Bolongaita’s slide on the levels of corruption

And while he did not focus on state capture, where the whole State itself is run by businesses and politicians for the advancement of their own interests, he embellished his presentation by examples of some dictatorships that ran their countries like family owned unaccountable businesses, e.g., the Suhartos and the Marcoses.

Much of the discussion, including the theories, perception and effects of corruption, I will not repeat here, for they are unfortunately too familiar with us who had lived through the Marcos era, and have to live through several governments ever since, with their own brand and styles of corruption.

What’s interesting in Prof. Emil’s discussion was the way some countries have responded to this perennial issue. The US has the False Claims Act which was passed during the time of Lincoln, which permits private citizens, or whistleblowers, to file actions against federal contractors, whom they claim perpetrated fraud against the government. Most significantly, as Prof. Emil said, this law contains a “qui tam” provision, which allows whistleblowers to be paid a percentage of what the federal government can successfully recover. In other words, “me kita” (lol). In the Philippines there have been many attempts to actually pass a “Whistleblower’s Act” to protect insiders to no avail. As such, not many insiders with knowledge of the corrupt practices of their employers are willing to come forward and attest to the truth for fear for their lives and their loved ones.

There is something to be said about engaging with government officials in cleaning out corruption, when those officials are part of the corrupt system. The United Nations-backed International Commission Against Impunity in Guatemala (CICIG) which operated for 12 years and actually was instrumental in bringing to justice several corrupt officials, was shut down in 2019, by its President Jimmy Morales, when it started investigating Ramirez, his brother and his son.  

Prof. Emil also pointed out the important work of several men and women from different parts of the world who he deemed are the “public entrepreneurs” fighting corruption. This brings home the point brought out in the Q & A that there are actual people and institutions out there that are doing something, and that no matter what station we are in life, we can always do something to fight this problem.

Dr. Atty. Ramiscal’s screenshot of Prof. Bolongaita’s slide on the public entrepreneurs against corruption

But what is most infuriating from the perspective of a Philippine advocate for justice, human rights and anti-corruption, is the comparison made by Prof. Emil of the Philippine Ombudsman and the Indonesian KPK response to corruption. The Ombudsman has a sketchy track record of going after and actually getting their targets to jail. The KPK on the other hand, only goes after the “big time” corrupt officials and actually succeed in having them convicted. The average time of doing this is six months, and even if they appeal, they are placed in jail during the pendency of their appeal, which is in dire contrast to the Philippine judicial system that allows people to post bail even for non-bailable offenses like plunder (see for example, In Enrile v. Sandiganbayan & People, G.R. No. 213847, promulgated August 18, 2015).

Dr. Atty. Ramiscal’s screenshot of Prof. Bolongaita’s slide on the success rate of Indonesia’s KPK in battling corrupt officials

I actually came to the lecture interested in learning how technology can be used to uncover corruption and prosecute corrupt officials. Prof. Emil gave a slide or two, very briefly, on cryptocurrency and why its become a favorite of corrupt officials. So I had to ask him during the Q & A about the possible treatment and tracing of the cryptomoney trail to specific people. He gave the answer that all relevant government agencies must come together and figure this out. What if they couldn’t? For example, the SEC has struggled since 2018 in finishing, finalizing and promulgating its Draft Rules on Initial Coin Offerings (ICO) that pertain to cryptocurrencies. As of today, no such ICO Rules exist in the Philippines.

I also had to raise the facts I have encountered in my practice and research that lawyers and judges need to be educated on the value and the correct and ethical uses of digital forensic tools that can uncover even deleted data trails and pinpoint actual perpetrators, and that technical competence, have a lot to do with the successful prosecutions of corrupt officials.

But considering the time limitations and all the areas that Prof. Emil tackled, I definitely think the topic of technology and corruption should be covered in a separate lecture. Kudos to Prof. Emil Bolongaita for such a well-researched lecture, and I’m actually looking forward to a Master Class in the future on Fighting Corruption with Technology!

Philippine Lawbytes 192: Wallowing in Big Data and Questionable Artificial Intelligence: the Robodebt Mess, Childcare and Facial Predictive Algorithms, the Carnegie Mellon Master Class of Prof. Tim O’Loughlin, copyright by Dr. Atty. Noel Guivani Ramiscal

In my third Master class at Carnegie Mellon University, Adelaide, South Australia, last March 12, 2021, the distinguished Professor of Public Policy Practice, Tim O’Loughlin, gave a very fascinating, even harrowing look at the way governments in different parts of the globe have toyed with, experimented and bungled the use of Artificial Intelligence in analyzing and interpreting big data culled from several “projects” and implementing the results with real life consequences.

Dr. Atty. Ramiscal’s screenshot of Prof. Tim O’Loughlin at CMU Master Class March 12 2021

Prof. Tim brought to his discussion several controversies where AI crunching big data appear to be the source of the problem. Most recent and truly gripping for many Australians is the Robodebt controversy. It was an automated welfare recovery scheme, where data from the Australian Taxation Office was matched with the fortnight income reported by Aussies to the Centrelink. If there was a discrepancy noted by the Robodebt AI, particularly in the welfare payments reporting by welfare recipients, they would be automatically contacted by Centrelink, if the discrepancy would be more than a A$1,000. This created lots of debts for welfare recipients amounting to over 400,000 people all over Australia, based on false information. The toll on victims of the AI scheme who suffered from physical and mental disabilities and other impairments, was quite heavy with some even committing suicide. No human oversight was created for the Robodebt AI since it was fully automated in 2016. Individual legal and class actions were brought to the courts concerning the legality of the AI system, and in 2020 a Federal Court decision ruled that this welfare AI scheme was unlawful. In the latter part of 2020 there was a legal settlement reached where the Australian government agreed to pay a total of A$1.2bn for a class action brought on behalf of hundreds of thousands of robodebt victims. While the Australian Commonwealth government admitted no legal liability for the Robodebt AI, Malcolm Turnbull who was prime minister when the scheme was rolled out had publicly apologized for the system, as did the current prime minister Scott Morrison.

Dr. Atty. Ramiscal’s screenshot of Prof. Tim’s slide CMU Master Class March 12 2021

Another compelling example, with mixed results, is the AI developed in New Zealand which was designed to supposedly predict if a child is in danger in his/her home, which would justify the intervention of the police and social welfare agencies. Way back in 2012, the Ministry of Social Development commissioned big data expert Prof. Rhema Vaithianathan to develop a new predictive risk modelling tool that attempted to identify those at risk of physical, sexual or emotional abuse before the age of 2. As Prof. Tim told us, there were calls made to let the algorithm tool work for 2 years with minimal or without intervention from the child welfare agencies. The then Social Development Minister Anne Tolley, stopped the whole thing,  even writing on the margins of a document outlining the proposal: “not on my watch, these are children not lab rats”. But in several counties in states of the U.S.A., the predictive tool developed by Prof. Vaithianathan, had actually been implemented with a measure of success, by child call centers and welfare agencies (see Jamie Morton, NZ-developed AI can predict kids’ hospital risk, August 5, 2020, https://www.nzherald.co.nz/nz/nz-developed-ai-can-predict-kids-hospital-risk/UNNQNQJNBTGRN3SBUYGCJS6ZB4/).

Dr. Atty. Ramiscal’s screenshot of Prof. Tim O’Loughlin slide of Ann Tolley’s notes CMU Master Class March 12 2021

As an LGBTIQA and human rights advocate, the thing that struck me most was the development of an AI algorithm to predict the sexual orientation of a man or woman. Prof. Tim talked about the 2017 Stanford University study of its facial recognition software that supposedly was able to predict if a man or woman is straight or gay depending on their facial features. Human rights groups lost no time in denouncing such studies as dealing with the pseudo-science of physiognomy, and can actually lead to deleterious consequences for people identified as within the LGBTIQA community.

Dr. Atty. Ramiscal’s screenshot of Prof. Tim O’Loughlin slide of gay facial recognition AI CMU Master Class March 12 2021

But facial recognition software has continuously been developed and improved upon for other purposes. In 2020, academics and a graduate student from Harrisburg University whose research publication was all about an algorithm that predicted if somebody would become a criminal by their facial features, became the subject of controversy which resulted in their paper being pulled out of publication by Springer Nature. Early this year, news about a facial recognition software being able to tell a person’s political affiliation hit the stands.

In the light of all these, I asked Prof. Tim several questions including who must be liable if an AI program goes rogue. This is an unresolved issue in the Philippines because there is no law that properly addresses the liability issue for the creation of an algorithm that can be arguably called as an “independent” “autonomous” and “intelligent agent”. Prof. Tim said that ultimately, rolling out big data projects that depend on AI on a country’s populace should be the responsibility and liability of the country’s political leaders. I couldn’t agree more.

I raised the point about ethics and biases and the fact that algorithms can actually contain the biases of their human creators. Prof. Tim replied that the creators should be the last to input value judgments. So there must be a technical system of checking out, or balancing off biases that had crept in the algorithm, through its parsing and analysis of terabytes, even petabytes of data.

All in all, the lesson to be learned here is that no algorithm should replace the considered judgement of human beings. This was the point I raised in a three part series of articles I wrote last year on the predictive algorithm developed by DOST ASTI researchers that supposedly can assist predict the outcome of criminal cases based on the decisions of the Philippine Supreme Court. If anyone’s interested here are the links to my articles:

Philippine Lawbytes 159: No Slave to any Algorithm [Part 3]: Critiquing “Predicting Decisions of the Philippine Supreme Court Using Natural Language Processing and Machine Learning” (Copyright by Dr. Atty. Noel G. Ramiscal)

Philippine Lawbytes 159: No Slave to any Algorithm [Part 3]: Critiquing “Predicting Decisions of the Philippine Supreme Court Using Natural Language Processing and Machine Learning” (Copyright by Dr. Atty. Noel G. Ramiscal)

Philippine Lawbytes 158: No Slave to any Algorithm [Part 2]: Critiquing “Predicting Decisions of the Philippine Supreme Court Using Natural Language Processing and Machine Learning” (Copyright by Dr. Atty. Noel G. Ramiscal)

Philippine Lawbytes 158: No Slave to any Algorithm [Part 2]: Critiquing “Predicting Decisions of the Philippine Supreme Court Using Natural Language Processing and Machine Learning” (Copyright by Dr. Atty. Noel G. Ramiscal)

Philippine Lawbytes 157: No Slave to any Algorithm [Part 1]: Critiquing “Predicting Decisions of the Philippine Supreme Court Using Natural Language Processing and Machine Learning” (Copyright by Dr. Atty. Noel G. Ramiscal)

Philippine Lawbytes 157: No Slave to any Algorithm [Part 1]: Critiquing “Predicting Decisions of the Philippine Supreme Court Using Natural Language Processing and Machine Learning” (Copyright by Dr. Atty. Noel G. Ramiscal)

I thank Prof. Tim for his wonderful lecture that emphasized the human and the ethical over the mechanical and political.

Till the next Master Class!

Philippine Lawbytes 191: My ISO 27001 Webinar with Dejan Kosutic, and the Question: Is Your Organization Cyber Forensic Ready? Copyright by Dr. Atty. Noel G. Ramiscal

Quite recently, I made the time to attend the webinar from the 27001 Academy, given by the world famous ISO/IEC 27001:2013 standard expert, Dejan Kosutic. I had received many invitations from the 27001 Academy in the past couple of years, but it is only now that I have the time to attend any of their seminars. The webinar was broadcasted from the U.S., but I heard every word of Mr. Kosutic just fine, in the comfort of my work studio.

For those of you who don’t know what ISO/IEC 27001 standard is, its lengthy name is “Information technology — Security techniques — Information security management systems — Requirements”. And as the name denotes, it provides the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization, as well as the requirements for the assessment and treatment of information security risks tailored to the needs of the organization. These requirements are generic so they can be applied to all types of corporations or organizations.

Every ISO/IEC standard goes through a process of periodic review and this standard had been reviewed and confirmed in 2019, which means that it is good for several more years. The Philippines has adopted in totality this current version of the standard with the designation PNS ISO/IEC:2018. As Mr. Kosutic explained, this standard actually makes the organization, particularly the management, concentrate on identifying all the risks, actual, potential and quite possible, that can threaten, even destroy the most important assets of the organization.

Dr. Atty. Ramiscal’s screenshot of Mr. Dejan Kosutic slide of assets ISO 27001 webinar March 11 2021

All of these need to be identified and written down, because as is the mantra now for ISMS, if it is not written down, it is forgotten, and it did not happen, until of course, when it does, and the organization is left reeling from the disaster that the unwritten threat wrought, which could have been prevented.

Depending on the size of the organization, the threats can vary in number from fifty to thousands, to hundreds of thousands, and at one point, Mr. Kosutic even claimed, to millions. So, it is in the appreciation of the interplay of so many different factors within and outside the organization, by management, that the success of identifying the risks, particularly, the non-acceptable ones can be done.

Dr. Atty. Ramiscal’s screenshot of Mr. Kosutic’s slide of options ISO 27001 webinar March 11 2021

When the risks are properly identified, there are four possible courses of action that an organization can do. It can accept the risks posed by the threat and therefore absorb the corresponding damages and liabilities. It can avoid the risk by opting for a different way of doing an activity for example, that eliminates the identified risk. It can transfer the risk to a different entity, which is best exemplified by insuring against the risk. Lastly, the organization can apply the proper control to minimize, if not totally eliminate the risk.  

It is in the last course of action that ISO/IEC 27001 is most useful. Annex A of the standard contains over a hundred “reference control objectives and controls” that an organization can choose from to implement the proper controls. These controls are mostly policies that range from human resource security to access controls over the information security assets of the corporation, to securing the physical and environmental areas and facilities of the organization, to its agreements with its suppliers, and so much more.

Dr. Atty. Ramiscal’s screenshot of Mr. Kosutic’s Q A webinar March 11 2021

One of the most important areas in this standard that interests me most pertains to the appropriate controls and responses an organization can do in response to a cyber attack. Obviously, if a corporation is in the I.T. industry, and related industries, the expectation is that it has been, and it will be subject to incidents of hacking and data privacy breaches. So, the most pertinent question that can be posed is: is the organization cyberforensic ready? This is in the context of what it would do in the event of a cyber attack, and how would it gather and preserve the electronic evidence needed to trace and identify the source of the attack, for possible legal action.

ISO/IEC 27001 provides several related courses of actions, via the institution and implementation of policies that address the consequences of a cyberattack. The most pertinent would be an Information Security Incident Management Plan which should set out among others, the management responsibilities and proper procedures to deal quickly and effectively with information security incidents; the tasking of employees and contractors who use the organization’s I.T. systems to note and report observed and suspected information security weaknesses; the appropriate reporting, assessment and classification of incidents as information security events;  the response of the organization and the proper documentation of such response to an information security event; and a learning mechanism where the knowledge gained from a cybersecurity incident shall be used to prevent the occurrence of similar incidents in the future. One crucial control mechanism that the standard provides which is essential for any corporation dealing with a cybersecurity breach would be a detailed policy that would set out the proper procedures for the identification, collection, acquisition and preservation of evidence in the aftermath of a cyberattack, which can be done with the help of its people, that can be used in court. This does not get discussed enough, but part of the risks of having an overzealous, unprofessional and incompetent team cooperating with trained police, or digital forensic experts, or doing the cyberforensic investigation on their own, is that they can tamper with the evidence, knowingly or unknowingly. This now leads to the risk of not finding the perpetrator, or worse, pinning the cybercrime on an innocent person.

As can be seen then, having these policies would not be sufficient. They would require the effective implementation by management with the requisite training and capable handling of each incident by its own personnel. So if your organization has all these requisite policies and people to implement them, then you can answer the question in the affirmative. The caveat here though, is always in the actual, factual implementation. These all may look and sound good in paper and in theory, and your people may seem qualified. But there is no telling what can happen when theory becomes reality. That’s when the learning happens.

Philippine Lawbytes 190: Machine Learning and Data Analytics, the Master Class of Dr. Murli Viswanathan, copyright by Dr. Atty. Noel Guivani Ramiscal

In March 17, 2021, Dr. Murli Viswanathan, the big data guru at Carnegie Mellon University Australia, graced us with a lecture on “Machine Learning and Data Analytics”. He pointed out that the new “oil” in our digital global age is actually “information” but in order for it to be valuable, it must not be “crude”.

Dr. Atty. Ramiscal’s screenshot of Dr. Murli Viswanathan CMU Master Class March 17 2021

Dr. Murli gave us a bird’s eye view of the development of business intelligence over the past decades and how this dovetailed with machine intelligence. The winners in the information game are those who can effectively analyze, assess and make decisions based on the data given to them, to change the way they do things, or become better at doing what they do.

Certainly, all of these come at a cost. Dr. Murli talked about the challenge of finding storage space for the voluminous data that are created every second. And of course, the most crucial component of all, is the capability of machines to understand, make connections and analyze all the raw data for the benefit of the user. As Dr. Murli explained, machine learning which is different from human learning, culminates or manifests in AI, and it is everywhere.

Dr. Atty. Ramiscal’s screenshot of Prof. Murli’s slide of Big Data CMU Master Class March 17 2021

The capacity of AI to absorb, regurgitate, parse and analyze data has also given rise to a lot of fake data. Dr. Murli challenged us to identify amongst these pictures, 1. what constitute a human creation, and 2. what is the portrait of a real human being. See if you can identify  them.

Dr. Atty. Ramiscal’s screenshot of Dr. Murli’s slide tease CMU Master Class March 17 2021

There are only two images that correspond to 1 and 2. To know the answer, you have to attend his class (lol).

But seriously, in a world divided by information, conspiracy theories, fake news, alternative realities, and pseudo-sciences, what can be the anchor of truth? I asked Dr. Murli if there are markers or tests by which one can determine if an image is real or computer generated. He answered in the negative. In response to my other question if there is a standard or protocol that can assure that an AI tool used in extracting digital evidence is reliable, he also said no. That maybe so in Dr. Murli’s field. But for those of you who are fellow cyberlawyers, you would know of several U.S. Supreme Court decisions that have been adopted in the Philippines that can govern the evaluation of the collection, acquisition and examination of digital evidence. There are also ISO/IEC standards that one can use as guidelines in determining if the digital evidence was properly handled and examined to prevent data spoliation. I would talk about these in future blogs.

Till the next Master Class!

Philippine Lawbytes 189: The “Digital Transformation and the New Realities” Master Class at Carnegie Mellon University Australia, the SKA and My Appreciation of “Infonomics”, Copyright by Dr. Atty. Noel G. Ramiscal

This is the second of a series of Master Classes offered by Carnegie Mellon University in Adelaide, South Australia, delivered through Zoom that I attended last March 5, 2021. The lecturer introduced by the jovial Prof. Emil Bolongata is the highly esteemed Dr. Riaz Esmailzadeh, a business and I.T. guru whose inventions have become part of 3G and 4G standards and produced 26 patents.

Dr. Atty. Ramiscal’s screenshot of Dr. Riaz Esmailzadeh during his lecture last March 5, 2021 CMU Masterclass

Since this is a Master Class on the realities of how technology has transformed our lives, Dr. Riaz’s lecture took us through a brief journey of the past three decades when the Internet had literally become the most dominant form and source of information, and some of the ways that these information, electronically gathered, had been used by businesses to their competitive advantage, edging off their rivals, to become the top of their pack, like Amazon, FaceBook and Google. Of course, not all companies can be like them.  Dr. Riaz had pointed out several times in his lecture that all corporations, no matter what size, do create, collect, and must manage their data in the most appropriate way, for their benefit, in order to survive the competition.

Dr. Atty. Ramiscal’s screenshot of Dr. Riaz’s slide on Information Flow Management, copyright to Dr. Riaz and CMU

He even presented a linear Information Flow Model that can be followed by all types of corporations, and gave some guidelines as to how he determines the maturity of a corporation in terms of handling digital information. He emphasized the need to hire an effective Chief Information Technology Officer who will serve as the custodian of the corporation’s digital information or assets. One thing that I found interesting in the lecture was the brief snapshot of the SKA data capability.

Dr. Atty. Ramiscal’s screenshot of Dr. Riaz’s slide on SKA, copyright to Dr. Riaz and CMU

Except for this slide, Dr. Riaz did not say much about the Square Kilometre Array (SKA) endeavor between Australia and South Africa. This got me intrigued so I did some little research and found out that SKA is the world’s biggest radio telescope, which is managed by the SKA Organization with headquarters at the world famous Jodrell Bank Observatory in Cheshire, UK, and stations located at different sites in South Africa, other countries in Africa and Australia (https://www.skatelescope.org/history-of-the-skaproject/).

Dr. Atty. Ramiscal’s screenshot of the skatelescope.org site, March 7, 2021

SKA is envisioned to help the research and understanding of scientists of several “huge” issues including, amongst others, the search for extraterrestrial life, the origin and evolution of cosmic magnetic fields, and galaxies, and proof of the extent and limitations of Einstein’s theory of general relativity. From a data management perspective, the collection and analysis of such data are a nightmare. If it’s true that the data SKA gathers in a day is equivalent to what the whole world generates in a year, the storage of such data will be a challenge, as well as its analysis. It might require several generations of scientists from different sciences to even go through and graph the images and data SKA would collect in a period of two to three years, let alone a decade.

One thing is certain. The data gathered by SKA is valuable. And so are the data gathered by corporations all over the world about their clients and customers. This is where the second area that interested me which was briefly mentioned by Dr. Riaz comes in: Infonomics. Information is indeed the new “oil”, but valuable information is not “crude”. Companies which learn how to mine and analyze their data to better serve their clients can end up winners. But right now, as Dr. Riaz pointed out, most corporations and even laws do not look at information as “assets” in the same way that real properties or trademarks or patents are looked at, in valuation, accounting and reporting, which are what Infonomics address.

A few years back, when I was an Associate Professor at a College of Economic and Management in one of those universities that belong to the whole University of the Philippines (UP) System, the issue that bothered me, which my colleagues and books could not answer is: how does one determine the value of information, like those gathered by social media providers, and reflect it in, say the tax returns of these providers (I used to be a Tax Senior, a lifetime ago at a Philippine affiliate of Ernst & Young). Right now, there is no clear answer as far as the Philippines is concerned.  

The whole debacle between FaceBook and the Australian legislature last February 2021, is literally over the issue of how much is information, in this case, the news, is actually worth. I was hoping Dr. Riaz would discuss this, but he did not. His lecture could have been so much more “current” and interesting if this was included because the case had all the components of infonomics that people can actually understand and relate to, because we all read, or in this time “see and hear” the news.

The last thing, which I actually raised in the Q & A portion of the lecture is the ethical handling and management of information by corporations. This was not touched with any significance in the lecture itself. I shared how FaceBook was granted a patent on an algorithm that actually determines the credit worthiness of a person by evaluating his/her social media contacts, and the fact that all the pieces of personal identifying information collected by social media providers on their clients, can be weaponized and used against a specific person by the police, or whatever entity, and this collected information can turn out to be wrong. There must be room for the ethical regulation of the handling of information by these corporations. Dr. Riaz agreed with me and cited the GDPR as one of those pieces of regulatory mechanisms that keep corporations in check.

All in all, it was a good lecture which whet up my appetite for the next one!

Philippine Lawbytes 188: The Non-appreciation of the Real Threats to the “Blockchain” in the Blockchain Technology Development Act of the Philippines, HB 7864 Oct. 12, 2020 (Part 2), Copyright by Dr. Atty. Noel Guivani Ramiscal

Rep. Salceda mentioned in his Explanatory Note to his House Bill, The Blockchain Technology Development Act of the Philippines, that the blockchain, is an “immutable ledger” and that “(f)alsifying a single record would mean falsifying the entire chain in millions of instances. That is virtually impossible”. This characterization of the blockchain is actually factually and technologically false.

In the early days of Bitcoin, many of its proponents have waxed poetic about the ultimate security provided by mathematics. It was thought that by relying on cryptographic hashing using strong modes of encryption, like the Elliptic Curve Cryptography, the future of the blockchain, particularly Bitcoin would be secure.

As it turns out, developments in quantum cryptanalysis can render this security false and baseless. For example, let’s say a Bitcoin private key number, which is crucial for the owner of the bitcoin to claim the bitcoin and encash its value, is secured by the Elliptic Curve Digital Signature Algorithm. The exact permutation of this private key number is hidden in a combination of numbers, the total of which is, let’s suppose, one quattuordecillion (10⁴⁵). How in the world can anyone guess the permutation of the private key unless stealing it from the owner or making the owner share or divulge it under duress or some form of magical seduction or thru Wonder Woman’s lasso?

Well, there will be a time when quantum computers, that operate on qubits, which hold more than the binary bits that ordinary computers work on, can actually crunch the exact numbers, because they have computational powers that not even supercomputers currently possess. Several developments in 2020 from leading IT companies like IBM, Google, etc. have led to the realization that such a reality of quantum supremacy may not be farfetched or far off. This has led some to actually posit and work on the development of “quantum blockchains”.

Aside from the dangers posed by quantum cryptanalysis that quantum computers in the near future can do, blockchains like Bitcoins and Ethereum are also not immune from being “forked” which can result in several versions of Bitcoins and several versions of Ethereum existing at the same time. I have explained in my lectures how this can happen.

Bitcoins have undergone several “hard” forkings in the past, which meant that changes are made to the Bitcoin software that changed the previous rules, and these changes are incompatible with those rules. These forkings have resulted in the splitting of the Bitcoin blockchain into two, with one half going in one direction and the other half going in the other. For example in August 2013, Vitalik Buterin, the founder of Ethereum noted that “(s)tarting from block 225430, the blockchain literally split into two, with one half of the network adding blocks to one version of the chain, and the other half adding to the other” and “(f)or the next six hours, there were effectively two Bitcoin networks operating at the same time, each with its own version of the transaction history”.

Forking or splitting of the blockchain can also come from computer hacking. Ethereum, Bitcoin’s closest competitor at the time when the attack in 2016 happened, lost depending on the source from US$55 to 101million from the hack that exploited a loophole in the smart contract code of its decentralized autonomous organization (DAO). The computer hacker/s found a bug in the code of the Ethereum wallet which let them control the entirety of the wallet. What did Vitalik Buterin do after the attack? He reset the Ethereum code to the date prior to the attack and locked the stolen digital currency “ether” in a digital escrow fund to prevent the hacker from cashing this ether, and to return the stolen ether to the owners. The resetting of the Ethereum code effectively created a new blockchain. A minority who viewed the resetting of the code as invasive and unwarranted continued to use the old Ethereum blockchain, which is now known as “Classic Ethereum”. Buterin’s new Ethereum, which effectively did not acknowledge the theft of the ether is known simply as “Ethereum”.

Also, blockchains like Bitcoins and Ethereum are not immune from the 51% problem, which can arise when some mining pools or those who engage in the verification of blocks in exchange of mining fees, either in Btc or ether, gain so much power that they are able to control 51% or more of the entire mining power. This can give them the ability to falsify transactions and double spend their cryptocurrencies, i.e., use the same cryptocurrency twice for different transactions, which are not allowed. This has happened to Ethereum as recent as in 2019 and 2020.

All of these instances show how a blockchain patterned after Bitcoin or Ethereum, which is what the Explanatory Note of Rep. Salceda appears to be endorsing, face real perils that threaten the integrity, authenticity and reliability of the content or data of the blockchain and their provenance.

Lastly, there is also the issue of privacy. The Explanatory Note of Rep. Salceda mentions that a blockchain can effectively boost Anti-Money laundering investigation and prosecution, and Know Your Customer (KYC) practices by banks. How so? It does not explain. The Bill does not either. KYC disclosures simply cannot happen if a blockchain that is adopted is based on the Bitcoin model which became the most popular cryptocurrency precisely because it assured the users of their privacy and the security of their identities in the conduct of their transactions. Again, with respect to Rep. Salceda and his team, the Explanatory Note and the Bill itself deserve a bit of fine tuning, and also a nuanced and deep appreciation of the real lessons that have surfaced so far in the implementation of blockchains and DLTs in different parts of the world. Such are needed for them to have any effective guidance for government agencies, which the Bill targets as implementers, in the event it becomes a law.

Philippine Lawbytes 187: The Erroneous Appreciation of the Nature of the “Blockchain” and its Characteristics in the Blockchain Technology Development Act of the Philippines, Hb 7864, Oct 12, 2020 (Part 1), Copyright by Dr. Atty. Noel Guivani Ramiscal

In the final quarter of last year, the Philippine House bill on the “blockchain” was introduced in the House of Congress by Representative Joey Salceda, as House Bill 7864, or the “Blockchain Technology Development Act” for the 18^th Congress. It was first read last October 15, 2020, and as of today, March 1, 2021, it has been pending with the Committee on Information and Communications Technology.

I have held off commenting on this bill because I was waiting for the significant government agencies, government officials and the so-called experts on this area from the private sector to issue any statement concerning the bill. But five months have passed, and there’s only deafening silence.

There is also one important undertaking by the Securities and Exchange Commission (SEC) that has been on their table since 2018, and that is their Draft Rules on Initial Coin Offerings (ICO) which directly involves blockchains. The last time I checked, their draft is still a draft, and there appears to be no clear timeline as to when SEC will release it. As of today, SEC does not list any ICO Rules in the pertinent portion of its website (https://www.sec.gov.ph/laws-rules-decisions-and-resolutions/rules/).

Rather than giving the gist of some of the short bill’s provisions, which is what some newspapers and industry blogs have done, I would delve on the nature of the bill, which is about “blockchain” and its understanding by the drafter, Rep. Salceda, contained in the “Explanatory Note” which actually informs the construction and interpretation of the bill’s provisions. This is important in looking at the “legislative intent” or spirit behind this bill, if it ever becomes a law and the validity of its provisions is questioned in the Supreme Court.

For those of you interested in the Bill’s actual provisions and the Statement of Rep. Salceda, you can download it here: https://www.congress.gov.ph/legisdocs/basic_18/HB07864.pdf. I have decided to do this because the ultimate aim of the Bill is to actually adopt a blockchain type for the management of government records. 

Rep. Salceda’s explanatory note begins by saying that “(d)istributed ledger technology (DLT) or “blockchain” has immense potential as a records-keeping and data management system for large and complex institutions, such as the Philippine government”. What is wrong with this statement? It equates “blockchain” with DLT. Furthermore, the characterization of Rep. Salceda of the blockchain as a “time- stamped series of immutable records of data that is managed by a cluster of computers not owned by any single entity. Each of these blocks of data (i.e. block) is secured and linked to each other using cryptographic principles (i.e. chain)” denote and connote a particular blockchain, the Bitcoin, which I have written and lectured on many occasions. In fact his Explanatory Note referred to the use of the blockchain in “cryptocurrency” due to the same stated features.

As I have always mentioned in my lectures for lawyers in the Mandatory Continuing Legal Education (MCLE) seminars that I have been privileged to give through various MCLE providers, blockchain is just a form of DLT, while DLT is not limited to, nor comprised only of blockchains.

A DLT is essentially a ledger or a database of records, facts, data that is distributed to different places or sites anywhere in the world. It is in this basic sense “decentralized”. But the validation of the data requires a consensus system, the type and complexity of which can vary, depending on the nature of the DLT.  

The blockchain is a mere specialized example of a DLT, and shares in the decentralized feature of the DLT, since it can be accessed anywhere in the world as long as there is internet connection and the user knows where to actually go online. But it varies from the general DLTs because the transactions comprising each block that is appended to the chain require cryptographic hashing done by pools of “miners” in case of Bitcoin. Verification per block requires different types of consensus mechanisms, like proof or work, or proof of stake, which involve serious brute force computational power and electricity consumption. These complicated systems of verification are not required nor used in all DLTs.

Furthermore, a blockchain like Bitcoin is basically permission less. This means that anyone in the world can look it up online, and even download the entire ledger of a particular Bitcoin form, from its genesis to the most current block and can participate in the consensus mechanism. In contrast, some DLTs have authorized nodes that are the only ones granted permission to validate new data, with the use of cryptography. They are in this sense “permissioned”. That is such a big difference in treatment if one is going to roll out a Bitcoin type of blockchain, or a permissioned form of DLT to deal with for example, the whole ID system of over 110.5 million Philippine citizens!

With respect for Rep. Salceda and his team, who are evidently doing the best that they can to grapple with challenges that technological innovations bring, the Bill itself and the Explanatory Note should make clear that there are different types of DLTs. It must also be emphasized that a cryptocurrency blockchain model may not be the sole nor the best type of DLT for agencies that are seeking to put data in decentralized databases that are secure and accessible to the general public.

Philippine Lawbytes 186: A “Rapid Dive into AI” at the Carnegie Mellon University Master Class on Artificial Intelligence (AI), Copyright by Dr. Atty. Noel Guivani Ramiscal

Today, February 26, 2021, I had my first Masterclass on “AI and the 4^th Industrial Revolution” that is offered as part of a series of Masterclasses by the Carnegie Mellon University in Adelaide, South Australia. What is so good about this is that I attended the class within the security of the hinterlands of Laguna, via Zoom, without costing me anything. It was extended to me as an invitation by the Australian Alumni Communities Philippines.

Introduced by Prof. Emil Bolongaita, the discussant Dr. Zbiegniew Zdziarski or “Zig” is an AI consultant and a Google certified Data Engineer Professional and Data Engineer Trainer. He gave us the gist of the 1^st to the 4^th Industrial Revolution, and situated AI amongst the different types of disruptive technologies that include IoT, augmented and virtual realities, robotics, drones and 3D printing. He left out blockchain which would be discussed in a different Master class by a different speaker. Due to time constraints, of course he could not discuss much of these technologies but he gave us effective examples that illustrate why these technologies can both be boons and banes to humankind.   

Dr. Atty. Ramiscal’s screenshot picture of Dr. Zig as he lectured via Zoom last February 26, 2021 in his AI Master Class at CMU Australia

What interested me most were his discussions on 3D printing, robotics, drones and AI. On 3D printing, he  gave us examples of the creative ways 3D printers with the right polymers or “ink” have been used to produce useful products that are customized, from dentures, to guns, to a Guinness World Record Holder boat. He also showed us the projection by ING that a boom in 3D printing could reduce global trade by 40% in 2040. I have lectured on 3D printing for various types of audiences, including lawyers in the Mandatory Continuing Legal Education (MCLE) series since 2016, in different parts of the country. I even introduced the concept and real life examples of 4D printing way back in 2017. So I know the conceptual and real life challenges of regulating 3D printed goods in medicines, human organs and food, which I made a focal part of my 3D and 4D printing lectures.

Dr. Atty. Ramiscal’s screenshot of Dr. Zig’s slide on disruptive technologies, copyright belongs to Dr. Zig, CMU A and PWC

The portion on drones and robotics were fascinating. He showed us how drones can be utilized for good, by various industries, like banks and couriers to deliver packages. He also talked about this “deliberately” for profit organization called DroneSeed which utilizes drones to reforest burnt or “dead” acres of land destroyed by fires and climate change. Not only is the process safer, but the results are quicker and on point. We all know that robots are to a certain extent the bane of human workers. Dr. Zig showed a report from BBC News which showed that robots will replace 20 million factory workers by 2030. But this just goes to show that humans need to upgrade or change their skill set or be more creative so as not to be left in the dirt. Robots can be more efficient particularly in jobs that are hazardous for humans like mining. They can also be entertaining. The clips from BostonDynamics which show robots fooling around, dancing and doing aerial stunts are a hoot! He also showed how tiny microbots can be inserted into humans to cure them of diseases and other ailments. To these I commented, “so drones can deliver vaccines, robots can inject them and microbots can get rid of pandemic viruses” to which Dr. Zig smilingly replied “yes, that solves everything”.

Dr. Atty. Ramiscal’s screenshot of Dr. Zig’s slide on OpenAI, copyright belongs to Dr. Zig, CMU A and OpenAI

The AI technology that had me amazed and amused is that developed by OpenAI called GPT 3 (which from my research stood for “generative pre-trained transformer”). As Dr. Zig pointed out this was developed from Natural Language Processing. OpenAI claimed to have made GPT-3 as an autoregressive language model with 175 billion parameters. It can translate, answer questions, do tasks that require on-the-fly reasoning or domain adaptation, such as unscrambling words, using a novel word in a sentence, or performing 3-digit arithmetic (Language Models are Few-Shot Learners, Tom Brown et. al, https://arxiv.org/abs/2005.14165). One college student used it to show that it could write an article that could pass off as being written by a human. The example that Dr. Zig showed us which caught my attention was the experiment done by feeding a simple sentence to GPT-3 and asked it to translate the sentence to a legal claim. This is how it went:

Plain language: My apartment had mold and it made me sick.

GPT-3’s Legal language: Plaintiff’s dwelling was infested with toxic and allergenic mold spores, and Plaintiff was rendered physically incapable of pursuing his or her usual and customary vocation, occupation, and/or recreation.

This had me comment that lawyers, poets, writers or anyone who makes their living from writing can be replaced by AI. But Dr. Zig was quick to point out that it can’t happen to anyone who is any good at writing because these machines by themselves are “dumb”, and humans have a more profound existence.

Last year I wrote about predictive algorithms that are being used to help judges decide cases and other matters of consequence to human life. What Dr. Zig said is an affirmation of a truth that I have always held, that algorithms and computers do not, and cannot hold the power to define any human life.

With that, I would like to thank Dr. Zig for making my afternoon quite fun amid these unusual times. The information was just enough to sustain my interest and I did learn some new facts. Thank you for the generosity and amazing foresight of CMU Australia for opening their Master classes to the world beyond their borders.  

Till the next Master Class!

Philippine Lawbytes 185: Parting Shot in the COMELEAK Hacker Case (Part 4), Copyright by Dr. Atty. Noel Guivani Ramiscal

Mr. Paul Biteng has consistently maintained that he informed COMELEC by an email through its website regarding the vulnerabilities he found on the COMELEC website, specifically the Precinct Finder, through Structured Query Language (SQL) injections. Even in his interview with “Tech in the Province” last November 23, 2020, posted in YouTube, he was adamant that he gave that email, but the COMELEC never responded. He posited that it was because of that email, that he was the one arrested last 2016 for the COMELEAK hacks.

The surprising thing in this case was the revelation by Atty. Alcantara that the defense was not given access to the electronic evidence in the e-devices and Mr. Biteng’s Gmail account that the law enforcement agents seized.

The production and presentation of the email message was crucial to the cases and should have been done by the law enforcement agencies and the prosecution. The email message should not only have contained the actual content but all the metadata that is present in the Gmail account of Mr. Biteng that was seized by the NBI. All emails will contain in their metadata the originating IP address and the destination IP address. These are automatically generated in email systems. The examination of the IP addresses was crucial so as to establish if COMELEC lied about not getting the email warning of Mr. Biteng, or if Mr.Biteng was actually telling the truth.

Access to the e-data, particularly in the email account of Mr. Biteng was crucial to his defense, because it could prove exculpatory. Thus, the State’s refusal was legally unwarranted and actually defeated the right of the accused to present a proper defense. Access to e-data by the accused that is in the sole custody of the State, is a fundamental component of the accused’s constitutional right to Due Process.

There is also the fact that one of the e-devices that the police had in their custody, which definitely did not belong to Mr. Biteng, had an IP address that was confirmed by a DOST ASTI expert to have been assigned to the NBI. This alone is sufficient to raise doubts about the charges against Mr. Biteng, and actually give credence to the belief that Mr. Biteng was just a “fall guy”.

And most importantly, it must not be forgotten that the cybercrime cases charged against Mr. Biteng stem directly from the Data Privacy violations that the National Privacy Commission (NPC) adjudged the COMELEC, in particular, one of its former top officials, Juan Andres D. Bautista, to be guilty of, and has in fact, recommended his criminal prosecution to the DOJ.

The NPC decision on the COMELEC data breach underscored Mr. Bautista’s “lack of appreciation” of the principle that data protection is more than just implementation of security measures. The decision decried “(t)he lack of a clear data governance policy, particularly in collecting and further processing of personal data, unnecessarily exposed personal and sensitive information of millions of Filipinos.” The NPC unequivocally stated that a “head of agency making his acts depend on the recommendations of the Executive Director or the Information Technology Department amplifies the want of even slight care. The duty to obey the law should begin at the top and should not be frustrated simply because no employee recommended such action”. Thus, the NPC concluded that the “wilful and intentional disregard of his duties as head of agency, which he should know or ought to know, is tantamount to gross negligence”.

The NPC decision cited Mr. Bautista as having “violated the provisions of Section 11, 20, 21 and 22 in relation to Section 26” of the same law. Section 26 of the Data Privacy Act, which penalizes accessing sensitive personal information due to negligence, imposes imprisonment from 3 to 6 years and a fine from P500,000 to P4,000,000. Section 36 accords additional penalties when the offender is a public officer, consisting in the disqualification from public office for a period equivalent to double the term of criminal penalty” [see In re: Investigation of the security incident involving COMELEC website and/or data processing system, NPC Case No. 16-001, 28 December 2016].

Given all these facts, it would be reasonable to ask why did the State expend valuable government resources including the Judiciary’s, prosecuting Mr. Biteng for three years, the person who is apparently the most innocent of all in this matter, who merely warned the COMELEC?

But the ultimate issue that needs clarification is, what has happened to the NPC recommendation that the disgraced and impeached (by the House of Representatives) Mr. Bautista be prosecuted for the alleged data privacy violations he committed against the personal identifying information of the Philippine electorate he allegedly failed to safeguard? There appears to be no current news about his prosecution or trial for what the NPC had characterized then as “the worst recorded breach on a government-held personal database in the world”.

Philippine Lawbytes 184: The Evidentiary Lessons in the COMELEAK Hacker Case (Part 3), Copyright by Dr. Atty. Noel Guivani Ramiscal

Let’s break down the evidentiary lessons in the Biteng case.

Making a hacking video tutorial is not a crime (not yet anyway). Hacking videos made by computer technology professionals and amateurs on just about any electronic or computing device, software or hardware, without any criminal purpose, and nothing more, cannot be an indication of criminal activity or a malicious will. Hacking videos perform an essential service to the DIY industry, and they are great tools for those finding their way in the field of cybersecurity. I have relied on countless YouTube hacking videos from fleecing the most valuable parts of damaged computers, to re-pairing my Jabra speak 710 to my Jabra Link 370 to save me needed resources.    

In the same vein, posting videos, or holding or administering social media accounts, unless these are supported by other pieces of related, relevant pieces of evidence compelling enough to remove reasonable doubt, cannot be the bases for conviction.

Then too, evidence of allegedly incriminating terms, website visits, net histories, either culled from laptops, e-devices or the Internet are not conclusive. I was asked about this during Mr. Biteng’s trial, and I gave myself as an example, being a legal advocate for LGBTQIA rights. A couple of years ago, I did extensive research on sexual reassignment surgeries (SRS), mostly online, including YouTube, and did actual rounds of inquiries for certain client friends of mine, of government agencies/GOCCs like the PhilHealth, SSS, Pag-ibig and BIR regarding the legal consequences of transitioning from one’s biological gender to the right gender.

As I expected, transgendered individuals in the Philippines have the least recognized rights and are the least protected in law. And as I suspected, but it still came as a little surprise, no matter what computer I used, mine or in internet cafes, anywhere in the Philippines, or abroad, the moment I log into my Gmail account, do my Google search and go into YouTube, harrowing accounts and procedures of SRS would greet me in YouTube. Gmail and YouTube are both owned by Google. This went on for about a year. This is a result of Google consolidating all my searches and my Gmail usage and creating a profile for me that is not my truth. I am not personally seeking any SRS, I am very happy with what God has biologically given me.

The general lesson in all these types of electronic evidence is important to remember. Profiling and triaging a person due to the videos they post, the social media account they maintain, their internet histories and a few terms and phrases found in the person’s computer or e-devices can be interesting, but may not be sufficient, or could even be wrong.

What is crucial in criminal cases involving cyberhacks are digital device identifiers that would connect the perpetrator with the actual device/s seized by the police, and the e-data contained in this/these device/s show that such person committed the actual crime charged with the use of the same device/s.  

This is where Atty. Alcantara and Judge Bunye-Medina asked me at length about the nitty gritty stuff regarding Internet Protocol (IP) addresses. I have already written extensively about IP addresses, please just look for the connecting links to this article. Suffice it to say that an IP address is like a house number. It tells special computers called “routers” where a message is going to, and coming from, just like the addresses on an envelope guide couriers and postal services. Every communication across the internet includes the IP addresses of both the sending and receiving parties. Due to its importance as a “locational” tool, IP addresses have been used by websites, social media providers, search engines, and a host of web applications to pinpoint the direction or location of users to provide localized content. And in criminal cases, IP addresses are also useful in providing the police an initial, albeit quite incomplete clue, as to where and what computing device was used to commit a crime, and possibly by whom. I talked about the different types of IP addresses that we have in the Philippines and I even told the good Judge how to find the IP address of a net connected device, say a mobile phone, by using Google search on that phone and typing “what’s my IP address.”  

I also informed the court about another type of device identifier, the Media Access Control (MAC) number, which I have also written about in the past issues of my blog. Both the IP address and MAC number are utilized by law enforcement agents in honing or zoning in on particular devices that appear to have been implicated in the commission of the crime, hoping to incriminate their owners or users as the perpetrators.

I stated to the court that by themselves, these IP addresses and MAC numbers would just be useless data. Judge Bunye-Medina asked me pointedly how these data could incriminate. The Philippines has no relevant jurisprudence on this matter.

Citing a Memorandum I made where I  did a study of the police procedures in several American cases, the facts may vary, but I told the court that there is a pattern where the police would seek to identify the IP address of an electronic device identified to have been possibly used in the commission of a cybercrime, correlate it with the MAC address, find the ISP or TELCO provider that serves the specific device, and subpoena the ISP or TELCO to provide the name and address of the particular subscriber connected with the device. The police would not stop there. They would do additional identity and background checks on the individual identified as the subscriber, before the police would seek a court warrant for the search and seizure of the electronic device.

In court, I told the good Judge and Atty. Alcantara that the prosecution must present relevant evidence showing the connection of the IP address and/or MAC number with the actual electronic device that was seized, provide evidence that the accused is the owner and/or user of such device, and finally give evidence that the accused actually used the device to commit the cybercrime. Absent these connections, the prosecution would fail.    

In Mr. Biteng’s case, the prosecution totally failed. They did not present any iota of evidence that tied Mr. Biteng to any device that was identified to have been used to commit the crimes charged against him. What is worse is that it was proven by the defense that one of the devices kept in custody by the police had an IP address that had been assigned to the NBI since 2015! This apparently meant, on its face, that such device was used by someone from NBI to possibly hack the COMELEC system.

The State, through the government prosecutors could not overcome the severe negative implications of this startling revelation for its cause. It must be emphasized that the State, through the police and the government prosecutors had full control and access to all the e-devices confiscated from the person of the accused, and then some. What exacerbates this is that Atty. Alcantara apprised me of the fact that the evidence these e-devices contained were not actually shared by the prosecution to the defense for the duration of the entire trial.  

Praise the heavens then for conscientious lawyers like Atty. Alcantara, who zealously fights for the rights of their clients; and informed and competent judges like Judge Bunyi-Medina (whom I do not know personally, having met her for the first time when I testified in her court) who rigorously apply the standard of evidence in criminal cases, including cybercrimes, and do not take the path of least resistance. We judge judges by their decisions. In this case, her decision which had been distributed to members of the media, revealed her commitment to upholding the rule of Evidence and the Law.

Philippine Lawbytes 183: The Dubious Evidence Presented Against the Acquitted Alleged COMELEAK Hacker (Part 2), Copyright by Dr. Atty. Noel Guivani Ramiscal

What were the pieces of evidence presented by the State against Mr. Biteng?

The National Bureau of Investigation brought to the court certain evidence they gathered when they profiled him. Amongst these were:

1. the alleged appearance of Paul Biteng’s name in a hacking video tutorial on YouTube, on a site associated with the Phantom Hacker Khalifax;

• Mr. Biteng was associated by the NBI with the hacker group Anonymous Philippines, allegedly as the administrator of its Facebook account;

• The moniker “kh4lifax” was supposedly visible on the defaced COMELEC website that Anonymous Philippines supposedly “owned.”

• A screenshot of the defaced COMELEC website supposedly appeared on the Facebook account of Anonymous Philippines;

• The NBI supposedly found the terms “kh4lifax” and “Comelec” on Biteng’s computer hard drive which they confiscated.

It must also be noted that aside from the social media and gmail accounts of Mr. Biteng, the NBI also confiscated the computer and electronic devices used by Mr. Biteng. But the device identifiers in these electronic devices had not been connected to Mr. Biteng, in the commission of the crimes he was charged.

THE COURT’S RULING:

The meat and gist of the Court’s ruling can be found in these portions of the Court’s decision which deserve to be quoted in full:

Nowhere in these videos and posts were it convincingly shown that accused defaced the Comelec website. In fact, the bulk of the evidence only sought to prove that accused posted 1. hacking tutorials prior to the commission of the subject offenses; 2. a screenshot of the defaced Comelec website; and 3. comments regarding the Comelec hacking incident.

In the mind of this Court, the commission of these acts, even if coupled with a finding that accused is the author thereof, cannot convincingly prove the latter’s guilt with the requisite quantum of evidence required. In the same manner, the Court cannot discount the possibility that the author of the said posts is a different person, who somehow accessed accused’s social media accounts.

Why did Judge Bunye-Medina posit the possibility of another perpetrator committing these offenses that Mr. Biteng had been charged and suffered for three years? The answer lies in the uncontroverted fact, established by the defense expert testimony from DOST ASTI, that an Internet Protocol (IP) address of one of the computers supposedly used in the commission of the offenses charged against Mr. Biteng, belonged to, and had been assigned to the NBI since 2015!

Philippine Lawbytes 182: The Case of the Acquitted Alleged COMELEAK Hacker (Part 1), Copyright by Dr. Atty. Noel Guivani Ramiscal

NOTICE AND DISCLAIMER:

As a general rule, I do not blog about the cases I have handled or been involved in some manner.  But certain cases become exceptions because the lessons they hold are too important and they deserve to be known in the public’s interest and the protection of the rights of accused, particularly those who are truly innocent.

Way back in 2016, COMELEC suffered the first major data privacy breach of its electronic systems that was made known to the public. Mr. Paul Loui Biteng was the primary suspect charged for hacking and defacing the COMELEC website, earning him the moniker of “COMELEAK” hacker. The cases against him have dragged for several years. In this connection, I was asked by his brilliant defense lawyer, Atty. Harold Alcantara to appear as a cybercrime law expert with respect to certain technical aspects of the cases, last October 29, 2019, in the Manila Regional Trial Court Branch 32, presided over by Judge Thelma Bunyi-Medina.

I did not plan on writing about these cases, but a journalist from a newspaper of general circulation already mentioned me in connection with these cases in a February 28, 2020 write-up, concerning the acquittal of Mr. Biteng. I then decided to write about the matter, particularly honing on the character of Mr. Biteng as a hacker, and the electronic evidence aspect, after I secured Mr. Biteng’s consent last March 9, 2020, via a phone call. But with everything that has happened since then globally and in our country, it is only now that I had the time to sit down and collect my thoughts on the cybercrime cases he was charged and acquitted by the Regional Trial Court.

ABOUT MR. BITENG: AS AN ETHICAL HACKER AND A ZERO DAY/BUG BOUNTY HUNTER

Due to the real time security issues posed by zero day vulnerabilities present in all software programs and online platforms that are run via source codes, big time IT companies like Microsoft, Google and Facebook have established bug bounty programs that offer fees or rewards to any hacker that can actually spot any security bug or zero day vulnerability in their products and websites that they do not know and report it to them, first.

This type of activity requires considerable computing skills, like penetration testing, from those who take up the challenge of becoming bug hunters. This is also a legitimate activity that has the express consent of the companies involved. Any intrusion into their computing systems by bug hunters is authorized.

Mr. Biteng has achieved fame and goodwill as a bug hunter. His contributions and achievements as an ethical hacker has been recognized by Microsoft [see https://microsoft.com/en-us/msrc/researcher-aclnowledgments-online-services-archive]. He was in fact designated as a “White hat” by no less than FaceBook [https://facebook.com/whitehat/thanks]. Among prominent internet netizens and members of the Philippine hacking community, he is highly regarded and even considered as “Unang Bayani” (First Hero) by some.

In using his computing skills for the benefit of securing the Internet experience of everyone who uses the products and platforms, for example, of FaceBook and Microsoft, Mr. Biteng has proven by his deeds that he has considerable skills that are recognized by global IT companies/leaders, and that he has used them responsibly. He is an embodiment of the characteristics of a “White hat”.

WHY IS THE CHARACTER AND ACTUATIONS OF MR. BITENG AS A HACKER IMPORTANT TO THESE CASES?

There were statements made in the media that he allegedly admitted to hacking and defacing the COMELEC website, but he also said that he made those admissions under duress because he was kept under detention by the police for one week. In court, he did not admit to committing the offenses. What he did admit to was that he warned the COMELEC about the vulnerability of its website.

Why did he do this? The reason was simple and uncontroverted. COMELEC, in its unhesitant declaration of absolute trust in its website offered a bounty of Php100,000.00 to anyone who can point to, and prove any security flaw or vulnerability in its website. COMELEC’s unequivocal challenge to all and sundry is a universal open invitation to hack/crack its website to uncover any flaws that can compromise its security and the data it contained. Mr. Biteng, being what he is, did what he had to do, as a white hat, to rundown the false security claims that COMELEC made to hype its claims about its IT systems. He reported the results of his SQL injections on COMELEC’s Precinct Finder to the COMELEC, to which COMELEC did not respond.

COMELEC’s challenge arguably constituted a “jail free” card or pass to hack its system, and any white hat worth his/her hat who took the challenge did not commit any crime, because his/her acts would not amount to “illegal access” under the Philippine Cybercrime Prevention Act.

Philippine Lawbytes 181: Why Ethical Hackers Can Be Considered Criminals Under the Narrow View of Ethical Hacking by the Supreme Court, Copyright by Dr. Atty. Noel Guivani Ramiscal

In the 2014 consolidated constitutional challenges to several provisions of the Philippine Cybercrime Prevention Act (R.A. 10175) [see Louis “Barok” C. Biraogo vs. National Bureau Of Investigation And Philippine National Police, G.R. No. 203299; Philippine Bar Association, Inc. vs. His Excellency Benigno S. Aquino III, in his Official Capacity as President of the Republic of the Philippines, et. al, G.R. No. 203501; Bayan Muna Representative Neri J. Colmenares vs. The Executive Secretary Paquito Ochoa, Jr., G.R. No. 203509; Disini, et. al, vs. The Secretary of Justice, et. al, G.R. No. 203335, etc., hereinafter “Consolidated cases”, February 11, 2014], the Supreme Court expressly dealt with ethical hacking. The relevant provision is the definition of “illegal access” which the law defined as “access to the whole or any part of a computer system without right” [R.A. 10175, Section 4(a)(1)].

The Supreme Court viewed “ethical hackers” as “professionals who employ tools and techniques used by criminal hackers but would neither damage the target systems nor steal information. Ethical hackers evaluate the target system’s security and report back to the owners the vulnerabilities they found in it and give instructions for how these can be remedied. Ethical hackers are the equivalent of independent auditors who come into an organization to verify its bookkeeping records. Besides, a client’s engagement of an ethical hacker requires an agreement between them as to the extent of the search, the methods to be used, and the systems to be tested. This is referred to as the “get out of jail free card.” Since the ethical hacker does his job with prior permission from the client, such permission would insulate him from the coverage of Section 4(a)(1).”

It is clear from this view that only hackers who are employed as security professionals, system penetration testers, and the like, who have express authorization to “hack” their clients’ systems would be protected and exempt from the coverage of R.A. 10175’s penal scope.

There are two observations that I must make here which are important in understanding how the Supreme Court’s limited conception of “ethical hacking” can actually harm or inflict unwarranted penalties on people with hacking skills who do not see their use of their skills as resulting in illegal results.

First, the Supreme Court’s characterization of “ethical hacking” does not clearly cover the actions of bounty hunters of bugs, viruses and zero day exploits who are not explicitly or implicitly allowed by the owners of websites, software and hardware that they target, to examine these.

Putting “ethical hacking” in the context of “employment” or consultancy contracts, which is the perspective of the Supreme Court, would not apparently cover the bug bounty programs that Microsoft, Google, FaceBook and other big time IT companies offer to everyone in the world. It would also evidently not cover challenges issued by government agencies, and private individuals like the famous Alex Lingad in the Philippine hacker community, to everyone and anyone to prove that they can hack or penetrate these agencies’ or individuals’ websites. Successful bounty hunters and hackers are rewarded for their singular exploits and shows of skills, and not because they are employees or consultants of these companies, agencies or individuals.

Second, what is absent from the Supreme Court’s discussion is the ascertainment of the intent of the hacker in accessing the computing systems of another. Indeed, R.A. 10175 does not appear to consider the intention of one who accesses a computing system without any right. Section 8 of this law provides:

Sec. 8. Penalties. — Any person found guilty of any of the punishable acts enumerated in Sections 4(a) and 4(b) of this Act shall be punished with imprisonment of prision mayor or a fine of at least Two hundred thousand pesos (Ph₱200,000.00) up to a maximum amount commensurate to the damage incurred or both.  

• a hacker without right, intentionally introduced a malware in the computing system to hijack it, and then extort Bitcoins from the owner of the computing system. 

The law punishes uniformly any form of online access “without right” which means that all forms of unlawful access, even if no damage was wrought to the computing system, and the motivation was simply of curiosity, or to help protect the computing system, are punished with prision mayor. It is only in the fines, where the distinction can be drawn, and this depends on the amount of “commensurate” damage that such unlawful access has wrought.

I had appeared in Congressional hearings prior to the passage of R.A. 10175, specifically, when I was formerly connected with a multinational educational system, and I had shared my view that the “intent” of the hacker, in cases of unauthorized access, must be given due consideration to obviate any inconsistency and injustice in the punishment and sentencing. This is all the more apropos considering criminal laws typically have a mens rea requirement. For instance, the “alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses” under the Philippine Cybercrime Prevention Act, actually requires evidence of either criminal intent or recklessness on the part of the offender (see (4)(a)(3) Data Interference, R.A. 10175). But such is not the case for “illegal access”.

Consider these types of hackers:

• a hacker, without right, who entered a computing system to find a bug, found it, and then warned the owner of the computing system to protect the system;

• a hacker, without right, who entered a computing system to introduce a patch to fix a security bug in the system, and fixed it, therefore actually protecting the system; and

Under R.A. 10175, and the Supreme Court ruling in the consolidated cases, all three hackers would be considered criminals, even if the first two hackers actually  performed a tremendous beneficial service to the owner of the computing system, while the third hacker actually stole the data of the computer system owner, and held it for ransom. The punishment must fit the crime, and it is on this point that R.A. 10175 fails.

Courts, who are instruments of Justice, Truth and Wisdom must be made aware of incongruities like these, so they can wield their tremendous power of Judgment in an informed compassionate manner and possibly help reform the legal system.

Philippine Lawbytes 180: Zero-Day Vulnerability and the Possible Responses of a Hacker, Copyright by Dr. Atty. Noel Guivani Ramiscal

Another important development that has made significant headlines in cybersecurity is the development, tracking down and sales of zero-day vulnerabilities. A zero-day vulnerability is an error in the programming code of computer software, unknown to the computer user, software manufacturer and anti-virus vendors, that can have destructive consequences.

These vulnerabilities or “bugs” arise because source codes of software are not perfect, having been written by humans. As these software products are deployed to the market, issues or bugs arise that need to be fixed by the developers through patches. But not all these bugs are made known to the developers, and the actions of those who discover these bugs before they are known to everyone would determine what hats they wear.

Black hats may exploit the vulnerability for malicious purposes, including infiltrating malware or spyware or allowing unwanted access to user information. They can keep the vulnerability, weaponize it, such that it can be designed to operate immediately with a payload that harms the targeted computing systems, and use it to wreak havoc or sell it for tremendous amounts of money.

White hats who discover the vulnerability would inform the developer either for free or for a fee and they may sometimes come up with patches to fix the bugs themselves and offer them to the developer.

Gray hats, who operate in the blurry boundaries of what is legal and what is not, may do something else. They may break into the computing systems that are susceptible to the zero day vulnerability, and apply the patch themselves. The intrusion is unauthorized, and therefore from the standpoint of the Philippine Cybercrime Prevention Act, illegal. But the result of the gray hat’s action is that it saved the computing system from the payload of a weaponized zero-day bug unleashed by a black hat.

This is not some far-fetched scenario. In the last quarter of 2018, a Russian gray hat has admitted to fixing a security vulnerability in over 100,000 Mikro Tik routers that allowed attackers to bypass authentication and download the user database file, which can then be decrypted and harvested for usernames and passwords. The Russian gray hat applied the fix himself without the knowledge and consent of the routers’ owners and “added firewall rules that blocked access to the router from outside the local network” to safeguard the owners’ networks. [A Mysterious Russian Grey Hat Vigilante has patched over 100,000 routers, October 12, 2018, https://www.thesslstore.com/blog/mysterious-russian-grey-hat-vigilante-patched-over-100000-routers/]. This is a Good Samaritan act, which the Philippine Cybercrime Prevention Act rewards with imprisonment and/or fine.  

Philippine Lawbytes 179: (Part 2) Knowing a Hacker by the Hat, Copyright by Dr. Atty. Noel Guivani Ramiscal

Hackers are further subdivided by their motivations, actions and designations in the hacker culture, particularly in the “hats” they wear or identify with.

White Hats or the Ethical Hackers

These hackers employ the same methods used by “crackers” or black hats in engaging in computer intrusions and penetrations but they differ from black hats in that their activities are allowed or permitted by the owners of computing systems they access. Often, these hackers are engaged as employees or consultants of the owners of computing systems, or they are research scientists or computer specialists that have gained fame for their exploits which they present in scientific conferences, or in competitions they participate in, around the world.

Examples of “white hats” include: Joanna Rutkowska, a cybersecurity researcher whose expertise is stealth malware, perhaps better known as rootkits, which can disguise itself in a computing system to exploit vulnerabilities. She revealed the vulnerabilities in the Vista kernel and the Intel Systems; Charlie Miller, a computer security researcher, who is best known for exposing vulnerabilities in Apple products like the MacBook Air bug, iPhone and iPad, and the Safari browser; and Kevin Mitnick, the former most wanted cybercriminal in the US, who has now reformed and turned into a cybersecurity consultant with a company that specializes in penetration testing and a zero day brokerage firm.

Black Hats or the Criminal Hackers

They utilize their extensive knowledge and social engineering skills with malice, to profit from their exploits of their victims. Black hat hackers can range from script kiddies who spread malware, to experienced crackers that aim to steal data, specifically financial information, personal information and login credentials, and/or to modify or destroy data for financial gain.

Examples include: Albert Gonzalez who has been accused of masterminding the biggest ATM and credit card theft in history; from 2005 to 2007, he and his cybergroup had allegedly sold more than 170 million card and ATM numbers, and in 2010, Gonzalez was sentenced to 20 years in U.S. federal prison; Vladimir Levin who transferred $10 million from the accounts of Citibank clients to his own accounts around the world and was captured; and Jonathan James, who at 16 years old, became the first juvenile imprisoned for cybercrime in the United States. He had hacked government systems such as NASA and the Department of Defense at the age of 15. On May 18, 2008, at the age of 25, James committed suicide using a gun [see Norton and Chandler Grant, Top 10 Notorious Black Hat Hackers, https://listverse.com/2012/05/08/top-10-notorious-black-hat-hackers/]

Gray Hats or the In-Betweens

Gray hat hackers, who are usually cybersecurity researchers, even academics, will look for vulnerabilities in a system without the owner’s permission or knowledge. If issues are found, they will report them to the owner, sometimes requesting a small fee to fix the issue. If the owner does not respond or comply, then sometimes the hackers will post the newly found exploit online for the world to see. If they are academics, they can present their findings in conferences, risking prosecution. Their activities are not generally malicious, but because they get their information without permission from the owners of compromised systems, under the Philippine Cybercime Prevention Act, their unauthorized access is still illegal.

Philippine Lawbytes 178: (Part 1) The Different Types of Computer Hackers, Copyright by Dr. Atty. Noel Guivani Ramiscal

Cybercrimes are on the rise, amid the global pandemic, where most people are constrained to rely on the Internet to procure the basic necessities they desire, do their shopping, pay their bills, and basically do everything that they can do electronically, to avoid going out of their homes. Reports have been circulated by IT security firms and research entities concerning the exponential tick in data breaches and fraud crimes during the lockdowns. The Bureau of Internal Revenue even came out with a warning last October 26, 2020, concerning an online phishing scam circulated to trick unwary taxpayers of clicking on links on a fraudulent BIR website and revealing their usernames and passwords, thinking they were using the BIR e-services.

I had been asked several times in the past, particularly in my lectures, as to the types and motivations of different computer hackers. It is high time to state what they are.

1. Script-kiddies

These are people who are starting out with limited programming knowledge, so they utilize software tools available online to exploit security weaknesses in the sites and systems they are targeting, often without even knowing exactly what they are doing. The computer attacks they muster are often considered nuisances like website defacement. But it would also be wrong not to lookout for their kind because some of them do graduate to become skilled hackers, crackers, maybe even cyberterrorists.

2. Hackers

This group consists of people with more than adequate and even sophisticated programming skill sets that allow them to design intrusion programs and penetrate some of the most complex security systems. There was a distinction drawn between the motivations of these people and their actual actions.

Hackers are often drawn to computer intrusions out of curiosity, pride, feelings of power, camaraderie with other hackers, and even voyeuristic attitudes, in actually being able to uncover secrets and information on their targets, which are not known by the public.

For others, the adrenaline rush of hacking is so strong as to be addictive like any physical opioid. There is the case of British hacker, Paul Bedworth, who was the first person to be tried under the UK’s Computer Misuse Act. He successfully raised addiction as a defense. Bedworth was so pathologically beholden to hacking that he would lock himself in his room and stay fixated on his computer for days until he dropped from exhaustion.

3. Crackers and Cyberterrorists

Crackers on the other hand hack to profit from their computer crimes, although they may also be enamored with the conquest of breaking into supposed secure systems. They can be dangerous and include those who attack computer systems for personal profit, economic espionage, write viruses, hijack computing systems for extortion purposes.

Cyberterrorists are grouped with crackers because they share similarly malevolent purposes, but crackers are different from cyberterrorists in terms of purpose. Crackers are out for their personal gains, and they usually work alone. Cyberterrorists are imbued with political, often radical agenda, they intend to sow fear and destruction on their victims, and they often work in groups that are supported by States. However, it is also true that these cyberterrorists can also be trained or mandated by the Sponsor State, to target big commercial companies and States for their intellectual property secrets and other valuable electronic assets and information, not for the purpose of sowing fear and destruction, but for enriching the dollar reserves and coffers of the Sponsor State.

In knowing the type of cyber attacker that launched an attack, law enforcement agents and governments can tailor their response. And in the age that we live in, such response can vary, from criminal prosecutions and incarcerations to mere diplomatic protests.

Philippine Lawbytes 177: Empathy, Ingenuity, Technology, in Full Display at the Philippine Australian Alumni Network Summit of 2020, Copyright by Dr. Atty. Noel G. Ramiscal

Last Saturday (December 19, 2020), I got the opportunity to join an especial event that the Philippine Australian Alumni community brings together annually. It is the Philippine Australian Alumni Network Summit, with the theme “Innovators and Influencers: Making an Impact to Recovery,” held of course, via Zoom, complemented by Howspace, Canva and Sli.do.

Dr. Atty. Noel G. Ramiscal donning the black Tudor velvet bonnet with 2 red silk tassels for a UQ Ph.D holder

Dr. Atty. Noel G. Ramiscal in his UQ garb with the hood in rich blue silk and black trencher with black tassel for his Master of Laws Advanced degree in 2000

Since I have not been to these gatherings in several years, and my sojourn in Australia for about seven years have left my “wanderlusting” self, nostalgic, I thought it would be great to commune with fellow Australian alumni, for a few hours, without leaving the hinterlands of Laguna.

Ms. Milalin Javelana, the Program Director of the Australia Awards and Alumni Engagement Program Philippines or AAAEPP (the entity that organized the whole event), kickstarted it by introducing the Australian Ambassador to the Philippine, His Excellency Steven Robinson AO. He, as we learned had been a friend to the Philippines for several decades, opened the event with the right mix of somberness and Aussie good naturedness. 

The current Australian Ambassador to the Philippines, His Excellency Steven Robinson AO

Mr. Donald Lim, the CEO of DITO CME, and a former executive of ABS-CBN, gave a comprehensive overview of how the pandemic has affected businesses all over the world and the Philippines. He gave insights on how businesses can survive and thrive by embracing the changes and adapting their business models and technologies to the new normal, using as an example, one of his family’s businesses, the Family Mart on wheels.

Mr. Patrick Lim, CEO of DITO CME

Ms. Joji Pantoja, the CEO and President of Coffee for Peace (CFP), gave a vivid example of how a seemingly ordinary product, coffee, can lead to peace, and economic emancipation for small indigenous communities and families in Mindanao. She, with her husband and their organization based in Canada, gave training not merely in coffee production technology, but also conflict management to the families they selected. The success of their “Kapeyapaan” venture was recognized internationally in Norway this year when CFP won the Oslo Business for Peace Award. As an avid coffee drinker, to the point when my urine would sometimes smell like coffee (lol), I cannot wait for the day when I can walk up to Ms. Joji’s coffee shop in Davao City and imbibe shots of their renowned Malipayon Honey Arabica brew!

Ms. Joji Pantoja, CEO Coffee for Peace, Inc.

The core of the event came next. The Innovators and Influencers Forum were led by three brilliant, articulate and beautiful women who are all successful in their fields, who shared with the alumni their passion, principles and perspectives on innovation and success. The panel was effectively moderated by Mr. Kim Patria.

Three brilliant, beautiful, influential innovators: Ms. Ace Gapuz, Ms. Marga Nograles and Ms. Cherrie Atilano

Ms. Ace Gapuz, the CEO of Blogapalooza Inc., talked about how social media and internet innovations have shaped the way information was created and disseminated by influencers all over the country, particularly during the pandemic. She shared two important tips to the success of being an influencer: be open and know the cultural dynamics of one’s target audience.

Ms. Marga Nograles, the CEO and founder of indigenous fashion dynamo, Kaayo Modern Mindanao, related how her burgeoning empire started with two indigenous women she hired to create some of her personal pieces, and then blossomed to such an extent that the husbands of the women she contracts with, want to go in the beading industry to make more money. She stated that the pandemic showed the value of repurposing indigenous materials and making them into face masks and personal protective equipment, some of which the company donated to frontliners.

Ms. Cherrie Atilano, the CEO and President of AGREA International, is a multi-awarded champion of food security, and a real farmer. Her personal commitment and professional life are centered on making the Philippines a sustainable food producer for its people first, and then the world, guided by the principles of no hunger, no food waste and no insufficiency. These were tested when the pandemic hit and there were national shortages on vegetables. She revealed that they instituted a program, that began in her own kitchen, where usable portions of vegetables that are about to spoil were saved and used to create meals that sustained communities. This initiative won an award in Brazil. One thing that stuck with me is her passion to change the narrative of farming, from one of dirt and drudgery, to being educated and “sexy.” And why not? Producing food that fuels Life, is more than sexy. It is necessary. And just by looking, hearing and learning from her, farming/farmers can indeed be glamorous.   

All the speakers at this summit, apart from being creative and ingenious in their fields, exhibited one very important trait, that is also a theme that ran through all their speeches and answers: empathy. Each of them, in their unique and purposeful ways, demonstrated compassion, generosity, and understanding for the plight of others during this pandemic, and adapted the knowledge and technologies they have, to answer some vital and crucial needs of the communities they serve. They are truly inspirational!

Five and a half hours passed by like a breeze.

Kudos and big Love to all the AAAEPP staff and volunteers, the technical personnel who seamlessly maneuvered over 190 participants to each of our respective Communities of Practice (CoP), during the breaks, the host, Ms. Bea Almoite, and moderators, the sponsors, and the Alumni talents that passionately serenaded us after the talks. It was truly worth the Time. Deo Gratias!

Philippine Lawbytes 176: Teens and Technology: The 2020 Kid of the Year and the Teen Candidate for the Patron Saint of the Internet (Part 2), Copyright by Dr. Atty. Noel Guivani Ramiscal

In December 3, 2020, the 15 year old multi-awarded scientist Gitanjali Rao from Colorado, U.S.A. was chosen by Time, as the Kid of the Year, in conjunction with Nickelodeon. Born a year before the Blessed Carlo Acutis died, Rao was selected from over 5,000 teens in the U.S. whose accomplishments in their young lives, have come to actually influence the way our future would be shaped and (hopefully) made.

Gitanjali, like Carlo, had early on figured out what her passion was. For Gitanjali, it was in the different fields of science and technology, and channeling the principles and discoveries in these fields to create and invent practical solutions to real world issues. She said in her Tony Burch Foundation interview that one of her earliest inventions was a device to detect snake bites.

But her claim to fame laid in her interest in carbon nanotube sensor technology, which comprise of molecules that can detect chemicals. This technology had been used by MIT for solid objects, so she, at the age of 11, applied what she learned from MIT to water, to detect the presence and levels of lead in it, following the horror story in Flint, Michigan, where lead poisoning had occurred due to the fact that over 9,000 lead service lines are used to transport water from main pipes to the homes of residents. She developed a device called Thetys (named after the Greek Goddess of fresh water), using the carbon nanotube sensor technology, paired with Bluetooth and a mobile app, that can detect and publicize the levels of lead on the water tested. The device is cheaper, reliable and faster than any of those found in the markets all over the world.

Gitanjali Rao, from screenshot of MSNBC interview

In her interviews with Time, tv stations and newspapers, she said that she is interested in genetics, and she is currently at work in developing a product to diagnose prescription ¬opioid addiction, and in detecting biocontaminants like parasites in water. Like Carlo, Gitanjali abhors cyberbullying. She has developed an app in its Beta stage called “Kindly” which use natural language processing and adaptive artificial intelligence to monitor speech. Once downloaded by a user in an e-device like a smartphone, it will read all the text entered into the device and search for trigger words of threats or bullying. Once spotted, the app will flash a warning sign and block the user from sending the text.

Getting to know these amazing teens’ achievements and their steadfast commitment to their visions have brought grateful tears and a wellspring of Faith in my heart. One very important thing that connects them is their selfless passion for sharing. The Blessed Carlo Acutis devoted his entire young life to serve others as he served God, whether it is on a one-on-one basis with a person in need or in the Internet. Pope Francis said that he “did not ease into comfortable immobilism, but understood the needs of his time, because he saw the face of Christ in the weakest. His witness indicates to today’s young people that true happiness is found by putting God in first place and serving Him in our brothers and sisters, especially the least”. (https://www.catholicjournal.us/2020/11/12/blessed-carlo-acutis-an-example-to-be-emulated/).

Gitanjali Rao’s pioneering and saving works are equaled not only by her humility, but also by her generosity of Spirit, Knowledge and of her Time. She told Time magazine (December 14, 2020 issue) that she has partnered with rural schools, STEM organizations and museums around the world to run innovation workshops to help young students develop their own inventions and she has mentored over 30,000 students. She has stated that “(m)y goal has really shifted not only from creating my own devices to solve the world’s problems, but inspiring others to do the same as well…Because, from personal experience, it’s not easy when you don’t see anyone else like you.”

I would like to wish you all a Very Meaningful, Secure and Loving Christmas! May the incoming New Year Grace Us with Love, Redemption, Strength, Courage, Great Health and Prosperity!

And may our world continue to be blessed and enlightened with more teens, more people like Carlo and Gitanjali, who are Originals in their own, but Kindred in Spirits, Minds, Hearts, and Deeds.

Philippine Lawbytes 175: Teens and Technology: The 2020 Kid of the Year and the Teen Candidate for the Patron Saint of the Internet (Part 1), Copyright by Dr. Atty. Noel Guivani Ramiscal

This 2020 has been a year that many people would probably want to forget. YouTube officially cancelled its annual “Rewind” tradition for 2020, because it has “been too much”. In the November 15, 2020 season finale of the “Last Week Tonight with John Oliver,” a show that I have come to appreciate, Oliver literally blew up “2020” in a segment called “*uck You 2020”.

But 2020 also showed us Faith and Hope in two very significant ways.

In October 10, 2020, a fifteen year old who died in 2006 was sanctified as the “Blessed” Carlo Acutis in a very moving ceremony in the Basilica of St. Francis, Assisi, Italy. Hagiographers have rightly justified the astounding values and virtues he practiced in his very short life. His deep commitment to the Eucharist and great devotion to Jesus Christ and the Saints were not mere religious affects, but formed the core of his understanding and appreciation of people. He had always sought to serve in the very ways he was led to serve, like picking up trash on his dog walks, teaching younger kids catechism, buying a homeless man a sleeping bed with his own savings, befriending and helping the friendless, immigrants, working people whose lives are so different from his privileged one.

The Blessed Carlo Acutis from carloacutis.com

But one important thing that struck me was his passion and skills for technology and the internet and how he used these to bring the Word of Faith in the Eucharist to many areas in the world that he will never get to visit. At 11, Carlo already had gained skills in creating websites and film editing. He started researching and cataloguing over 130 miracles of the Eucharist, or the process called transubstantiation, where the chalice or the bread and wine offered by the priest during the Eucharistic prayer, were changed into the heart (or piece of it) and blood of Jesus Christ. He turned his research and work into an outstanding exhibit made of 160 panels of historical data and pictures about these miracles. These panels had been displayed in many parts of the world that he did not get the chance to visit. These found their way into the Internet, with the panels being downloadable for exhibit in churches and universities, and anyone interested for that matter.

In the televised ceremony of his beautification as a Blessed, his mother stated that he believed that the Internet can be the atomic bomb for Love or evil. He rejected cyberbullying. One of his unforgettable insights is that all of us are born originals, but many turn out to be photocopies. It is a searing understanding of how the Internet, social media and other forms of technologies have brought about mass consumerism that brings soulless conformity.

Carlo refused to be a photocopy. He held onto his vision of the Infinite, to the God and Heaven of his faith, and moved on victoriously. An original.

Philippine Lawbytes 174: How Technological Ignorance and Incompetence of Prosecutors and a Judge Led to the Conviction of an Innocent Person, Copyright by Dr. Atty. Noel Guivani Ramiscal

As we move onto another decade, and new technological challenges, it is time to recount one of the most unknown and one of the saddest travesty of justice in the history of Information Technology. Early this millennium, Computer systems administrator Bret McDanel, worked for Tornado, a company that supplied email and voicemail accounts. He discovered a security flaw in his company’s software which made their customers’ accounts vulnerable to hacking. He warned his managers, but they ignored his pleas. He resigned but he was still allowed to keep his email account and send email through this account.

Upon learning that the company had not fixed the flaw even after he left, he decided to email 5,600 of Tornado’s customers to alert them about the vulnerability. Tornado responded by trying to delete McDanel’s email from the accounts of their customers! It shut down the system and finally plugged the security hole. But Tornado also went to the US Attorney Office and was able to convince them to prosecute McDanel under the Computer Fraud and Abuse Act in the theory that McDanel’s 5,600 emails overloaded their server and that email somehow “damaged” the Tornado’s email system because of the warning!

Bret McDanel from wired.com

To be clear, the security flaw observed by McDanel was fairly obvious to the naked eyes of a person who knows what to look out for. Tornado’s system captured a user’s login credentials, as part of the Universal Resource Locator (URL) when the user accessed his/her email account. These would be displayed in the address bar of the user’s Web browser – where it could be seen by anyone nearby. Furthermore, he found out that when a Tornado user logged into the Tornado email website, a numerical code known as “NID” is provided to the user to allow him/her to stay in the website. However, when the user clicks on a link from his/her email account to connect to an outside website, the “NID” would be transmitted by the Tornado system to the outside website, thus allowing third parties to gain access to the user’s email account because of the NID.

As system administrator, McDanel did not need to hack Tornado’s system to find the security flaws. He just needed to use his eyes and knowledge of technical matters. He was allowed to look for vulnerabilities like this, as part of his employment! When he emailed Tornado’s customers to warn them of the vulnerability, he was arguably still within his rights because his email privilege was not revoked by Tornado even after he resigned.

THE U.S. GOVERNMENT POSITION

The government managed to convince the District Judge that the email warning of McDanel caused “impairment” to Tornado’s computing network, damaging the server because it supposedly crashed due to the volume of the emails sent. But in the U.S. Government’s Motion for Reversal of Conviction (yes, the US Government finally and belatedly saw the injustice done here), the government conceded that the actual damage to Tornado’s server did not even meet the minimum amount of damages under the CFAA, which is $5,000. Besides, the fixing of the server and the application of the security fix to the vulnerability can only and ultimately be attributable to the fault of Tornado who knew about the vulnerability but intentionally refused to repair it, until McDanel’s email.

What the U.S. Government’s real theory which formed its cause of action against McDanel, is that the email warning set by McDanel impaired the integrity of the Tornado’s computer system “by revealing confidential information relating to the operation of the Tornado server”.

WHAT IT MEANT

The prosecution and conviction of McDanel was swift and fast because there was no jury trial. Only a judge (District Judge Lourdes G. Baird) decided his fate and he was imprisoned for 16 months. He served his sentence and filed an appeal to have his conviction overturned. Realizing its mistake, the U.S. Government filed a motion to have the conviction reversed in the 9th U.S. Circuit Court of Appeals in San Francisco, which was granted. But the damage caused to McDanel by Tornado, the prosecutors and the judge who convicted him are irreversible [see Paul Ohm, The Myth of the Superuser: Fear, Risk, and Harm Online, April, 2008, 41 U.C. Davis L. Rev. 1327, that cited the US Government’s Motion for Reversal of Conviction, United States v. McDanel, No. 03-50135 (9th Cir. Oct. 14, 2003), available at http://www.lessig.org/blog/archives/govt.pdf

The charge against McDanel actually translates to the damage caused to the reputation of Tornado due to the publication of the vulnerability through the email system, and not to some actual damage to its server or any computer. If anyone is guilty of electronic damage here, it is Tornado since it did not fix the flaws after being informed about them, and it was the one that tried to delete the email warning from the accounts of their 5,600 customers, causing interference and potential tampering and destruction of e-data against their customers!

This case is the first and only American case where an innocent whistleblower paid with his freedom due to the erroneous and incompetent understanding of the technology involved by the prosecution attorneys who manage to convince a technologically ignorant judge that damage to a computing system actually extends to, or is synonymous, to the damage caused to the reputation of the owner of the computing system.

More than a disgrace, it is an example of patent injustice that Philippine courts should learn from so as not to replicate in this jurisdiction.

Philippine Lawbytes 173: The National Privacy Commission’s Response to Dr. Atty. Noel Guivani Ramiscal’s Request for Advisory Opinion on Spamming’s Legality and Effects

In November 19, 2020, I received the unredacted copy of the National Privacy Commission’s response to my request for an advisory opinion on spamming’s legality and its effects on the data privacy of Philippine netizens. NPC posted the redacted version on its website on the same day I received a copy of the unredacted version. Here is the unredacted text of their opinion, sans the footnotes [https://www.privacy.gov.ph/wp-content/uploads/2020/11/Redacted-Advisory-Opinion-No.-2020-041.pdf]:

Republic of the Philippines
NATIONAL PRIVACY COMMISSION
5th Floor, Delegation Building, Philippine International Convention Center, Vicente Sotto St., Pasay City
URL: https://privacy.gov.ph

PRIVACY POLICY OFFICE

ADVISORY OPINION NO. 2020-0411

30 October 2020

NOEL G. RAMISCAL

Law and IT Evangelist, Data Advocate

Cyberlawyer

Re: LEGALITY OF SPAMMING AND ITS EFFECTS ON DATA
PRIVACY

Dear DR. ATTY. RAMISCAL

We write in response to your request for an Advisory Opinion received by the National Privacy Commission (NPC) to provide clarification and guidance on the legality of spamming given the provisions of the Cybercrime Prevention Act of 2012, Philippine Supreme Court
decision in Disini, Jr. vs. Secretary of Justice and the different views of government and private entities on spamming.

In your letter, extensively outlined are the following laws, Philippine Supreme Court decisions, and issuances from different government agencies relative to spamming:

• Republic Act No. 10175 or otherwise known as the Cybercrime Prevention Act of 2012 which states in Section 4 on Cybercrime Offenses particularly:

Sec. 4. Cybercrime Offenses. — The following acts constitute the offense of
cybercrime punishable under this Act:
xxx xxx xxx
(c) Content-related Offenses:
xxx xxx xxx
(3) Unsolicited Commercial Communications. — The transmission of commercial electronic communication with the use of computer system which seek to advertise, sell, or offer for sale products and services are prohibited unless:

(i) There is prior affirmative consent from the recipient; or
(ii) The primary intent of the communication is for service and/or
administrative announcements from the sender to its existing users,
subscribers or customers; or
(iii) The following conditions are present:
(aa) The commercial electronic communication contains a simple, valid,
and reliable way forthe recipient to reject.receipt of further commercial
electronic messages (opt-out) from the same source;
(bb) The commercial electronic communication does not purposely
disguise the source of the electronic message; and
(cc) The commercial electronic communication does not purposely
include misleading information in any part of the message in order to
induce the recipients to read the message.

• In the 2014 case of Disini, Jr. vs. Secretary of Justice, the Philippine Supreme Court, in ruling Section 4 (c) (3) of the Cybercrime Prevention Act of 2012 as unconstitutional, stated that unsolicited commercial communications or spams are legitimate forms of expression, viz:

“But, firstly, the government presents no basis for holding that unsolicited
electronic ads reduce the “efficiency of computers.” Secondly, people, before the arrival of the age of computers, have already been receiving such unsolicited ads by mail. These have never been outlawed as nuisance since people might have interest in such ads. What matters is that the recipient has the option of not opening or reading these mail ads. That is true with spams. Their recipients always have the option to delete or not to read them.

To prohibit the transmission of unsolicited ads would deny a person the right to read his emails, even unsolicited commercial ads addressed to him. Commercial speech is a separate category of speech which is not accorded the same level of protection as that given to other constitutionally guaranteed forms of expression but is nonetheless entitled to protection. The State cannot rob him of this right without violating the constitutionally guaranteed freedom of expression. Unsolicited advertisements are legitimate forms of expression.”

• The Bangko Sentral ng Pilipinas (BSP), in its Memorandum No. M-2015-017, reminded the banks and its affiliates and subsidiaries about the prohibition against push messages or unsolicited text messages. The Memorandum cites the National Telecommunication Commission (NTC) Circulars issued in 2005 and 2009.5.

You stated in your letter that you further made an examination on the country’s biggest ISP and Telecommunication providers’ policies which reveal they all prohibit spamming.

Thus, you now seek the Commission’s opinion and stand on the following:

What is the clear unequivocal position of the NPC with respect to the legality or illegality of spamming?

What are the disadvantages of spamming on the data privacy rights and digital identities of Philippine netizens?

Legality of unsolicited commercial communications

Unsolicited commercial communications or “spam” is not illegal as stated by the Supreme Court decision in Disini, Jr. v. Secretary of Justice where the Court decriminalized the pertinent provision under the Cybercrime Prevention Act of 2012 that makes it a punishable act. Further, Article 8 of the New Civil Code of the Philippines provides that “judicial decisions
applying or interpreting the laws or the Constitution shall form a part of the legal system of the Philippines.” Thus, the Supreme Court decision decriminalizing unsolicited commercial communications holds true and should be respected until it is overturned by the Court itself.
Furthermore, the law and decisions by the High Court interpreting the Constitutions and laws have greater authority than administrative issuances.

As a government agency bound to uphold the Constitution and existing laws, rules and regulations, the Commission abides by the ruling of the Supreme Court in Disini, Jr. v. Secretary of Justice and thus, treats unsolicited commercial communications as legitimate forms
of free expression.

The Data Privacy Act of 2012 (DPA) was enacted to protect the processing of individuals’ personal data and requires that the processing shall be in made in accordance with its provisions, its Implementing Rules and Regulations and other existing laws, rules and regulations. It does not prohibit unsolicited commercial communications per se, rather, it sets the limit and reasonable guidance how these may be made while protecting the data privacy rights of individuals.

As such communications are well under the scope of the DPA, any processing of personal data for the purposes of sending unsolicited commercial communications should be in accordance with the provisions of the DPA, its IRR, NPC issuances as well as other existing laws, rules and regulations. Senders of unsolicited commercial communications must have a valid legal ground for processing under Section 12 or 13 of the DPA, where appropriate, and effectively become personal information controllers (PICs) who must uphold data subject’s rights and fulfill specific requirements on security measures for the protection of personal data laid down by the law and its IRR.

While the content of unsolicited commercial communications is legal as pronounced by the Supreme Court, the manner through which they are delivered, especially the use of personal data to obtain contact information, is still under the scope our privacy law.

Thus, the surrounding circumstances of the sending out of these unsolicited commercial solicitations or spam are factors to consider whether the processing is indeed lawful under the provisions of the DPA.

Effects of spamming on data privacy rights and digital identities

As for the disadvantages of spamming on the data privacy rights and digital identities of Philippine netizens, one of the apparent effects of it are the loss of the right to object or withhold consent by the data subject whose personal data has already been processed. For entities and individuals who resort to anonymous sending of unsolicited commercial communication, they deprived the data subjects the right to be informed as well as their right to give consent to the processing of their personal data for direct marketing.

Spamming through emails or other means of electronic communication can also lead to profiling. The simple act of opening of an email can give an indication of the user’s preference, through the cookies stored in the user’s computers with unique identifiers, later on enabling advertising networks to target and deliver advertisements based on individual interests.

In view of the foregoing, the Commission reminds businesses, organizations, and individuals to keep in mind that they become PICs when they process personal data of individuals for sending out unsolicited commercial communication.

As PICs they are responsible in complying with the provisions of the DPA as well as upholding the data subject rights.

This opinion is based solely on the limited information you have provided. Additional information may change the context of the inquiry and the appreciation of facts. This opinion does not adjudicate issues between parties nor impose any sanctions or award damages.

For your reference.

Very truly yours,
(Sgd.) RAYMUND ENRIQUEZ LIBORO
Privacy Commissioner

Philippine Lawbytes 172: Dr. Atty. Noel Guivani Ramiscal’s Request for Advisory Opinion on the Legality of Spamming to the National Privacy Commission

As those of you who follow my blog or who have attended my lectures on Data Privacy or Cybercrime or Electronic Evidence know, I have struggled with the concept of spamming being declared legal by the Philippine Supreme Court in 2014. So I decided to ask the National Privacy Commission about its take on this matter. Here is a copy of my formal request for an advisory opinion:

July 16, 2020

National Privacy Commission, 5th floor, GSIS Headquarters Building, Financial Center, PICC, Pasay City (info@privacy.gov.ph)

Dear NPC Commissioner Raymundo Liboro:

REQUEST FOR ADVISORY OPINION ON THE LEGALITY OF SPAMMING AND ITS EFFECTS ON DATA PRIVACY

I am Dr. Atty. Noel G. Ramiscal, a privacy and consumer advocate, drafter of privacy policies, a lecturer on the Data Privacy Law for several years, and one of the lawyers consulted by the former Commission on Information Communication Technology (CICT) on the Data Privacy and Cyber Crime Bills, way before they were passed into laws.

One of the biggest contradictions that I have written and discussed in different forums for quite some time, and a matter that truly gives me quite a legal and ethical conundrum is the Philippine Supreme Court’s decision legalizing spamming and the contrary views of different government and private entities on spamming.

The Philippine Cybercrime Prevention Act (R.A. 10175) criminalized spamming, which was construed as “unsolicited commercial communications” in this manner:

Unsolicited Commercial Communications. – The transmission of commercial electronic communication with the use of computer system which seeks to advertise, sell, or offer for sale products and services are prohibited unless:

(i) There is prior affirmative consent from the recipient; or

(ii) The primary intent of the communication is for service and/or administrative announcements from the sender to its existing users, subscribers or customers; or

(iii) The following conditions are present:

(aa) The commercial electronic communication contains a simple, valid, and reliable way for the recipient to reject receipt of further commercial electronic messages (opt-out) from the same source;

(bb) The commercial electronic communication does not purposely disguise the source of the electronic message; and

(cc) The commercial electronic communication does not purposely include misleading information in any part of the message in order to induce the recipients to read the message [Chapter II, Section 4 (3) (c)].

In 2014, however, the Philippine Supreme Court decided, in the consolidated challenges against R.A. 10175 [Biraogo v. NBI and PNP, G.R. No. 203299; ALAB NG MAMAMAHAYAG et al. v. Office of the President et al., G.R. No 203306; Adonis et al. v. Exec. Secretary et al., GR 203378; Disini et al v. DOJ Secretary et al., G.R. 203335; Senator Guingona III v. Executive Secretary et al, G.R. No. 203359; Bagong Alyansang Makabayan et al. v. Aquino III, GR 203407; Ateneo Human Rights Center v. Exec. Sec. et al, GR 203440; National. Union of Journalists, PPI, et al, v. Exec. Sec., GR NO. 203454; Castillo, Andres v. DOJ Sec. et al., GR No. 203454; Cruz et al, v. Aquino III, et al., GR 203469; Philippine Bar Association v. Pres. Aquino III, GR NO. 203501; Bayan Muna v. Exec. Sec., GR 203509; National Press Club v. Aquino III, GR 203515; and Philippine Internet Freedom Alliance v. Exec. Sec., et al, GR 203518.], that spamming is legal.

The pertinent part of the en banc decision (held by 8 Justices, including the ponente) reads:

But, firstly, the government presents no basis for holding that unsolicited electronic ads reduce the “efficiency of computers.” Secondly, people, before the arrival of the age of computers, have already been receiving such unsolicited ads by mail. These have never been outlawed as nuisance since people might have interest in such ads. What matters is that the recipient has the option of not opening or reading these mail ads. That is true with spams. Their recipients always have the option to delete or not to read them.

To prohibit the transmission of unsolicited ads would deny a person the right to read his emails, even unsolicited commercial ads addressed to him. Commercial speech is a separate category of speech which is not accorded the same level of protection as that given to other constitutionally guaranteed forms of expression but is nonetheless entitled to protection. The State cannot rob him of this right without violating the constitutionally guaranteed freedom of expression. Unsolicited advertisements are legitimate forms of expression (citation omitted).

Under the Philippine Civil Code, the decisions of the Supreme Court form part of the law of the land. It should have been settled that such en banc pronouncement decriminalized spamming.

But after that decision was rendered, the Bangko Sentral ng Pilipinas (BSP) Dep. Governor Espenilla signed MEMORANDUM CIRCULAR NO. -M2015-017 2015, dated March 25, 2015, which reiterated the criminalization of spamming under the repealed provision of R.A. 10175, citing National Telecommunication Commission (NTC) Circulars issued in 2006 and 2009!

It is also telling that the NTC has not issued any circular after the 2014 Supreme Court decision legalized spamming.

In 2016, I lectured at an MCLE seminar for lawyers of one of the biggest ISPs/Telcos in the Philippines. I apprised them that their Privacy Policy and Fair Use Policy which prohibited spamming, are contrary to the Supreme Court 2014 ruling. As of the time I filed this request for an NPC advisory opinion, the relevant policies in their website still prohibit spamming.

An examination of the current policies of some of the biggest Telcos in the Philippines reveals that all prohibit spamming.

For example, Globe’s Website Terms and Conditions Agreement provide:

By way of example, and not as a limitation, you agree not to:

1. use the Service in connection with surveys, contests, pyramid schemes, chain letters, junk email, spamming, or any duplicative or unsolicited messages (commercial or otherwise); [8. Member Conduct, https://www.globe.com.ph/website-terms-conditions.html]

Globe’s Privacy Policy states “(w)e are not responsible for information, content, application, product, or service that we do not provide. But because we care for you and protect you, we take measures to fight spam, fraud, or any unauthorized messages that traverse our network” [5. PROTECTION OF PERSONAL INFORMATION, https://www.globe.com.ph/privacy-policy.html]

Smart’s Corporate Website Terms and Conditions obligates the user/viewer/client in this wise:

“You further understand and agree that sending unsolicited e-mail advertisements to the Web site or any user of the Web site or through voice computer systems is expressly prohibited by these Terms and Conditions. Any such unauthorized use of our computer systems is a violation of these Terms and Conditions and applicable “anti-spam” laws. In addition to any remedies that we may have at law or in equity, if we determine, in our sole discretion, that you have violated or are likely to violate the foregoing prohibitions, we may take any action we deem necessary to cure or prevent the violation, including, without limitation, the immediate removal of the related materials from this Web site. We will fully cooperate with any law enforcement authorities or court order or subpoena requesting or directing us to disclose the identity of anyone posting such materials.” [4. Inappropriate Materials and Submissions, https://smart.com.ph/Corporate/terms/].

PLDT’s Acceptable Use Policy stipulates that “(t)he Subscriber shall not use the Services to transmit unsolicited e-mail messages, including, without limitation, unsolicited bulk email, where such emails could reasonably be expected to provoke complaints (“spam”). Further, the Subscriber is prohibited from using the service of another provider to send spam to promote a site hosted on or connected to the Services” [V. EMAIL AND UNSOLICITED MESSAGES, https://m.pldthome.com/terms-and-conditions]

In the Statement of its Legal Rights, PLDT stated that it “will endeavour to notify the Subscriber of the activity deemed to be in violation of this AUP and request that the Subscriber cease such activity.  However, in cases where the viability of Services are potentially threatened or activity involves UCE/SPAM, mail relaying, alteration of the Subscriber’s source IP address information, denial of service attacks, illegal activities, harassment or copyright infringement, PLDT, at its sole discretion, shall exercise its right to immediately, and without need of any notification to the Subscriber, suspend the Service/s or the Subscriber’s access to the Service/s.  Notwithstanding PLDT’s exercise of the remedies mentioned about, it shall not be prevented from taking any other appropriate action, legal or otherwise, against the Subscriber for violations of the AUP, which may include termination of the Services”  [https://m.pldthome.com/terms-and-conditions].

Sun Cellular/Digitel Mobile Philippines’ Website Terms and Conditions provide that “unsolicited e-mail advertisements to the website or any user of the website or through voice computer systems is expressly prohibited by these Terms and Conditions. Any such unauthorized use of our computer systems is a violation of these Terms and Conditions and applicable “anti-spam” laws. In addition to any remedies that the company may have at law or in equity, if determined through our sole discretion that any user has violated or is likely to violate the foregoing prohibitions, Digitel Mobile Philippines, Inc. may take necessary actions to cure or prevent the violation, including, without limitation, the immediate removal of the related materials from this website. The company will fully cooperate with any law enforcement authorities or court order or subpoena requesting or directing us to disclose the identity of anyone posting such materials.” [IV. Inappropriate Materials and Submissions, https://suncellular.com.ph/terms]

These companies have cadres of lawyers formulating their policies. These lawyers are supposed to know the current state of the law on spamming, which is the 2014 Supreme Court decision, not the decriminalized provisions of R.A. 10175, nor the 2006 and 2009 NTC Circulars. Yet the policies they have drafted and their companies implement still continue to go against the Supreme Court decision. 

THE ETHICAL AND LEGAL COMPLICATIONS OF THE SUPREME COURT DECISION FOR DATA PRIVACY ADVOCATES AND ACTIVISTS AND PHILIPPINE CONSUMERS

This clear, unreconcilable conflict between the Philippine Supreme Court ruling, and the positions of the entities I mentioned place data privacy policy drafters in a legal and ethical quandary, and stakeholders, including Philippine consumers at risk.

As lawyers, we are bound to follow the law, including Supreme court decisions. But at the same time, as data privacy advocates and privacy policy drafters, we know that spamming can actually lead to violations of the data privacy law, particularly if used in phishing, and other means of identity theft.

But since the Supreme Court decriminalized it, there appear to be two options that are done, none of which in my opinion is legally and ethically sound.

The first, pretend the Supreme Court decision does not exist, and rely on the ancient issuances of the National Telecommunications Commission way back in 2006 and 2009 that prohibit spamming, as well as the decriminalized provisions of the Philippine Cybercrime Prevention Act that prohibited spamming, which is what the BSP Circular did. This would violate the lawyer’s ethical duty to keep abreast of the latest legal development, at least in this case, the decriminalization of spamming.

Or second, do not mention in the policies we draft, spamming, or do not expressly prohibit it, which would go against our well-grounded belief in the undesirability of spamming, and would compromise our sworn duty to protect the interests of our clients over their IT systems, email accounts, data privacy rights and the security of their identities.   

THE URGENT NECESSITY FOR THE NPC TO ADDRESS THIS MATTER DIRECTLY

Now the NPC has not addressed this issue directly.

I endeavored to read all the NPC advisory opinions posted in the NPC website, and please correct me, if I am wrong, but this matter has not been raised by any other person or entity to the NPC.

The only relevant opinion I came across that alluded to spamming concerned the controversy surrounding the FaceBook “View As” feature which led to the compromise of the personal information of 755,973 Philippine-based Facebook user accounts [FaceBook Forced Log-Out & Stolen Tokens of Philippine Users (CID Case 18-J-162)]. Here the NPC found that “the risk and vulnerability of Filipinos to spam and phishing are regarded as one of the highest in the world. According to the Are You Cyber Savvy Report from Kaspersky Lab, approximately 9 out of 10 Filipinos are susceptible to phishing attacks” and “considerations of risk must always consider the cultural milieu in which the risk is appreciated. For instance, this Commission takes notice that identity verification systems throughout the Philippines are quite weak.” This led the NPC to order FaceBook to notify all affected data subjects and provide identity theft and phishing insurance for affected Filipino data subjects.

The italicized and underlined portion I emphasized, and the remedies given to Philippine FaceBook users by NPC, apparently show that NPC is steering in the direction of the position of the BSP and the ISPs/Telcos that I mentioned.

But for the sake of clarity, the status of data privacy in this country, and the welfare of Philippine consumers who rely on digital communications and transactions, particularly at this time, please state:

1. What is the clear unequivocal position of the NPC with respect to the legality or illegality of spamming?;  and

2. What are the disadvantages of spamming, on the data privacy rights and digital identities of Philippine netizens?

Such clarification by your agency, would be the one that I would cite in crafting my clients’ policies, in my lectures and in my advocacies.

Thank you.

God Bless Us!

Regards,

DR. ATTY. NOEL GUIVANI RAMISCAL

University of Queensland (Australia), Ph.D. Law

Law and IT Evangelist, Data Privacy Advocate Cyberlawyer

Philippine Lawbytes 171: GILDED BEJEWELED IPADS AND LAPTOPS (PART 2): EXACTING PHILHEALTH’S BLOOD MONEY (BY DR. ATTY. NOEL G. RAMISCAL)

 

What can US$ 2.35 million buy in personal computers? I must admit, this amount had caused some imaginary saliva dribble over my mouth! I have been lusting after some very luxurious personal computers since the time I saw a Robb Report of an Ego PC over 20 years ago. But when I did my research, US$ 2.35 million would not be enough to buy the world’s most expensive iPad, or the world’s most expensive laptop. But hey, corrupt officials have proven time and time again, their rapacious capacity and creativity to steal, so the difference in price would not be a problem.

Here are the stats and facts for the iPad:

The Most Expensive iPad in History: the US$ 6,403,525 iPad 2 Gold History Edition

The Most Expensive iPad in History: the US$ 6,403,525 iPad 2 Gold History Edition, snapshot: stuarthughes.com

The most unique element in this iPad is the main front frame which was made from 750 grams of Ammolite, the oldest fossilized rock formed from the shells of ammonites. As a gem, this is one of the most expensive and rarest organic gems set into jewelry. The Ammolite is only found in one place in the world, the Bearpaw Formation, which traverses Alberta to Saskatchewan in Canada and south to Montana in the US (see https://www.gemsociety.org/article/ammolite-jewelry-gem-information/). The Ammolite used here is supposedly over 75 million years old, and to make it more interesting, sections of a thigh bone of a 65 million year old T-REX Dinosaur was splintered and shaved into the Ammolite! A single cut 8.5ct flawless diamond was inlaid in its own platinum surround with 12 outer flawless diamonds (comprising a total of 4 carats) which rest in the middle of the left section of the mainframe.

The back casing of the iPad is in 24 carat gold that weighs in at 2,000 grams. To add more bling, the 24 carat Apple logo is encrusted with 53 pieces, constituting 12.5 carats, of I’F’ Flawless diamonds. Only 2 pieces of this item were made.

Stuart Hughes has also designed less expensive iPads ranging from US$ 384,330 (solid Platinum iPad SUPREME edition), US$ 166,540 (solid Gold iPad SUPREME edition), and US$ 140,920 (iPad SUPREME FIRE edition), but all of these do not have the elegant impact or historical value of the Ammolite iPad.

The Most Expensive Laptops

I confess that I prefer laptops to iPads. For the computer lux connoisseur, the most decadent ultra-rich fashionista, and the brazenly brutal corrupt official, here are the Top 6 most expensive personal computers worth coveting:

1. The US$ 3.5 Million MJ Diamond Encrusted Laptop

The US$ 3.5 Million MJ Diamond Encrusted Laptop, snapshot: notebook777.com

There is nothing extraordinary about this laptop and the mouse, in terms of their computing and operational features, respectively. What is out of ordinary here are their casing encrusted with white diamonds and the black diamonds studding the “MJ” logo on the laptop and the middle line on the mouse. These are part of the luxurious “777” laptop line created by “MJ”, a Ukrainian manufacturer that started producing these items in 2010. The line also features different laptops cased in rare leather materials, with gold features, diamonds and other gems like sapphires. The laptop in this series comes with a 10-year warranty for its hardware and a lifetime warranty for its jewellery.

While this is out of the blood budget range of US$ 2.35 million, the buyer can seek to have a customized laptop made by MJ within this range. For example:

Sony VAIO P mini laptop fully encased in 18 carat gold, snapshot: notebook777.com

This Sony VAIO P mini laptop is fully encased in 18 carat gold with all of its buttons encrusted with diamonds. The diamonds need not be embedded on each of the keys or buttons of the laptop’s keyboard.

Or try this:

MJ Laptop in lizard & anaconda skins with Black Sapphire buttons, snapshot: notebook777.com

A laptop in the 777 line that is cased in lizard and anaconda skins, with minimal gold trimmings and instead of diamonds, there are tiny black sapphires that are encrusted in some of the buttons of this laptop.

2. The US$ 1 Million LUVAGLIO laptop

The US$ 1 Million LUVAGLIO laptop, snapshot: gadgetcage.com

This laptop had been in “publication” since 2009. Luvaglio, the company based in London that manufactures it offers it to selected customers on an “invitation” basis. It has a 17” LED widescreen, reflective glare, 128 GB disk space, a Blu-Ray drive and a screen-cleaning device. The company allows its customers to choose the casing which can be made of wood, leather or metal, and the precious gems that would be incorporated in the device, including a colored diamond that serves as a power button and security ID. It is not known how many of these were made and actually sold.

Inside the Luvaglio, with the diamond button, snapshot: agentnewsupdate.blogspot.com

3. The US$ 480,000 to 500,000 MacBook Air SUPREME Platinum Edition

The US$ 480,000 to 500,000 MacBook Air SUPREME Platinum Edition, snapshot: stuarthughes.com

While it contains the great features of a MacBook Air, this SUPREME PLATINUM Edition is distinguished for the fact that its entire housing, from the casing to the body of the keyboard is cast from solid Platinum, which weighed 7 kilograms. Considering that platinum is a very rare metal and is more precious than gold, this explains why only 5 units were made, by the designer Stuart Hughes.

4. US $ 350,000 Tulip EGO Diamond laptops

US $ 350,000 Tulip EGO Diamond laptops: The Rodrigo Otazu model, snapshot: CNet.com

Again, the computer specifications in this laptop are quite ordinary. Shaped like a bag with a chromium handle, it is designed to catch the eye and create fashion statement. Manufactured by the Dutch brand Tulip, this burst out in the IT scene in 2006 and has evolved since then. It has a cheaper version worth US$ 5,000 minimum, and it has a special edition that honors the car brand “Bentley” that goes for US$ 20,000. But the Diamond and Platinum editions of this laptop are what caused the stir.

The Diamond studded Ego Tulip logo on the Otazu model, Snapshot: laptof.blogspot.com

 

The diamond studded “O” initial in the Otazu Ego Diamond keyboard, snapshot: mavromatic.com

Though their casings are covered in leather, these Diamond and Platinum editions use high end materials like 18 carat white gold, polished platinum, and Top Wesselton V.V.S. 1 quality diamonds. The Rodrigo Otazu model above, features a total of 470 diamonds, encrusted on the logo and the inner letter or initial of the designer. The Ego Diamond can also carry the customer’s signature on the inside on the spacebar.

The Dibino EGO Diamond Model, snapshot: techglimpse.com

The Dibino Ego Diamond model contains 18 Carat white gold ornaments and set with 6.9 carat diamonds.

5. The US$ 285,000 Macbook Air SUPREME FIRE Edition

The US$ 285,000 Macbook Air SUPREME FIRE Edition, snapshot: regmedia.co.uk

The MacBook Air SUPREME FIRE Edition designed by Stuart Hughes has 25.5 carats of I’F’ Flawless diamonds, consisting of 53 pieces that are encrusted in the solid 24 carat gold Apple logo. The whole housing is made from solid 24 carat gold, weighing some 2,600 grams. Only 10 units of this were made.

6. The US$ 181,000 Macbook Air SUPREME ICE Edition

The US$ 181,000 Macbook Air SUPREME ICE Edition, snapshot: theawesomer.com

The whole front casing of the laptop (the top half) was made from a single piece of highly polished solid Platinum, that weighed at 2,500 grams. The rest of the laptop’s casing was done in Aluminum. 53 diamonds constituting a total of 25.5 cts of I’F’ Flawless grade were encrusted in the solid Platinum Apple logo. As a limited edition, only 10 units of this were made.

So there you have it, the most blingy, uber indulgent, and some may say, tacky personal computers befitting the most extravagant aristocrats, licentious fashionisti, and the only ones that dissolute consumers keeping up with the mafiosi, should be caught dead in, in polite royal or criminal company.

Philippine Lawbytes 170: SUPER COMPUTERS (PART 1): EXACTING PHILHEALTH’S BLOOD MONEY (BY DR. ATTY. NOEL G. RAMISCAL)

When the legislative hearings in the Senate and Congress over the corruption in Philippine Health Care Corporation (PhilHealth), erupted with revelations of P 115,320,000 (US$ 2,353,469) budget for a computer, and the estimated total of P 154,000,000,000 (US$ 3,142,847,142) as the total money lost to corruption, some people have asked me what type of computers or computing systems could be procured for that kind of blood money.

I scoured the Internet for the most expensive computing systems that could have been bought which in turn, could have jumpstarted the Philippine’s progress, and probable advancements in computing development, I.T. infrastructure, and even in the sciences and medicine, given the kind of ingenuity, resilience, persistence and brilliance of Philippine scientists, engineers, computer professionals and inventors.

Super Computers

Super computers differ from mainframe general purpose computers due to their processing power. The computing Performance of a supercomputer is measured in floating-point operations per second or FLOPS, instead of millions of instructions per second (MIPS) that is assigned to general computers (Definition, https://ecomputernotes.com/fundamental/introduction-to-computer/supercomputer). Supercomputers up to now can perform quadrillions of floating-point operations per second, but in the near future, exascale computers that can perform quintillions of floating-point operations per second can exist.

One of the legends, and many say the “father” of supercomputing, Seymour Cray, started building the world’s first and fastest computing systems. In 1976, under his leadership, the Cray 1 system was installed at Los Alamos National Laboratory. It performed a world record of 160 million floating operations per second (160 megaflops) and contained an 8 Megabyte (1 million word) main memory. It costed $8.8 million. He went from success to success, and in 1994, 2 years before he died in a tragic accident, his company introduced the Cray T3E-1200E system, the first supercomputer to do 1 trillion floating-point operations per second (teraflops), on a real-world application (see Cray History, https://www.hpe.com/us/en/compute/hpc/cray.html).

In the current supercomputing ecosystem, several countries are vying for the top spot. While the U.S. had occupied a leading position for sometime, China has edged it out of national pride, with the most number of supercomputers per country in 2020. France, Japan, U.K., Italy, Germany and Netherlands are also in the running. The website Top500.org compiles and ranks the list of 500 of the most powerful supercomputing systems in the world twice a year, that is, every June and November of each year.

Fugaku

As of June 2020, according to Top500, the most powerful supercomputer in the world belonged to Japan. Its name is Fugaku, an alternative iteration of Mount Fuji. It was built with the Fujitsu A64FX microprocessor, and installed at the RIKEN Center for Computational Science (R-CCS) in Kobe, Japan. The whole supercomputer was built and developed for US$ 1 billion.

Fugaku Supercomputer, snapshot: wonderfulengineering.com

Fugaku bested Summit, the current number one supercomputer in the U.S. Summit, which costed US$ 200 million, at peak performance can perform about 148.6 to 200.7 petaflops, or over 148 to over 200 million billion calculations per second. Fugaku can deliver 415.5 to 513.8 petaflops, or over 415 to over 513 million billion calculations a second. That makes Fugaku 2.8 times as fast as Summit (see June 2020, https://www.top500.org/lists/top500/2020/06/).

Summit Supercomputer, snapshot: theverge.com

Put in another way, according to the New York Times, “(i)f a stadium built for 100,000 people was full, and everyone in it had a modern laptop, it would take 20 stadiums to match the computing firepower of Summit.” Now multiply that by the factor of 2.8 and you get the idea of the vast difference between Summit and Fugaku!

The Very Near Future

The advances in supercomputing power cannot be overemphasized. The June 2020 placements by the Top500 will probably change by November 2020, and will certainly be changed again by June 2021. Why do I say that? Well, there is this ever-present real race between the supercomputing nations to produce a supercomputing system that can operate on the exascale level, that is, a billion billion in (quintillion) calculations per second. While rumors exist that China has done it, for now, it has not officially revealed anything.

Aurora Supercomputer, snapshot: datacenterdynamics.com

In contrast, the U.S. has not been secretive about its endeavors on this area. The U.S. Department of Energy (DOE) has invested US$ 1.8 billion in building 3 supercomputers that can be considered exascale computers. The first one is called “Aurora” and will be installed, if everything goes to plan by Intel and Cray Inc., in Argonne National Laboratory, in Chicago, Illinois, sometime in 2021. Valued at US$ 500 million, Aurora will be the first of 3 exascale computers, that the DOE has envisioned to serve the industrial and scientific needs of the U.S. government (U.S. Department of Energy and Intel to deliver first exascale supercomputer, https://www.anl.gov/article/us-department-of-energy-and-intel-to-deliver-first-exascale-supercomputer).

Significance of Super Computers

Supercomputers are generally used for two purposes, computation and simulation. Solving problems concerning huge numbers is one of the usual tasks assigned to supercomputers, e.g., breaking a cryptographic key based on mathematical factoring. But the most exciting usage of supercomputers is in the simulation of certain instances to find or create solutions to scientific and technological problems. The development of exascale computers can result to better simulations of the universe’s creation or the collision of galaxies, to greatly understand the origins of life. Supercomputers can better map the human brain to determine the cause of neuropathic pain or the human body and blood cells to determine the cause and cure for various types of diseases. They have been used to develop medicines and vaccines, including the race to develop a vaccine against this current pandemic virus, understanding the spread of viruses and contact tracing. Their potential in AI learning, and more mundane tasks like oil drilling, development of vehicles and weapons have been explored, etc.

The tragedy of the PhilHealth corruption lies in the avaricious loss of money contributed by Philippine members including overseas contract workers, stolen by PhilHealth officials, employees and their co-principals and accomplices from Philippine health care institutions, and others, for their personal aggrandizement.

The estimated US$ 3.14 billion taken from the PhilHealth members’ contributions could have been used instead to fuel the Philippines’ rise as a supercomputing country. We could have used the money to buy at least 3 Fugakus, or 15 Summits, or 6 Auroras, with some change to spare. Our scientists could have harnessed these supercomputers for many purposes like simulating and analyzing weather and environmental disturbances to protect our harvests, stem climate change, or mapping the causes of malnutrition and related diseases in the population and specifically allocating a portion of the national budget to address the needs of the targeted sectors/segments, or plotting the national and local roads of the Philippines and simulating their conditions to find solutions to the crippling daily traffic that had also contributed to the worsening air quality, among others. And of course, these supercomputers, with the right safeguards could have been utilized to correct the flaws in the PhilHealth’s I.T. systems, to prevent fraud and other types of cybercrimes, to protect the members’ contributions and the government subsidies.

Philippine Lawbytes 164, Part 4: Dissecting PhilHealth’s SVP for I.T. and CIO Aragona’s Intellectual Probity And Fitness To Serve (Dr. Atty. Noel G. Ramiscal)

 

The damning COA 2015 report which covered up to the end of December 2015 clearly applied to SVP and CIO Aragona. She may be able to have gotten away with washing her hands off the PhilHealth fiascos if her tenure was shortlived, but she stayed on, over five years, up to now. In evaluating her leadership, one must look at the flabbergasting disclosures that have happened in the legislative hearings the past five weeks.

THE PHILIPPINES AS THE LAND OF SUPERCENTENARIANS?

In 2009, the Scientific American reported a woman named Sakhan Dosova, from the village of Prishakhtinsk in central Kazakhstan, who celebrated her 130th birthday. Her age was supported by her passport, an ID and a Soviet census report. Prior to her, the longest living person recorded was Jeanne Calment, who died in Arles, France, in 1997 at the age of 122. [Pls see https://www.scientificamerican.com/article/can-someone-live-to-be-a-supercentenarian/%5D

In August 11, 2020, Senator Tolentino revealed that the PhilHealth system contained the data of thousands of Philippine citizens who were supercentenarians. PhilHealth CEO Morales admitted that the number is about 5,000 current members. But Senator Tolentino said that in one region there were 40,000 people allegedly 100 years old, and in another region, there were 10,000 people who were supposed to be 121 years old! The Philippines is not one of those blue line places where many people lived to be over 100, let alone over 120 years old. There is no single Philippine citizen that has ever been recorded by the Guinness Book of World Records to have reached over 120.

Furthermore, Sen. Tolentino disclosed that in the databases of PhilHealth there were people enrolled at the ages of 3, 18, 24, 25 years of age, who are made to appear as senior citizens in the PhilHealth databases!

It was disappointing that the Senators did not call out SVP Aragona for these types of spurious data that populate the IT databases that she is directly responsible for!

She even had the guts (short-lived though they maybe) to pretend that the PhilHealth’s IT system is fraud free. In the August 12, 2020 hearing, SVP Aragona was pointedly asked by Congressman Sy Alvarado if the current PhilHealth IT system she is in charge is foolproof from fraud. Unhesitatingly, she said “Yes”. The Congressman warned her that she is under oath, and she could be held in contempt for lying. He asked her again the same question, and this time she said the PhilHealth IT system is NOT foolproof.

These errors, system wise or manmade, lead to the conclusion that the PhilHealth databases are corrupted, and therefore innately unreliable. They are also potential sources for fraud due to the apparent lack of control on the type and quality of data entered into the PhilHealth IT systems. Aragona had five years to fix types of data glitches like these, which were noted in the 2015 COA report, but she was not able to, despite her vaunted qualifications and achievements.

THE NON-STABILITY OF DATA IN THE PHILHEALTH DATABASES

The non-stability of the data in the PhilHealth databases was brought to the fore during the questioning by Congresswoman Stella Quimbo, a brilliant health economist, last August 12, 2020, of the statistics and charts in the PhilHealth website concerning the actual number of Philippine citizens afflicted with pneumonia in 2018. The legislator said she found the number in the PhilHealth website, but she also tried to validate the number with PhilHealth officials who relied on the PhilHealth databases several times on different occasions. She got three or four different numbers for the same year 2018. When she tried to get to the bottom of this, a PhilHealth officer from the Corporate Planning responded saying that the data is always active and is influenced by the time and date of inquiry and the number of PhilHealth registrations. But the good Congresswoman pointed out that the data she asked is for a complete year, 2018, which is already one and a half years old!

The stability of data in the PhilHealth website and databases, is quite important in legislative inquiries and even in criminal investigations because they serve as bases for computations of actual case rates and other figures that the legislators and investigators need to get to the root of corruption in PhilHealth. As noted by Congresswoman Quimbo, the slightest change in the figures would cause changes in the projections, assumptions and computations of the possible extent and amount of the fraud, as illustrated in the pneumonia case rates that she analyzed.

This should have been explained by SVP Aragona, but again, the legislators did not ask the person who should be held accountable for the instability of data like these. This instance illustrates the irrefutable fact that the PhilHealth I.T. system had no validation system and no control measures which again, could lead to incorrect, and even fraudulent results.

THE NON-INTEGRATION OF SEVERAL PHILHEALTH I.T. SYSTEMS: ARAGONA’S LACK OF KNOWLEDGE AND VISION AS SVP FOR I.T. AND CIO OF PHILHEALTH OR HER INTENTIONAL ACT OR ATTEMPT TO DEFRAUD THE PHILIPPINE GOVERNMENT

In the Senate and Congress hearings, SVP Aragona mentioned several different systems that she apparently was in charge, like the Enterprise Research Management Information System and the Business Intelligence System. She also mentioned about “data dashboard” that supposedly integrated data from different databases within the PhilHealth’s I.T. systems to spot fraud. Aragona had talked about this data dashboard many years back (As payouts rise, PhilHealth turns to data, Medha Basu, [https://govinsider.asia/innovation/as-payouts-rise-philhealth-turns-to-data/]).

Apart from her admission to Senator Marcos that the PhilHealth I.T. systems are fragmented, her interpolation by Senator Angara regarding the Adobe Master Collection last August 11, 2020 brought to the fore the fact that she either lacked the knowledge, capacity and vision to be PhilHealth’s SVP for IT and CIO, or she had apparently defrauded and/or attempted to defraud the Philippine government for acquiring an obsolete and no longer existing IT product.

For the Record: Adobe Master Collection Creative Suite 6 (CS 6) has been obsolete since 2017!
The Adobe Master Collection Creative Suite 6 (CS 6), which is the complete name designation of the product that was referred to in the hearings and the PhilHealth I.T. budget, had been obsolete by a few years. Adobe launched it in 2012, and while it was received well, it was quite expensive. In 2013, Adobe came out with the announcement that it would not release a new version like CS 7. Adobe continued to provide update support, but it announced in January 9, 2017, that CS 6 is no longer available for purchase and ceased all support. It advised all its customers that all the most popular apps contained in CS 6, plus more, are “only available with a Creative Cloud membership” (Please see Adobe Just Stopped Selling Creative Suite 6 Entirely – Here’s Why, January 25, 2017, https://prodesigntools.com/adobe-ends-cs6-sales.html).

Now what is the Creative Cloud?

It was a product that Adobe released way back in 2012 along with CS 6. It is really a subscription to the full range of Adobe’s creative applications, and its price is cheaper. In a short time, Creative Cloud or “CC” overtook CS 6 and Adobe decided to develop it, and drop CS 6. Adobe had released annual versions of CC since 2013. In the last quarter of 2019, Adobe had already released CC 2020, which contained upgraded CC desktop applications and brand new apps (Adobe Ships New CC 2020 Release – Upgrade Free / Download Trials, November 7, 2019, https://prodesigntools.com/adobe-cc-2020-release-out-free-trials.html).

The Bloated Price for the Adobe Master Collection in the PhilHealth 2020 IT budget

It was revealed in the Senate hearings that the 2020 proposed I.T. budget presented by SVP Aragona for the Adobe Master Collection software was P 21 million (about US$ 429,000), whereas the approved cost by the Department of Information Communication Technology (DICT) is just P 168,000 (US$ 3,429.00)! As pointed out by Senator Zubiri, that represented a 12,400% increase in the price!

Senator Angara’s Interpolation and Aragona’s Answers

Senator Angara asked SVP Aragona about the Adobe Master Collection that she sought funding to be procured by PhilHealth in 2020. She answered with “we’re going to use that for our something like the multimedia thing for Adobe.”

The good Senator informed her that the Adobe Master Collection is already obsolete, and that it was replaced by “Creative Cloud.” He asked her if she knew about that. She could not immediately answer, so she was asked a second time. She said “yes”, but her elaboration is quite telling for what it contained and did not contain:

There’s a “continuing update review of the different items, so there’s a possibility na pagdating don sa actual, we will be changing the requirements specially if there’s new technology. Ganon din po mangyayari sometimes pag naka plan and then pag nag canvas sila and there’s updated product and ina-update po nila yong specifications together with the innovations that’s currently in the market.

Prior to the question, she talked about the Adobe Master Collection as if it were still existing. She was the one who pushed this item for the 2020 budget of PhilHealth. Senator Angara, or any of the legislators, should have asked her the question: If Aragona really knew that it was really obsolete, then why would she place it for approval by the PhilHealth Board in the 2020 I.T. budget?

There are two possible answers, to the question I posed.

Aragona’s Lack of Knowledge

The first possibility is that Aragona really did not know the current actual items that are needed to realize the integrated, fraud free PhilHealth IT systems that she was tasked to build. She may have said “yes” to Senator Angara’s question, to hide the fact that she had no idea that Creative Cloud exists. Her elaboration shows she is not into the canvassing of the items and not into updating them, as made evident by her chosen Tagalog pronoun “sila” (they), as opposed to the pronoun “kami” (we).

It was also apparent from her several exchanges with other legislators, that she relied on the OIC IT senior manager, Gabuya, for the specifics. If this is the case, it is downright scandalous that PhilHealth has an SVP for I.T. and CIO who does not know the nuts, bolts and brass tacks required to build and safeguard the I.T. systems for over 109 million Philippine citizens!

Aragona’s Intent to Defraud the Philippine Government

The second possibility is that she intentionally placed it on the line items to be approved because it is expensive. Since the assumption is no one in the Board would question a specific I.T. product they know nothing about, then this is another grossly overpriced unavailable item that could escape budget scrutiny. It must be re-emphasized that the price allotted to this product in the budget prepared by Aragona is an exorbitant rate that is not justified.

This is particularly damning considering CS 6 had been out of the market since 2017. There were no documents presented for the previous years, but if she had knowingly and successfully pushed for the approval of this item annually since 2017, that meant she had succeeded in defrauding the PhilHealth members and the Philippine government for paying for a non-existent item for several years!
Had Senator Angara pressed her, or if any of the legislators picked and followed up on this point, we would have a clearer understanding of the purpose/s that informed her actions. At any rate, none of these two possible views/answers serve to exonerate her.

ARAGONA’S IT PLAN?

Senator Angara pushed on and asked what is her plan for PhilHealth’s I.T. system. She said that there is a “Digital Transformation” plan that is supposed to be done for three years. She did not own this plan. In another manifestation before the legislators, she said that this was done due to a change in direction, that apparently did not come from her.

Senator Angara asked for specifics and all she could come up with is that it is a “complete automation end to end solution.” He chided Aragona for not doing that several years ago, and cited the GSIS and SSS as agencies who have surmounted the obstacles that PhilHealth had faced from its inception.

Senator Angara pressed her again for the detailed plan and she guaranteed she will produce it within two weeks from August 11, 2020. It is not clear if she actually submitted such plan in such time. But what is clear is that when SVP Aragona was appointed to her post in June 2015, and after five years from such appointment, she had not produced any of the IT system deliverables that is expected of her, nor address much of the 2015 COA findings, despite her puffed up achievements in PhilHealth.

Philippine Lawbytes 165, Part 5: The Alleged Gross Overpricing of I.T. Tools and Equipment Attributed to PhilHealth’s SVP Aragona and Acting Senior I.T. Manager Gabuya (Dr. Atty. Noel G. Ramiscal)

 

Aside from the Adobe Master Collection I discussed previously, there were other allegedly grossly overpriced I.T. tools, software and equipment for the PhilHealth I.T. system that SVP Aragona, together with the OIC Sr. I.T. Manager Gabuya, were in charge of detailing and seeking Board approval for the procurement budget.

The Cisco Network Switches

Col. Etrobal Laborte, former head executive assistant of PhilHealth PCEO Ricardo Morales, and a certified Cisco specialist, was one of the whistleblowers on this issue. Of particular interest is his expose on the Cisco network switches that PhilHealth actually awarded to a bidder in 2019, but did not procure due to the controversy. He stated that he reviewed the contracts and the procurement documents and presented these via a slide presentation concerning the switches.

The 15 Cisco switches that were specified in the documents was model 2960XR24, priced allegedly at P 419,946 (US$ 8,570). PhilHealth supposedly granted the award to a bidder which submitted the price of P 320,000 per switch.

Col. Laborte investigated the item at the Cisco website and found out that this is obsolete and the price alluded to is based on 2016 prices. He emphatically stated that the items that were actually the subject of the bid award is the Cisco model 9200 which is only P 62,424 (US$ 1,224).

Now the total price of 15 Cisco switches at P 320,000 each, is P 4,814,880 (US$ 98,262), while the 2020 price of P 62,424 multiplied by 15 equals to P 939,360 (US$ 19,170), or a total of potential loss of P 3,878,520 (US$ 79,153) to the Philippine government!

In her interpellation, Aragona tacked an amount for the training costs of the PhilHealth staff who will use the equipment to justify the bloated price. This is clearly an obtuse way of determining prices. Mr. Laborte immediately corrected her when he said that such training costs are not needed when the equipment can be handled by staff who already know how to use the equipment.

The Admission of Aragona and Gabuya of the Procurement of the Current and Cheaper Network Switch for the Higher Price of an Obsolete Network Switch

Senator Lacson repeatedly sought Aragona and Gabuya to confirm the type of network switch that actually was the subject of the winning bid that did not push through because of legal concerns. The good Senator asked them several times if it was model 2960XR24, or model 9200. Previously they said it was model 9200, but in the August 11, 2020 hearing, they insisted it was model 2960XR24. Aragona even presented a slide which emphasized the procurement of model 2960XR24 with the price of P 348,000 (US$ 7,102) per switch. This irked Senator Lacson who kept asking them if they would change their mind and tell the truth.

The good Senator manifested that Aragona is actually attempting to mislead and confuse the Senate body by changing the specification of the network switch. He emphasized that the 2019 budget could not have been for the procurement of model 2960XR24 because it was already obsolete, and Col. Laborte pointed out that if this were the case, the value of that model would have gone down to about P 40,000 (US$ 816) each, due to depreciation. Also, Col. Laborte presented a document signed and certified by Gabuya with the knowledge of Aragona that the network switch items procured for 2019 were model 9200, which should have come at a much reduced price, than model 2960XR24.

When they still insisted in model 2960XR24, Senator Lacson gave them the ultimatum by moving to cite them in contempt. It was then that Aragona and Gabuya apologized and admitted that the subject of the procurement was indeed model 9200, with the 2016 high price tag pegged for the obsolete model 2960XR24.

The Exorbitant I.T. Budgets With Grossly Overpriced Items

PhilHealth Board Commissioner, Alejandro Cabading, an accountant and a whistleblower, presented his findings before the legislators on the anomalous IT budget that he flagged down with the PhilHealth’s top officials, but which were largely ignored.

Aside from the Adobe Master Collection, he noted that the IT department, headed by Aragona, sought Board approval of the following items:

P 40,000,000 (US$ 816,326) for application servers and licenses, where the DICT approved cost was only P 25,000,000 (US$ 510,204);

P 5,000,000 (US$ 102,040) for structured cabling, where the DICT-approved cost was only P 500,000 (US$ 10,204);

P 42,000,000 (US$ 857,142) for identity management software, while the DICT-approved cost was only P 20,000,000 (US$ 408,163);

P 21,000,000 (US$ 428,571) for office productivity software against the DICT-approved cost of only P 5,000,000 (US$ 102,040); and

P 25,000,000 (US$ 510,204) for application servers and virtualization licenses versus the DICT-approved cost of just P 14,800,000 (US$ 302,040).

Mr. Cabading pointed out that some laptops were listed twice in the IT budget, at P 4,100,000 (US$ 83,673) and P 115,320,000 (US$ 2,353,469) each!

Mr. Cabading also manifested that Aragona and Gabuya sought approval of two IT budgets, on different occasions, one for P 2,100,000,000 (US$ 42,857,142) and P 734,000,000 (US$ 14,979,591), the latter not being part of the DICT approved ISSP for PhilHealth. These budgets were provided to the PhilHealth Board without clear specifications. He also pointed out an item worth P 98,007,000 merely labelled as “three projects.”

Cabading’s statements on the lack of details of the IT budget was corroborated by the statement of another PhilHealth Board member, Dr. Susan Mercado, and who also said that the Board were coerced or “blackmailed” to approve another IT budget of P 228,000,000 (US$ 4,653,061) [or according to one of Aragona’s own slides, P 328,000,000 (US$ 6,693,877)], because of Aragona’s representation that if this amount will not be approved, the “PhilHealth I.T. system will collapse!”

Lastly, Mr. Cabading declared that Aragona and Gabuya presented, “bad” “scrambled” data, with the intent to confuse the Board regarding the specifications of the IT items.

ARAGONA’S UNCONVINCING AND INCOMPLETE RESPONSE

Aragona’s response to the legislators, was only partial and not convincing. She did not address all the itemized anomalies alleged by Mr. Cabading. The manner she addressed the general charge of overbloated prices was telling. She said that the “discrepancy found was the difference in the actual prices against the budget estimates provided. Prior to bidding, the proposed budget has to be updated again based on the current market canvasses and computed in average, median, and lowest with allowances for inflation.”

Her answer insults the intelligence of the PhilHealth board members, and is actually gravely misrepresentative of the actual proceedings that transpire in Board meetings concerning budget approvals. I have attended many board meetings on budgetary appropriations/allocations in the private and government sector, and the cardinal rule that I have observed and verified, is that the prices for items, especially on I.T. infrastructure and expenditures, must be based on the actual and current prices of the objects, tools and equipment that are sought to be procured. One does not go before the Board seeking budgetary approval for items that are already obsolete with their outdated original prices.

Aragona’s response is also totally belied by the expose of Col. Laborte on the 15 Cisco network switches that I have already discussed. It was clear from her, and Mr. Gabuya’s admissions, before Senator Lacson, that the switches they sought approval of, were actually the newest and lower priced Cisco model, but their price was tied to the 2016 price of the obsolete model, which they tried to foist upon the legislators as the actual subject of procurement.

Furthermore, Aragona did not deny the declarations of Mr. Cabading and Dr. Mercado that some of the budgets she sought approval from the Board had no details or clear specifications. For example, she explained that the P 115,320,000 (US$ 2,353,469) supposedly allocated for one desktop was for 1,341 desktops, while the P 4,100,000 (US$ 83,673) for another laptop was for 80 different laptops of varying specifications. As to the item worth P 98,007,000 that was alleged by Mr. Cabading to have been labelled as “three projects,” she appeared to have denied this.

Again, what is so blatantly controversial about her approach is that it is patently wrong. No one goes to a budget approval session/meeting with blank items. Her manner of seeking budget approval is tantamount to requesting for a discretionary fund subject to her, and/or the BAC’s control, which is not countenanced by any Philippine law.

Her other responses that the whistleblowers, Mr. Cabading and Col. Laborte got the figures wrong, or are just being negative since the other Board members did not even question the prices, are unconvincing and belie her disingenuous reasoning unworthy of any CIO.

Philippine Lawbytes 166, Part 6: The Actual Destruction or Erasure of Electronic Evidence in the PhilHealth Website & the Need to Probe PhilHealth’s Data Protection Officer, Nerissa Santiago, and SVP Aragona (Dr. Atty. Noel G. Ramiscal)

 

In the House of Representatives hearing of PhilHealth officials last August 20, 2020, Congressman Dan Fernandez honed in on the overpricing of several I.T. equipment and devices and the questionable practices by the Bids and Awards Committee (BAC) for I.T., including awarding a huge overpriced IT contract for computers to a vendor that had already been blacklisted.

In the course of the hearing, Congressmen Fernandez and Mike Defensor brought to the attention of the whole body that the documents pertaining to the I.T. procurement have been erased from the Bids and Awards Committee (BAC) section of the PhilHealth website. The Congressmen were then apprised of the presence of Nerissa Santiago, the head of the PhilHealth BAC for I.T., who is also the PhilHealth actuary and the PhilHealth Data Protection Officer (DPO), who said nothing during the discussion of the issue of overpricing of the IT equipment that the BAC I.T. presided over!

The Congressmen gave notice to Santiago and the PhilHealth officials not to erase or destroy the documents found in the PhilHealth website. Congressman Defensor actually stated that they will still be able to unearth those documents to shed light on the culpable parties.

Again, this was a lost opportunity to question both SVP and CIO Aragona, and DPO Santiago regarding the policy and the control of the PhilHealth website, and the documents uploaded thereon.

As SVP of IT and CIO, it should only be Aragona’s department, specifically, one or two persons therein, or her, that should have control over the retention and destruction or erasure of data that are stored in the website. It was also clearly a case of conflict of interest for Santiago, as PhilHealth’s actuary and the presiding officer of the BAC for IT to be the DPO.

This was the perfect chance to confront Santiago and Aragona and any other PhilHealth official, to establish who instructed or actually took down or erased the BAC documents from the PhilHealth website. This was not impossible to establish given that most, if not all the PhilHealth officials present in the Congress hearing, including Aragona and Santiago had their mobile phones, and laptops with them, because such act could be done via the internet, through a laptop or phone.

The erasure or taking down of the BAC documents is an indication that whoever is responsible is trying to hide evidence on the overpricing of I.T. equipment, which is material to the subsequent investigations by the NBI and other government agencies on the corruption in PhilHealth. It must be noted that this was followed by the incident in one of Philhealth’s Regional offices, where the ceiling leaked with water, and the concern was raised regarding the destruction of legal documents in such office.

I also would like to note that Atty. Del Rosario, the former SVP for Legal, who was placed in preventive suspension, apparently manifested that he was in his PhilHealth office and took the questions of the Congressmen from such place. PhilHealth officials who had already been placed in preventive suspension should not be allowed to return to their places of work to avoid the risk of evidence tampering or destruction.

Evidence destruction is a direct affront, an outright defiance and contemptuous act to the Congresspersons, when they conducted their hearings in aid of legislation. It is also what I would term an act of spoliation, that is, a form of electronic evidence destruction, that should be punished. In criminal proceedings, particularly in the United States, which has a mature legal and judicial system on electronic evidence, such act would be punished by the courts in different ways, including adverse inference, denial of the culpable party’s chance to present responsive pleadings, fines, and even suspension or disbarment of lawyers who advised their clients to destroy the electronic evidence.

Philippine Lawbytes 237: Digital Forensic Ethics, Cognitive Bias or Forensic Confirmation Bias, and the PNP DIDM Anti-Cybercrime Group, by Dr. Atty. Noel G. Ramiscal

It has been several years that I have been dealing with digital forensic investigators in different aspects of my cyberlaw practice, both from the government and private sector, and as far as my encounters with them have gone, particularly in court, they have not followed the laws, rules, national and international standards that govern digital forensic investigations. So it was with great anticipation that I accepted the invitation from the University of the Philippines Institute for Government Law Reform (UPIGLR), thru its Director, Atty. Solomon Lumba, and relayed to me by Ms. Eleanor Arzadon, that I can talk about my advocacy against “Digital Forensic Fraud” in the POPLAW seminar series that UPIGLR had been conducting with the Philippine National Police (PNP) for the past 47 years. This continuing program has benefited thousands of our brothers and sisters in blue, in their professional practice.

Dr. Atty. Noel G. Ramiscal prior to his PNP UPIGLR Digital Forensics Ethics and Fraud lecture, with his own designed blazer, UP Malcolm Hall, July 27, 2023

The main unit that this particular series was organized for, was the PNP Directorate for Investigation and Detective Management (DIDM), and the main class was IOBC, but there were representatives from various PNP branches and even from the Philippine Coast Guard. According to their website (https://didm.pnp.gov.ph/index.php), the PNP DIDM is the unit tasked to “assist and advice the (PNP) Chief in the direction, control, coordination and supervision of the investigation of all crime incidents and offenses in violation of the laws of the Philippines.” It has “close supervisory direction of crime laboratories and other investigative support units.” And it has a “Detective School which offers regular courses on Criminal Investigation and Detective Development Course (CIDDC) and other crash courses on investigation.” If ever there was a government entity that I could exchange notes, share my advocacy against Digital Forensic Fraud, and ascertain the standards that government digital forensic investigators (DFIs) follow, it would be from the members of this unit.

Dr. Atty. Noel G. Ramiscal with the PNP DIDM IOBC Class 2023 President, PLTCOL Norman Tanedo Florentino, at the PNP UPIGLR POPLAW Seminar, UP Malcolm Hall, July 27, 2023

First, I qualified the 150 member audience, if there were actual DFIs amongst them that testify in court. Three of them came forward, and for the rest of my lecture, they became my sounding board because their opinions, particularly on standards and ethical matters were what I sought to find out. Since I had not encountered them before in court, I took their statements at face value. They did not disappoint.

One of the egregious violations in my actual experience in court with digital forensic investigators whether they were from government or from the private sector, is that they monumentally fail in observing the standards set by the 2018 Rules on Cybercrime Warrants, particularly in surrendering all the pieces of electronic evidence they collected, acquired, preserved, examined, and stored in e-devices to the court that acquired jurisdiction over the cybercrime case/s. I spent some time narrating the reasons DFIs that I have confronted in court have given as to why they did not, could not and would not turn over these pieces of evidence even though that is the mandate by the Cybercrime Warrants Rules, to defeat the right of the accused to know, confront and disprove the electronic evidence against them. I asked the PNP DIDM DFIs their opinion, and to my surprise, they agreed with me, and one even saying that these Rules are the standard in cybercrime cases that must be followed by all DFIs, even though they are from the private sector, and employed by private complainants.

Dr. Atty. Noel G. Ramiscal talking about digital hashing at his PNP UPIGLR Digital Forensics Ethics and Fraud lecture, UP Diliman, Malcolm Hall, July 27, 2023

I discussed with them some of the nitty gritty stuff they must do in order to comply with the rigorous standards of these Rules, and relevant international standards. I went from using write blockers, to the rigid observance of the Chain of Custody procedures, to hashing algorithms. While some, like the DFIs were able to follow, the rest appeared to encounter the concepts and processes I discussed for the first time, which is fine because not all in PNP DIDM are involved in forensic investigations. I just had to bring to their attention one matter that I disagree with, that was stipulated in the PNP DIDM Investigative Directive 2017-17, dated December 4, 2017, which was issued to govern the forensic investigations done by the PNP Anti-Cybercrime Group (ACG):

PNP DIDM 2017 Directive Request for Extension to Investigate

As I stated in my discussion, the requirement of giving just one destination/hard drive by the requesting agency to the PNP DIDM DFIs, which would be used in storing the additional pieces of electronic evidence that might be gathered, upon the extension of the search warrant, to grant more time for the forensic investigation, should be revised to two repository devices, to comply with forensic industry standards.

Since the 2019 Amendments to the 1989 Revised Rules on Evidence (A.M. NO. 19-08-15-SC) or “New Rules of Evidence” took effect last May 1, 2020, the requisite “education” background of a DFI is now one of the factors to consider and examine when s/he/they are presented as expert witness in court. I apprised the participants about the real legal educational framework which must be used in assessing a DFI’s education and disclosed my professional connection with this framework. It is the Commission on Higher Education’s (CHED) Memorandum Circular #48, series of 2012, entitled “Criminal Justice Education: Policies, Standards and Guidelines for the Bachelor of Forensic Science Program”, which is one of the CHED standards that I was tasked by then CHED Chair, Dr. Patricia Licuanan to critique and give recommendations on. I queried the educational degrees of the three DFIs. While none of them graduated with the Bachelor of Forensic Science degree, all three had Bachelor of Science degrees in the Allied Programs stated under the same Circular.

Dr. Atty. Noel G. Ramiscal sharing insights with the audience at his PNP UPIGLR Digital Forensics Ethics and Fraud lecture, UP Diliman, Malcolm Hall, July 27, 2023

Another significant and vital matter I imparted to them, which was something that all of them had no previous knowledge is the concept of “cognitive bias,” specifically “forensic confirmation bias” which afflicts DFIs, most of whom are not even aware of its influence on their jobs. The ideal notion of a DFI is that s/he/they are properly objective in their mindset, as well as their usage of their forensic tools and their report of their factual findings. But legal and medical literature have confirmed that this notion is far from real. According to the conception of forensic confirmation bias, DFIs are susceptible to being affected by extraneous information, such as the suspect’s ethnicity, previous criminal record, eyewitness identification, or other types of evidence, that are given to them prior to their investigation of a cybercrime. This information can potentially bias the forensic scientist throughout the course of their investigation, affect the way they use their forensic tools, and ultimately bias their analysis of the case.

As an example, I discussed the case of Brandon Mayfield, who was the subject of extraction by the U.S. government, due to what the FBI believed as his direct involvement as the bomber in the 2004 series of bombings in Spain because of a latent fingerprint on a bog of detonation devices found in the crime scene. Even though Mayfield had never been to Spain, or outside of the U.S., since he had no passport, and even if the Spanish authorities already said that he was not the bomber because they caught the real one, one of the top FBI investigators, and several of his subordinates, and a consultant, all “100%” identified him as the culprit! Why? It was because they were made aware beforehand of his background as a Muslim, of the fact that he was a lawyer of a convicted terrorist and he had contacts with Muslim extremists. Mayfield sued the U.S. and won US$2,000,000.00 as settlement.

There is no previous record of the concept of cognitive bias, or forensic confirmation bias, in any cybercrime case in Philippine jurisprudence as far as my research goes. I presented this concept for the first time as the cybercrime consultant of accused in several cybercrime cases in a Regional Trial Court last 2021. To my personal knowledge, this was also the first time this concept had been presented in the RTC level in the Philippines. My client was acquitted in 2022.

Dr. Atty. Noel G. Ramiscal with some of the 150 participants after his PNP UPIGLR Digital Forensics Ethics and Fraud lecture, UP Malcolm Hall, July 27, 2023

In closing, I would like to acknowledge the important work being done by the PNP and the UPIGLR in educating our crime fighters and advancing their professional development thru endeavors like the POPLAW seminars. Special thanks to the considerate UPLGR Director, Atty. Lumba, and the ever kind Ms. Arzadon. Heartfelt appreciation to all the courageous men and women of the PNP and all its units, the PNP DIDM, the IOBC Class President, PLTCOL Norman Tanedo Florentino, the PCG people, and all who put their lives on the line everyday to safeguard our lives and our freedoms. Finally, it was such a privilege to share my advocacy with the participants, specially the 3 DFIs, who appear to be standard bearers of Ethics in Digital Forensics in Government Service! May your tribe increase! Thank you and God Bless!

Philippine Lawbytes 234: Technology Facilitated SOGIE Violence and the Historic IBP Dipolog Chapter and DIPAG Alliance for Upholding LGBTQIA+ Peoples’ Human Rights, by Dr. Atty. Noel G. Ramiscal

June 22, 2023 was a historic day in the ongoing PRIDE battle for the recognition of the rights of the LGBTQIA+ peoples, as human rights, in Zamboanga Del Norte. For probably the first time in the history of the Integrated Bar of the Philippines (IBP), at least in this province, the IBP Dipolog Chapter entered into a Memorandum of Agreement (MOA) with the DIPAG Rainbow Collective, an association of activists, advocates, and allies of the LGBTQIA+ peoples in Zamboanga Del Norte. The MOA contains the legal obligation of the IBP Dipolog chapter to assist in protecting the human rights of this vulnerable sector in legal cases, with the utilization of the free legal aid clinics of several law schools in the province. The IBP Quezon City Chapter was supposed to also sign a MOA with the IBP Dipolog Chapter relative to this matter, but unfortunately their representative could not arrive due to flight issues.

The whole MOA signing between the DIPAG Rainbow Collective Head, Mr. Adrian Jay Alforque, and the IBP Dipolog President, Atty. Augustus Alegarbes, was part of the SOGIE and Technology Symposium that was primarily sponsored by the Jose Rizal Memorial State University or JRMSU (with the VP for Academic Affairs, Dr. Jay Telen, and its Dean of the College of Law, Atty. Mark Jasper Cielo, in attendance, with the latter acting as Moderator in the Open Forum), and supported by the Hon. Chad Martin Paler, the Executive Judge of the MTCC, Dipolog City, who gave an insightful Message on the lot of our LGBTQIA+ brothers and sisters. The Symposium was opened by the IBP Dipolog Chapter Vice Pres. Atty. Fevie Gador, and was attended by professionals, allies and LGBTQIA+ activists, and students from the JRMSU, the Andres Bonifacio College and the Philippine Adventist College.

IBP Pres. Atty. Alegarbes, Ms. Juanita Ramiscal, Exec Judge Paler, Atty. Mark Cielo, Atty. Fevie Gador, June 22, 2023, SOGIE Tech Symposium, Dipolog

Two speakers graced the Symposium. The first was Mr. Alforque, the current Punong Balangay or head of the Dipag Rainbow Collective, which is one of the active LGBTQIA+ groups in Dipolog. He delivered an engaging lecture entitled “SOGIE 101” focused on the fundamentals in understanding the issues concerning the spectrum of sexual orientation, gender identities and, representation of the LGBTQIA+ community, and the struggles of getting the SOGIE Bill passed into law, versions of which had been languishing in the Senate and the House of Representatives since the first one was filed in the latter, in January 26, 2000, by then Congressperson Loreta Ann Rosales (https://issuances-library.senate.gov.ph/bills/house-bill-no-9095-11th-congress-republic).

Dr. Atty. Noel G. Ramiscal, wearing the colors and symbols of his non-binary tribe, on his self-designed blazer, prior to his lecture on SOGIE Based Tech Facilitated Violence, June 22, 2023, Dipolog

The second speaker was yours truly. I began by relating some of the most rabid forms of discrimination and violence I had experienced in my personal and professional life as an advocate, and member of one of the least known “tribes” which is not even in the letters of the community, but included in the “+” sign, i.e., non-binary. Ignorance, hatred of the unknown, and intolerance for alternative ways of Being, manifested in various forms of assault, job and relationship rejections, were some of the travails I had to go thru and overcome just to claim my Self and own my Space, because I never pretended or hid what I am. I had friends and clients who died from the hands of others or from their own because of what they are. And in reflecting on these, I presented to the audience the list or worldwide beliefs that the World Health Organization have pinpointed as those that engender SOGIE based violence, together with some of the most virulent religious and cultural beliefs against women and LGBTQIA+ peoples that fuel and are used as justifications by abusers to perpetrate the never-ending cycle of aggression and brutalities committed against these peoples for millennia.

Dr. Atty. Noel G. Ramiscal’s SOGIE Based Tech Facilitated Violence Lecture, on IoT Violence, June 22, 2023 SOGIE Tech Symposium, Dipolog

Executing these abuses in cyberspace bring different dimensions that are often misunderstood or downplayed particularly by law enforcement authorities (LEAs). The anonymity that technology enables the abuser, particularly to victims who are not tech savvy can lead the latter to feeling unsafe, depressed, and helpless. Abusers can have constant access to their prey survivor through connected devices, which can mean possibility of 24-7 abuse. Digital content can be replicated in perpetuity, in different platforms, and can be used by abusers in teaming with others to organize attacks on their prey, which can effectively lead to the victims shutting down, and even ending their lives. Thus, LEAs should never minimize the effects cyber abuse, and must also be aware of the egregious effects of intersectional violence on the LGBTQIA+ members.

Dr. Atty. Noel G. Ramiscal discussing virtual rape in the metaverse, SOGIE Based Tech Facilitated Violence Lecture, June 22, 2023 SOGIE and Tech Symposium, Dipolog

I then introduced the participants to the types of technologies that can be used in committing these violent acts, the first recorded instance of sexual harassment in a video game and the first virtual rape in the Metaverse, and how the current safeguards in the worlds of these “augmented realities” are not enough. Since the lecture was just two hours, I trust that the Symposium would lead to a series of Symposia that can further explore and elucidate on the various complexities of the topics discussed.

Dr. Atty. Noel G. Ramiscal with DIPAG Rainbow Collective’s Punong Balangay, Mr. Adrian Alforque, during the Open Forum, June 22, 2023, SOGIE Tech Symposium, Dipolog

The open forum featured Mr. Alforque and me as discussants. It is in this part that the relative maturity and keenness of appreciation of the difficult SOGIE issues by the audience of young professionals and students showed through. We had a very substantial discussion with the audience, from building a consensus to the use of gender free bathrooms to the difficulties we experienced as LGBTQIA+ activists.

Dr. Atty. Noel G. Ramiscal, with JRMSU Law School Dean Atty. Mark Cielo, DIPAG’s Mr. Adrian Alforque, and IBP Dipolog Vice Pres. Atty. Fevie Gador, June 22, 2023, SOGIE Tech Symposium

Two matters that I must mention. First, there was a question on apparently competing “realities”, which is what is currently happening in the U.S., and had to some extent been influential in the Philippines concerning the development of LGBTQIA+ activism and its future. Mr. Alforque was right that the Philippines has its own history of native LGBTQIA+ roots and activism. For my part, I stated that we should be on the lookout against false narratives being disguised as alternative truths, which is what the Trumpian presidency represented, and for not accepting the ultra-conservative Republican view of defining and reducing human sexuality to chromosomes that can lead to the further erosion of what little rights are given to LGBTQIA+ peoples.

Dr. Atty. Noel G. Ramiscal, Mr. Adrian Alforque, and some of the wonderful attendees, and LGBTQIA+ activists, advocates, allies at June 22, 2023 SOGIE Tech Symposium, Dipolog

Then there was the reaction of “idealogical extremism” to what I said as the right of a child, or a person to decide their SOGIE. I had to place this point in context. In case of intersexuals, who were born with indeterminate or ambiguous genitals, no doctor, and no parent has the right to decide the SOGIE of the child at the moment (or even several years after) they were born by operating on the child’s genitals to make it appear of a certain sex. This right should be given and exercised by the intersexed person at the time they can determine who they are, SOGIE wise.

For trans youth or transpeople, it is a different matter. They already know what their SOGIE are, almost always from a very young age. I made it very clear, that even if the decision to transition and undergo sexual reassignment surgeries (SRS), resides on the trans person, if the SRS is considered as a remedy for gender dysphoria at a young age, there should be a concerted effort between the person, the parents, the doctors, and in some cases, the judges (if the trans person is a ward of the State), to determine the best time, treatment, procedures and therapies for the trans person. This calibrated, considered approach would belie any claim of caprice and ideological extremism from anyone who would take the time to know what was actually done.

Kudos again to the IBP Dipolog Chapter, its officers and members, and to the DRC for their momentous undertaking, to the JRMSU for its valuable support, and to all the young professionals and students from different schools who attended this worthwhile Symposium. Especial and heartfelt gratitude to my mother, Juanita Ramiscal, for supporting, accepting and loving me unconditionally since birth, and to the God Within, that has revealed to me what I was seeking all my life first in the cavern of Bethlehem, in 2018, and every second since! May the tribes of LGBTQIA+ activists, advocates and allies increase! God Bless!

Philippine Lawbytes 233: Viral Legal and Judicial Misconduct (Part 4) The Lorredo Case and Why the SOGIE Bill Must be Passed and Implemented as Law, by Dr. Atty. Noel G. Ramiscal

The following Passage in the Lorredo case shows why a specific SOGIE law must be passed and implemented effectively in the Philippines:

…(T)he Court has always espoused care in the conduct of judicial proceedings, ever sensitive not to unjustifiably offend the litigants and erode the public’s confidence in our justice system. Thus, any form of discrimination by reason of gender or sexual orientation made by a judge and directed against any person with business before the court shall never be tolerated and must be strongly rebuked. Judge Lorredo must be reminded that the Court has already made a recognition of the fact that, through the years, homosexual conduct, and perhaps homosexuals themselves, have borne the brunt of societal disapproval. The Court is cognizant that they have suffered enough marginalization and discrimination within our society. It is not difficult to imagine the reasons behind this censure – religious beliefs, convictions about the preservation of marriage, family, and procreation, even dislike or distrust of members of the LGBTQIA+ community themselves and their perceived lifestyle. Inasmuch, however, that these so-called “generally accepted public morals” have not been convincingly transplanted into the realm of our law, there should be no reason for judges to add to the burdens of members of the LGBTQIA + community through the swift hand of judicial review, or to effectively lend a hand in perpetuating the discrimination they face, whether that effort is self-evident or thinly veiled under claims of religious beliefs or freedom of expression (p 17, bold, italicized, underlined emphasis supplied).

The quoted passage is significant for three reasons:

MERE REBUKE AS OPPOSED TO DISBARMENT IN THE GADON CASE

First, the Court circumscribed the specific sanction of “rebuke” to judges who exercised SOGIE discrimination against any person who have “business before the Court”. In doing so, the Court apparently limited the type of sanctions against judges who are LGBTQIA+ averse in their dealings with members of this community.

In the Gadon case, the Court considered the online intemperate, sexist, misogynistic remarks of Mr. Gadon against a cisgender, and apparently heterosexual female journalist, which was committed outside of any court’s premises, as worthy of disbarment.

But in the Lorredo case, the Supreme Court did not consider the direct face-to-face Biblical badgering and homophobic slurs by respondent judge in the preliminary conference, and those stated in his Comment, against the complainants and his patently explicit LGBTQIA+ intolerance against his fellow judges whom he perceived as gays, to be on the level of the sexist spite spewed by Mr. Gadon.

In the Supreme Court’s view, the behavior of respondent judge in this regard only merits rebuke. This on its face is completely bewildering, considering judges are “frontliners” in dispensing judicial services and how they treat those who have “business before the Court” gravely impacts on the whole judicial system.  

LGBTQIA+ RIGHTS HAVE NOT BEEN “CONVINCINGLY TRANSPLANTED” INTO PHILIPPINE LAW

Second, the Court made much of its previous recognition of the marginalization and discrimination suffered by the LGBTQIA+ community in the Ang Ladlad (Ang Ladlad LGBT Party v. Commission on Elections, G.R. No. 190582, April 8, 2010, 618 SCRA 32) and Falcis (Falcis III v. Civil Registrar General, G.R. No. 217910, September 3, 2019) cases. But as SOGIE awareness and acceptance of certain values in this community have seeped into the “generally accepted public morals”, the Court was quick to point out that these “public morals” have “not been convincingly transplanted into the realm of our (Philippine) law”.

To a certain extent, the Court here is correct. There is no black letter law that expressly grants the LGBTQIA+ community legal protection and recognition of the needs and rights that the conventional heteronormative legal system operated by mostly straight legislators, think are specific to the community, which is the reason why the SOGIE Bills have languished in the legislature since the first one was filed in January 26, 2000.

Despite the age-old cry of LGBTQIA+ members, activists, advocates and allies that LGBTQIA+ rights are human rights, there is still this narrow view that the rights of the LGBTQIA+ members are different from the rights of heterosexual people who are the dominant members of Philippine society.

Though it has the power to legislate because its decisions become part of the law of the land, being a conservative branch of government, it is highly unlikely that the Supreme Court would pave the way for the express legal recognition of the rights of the LGBTQIA+ peoples. Let us not forget the majority statement in the Ang Ladlad decision:

… Of course, none of this suggests the impending arrival of a golden age for gay rights litigants. It well may be that this Decision will only serve to highlight the discrepancy between the rigid constitutional analysis of this Court and the more complex moral sentiments of Filipinos. We do not suggest that public opinion, even at its most liberal, reflect a clear-cut strong consensus favorable to gay rights claims and we neither attempt nor expect to affect individual perceptions of homosexuality through this Decision…

It is quite clear then, that only a black letter law can remedy the lack of protection for LGBTQIA+ members at this stage, so they can hold this up in the face of the indignities that they go through with members of the judiciary who are less enlightened and are in fact averse to their very presence.

THE SAFE SPACES ACT AND WHAT SHOULD HAVE BEEN DONE AS A MATTER OF JUSTICE

Third, even if the “generally accepted public morals” concerning SOGIE and LGBTQIA+ peoples have not been transplanted into law, the Supreme Court did not mention the Safe Spaces Act which provided the legal framework to sanction what Judge Lorredo did as a crime.

Since the Biblical badgering and homophobic slurs he subjected the complainants to happened in a preliminary conference in court that was held in a public building, that can be considered as a “Gender-Based Streets and Public Spaces Sexual Harassment” defined under Section 4 of this law. The law punishes this act under Section 11 depending on the number of violations the accused had already committed.

Since the respondent judge admitted to having used the Bible in settling 101 cases, it was imperative as a matter of Justice to check just how many times he used the Bible to inflict his homophobic, sexist comments and Biblical badgering against the members of the LGBTQIA+ community who appeared before him prior to the complainants.    

CONCLUSION

It is worth remembering what U.S. Justice Cardozo wrote in the past century: The great tides and currents which engulf the rest of men, do not turn aside in their course, and pass the judges by [Benjamin N. Cardozo [The Nature of the Judicial Process 168 (1921)]. Their conduct, as well as their decisions, impact the lives of the parties, and those who depend on these parties, that appear before them. They are NOT a privileged class and they should not be treated as such.  

Finally, it deserves stating that judges and justices owe their salaries and hefty pensions to Philippine taxpayers which include the members of LGBTQIA+ community. In this current millennium, there is no room in the judiciary for judges/justices who spew hatred, sexism and discrimination on parties that appear before them cloaked in their biblical interpretations, entwined with their judicial actions. Religious beliefs should not be used as an excuse not to dismiss and disbar apparently bigoted judges/justices whose words and actions make the courts even more toxic and hostile to LGBTQIA+ peoples.

Philippine Lawbytes 232: Viral Legal and Judicial Misconduct (Part 3) Overlooking the Constitutional Infractions and Apparent Gross Incompetency in the Lorredo Case, by Dr. Atty. Noel G. Ramiscal

In a befuddling twist in the Lorredo case, the Supreme Court did not agree with the characterization of the Judicial Integrity Board’s finding of gross misconduct, but determined that he was only liable for simple misconduct, conduct unbecoming of a judge, and sexual harassment under Civil Service Commission Resolution No. 01-0940. He was suspended without pay for 30 days, and fined a total of Php50,000.

Judge Lorredo’s Clear Homophobic Aversion and Prejudice Against the LGBTQIA+ Community as Not the Kind of Bias or Prejudice That Would Warrant Removal from the Bench or Disqualification from a Case

In a case that raises questions of “choosiness” and confusion, the Court stated that Judge’s Lorredo’s badgering questions, his Comment to the Complaint, and his comment regarding his fellow judges he view as gays, are homophobic slurs, and established his personal aversion to the complainants whom he viewed as gays, which his God does not like.

However, such level of personal bias or prejudice he exhibited does not meet the judicial standards for a bias or prejudice to inhibit or disqualify a judge from a case or overturn a ruling. For partiality to be established, the Court reiterated that: (1) there must be adequate evidence to prove the charge; (2) there must be showing that the judge had an interest, personal or otherwise, in the prosecution of the case at bar; and (3) the bias and prejudice must have stemmed from an extra-judicial source and result in an opinion on the merits on some basis other than what the judge learned from his participation in the case (Cabañero v. Cañon, A.M. No. MTJ-01-1369 (Formerly A.M. OCA LP.I. No. 99-784-MTJ), September 20, 2001, 365 SCRA 425). Here, the Court observed that none of the elements were present, and in particular, Judge Lorredo was able to justify his actions because the complainants had no right to the occupied property.

With respect, this ethics case is far removed from the elements established in the Cabañero case. This case was not about Judge Lorredo’s having any legal basis for saying that the complainants had no right to occupying the house they were being evicted from.

This case was about his unethical horrendous treatment of the complainants thru his relentless badgering about their sexual orientation which is a matter that is private between the parties, and had objectively nothing to do with their eviction.

Judge Lorredo overstepped the judicial boundaries of decency, propriety and legality, when he badgered the complainants about their sexual orientation, and used the Bible, or more accurately, his interpretation of some unstated parts of the Bible which he used as the foundation, to make a very discriminatory statement against the complainants (i.e., God is punishing them for being homeless because they are gays) which he believed to be related to their eviction, and to shame them to settle the case! This is an egregious example of judicial perversion of both the Bible and the law, that must be exposed to all and sundry.

Judge Lorredo’s Admitted and Repeated Intentional Disregard for the Constitutional Rule on the Separation of Church and State and Proscription Against Biblical Badgering and Apparent Gross Incompetency  

The Supreme Court stated that in “order to differentiate gross misconduct from simple misconduct, the elements of corruption, clear intent to violate the law, or flagrant disregard of established rule, must manifest in the former” (Office of the Court Administrator v. Reyes, A.M. No. RTJ, 17-2506, November 10, 2020, p. 9, cited in fn 61 of this case, bold, italicized, underlined emphasis supplied). The Court noted that none of these elements were present.  

The Supreme Court overlooked the significance of his admissions which included him having “admitted to having settled 101 cases using the Bible”!

The 1987 Constitution proscribes that the separation of the State from the Church “shall be inviolable” (Article II, Section 6) which prohibit judges from using their religious beliefs to interfere with their functions, and affect their judgments. Furthermore, the same Constitution mandated that all court decisions must state “clearly and distinctly the facts and the law on which it is based” (Article VIII, Section 14). Nowhere did it state the inclusion of the Bible.

The Court noted in its decision that respondent judge had, in this particular case, allowed “his religious beliefs to impair his judicial functions” (p 15). In admitting he settled 101 cases using the Bible, he had clearly, intentionally, and flagrantly violated the Constitutional rules 101 times, resulting in 101 instances of gross misconduct!

It is also a red flag indicator of the apparent gross incompetency of the respondent judge to conduct a proper preliminary conference. The Judicial Integrity Board (JIB) stated in its decision that “he should be advised to study and learn how to conduct preliminary conference” (see fn 21 of the Supreme Court decision). Obviously settling 101 cases by using the Bible is NOT the proper way to conduct preliminary conferences, from the JIB perspective. And nowhere in the Rules covering preliminary conferences and pre-trial conferences is the use of the Bible allowed or mentioned.

Unfortunately, the Supreme Court did not look into any of the 101 instances of intentional violations of the Constitutional rules, nor did it give any attention to the recommendation of the JIB, which reflect on the apparent gross incompetency of respondent judge.  It ruled only on this specific case as an apparent separate instance.

Had the Supreme Court considered the cumulative amount and impact of the 101 violations the respondent Judge admittedly committed, and his evident incompetency in handling preliminary conferences, it stands to reason that the penalties imposed upon the respondent judge should have been greater, and can possibly be enough to remove him from the Bench, and even the Bar.

Philippine Lawbytes 231: Viral Legal and Judicial Misconduct (Part 2) The Sexual Harassing Bible Badgering METC Judge, Jorge Emmanuel Lorredo, by Dr. Atty. Noel G. Ramiscal

Taking a cue from Gadon’s point of the Court being “choosy” in its application of the ethics rules, I would like to bring to the attention of those who may not be aware of the Supreme Court’s decision in a 2022 administrative case re a judge that might have been missed by almost all LGBTQIA+ members, activists, advocates, and allies. This is the case of Marcelini Espejon and Erickson Caboneta v. Judge Jorge Emmanuel Lorredo, A.M. No. MTJ-22-007 (Formerly OCA IPI No.19-3026-MfJ), dated March 9, 2022.

The brunt of the ethics complaint against this presiding judge of Branch 26, MeTC of Manila is his sexual harassment of the two complainants who appeared before him in a preliminary conference regarding an eviction case. The sexual harassment took the form of his badgering the complainants with repeated recorded questions and insinuations concerning what he perceived to be their sexual orientation, i.e., homosexuality, which he disapproved of, since according to him, his God dislikes homosexuals. The following is an example of his “questioning” at the preliminary conference:  

The Supreme Court noted another of his recorded statements in open court putting the blame of unfortunate events, this time, the death of a child due to the Dengvaxia vaccine, on the sexual orientation of a party, thus: 

“Pagkabading, tomboy, lesbian, ayaw ng Diyos ‘yun” and “So, pag meron kang lesbian relationship, paparusahan ‘yung anak mo. Dengvaxia di ba? Kayo din kasi may kasalanan din sa Diyos… May sin siya, lesbianism. Oh paparusahan yung anak niya, yung apo niya”

[Dr. Atty. Ramiscal’s English Translation: Those gays, lesbians, God does not like them…So if you have a lesbian relationship, your child will be punished. It’s Dengvaxia right? That’s because you have sinned against God…She has sinned, lesbianism. Her child, grandchild will be punished, p 11, see also SC Public Information Office Statement “SC Adopts JIB Recommendation, Suspends Judge for Uttering Homophobic Slurs in Court”, July 7, 2022, Reported In: https://news.abs-cbn.com/news/07/07/22/sc-suspends-manila-judge-over-homophobic-remarks; and https://malaya.com.ph/news_news/sc-suspends-judge-showing-prejudice-to-gay-people/]

On the same proceedings, he also remarked on the travails of fellow judges whom he perceived are “bading” (gay):

Going further along the TSN of Civil Case No. M-MNL-18- 08450-SC, even Judge Lorredo’s co-judges were not spared from his self righteous observations:

COURT: Daing Judge bad[i}ng eh. Pag kinakausap ka hindi naman, akala mo mas marunong sila sa Bible eh.

(Dr. Atty. Ramiscal’s English translation: Complaint of gay judge. If they talk to you, you would think they know more than the Bible)

xxxx

COURT: Kasi ang titigas ng ulo eh. Judge daw si!a, akala nila alam na nila. Puro sakit. Pagka, nagla-lunch kami kinukuwento niya, sakit ng tuhod, di maka-akyat dito, puro pr[o]blema sa staff niya, kasi pagka-bad[i]ng, tomboy, lesbian, ayaw ng Diyos yun. x x x

(Dr. Atty. Ramiscal’s English translation: They are all stubborn. They think they know everything because they’re judges. But they have pains. If we have lunch, they would tell of their pains on their knee, they could not climb, they’re filled with problems with their staff, this is because God does not like gays, lesbians).

In his own Comment to the Complaint, he explained it was merely his intention to warn complainants about his God’s dislike for homosexuals. He expressly stated that “[b]eing a homosexual pervert x x x may be one of the reasons why a person is being punished by God with not having a home of his own and with being ejected.” According to him, as well, “squatters or people who have no place to call their own are being punished by God for their sins or for the sins of their ancestors.” Judge Lorredo cited Biblical passages to bolster his opinions and concluded that homosexuality was material in the case, which was all about ejectment.

Philippine Lawbytes 230: Viral Legal and Judicial Misconduct (Part 1) The Disbarred Lorenzo Gadon, by Dr. Atty. Noel G. Ramiscal

In June 28, 2023, news broke that the infamous Lorenzo Gadon, whose lambasts against the supporters of the former Supreme Court Justice Sereno as “bobo”, “tanga” and “putang ina mo”, went viral, was disbarred unanimously by the Philippine Supreme Court for his misogynistic, sexist, and abusive remarks addressed to the journalist Raissa Robles, which was contained in another viral video [The case was docketed as A.C. No. 13521 [Formerly A.M. No. 21-12-05-SC] (Re: Resolution dated January 4, 2022 in A.M. No. 21-12-05-SC against Atty. Lorenzo G. Gadon) and was decided by the court on June 27, 2023].

In an interview with ANC, Gadon stated that the Supreme Court’s disbarment decision was politically motivated, and showed the Court being “choosy” in dispensing its disciplinary authority, citing the alleged infractions done by other lawyers who remained unpunished (Gadon: SC disbarment ‘purely political’, doesn’t really matter to me, ANC, https://www.youtube.com/watch?v=LfgrPzyQXXk). In the interview, he said that the Supreme Court did not see the context of why he uttered such remarks, and furthermore he had no regrets in doing what he did because his president (Bongbong Marcos) won the last presidential elections.

For those who are interested, the video containing his remarks against Robles, showed him spewing again and again four specific denigratory remarks, translated in English by me: putang Ina mo (your mother is a whore); puki ng ina mo (your mother’s vagina) hindot ka (f*ck you), and magpakantot ka sa aso (get yourself f*ck*d by a dog) as his response to Robles’ allegations that Bongbong Marcos is a tax evader [https://www.youtube.com/shorts/CIAfTxrYKpM]

Disbarred Lorenzo Gadon’s Bilious Rant Against Journalist Raissa Robles

In disbarring him, the Court ruled that the video clip as “indisputably scandalous that it discredits the legal profession.” Citing Canon II on Propriety, of the 2023 Code of Professional Responsibility and Accountability, which imposes the standard that “[a] lawyer shall, at all times, act with propriety and maintain the appearance of propriety in personal and professional dealings, observe honesty, respect and courtesy, and uphold the dignity of the legal profession consistent with the highest standards of ethical behavior” the Supreme Court pointed out that Gadon unfortunately failed to realize that lawyers are expected to avoid scandalous behavior, whether in their public or private life.

The ruling reminded all lawyers that the “privilege to practice law is bestowed only upon individuals who are competent intellectually, academically and, equally important, morally. xxx xxx xxx There is no room in this noble profession for misogyny and sexism. The Court will never tolerate abuse, in whatever form, especially when perpetrated by an officer of the court” (https://sc.judiciary.gov.ph/court-unanimously-disbars-atty-lorenzo-larry-gadon-for-misogynistic-sexist-abusive-and-repeated-intemperate-language/). I do not dispute the Supreme Court’s unanimous decision on this case.

I do not dispute the Supreme Court’s unanimous decision on this case. Viewing the video clip is a particularly jarring, and unpleasant experience, for just about anyone who expects a modicum amount of civility as a requisite for surviving and dealing with members of any community, let alone from a supposed member of a profession that prides itself in protecting the Law as a “temple of justice” [Religious Affairs. vs. Estanislao R. Bayot (74 Phil. 579 (1944)]. It is also an example of how extreme the cult of personality and politics can rabidly mix and manifest, which is a potent recipe for electoral disasters and divisiveness in our already fractured society.