The digests and haystacks listed under the AcadResources page are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.
This blog is currently being transferred. Unimportant posts are posted in http://personal.berneguerrero.com/ while important posts are posted at the root domain http://berneguerrero.com/
Posted in to-do | No Comments »
“Congratulation’s! Pres.GMA’CHRTY FOUND.Ur Sim#have WON! W=680,000 Thousand DisDay 10/04/05,DTI PRMT#.0010 > 4 more info? Call now! Sec.LARRY C.AGUIRRE.” texted sender with phone number +639216727858 on 4 November 2005. Tempting as it may be, a lot of questions come into mind, and they212 start with the spelling of “Congratulation’s!,” the grammar of “have WON!”, the inconsistency of “DisDay 10/04/05” and the actual date 4 November 2005, and the vagueness and implausibility of “DTI PRMT#.0010.” Then the questions continue to “Is it not a wastage of corporate assets if a charitable foundation would give out money to a certain person without any qualification, except that the latter is a SIM (Subscriber’s Identification Module) holder?” or “Why would a non-mobile company give money to a bloke just for having a SIM number?” and “What political advantage can this text message give to ‘Pres. GMA?’ or this ‘Sec. Larry C. Aguirre”? It is either a con artist one-peso investment, or a political destabilizer’s one-peso contribution. A pinch of cynicism exist to scrutinize the text message because of an earlier message was received by my wife allegedly from “SMART PADALA.” The text message, received 22 March 2005, reads “SMART PADALA: U won a nokia 7610 from our network. To claim your prize please call toll free no. 09282292317. DTI NCR permit #2838 series of 2005. God bless.” Three aspects of the message proved problematic, i.e. Smart Padala involves Overseas Filipino Workers (OFW) remittances from abroad to the Philippines through mobile accounts and my wife is not an OFW, but a senior law student as I am, to avail of the Smart Padala service; another was the toll free no. 09282292317, which is a mobile phone number which is never toll free; and lastly, if Smart Communications would actually be giving away prizes of sorts, it would have sent it through the usual three-digit or four-digit numbers, where it sends account notifications and text spams/marketing offers. A call to a brother-in-law, who is an officer in Smart Communications, readily exposed the scam.
Going back to the November text message involving the alleged GMA Charity Foundation, the text has been circulating even prior to November 2005. In August 2005, a certain person from Antipolo, Rizal even called up the texter’s number, and later posted a comment at the government’s dot-gov-dot-ph website. The comment reads:
“I would just want to inquire about the text message that my brother got. It says that I won in a raffle by the GMA CHARITY FOUNDATION. What is this all about? Is this really true? Coz the amoutnt hey mentioned is quite big. We called up the number and we were told that they got the number from my service provide which is GLOBE. We called a certain ATTY. LARRY AGUIRRE and were told to call another person which is ATTY. MANUEL NANDING and he gave the address where we can go to give documents about us. #169 salcedo village, makati city. i just want to know if this is a valid promo coz they have a dti number (dti no. 00110). if not i want to let the government and the others aware of this illegal operation. thank you and god bless!” [1]
The scam is similar to the scam reported by the Philippine Star on 16 June 2005. DFA Undersecretary for Migrant Workers’ Affairs Jose S. Brillantes said therein that the text messages name drop Bangko Sentral ng Pilipinas (BSP) Governor Rafael Buenaventura, and claim that the receiver has won two million Philippine pesos and has to remit 800 US dollars to be able to receive the prize money. The text message reads “Congrats your cell roaming no. had won P2 million during the electronic raffle drawn from the Central Bank of The Philippines. Call now Governor Rafael Buenaventura at this number: +639156907234,” according to Donnie Fetalino, Attaché and Communications Officer of the Philippine Embassy in Cairo. [2] Recently, the Department of Foreign Affairs (DFA) warned OFWs against a new text scam circulating in Canada. The Philippine Consulate General in Vancouver reported, resulting from the inquiry of two Filipinos as the veracity of the text message, that the text message reads: “This is an exclusive for OCWs and OFWs. Your roaming number was very lucky to receive $40,000 from CBP. This is a new project of GMA and Western Union.” The Consulate General contacted Western Union to verify the authenticity of the message and the bank informed the mission that there was no such promotion or project. [3] Simply, the would-be victim receives a text message announcing he has won in a raffle sponsored by BSP (or Pagcor or the Philippine Charity Sweepstakes Office) with prizes ranging from one million pesos to two million pesos. If the victim responds and calls a telephone number given by the sender, an alleged Governor Buenaventura will reply. The victim will be instructed to first pay a ten-percent withholding tax before he can claim his prize. [4]
Calling the mobile numbers involved after a certain period of time would solicit network notification that “The number you have dialed is either unattended or out of the coverage area. Please try your call later.” Such fact is quite predictable as that the mobile numbers used in the scam would be using pre-paid SIMs. In the November text message, for example, the sender used a +63921 number; i.e. 63 is the Philippines’ country code, 921 involves Smart Buddy subscribers – a pre-paid class of mobile phone subscribers. For a measly sum of less than four United States Dollars (US$4) – the cost of the prepaid SIM being one hundred ninety (P190) pesos only – and the anonymity that is maintained in purchasing the pre-paid SIM, to perpetuate fraud in this manner would, for some, be lucrative.
The scam works in the same manner as how an “advance fee fraud” works. [5] It is the SMS-based equivalent of the Nigerian money transfer fraud, Nigerian scam or 419 scam, however it may be called. Herein, the con artist would send out text messages similar to those above. If any recipient would express his interest by texting back and/or inquiring into the details of the promotion, the sender would cause the recipient to produce certain amounts of money – usually 10% of the total amount – for the sender to facilitate the release of the prize money or goods. One way of sending the amounts is through bank deposit or transfers. This method of payment, however, is risky to the con artist inasmuch as certain documents need to be presented by the con artist-bank account holder to the bank. Still, one victim was reported to have fallen to such scam. The victim, who comes from the province, said he was duped into depositing twenty thousand pesos (P20,000), as tax for prize money, to a certain bank account number. [6]
The recipient could also cause the transfer of money by sending the PIN of pre-paid cards, as to credit loads, to the sender’s mobile phone. In a case reported by the Inquirer,
“Victims are told to send the PIN codes of newly-purchased cellphone cards to join a raffle and get a chance to win 1.5 million pesos to 2.5 million pesos. A victim who complained to BSP admitted that he bought 3,000 pesos worth of pre-paid cards hoping it would increase his chances of winning. Needless to say, unsuspecting victims who divulged their PIN codes were not aware that the very same pre-paid cards were being used by the scam artists to send text messages to other would-be preys.” [7]
Further, the sender can extend his fraudulent scheme by claiming only eight out of the ten PINs actually sent, for example, were ever received by him, or that two or three of the PINs sent do not work and that the recipient should substitute those PINs for him to actually facilitate the release of the prize. No amount of pre-paid credit loads or bank deposits would bring the sender to facilitate the release of the prize, as there is no actual prize existing. The con artist can dispose of his pre-paid SIM if it is apparent that no one else of potential victims would be interested in falling for the scam, or if he/she sensed that law enforcers, if ever, would be on his trail.
Although the scam may be reported to the Anti-Money Laundering Council, the Philippine National Police, the National Bureau of investigation and the National Telecommunications Commission for their appropriate investigation and action, the capture of the fraudster would prove to be difficult as there are no records to determine the person behind the pre-paid number used in the scam. Unlike in post-paid accounts, personal or company ID cards, proof of billing, and other documents are necessary to establish capacity to pay pre-existing obligations. These documents form part of the records of a post-paid account. Although at least 200 million text or SMS messages are sent every day in the Philippines, – more than two for every Filipino and earns the country its reputation as the world’s SMS capital – Filipinos still do not have to give their identities when buying pre-paid phone cards. [8] No document is required in purchasing pre-paid SIM. It can be bought off the shelf. There is no limitation from buying three SIMs from the three major mobile carriers in the Philippines, i.e. in alphabetical order, Globe, Smart, and Sun, even if the person purchasing has only one set of mobile phone. “The main attraction of pre-paid is that these are low-income countries and subscribers want to control their spending,” said Karen Ang, a Bangkok-based telecoms analyst for Citigroup. “But being able to buy a pre-paid card without giving up a lot of information about yourself is also an attraction.” [9]
Text-based fraud can be reduced if regulation, not ban, of pre-paid SIM purchase is enforced. In other parts of the Asia-Pacific region, where similar incidents have occurred, governments have set up stringent requirements as to their registration. Last year, Taiwan, fed up with con-men using the cover of anonymity to separate gullible people from their money with scams ranging from simple credit-card tricks to bogus kidnappings, sought to identify pre-paid phone users. Thailand moved to register users of pre-paid phones in May, describing it as part of efforts to stop terrorists using mobile phones to set off bombs. Malaysia ordered phone companies to register all holders of pre-paid services after text-messaging gossip-mongers hit a raw nerve with false talk that the premier’s ailing wife had died. Shanghai, China’s richest city with 20 million people, required registration of pre-paid users last September to tackle text-message fraud. [10] Most recently, and effective 1 November 2005, Singapore has required new and existing prepaid card users to register their numbers. [11]
Fraud through mobile phone text has been reported in the Philippines since 2003; and in light of the possibilities of text messaging in sowing wild rumors, perpetrating crime and possibly, triggering bombs; it is a big question why the Philippine government has not pursued any action towards the registration of pre-paid numbers. Unlike prior measure to regulate text messaging in itself – such as to regulation of content, and matters of taxation – that were subject to stiff opposition by consumers, a regulation of pre-paid numbers – not with the Government, but with the respective mobile phone service providers – has not been made, even if there is compulsive proof of the need to regulate such.
The Philippines chronically lags behind its neighbors, and the matters involving consumer convenience and fraud prevention are not exempted from said statement. The Department of Trade Industry (DTI) permit numbers do not serve as a deterrent against consumer fraud as no one is aware of the official list of permits actually issued by the DTI as to promotions. There is no repository, like in the Internet, to check whether a promotion being floated to the public is what it purports itself to be, or if State-sanctioned. The Government should provide for the prevention of fraud, not just to prosecute it when the fraudster make the mistake of making himself identifiable.
Further, the Philippines boasts of its resolve to root out terrorism, but it has not, as apparent as it has been identified by its neighboring countries, there is no regulation that would reduce the mobility of malefactors / terrorists through the use of communication tools, or prevent malefactors from using communication devices as triggers for indiscriminate attacks against the civilian population. Its gestures towards anti-terrorism are confined in grand strokes towards a defective national legislation, intentionally oblivious to simple suppletory solutions such as that of registering pre-paid numbers.
Until the simple regulation would occur, the “P” in pre-paid would more likely lean towards the possibility of being punked.
Endnotes
Posted in (a) e-law | 1 Comment »
Internet fraud may use e-mail, chat rooms, websites and message boards to present solicitations to possible victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions. [1]
Credit Card Fraud
Credit Card Fraud is the most common of Internet fraud. Information used to pursue the same may be acquired from retailers, whether online or offline; from companies’ databases which have been compromised; from schemes like phishing; etc. Using credit cards online is inherently insecure, as information acquired in “secure transactions” are decrypted into plain text for processing. [2] Still, some would argue that the safest way to purchase items via the Internet is by credit card because one can often dispute the charges if something is wrong. [3]
Prevention.
Advance Fee Fraud
Advance fee fraud (the Nigerian money transfer fraud, Nigerian scam or 419 scam after the relevant section of the Nigerian Criminal Code that it violates), is a fraudulent scheme to extract money from victims after making them believe they will get an immense fortune. Victims are requested to pay an upfront fee before their purported fortune is released. [5]
Origin. Originally known as the “Spanish Prisoner Letter”, the scam is a confidence game dating back to 1588. In its original form, the con artist tells his victim (the mark) that he is in correspondence with a wealthy person of high estate who has been imprisoned in Spain under a false identity. The alleged prisoner cannot reveal his identity without serious repercussions, and thus supposedly rely on the con artist to raise money to secure his release. The con artist offers to let the mark supply some of the money, with a promise that he will be rewarded generously when the prisoner returns both financially and by being married to the prisoner’s beautiful daughter. However, once the mark has turned over his money, he learns that further difficulties have arisen, requiring more money, until the mark is cleaned out and the game ends. [6]
The association with Nigeria was due to the massive proliferation of such confidence tricks from that since the mid-eighties. In the latter form, the schemers contacted mainly heads of companies and church officials through ordinary postal mail. The use of e-mail spam, instant messaging, and even text messaging for the initial contacts has led to other persons also being targeted, as the cost to the scammers to make initial contact is much lower. [7] The Nigerian Money Transfer Fraud operates in the following manner: The potential victim receives a letter or fax from an alleged “official” representing a foreign government or agency. An offer is made to transfer millions of dollars in “over invoiced contract” funds into the potential victim’s personal bank account. The potential victim is encouraged to travel overseas to complete the transaction; is requested to provide blank company letterhead forms, banking account information, telephone/fax numbers. The potential victim receives numerous documents with official looking stamps, seals and logo testifying to the authenticity of the proposal (electronic documents over Internet). Eventually potential victim must provide up-front or advance fees for various taxes, attorney fees, transaction fees or bribes. [8] The original medium for this scam was through mailers, it was in the late 1990s that the Internet was extensively used for the purpose.
Variance. One variant involves an alleged lawyer-con artist, representing the estate of some long-lost relative the potential victim the latter never knew he or she had (as the potential victim’s surname will be inserted into the e-mail message). The con artist will claim to have gone to a lot of trouble to find the victim in order to give him or her a share of the millions of dollars available if the potential victim will forward his or her bank account information to the con artist. [9]
Another variant involves the offers of con artists to buy some expensive item which the potential victim has advertised, by official, certified, bank or cashier’s check. The check will have an “accidentally” or mutually agreed higher value than the price of the item, so the con artist can ask the victim to wire the extra money to some third party as soon as the check clears. The check typically clears after one or two days, but the fact that it is counterfeit is not detected until several days or weeks later, by which time the victim has sent the item and the “additional money” to the con artist and his representative. Most banks will hold the victim accountable for the value of the counterfeit check. [10]
Another variant pretends to be a “winning notification” from a lottery company, requesting payment in advance to collect the sum that the potential victim has “won”. [11] This variant is prevalent in the Philippines or against Filipinos [12] through SMS text messaging.
Other forms of 4-1-9 schemes include: c.o.d. of goods or services, real estate ventures, purchases of crude oil at reduced prices, beneficiary of a will, recipient of an award and paper currency conversion. [13]
Example.
Request for urgent business relationship
First, I must solicit your strictest confidence in this transaction. This is by virtue of its nature as being utterly confidential and ‘Top Secret’. I am sure and have confidence of your ability and reliability to prosecute a transaction of this great magnitude involving a pending transaction requiring maximum confidence.
We are top official of the federal government contract review panel who are interested in importation of goods into our country with funds which are presently trapped in Nigeria. In order to commence this business we solicit your assistance to enable us transfer into your account the said trapped funds.
The source of this fund is as follows; during the last military regime here in Nigeria, the government officials set up companies and awarded themselves contracts which were grossly over-invoiced in various ministries. The present civilian government set up a contract review panel and we have identified a lot of inflated contract funds which are presently floating in the central bank of Nigeria ready for payment.
However, by virtue of our position as civil servants and members of this panel, we cannot acquire this money in our names. I have therefore, been delegated as a matter of trust by my colleagues of the panel to look for an overseas partner into whose account we would transfer the sum of us$21,320,000.00(twenty one million, three hundred and twenty thousand U.S dollars). Hence we are writing you this letter. We have agreed to share the money thus; 1. 20% for the account owner 2. 70% for us (the officials) 3. 10% to be used in settling taxation and all local and foreign expenses. It is from the 70% that we wish to commence the importation business.
Please note that this transaction is 100% safe and we hope to commence the transfer latest seven (7) banking days from the date of the receipt of the following information by Tel/Fax; 234-1-7740449, your company’s signed, and stamped letterhead paper the above information will enable us write letters of claim and job description respectively. This way we will use your company’s name to apply for payment and re-award the contract in your company’s name.
We are looking forward to doing this business with you and solicit your confidentiality in this transaction. Please acknowledge the receipt of this letter using the above Tel/fax numbers. I will send you detailed information of this pending project when I have heard from you.
Yours faithfully,
Dr. Clement Okon
Note; please quote this reference number (ve/s/09/99) in all your responses. [14]
Prevention.
Phishing
One of the popular fraudulent practices being done online today is “phishing.” Phishing (also “carding” and “spoofing”) is “a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message.” [16] Phishing attacks use both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. [17] Phishing is the art of getting personal information, usually in the form of usernames and passwords, from individuals. It is also a form of Social Engineering which is defined as “the art and science of getting people to comply to your wishes.” [18]
Fraudsters behind the fishing use spam messages masquerading as banks or online payment facilities. They also generate pop-up messages – through a website or through certain software that was installed related to the service – that claims to be from the a business organization that one usually deals with. The message may ask one to “update,” “validate,” or “confirm” your account information. Some phishing emails threaten a dire consequence if one does not respond. [19] Some fraudsters place the text of a legitimate site link in the email but actually links to their own fake site. The fraudster’s fake website replicates the legitimate web site as to its code and graphics, completely fooling a victim in navigating through a scam site. The scams rely more on persuasive psychological trickery than on technology. [20] The classic phishing scams seem to recur with little variation, such as “Your account is about to expire,” the sender of the e-mail warns. “Click on the link and resubmit your credit card information to avoid any loss of service.” [21] The message may also provide the following messages: “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity”; or “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.” [22] Phishing may also be a means for a fraudster to commit identity theft.
Origin. The term “phishing” arose from the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords. [23] It was coined by crackers attempting to steal AOL accounts during the mid 1990s. A cracker would mimic an AOL staff member then would send a message entitled, for example, “verify your account” or “confirm billing information”, to acquire the AOL’s user’s password, among other information, so as to allow the former to use the AOL account for the former’s benefit or other criminal acts. [24]
Prevalence. Washington Post reported that “[s]ince May 2003, nearly 11 million recipients of phishing e-mail clicked on the links. Of those, 1.8 million recalled filling out the information requested. Phishing attacks grew 28 percent from May 2004 to May 2005. About 73 million adult e-mail users reported more than 50 phishing e-mails during the 12-month period. 2.42 million adults reported losing money because of phishing attacks. Victims said their banks and credit card companies took the biggest hits. Victims recovered 87 percent of their funds. Major U.S. Internet service providers reported 150 to 200 uniquely identifiable phishing attacks against their brands. Pay Pal and eBay are the top spoofed sites. Citibank is the primary bank target for phishing scams.” [25] As of September 2005, according to the Anti-Phishing Working Group (APWG), the number of unique phishing reports received in September was 13562, the number of unique phishing sites received in September was 5259, the number of brands hijacked by phishing campaigns in September was 106, the number of brands comprising the top 80% of phishing campaigns in September was 6, the country hosting the most phishing websites in September was the United States, Phishing which contains some form of target name in URL amounted to 50 % of total attacks, phishing which provides no hostname but only IP address amounted to 34 % of total attacks, percentage of sites not using port 80 amount to 8 % of total attacks. The United States remains the on the top of the list of phishing hosts with 31.22%, with the top 10 breakdown as follows; China: 12.13%, Republic of Korea: 10.91%, Germany: 3.16%, Canada: 2.97%, Japan: 2.44%, France: 2.31%, Poland: 2.24%, Brazil: 1.98%, Romania: 1.98% . In September 2005, the APWG witnessed several new phishing attacks which utilized people’s willingness to assist during times of desperation; the attacks being against The Red Cross, The Salvation Army, Hurricane Katrina Donations, and Hurricane Rita Donations. [26]
Variance. “Spear phishing,” targets members of a particular organization and the sender would claim to be its e-mail provider. The sender will prompt you to download special software, which could install spyware or adware. Spyware and adware would record personal information later. [27]
Examples. The following are examples of phishing e-mails.
Date: Thu, 02 Dec 2004 07:35:28 -0300
From: Suntrust Billing Department
To: Abnelson
Subject: Failure to confirm your records may result in your account suspension.Dear valued SunTrust member,
Due to concerns, for the safety and integrity of the online banking community we have issued the following warning message.
It has come to our attention that your account information needs to be confirmed due to inactive customers, fraud and spoof reports. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to confirm your records may result in your account suspension.
You can confirm your account records by logging in to your internet banking account. Once you have confirmed your account records your internet banking service will not be interrupted and will continue as normal.
To confirm your bank account records please click here.
Thank you for your time,
SunTrust Billing Department.————————————————————————————————————————
© 2004 SunTrust Banks, Inc. All rights reserved. - Equal Housing Lender - Member FDIC
or
Subject: Verify your E-mail with Citibank
This email was sent by the Citibank server to verify your E-mail address. You must complete this process by clicking on the link below and entering in the small window your Citibank ATM/Debit Card number and PIN that you use on ATM.
This is done for your protection - because some of our members no longer have access to their email addresses and we must verify it.
To verify your E-mail address and access your bank account, click on the link below:
https://web.da-us.citibank.com/signin/citifi/scripts/
email_verify.jsp———————————————————-
Thank you for using Citibank [28]
The link however goes to a non-secure site at http://www.securecitibank.us. Said domain was registered to a certain Wayne Stanford of 3057 sunrise cir, marina CA, 93933, United States, and not to CitiBank itself. [29] After the initial Citibank phishing attacks, another set of phishing emails were circulated on a different premise, to wit:
Recently there have been a large number of identity theft attempts targeting Citibank customers. In order to safeguard your account, we require that you update your Citibank ATM/Debit card PIN.
This update is requested of you as a precautionary measure against fraud. Please note that we have no particular indications that your details have been compromised in any way.
This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.
To securely update your Citibank ATM/Debit card PIN please go to:
https://www.citibank.com/signin/citifi/scripts/login2/update_pin.jsp
Please note that this update applies to your Citibank ATM/Debit card - which is linked directly to your checking account, not Citibank credit cards.
Thank you for your prompt attention to this matter and thank you for using Citibank!
Regards,
Riley Buckner
Head of Citi® Identity Theft SolutionsCopyright © 2004 Citicorp. All rights reserved.
Do not reply to this email as it is an unmonitored alias.ozmpjdyvexo utcbt vuqr znrwvsowwvi
The link however ends up to a website in Asia. The genuine CitiBank page is forced to appear behind the scam’s pop-up web page. [30]
Prevention. Two of the basic clues in determining a phishing email are the email’s typographic errors and the sophistication of the email’s content and grammar. Misspellings and faulty grammar in the bogus email should bring alarm bells ringing in mind.
Distinctions with other frauds
Pharming
Pharming attacks are similar to phishing identity theft attacks, but don’t require a “lure,” such as a Web link that victims must click on to be taken to the attack Web site. [31] Pharming combines phishing with domain spoofing/domain hijacking The distinction lies with the exploitation of a vulnerability in the DNS server software by a hacker-phisher to acquire the domain name for a website and to redirect that website’s traffic to the fake site attributed in phishing. [32] Hence, pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. This is possible when the original site was not Secure Sockets Layer (SSL) [33] protected, or when the user is ignoring warnings about invalid server certificates. [34] Rather than spamming a potential victim, pharmers “poisons” one’s local DNS server by redirecting the Web request somewhere else, i.e. to a website purporting to be the website one intended to access. When a cracker poisons a DNS server, he or she changes the specific record for a domain, sending one to a Web site very different from the one one intended to access—without your knowledge. Usually, the cracker does this by posing as an official who has the authority to change the destination of a domain name. DNS poisoning is also possible via software vulnerability, however. [35]
Prevalence. In 2004 a German teenager from from Helmstedt, Lower Saxony hijacked the eBay.de Domain Name. [36] In January 2005, the Domain Name for a large New York ISP, Panix, was hijacked, the ownership of which was attributed to a site in Australia. Requests to reach the panix.com server were redirected to the United Kingdom, and e-mail was redirected to Canada. Secure e-mail provider Hushmail experienced the attack on 24 April 2005 when the attacker rang up the domain registrar and gained enough information to redirect users to a defaced webpage. [37] On the other hand, e-mailed viruses that rewrite local host files on individual PCs, like the Banker Trojan, have been used to conduct smaller-scale pharming attacks. [38]
Prevention. Pharming could be combated if browsers would authenticate websites’ identities.
Other Internet fraud
There are other Internet fraud existing, and which are usually virtual extensions of frauds that occur in the normal routine of commerce. The anonymity of a person over the Internet is a reason why con artists can pursue frauds with more ease. Other kinds would include frauds pertaining to Internet Auctions, Investment, and Merchandise Delivery, among others. Internet Auction Fraud may be prevented in the following manner: (1) Understand as much as possible about how the auction works, what your obligations are as a buyer, and what the seller’s obligations are before you bid. Understand that if a problem occurs with the auction transaction, it could be much more difficult if the seller is located outside the US because of the difference in laws. (2) Find out if shipping and delivery are included in the auction price or are additional costs so there are no unexpected costs. Find out what actions the web site/company takes if a problem occurs and consider insuring the transaction and shipment. (3) Learn as much as possible about the seller, especially if the only information you have is an e-mail address. If it is a business, check the Better Business Bureau where the seller/business is located. Examine the feedback on the seller. (4) Determine what method of payment the seller is asking from the buyer and where he/she is asking to send payment. Also ask the seller about when delivery can be expected and if there is a problem with the merchandise is it covered by a warranty or can you exchange it. (5) There should be no reason to give out your social security number or driver’s license number to the seller. Investment fraud may be limited through observation of due diligence similar to the prevention of credit card fraud, and inquiry about all the terms and conditions of the investment proposal, taking into mind that “if it sounds too good to be true it probably is.’ On the matter of non-delivery of merchandise, to prevent so, (1) Observe due diligence similar to the prevention of credit card fraud; (2) Inquire about returns and warranties; and (3) Consider utilizing an escrow or alternate payment service. [41]
The creativity of a con artist is unlimited. Centuries old scams can be revived to assume modern forms, through adoption of modern contexts and means. Be aware. A healthy dose of cynicism once in a while may prove to be the major factor in keeping one’s pockets healthy, and one’s positive social perception intact.
Endnotes
Posted in (a) e-law | No Comments »
Identity in documents
It has been some time since the bygone era of the typewriter. If one can still remember, the source of a typewritten document may be identified by fingerprint impressions on the paper to identify who handled the paper, by the distinct flaws of the typewriter’s typeface to identify the usual user of such specific typewriter, or both. These methods of identification were useful in identifying the principals in the commission of fraud, among other crimes. On the other hand, these methods can also be used in identifying the origins or authors of underground and prohibited self-published literature, whether under a repressive government regime or not. The forensic means, as said, can be used for both legitimate and illegitimate ends, but the consolation remains that the mechanical flaws in a certain typewriter were not made deliberately by the typewriter manufacturer to allow the identification of its owner-possessor-user.
Presently, with the proliferation of low-cost colored printers, and the declining cost of owning a colored laser printer, it is not uncommon that some counterfeiters try to forge legal tender through the use of colored printing technology, and to utter the printouts as money thereafter. Colored laser printers, combined with a reliable scanner, can also replicate other legal or commercial documents, and thus allow the forger to pass the printouts as the genuine documents. Researchers at Purdue University in West Lafayette, Indiana, United States of America, for one, have developed a technique to trace a document, i.e. by analyzing a document to identify characteristics that are unique for each printer, and by designing printers to purposely embed individualized characteristics in documents. They detect, through software, slight variations in printed characters, which they call “intrinsic signatures,” revealing subtle differences from one printer model to another. [1]
Printer codes
Another manner of detecting which printer a printout originated was reported on 26 October 2004, in the magazine PC World with an article therein entitled “Dutch track counterfeits via printer serial numbers.” The article pointed out that every printout contains a hidden code, which in turn contains information about the computer printer that it was printed on. Even if modern printers are of different brands, their print engines are made by only a few companies, such as Toshiba, Canon and Ricoh; and that it is the engine that has its own identity that can be traced [2] Most consumers are unaware of this feature until recently, but most government agencies are aware of this for some time. Seth Schoen, a technologist who led the Electronic Frontier Foundation’s (EFF) research, said he had seen the coding on documents produced by printers that were at least a decade old. [3]
The built-in security is composed of dots. “The dots are yellow, less than one millimeter in diameter, and are typically repeated over each page of a document. In order to see the pattern, one needs a blue light, a magnifying glass, or a microscope,” [4] Schoen revealed. The pattern indicates a unique number that is printed on every color page. The number determines to what country a specific printer has been delivered, and to what dealer. The dealer then can lead investigators to the local computer store where the printer was sold. [5] The EFF has cracked the codes of a particular line of Xerox printers but has observed similar marking in Hewlett Packard (HP) printers, among others. EFF looked at printer output under a blue light, and found yellow dot markings in Brother HL-4200CN printer; Canon CLC 1000, CLC 2400, CLC 4000, Color imageRUNNER C3100CN, Color imageRUNNER C3200, and Color imageRUNNER C3220 printers; Dell 3000cn, 3100cn, and 5100cn printers; Epson AcuLaser C900, C1100, C1500, and C1900 printers; HP Color Laserjet 1500l, 2500, 2500n, 2550l, 2550n, 2600n, 2680, 2840, 3500, 3500n, 3600dn, 3700, 3700dn, 3700n, 4600, 4600dn, 4600hdn, 4600n, 4650, 4650dn, 4650dtn, 5100cn, 5500, 5500atn, 5500dn, 5500hdn, 5550, 5550dtn, 9500 printers; Konica/Minolta Bizhub C350, CF1501, Colorforce 8050, Desklaser 2200, DialtaColor CF 2001, Ikon CPP500E, Magicolor 2210, Magicolor 2300 DL, Magicolor 2430 DL, Magicolor 3300, Magicolor 7300 printers; Kyocera FS-C5016N printer; Lanier LD238C, and LP125cx/LP126cn printers; Lexmark C510, C720, and C912 printers; Ricoh Aficio CL 3000, Aficio CL 6010, Aficio CL 7000, and AP 206 printers; Savin C3210 and CLP35 printers; Tektronix eStudio 3511 printer; Xerox DocuColor 12, DocuColor 40, DocuColor 2045, DocuColor 6060, WorkCentre M24. WorkCenter Pro 40, and WorkCenter Pro C2636 printers. On the other hand, the press report that Epson AcuLaser C1100 printer and all models of Xerox WorkCentre Pro print tracking codes. Lastly, the manufacturer admitted that the following printers print tracking codes: Tektronix eStudio 210c, eStudio 310c, eStudio 311c, eStudio 211c, eStudio 2100c, eStudio 3100c, FC15i, FC15, FC22i, FC22, FC25Pi, FC25P, FC70, printers; and Xerox DocuColor 2000, and DocuColor 6060 printers. [6]
The United States Secret Service acknowledged that the markings exist but played down its use for invading privacy. Agency spokesman Eric Zahren announced that the markings merely serve as “a countermeasure to prevent illegal activity specific to counterfeiting,” and ” to protect our currency and to protect people’s hard-earned money.” [7] On the other hand, EFF Senior Staff Attorney Lee Tien noted that “Underground democracy movements that produce political or religious pamphlets and flyers, like the Russian samizdat of the 1980s, will always need the anonymity of simple paper documents, but this technology makes it easier for governments to find dissenters, Even worse, it shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers.” [8]
Right of privacy
Privacy is the ability of an individual or group to stop information about themselves from becoming known to people other than those they choose to give the information to. The right against unsanctioned intrusion of privacy by the government, corporations or individuals is part of many countries’ laws, and in some cases, constitutions (such as France’s Declaration of the Rights of Man and of the Citizen). [9] Further, the Universal Declaration of Human Rights, in article 12, states that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
In the Philippines, on the other hand, in the landmark case of Morfe v. Mutuc [130 Phil. 415 (1968), 22 SCRA 424], the Philippine Supreme Court, speaking through then Mr. Justice Fernando, stated that
“The right to privacy is constitutionally protected. The right to privacy as such is accorded recognition independently of its identification with liberty; in itself, it is fully deserving of constitutional protection. The language of Prof. Emerson is particularly apt: ‘The concept of limited government has always included the idea that governmental powers stop short of certain intrusions into the personal life of the citizen. This is indeed one of the basic distinctions between absolute and limited government. Ultimate and pervasive control of the individual, in all aspects of his life, is the hallmark of the absolute state. In contrast, a system of limited government safeguards a private sector, which belongs to the individual, firmly distinguishing it from the public sector, which the state can control. Protection of this private sector —protection, in other words, of the dignity and integrity of the individual —has become increasingly important as modern society has developed. All the forces of technological age —industrialization, urbanization, and organization —operate to narrow the area of privacy and facilitate intrusion into it. In modern terms, the capacity to maintain and support this enclave of private life marks the difference between a democratic and a totalitarian society.’” [10]
Consumer concerns
Identification of the printer origin of a colored printout ultimate points to the identification of the owner of the printer. The means to identify a felon through certain encrypted codes in a printed output may be said to be legitimate, but the same means may serve as a prior restraint against any other person from airing criticisms or other utterances against entities that may have the propensity to resort to extra-legal remedies to suppress such expression. Truly, although it may be clear that the means was in furtherance of an important government interest in the United States – and parallel to the government interest of other countries relating to counterfeit notes, i.e. including the Philippines – and that said interest is primarily unrelated to the suppression of freedom of expression, there may be controversy whether the incidental restriction on the freedom of expression is no greater than is essential to the furtherance of that interest. It may be contended that the government interest, sought to be promoted, can be achieved by means other than the suppression of freedom of expression. [11] By the way things are, one should be printing his legitimate criticisms against known political personalities in some other printer that does not print the encrypted yellow dots.
On the other hand, leaving consumers in the dark as to marks that identify device purchasers is an insidious means to achieve a certain purpose without regard to its pregnant potential for abuse. Its continued practice, further, is contradictory to the current trend where sellers provide privacy terms in their products, to make the consumer aware of the pertinent personal information the latter is willing to divulge. Such insidious practice divests an ordinary person from consciously assuming risks – such as those made with the use of computers and mobile phones – and from limiting liabilities for ambiguous acts – such as currency printouts for a school report.
Lastly, the words of EFF Senior Staff Attorney Lee Tien ring true when he said that “it shows that the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers. The logical next question is: what other deals have been or are being made to ensure that our technology rats on us?” [12] Just imagine the possibility and effects of encrypted marks on digital photography and videography, if government would pursue such measure for a supposedly legitimate government interest.
Conclusion
The Consumer Act of the Philippines, promulgated on 13 April 1992, does not contain consumer protection as to privacy issues, although the powers of the National Consumer Affairs Commission include that which recommends new policies and legislation or amendments to existing ones, [13] i.e. pertaining to consumer protection. The Philippines has not pursued a path somehow oriented towards the protection of privacy and transborder flows of personal data – such as those embodied in the guidelines promulgated by the Organization for Economic Cooperation and Development (OECD), circa 1980 – or a path parallel to the initiatives of the United States, ironically as to this article, through its Federal Trade Commission and Department of Commerce, as to fair information practices. The Philippine government should now be addressing, as it should have had before, advanced consumer issues besides those directly related to usual items in store shelves. It cannot actively indulge itself in techno-rhetoric while being complacently backward in its policies as to matters of technology.
Endnotes
Posted in (a) e-law | No Comments »
Transferring files over the Internet have been normally been made using email (SMTP) and file transfer protocol (FTP), for smaller files and larger files, respectively although not exclusively. These methods use the client-server model where communication is relayed by servers to clients. With email, data is transmitted to the server for delivery, transmitted to the destination between servers, and is fetched later by the receiving client. With FTP, data is transmitted to the server for storage, and is fetched by the receiving client from said server. These were the modes of file transfer before peer-to-peer computer networks or internet-based file-sharing networks became popular.
Peer-to-Peer (P2P)
A peer-to-peer (P2P) computer network is a network that mostly uses direct connections between peer nodes (clients). Such peer nodes simultaneously function as both clients and servers to other nodes on the network. Any node, thus, is able to initiate or complete any supported transaction with any other node. Peer nodes may vary in local configuration, storage quantity, processing speed, and network bandwidth. File sharing networks such as FastTrack, FreeNet, GNUtella, and OpenNap are examples of such. [1]
P2P networks have become a popular medium through which users share huge amounts of data. The bandwidth of all clients or nodes can be used fully and that the available download bandwidth may increase due to the increase in the number of nodes. Such networks also distribute the cost of sharing data among peers (clients) in the network, by aggregating the resources of a large number of independent nodes in P2P systems, allowing applications to scale without the need of powerful and expensive servers, and thus reducing the cost of sharing data unlike if servers would be utilized.
Simply said, users of P2P networks need not be aware of matters involving server administration, but would merely install P2P software in their regular computer, for them to acquire and share various media stored in their shared folder. P2P users are further allowed to download component parts of a file they are interested in from various users of a P2P network, instead of relying on a single source or website for the whole file. Anyone who has used the first version of Napster and the now popular Kazaa would have an idea of how P2P networks work.
It was in 1984 that the phrase “peer to peer” was used, with the development of the “Advanced Peer to Peer Networking” architecture at IBM. This referred to earlier research- and business-oriented peer-to-peer systems, which predated popular internet-based file-sharing networks. The first generation of Internet P2P networks had a centralized file list, which the courts of the United States deemed to be infringement of copyright. This generation includes the first version of Napster. [2] After media companies prevailed over Napster, a new generation of P2P networks emerged. They had decentralized file lists, and had improvements like distributed hash tables (DHT) and other optimizations for decentralized search. This generation includes GNUtella and FastTrack (specifically Kazaa). As anonymous P2P networks allow for distribution of material with little or no accountability for it, such demand for such networks increased especially after the Recording Industry Association of America (RIAA) clamped down on individual P2P users in 2003. Such generation of anonymous networks includes Freenet, I2P, and GNUnet. [3]
Underutilized and imperfect tool
Although regarded generally as file sharing networks, most of the commonly shared files are either copyright-protected materials, such as mp3 music files and DivX [4] movie files, or adult-oriented media. The use of P2P networks, therefore, is rendered limited by such content; unlike non-P2P tools, such as email, which has cut across gossip, protected content, and forwarded feel-good messages towards legitimate and useful communication purposes. The trend does not appear to go to the other direction with regard to P2P systems as content demand remains towards the illegal and titillating than on the legitimate and “boring.” This trend may not be overturned in the immediate future until there is serious initiative towards the legitimate use of P2P networks, such as for academic or research purposes, or even for business purposes such as hiring. Such turnabout is not farfetched, as the Internet itself has been transformed from academic and scientific to proprietary over the years.
Considering that increased legitimate use of P2P systems may be possible, certain challenges must be overcome before the potential of such systems may be realized. For one, the scale of the network and the autonomy of nodes make it difficult to identify and distribute the resources that are available. As the system is dynamic, with nodes constantly joining and leaving, resources and resource demands are constantly changing, making it difficult to determine which resources are indeed available. Further, some peers may be malicious and, thus, peers may receive inauthentic information or may be victims of denial-of-service (DoS) attacks. [5] Due to the anonymity of users in certain networks or due to the ease of changing profiles, it would be difficult to pinpoint and report malicious users at a given time. [6]
Moderating the P2P threat
Due to the prevailing content provided by nodes in P2P networks, such networks pose grave threats to established media companies. Thus, these P2P networks have been targeted by industry trade organizations, where the latter spend large amounts of money attempting to lobby lawmakers for legal restrictions. Industry organizations have not been successful in its advocacy to subvert the operations of P2P networks, but have been relatively successful in protecting its intellectual property rights before Unted States courts, as may be seen in the Napster case (infringement) and recently involving Kazaa (as to infringing users’ identities).
Due to the networks’ parallel functionality as to other methods of file transfer, such networks may also collectively turn into an alternative forum to malefactors, such as terrorists, or may become a medium for the dissemination of their propaganda. Further, the networks are increasingly becoming alternatives to websites containing child pornography, which are currently being effectively clamped down.
Current file-sharing legislation
The following bills are, as of this writing, pending in the United States Congress: (1) Protecting Children from Peer-to-Peer Pornography Act of 2003 [HR 2885], which seeks to prohibit the distribution of peer -to-peer file trading software in interstate commerce; (2) the Government Network Security Act of 2003 [HR3159], which seeks to require Federal agencies to develop and implement plans to protect the security and privacy of government computer systems from the risks posed by peer-to-peer file sharing; and (3) Piracy Deterrence and Education Act of 2004 [HR4077].
Similar legislation are also pending with the Philippine Congress, although focusing more the general issues, such as Internet piracy and child pornography, through all Internet protocols and not necessarily through peer-to-peer networks only. Among these are: (1) An act amending certain provisions of Republic Act No. 8293, entitled “An act prescribing the intellectual property code and establishing the intellectual property office, providing for its powers and functions and for other purposes,” [HB00322] which seeks to amend the Intellectual Property Code through the integration of comprehensive, efficient and adequate strategies designed to respond to Internet piracy, among others; and (2) An act seeking to improve child protection against abuse, exploitation and discrimination, amending for the purpose Republic Act No. 7610, as amended by Republic Act No. 7658, otherwise known as the “Special Protection and Discrimination Act”, appropriating funds therefor and for other purposes, [HB01961] which seeks to impose penalty for child pornography through the internet and mandates the creation of a central data bank to monitor abuses made by foreigners against children and prevent their reentry, among others.
Conclusion
Peer-to-peer systems are tools that may serve legitimate purposes, although they are currently being used more extensively for less than legal ends. Subverting said networks, in general, would negate technological advances as to avenues for Internet-aided communication, especially as to distributed file sharing. Shutting down said networks would only highlight the fact that there is a shortage of ingenious solutions to prevent transmission of prohibited media by infringers and perverts. The solution being proposed, i.e. closing the venue of possible malefactors, is clearly and arbitrarily desperate. For one, sharing case digests over Kazaa is an interesting thought.
Endnotes
Posted in (a) e-law | No Comments »
I. Understanding Pornography and an Overview of the Technology Available Today
I. Pornography vis-à-vis Obscenity
A. Pornography
Pornography is the depiction of erotic behavior intended to cause sexual excitement. [1] It is “the sexually explicit depiction of persons, in words or images, created with the primary, proximate aim, and reasonable hope, of eliciting significant sexual arousal on the part of the consumer of such materials.” [2] In legal parlance, pornography “refers to any representation, through publication, exhibition, cinematography, indecent shows, information technology, or by whatever means, of a person engaged in real or simulated explicit sexual activities or any representation of the sexual parts of a person for primarily sexual purposes.” [3] The 1986 Attorney General Commission on Pornography of the United States defined it as material that “is predominantly sexually explicit and intended primarily for the purpose of sexual arousal.” [4]
Soft-core pornography features naked or scantily clothed persons, focusing mainly on their breasts and genitalia but shows no sexual intercourse. Hard-core pornography includes various forms of sexual penetration, forced and unforced, between two or more people. Olson, Jeff. [5] Hard core pornography is said to be “sexually explicit in the extreme, and devoid of any other apparent content or purpose.” [6]
B. Obscenity
Obscenity, on the other hand, is “such indecency as is calculated to promote the violation of the law and the general corruption of morals.” [7] The current legal definition of obscenity is found in the 1973 US Supreme Court case of Miller v. California, [8] cited in the Philippine Supreme Court case of Pita vs. Court of Appeals. [9] According to the Miller case, material is obscene if all three of the following conditions are met:
The US Supreme Court ruled in the Miller case, which was adopted by the Philippine Supreme Court in the Pita case, that a legal definition of obscenity must meet the three-part test. It must be determined, “(1) whether the predominant theme or purpose of the material, when viewed as a whole and not part by part, and when considered in relation to the intended and probable recipients, is an appeal to the prurient interest of the average person of the community as a whole, or the prurient interest of members of a deviant sexual group, as the case may be”; (2) whether the given material “depicts or describes, in a patently offensive way, sexual conduct – e.g. ultimate sexual acts, normal or perverted, actual or simulated; masturbation; excretory functions; or lewd exhibition of the genitals – measured against contemporary community standards; i.e whether it so exceeds the generally accepted limits of candor as to be clearly offensive”; and (3) “whether the material, taken as a whole, lacks serious literary, artistic, political or scientific value.” [11] If it appeals, thus, to the prurient interest, is patently offensive, and lacks serious value (artistically, etc.) then the material is considered obscene and is illegal.
II. Pornography vis-à-vis Prostitution; History of Pornography
Prostitution – that is, “the practice of engaging in sexual activity, usually with individuals other than a spouse or friend, in exchange for immediate payment in money or other valuables” [12] , or in legal parlance, “any act, transaction, scheme or design involving the use of a person by another, for sexual intercourse or lascivious conduct in exchange for money, profit or any other consideration” [13] – has existed since time immemorial. Prostitution and pornography are intertwined inasmuch as pornography originally signified any artwork or literature depicting the life of prostitutes. Today, pornography includes erotic and sexually explicit imagery of ordinary persons, who may even be unaware that they are presented to the public in such a manner. Pornography has grown increasingly as a necessary offshoot of prostitution, in light of the increasing supply of cheap image capturing devices.
Pornography has existed for centuries, although imagery and literature of such nature were not seen to be worthy of preservation or transmission. Rare images surviving to the present are hand-drawn graphics originating from India and Japan. [14] Some literature which survived – although such are being argued to be artistic and not pornographic, depending on the community standard being applied – includes the Indian “Kama-Sutra” and the Greek treatise “The Art of Love” by Ovid, among others. With the advent of printing in 1452, pornography, existing in the fringes of legitimate publishing, proliferated to entertain as well as to arouse. The development of photography in 1827, through the individual efforts of Joseph Nicéphore Niépce and Louis Jacques Mandé Daguerre, [15] and the development of moving pictures in 1867, through the individual efforts of William Lincoln, Louis Lumière, and the Edison Brothers, [16] although not intended, contributed to the proliferation of pornography, as did the Internet, which grew out of the U.S. Defense Department program called ARPANET (Advanced Research Projects Agency Network) established in 1969.
III. Technology aiding the storage and transmission of pornography
Pornography exists in different media. Explicit images and image sequence may be stored in tangible and electronic forms.
A. Traditional media
Pornography in tangible or traditional media may be subcategorized as those printed in paper or other surface materials, and those captured in film. Those printed in paper includes photographs – either studio processed or polaroids [17] – besides usual pornographic publications. Those stored in film includes those stored in television and theatrical/cinema-grade films, such as the Super 16 (16mm) and the 35mm, respectively; film positives or slides; outmoded media such as Super 8 (8mm), [18] Betamax, [19] VHS, [20] and Compact VHS, [21] among others. Storage in these media, i.e. printed or in film, may be bulky, and the cost of production and distribution is average to high. The potency of distribution is also limited.
B. Modern Media
Pornography in electronic or modern media, on the other hand, may be subcategorized – although said media are identically binary [22] – according (1) to the class of storage device used, (2) to the class of consumer electronics used, or (3) to the multimedia format used.
1. Storage devices used [23]
Electronic documents, especially multimedia files, may be stored in disk storage, [24] magnetic bubble memory, [25] and flash memory [26] /memory card [27] or the solid-state semiconductor memory type. Disk storage may be classified further as optical disc [28] – which comes in various formats: CD-ROM, (through CD-R and CD-RW media, i.e. writeable and rewriteable, respectively), [29] DVD (through DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-RAM media), [30] Blu-ray, [31] and Minidisc [32] – magnetic (or hard discs), [33] removable magnetic such as floppy [34] and zip discs, [35] and holographic. [36] Flash memory or memory cards are available through different manufacturers as CompactFlash I and II, [37] SONY Memory stick (Standard/Duo/Pro/MagicGate versions), [38] Secure Digital, [39] MMC, [40] SmartMedia, [41] xD, [42] or USB Keydrive [43] a.k.a. Thumb drive. Most multimedia files are stored in hard discs, optical discs, removable magnetic discs, and flash memory or memory cards. Physical distribution and transport of digital multimedia files are usually made using optical discs and flash memory or memory cards.
2. Consumer devices used
Storage of multimedia files is not isolated to computers, where data storage devices are widely used, whether desktop or portable (laptop or palmtop [44] ). Multimedia files are also presently stored in Multimedia Messaging System (MMS) [45] -enabled mobile telephones, [46] digital audio players [47] (DAP, sometimes also recorder), digital cameras and camcorders, digital recorders, [48] among other digital devices available in the market. Transmission of such multimedia files is a function no longer in the exclusive realm of computers. The ways to transfer multimedia files increase exponentially as new classes of digital devices are introduced in the market.
3. Non-physical transfer methods used
Multimedia files may be transferred from one computer to another, directly, through cables, radio, infrared, and other analogous means. Such files may be transferred through intermediary storage devices, such as optical discs, memory cards, and removable magnetic discs.
a. Electronic
Multimedia files may be transferred electronically through wires and cables. Earlier methods of connecting computers include parallel-to-parallel port cabling (for one-to-one connection) and Bayonet Neill-Concelman (BNC) [49] cabling (for Local Area Network [LAN]) [50] which are now passé, due to availability of cheaper computers and computer network peripherals such as hubs [51] and routers. [52] Current connections between computers are normally done through USB-to-USB [53] port link, and LAN connections using RJ45 (Registered Jack 45) jacks and cables. One LAN can be connected to other LANs, or one remote computer can be connected to one LAN, or one remote computer can be connected to another remote computer, over any distance via telephone lines and radio waves. [54] Multimedia files are transferred in an Intranet [55] through the use of shared folders in individual computers or allocated user folders in the file server. Similar files have been transferred from one remote computer to another, prior to and simultaneous to the widespread use of the Internet, through Bulletin Board Service (BBS). [56]
When a computer, or the LAN, is connected to the Internet, various methods may be utilized to transfer and retrieved multimedia files on the Internet or another peer’s computer. Different protocols may be used, such as HyperText Transfer Protocol (HTTP) [57] where the World Wide Web [58] is seen; Post Office Protocol version 3 (POP3) [59] or Internet Message Access Protocol (IMAP), [60] and Simple Mail Transfer Protocol (SMTP) [61] where email is received and sent, and File Transfer Protocol (FTP) [62] where large files may be sent to an online repository or an allocated user folder in a destination server, Discussion boards or Usenet, [63] among others. Multimedia files may be transferred from one computer user to another through Internet Relay Chat (IRC), [64] or through Instant Messaging. [65] Said files may be transferred by simultaneously connected computer users using peer-to-peer [66] software, such as Kazaa, eDonkey, GNUtella, and the like.
b. Radio waves
Wireless LAN (WLAN) uses radio waves as its carrier, although the network backbone remains to be supported by wires and cables. Apple Macintosh computers use the pioneering WLAN product called AirPort. [67] Apple and most Wi-Fi (Wireless Fidelity) device manufacturers follow IEEE 802.11 [68] WLAN standard, while a few follow the HomeRF [69] standard (2 Mbit/s, intended for home use). “Wired” LAN is preferred with desktop computers, while WLAN/Wi-Fi is preferred with mobile computers whether laptop or personal digital assistant (PDA). WLAN is more vulnerable to security breaches because it enables any person with a wireless-enabled computer or PDA to connect to the network, else the Internet, when in proximity of an access point called a hotspot, if not properly configured.
On the other hand, Bluetooth [70] provides a way to connect and exchange information between devices like personal digital assistants (PDAs), mobile phones, laptops, personal computers, printers and digital cameras via a secure, low-cost, globally available short range radio frequency, as long as they are within 10 metres or 32 feet of each other. [71] Bluetooth may be considered as wireless USB, contradistinguished with Wi-Fi, which may be considered as wireless Ethernet. [72] Bluetooth does not use any telecommunication network resources when files are transferred from one computer or any other device to a mobile phone, or vice versa, or from one mobile phone to another. Only when the mobile phone user/subscriber utilizes the phone company’s MMS service does he use telecommunication network resources for the transfer of the multimedia material to another mobile phone subscriber.
c. Infrared Radiation (IR) data transmission [73]
The use of infrared for data transfer was common between portable computers (laptops) and mobile phones, among others, prior to the popularity and affordability of Bluetooth and subsequent to the use of serial connections between the two (2) devices. Normally, the portable computer recognizes the mobile phone device as another computer connected to it. Integrity of connection, however, was a drawback to this kind of technology.
4. File formats used
Multimedia files come in different file formats, and may be subcategorized as pictures, video, and audio. Pictures are usually in JPEG, [74] GIF, [75] and BMP [