Philippine Lawbytes 235: IBP Dipolog (Part 1): The Bane of Digital Forensic Fraud In the Philippines’ Legal and Judicial Professions, by Dr. Atty. Noel G. Ramiscal

The Integrated Bar of the Philippines (IBP) Dipolog Chapter, in the Zamboanga del Norte province, thru the Head of its Mandatory Continuing Legal Education (MCLE) Committee, and former Dean of the MDCL Law School, Atty. Kenneth Lim, invited me to give two MCLE lectures for their members. I have been to Dipolog twice in the past, and I consider the people here as supremely friendly and supportive. The place is surrounded by magical waters, and steeped in humanistory and lore. So it was with great excitement that I accepted their generous invitation. My 81 year old mother, who had never been to Dipolog, accompanied me on this trip, with our food and lodging courtesy of the IBP, so it was double the pleasure!

Dr. Atty. Noel G. Ramiscal at Dipolog Beach Boulevard Bay Walk, June 20, 2023

We landed on a rainy day, but we were greeted in the airport with the warm company of Atty. Carl Alejandrino, and Mr. Muyco, the driver of the IBP Dipolog President, Atty. Augustus Alegarbes. We were driven to Hotel Ariana, which had comfortable executive suites, and certainly one of the better restaurants in this part of the world, Chloe’s Bistro. A blink of an eye later, it was already June 20, 2023, and my first official day as lecturer with Atty. Ron Enriquez welcoming us, on the way to the venue.  

Dr. Atty. Noel G. Ramiscal prior to his IBP Dipolog June 20 2023 MCLE Lecture on Digital Forensic Fraud

My lecture entitled “Protecting the Legal and Judicial Profession from Digital Forensic Fraud” is the result of my encounters in legal practice with dubious cyberforensic or digital forensic investigators (DFIs) who are tasked with collecting, acquiring, preserving, examining, and reporting the electronic evidence from cybercrimes, and other infractions that are pertinent in civil and administrative cases.

I told the participants that the Philippine Supreme Court and IBP have yet to come up with rules or even initiatives defining with clarity the ethical and legal obligations of digital forensic investigators, the lawyers who present them as experts in Philippine courts, as well as the duties of judges in determining the validity of the qualifications of DFIs, the credibility of their digital forensic investigation reports (DFIRs), and the reliability of the methods and processes they use.

Dr. Atty. Noel G. Ramiscal during his MCLE Lecture on Digital Forensic Fraud with some of the lawyer attendees, June 20, 2023, IBP Dipolog

Lawyers, as agents of the court, and judges are de facto burdened with the task of being evidentiary gatekeepers and weeding out the bad DFIs from the good ones, as well as inadmissible DFIRs, from the acceptable ones. I imparted to the participants several tips and strategies in doing this.

I introduced to the participants the actual educational framework developed by the Commission on Higher Education (CHED) for all forensic scientists, that include DFIs. This little known CHED standard was reviewed by me when I was the Technical Consultant of the former CHED Chairperson, Dr. Patricia Licuanan. I revealed to the participants some of the professional certifications relevant to the work of DFIs and the required proof for presenting these certifications. These are all relevant now due to the revisions made under the 2019 Amendments to the 1989 Revised Rules on Evidence (A.M. NO. 19-08-15-SC).

The significance of the 2018 Rules on Cybercrime Warrants cannot be gainsaid. Private DFIs have argued in criminal cases where the evidence they collected, acquired, investigated, reported and testified in court, are not covered by the rigorous requirements of these Rules. But I have argued to the contrary. While the rules do cover cases where cybercrime warrants were issued, the general import and intent of the rules, as well as the provisions, apply to all cybercrime cases, in terms of gathering and surrendering the electronic evidence to the court that acquired jurisdiction over these cases.

I exposed the major arguments and tactics I experienced which government employed and private DFIs use in avoiding the requirements of these Rules, so they would not turn over any electronic evidence they acquired to the courts. One disingenuous strategy they employ is to foist their DFIR as the actual legal substitute for the electronic evidence itself, in attempts to hoodwinking the courts and preventing the opposite parties to examine the electronic evidence by their own DFIs. I gave the participants the arguments I used in thwarting this highly irregular and unethical strategy in actual cybercrime cases where I served as the consultant of acquitted accused.

Dr. Atty. Noel G. Ramiscal with Atty. Vince; the MCLE Committee Head, Atty. Kenneth Lim; and the IBP Dipolog Pres., Atty. Augustus Alegarbes, June 20, 2023 presentation of plaque of appreciation

Another very important evidentiary stronghold that unethical DFIs would attempt to bypass is presenting evidence of the Chain of Custody (CoC) they should have established and recorded from the time they collected the e-data up to the time they turned such data to the courts. The DFIRs I have encountered in my practice do not contain any log sheet or any record of everyone who had, apart from the DFI, accessed, examined, or handled in any way, any of the e-data that the DFI acquired for his/her investigation. In my view, without the proper presentation and validation of the evidence of the CoC, the DFIRs, even the testimony of the DFIs should be disregarded because there is no proof that the original e-data collected, acquired, preserved, and examined by the DFI had not been altered in any way, by any party. The evidentiary requirement of CoC is a must in all types of cases where the evidence is quite volatile or easily corruptible, like e-data.

As many lawyers are not trained in law schools and even in MCLE seminars in the technological aspects of their practice, I told them they must persevere in their own pace and time, in learning about these matters and must not be intimidated by the task of perusing DFIRs. They must remember that no matter how technical the processes and the reports apparently seem, they still must conform with the rudimentary requirements stated in our evidentiary rules and the Constitutional right to due process. 

Dr. Atty. Noel G. Ramiscal at the Dipolog City Center, June 20, 2023

I cannot thank enough the forward thinking MCLE Committee Head, Atty. Lim, who is himself, a cyberlaw specialist, and the entire IBP Dipolog officers and members headed by their gregarious President, Atty. Alegarbes, their accommodating Vice Pres. Atty. Fevie Gador, the gracious lawyers (Attys. Vince and Byrne) who took my pictures using my ancient mobile phone, before it conked out, and all the participants for their generosity of Spirit! God Bless!

LAWBYTES 117: THE PHILIPPINE ANTI-WIRE TAPPING LAW, THE ERRONEOUS RULES OF E-EVIDENCE ON EPHEMERAL COMMUNICATION, THE REALITY OF E-DEVICES, RES GESTAE EVIDENCE RE: MURDERED VICTIMS (Copyright by Dr. Atty. Noel G. Ramiscal)

In one of my MCLE lectures on the “Handling of Electronic Evidence,” a lawyer relayed to me an issue that sooner or later will confront the Philippine Supreme Court and challenge its Rules of Electronic Evidence and its perception of electronic data.

The lawyer related a controversy regarding the SD card in a mobile phone of the murdered victim that contains the records of conversations between the victim and the alleged killer. An opposing counsel objected to the presentation of the evidence because it allegedly violated the Anti-Wire Tapping act of the Philippines.

This matter raises several significant issues that I have discussed several times in my MCLE lectures this year for the Integrated Bar of the Philippines Caloocan Malabon Navotas (CALMANA) Chapter (February 6, 2016), Laguna Chapter (February 13, 2016), Leyte Chapter (April 28, 2016), Negros Oriental Chapter (May 17, 2016), Lanao del Norte (July 12, 2016), Zamboanga del Norte Chapter (August 25, 2016) and the Misamis Oriental Chapter (September 8, 20160. I have also discussed these in other MCLE lectures given by other providers, the most recent being last October 7, 2016 for the ACLEx MCLE seminars at Hotel Cielito, Makati.

Dr. Atty. Noel G. Ramiscal at IBP Cagayan de Oro, September 7, 2016

For this article, I desire to clarify certain matters.

First, the Supreme Court’s Rules of Electronic Evidence has defined “Ephemeral electronic communication” as pertaining to “telephone conversations, text messages, chatroom sessions, streaming audio, streaming video, and other electronic forms of communication the evidence of which is not recorded or retained” (Rule 2, Sec.1. k).

Rule 11, SEC. 2. Provided:

Ephemeral electronic communications shall be proven by the testimony of a person who was a party to the same or has personal knowledge thereof. In the absence or unavailability of such witnesses, other competent evidence may be admitted.
A recording of the telephone conversation or ephemeral electronic communication shall be covered by the immediately preceding section.

The preceding section is:

SECTION 1. Audio, video and similar evidence. – Audio, photographic and video evidence of events, acts or transactions shall be admissible provided is shall be shown, presented or displayed to the court and shall be identified, explained or authenticated by the person who made the recording or by some other person competent to testify on the accuracy thereof.
If the foregoing communications are recorded or embodied in an electronic document, then the provisions of Rule 5 shall apply.
The pertinent portion of Rule 5 on “AUTHENTICATION OF ELECTRONIC DOCUMENTS” provided that:

SEC. 2. Manner of authentication. – Before any private electronic document offered as authentic is received in
evidence, its authenticity must be proved by any of the following means:
(a) by evidence that it had been digitally signed by the person purported to have signed the same;
(b) by evidence that other appropriate security procedures or devices as may be authorized by the Supreme Court or by law for authentication of electronic documents were applied to the document; or
(c) by other evidence showing its integrity and reliability to the satisfaction of the judge.

Construing all the relevant provisions of the Rules of E-Evidence on ephemeral evidence, the rules mandate that these types of communication “be proven by the testimony of a person who was a party to the same or has personal knowledge thereof. In the absence or unavailability of such witnesses, other competent evidence may be admitted, provided they are authenticated.

Eversince I started my cyberlaw advocacies in 2007 when I came back from Australia, and started giving Mandatory Continuing Legal Education (MCLE) lectures on electronic evidence in 2008, I had always maintained that the classification and mode of authentication of “telephone conversations, text messages, chatroom sessions, streaming audio, streaming video,” and other akin electronic forms of communication as “ephemeral” simply because their “evidence … is not recorded or retained” under the Philippine Rules of E-Evidence are technologically and legally unsound. In my lectures, I set out the legal reasons and technological facts that disprove both the classification and the mode of authentication under these Rules.

Dr. Atty. Noel G. Ramiscal at IBP Dipolog, August 25, 2016

For the purpose of this article, the mere fact that the mobile phone, or its SD card, of a murdered victim contained the text messages and the recorded messages between the victim and the alleged assailant immediately disproves the characterization of these messages as “ephemeral” under the said rules. The records of these incriminating pieces of evidence are clearly captured in the mobile phone and in the SD card that the phone contains. Both the mobile phone and SD card are, by their very nature, recording devices.

Dr. Atty. Noel G. Ramiscal at his MCLE lecture fo ACLEx, October 7, 2016

In fact, the Supreme Court itself, in a slew of administrative decisions involving corrupt court officials which the court dismissed, relied on text messages that were saved in the mobile phones of the parties involved. The Supreme Court in these administrative cases did not examine if the messages were encrypted or had “digital signatures” or discussed any security procedure. The court merely relied on confirming the number of the mobile phones as the number of the parties involved, via the testimonies of the parties, and writing down the text messages retrieved in the mobile phones. This is much the procedure that is being followed now in the investigation of current Senator Leila De Lima, with respect to her mobile phone numbers. All of these pieces of evidence are contained in the mobile phone, and confirmed by other sources. So it is technologically wrong to state that text and telephone conversations that transpired between the victim and the purported assailant are “ephemeral communications” because their “evidence are not recorded or retained”. And I just desire to state that even if the mobile phone user had deleted a text message in the inbox, that message could still be retrieved from the service provider, and by a very good mobile phone forensic expert.

The over 120 strong IBP Zamboanga del Norte lawyers tht attended Dr. Ramiscal’s lecture, August 26, 2016

With respect to the mode of authentication that the Rules require, one cannot expect the alleged killer to own up to the recorded text messages and telephone conversations. The only other party to the incident is the murdered victim who cannot testify because of death. This is one of the absurd consequences that the current Rules foster with its insistence on “the testimony of a person who was a party to the same or has personal knowledge thereof”, which I point out every now and then in my MCLE lectures.

Some of the over 270 strong IBP Misamis Oriental, Cagayan de Oro lawyers, 9-7-2016

Now, in the absence of any competent witness, under the current Rules “other competent evidence may be admitted”. So the issue of the Anti-Wire Tapping Act kicks in. Is the mobile phone or the electronic device that contains the record of the text messages and telephone messages “competent evidence” despite the existence of the Anti-Wire Tapping Act?
I have expressed, time and time again, the opinion on several occasions where this type of query arose, that the evidence from these e-devices are “competent evidence”.

The Anti-Wire Tapping Law prohibits any party to any private communication who does not secure the consent of all the parties to such communication to “to tap any wire or cable, or by using any other device or arrangement, to secretly overhear, intercept, or record such communication or spoken word by using a device commonly known as a dictaphone or dictagraph or detectaphone or walkie-talkie or tape recorder, or however otherwise described” (Sec. 1). To obviate any criminal prosecution under this law, the party seeking to record the private communication must be a peace officer, or at least seek the assistance of a peace officer who must apply for a court order which will be issued upon written application and the examination under oath or affirmation of the applicant peace officer and the witnesses he may produce, by a Judge, upon showing to the Judge certain circumstances pertaining to certain crimes; “that there are reasonable grounds to believe that evidence will be obtained essential to the conviction of any person for, or to the solution of, or to the prevention of, any such crimes; and (3) that there are no other means readily available for obtaining such evidence.” (Sec. 3) The written court order shall also specify: “(1) the identity of the person or persons whose communications, conversations, discussions, or spoken words are to be overheard, intercepted, or recorded and, in the case of telegraphic or telephonic communications, the telegraph line or the telephone number involved and its location; (2) the identity of the peace officer authorized to overhear, intercept, or record the communications, conversations, discussions, or spoken words; (3) the offense or offenses committed or sought to be prevented; and (4) the period of the authorization.” (Sec. 3).

As is, the Anti-Wire Tapping Act that was approved and passed over fifty years ago (June 19, 1965) is an antiquated law. This law was clearly intended to prevent the unreasonable intrusions by the government into the legally protected private spheres of individual citizens.

The provisions of this law, if applied strictly in this day and age of the CCTVs, smartphones, Google Glass, fitbits, smartdust, would make all private legitimate recording activities without any court order applied for by a “peace officer” illegal in the Philippines. This law has outlived its usefulness and its purpose and any blind adherence to its provisions would cause untold injustice.

Dr. Atty. Noel G. Ramiscal with Judge Philip Aguinaldo and gorgeous lawyers of IBP Cagayan De Oro, 9-8-2016

The contemporary reality in our extremely wired and connected society is that electronic devices are meant to record information. They are set to capture all forms of e-data (i.e., video, audio, text and other bits of streamed information). This is the reason why police officers search and seize e-devices found on the persons of accused and copy or mirror the content of these e-devices to be used against the accused.

If these e-devices are confiscated from the accused, why should the e-devices found on the persons of murdered victims (which contain evidence of the crime perpetrated against them) be excluded simply because these victims, prior to their deaths did not secure the consent of their assailants, or did not get a peace officer to secure a court order, that will allow them to record the evidence of their death? Preposterous!

One of Cagayan De Oro’s finest lawyers fielding a question during the Q&A portion of Dr. Ramiscal’s lecture, 9-8-2016

In my September 8, 2016 MCLE lecture for the Integrated Bar of the Philippines, Misamis Oriental Chapter, held at the Grand Caprice Restaurant Hall, Cagayan De Oro, the former Congressman, now private practitioner Atty. Damasing raised the question if the text messages contained in the mobile phone of a deceased victim can be introduced as res gestae evidence. I told him yes.

Dr. Atty. Noel G. Ramiscal with former Congressman Damasing, MCLE Cagayan De Oro, September 8, 2016

Our current Rules of Court allow the admission of statements given by a deceased person under certain circumstances. If the text messages and recorded phone conversations by the deceased were made under the consciousness of an impending death, such may be received in any case wherein his/her death is the subject of inquiry, as evidence of the cause and surrounding circumstances of such death (Rule 130, 6, Sec 37). The statements made by the deceased prior to his/her death while the startling occurrence (the killing) is taking place or immediately prior thereto with respect to the circumstances of the killing, may be given in evidence as part of the res gestae. (Rule 130, 6, Sec 42). If the mobile phone or any piece of e-device was found on the person of the accused which contain evidence that point to his/her killer, that could be admitted under these two provisions. To do otherwise would deny the cause of Truth and Justice.

The Anti-Wire Tapping law is in the process of being revised or amended. I have not yet seen its revised draft. Definitely, this will have privacy and security implications. But one thing that I would like to see is for the amended draft to reflect the concerns I have raised here. It is also high time that the Philippine Supreme Court must revise the Rules of Electronic Evidence which it had left untouched since 2002!

Dr. Atty. Noel G. Ramiscal with Dean Jose Manuel Diokno of DLSU, IBP Dipolog, 8-25-2016

Dr. Atty. Noel G. Ramiscal with Atty. Gigi dela Cruz, IBP Dipolog, 8-25-2016

Moreover, as my last point, there is now a trend that I discuss in my MCLE lectures on Legal Ethics for Cyberlawyers, that the recording of certain incidents like the commission of a crime and even police brutality, without the consent of the police authorities has been seen by the court as part of the freedom of expression of the recorder, thus negating the any claims or defense based on Anti-Wire Tapping Laws.

I would like to thank all of my brothers and sisters in Law and in Life in all of the IBP Chapters I have lectured on these matters for this year and for the years past, as well as the other opportunities given to me by different providers, in reaching out to lawyers, legal professionals, students, educators, entrepreneurs, security and privacy professionals, to spread my own brand of Law and IT evangelism. Their faith and support for my cyberlaw advocacies have truly inspired me to become a better advocate and a better lawyer.

Dr. Atty. Noel G. Ramiscal with Atty. Arevalo and some of the gorgeous IBP lawyers and officers enjoying the marang fruit, September 8, 2016

One of the best things about doing lecture tours is meeting and getting to hear nuggets of legal wisdom from other MCLE lecturers and well known practitioners. Kudos to these brilliant lights in the legal profession: Dean Jose Manuel Diokno of DLSU Law School, IBP National Counsel, Atty. Rosalie de la Cruz, UP College of Law Foundation’s Atty. Armand Arevalo, Judge Philip Aguinaldo, Judge Jose Vibandor, former Judge, now private practitioner, Atty. Marjorie Uyengco-Nolasco, and my former UP Philosophy professor, Atty. Eddie Valdez.

LAWBYTES 116: HOW SMART ELECTRONIC METER GRIDS IN THE INTERNET OF THINGS AND DRONES CAN POSE DANGERS TO THE PRIVACY AND SECURITY OF CONSUMERS (Copyright by Dr. Atty. Noel G. Ramiscal)

 

In my Mandatory Continuing Legal Education (MCLE) lectures on the Data Privacy Law, I always strive to present novel issues on data privacy that have not been tackled in any MCLE lecture before by any other lecturer, and connect them with the concerns of the audience that I am giving my presentations. When I was invited by the UP Administration of Justice to do a special lecture for the MERALCO on data privacy (June 24, 2016), I took that opportunity to scrutinize its smart grid meter system which is planned to be rolled out nationally by 2017 and discuss with their legal, corporate and IT officials some of the legal concerns relative to this, and how its connection with the Internet of Things can impact on the security and privacy rights of their consumers. I shared these concerns in my Data Privacy lectures for the Integrated Bar of the Philippines (IBP) Chapters in Misamis Oriental Chapter, Grand Caprice Restaurant Hall, Cagayan De Oro, last September 7, 2016, and the Zamboanga del Norte Chapter, at the Dipolog Commercial Center, on August 25, 2016, for the Department of Foreign Affairs (DFA) lawyers and foreign service officers, at the DFA building, in Roxas Boulevard, Pasay, last August 30, 2016, and in the ConsumerNet Region 10 meeting at the Department of Trade and Industry Building, Cagayan De Oro, last September 9, 2016.

Dr. Atty. Noel G. Ramiscal lecturing to the IBP Misamis Oriental lawyers, September 8, 2016

Praises have been sung in favour of establishing smart grid systems. Olivier Monnier stated that “building a smart grid means securing the future of energy supply for everyone in a rapidly growing population with a limited power production capacity. A smart grid reduces the losses, increases efficiency, optimizes the energy demand distribution[,] and also makes large-scale renewable energy such as solar and wind deployments a reality. With an aging infrastructure, the [current power] grid is facing severe challenges including recurring black outs in major industrialized cities around the globe”.

In the dawn of the Internet of Things (IoT), smart e-devices in the homes should be able to transmit and receive information to and from the smart meters and utility providers. The eventual vision, for the smart cities of the future is one where all these IoT devices, smart meters, utility providers of gas, water, electricity, and providers of other services, including government agencies are linked together, in order to give effective and efficient services to their consumers/clients.

Dr. Atty. Noel G. Ramiscal at the ConsumerNet lecture, DTI Region 10, September 9, 2016

I understand that MERALCO has partnered with GE (with its electric meters and system integration services) and Trilliant which has a Smart Grid Communications Platform, that enables advanced intelligence in the prepaid metering system, and will serve as a foundational platform for future advanced smart grid capabilities. MERALCO will also have a smart grid incubator called PowerTech that will be launched early next year (2017). MERALCO also had acquired 3 drones to inspect areas on the grid that are geographically hard to reach. This trend appears to be unstoppable. Electric utilities in other parts of the Philippines (e.g. CEPALCO) have placed the establishment of a smart grid system as a target for their business models.

In my lectures on IoT and data privacy, I show the audiences how these devices can lead to the erosion of the privacy of the personal information of users/consumers.

Ann Cavoukian’s research on the smart grid have shown us if: the homeowner tends to arrive home shortly after the bars close; the individual is a restless sleeper and is sleep deprived; the occupant leaves late for work; the homeowner often leaves appliances on while at work; the occupant rarely washes his/her clothes; the person leaves their children home alone; the occupant exercises infrequently.

One interesting computer study conducted by Miro et al revealed that by examining just the electronic signals emanating from a person’s house can reveal what the occupants were watching on TV with a 96% degree of accuracy.

It is for these reasons, and so much more, that the European Data Protection Supervisor in its Opinion on the Commission Recommendation on Preparations for the Roll-Out of Smart Metering Systems, warned that such grids could lead to “massive collection of personal data” without much protection for the consumers.

The National Institute of Standards and Technology also warned that:

Personal energy consumption data . . . may reveal lifestyle information that could be of value to many entities, including vendors of a wide range of products and services. Vendors may purchase attribute lists for targeted sales and marketing campaigns that may not be welcomed . . . . Such profiling could extend to . . . employment selection, rental applications, and other situations that may not be welcomed by those targets.

In the hands of a good cybercriminal, these information can be used to the detriment of the smart grid user. In view of these, I asked the MERALCO audience last June 24, 2016, these questions:

DOES MERALCO HAVE A CLEAR EXPRESS WRITTEN POLICY ON THE DEPLOYMENT OF THE SMART GRID TO ITS CUSTOMERS THAT PERTAIN TO THEIR PRIVACY RIGHTS?
IS THIS POLICY WELL KNOWN AND EXPLAINED TO THEM?
IS THERE AN OPT-OUT OR OPT-IN CHOICE FOR MERALCO CUSTOMERS?

The response I gathered from the audience was that there was no policy set in place, but MERALCO is planning to give their consumers opt-in or opt-out choices.

Drones are also a particularly invasive form of surveillance technology. They collect all forms of data indiscriminately. Apart from the privacy issues they pose, there have been well known incidents where these drones have figured in traffic accidents, collisions and targets of destruction.

I also asked if MERALCO has a privacy policy on the utilization of drones, and the response I got was in the negative.

In order for MERALCO to avoid violating the data privacy rights of their consumers, I advised them, not only to have a privacy policy for the smart grid and the use of drones, but that they must also conduct a privacy impact assessment (PIA) for these two matters, ideally prior to their utilization, in order to gain the support of all the stakeholders. They must implement and enforce the PIAs and document the implementation. This holds true for any organization or entity that is planning to implement any project that would have significant privacy and security repercussions.

Under R.A. 10173 or the Data Privacy Law, all personal information controllers (“PICs”) like the MERALCO who process the personal information of data subjects are obligated to formulate privacy codes/policies for the approval of the National Privacy Commission (NPC). Recently, the NPC came out with an issuance requiring the submission of PIAs as well. It is not clear from the law what the nature and status of these policies are. Would having them be enough to save PICs like MERALCO from liability for future data privacy violations?

Dr. Atty. Noel G. Ramiscal at the Department of Foreign Affairs, August 30, 2016

The matter becomes complicated by ascertaining specifically what types of personal data information from the customer need to have their prior consent before they are processed by the smart meter provider. The Voluntary Code of Conduct by the US DOE and the Federal Smart Grid Task Force distinguished between personal information that serves a distinct purpose. Personal information for which no customer consent is necessary would be those relegated to a primary purpose, or one that is “reasonably expected by the customer,” such as using the aggregate data for the electric utility to set prices. Personal information devoted to a secondary purpose which needs prior consent from the customer is one that is “materially different from the primary purpose and is not reasonably expected by the customer relative to the transactions or ongoing services provided to the customer.” This includes providing the information to third parties, who can request access to customer data from service providers for secondary purposes.” In the US, there is no consistent law or policy adopted by states concerning the installation of smart grids in consumers’ homes, the availability of the opt out choice for the consumer, and the ability of the smart meter provider to share the e-data generated from the use of the smart grid with third parties.

Considering that in the Philippines, it is the Energy Regulatory Commission (ERC) that has primary jurisdiction over electric utilities like MERALCO, data privacy considerations must also be addressed by the ERC concurrently or with guidance from the NPC.

Another important agency in this matter is the SEC which should require all PICs that are registered with them to submit as part of the legal requirements for keeping their certificates of registration valid, certified copies of their privacy codes and PIAs.

One thing that must be done though, by any PIC that plans to roll out a massive project like the smart grid, is that it must be as transparent and forthcoming with correct and relevant information in the conducting of its PIA consultations with stakeholders, and in its website, and should engage in real time and digital education campaigns as well.

Thank you to the UP IAJ, all of its wonderful staff, all the fabulous and supportive IBP officers and members of the Misamis Oriental Chapter and the Zamboanga del Norte Chapter, the accommodating DFA officials and lawyers, the attentive ConsumerNet members, and of course, the gorgeous MERALCO lawyers and corporate officials, who gave me their time and attention, and the opportunity to share my privacy advocacies.

Lawbytes 114: Why the Supreme Court’s legalization of Spamming should be overturned and what the NPC, DCIT and the NTC should do [Part 2] Copyright by Dr. Atty. Noel G. Ramiscal

In this Part, I state the reasons that I have advanced in my lectures for different stakeholders in the Philippines, why the Supreme Court’s February 11, 2014 decision legalizing spamming is erroneous and deleterious to the online, personal and even economic well being of the targeted victims of spammers.

There are different kinds of spams. Unsolicited commercial communications sent through emails are the original and popular manifestations of spam. Spams sent through instant messaging services are denominated “spims”. Spams that appear through text messaging or “push messaging” are also known as “smishes”.

In my April 11, 2016 MCLE lecture for UP IAJ, and my August 12, 2016 MCLE lecture for the Department of Foreign Affairs lawyers and foreign service officers, I gave the example of a lawyer who was suspended for spamming and eventually disbarred for other reasons in the U.S. Known as a “father” of spamming, Laurence Canter sent emails advertising his immigration practice to several thousands of individuals and Internet groups in 1994, when there was as yet no law prohibiting spamming. He was found guilty of violating legal ethical prohibitions on law advertising and misrepresentation since he was not a certified immigration law specialist. He received a one year suspension of his law license in Tennessee which he was made to serve concurrently with disbarment for his other infractions that included writing bouncing checks, neglecting cases and conversion of his clients’ funds.

Dr. Atty. Noel G. Ramiscal’s DFA MCLE LECTURE, August 12 2016

In my lectures for different Integrated Bar of the Philippines (IBP) Chapters last year and this year, and for the UP IAJ and ACLEx, on the topics of electronic evidence and in cybercrimes, I discuss how spams which contain seemingly innocent messages, can be the vehicles for malware and fraudulent e-scams. Scams can be the carriers of malicious codes or attachments that contain viruses, worms or Trojan horses.

Dr. Ramiscal at ACLEX MCLE lecture, July 22, 2016

Spam messages are sent in phishing scams. The U.S. Department of Justice defines phishing as the “creation and use of e-mails and Web sites–designed to look like e-mails and Web sites of well-known legitimate businesses, financial institutions, and government agencies–in order to deceive Internet users into disclosing their bank and financial account information or other personal data such as usernames or passwords.” In one type of phishing scam that I showed in my August 3, 2016 lecture for the Bank of Philippine Islands officers and employees, which involved a bank, the professional looking email emulated the bank’s correspondence style and logo and placed a link on a rogue bank site which, when clicked would ask the user to enter their bank password and other log-in details to steal the funds of the user. These spams used in spear phishing scams target specific groups of individuals whose email addresses have been collected or compromised and can be quite convincing.

The National Privacy Commission (NPC), the Department of Communication Information Technology and the National Telecommunications Commission (NTC) must seriously consider this matter.

From the perspective of the privacy advocate, spams are tangible manifestations of wrongful use of personal e-data, e.g., names, email addresses, and bank memberships that are harvested by search engines, crawlers, trawlers of ISPs, online social networks, and electronic databases, which are used and maintained by e-data aggregators, which sell these data, or by blackhats that steal these data to launch their attacks.

Spams are visible expression of manipulation of personal e-data since they are targeted to predefined unsuspecting recipients whose personal e-data had been processed, without their consent. Furthermore, spamming is proof that the personal information of a data subject had been breached without the data subject’s consent.

In the hands of botmasters, who have command of thousands of compromised computers called zombies, spams sent by zombie PCs can be the means of unleashing a distributed denial of service (DDoS) attacks on specific targets for the right price. When this happens, a targeted account or user would not be able to read or even access his/her emails, since the spams can be so voluminous as to clog the target’s email system. In this case, the right to read emails, even unsolicited ones, which the Supreme Court upheld to be a constitutional right, would be denied to the target, due, ironically, to the unsolicited spams!

Dr. Atty. Ramiscal in one of his MCLE lectures for the IBP Leyte

The Philippine Supreme Court’s position on this matter is truly contrary to the position in other jurisdictions. For instance, the drafters of the Cybercrime Convention did not specifically nor expressly named spamming as a cybercrime. But they viewed it as a form of illegal interference that could fall under Article 5 of the Convention on “System Interference”. Spamming is considered a form of “computer sabotage” where the sending of data to a particular system in such a form, size or frequency is such that it has a significant detrimental effect on the ability of the owner or operator to use the system, or to communicate with other systems. U.S. courts have ruled that sending spam in quantities that place unreasonable burdens on e-mail networks constitutes a type of DDoS attack [See for example, CompuServe. Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1022 (S.D. Ohio 1997); and White Buffalo Ventures, LLC v. Univ. of Texas at Austin, 420 F.3d 366, 377 (5th Cir. 2005).

The invalidated Section 4(c)(3) of Republic Act 10175 contained conditions against spamming which are tailored to prevent the sending of harmful malicious ads that can bring viruses, in which the addressee has no option to opt-out once they open the email. The Supreme Court should have analyzed those conditions first before concluding erroneously that all unsolicited ads are legitimate forms of expression.

From the foregoing, the blanket characterization by the SC that unsolicited spams are legitimate manifestations of the constitutional freedom of expression is legally indefensible, void of technical validity and lack jurisprudential support from other jurisdictions. Spams that harm computing systems by clogging access to email accounts, or used as the means to “phish” for personal information to the detriment of the recipient, or as the vehicles for computer viruses and malware are not, and should not be considered legitimate forms of constitutionally protected speech.

In what is probably the height of cruel irony, any spammer now can have a cause of action against Philippine entities that prohibit spamming, and any spammer that uses spam to commit DDos attacks, or phishing scams, or ID theft, can justify the legality of their actions and escape criminal liability because of the Philippine Supreme Court decision.

Dr. Atty. Noel G. Ramiscal with DFA Office of Legal Affairs, Exec. Dir. Atty. Leo Ausan Jr.

The newly constituted NPC and the DCIT, and the NTC, with the assistance of all concerned citizens should seek for a declaratory relief, or any other form of relevant relief, to overturn this invalid decision that could had, or could still wreak disastrous mischief and havoc on the personal information of millions of connected Philippine “data subjects”.

Dr. Atty. Noel G. Ramiscal at the DFA, August 12 2016 with Atty Arevalo and AttyFSO Donna F. Gatmaytan

As always, my deep heartfelt gratitude to all the MCLE providers, organizers, lawyers, universities, students, IT professionals, other professional organizations and stakeholders who have given me the opportunity and the platform to spread the gospel and my advocacies on Cyber Law to the different parts of the Philippines!

Some BPI employees who attended Dr. Ramiscal’s AUGUST 3 2016 lecture

Some BPI employees who attended Dr. Ramiscal’s AUGUST 3 2016 lecture

Special acknowledgment to: the BPI LEADr, BPI University, Attys. Lito Viniegra and Paul Ysmael, Esq. Dennis Soto, and Mr. Roberto Mercado and all the wonderful BPI officials and employees; the UP IAJ, Prof. Patricia Daway, Atty. Armand Arevalo, Ms. Mabel Perez, Ms. Evelyn Cuasto, Ms. Zen Antonio, and all the amazing staff; The ACLEx and its President, Mr. Roberto Borromeo, the gorgeous CEU School of Law Associate Dean, Atty.Ritalinda Jimeno, and Mr. Alex Canata; The IBP National, IBP Bulacan, IBP CALMANA, IBP Laguna, IBP Leyte, IBP Negros Oriental, IBP Lanao del Norte, IBP Batangas, IBP Misamis Oriental, IBP Nueva Vizcaya, IBP Nueva Ecija, IBP IBP Cavite, IBP PPLM, and all their splendid officers and helpful staff; The Globe Telecommunications officers and lawyers; The Department of Foreign Affairs lawyers and Foreign Service Officers, particularly their Executive Director for the Office of Legal Affairs, Atty. Leo Tito Ausan Jr., and my truly fabulous UST and UP schoolmate, Atty. Donna Celeste Feliciano Gatmaytan! Mabbalo! Dios ti Agnina! Daghang Salamat! Salamalaikum!

LAWBYTES 111: SHOULD ONE SURRENDER TO THE POLICE THE ACCESS CODES OR DECRYPTION KEYS TO ENCRYPTED DIGITAL CONTENT ONE POSSESSES?

One of the most important issues that I raise in all my lectures at the Mandatory Continuing Legal Education organized by different providers in the Philippines and talks in other fora concerning cyber privacy, data security, and cybercrimes deal with the matter of encrypted content in a person’s or suspect’s electronic devices which are the subjects of searches and seizures, warrantless or not, by the police.

This matter has become an intriguing topic in human rights circles because of the differences in treatment by the law, legal enforcement officers and judicial authorities in different jurisdictions.

In the United Kingdom, the Regulation of Investigatory Powers Act (RIPA) criminalizes the willful non-disclosure of access codes, computer passwords and decryption keys or “keys to protected information” that custodians have in their possession if these keys are relevant in a national security case or child indecency case. The custodian can be imprisoned for five years. In other cases where these codes or keys are not disclosed, the custodians can be jailed for two years.

The Office of the Solicitor General in Australia pushed for an amendment to the Australian Telecommunication Interception Act that would have made it a crime for possessors of pass codes and decryption keys, upon being asked by law enforcement agents, not to reveal such keys, When the said law was finally passed in 2015, it required that “(w)here a service provider encrypts retained data, the service provider must retain the technical capability to decrypt and disclose relevant retained data in a useable form in accordance with a lawful request or requirement under the TIA Act or Telecommunications Act.”

Dr. Atty. Ramiscal lecturing for the MCLE Seminars for the IBP Lanao del Norte

In the Philippines, the Cybercrime Prevention Act authorizes the police, in the search, seizure and examination of computer data to “order any person who has knowledge about the functioning of the computer system and the measures to protect and preserve the computer data therein to provide, as is reasonable, the necessary information, to enable the undertaking of the search, seizure and examination” (Sec. 15). The I.R.R. of the law does not actually add anything to what was said in the law. The 2015 Draft Manual on Cybercrime Investigation by the Department of Justice makes the existence of full disk encryption as a “consideration” in the acquisition of computer data and advises the use of “trusted tools” when volatile data is suspected to have been encrypted. It did not specifically task the law enforcement agents investigating the suspect of asking the latter for decryption keys to decode the encrypted content.

Dr. Atty. Ramiscal in one of his MCLE lectures for the IBP Leyte

Encrypted content is difficult or computationally infeasible to decrypt in cases where the cryptographic software or product used, employed cipher keys that are sufficient in strength, and which there is no efficient algorithm or known attack that can break it. Even if the police manage to make a mirror copy or forensic copy of the hard disk drive of the computer, the encrypted content that resides on this drive may not be decoded or extracted by the police.

Dr. Atty. Noel G. Ramiscal with IBP CALMANA Pres. Atty. John Ibe

As people become more aware of the need to protect their privacy, they will resort to using encryption software which can make investigation of cybercrimes definitely more challenging for the police, who may be tempted to resort to shortcuts. It is in this instance where the police might be tempted to ask, threaten, coerce or cajole a suspect to give up the decryption key or access codes. So the question posed by this article becomes utterly relevant. Unfortunately, there is no Philippine jurisprudence or rule employed by the police on this matter.

In all my MCLE lectures this year on cybercrimes, or electronic evidence, including those for the Integrated Bar of the Philippines Chapters of CALMANA (February 6, 2016), Laguna (February 13, 2016), Makati (March 12, 2016), Leyte (April 29, 2016), Negros Oriental (May 17, 2016) and the latest being Lanao del Norte (July 12, 2016), I apprise the lawyers/attendees of several US cases where the courts have decided that the police have no right to request the disclosure of access codes or decryption keys, as violative of the person’s right against self-incrimination.

Dr. Atty. Ramiscal with some of the gorgeous lawyers and the fabulous Judge Dottie of IBP Lanao del Norte

In 2010, the U.S. District Court for the Eastern District of Michigan in United States v. Kirschner addressed whether a defendant’s Fifth Amendment privilege against self-incrimination extended to the defendant’s computer password. The court analogized a computer password to a wall safe combination that only resides in someone’s mind, in fact it is a product of the mind. This information is testimonial, without which the government cannot pursue its case, and being so, it is therefore protected by the right against self-incrimination.

In a 2012 case, the Eleventh Circuit applied the same principle to decryption keys concerning Doe, a YouTube user who was investigated by the government for sharing child pornography. Since the electronic devices that Doe utilized were all encrypted, the prosecutor ordered him to decrypt the devices. Doe challenged this as a violation of his right against self-incrimination which the Eleventh Circuit upheld. It held that the “decryption and production of the hard drives’ contents would trigger Fifth Amendment protection because it would be testimonial, and that such protection would extend to the Government’s use of the drives’ contents.” The court stated that, “[t]he touchstone of whether an act of production is testimonial is whether the government compels the individual to use the ‘contents of his own mind’ to explicitly or implicitly communicate some statement of fact” that could be incriminatory, and without which the government would not be able to prove its case.

Dr. Atty. Ramiscal with IBP Lanao del Norte Pres. Atty. Gandamra and host Atty. Canizares Mindalano

So defense counsels can look up these cases if their clients accused of any form of cybercrime were placed in a similar situation. However, as I have stressed in my lectures, there is one U.S. case that is an exception to the ruling in these two cases. This case involved Sebastian Boucher who was investigated by the U.S. government for online child pornography. When he was apprehended, his laptop was accessed by a forensic expert who was able to view thousands of child pornography images. But when his laptop was shut down, upon rebooting the police were not able to open the files again because the encryption mechanism kicked in. Boucher refused the police’s order to hand over his decryption key. This time around the court supported the police because, it is already a “foregone conclusion” that his e-devices contained child pornographic images which were already seen by the forensic expert, and thereby solidifying the existence of probable cause against him. So Philippine government prosecutors can utilize the principle found in this case to argue for the government’s right to be presented the access codes or decryption keys to encrypted hard drives or e-devices the incriminating contents of which were already partially viewed by law enforcement agents.

Dr. Atty. Ramiscal receiving an appreciation plaque from IBP Leyte Pres. Atty. Patick Santo and Atty. Nick Esmale reading the citation

I would like to thank all the IBP Chapters officers and staff who had welcomed me and enjoyed their time with me: the fabulous Makati lawyers who gifted me with lemon oil and raspberry vinegar which proved unforgettable; the amiable CALMANA lawyers who were truly hospitable; the convivial Laguna lawyers who were quite appreciative of my insights; kudos to the Negros Oriental/Dumaguete lawyers (IBP Pres. Atty. Riconalla, Attys. Rocky, Elton and Nabi) and staff (Maricar Habanilla, et al) who went all out in making sure that my mother and me were satisfied with our food and accommodation, thank you to the crispy chicharon that lasted for about a week and a half!; heartfelt thank yous are in order to the IBP Iligan lawyers, in particular, their Chapter President, Atty. Khanini Gandamra, Atty. Diosdado Español and Atty. Edgardo Prospero who treated us at Tomyum, the lovely host, Atty. Annabelle Canazares Mindalano, Atty. Angel Lim (who so graciously and generously ferried my mom and me to our destinations and who shared with us his love of music), the very helpful student Ms. Aleah Rakhim, the accommodating IBP staff, Ms. Carandang and Ms. Arguson, and to everyone who made us feel so welcome in Iligan despite the very short stay we had there [the Cheding and dodol are very much appreciated!]; and finally, especial, especial, especial thank yous to all the Leyte lawyers, Attys. Hasmin, Chap, Matriano, Nick Esmale, and of course my UP schoolmate, bar topnotcher and a top notch human being, Atty. Patrick Santo for the grand Tacloban experience! My mom and I are still gushing about the food at Ocho-ocho and we trust we can go back there someday! It was truly an honor and privilege to have met and shared my advocacies with you all! God Bless Us! Insha Allah!

LAWBYTES 110: THE NEED FOR A PHILIPPINE DIGITAL ASSET INHERITANCE LAW, THE RIGHT OF TRANSMISSBILITY UNDER THE DATA PRIVACY LAW, AND THE VALUATION OF DIGITAL ASSETS

My work and professional advocacies on digital privacy and security started way back in 2001, when I was appointed as a consultant for the Information Technology E-Commerce Council on its cybercrime bill initiative, up to the time I had to leave the country to take my Ph.D in Law degree at the University of Queensland in Australia in 2003. When I came back, in 2008, the former Commission on Information Communication Technology (CICT) through its Deputy Commissioner Atty. Perez tasked me to critique the consolidated cybercrime bills that already went through the vetting process of the European Commission, which I did, and to come up with my own cybercrime bill, which was never considered. I was also a consultant of the CICT on its data privacy bill which had its own issues, and placed in the backburner for quite some time. I wrote a white paper for that, raising issues that to this very day are quite relevant.

In this age of digital confessionals and e-self-immolations in the pursuit of online fame and notoriety, there is one very basic thing that I have wondered about since 2008, which no Philippine legislator, academic or even a lecturer in the Mandatory Continuing Legal Education (MCLE) had raised, legislated, blogged or even lectured, until now. This matter involves the question of a person’s digital legacy.

Eight years after my CICT stint, I started lecturing and advocating for the necessity of a Philippine law that allows the survivors or heirs of a decedent to have access to the digital remnants of their loved one. My first MCLE lecture to incorporate this was for the Integrated Bar of the Philippines (IBP) Chapter in Ilocos Sur, Vigan last January 15, 2016 at the historic Girl Scouts Building.

Dr. Atty. Ramiscal in his MCLE lecture for the IBP Ilocos Sur Chapter on E-Discovery of Social Media where he first discussed at length his advocacy on the establishment of a Digital Asset Inheritance Law

This was the time, when one of idols, David Bowie passed on, and I felt that Vigan is a very appropriate place to start this advocacy because it is an international heritage site, where the past and present co-exist and collide in surprising and beautiful ways. I have continued to do so in every opportunity that I could get in my lecture tours all over the country, including in my different lectures for the MERALCO, Siguion Reyna Montecillo Ongsiako law firm, the Sycip Salazar Gatmaitan Hernandez law firm and the Santiago and Santiago law firm. The most recent lectures where I raised this matter were for the CDAS ASEA 10, in Cagayan De Oro last July 13, 2016 and the University of the Philippines Institute of Administration of Justice last July 15, 2016.

Dr. Atty. Noel G. Ramiscal at the world famous Vigan plaza

The electronic remains of a decedent may be contained in emails, social media, websites and other repositories that are owned or operated by third parties. Many cases have arisen in several jurisdictions where the survivors of the owners of email accounts or social media profiles who have passed on, are deprived of their access to the digital creations of their loved ones because of the policies and terms and conditions of usage of the third parties that own these repositories. Typically, owners of email services like Yahoo! and Gmail restrict the use of any email account to the holder of such account and prohibit the sharing of passwords or e-keys to these accounts, thus not allowing the heirs of these account holders to access their loved ones’ accounts for important information. The same policy holds true for social media providers like FaceBook, which is the most popular social media platform utilized in the Philippines. FaceBook, after being informed of the passing of an account holder would memorialize the holder’s account, effectively “freezing” the account and preventing its activation, including any further comments.

Dr. Atty. Noel G. Ramiscal at the UP IAJ for his MCLE Lecture on Social Media that touched on the need for Digital Asset Inheritance Law

One of the most well known cases that typified the difficulties of heirs having access to their loved one’s electronic legacy is that of James Ellsworth. He is the father of Justin Ellsworth who died in Falujah, Iraq, while saving eleven marines. Justin engaged in email chats with his father and wished to publish a scrapbook of his war experiences when he returns to the U.S. after his tour, using their email correspondence as the main storyline or basis. Unfortunately, this did not come to pass. In dealing with his son’s death and his personal grief, James decided to honor his son’s wish, but he could not access his son’s Yahoo! email account for the pertinent emails that would be used in the scrapbook, because Yahoo! will not give him his son’s password or access to the account. The case went to probate court, and after a protracted period of waiting, the probate court decided that Yahoo! must furnish James copies of his son’s email messages but denied James access to his son’s email account on the ground that the account would pass on to Yahoo! since it is stored on its server. This case also did not change Yahoo!’s policy. Some are not as fortunate as James. Parents of people who killed themselves or were murdered, and left messages in FaceBook prior to their passing, were denied access to their children’s accounts’ content altogether, thereby leaving them with questions about their children’s behavior, motivation and pertinent history which their private postings could possibly answer.

Some lawyers who enjoyed Dr. Ramiscal’s lecture on Social Media for Up IAJ last July 15, 2016

Some of the other lawyers who enjoyed Dr. Ramiscal’s lecture on Social Media for Up IAJ last July 15, 2016

It is because of cases like these that I have decided to advocate for a Digital Asset Inheritance Law. In my lectures I raise several points that legislators must consider.

The most crucial is the right granted under the Data Privacy Law (R.A. 10173) to a “data subject” which is the right of data transmissibility:

SEC. 17. Transmissibility of Rights of the Data Subject. – The lawful heirs and assigns of the data subject may invoke the rights of the data subject for, which he or she is an heir or assignee at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section.

Under the law, this right of transmissibility would include the right to access the personal information and other data generated by the data subject that had been subjected to “data processing” which had been defined to “include but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data” by any personal information controller (PIC). The definition of PIC under this law is broad enough to include email account systems operators and social media providers.

The Implementing Rules and Regulations of R.A. 10173 have not yet been promulgated by the National Privacy Commission (NPC), as they are currently undergoing a series of public hearings. In fact, the I.R.R. do not even touch on this in any specific manner. So there is no guidance as to how this law may affect the rights of the survivors on accessing the digital remnants of their loved ones.

Dr. Atty. Ramiscal on his MCLE Lecture on Data Privacy Law for the MERALCO lawyers

One particular concern that I note here, and in all my lectures on this matter, which is why I have been advocating for a specific law on digital asset inheritance, is that a mere I.R.R. from the NPC may not suffice due to the legal question concerning not only NPC’s status, but the actual effective implementability of R.A. 10173.

R.A. 10173 was passed last August 15, 2012. But the past administration only operationalized the NPC last March 8, 2016! The law mandated the following:

SEC. 39. Implementing Rules and Regulations (IRR). – Within ninety (90) days from the effectivity of this Act, the Commission shall promulgate the rules and regulations to effectively implement the provisions of this Act,

which should have been done way back in 2012. This not a mere technical ground but one intertwined with substantive legal merit. The Supreme Court had decided on a slew of cases that the operative act of the legal implementability of any law is the deposit of its I.R.R. with the UP Office of the National Administrative Register, which had not yet been done in this instance after almost four years from the law’s passage.

I have three specific suggestions for what this type of law should contain.

First, a specific law on digital asset inheritance must specify or include the possible electronic repositories of the digital legacy of a decedent. It must apply to all forms of electronic storage providers, like email providers, microblogging services, social media providers and cloud providers. Provision must be made for the allowance of accounts created by deceased minors, who during their lifetimes, did not abuse their accounts, and created content (even through their correspondence), which their heirs or survivors deem worthy as legacies.

This law is crucial because it would, or should trump the terms of use and conditions that are currently provided by social media and email account providers like FaceBook, Gmail and Yahoo! to deny access to the heirs of the accounts of their deceased loved ones, because these policies prohibit the account holders from sharing their account passwords or from sharing their accounts with any third party, including their loved ones.

Second, another important and significant issue that is not currently being discussed in the Philippines is the intellectual property rights connected with the digital legacy left by a decedent. For instance, an examination of the relevant Facebook policy would reveal that when a user signs up for FaceBook, s/he grants FaceBook a non-exclusive intellectual property license to use and even transfer the license to third parties that FaceBook deals with, concerning the posts, photographs, videos, or written materials that the user puts in his/her FaceBook account. Even if the user terminates the account, these third parties that FaceBook transferred it license to can continue using the digital data. A proper Digital Inheritance Law must address this seemingly iniquitous situation.

Third, this law should also consider or lay down the proper framework for the valuation of digital assets.

The Bureau of Internal Revenue, and possibly the Bangko Sentral ng Pilipinas (BSP), Department of Trade and Industry (DTI), the Department of Communication Information Technology (DCIT), the NPC, the National Telecommunication Commission, other relevant agencies and the private sector must come up with an acceptable formula and accounting method for determining the monetary value of all forms of digital assets.

The framework must take into account the reality that some of these assets would defy the normal or usual means of valuation and accounting. An example would be Bitcoins, which is an example of a cryptocurrency that is not regulated by any country or any central banking authority. Since they are virtual money that pass from online wallets or are traded in online exchanges that are not regulated by the BSP, and their values fluctuate every day, it is difficult, if not impossible, for now, to access and determine their value for Gross Estate Tax purposes. These constitute the reasons why tech savvy spouses avail of Bitcoins to hide part of their assets from the prying eyes of their less than favored spouses and why drug dealers and purveyors of digital crimes use them as their currency of choice.

Dr. Atty. Noel G. Ramiscal’s picture of Juan Luna’s Girl Playing with Mandolin

The very clean well preserved streets of Vigan

To all the readers of this blog article, I request that you join me in my advocacy for such a law by circulating or disseminating this article to your favorite legislators, and to as many people and entities as you can to create the needed groundswell and support for this type of legislation. You can also leave a comment on this blog article and create a discussion for this law.

I would like to thank the excellent gorgeous IBP Vigan lawyers (who are too many to mention) who were so generous in regaling us with their stories and insights into Vigan’s past and treating us to the rich food, particularly the bagnet, that I could still savor even after so many months have passed! Vigan is one of those magical places that truly merit a world class reputation and I felt so fortunate to have experienced first-hand the true hospitality and genuine warmth of not only the lawyers but the locals, as well.

Dr. Atty. Noel G. Ramiscal with some of the marvelous and gracious IBP Vigan lawyers/officers

Extra especial thanks to the UP Institute of Administration of Justice, their brilliant Director, Prof. Patricia Salvador Daway, their former, and truly fabulous Director, Prof. Rowena Daroy Morales, the insightful Atty. Armand Arevalo, the generous Mesdames Mabel Perez, Zen Santos and Evelyn Cuasto and the amiable IAJ staff, who had supported my cyber law advocacies all these years!

To the lawyers in the law firms that I was fortunate to lecture at, the IBP National, Ms. Arguson, and the Arellano Law Foundation, who all trusted me to be one of their lecturers, and to every lawyer who had attended my lectures in the past, Deo Gratias!!! I trust that these bits of insights can serve as part of the arsenal for those of you who are advocating for the proper treatment of the digital legacy of their loved ones. God Bless Us! Insha Allah!

LAWBYTE 101: THE ADVENT OF DRIVER(HUMAN)LESS INTELLIGENT CARS AND THE BECKONING OF A NEW LEGAL FIELD, COPYRIGHT BY DR. ATTY. NOEL G. RAMISCAL

 

In the long drive from Cubao to Nueva Vizcaya (and back), where Dr. Atty. Noel G. Ramiscal delivered several Mandatory Continuing Legal Education (MCLE) lectures for the Integrated Bar of the Philippines, Nueva Vizcaya Chapter, Dr. Ramiscal was utterly grateful to the graceful and precise maneuverings of the Victory Liner Bus drivers, especially through the steep landslide prone areas of this province.

In preparing for one of his lectures, Dr. Ramiscal decided to tackle one of the truly “hot” and trending topics in cyberlaw, which is that of smart cars that can ferry humans and goods through smooth or treacherous terrains, without the need of human assistance. The notion of intelligent cars driving themselves into some automated highway systems have been around since the late 1930’s when General Motors introduced this concept in the 1939 World Fair. 50 years later Carnegie Mellon engineers successfully steered an Autonomous Land Vehicle In a Neural Network (“ALVINN”) through a roadway utilizing camera and laser range finder images. Almost two decades after that, vehicles that won in the 2004, 2005, and 2007 Grand Challenges of the Defense Advanced Research Projects Agency (“DARPA”) were based on the ALVINN prototype. Google’s driverless vehicles, which were shown in the 2013 film “The Internship” underwent a makeover in 2015 and are now plying streets in the U.S. with no record of any serious crash incident [see Thierer and Hagemann, REMOVING ROADBLOCKS TO INTELLIGENT VEHICLES AND DRIVERLESS CARS, Wake Forest Journal of Law and Policy, June, 2015, 339].

Dr. Atty. Noel G. Ramiscal’s lecture on Social Media E-Discovery for IBP Nueva Vizcaya, September 9, 2015

The race to win the hearts, minds and purses of the travelling/commuting public has been on the rise, with BMW and Mercedes Benz coming up with rival luxurious prototypes of these smart cars which they foresee will be the next wave of technology that will be adopted by consumers in the fashion of smartphones and android tablets. As shown in a video presented by Dr. Ramiscal, these cars are so intelligent that they could find parking spaces for their busy/preoccupied owners once they alight from the cars, and these cars can parallel drive flawlessly. Smart cars are foreseen to be the answer to the commuting challenges of people who do not drive, those who are incapacitated to drive, elderly people, children and people with special needs. What is more, these smart cars are, from the pieces of evidence gathered by the vehicle industries worldwide, better than human drivers. The Eno Center for Transportation projected that in the U.S. alone, the annual benefits of “50% market penetration of driverless cars (that is, 50% of all vehicles on the road being fully autonomous vehicles) are estimated to include 9600 lives saved, almost 2 million fewer crashes, close to $160 billion in comprehensive cost savings, a 35% reduction in daily freeway congestion, and almost 1700 travel hours saved. Even at the low estimate of 10% market penetration (that is, for every nine manual cars on the road there is one driverless vehicle), “this technology has the potential to save over 1000 lives per year and offer tens of billions of dollars in economic gains, once added vehicle costs and possible roadside hardware and system administration costs are covered” (cited in Thierer and Hagemann).

Despite these projections, are these driverless cars legal? In the U.S., several states have passed laws that still require a licensed human driver to be in the cars and navigate them in case they ran awry. Some states require that a manual override feature that is accessible to the human driver must be in the car. From these indications, there is still legislative hesitance about the over-all acceptability of humans relinquishing total control to the intelligent car’s computing system. This hesitation may be addressed to some extent with the current development in the vehicle to vehicle (V2V) communications platforms that some companies are pushing for.

Aside from these, the advent and penetration of smart cars in the real world markets would displace most, if not all the human drivers and chauffeurs who rely on their driving skills to earn a living. They will go by the way the horse and buggy carriage drivers went over a century ago (except for the current “kotseros” in Quiapo and Intramuros that eke a living from vendors and tourists). As pointed out by Dr. Ramiscal in this seminal lecture of his, legal definitions, insurance liability, torts concepts, criminal law, security and privacy standards that govern providers and manufacturers of these smart cars and the consumers/commuters will have to be re-written, re-adjusted and re-written some more. Ethical issues concerning assigning economic values to software algorithms that decide who will live and who will die in crash situations will have to be confronted. This is a new legal field that will beckon to new and enterprising lawyers who are tech savvy and insightful enough to put themselves ahead in the game.

Dr. Ramiscal desires to give his full appreciation to the IBP National and the IBP Nueva Vizcaya lawyers, who gamely attended, listened to, and participated in his MCLE lectures in the span of two days that are filled with new developments in the Information Technology and Communications fields and their intersections with diverse areas (explored and largely unexplored until now) in the Law.

IBP Nueva VIzcaya Pres. Atty. Leslie Costales introducing Dr. Ramiscal, September 9, 2015

Especial thanks to the dashing and dynamic IBP Nueva Vizcaya Chapter President!

Dr. Ramiscal also would like to note the generosity of the IBP Nueva Vizcaya Chapter in billeting him at the Saber Inn which was unpretentious,

IBP Nueva Vizcaya, Saber Inn

IBP Nueva Vizcaya, Saber Inn, Dr. Atty. Noel G. Ramiscal posing in front of QUADRO CAFE, September 9, 2015

IBP Nueva Vizcaya, Saber Inn, Dr. Atty. Noel G. Ramiscal posing in front of QUADRO CAFE, September 9, 2015[/caption] commodious, comfortable and which has certainly one of the best restaurants with unbeatable value and accommodating staff (Quadro Cafe) in the Philippines. He is especially fond of their beef with ampalaya, chicken wings, sinigang na hipon, chow fan/chorizo rice and puto bumbong, the flavors of which pleasantly linger in the palate! Deo Gratias!

ON SOCIAL MEDIA E-DATA TRENDS AND THE FACEBOOK EVIDENCE OF THE ALLEGED MILITARY ABDUCTORS OF JONAS JOSEPH BURGOS (COPYRIGHT BY DR. ATTY. NOEL G. RAMISCAL)

Dr. Atty. Noel G. Ramiscal was thrilled to get an invitation to do two lectures for the Integrated Bar of the Philippines (IBP) Chapter in Bulacan, for the Mandatory Continuing Legal Education (MCLE) seminars organized by the IBP National. In the morning (3 a.m.) of August 8, 2015, he set on the road from Calamba, Laguna to go to Malolos, Bulacan, to stave off the onslaught of any rain storm and traffic that might impede his reaching the Hiyas ng Bulacan Convention Center, Balagtas Hall, on time. As it turned out, he was early and was able to catch the informative lectures of Atty. Ted Villanueva.

Dr. Atty. Noel G. Ramiscal IBP Bulacan MCLE Lecture August 8, 2015 on Social Media

For his first lecture, Dr. Ramiscal apprised the attendees of several trends in the usage of social media in the legal arena. IT savvy lawyers from both sides of the fence can utilize social media evidence to devastating effect. Social media data is utilized now to identify witnesses, as smoking guns in criminal cases, to establish motive, opportunity, and state of mind of an accused, to determine the proper sentence of a convicted felon and to monitor for parole or probation violations. Defense counsel can use evidence from Facebook to find exculpatory evidence or material to impeach a witness.

Dr. Atty. Noel G. Ramiscal emohasizing a point in his August 8, 2015, IBP Bulacan, MCLE Lecture on Social Media

Social media is becoming quite valuable in family law, particularly custody proceedings where the fitness of the parents is the most crucial issue. For example in one case, a mother admitted in her MySpace entries that she engages in sado-masochism and uses drugs and will use drugs when her daughter would be asleep. In several cases, some parents have maintained several social media accounts with conflicting views about their parental responsibilities. One mother had a MySpace account which claimed she is a fulfilled wife and mother of beautiful children, and another MySpace account wherein she held herself as single and not desiring children. One father’s parental rights were terminated by the court where social media evidence was presented evidencing his infidelity and not wanting to have any children.

Social media data is also mined in labor cases, particularly in unlawful terminations and discriminations brought against employers by their employees. In one case brought against the famous coffee chain Starbucks, the illegal dismissal and sexual, racial and religious discrimination charges brought about by a female employee was dismissed due to the postings of the employee in her MySpace accounts like this one: “Starbucks is in deep sh[#]t with GOD!!! … I thank GOD 4 pot 2 calm down my frustrations and worries or else I will go beserk [sic] and shoot everyone ….”

In the Philippine context, Dr. Ramiscal brought to the attention of the lawyers the human rights case brought against the former Philippine President Gloria Macapagal Arroyo, and certain government officials concerning the alleged abduction and disappearance of Jonas Joseph T. Burgos. The Supreme Court tasked the Commission on Human Rights to report anew its factual findings and recommendations to the Supreme Court on this case because the Supreme Court found the previous investigation by the PNP-CIDG, by the AFP Provost Marshal, and even by the CHR had been less than complete. This time around, evidence from Facebook surfaced in connection with the identification of some of the alleged military abductors of Burgos. The PMA BATCH SANGHAYA 2000 had a Facebook account that is open to the public which contained 244 PICTURES. This Facebook account was unearthed as a Google search was conducted on the alleged identified abductors, and the name of one of them. A witness was shown the photos in the Facebook account and he identified two of the persons there as the alleged abductors of Mr. Burgos.

These and other developments in social media discovery were tackled by Dr. Ramiscal before a lively and supportive audience that included Attys. Tricia Santos and Fame Cruz (who scored the winning word “portmanteau”!).

Dr. Atty. Noel G. Ramiscal receiving the Certificate of Appreciation from the IBP Bulacan Pres. (Atty. Artico) and officers, August 8, 2015

Dr. Ramiscal was elated to find out that some of his schoolmates in the University of the Philippines Law School are doing prosperously well in Bulacan, including Atty. Pinky Bartolome, a bona fide thespian and the past president of the IBP Bulacan Chapter, and Atty. Francine Longid, another “artista” in the UP bunch. He was quite pleased to meet and chat with the current IBP Bulacan Chapter President, Atty. Arni Topico, and some of the officers and members, including Attys. Bobby Cruz and Samonte (who graciously lent his car and chauffeur to drive Dr. Ramiscal and his mother to the bus depot). One thing he learned about the Bulacan lawyers is their Passion for Service and Justice. Many of them (including Attys. Bartolome, Longid and Topico) are involved in international pro bono advocacies.

Dr. Atty. Noel G. Ramiscal raising the Cup of Excellence for the IBP Bulacan Lawyers August 8, 2015

Dr. Ramiscal is quite grateful to all the IBP Bulacan officers and members for their generousity and the wonderful “pasalubongs” like the sumptuous Rosalie’s pinipig suman, Minasa, guyabano drink, and certainly one of the best tasting beefsteaks that Dr. Ramiscal tasted, from the Hapag restaurant [VEECS Catering Service], and the unparalleled “asikaso” of the IBP National staff including Ms. Arguson and Ms. Aida.

This was truly a wondrous and amazing point in the cyberlaw advocacies of Dr. Ramiscal.

To the over 1,000 strong members, a Grand Salute to the “Bulacan Lawyers(’) Unlimited Excellence”!

ON THE OVERSIGHT IN THE APPLICATION OF THE PHILIPPINE RULES OF ELECTRONIC EVIDENCE IN CRIMINAL CASES BY THE PHILIPPINE SUPREME COURT (COPYRIGHT BY DR. ATTY. NOEL G. RAMISCAL)

Dr. Atty. Noel G. Ramiscal was fortunate enough to be invited to give two Mandatory Continuing Legal Education (MCLE) lectures for the Integrated Bar of the Philippine (IBP) Cavite Chapter, organized by the IBP National Office last July 31, 2015. As was his practice, he travelled from the province of Laguna to the conference site quite early to avoid being late, but the conditions are quite unpredictable and there was a road incident that caused a lot of bottleneck. Fortunately, the driver of the van that ferried Dr. Ramiscal was knowledgeable of all the side streets and interconnecting pathways of the variegated terrain of this prosperous province.

The IBP Cavite Chapter owned its building which was located in the Cavite Civic Center Compound that also houses some of the courts and a penitentiary.

Dr. Atty. Noel G. Ramiscal at IBP Cavite Center Bldg, July 31 2015

It was a quaint building overflowing with lawyers. The members in this chapter exceed 1,000 and they were expecting about 39 new lawyers to join. On the day slated for the lectures an electrical wire exploded taking down the airconditioning system.

Some of the IBP Cavite lawyers who attended Dr. Ramiscal’s lecture last July 31, 2015

It was fixed for a while and then it broke down again. It is a testament to the commitment of the lawyers to their professional development that they stayed on for the entire day up to the early hours of the evening enduring the hot and humid conditions inside and outside the building.

In his lecture on handling e-data,

Dr. Atty. Noel G. Ramiscal during his MCLE lectures for IBP Cavite July 31 2015

Dr. Ramiscal canvassed and discussed the relevant Philippine laws, rules, and jurisprudence on the discovery of e-data, and concluded that there is no current legal or formal mechanism for the formal discovery of e-data in the Philippines, that could be followed in Philippine courts. He gave the audience a brief outline of the discovery processes and the legal issues connected with the discovery of e-data in the U.S.A. He also acquainted the audience of the possible penalties that may arise for any producing party of e-data that failed to put a “litigation hold” or completely observed a “preservation order” of e-data and their repositories. In his lecture on social media e-discovery, Dr. Ramiscal tackled among other things, the nature of social media data, and the fact that privacy concerns should not be mistaken, or be made an excuse for the exclusion of “private” social media data from discovery.

One significant matter Dr. Ramiscal brought to the attention of the attendees was the application of the Philippine Supreme Court of the Rules on Electronic Evidence to criminal cases.

The Rules which the Supreme Court promulgated in 2001 did not cover criminal cases. To correct this oversight, the Supreme Court issued Administrative Matter No. 01-7-01-SC, Re: Expansion of the Coverage of the Rules on Electronic Evidence, last September 24, 2002.

In the April 10, 2010 case of Rustan Ang y Pascua v. the Court of Appeals, the accused claimed that the damning electronic picture which was attributed to him should have been authenticated via the means of e-signature under the expanded coverage of the aforementioned rules. Unfortunately, and inexplicably, the Second Division of the Supreme Court held that “the rules he cites do not apply to the present criminal action. The Rules on Electronic Evidence applies only to civil actions, quasi-judicial proceedings, and administrative proceedings”.
Then in March 10, 2014, the Third Division of the Supreme Court, ruled in People of the Philippines v. Enojas y Hingpit et al, that the Rules of Electronic Evidence do apply to criminal cases as a result of the 2002 Supreme Court issuance of the amendment.

It is curious to note that the “ponente” or the one who wrote the decisions in the 2010 Rustan Ang case and the 2014 Enojas case was the same Associate Justice.

During the time the erroneous Rustan Ang case served as the authority on the non-applicability of the rules to criminal cases, it caused a great ripple concerning the substantial limitations to evidentiary rights and objections the accused can raise in criminal cases involving electronic data.

The Philippine Civil Code provided that the decisions of the Supreme Court form part of the law of the land. So it would appear that the Rustan Ang decision would trump a mere 2002 administrative amendment done by the Supreme Court which this decision did not recognize.

Prior to the 2014 Enojas case, everytime Dr. Ramiscal would discuss the Rustan Ang case and its implications in MCLE lectures, he would answer lawyers who asked him if they can still use the rules of electronic evidence in criminal cases, in the affirmative. He had stated that they can do this in two ways. One, they can argue that said rules can provide some guidelines. Or second, they can place it as an issue in the criminal case itself, because there was no en banc decision, and no rule revoking the 2002 amendment. But the situation for criminal defense lawyers and their clients during this time due to the Rustan Ang case was far from ideal.

Dr. Atty. Noel G. Ramiscal with two IBP Cavite lawyers and officers, July 31 2015

At the end, Dr. Ramiscal expressed his heartfelt appreciation for the IBP Cavite lawyers who stayed for the duration of his lectures, despite the humidity challenge, and for their sincere generosity and hospitality [Attys. Luna, Espiritu, Clorina, Yu and Anarna], and in particular to Atty. Lara (the tahong chips are superb!) and her assistant, Hazel. Kudos to the officers and members of this Chapter!

The State of E-Discovery of E-Evidence in the Philippines (Copyright by Dr. Atty. Noel G. Ramiscal)

When Dr. Atty. Noel G. Ramiscal was invited by the Integrated Bar of the Philippines (IBP) National to deliver a couple of lectures for the Mandatory Continuing Legal Education (MCLE) seminar of the IBP Misamis Oriental Chapter in Cagayan De Oro City, he lost no time in saying yes. He was there in 2012 and delivered a MCLE lecture on Online Human Trafficking, and he remembered how friendly their reception was.

DR. ATTY. NOEL G. RAMISCAL CDO MCLE LECTURE JULY82015 LECTURERS TABLE

As soon as he made his way to the Laguindingan Airport terminal, he was met by two very charming and generous lawyers, Attys. Ed Cuaresma and Janeth Nuñez, who were the welcoming party. He was billeted at the Mallberry Hotel which was quite contemporary and served good food. But the breadth and scope of the MCLE seminar held at the Grand Caprice Restaurant Hall took him by surprise. About two hundred seventy lawyers participated in the four day event, and this was one of the biggest gatherings of lawyers that Dr. Ramiscal was privileged to be part of.

DR. ATTY. NOEL G. RAMISCAL CDO MCLE JULY 8 2015 CDO LAWYERS

DR. ATTY. NOEL G. RAMISCAL CDO MCLE JULY82015 LAWYERS WITH BABY

DR. ATTY. NOEL G. RAMISCAL CDO MCLE JULY82015 MANY LAWYERS

To start his engagement, Dr. Ramiscal talked about the international developments pertaining to the development of standards concerning electronic discovery of electronic evidence.

DR. ATTY. NOEL G. RAMISCAL CDO MCLE JULY82015 EDATA

Representatives from countries like the U.S., South Africa, Thailand, Europe, Canada are engaged in a continuing endeavour to formulate and fine tune these standards under the auspices of the International Standard Organization and the International Electrotechnical Commission (IEC). Unfortunately, the Philippines has not joined any of the deliberations of the body created by these two entities, and Dr. Ramiscal opined that because of this, important insights into the e-discovery processes are missed or not shared by Philippine stakeholders.

Dr. Ramiscal explained the state of e-discovery processes in the Philippines by going over the very small body of pertinent laws, cases and administrative issuances (including the Philippine Rules on Electronic Evidence which has not been revised since 2002) and remarked on their inadequacy in meeting the onslaught of litigation driven by discovery requests for electronic data. The understanding of the nature of e-data, the authentication of e-data, the processes required for discovering e-data and the judicial mechanisms for dealing with e-data in the Philippines are still in their nascent stages.

Dr. Ramiscal apprised the CDO lawyers of several technological and judicial trends in the U.S., which has the most sophisticated system of e-discovery that can be sources of guidance and illumination. He outlined the processes and remedies that parties seeking to discover e-data, and those that are required to produce e-data, may avail of, from the time a litigation hold is put in place, to the preservation of the e-data, up to the time the costs for e-discovery are figured out.

What is more, Dr. Ramiscal discussed specific types of e-data (e.g., text messages, digital photographs, websites and webshots, back-up tapes, metadata, etc.), the issues concerning their preservation, and later on, their presentation as evidence. Objections and concerns surrounding their admissibility, relevance, and security were addressed. Spoliation issues concerning the alteration, modification and destruction of e-data in the e-devices where they are located, that are required to be preserved, as well as the sanctions that could be sought against the responsible party were also dealt with. Dr. Ramiscal offered criticisms as well as suggestions and recommendations to the current rules of e-evidence some of which he viewed were based on an erroneous understanding of the technologies involved, and erroneously applied by the courts.

From the positive response of the lawyers present (the audience clapped six times at different points in the lecture), it was clear that they recognized the timeliness of revisiting and revising the Philippine Rules of Electronic Evidence to be accurate and responsive to e-discovery.

DR. ATTY. NOEL G. RAMISCAL CDO MCLE LECTUREJULY82015 WITH ATTY. RAAGAS

Heartfelt gratitude to the IBP Misamis Oriental Chapter, and its prosperous, enthusiastic members! Congratulations to Atty. Rey Raagas for being inducted as the President of this chapter, and all of its current officers! Thank you again to Attys. Nuñez and Cuaresma for their delightful company and to IBP National and Ms. Arguson for making this visit possible!