Free Web Hosting Provider - Web Hosting - E-commerce - High Speed Internet - Free Web Page
Search the Web


E-Commerce and IT in the Philippines
Home

Introduction

E-Commerce

E-Evidence

Anti-Piracy Provision

Free Software

Stallman Interview

Dot PH

ICANN

E-Mail Brides

Transparency

Librarianship

UP and Linux

Best Evidence

Regulating Dot PH

Documents

IT Law Links

The Electronic Commerce Act or Republic Act No. 8792


On June 14, 2002, we celebrated the second anniversary of the signing of the Electronic Commerce Act or Republic Act No. 8792. Still, it is not be surprising that a big part of the Philippine population continue to be unaware of the main features of the law. While the law has been effective for some two years now, we have not really seen its provisions "operationalized" yet in our daily lives.

Perhaps, times are changing. Recently, the National Bureau of Investigation (NBI) arrested a person charged with hacking or of violating Section 33(a) of the Act. Mr. Cesar Manalac is alleged to have accessed, without authority, the computer system of Thames International Business School, his former employer, and copied confidential files. The case promises to be a high-profile showcase of how the provisions of the law are implemented in actual situations.


The Electronic Commerce Act and its IRR

The scope of the Electronic Commerce Act is quite broad. It "applies to any kind of electronic data message or electronic document used in the context of commercial and non-commercial activities." Of course, when we say "commercial and non-commercial activities", we might as well say "all activities". The short title of the law, therefore, is quite off. The proper title should have been the Electronic Transactions Act.

As earlier pointed out, "electronic data messages", a term used interchangeably with "electronic documents", is defined in the law as "information generated, sent, received or stored by electronic, optical or similar means." These "electronic, optical and similar means" includes not only personal computers, laptops, servers or mainframe computers, but also other simpler devices like telephones, cellular phones, pagers, personal digital assistants (PDAs), calculators, adding machines, bundy clocks, automated teller machines (ATMs) and even smart or magnetic cards like prepaid credit and ATM cards.

It is wrong, therefore, to say that the Electronic Commerce Act is relevant only to the highly technical. It is quite relevant to the common Filipino.

The salient features of the Act may be enumerated as follows:
a. It provides for the legal recognition of electronic data messages or electronic documents;
b. It provides for the legal recognition of electronic signatures;
c. It provides for the legal recognition of electronic contracts;
d. It mandates all government agencies to, among others, transact government business and perform government functions using electronic data messages or electronic documents within two (2) years from the date of effectivity of the Act;
e. It mandates the government to install an electronic network to known as the RPWeb with two years (2) years from the date of effectivity of the Act, and;
f. It penalizes the offenses of hacking and piracy as defined in Section 33(a) and (b) of the Act.

A. Legal Recognition of Electronic Documents

The first salient feature of the Act is the legal recognition of electronic data messages or electronic documents. Under the Act, information shall not be denied validity or enforceability solely on the ground that it is in the form of an electronic data message or electronic document, purporting to give rise to such legal effect. Such electronic data messages or electronic documents have the legal effect, validity or enforceability as any other document or writing.

More particularly, requirements under the law for information to be in writing and for a person to provide information in writing may be satisfied even if the information is in the form of an electronic data message or electronic document. This is so if the electronic data message or electronic document:
a. Maintains its integrity and reliability, and;
b. Can be authenticated so as to be usable for subsequent reference.

Requirements under the law for an information to be presented or retained in its original form may also be satisfied by an electronic data message or electronic document if:
a. There exists a reliable assurance as to the integrity of the electronic data message or electronic document and such integrity is shown by evidence alliunde, and;
b. The electronic data message or electronic document is capable of being displayed to the person to whom it is to be presented.

These rules apply even if the information is merely incorporated by reference in the electronic data message or electronic document. It is important to note, however, that these rules do not apply to "vary any and all requirements of existing laws on the formalities required in the execution of documents for their validity." In other words, if the law requires a document to be in a specific form of writing, the Act does not have the effect of changing that requirement.

B. Legal Recognition of Electronic Signatures

The Act also provides for the legal recognition of electronic signatures. It states that an "electronic signature on an electronic data message or electronic document is equivalent to the signature of a person on a written document" subject to certain conditions.

The conditions may be enumerated as follows:
a. The signature is an electronic signature as defined in the Act and the IRR;
b. It is proved by showing that a procedure not alterable by the parties interested in the electronic data message or electronic document, existed, with certain specifications.

Under the above-mentioned procedure:
a. A method must be used to identify the person sought to be bound and to indicate his access to the electronic data message or document;
b. The method must be reliable and appropriate for the purpose of the electronic data message or electronic document;
c. It must be necessary for the party sought to be bound to have executed the signature in order to proceed with the transaction, and;
d. The other party must be authorized to verify the electronic signature and to make the decision to proceed with the transaction.

Under the Act and its IRR, an electronic signature is "any distinctive mark, characteristic and/or sound in electronic form, representing the identity of a person and attached to or logically associated with the electronic data message or electronic document or any methodology or procedure employed or executed by a person and executed and adopted by such person with the intention of authenticating or approving an electronic document."

Simply put, an electronic signature serves the purpose of identifying the person sought to be bound and of showing his approval of the contents of an electronic data message or electronic document. It is not simply, as commonly misconceived, the electronic copy of one's manual signature.

In relation to this, the Act provides for disputable presumptions relating to electronic signatures. It states that "in any proceeding involving an electronic signature", it is presumed that "the electronic signature is the signature of the person to whom it correlates" and that the "electronic signature was affixed by the person with the intention of signing or approving the electronic data message or electronic document."

C. Legal Recognition of Electronic Contracts

The Act also provides for the legal recognition of electronic contracts. It states that, "no contract shall be denied validity or enforceability on the sole ground that it is in the form of an electronic data message or electronic document, or that any or all of the elements required under existing laws for the formation of contracts is expressed, demonstrated and proved by means of an electronic document."

To operationalize this, the Act and its IRR provided certain rules on attribution, errors, acknowledgement of the receipt, and the time and place of the dispatch and the receipt of electronic data messages or electronic documents. These rules are all designed to allow the use of electronic data messages or electronic documents in the formation of contracts.

The Act is not without defect. In one section, it states that "electronic transactions made through the networking of banks x x x shall be deemed consummated upon the actual dispensing of cash or the debit of one account and the corresponding credit to another x x x Provided, the obligation of one bank, entity or person similarly situated to x x x shall be considered absolute and shall not be subjected to the process of preference of credits." This has been described as not in accordance with the functional equivalence principle and is feared to lead to legalized money laundering in the Philippines.

Another provision, which, at most, may be described as vague, is the provision on tax situs. In the section providing for the rule on the place of dispatch and receipt of electronic data messages or electronic documents, it is stated that "This rule shall also apply to determine the tax situs of such transaction". How exactly can the rule be applied to determine tax situs is unclear.

D. Mandate for Electronic Governance

Another salient feature of the Act is the requirement for all government agencies to "transact government business and/or perform governmental functions using electronic data messages or electronic documents" and to install an electronic network known as the RPWeb "to facilitate the open, speedy, and efficient electronic online transmission, conveyance and use of electronic documents amongst all government departments, agencies, bureaus, offices", etc., within two (2) years from the date of effectivity of the Act.

The IRR though was quick to add a qualifier. It states that "Nothing in the Act or the Rules authorizes any person to require any branch, department, bureau, or instrumentality of government to accept or process electronic data messages; conduct its business; or perform its functions by electronic means, until the adoption, promulgation and publication of the afore-mentioned appropriate rules, regulations, and guidelines."


E. Criminalization of Hacking and Online-Piracy

The last main feature of the Act is its penal provisions. Under Section 33(a), "hacking and cracking" is penalized by a "minimum fine of one hundred thousand pesos (P100,000) and a maximum commensurate to the damage incurred, and a mandatory imprisonment of six (6) months to three (3) years."

The offense is defined as "the unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communication system, including the introduction of viruses and the like, resulting to the corruption, destruction, alteration, theft or loss of electronic data messages or electronic documents."

As earlier mentioned, this specific provision is the basis of the case against Cesar Manalac who was arrested for hacking into the computer systems of his former employer Thames International Business School. This same provision would have been applicable also in the case against the alleged author of the ILOVEYOU virus if only the Act was already in effect in February 2000. Fortunately for Onel de Guzman, the case against him was shelved for lack of a law applicable against hacking.

On the other hand, under Section 33(b), "piracy" is penalized by a "minimum fine of one hundred thousand pesos (P100,000) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years."

The offense is defined as the "unauthorized copying, reproduction, dissemination, distribution, importation, use, removal, alteration, substitution, modification, storage, uploading, downloading, communication, making available to the public, or broadcasting of protected material, electronic signature or copyrighted works including legally protected sound recordings or phonograms or information material on protected works, through the use telecommunications networks, such as, but not limited to, the internet, in a manner that infringes intellectual property rights."

The provision has been heavily criticized as going beyond the exclusive rights of authors as provided under Section 177 of the Intellectual Property Code or Republic Act No. 8293. Under the Code, the exclusive rights of authors include only the right of reproduction, adaptation, first public distribution, rental, public display, public performance and other communication to the public.

In his book "The E-Commerce Act and other Laws @ Cyberspace", Prof. Vicente Amador notes that Section 33(b) appears to add to exclusive rights of authors the rights of importation, use and the making available to the public of the copyrighted work. According to him, the provision disturbs the balance provided under the Intellectual Property Code, criminalizes acts which are not punishable under the Code, and is likely to restrict access to information in the Philippines. The provision punishes acts even if they were done in a commercial scale, or even if they were done under the "fair uses" allowed under the Code.

Curiously, a provision of the IRR states that "The foregoing shall be without prejudice to the rights, liabilities and remedies under Republic Act No. 8293 or the Intellectual Property Code of the Philippines and other applicable laws." This provision seems to suggest that a single infringing act may be punished both by the Electronic Commerce Act and the Intellectual Property Code. Whether this interpretation is valid remains to be seen.

(Copyright 2003. Gilbert E. Lumantao. All rights reserved. No part of this article may be reproduced in any manner whatsoever without written permission except in the case of brief quotations embodied in critical articles and reviews.)