Chapter 7 - Extent of Liability

of ICT Professional and Other

Computer Related Laws
By: Engr. Jonathan V. Taylar
Intended Learning Outcomes
At the end of this chapter, student is expected to:
• Recognize the rights of a bona fide credit card holder;
• Discuss the prohibited acts under RA 8484 or the Access Devices Acts of
1998;
• Conclude whether or not the author of any Computer Virus may be
punishable under RA 8484 and E-Commerce Law;
• Resolve the extent of liability of an ICT Professional in a particular case;
• Enumerate the salient features of the E-Commerce Law;
• Decide how the secret-key encryption works in providing security in an
E-Commerce business
RA 8484 – THE ACCESS DEVICES
ACT OF 1998
• An act regulating the issuance and use of access
devices and prohibiting the fraudulent acts committed
thereto, among others.
• By enacting this legislation, the State recognizes the
recent advances in technology and the widespread
use of access devices in commercial transactions
(Sec.2)
WHAT IS AN “ACCESS DEVICE?”
• ACCESS DEVICE – means any card, plate, code, account number,
electronic service equipment, or instrumental identifier, or other
means of account access that can be used to obtain money, goods,
services, or other thing of value or to initiate a transfer of funds
(other than a transfer originated solely by paper instrument; Sec.
3(A))
• What is a CREDIT CARD?
• Means any card, plate, coupon book, or other credit device existing
for the purpose of obtaining money, goods, property, labor or
services or anything of value on credit (Sec 3(F))
In case of Loss of Credit Card
• Holder must notify the issuer of the access device of
the details and circumstances of such loss upon
knowledge of loss
• Full compliance with procedure will absolve the
holder of any FINANCIAL LIABILITY from fraudulent
use of the access device from the time the loss or
theft is reported to the issuer.
PROHIBITED ACTS UNDER RA 8484
• Section 9 – Prohibited Acts
• A. Producing, using, trafficking in one or more counterfeit devices;
• B. Trafficking in one or more unauthorized access devices or access devices
fraudulently applied for;
• C. Using, with intent to defraud, an unauthorized access device;
• E. Possessing one or more counterfeit access devices or access devices
fraudulently applied for;
• F. Producing, trafficking in, having control or custody of, or possessing device-
making or altering equipment without being in the business or employment,
which lawfully deals with the manufacture, issuance or distribution of such
equipment.
PROHIBITED ACTS UNDER RA 8484
• G. Inducing, enticing, permitting or in any manner allowing another,
for consideration or otherwise to produce, use, traffic in counterfeit
access devices, unauthorized access devices or access devices
fraudulently applied for;
• H. Multiple imprinting on more than one transaction record, sales slip
or similar document, thereby making it appear that the device holder
has entered into a transaction other than those which said device
holder had lawfully contracted for, or submitting, without being an
affiliated merchant, an order to collect from the issuer of the access
device, such extra sales slip through an affiliated merchant who
connives therewith, or, under false pretenses of being an affiliated
merchant present for collection such sales slips and similar documents
PROHIBITED ACTS UNDER RA 8484
• I. Disclosing any information imprinted on the access of device, such
as, but not limited to, the account number or name or address of the
device holder, without the latter’s authority or permission;
• J. Obtaining money or anything of value through the use of an access
device, with intent to defraud or with intent to gain and fleeing
thereafter;
• K. Having one’s possession, without authority from the owner of the
access device or the access device company, an access device, or any
material such as slips, carbon paper, or any other medium, on which
the access device is written, printed, embossed, or otherwise
indicated;
PROHIBITED ACTS UNDER RA 8484
• L. Writing or causing to be written on sales slips, approval numbers
from the issuer of the access device of the fact approval, where in fact
no such approval was given, or where, if given, what is written is
deliberately different from the approval actually given;
• M. Making any alteration, without access device holder’s authority, of
any amount or other information written on the sales slip;
• N. Effecting transaction, with one or more access devices issued to
another person or persons, to receive payments or any other thing of
value;
PROHIBITED ACTS UNDER RA 8484
• O. Without the authorization of the issuer of the access device,
soliciting a person for the purpose of:
• Offering an access device; or
• Selling information regarding or an application to obtain an access
device; or
• Without the authorization of the credit card system member or its
agent, causing or arranging for another person to present to the
member or its agent, for payment, one or more evidence or
records of transactions made by credit card.
What to do if ATM Machine did not
Dispense your ATM Card
• General standard – provide a toll-free customer
hotline
• Immediately inform the security guards assigned and
call customer hotline and inform the relevant facts of
the circumstances
What to do if ATM Machine did not Dispense Cash
but the Amount was debited to the Account

• Call customer hotline immediately and inform the

facts of the circumstances
• Normal – 5 days to wait
• After 5 days, use the reference number to follow up
your concern
• Don’t presume that the bank will automatically credit
back your money
I LOVE YOU VIRUS
• The Government did not successfully prosecute the author – Onel De
Guzman of AMA Computer College because RA 8484 failed to foresee
a situation where access device fraud is committed – E-Commerce law
was not yet in force when LOVE BUG strikes
• Other countries cannot prosecute the author because the so called
crime was done in the Philippines (TERRITORIALITY)
• Extradition cannot be implemented because of principle of dual or
double criminality – the crime must be punishable by both countries
LEGAL TENDER
• Legal tender – a country’s currency wherein the creditors cannot
refuse to accept if offered as payment of an obligation
• There are Philippine currencies that are not legal tender: Five to Ten
centavo coins are legal up to P20; while 25 centavo coins are legal up
to P50.
• A check is NOT A LEGAL TENDER
• What about CREDIT CARD?
Extent of Liability of ICT
Professionals
• Liability – almost any obligation, responsibility or duty that might arise from a
cause in a statute, contract or tort.
• Ordinary negligence – when a software developer does not use the degree of
care that a reasonably prudent person would have used
• Malpractice – failure to employ the higher standard of care that a member of a
profession should employ
• Strict Liability – Manufacturers and sellers of defective products are held
strictly liable
• Problems with software are often not CLEAR or entirely understood by
members of the legal system, rarely is strict liability used in computer related
cases.
Problems in Software and Hardware
developers
• Pressures on the release of the software or hardware
• Lack of industry standards
• Common standards are for ease of use and compatibility and not for
quality assurance or reliability
• Primary tool for quality is TESTING
• The best solution in dealing with unreliable software is to simply to
create only reliable software (WAHL 176) - but standards of care in
software development do not exist.
Problems in Software and Hardware
developers
• License agreements – “this software is provided on an AS IS basis
without warranty of any kind”
• Hardware and software liability is a new issue in society and law and
reactions to it are slow
• Unclear how to apply existing laws to these products and services and
what new laws need to be written
LIABILITY OF PROGRAMMER AND/OR
DEVELOPER IN PHILIPPINES LAW
• If the buyer bought from a seller, a software developed for mass
market, then the law on sales shall govern the relationship of the
buyer and seller under Article 1458- 1645 of the Civil Code of the Phil.
• If the buyer bought from a seller a software which contains features
which the former has provided, and from which the seller develop
for the buyer, then the relationship shall be governed by the law on
“Contract for a Piece of Work” under Article 1713-1731 of the Civil
Code of the Phil.
MATRIX FOR CONTRACT FOR A
PIECE OF WORK AND CONTRACT OF
SALE
CONTRACT FOR A PIECE OF WORK CONTRACT OF SALE
The thing transferred is one The thing transferred is one
not in existence and which which would have existed and
never would have existed but would have been the subject
for the order of the party of sale to some other person,
desiring to acquire it. even if the order had not been
given.
The essence of a contract is the The essence of a contract is the
“SALE OF SERVICE” “SALE OF AN OBJECT”
Not within the Statute of Frauds
STATUTE OF FRAUDS
• Purpose is to prevent fraud and not to encourage the same
• Certain agreements are required in writing so that they may be
enforced
• Example: Contract of lease for 1 year vs 3 months
• Agreement can be enforced even if it NOT in writing
Article 1713 of the Civil Code of the
Phil.
• By the contract for a piece of work the contractor binds himself to
execute a piece of work for the employer, in consideration of a certain
price or compensation. The contractor may either employ only his
labor or skill, or also furnish the material
• Contractor – ICT Professionals or Software development team; person
who undertakes to procure the performance of a works or services,
for a fixed price.
• Employer – person who employs the services of a contractor
What if the Hardware/Software and/or
Multimedia Artists did NOT conform
with the quality or standard agreed
upon?
• In this instance, Article 1715 of the Civil Code of the Philippines is
applicable. It reads:
• The contract shall execute the work in such a manner that it has the
qualities agreed upon and has no defects which destroy or lessen its
value or fitness for its ordinary or stipulated use.
• Should the work be not of such quality, the employer may require that
the contractor remove the defect or execute another work.
• If the contractor fails or refuses to comply with this obligation, the
employer may have the defect removed or another work executed, at
the contractor’s cost.
If the ICT Professional had submitted
his work and the client accepted the
same, does it relieve the developer of
liability for any defect that may be
discovered?
• Under the general rule, the ICT Professional may be absolved
from liabilities, subject to exceptions: Art 1719 Civil Code
reads:
• The defect is hidden and the employer is not, by his special
knowledge, expected to recognize the same; or
• The employer expressly reserves his rights against the
contractor by reason of the defect.
E-COMMERCE LAW
RA 8792 – Electronic Commerce Act
of 2000
• Provides a legal framework for internet based services such as e-
commerce (same legal binding effect as that of paper-based
document)
• Seeks to punish perpetrators of cybercrimes particularly computer
hacking, introduction of viruses and piracy of copyrighted works by
providing penal sanction thereof
• Aims to facilitate domestic and international dealings, transactions,
arrangements, agreements, contracts, and exchanges including
storage of information through the utilization of electronic, optical an
similar medium, mode, instrumentality and technology.
E-COMMERCE LAW
RA 8792 – Electronic Commerce Act
of 2000
• Gives recognition to the authenticity and reliability of electronic
documents related to such activities and this includes promotion and
use of electronic transaction in the government and general public.
• E-COMMERCE TYPES
• Business to Business (B2B) – ISP to Business Enterprises
• Business to Consumer (B2C) – LAZADA
• Consumer to Consumer (C2C) – sulit.com; ayosdito.com; OLX
SECURITY: A Very Important Concern
in
E-COMMERCE
• General security concerns in E-Commerce:
• USER AUTHORIZATION
• DATA AND TRANSACTION SECURITY
• TO ENSURE USER PRIVACY AND INFORMATION SECURITY IN AN OPEN NETWORK
LIKE INTERNET, the following schemes were implemented:
• PASSWORD PROTECTION
• ENCRYPTED SMART CARDS
• BIOMETRICS
• FIREWALLS
• AVAILABLE DATA TRANSACTION SECURITY SCHEMES
• SECRET-KEY ENCRYPTION
• PUBLIC/PRIVATE –KEY ENCRYPTION
BASIC REQUIREMENTS OF
TRANSACTION SECURITY
• TRANSACTION PRIVACY – must be held private and intact,
unauthorized users unable to understand the message content
• TRANSACTION CONFIDENTIALITY – traces of transactions must
be removed from public network. No intermediaries is
permitted to hold copies of the transaction unless authorized
to do so.
• TRANSACTION INTEGRITY – transactions should be protected
from unlawful interference; they must not be altered or
modified
ENCRYPTION
• Encryption – a set of secret codes which defends sensitive
information that crosses over public channels (Internet)
• It is a mutation of information in any form (text, video,
graphics) into a form decipherable only with a decryption key
• The purpose is to make data impossible for a stranger who
obtains the ciphertext (encrypted information) while in
transit across the network, to understand it, while enabling
the intended recipient to decode and recover the original
message- unaltered and not tampered with.
DIGITAL SIGNATURE
• A cryptographic mechanism – the counterpart of a written signature on
a paper based transaction
• Basic function is to verify the origin and contents of a message for
sender authentication purposes
• Allows the computer to notarize the message, to assure the intended
recipient that the message has not been forged while the network
traversed
• Validates the sender’s identity
• Composed of a unique sequence of data bits and codes which pertains
to the sender’s identity or the document’s contents.
CASE STUDY FINALS
• Research at least 10 latest NEWS that are IT related
encompassing the topics that we have discussed
about recent laws that are IT related.
• On each news topic, give your reactions and cite the
Philippine laws that are connected with it.