| PersonalBlog | CommonsBlog | CannedThoughts | Gallery |
“Hacking” the Mercantile Law Bar Exam Questions
Hacking?
Hacking what? Technical people would argue that there is no such a thing as “Hacking the Mercantile Law Bar Exam Questions.” Cracking maybe, but not hacking. Obviously, confusion will arise on the usage of the word “hacking” if one is not particular to one’s audience.
For the technically inclined, to hack means to write a program code; or to modify a program, often in an unauthorized manner, by changing the code itself. A hacker, thus, is a computer enthusiast, or a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s). To crack, on the other hand, is to break into a computer system or to copy commercial software illegally by breaking (cracking) the various copy-protection and registration techniques being used. A cracker, therefore, is distinct from a hacker. The sole aim of crackers is to break into secure systems, while hackers are more interested in gaining knowledge about computer systems and possibly using this knowledge for playful pranks. [ 1 ]
To illustrate the technical distinction to the legal mind, decompilation allowed in Section 185 of the Philippine Intellectual Property Code (Republic Act No. 8293) [ 2 ] is part and parcel of the technical concept of hacking. On the other hand, effecting transactions with one or more access devices issued to another person or persons to receive payment or any other thing of value (Section 9 [n] of the Access Devices Regulation Act, Republic Act No. 8484) – especially if construed in a virtual or Internet transaction – constitutes cracking.
Nevertheless, similar to the failure of mass media to distinguish between cracking and hacking, the terms cracking and hacking under the Philippine Electronic Commerce Act (Republic Act No. 8792) are used interchangeably. The Act provides specifically that “hacking or cracking ... refers to unauthorized access into or interference in a computer system / server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document.” [ 3 ]
The simplification of the definition of hacking, made synonymous to cracking, in the Electronic Commerce Act, allows the prosecution of a person, not necessarily a computer expert, who simply accessed another person‘s computer or electronic documents without the latter’s permission.
“Hacking the Mercantile Law Bar Exam Questions,” therefore, may be technically an incorrect title, but may be legally correct within Philippine jurisdiction.
Leakage of the 2003 Mercantile Law Bar Exams
The 21 September 2003 Mercantile Law Bar Examinations, one of the eight bar subjects and one given 15% weight, was annulled after a massive leakage – comprising 82 percent of the questions asked in the bar subject – occurred. The nullification of the examination on the subject was made in order to preserve the integrity and protect the sanctity of the examination and avoid any doubt or suspicion on the outcome of said examination. The Supreme Court, instead of having the examinees retake the Mercantile Law examination, distributed the weight assigned to Mercantile Law to other Bar subjects. Examinees in 2003 numbered to 5,349 law graduates.
The Supreme Court, on 4 February 2004, disbarred Danilo de Guzman, a lawyer from the Balgos and Perez law firm and the one responsible for the Mercantile Law Bar Examination leakage, and reprimanded Marcial OT Balgos, examiner in the 2003 Mercantile Law Exam, whose negligence was the root cause of the said bar leakage.
It appeared, on investigation, that Balgos prepared three sets of test questions on Mercantile Law on his personal computer in his law office. His computer, running on Microsoft Windows 98 operating system, is interconnected with other computers in the law office through a local area network (LAN). De Guzman activitated file-sharing of pertinent file folder(s) in Balgos’ computer without the latter’s knowledge, and was able to access Balgos’ files using his own computer in the network. De Guzman faxed the questions to Ronan Garvina, a fraternity brother. Garvina, in turn faxed the questions to Randy Iñigo and James Bugain. Iñigo passed a copy of the questions to Allan Guiapal, who gave a copy to Ronald Collado. Collado ordered the printing of the questions, with the logo and initials of the fraternity and distributed copies to 30 Bar candidates of the Manuel L. Quezon University (MLQU).
Atty. Ivan Uy, chief information officer of the Supreme Court, and his computer forensic experts were able to uncover De Guzman’s activities through his computer’s and the network’s logs. Inasmuch as access to Balgos’ computer was unauthorized, De Guzman is deemed to have committed “hacking” pursuant to the definition given by Section 33(a) of the Electronic Commerce Act.
Protecting files
Interconnectivity and security are two opposing, but not necessarily incompatible, concepts. Getting one step ahead of potential security threats would be a costly endeavor. But one must at least find ways to secure one’s files from an unauthorized user, who has basic knowledge of computers and their systems.
LAN may be practical in connecting a number of computers so as to share peripherals and resources, such as printers, hard disk storage, and even Internet connection when applicable. File transfer between computers within the network is made easier, especially if the file is above the 1.44MB diskette limit, or if the other computer does not have or support a large removable media drive. Unauthorized file access through shared folders, however, may occur if the user is unaware of means to control access. Therefore, what should be done to control access?
First. Choose the proper operating system. A lot of organizations purchase “home-based” operating systems such as Windows 95, 98, ME and XP Home for their personal computers as they are relatively cheaper than the more secure operating systems Windows NT, 2000, and XP Pro; or more popular than the various flavors of Linux or similar operating systems. The drawback in the use of Windows 98, for example, is that one can access the computer by merely cancelling the login box and thus create an account for oneself in the computer where one is not authorized to access. So if a file folder in Windows 98-based machine has been shared, one can access said folder in another computer in the network. Unlike in Windows 2000, for example, only one having administrator capabilities can add a new user to the computer. Furthermore, when a computer in a network does not contain a similar user profile as in the one accessed, a log-in and password dialogue box appears before one can access the other computer. [ 4 ]
Second. Find out if you’re sharing more than you are willing to share. Clicking on your computer’s name on Network Neighborhood would show the folder(s) or drive(s) your computer is sharing over the network. Better unshare the folder(s) or drive(s) which you are not really willing to share, or otherwise create a specific folder containing only the files that you would want to share. Furtther, you may want to limit the number of people that can access the shared folders at one time. [ 5 ]
Third. Password-protect your documents. If you are using Microsoft Word and Excel, these documents and spreadsheets may be protected from being opened by unauthorized personnel. [ 6 ]
Fourth. Don’t let your ultra-sensitive files stay in your computer. Better store them in reliable removable storage devices, such as those heavy-duty portable ones that can be plugged in your USB port.
Fifth. If you have money to spare, buy reliable software which would provide your computer personal firewall. It is additional protection to safeguard your sensitive files.
These are some of the precautions one can do to safeguard one’s files from the prying eyes of other people, especially if the security of documents affect the lives of a lot of people.
-------
Endnotes
1. Definitions for “hack,” “crack,” and “hacker ”acquired or retrieved on 2 April 2004 from www.webopedia.com. Copyright, 2004 Jupitermedia . All rights reserved. Reprinted with permission from http://www.internet.com.
2. Section 185, R.A. No. 8293 provides in part, “Fair Use of a Copyrighted Work. — xxx Decompilation, which is understood here to be the reproduction of the code and translation of the forms of the computer program to achieve the inter-operability of an independently created computer program with other programs may also constitute fair use. ”
3. Section 33 (a), RA No. 8792.
4. Windows 95, 98, ME, XP Home, NT, 2000, XP Professional are trademarks of the Microsoft Corporation. On the other hand, visit www.linux.org for information on Linux.
5. The last option, however, is not available under Windows 98.
6. To do so, within the word processing (Word) or spreadsheet (Excel) application, click on “File,” then “Save As.” When the Save As dialog box appears, click on “Tools“on the tool bar on top right, and click “General Options...” on the drop-down menu appearing. A Save dialog box will appear. Key-in a password on the box under “File Sharing Option”, “Password to open.” A Confirm Password dialog box will appear, key-in the same password. The file saved would only be opened if the password so determined would be keyed-in.
- Login to post comments
