Lawbytes 114: Why the Supreme Court’s legalization of Spamming should be overturned and what the NPC, DCIT and the NTC should do [Part 2] Copyright by Dr. Atty. Noel G. Ramiscal

In this Part, I state the reasons that I have advanced in my lectures for different stakeholders in the Philippines, why the Supreme Court’s February 11, 2014 decision legalizing spamming is erroneous and deleterious to the online, personal and even economic well being of the targeted victims of spammers.

There are different kinds of spams. Unsolicited commercial communications sent through emails are the original and popular manifestations of spam. Spams sent through instant messaging services are denominated “spims”. Spams that appear through text messaging or “push messaging” are also known as “smishes”.

In my April 11, 2016 MCLE lecture for UP IAJ, and my August 12, 2016 MCLE lecture for the Department of Foreign Affairs lawyers and foreign service officers, I gave the example of a lawyer who was suspended for spamming and eventually disbarred for other reasons in the U.S. Known as a “father” of spamming, Laurence Canter sent emails advertising his immigration practice to several thousands of individuals and Internet groups in 1994, when there was as yet no law prohibiting spamming. He was found guilty of violating legal ethical prohibitions on law advertising and misrepresentation since he was not a certified immigration law specialist. He received a one year suspension of his law license in Tennessee which he was made to serve concurrently with disbarment for his other infractions that included writing bouncing checks, neglecting cases and conversion of his clients’ funds.

Dr. Atty. Noel G. Ramiscal’s DFA MCLE LECTURE, August 12 2016

In my lectures for different Integrated Bar of the Philippines (IBP) Chapters last year and this year, and for the UP IAJ and ACLEx, on the topics of electronic evidence and in cybercrimes, I discuss how spams which contain seemingly innocent messages, can be the vehicles for malware and fraudulent e-scams. Scams can be the carriers of malicious codes or attachments that contain viruses, worms or Trojan horses.

Dr. Ramiscal at ACLEX MCLE lecture, July 22, 2016

Spam messages are sent in phishing scams. The U.S. Department of Justice defines phishing as the “creation and use of e-mails and Web sites–designed to look like e-mails and Web sites of well-known legitimate businesses, financial institutions, and government agencies–in order to deceive Internet users into disclosing their bank and financial account information or other personal data such as usernames or passwords.” In one type of phishing scam that I showed in my August 3, 2016 lecture for the Bank of Philippine Islands officers and employees, which involved a bank, the professional looking email emulated the bank’s correspondence style and logo and placed a link on a rogue bank site which, when clicked would ask the user to enter their bank password and other log-in details to steal the funds of the user. These spams used in spear phishing scams target specific groups of individuals whose email addresses have been collected or compromised and can be quite convincing.

The National Privacy Commission (NPC), the Department of Communication Information Technology and the National Telecommunications Commission (NTC) must seriously consider this matter.

From the perspective of the privacy advocate, spams are tangible manifestations of wrongful use of personal e-data, e.g., names, email addresses, and bank memberships that are harvested by search engines, crawlers, trawlers of ISPs, online social networks, and electronic databases, which are used and maintained by e-data aggregators, which sell these data, or by blackhats that steal these data to launch their attacks.

Spams are visible expression of manipulation of personal e-data since they are targeted to predefined unsuspecting recipients whose personal e-data had been processed, without their consent. Furthermore, spamming is proof that the personal information of a data subject had been breached without the data subject’s consent.

In the hands of botmasters, who have command of thousands of compromised computers called zombies, spams sent by zombie PCs can be the means of unleashing a distributed denial of service (DDoS) attacks on specific targets for the right price. When this happens, a targeted account or user would not be able to read or even access his/her emails, since the spams can be so voluminous as to clog the target’s email system. In this case, the right to read emails, even unsolicited ones, which the Supreme Court upheld to be a constitutional right, would be denied to the target, due, ironically, to the unsolicited spams!

Dr. Atty. Ramiscal in one of his MCLE lectures for the IBP Leyte

The Philippine Supreme Court’s position on this matter is truly contrary to the position in other jurisdictions. For instance, the drafters of the Cybercrime Convention did not specifically nor expressly named spamming as a cybercrime. But they viewed it as a form of illegal interference that could fall under Article 5 of the Convention on “System Interference”. Spamming is considered a form of “computer sabotage” where the sending of data to a particular system in such a form, size or frequency is such that it has a significant detrimental effect on the ability of the owner or operator to use the system, or to communicate with other systems. U.S. courts have ruled that sending spam in quantities that place unreasonable burdens on e-mail networks constitutes a type of DDoS attack [See for example, CompuServe. Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1022 (S.D. Ohio 1997); and White Buffalo Ventures, LLC v. Univ. of Texas at Austin, 420 F.3d 366, 377 (5th Cir. 2005).

The invalidated Section 4(c)(3) of Republic Act 10175 contained conditions against spamming which are tailored to prevent the sending of harmful malicious ads that can bring viruses, in which the addressee has no option to opt-out once they open the email. The Supreme Court should have analyzed those conditions first before concluding erroneously that all unsolicited ads are legitimate forms of expression.

From the foregoing, the blanket characterization by the SC that unsolicited spams are legitimate manifestations of the constitutional freedom of expression is legally indefensible, void of technical validity and lack jurisprudential support from other jurisdictions. Spams that harm computing systems by clogging access to email accounts, or used as the means to “phish” for personal information to the detriment of the recipient, or as the vehicles for computer viruses and malware are not, and should not be considered legitimate forms of constitutionally protected speech.

In what is probably the height of cruel irony, any spammer now can have a cause of action against Philippine entities that prohibit spamming, and any spammer that uses spam to commit DDos attacks, or phishing scams, or ID theft, can justify the legality of their actions and escape criminal liability because of the Philippine Supreme Court decision.

Dr. Atty. Noel G. Ramiscal with DFA Office of Legal Affairs, Exec. Dir. Atty. Leo Ausan Jr.

The newly constituted NPC and the DCIT, and the NTC, with the assistance of all concerned citizens should seek for a declaratory relief, or any other form of relevant relief, to overturn this invalid decision that could had, or could still wreak disastrous mischief and havoc on the personal information of millions of connected Philippine “data subjects”.

Dr. Atty. Noel G. Ramiscal at the DFA, August 12 2016 with Atty Arevalo and AttyFSO Donna F. Gatmaytan

As always, my deep heartfelt gratitude to all the MCLE providers, organizers, lawyers, universities, students, IT professionals, other professional organizations and stakeholders who have given me the opportunity and the platform to spread the gospel and my advocacies on Cyber Law to the different parts of the Philippines!

Some BPI employees who attended Dr. Ramiscal’s AUGUST 3 2016 lecture

Some BPI employees who attended Dr. Ramiscal’s AUGUST 3 2016 lecture

Special acknowledgment to: the BPI LEADr, BPI University, Attys. Lito Viniegra and Paul Ysmael, Esq. Dennis Soto, and Mr. Roberto Mercado and all the wonderful BPI officials and employees; the UP IAJ, Prof. Patricia Daway, Atty. Armand Arevalo, Ms. Mabel Perez, Ms. Evelyn Cuasto, Ms. Zen Antonio, and all the amazing staff; The ACLEx and its President, Mr. Roberto Borromeo, the gorgeous CEU School of Law Associate Dean, Atty.Ritalinda Jimeno, and Mr. Alex Canata; The IBP National, IBP Bulacan, IBP CALMANA, IBP Laguna, IBP Leyte, IBP Negros Oriental, IBP Lanao del Norte, IBP Batangas, IBP Misamis Oriental, IBP Nueva Vizcaya, IBP Nueva Ecija, IBP IBP Cavite, IBP PPLM, and all their splendid officers and helpful staff; The Globe Telecommunications officers and lawyers; The Department of Foreign Affairs lawyers and Foreign Service Officers, particularly their Executive Director for the Office of Legal Affairs, Atty. Leo Tito Ausan Jr., and my truly fabulous UST and UP schoolmate, Atty. Donna Celeste Feliciano Gatmaytan! Mabbalo! Dios ti Agnina! Daghang Salamat! Salamalaikum!

Lawbyte 112: ENCRYPTION OR CRYPTOGRAPHY AS A HUMAN RIGHTS AND PRIVACY TOOL AGAINST GOVERNMENT ABUSES AND CYBERPRIVACY PREDATORS, WHAT THE NATIONAL COMMISSION ON PRIVACY, DTI AND DCIT MUST DO, AND IBP BULACAN’S HUMANITARIAN OUTREACH PROGRAM

Over the last five years and since the start of this year, I have informed all the people who have attended and cared enough to listen to my lectures and guest stints in different fora about the importance of cryptography, which is all about the science and art of encrypting messages, documents and images, in mathematical algorithms, and in some cases with biological, DNA, and nanomolecular ciphers, to retain the secrecy of the encrypted data, and prevent unauthorized eyes (of embittered spouses, disgruntled employees, curious hackers, nefarious crackers, unfriendly and friendly governments) from discovering the content, which could mean the saving or wrecking of countless lives, the toppling of dictatorships and the crashing of economies.

The Private Launching of my book on Cryptology

The discussion of the science and law of cryptography is central to my most recent book “Cryptology: The Law and Science of Electronic Secrets and Codes”, which I am glad to say, finally saw the light of a launching, albeit privately, last June 18, 2016 at the Makati Shangrila, during the General Assembly of the Philippine Australian Alumni Association (PA3i) members from all parts of the Philippines. In this private launching, I apprised the PA3i members of the essential hows and whys of cryptography and its impact on their lives. Since the theme of the event pertains to the fundamental bonds of friendships and links between the Philippines and Australia, I stated that my cryptology book could not have been written by me, without the influence of Australia on me, personally and professionally.

The private launching of Dr. Ramiscal’s CRYPTOLOGY book during the PA31General Assembly at MAKATI SHANGRILA, June 18, 2016

I was introduced to cryptology via my “Law and Internet” Master class way back in 1999 where the first word I deciphered using the PGP software was “apple”. The ramifications of this technology and the multidisciplinary fields that gave rise to it shook me to the core! I remember staying up way into the morning and staring at the Brisbane river as the sun rises, thinking that Einstein and Heisenberg were on some kind of intellectual drug for them to come up with otherworldly theories that have seen some awesome demonstrations as the years have gone by. It was in Australia where I felt real genuine freedom in academic research and inquiry, and I am forever grateful to the University of Queensland and its law faculty for supporting me in my Master of Laws (Advanced) and my Ph.D in law studies and research. Australia is one of those countries that have a sophisticated understanding of the grasp and reach of cryptology. As part of my recommendations in my book, I proposed that the Philippine government should look into the Australasian Information Security Evaluation Program (AISEP) used in Australia that reviews, among others, the source codes of cryptographic products. The Defense Signals Directorate (DSD) conducts a DSD Cryptographic Evaluation (DCE) “to analyse a product to determine whether the security architecture and cryptographic algorithms used have been implemented correctly and are appropriately strong for the product’s intended use by the recommending government agency.” This efficient and effective program is light years apart from the way that the COMELEC had handled source code reviews for the Automated Election Systems used in the 2010, 2013 and 2016 elections.

Dr. Atty. Noel G. Ramiscal with Her Excellency, the Australian Ambassador Amanda Gorely, June 18, 2016

My great appreciation to Her Excellency, the indefatigable and inimitable Australian Ambassador Amanda Gorely!
Heartiest thanks are in order to the brilliant and generous officers of PA3i, most especially to Ms. Vivian Valdez, Mr. Arvin Yana, Col. Ariel Querubin, Atty. Teresita Tuazon, Dr. Jean Loyola, Mr. Vic Badoy, Ms. Abee Generao and Mr. Ramon Santos, and of course to the fabulous PA3i members, some of whom are Drs. Rey Ramos, Fe Hidalgo, Wendell Capili and Emanuel Florido, Attys. Ma. Nena German and John Titus Vistal, Messrs. Joey Baril, Jay Juan, Edson Lopez, Greg Quimio, Kitz Arellano, Jong Belano, Ruel Limbo, the spouses Freddie and Norma Fajardo, Ms. Neri Torreta, and Ms. Dane Zuyco (apologies to the very many whose names I cannot remember). Congratulations as well to all 2016 Australian Alumni Awards Nominees and Winners, some of whom I had been privileged to meet, including, Ms. Loda Grace Dulla, Mr. Arsenio Ella and Chief Inspector Kimberly Molitas! They all make us proud!

How Cryptography has become a Crucial Liberation Technology

I expounded on the extent of cryptography and its significance in the digital global world in my MCLE lectures for the Philippine Deposit Insurance Corporation (January 28, 2016), the Arellano Law Foundation (February 27, 2016), the IBP Leyte (April 29, 2016), the IBP Negros Oriental (May 17, 2016), UP IAJ (July 2, 2016), the IBP Lanao del Norte (July 12, 2016), the ACLEx (July 22, 2016) and the most recent being the IBP Bulacan Chapter (July 23, 2016).

Dr. Ramiscal’s MCLE Lecture on Cryptology for the ALF, MIDAS HOTEL, FEB 27 2016

I strove to explain the mathematical and scientific bases for the cryptographic products that are being sold or developed by research institutions in different parts of the world, and how the multidisciplinary fields and endeavors that nurture cryptology are being threatened by the stringent export and licensing restrictions of countries implementing the Wassenaar Arrangement, which was geared at stopping the flow of cryptographic products to states that have known terrorist elements.

Dr. Atty. Noel G. Ramiscal’s MCLE lecture at PDIC last JANUARY 28, 2016

To be candid, this is easy to understand. There are infamous criminals and criminal activity that rely on cryptology to assure their continued operations. Cryptographic products have been implicated in drug trafficking, human trafficking, arms trafficking, online child pornography, murders for hire, and a slew of criminal conduct. It was said that the late Osama bin Laden used to send his extermination orders via encrypted text messages.

But, cryptography is also a beacon of hope, trust, and survival. As a tool for securing basic human rights to life, liberty, security and privacy, I highlight the fact that many international human rights organizations including Amnesty International rely on strong cryptographic software to secure their information. The Onion Router (TOR) system which relies on a system of virtual encrypted channels operated by exit node operators has been considered a crucial “liberation” technology. This allows a tool for the masses to reveal government corruption, oppression, tortures and killings motivated by politics, religion, money and greed, and escape the censorship and wrath of these governments. In the memorable Arab Spring, I tell and show the audiences of the tragic story of Neda Agha Soltan, a woman targeted by a Basilij sniper, all because she loved to sing passionately, about her life in Iran, and how the video of her murder and the picture of her dead face with the disjointed eyes, managed to get worldwide circulation, through the TOR system. That was one of the crucial moments when millions of people all over the globe became overnight activists and Neda Agha Soltan became an iconic image of the oppressed and silenced victims of tyranny and intolerance everywhere.

Dr. Ramiscal’s CRYPTOLOGY lecture for UPIAJ, July 2, 2016

Finally, cryptography is a first line of defense against all forms of unwarranted and illegal access or intrusions into the personal, sensitive information of natural and juridical persons. It is also a technology that is at the core of many personal and business transactions that involve currency. As I point out in all my lectures, every time anyone types their PIN or access codes into an ATM or secure website, cryptographic techniques are employed. I apprised the lawyers who attended my IBP Bulacan lectures last July 23, 2016, that cryptography is also at the heart of the Europay Mastercard Visa (EMV) chip cards that the Bangko Sentral ng Pilipinas have mandated all Philippine banks to roll out by January 2017! I also mentioned this fact in my July 22, 2016 lecture for the ACLEx. Apparently, this fact is not well known among the lawyers in these two fora, because only one lawyer professed to know about this.

Dr. Noel G. Ramiscal donating a copy of his Cryptology book to the CEU Law Library thru ACLEX’s Mr. Canata

The importance of cryptography in all our lives is such that I have been donating copies of my books to several universities in the Philippines as part of my advocacies as a Law and I.T. Evangelist to spread the word about the proper appreciation and ethical use of cryptography. Greatest gratitude to the UP IAJ, the different IBP Chapters all over the Philippines, the ALF, and the ACLEX for providing me with the opportunity to impart the current trends and important rules that pertain to the protection of the rights of digital denizens to my fellow brothers and sisters in Law and Life!

DR. ATTY. NOEL G. RAMISCAL DONATING COPY OF HIS CRYPTOLOGY BOOK TO ARELLANO LAW LIBRARY THRU ALF

What the National Privacy Commission (NPC), Department of Trade and Industry (DTI), and the Department of Communication Information Technology (DICT) should do to secure the e-data of millions of Philippine citizens from security breaches

In the Philippines, the awareness of cryptography began with the famous case filed by Atty. Harry H. Roque Jr. (who is now a Congressman) against the Commission on Election (COMELEC) in the latter’s use of the AES machines in 2009. Due to the current hearings on the I.R.R. on Data Privacy Law, interest in cryptography has newly arisen.

In my lecture for the MERALCO lawyers last June 24, 2016, on the “Legal Challenges and Complications of the Data Privacy Law”, I told the lawyers that I have been involved with the Data Privacy bills that were being pushed since 2008. In fact I was even a Technical Consultant of the former Commission on Information Communication Technology (CICT) and wrote a white paper on the cyberprivacy bills, before the CICT was downgraded into the ICTO and now formally elevated to the DCIT. This law mentioned “encryption” only once. I protested the fact that it only required encryption of data for purposes of off-site access (see Sec. 23, 3). This huge oversight has apparently been fixed in the current modification of the I.R.R., which has yet to be passed by the NCP.

The security breach of the unique personal information of the over forty million Philippine voters contained in the COMELEC database by Anonymous Philippines, and the subsequent irresponsible, unwarranted and illegal publication of these pieces of information by a U.S. website (wehaveyourdata.com) underscore the grave need to understand cryptography and how it could be used to protect the information of Philippine citizens, and the accountability and criminal liability of irresponsible government agencies. The State of the Nation Address (SONA) of President Duterte last July 25, 2016 showed how keenly he believes that computers and I.C.T. products can actually prevent corruption and lead to efficient public service.

My book traces the legal issues concerning the cryptographic features of the AES machines and the veritable absence of any comprehensive source code reviews by Philippine legitimate source code reviewers since the Roque case up to the 2015 Pabillo case and ties all the related issues, to come up with several major proposals that are quite valid and useful in the legal, political and social milieu of the Philippines after the 2016 elections.

These proposals include overhauling the cryptosystem evaluation of any I.C.T. products that will be sold or used in the Philippines, and making the source code reviews for these products, not a piecemeal process, nor a per agency process, but a systematic process to be overseen by the three agencies I identified, which are the NPC, the DTI and the former Information Communication Technology Office, which has now been upgraded to the DCIT. This must be done to prevent the monumental fiascos committed by the COMELEC in its handling of the source code reviews of the AES machines in the past three automated elections from ever happening again. The justifications and the extensive details of my proposal are in my book.

For this article I desire to emphasize that these agencies, particularly the NPC, must consider not only the AISEP program I referenced earlier, but also the U.S. and Canadian Cryptographic Module Validation Program (CMVP) which the US National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) jointly developed, and the process observed by the Communications-Electronics Security Group (CESG) in the United Kingdom which conducts the CESG Assisted Products Service (CAPS) on cryptographic products. Together with AISEP, these systems or processes establish I.C.T. standards in the proper review of source codes of cryptographic goods.

Another matter that these agencies must look into are the practices of these governments in choosing the right set of cryptographic products to safeguard the data of their respective governments and citizens. The U.S. and Australian government have, for example, selected a suite of cryptographic technologies that are suited for protecting the security, integrity and non-repudiability of different types of electronic data, including digital signatures. These are very important, specially for the NCP, because its I.R.R. placed it as the lead agency when it comes to setting the guidelines for data protection and encryption [See Sec. 9, a., 1. Rule III].

The IBP Bulacan Chapter’s Humanitarian Outreach Program

One of the best things about taking my advocacies to the road is the opportunity to meet new people as well as get in touch with former classmates and schoolmates who are doing so well, not only in their personal and professional lives but in their advocacies as well.

Dr. Atty. Noel G. Ramiscal’s Cryptology MCLE Lecture for IBP Bulacan, July 23, 2016

I was in Bulacan last year and totally enjoyed myself in my MCLE lectures. This year, I was truly amazed at the huge and warm support I got from the lawyers attendees, with the added bonus of seeing and conversing for quite some time with one of my classmates in UP Law, Atty. Pingki Bartolome Bernabe, who was the past IBP Bulacan President. Pingki is one of those kind, brilliant, creative souls, who would do wonders in her life, no matter what profession she is in. She was one of the very few people I could talk with in law school and I felt she never judged me in any way, which meant so much to me during that trying time. My mom and I were quite fortunate and appreciative in joining her in the ride back to Manila in her SUV. She’s got four amazing children, a doting husband, a successful career and a wonderful advocacy that has blossomed into a thriving movement in IBP Bulacan.

Dr. Ramiscal with current IBP Bulacan Pres. Atty. Topico, the past IBP Pres. Atty. Bartolome Bernabe and a lawyer gentleman from Bulacan, July 23 2016

She and the current IBP Bulacan President, the dashing and jovial Atty. Arni Topico, and several other lawyers (including the fabulous Atty. Francine Longid and the suave Atty. Paul Alcudia) have banded together, and through their own resources have given lectures and pro bono services to our overseas foreign workers stationed in different countries. They have been tapping into the international network of pro bono lawyers with strong positive results, working with foreign lawyers and helping acquit some of our countrymen criminally charged in other countries and creating goodwill for our country by helping foreign nationals who get into legal trouble in the Philippines. This year, their group will be presenting a paper in an international conference and will participate in a European summit on pro bono/legal aid service. They are performing a very specialized service that answers a niche need that should be emulated by other IBP Chapters and recognized by the Supreme Court. I am so proud and uplifted by the accomplishments of this group of devoted, exceptional lawyers! May their initiative be blessed with more connections and the necessary funds to make it sustainable! This is a perfect example of lawyers bettering the world with their talents! May their tribe increase and prosper!

Dr. Atty. Ramiscal with the great IBP Bulacan officers, July 23 2016

As always, thank you to the excellent IBP staff of Bulacan, Ms. Aida Oasay, and IBP National, Ms. Flora Arguson. To all the wonderful, gorgeous IBP Bulacan lawyers I met last July 23, 2016, and the great IBP Bulacan officers, I would like to say that it was truly a privilege and an honor to have served as one of your MCLE lecturers! I am genuinely moved by your generousity of Spirit and Kindness. Ilah’s dulce de leche and Eurobake’s inipit, were good, Rosalie’s Suman sa Pinipig were heavenly, but Il-Jamie’s crispy pata is worth coming all the way from Laguna to Bulacan! Thank You! God Bless Us! Insha Allah!

LAWBYTES 111: SHOULD ONE SURRENDER TO THE POLICE THE ACCESS CODES OR DECRYPTION KEYS TO ENCRYPTED DIGITAL CONTENT ONE POSSESSES?

One of the most important issues that I raise in all my lectures at the Mandatory Continuing Legal Education organized by different providers in the Philippines and talks in other fora concerning cyber privacy, data security, and cybercrimes deal with the matter of encrypted content in a person’s or suspect’s electronic devices which are the subjects of searches and seizures, warrantless or not, by the police.

This matter has become an intriguing topic in human rights circles because of the differences in treatment by the law, legal enforcement officers and judicial authorities in different jurisdictions.

In the United Kingdom, the Regulation of Investigatory Powers Act (RIPA) criminalizes the willful non-disclosure of access codes, computer passwords and decryption keys or “keys to protected information” that custodians have in their possession if these keys are relevant in a national security case or child indecency case. The custodian can be imprisoned for five years. In other cases where these codes or keys are not disclosed, the custodians can be jailed for two years.

The Office of the Solicitor General in Australia pushed for an amendment to the Australian Telecommunication Interception Act that would have made it a crime for possessors of pass codes and decryption keys, upon being asked by law enforcement agents, not to reveal such keys, When the said law was finally passed in 2015, it required that “(w)here a service provider encrypts retained data, the service provider must retain the technical capability to decrypt and disclose relevant retained data in a useable form in accordance with a lawful request or requirement under the TIA Act or Telecommunications Act.”

Dr. Atty. Ramiscal lecturing for the MCLE Seminars for the IBP Lanao del Norte

In the Philippines, the Cybercrime Prevention Act authorizes the police, in the search, seizure and examination of computer data to “order any person who has knowledge about the functioning of the computer system and the measures to protect and preserve the computer data therein to provide, as is reasonable, the necessary information, to enable the undertaking of the search, seizure and examination” (Sec. 15). The I.R.R. of the law does not actually add anything to what was said in the law. The 2015 Draft Manual on Cybercrime Investigation by the Department of Justice makes the existence of full disk encryption as a “consideration” in the acquisition of computer data and advises the use of “trusted tools” when volatile data is suspected to have been encrypted. It did not specifically task the law enforcement agents investigating the suspect of asking the latter for decryption keys to decode the encrypted content.

Dr. Atty. Ramiscal in one of his MCLE lectures for the IBP Leyte

Encrypted content is difficult or computationally infeasible to decrypt in cases where the cryptographic software or product used, employed cipher keys that are sufficient in strength, and which there is no efficient algorithm or known attack that can break it. Even if the police manage to make a mirror copy or forensic copy of the hard disk drive of the computer, the encrypted content that resides on this drive may not be decoded or extracted by the police.

Dr. Atty. Noel G. Ramiscal with IBP CALMANA Pres. Atty. John Ibe

As people become more aware of the need to protect their privacy, they will resort to using encryption software which can make investigation of cybercrimes definitely more challenging for the police, who may be tempted to resort to shortcuts. It is in this instance where the police might be tempted to ask, threaten, coerce or cajole a suspect to give up the decryption key or access codes. So the question posed by this article becomes utterly relevant. Unfortunately, there is no Philippine jurisprudence or rule employed by the police on this matter.

In all my MCLE lectures this year on cybercrimes, or electronic evidence, including those for the Integrated Bar of the Philippines Chapters of CALMANA (February 6, 2016), Laguna (February 13, 2016), Makati (March 12, 2016), Leyte (April 29, 2016), Negros Oriental (May 17, 2016) and the latest being Lanao del Norte (July 12, 2016), I apprise the lawyers/attendees of several US cases where the courts have decided that the police have no right to request the disclosure of access codes or decryption keys, as violative of the person’s right against self-incrimination.

Dr. Atty. Ramiscal with some of the gorgeous lawyers and the fabulous Judge Dottie of IBP Lanao del Norte

In 2010, the U.S. District Court for the Eastern District of Michigan in United States v. Kirschner addressed whether a defendant’s Fifth Amendment privilege against self-incrimination extended to the defendant’s computer password. The court analogized a computer password to a wall safe combination that only resides in someone’s mind, in fact it is a product of the mind. This information is testimonial, without which the government cannot pursue its case, and being so, it is therefore protected by the right against self-incrimination.

In a 2012 case, the Eleventh Circuit applied the same principle to decryption keys concerning Doe, a YouTube user who was investigated by the government for sharing child pornography. Since the electronic devices that Doe utilized were all encrypted, the prosecutor ordered him to decrypt the devices. Doe challenged this as a violation of his right against self-incrimination which the Eleventh Circuit upheld. It held that the “decryption and production of the hard drives’ contents would trigger Fifth Amendment protection because it would be testimonial, and that such protection would extend to the Government’s use of the drives’ contents.” The court stated that, “[t]he touchstone of whether an act of production is testimonial is whether the government compels the individual to use the ‘contents of his own mind’ to explicitly or implicitly communicate some statement of fact” that could be incriminatory, and without which the government would not be able to prove its case.

Dr. Atty. Ramiscal with IBP Lanao del Norte Pres. Atty. Gandamra and host Atty. Canizares Mindalano

So defense counsels can look up these cases if their clients accused of any form of cybercrime were placed in a similar situation. However, as I have stressed in my lectures, there is one U.S. case that is an exception to the ruling in these two cases. This case involved Sebastian Boucher who was investigated by the U.S. government for online child pornography. When he was apprehended, his laptop was accessed by a forensic expert who was able to view thousands of child pornography images. But when his laptop was shut down, upon rebooting the police were not able to open the files again because the encryption mechanism kicked in. Boucher refused the police’s order to hand over his decryption key. This time around the court supported the police because, it is already a “foregone conclusion” that his e-devices contained child pornographic images which were already seen by the forensic expert, and thereby solidifying the existence of probable cause against him. So Philippine government prosecutors can utilize the principle found in this case to argue for the government’s right to be presented the access codes or decryption keys to encrypted hard drives or e-devices the incriminating contents of which were already partially viewed by law enforcement agents.

Dr. Atty. Ramiscal receiving an appreciation plaque from IBP Leyte Pres. Atty. Patick Santo and Atty. Nick Esmale reading the citation

I would like to thank all the IBP Chapters officers and staff who had welcomed me and enjoyed their time with me: the fabulous Makati lawyers who gifted me with lemon oil and raspberry vinegar which proved unforgettable; the amiable CALMANA lawyers who were truly hospitable; the convivial Laguna lawyers who were quite appreciative of my insights; kudos to the Negros Oriental/Dumaguete lawyers (IBP Pres. Atty. Riconalla, Attys. Rocky, Elton and Nabi) and staff (Maricar Habanilla, et al) who went all out in making sure that my mother and me were satisfied with our food and accommodation, thank you to the crispy chicharon that lasted for about a week and a half!; heartfelt thank yous are in order to the IBP Iligan lawyers, in particular, their Chapter President, Atty. Khanini Gandamra, Atty. Diosdado Español and Atty. Edgardo Prospero who treated us at Tomyum, the lovely host, Atty. Annabelle Canazares Mindalano, Atty. Angel Lim (who so graciously and generously ferried my mom and me to our destinations and who shared with us his love of music), the very helpful student Ms. Aleah Rakhim, the accommodating IBP staff, Ms. Carandang and Ms. Arguson, and to everyone who made us feel so welcome in Iligan despite the very short stay we had there [the Cheding and dodol are very much appreciated!]; and finally, especial, especial, especial thank yous to all the Leyte lawyers, Attys. Hasmin, Chap, Matriano, Nick Esmale, and of course my UP schoolmate, bar topnotcher and a top notch human being, Atty. Patrick Santo for the grand Tacloban experience! My mom and I are still gushing about the food at Ocho-ocho and we trust we can go back there someday! It was truly an honor and privilege to have met and shared my advocacies with you all! God Bless Us! Insha Allah!