Submit MozillaPH Position Paper on Anti-Phishing Law

[bobreyes]

Senate Bill No. 225 (19th Congress)
LINK: http://legacy.senate.gov.ph/lis/bill_res.aspx?congress=19&q=SBN-225

LONG TITLE:
"AN ACT FURTHER PROTECTING THE INTEGRITY OF ELECTRONIC TRANSACTIONS, DEFINING FOR THE PURPOSE THE CRIME OF INTERNET AND TELECOMMUNICATIONS PHISHING, PROVIDING PENALTIES THEREFOR"

[bobreyes]

PDF copy of the bill:
http://legacy.senate.gov.ph/lisdata/3793334376!.pdf

[bobreyes]

TO DO:

• Call for comments from the MozillaPH community.
• Schedule an online meeting to discuss MozillaPH's position on the bill.
• Publish the draft of the MozillaPH Position Paper on the proposed law for comments by the community.
• Send the MozillaPH Position Paper to the Senate.

[coachrye]

Sounds interesting but I worry about these laws especially when they start formulating the implementing rules and regulations 😅

Some questions that come to mind:

• Sec 2: I am no expert in legalese but will there be a separate punishment for organized crimes and the leaders/owners? The fine for individuals seems high, but shouldn't it be relative to how much they scammed people? Meaning, it could be higher the more they successfully scam people.
• Sec 3: Will this also include preventing the crime? Investigating phishing attempts that are unsuccessful so we can nip it in the bud, rather than chasing those who were successful.

[mooneoh]

Some of the potential loop holes that may exist in the Philippine Anti-Phishing Law includes the following

Limited Jurisdiction: Phishing activities may be done from outside the Philippines, which may be difficult for the Philippine government to prosecute.

Lack of Technical Expertise: Phishers may use sophisticated techniques and tools to carry out their activities, which may be difficult for law enforcement and regulators to detect and prevent.

Difficulty in tracking & Proving: Proving the crime of phishing can be difficult, as it often relies on electronic evidence that may be hard to obtain or interpret.

Limited Resources: Law enforcement agencies and regulators may not have the resources or funding to effectively enforce the law and protect individuals and businesses from phishing.

Lack of awareness: Many people may not be aware of the law, and may not report phishing attempts to the authorities.

It is important to note that laws and regulations are constantly evolving to adapt to new threats and technologies, and the government and private sectors are working together to minimize these loopholes and improve the overall effectiveness of their anti-phishing measures.

[bobreyes]

This bill may be related to the proposed Internet Transactions Act (Senate Bill No. 154 of the 19th Congress), which we are set to send our position paper as well.

[kirkynaj]

It is good that we have this kind of bill to coordinate government agencies to protect the public from such fraudulent causes.

Some of my Insights:

• Do our national or local unit have the means or technology to track or find these people causing the act?
• Is there any follow-up or continuous investigation regarding the concern to effectively terminate or minimize the phishing attack?
• Given the sim registration, is there any more technology used by the Cyber Crime Division (CCD) or Anti-Cybercrime Group (ACG) to trace this kind of people and all other connected cases?
• International Phishing attacks: (ransomware) are we capable of catching and punishing these people?
• Prevention: Conduct public or private seminars to make awareness

[bobreyes]

Comments received via email/messaging:

Yung Phishing Law, part na ng Cybercrime Prevention Act. Hindi lang naka na-mentioned kasi during the time na pino-formulate ang RA 10175 hindi pa talamak ang phishing attacks.

Ba't di na lang i-revise / dagdag ang phishing attacks sa cybercrimes ng RA 10175 kesa gumawa ng bagong batas.

Wala na bang power ang DICT-CICC o demolished na ito?

[bobreyes]

Another comment received via social media:

The proposed Anti-Phishing law in the Philippines has been met with criticism and controversy due to concerns over freedom of expression and privacy. Some argue that the law could be used to suppress dissent and limit access to information. Additionally, the law has been criticized for being too broad and vague, potentially allowing for abuse and overreach by law enforcement. There are also concerns over the impact the law could have on small businesses and startups, as well as its potential to harm the growth of the digital economy in the Philippines.

[bobreyes]

Draft Position Paper:
https://docs.google.com/document/d/1u7EXntAQH5Q17fSq363VCRoQe9Ev1SzVLwiKix2ykXs/edit?usp=sharing