In this Part, I state the reasons that I have advanced in my lectures for different stakeholders in the Philippines, why the Supreme Court’s February 11, 2014 decision legalizing spamming is erroneous and deleterious to the online, personal and even economic well being of the targeted victims of spammers.
There are different kinds of spams. Unsolicited commercial communications sent through emails are the original and popular manifestations of spam. Spams sent through instant messaging services are denominated “spims”. Spams that appear through text messaging or “push messaging” are also known as “smishes”.
In my April 11, 2016 MCLE lecture for UP IAJ, and my August 12, 2016 MCLE lecture for the Department of Foreign Affairs lawyers and foreign service officers, I gave the example of a lawyer who was suspended for spamming and eventually disbarred for other reasons in the U.S. Known as a “father” of spamming, Laurence Canter sent emails advertising his immigration practice to several thousands of individuals and Internet groups in 1994, when there was as yet no law prohibiting spamming. He was found guilty of violating legal ethical prohibitions on law advertising and misrepresentation since he was not a certified immigration law specialist. He received a one year suspension of his law license in Tennessee which he was made to serve concurrently with disbarment for his other infractions that included writing bouncing checks, neglecting cases and conversion of his clients’ funds.
Dr. Atty. Noel G. Ramiscal’s DFA MCLE LECTURE, August 12 2016
In my lectures for different Integrated Bar of the Philippines (IBP) Chapters last year and this year, and for the UP IAJ and ACLEx, on the topics of electronic evidence and in cybercrimes, I discuss how spams which contain seemingly innocent messages, can be the vehicles for malware and fraudulent e-scams. Scams can be the carriers of malicious codes or attachments that contain viruses, worms or Trojan horses.
Dr. Ramiscal at ACLEX MCLE lecture, July 22, 2016
Spam messages are sent in phishing scams. The U.S. Department of Justice defines phishing as the “creation and use of e-mails and Web sites–designed to look like e-mails and Web sites of well-known legitimate businesses, financial institutions, and government agencies–in order to deceive Internet users into disclosing their bank and financial account information or other personal data such as usernames or passwords.” In one type of phishing scam that I showed in my August 3, 2016 lecture for the Bank of Philippine Islands officers and employees, which involved a bank, the professional looking email emulated the bank’s correspondence style and logo and placed a link on a rogue bank site which, when clicked would ask the user to enter their bank password and other log-in details to steal the funds of the user. These spams used in spear phishing scams target specific groups of individuals whose email addresses have been collected or compromised and can be quite convincing.
The National Privacy Commission (NPC), the Department of Communication Information Technology and the National Telecommunications Commission (NTC) must seriously consider this matter.
From the perspective of the privacy advocate, spams are tangible manifestations of wrongful use of personal e-data, e.g., names, email addresses, and bank memberships that are harvested by search engines, crawlers, trawlers of ISPs, online social networks, and electronic databases, which are used and maintained by e-data aggregators, which sell these data, or by blackhats that steal these data to launch their attacks.
Spams are visible expression of manipulation of personal e-data since they are targeted to predefined unsuspecting recipients whose personal e-data had been processed, without their consent. Furthermore, spamming is proof that the personal information of a data subject had been breached without the data subject’s consent.
In the hands of botmasters, who have command of thousands of compromised computers called zombies, spams sent by zombie PCs can be the means of unleashing a distributed denial of service (DDoS) attacks on specific targets for the right price. When this happens, a targeted account or user would not be able to read or even access his/her emails, since the spams can be so voluminous as to clog the target’s email system. In this case, the right to read emails, even unsolicited ones, which the Supreme Court upheld to be a constitutional right, would be denied to the target, due, ironically, to the unsolicited spams!
Dr. Atty. Ramiscal in one of his MCLE lectures for the IBP Leyte
The Philippine Supreme Court’s position on this matter is truly contrary to the position in other jurisdictions. For instance, the drafters of the Cybercrime Convention did not specifically nor expressly named spamming as a cybercrime. But they viewed it as a form of illegal interference that could fall under Article 5 of the Convention on “System Interference”. Spamming is considered a form of “computer sabotage” where the sending of data to a particular system in such a form, size or frequency is such that it has a significant detrimental effect on the ability of the owner or operator to use the system, or to communicate with other systems. U.S. courts have ruled that sending spam in quantities that place unreasonable burdens on e-mail networks constitutes a type of DDoS attack [See for example, CompuServe. Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1022 (S.D. Ohio 1997); and White Buffalo Ventures, LLC v. Univ. of Texas at Austin, 420 F.3d 366, 377 (5th Cir. 2005).
The invalidated Section 4(c)(3) of Republic Act 10175 contained conditions against spamming which are tailored to prevent the sending of harmful malicious ads that can bring viruses, in which the addressee has no option to opt-out once they open the email. The Supreme Court should have analyzed those conditions first before concluding erroneously that all unsolicited ads are legitimate forms of expression.
From the foregoing, the blanket characterization by the SC that unsolicited spams are legitimate manifestations of the constitutional freedom of expression is legally indefensible, void of technical validity and lack jurisprudential support from other jurisdictions. Spams that harm computing systems by clogging access to email accounts, or used as the means to “phish” for personal information to the detriment of the recipient, or as the vehicles for computer viruses and malware are not, and should not be considered legitimate forms of constitutionally protected speech.
In what is probably the height of cruel irony, any spammer now can have a cause of action against Philippine entities that prohibit spamming, and any spammer that uses spam to commit DDos attacks, or phishing scams, or ID theft, can justify the legality of their actions and escape criminal liability because of the Philippine Supreme Court decision.
Dr. Atty. Noel G. Ramiscal with DFA Office of Legal Affairs, Exec. Dir. Atty. Leo Ausan Jr.
The newly constituted NPC and the DCIT, and the NTC, with the assistance of all concerned citizens should seek for a declaratory relief, or any other form of relevant relief, to overturn this invalid decision that could had, or could still wreak disastrous mischief and havoc on the personal information of millions of connected Philippine “data subjects”.
Dr. Atty. Noel G. Ramiscal at the DFA, August 12 2016 with Atty Arevalo and AttyFSO Donna F. Gatmaytan
As always, my deep heartfelt gratitude to all the MCLE providers, organizers, lawyers, universities, students, IT professionals, other professional organizations and stakeholders who have given me the opportunity and the platform to spread the gospel and my advocacies on Cyber Law to the different parts of the Philippines!
Some BPI employees who attended Dr. Ramiscal’s AUGUST 3 2016 lecture
Some BPI employees who attended Dr. Ramiscal’s AUGUST 3 2016 lecture
Special acknowledgment to: the BPI LEADr, BPI University, Attys. Lito Viniegra and Paul Ysmael, Esq. Dennis Soto, and Mr. Roberto Mercado and all the wonderful BPI officials and employees; the UP IAJ, Prof. Patricia Daway, Atty. Armand Arevalo, Ms. Mabel Perez, Ms. Evelyn Cuasto, Ms. Zen Antonio, and all the amazing staff; The ACLEx and its President, Mr. Roberto Borromeo, the gorgeous CEU School of Law Associate Dean, Atty.Ritalinda Jimeno, and Mr. Alex Canata; The IBP National, IBP Bulacan, IBP CALMANA, IBP Laguna, IBP Leyte, IBP Negros Oriental, IBP Lanao del Norte, IBP Batangas, IBP Misamis Oriental, IBP Nueva Vizcaya, IBP Nueva Ecija, IBP IBP Cavite, IBP PPLM, and all their splendid officers and helpful staff; The Globe Telecommunications officers and lawyers; The Department of Foreign Affairs lawyers and Foreign Service Officers, particularly their Executive Director for the Office of Legal Affairs, Atty. Leo Tito Ausan Jr., and my truly fabulous UST and UP schoolmate, Atty. Donna Celeste Feliciano Gatmaytan! Mabbalo! Dios ti Agnina! Daghang Salamat! Salamalaikum!
Philippine Law Bytes: TheCyberLawyer Issues by Dr. Attorney Noel Guivani Ramiscal 