Cyberwhat?

Posted on March 8, 2013 by Ricardo Ma. P.G. Ongkiko Posted in Philippines - Law
When was the last time when you or someone you know shared a bad experience or a complaint
about a person in Facebook or Twitter? A good bet is that a longer time has passed than if this
question was asked a year ago. The reason for this is probably Republic Act No. 10175, also
known as the Cybercrime Prevention Act of 2012, which President Noynoy Aquino signed into
law on September 12, 2012.
A. Cybercrime Offenses
The Act primarily punishes cybercrime offenses, defining cyber broadly as computer or a
computer network, the electronic medium in which online communication takes place. These
offenses are divided into three main groups, namely, a) offenses against the confidentiality,
integrity and availability of computer data systems; b) computer related offenses; and c) content
related offenses.
Offenses against the confidentiality, integrity and availability of computer data systems are
composed of 1) illegal access; 2) illegal interception (made by technical means); 3) data
interference (includes introduction or transmission of viruses); 4) systems interference; 5) misuse
of devices (includes the sale and possession of devices and password for the purpose of
committing a cybercrime; and 6) cyber-squatting.
Computer related offenses are 1) forgery; 2) fraud; and 3) identity theft.
Finally, content related offenses are 1) cybersex (for favor or consideration); 2) child
pornography (penalty imposed is one degree higher than that provided for in the Anti-Child
Pornography Act of 2009); and 3) unsolicited commercial operationunless (i) there is prior
affirmative consent from the recipient; or (ii) primary intent of the communication is for service
and/or administrative announcements from the sender; or (iii) the following conditions are
present: (aa) it contains a simple, valid and reliable way for the recipient to reject receipt of
further commercial electronic messages from the same source; (bb) it does not purposely
disguise the source of the electronic message; and (cc) it does not purposely include misleading
information in any part of the message in order to induce the recipients to read the message; and
3) libel (as defined under Article 355 of the Revised Penal Code).
The Act also punishes aiding or abetting and attempting to commit a cybercrime. If the
punishable offenses are knowingly committed on behalf of or for the benefit of a juridical
person, by a natural person who has a leading position within the structure of the juridical
person, the juridical person may be held liable along with the natural person.
B. Online Libel
A very strong opposition arose against the implementation of the Act primarily because of the
inclusion of online libel as among the offenses punishable. Oppositionists have harped on the
recent trend in other nations to decriminalize libel, to free citizens from the chilling effect that
any penal statute may have on the exercise of the freedom of expression. While new legislation
and international treaties have been passed and ratified to internationally recognize and locally
protect the right of persons to freely share and receive information and demand transparency, the
Act is being criticized for moving a step backward to the dark days of state censorship.
Moreover, the Act is also criticized by academicians, human rights advocates, bloggers, and
journalists for imposing a heavier penalty for the commission of online libel than what the
Revised Penal Code proscribes. Section 6 of the Act provides that all crimes defined and
penalized under the Revised Penal Code and special laws, if committed by, through and with the
use of information and communication technologies, shall be penalized by one degree higher
than that provided for by the Revised Penal Code and special laws, as the case may be. The use
of the cyber medium appears to be considered as an aggravating circumstance in the commission
of any crime.
C. Enforcement and Implementation
The National Bureau of Investigation (NBI) and the Philippine National Police (PNP) have been
tasked with the enforcement of the Act. Both agencies have been authorized to organize a
cybercrime unit to exclusively handle cases involving violations of the Act and been given the
authority to conduct the following:
1) Real time collection of traffic data (excluding the content and identities) In this
connection, if with due cause, traffic data may be collected or recorded by technical or electronic
means in real time. However, all other data to be collected, seized or disclosed, will require a
court warrant. The court warrant shall only be issued upon written application and the
examination under oath or affirmation of the applicant and the witnesses he/she may produce and
the showing that (i) there are reasonable grounds to believe that a cybercrime has been
committed, or is being committed, or is about to be committed; (ii) there are reasonable grounds
to believe that evidence that will be obtained is essential to the conviction of any person for, or
to the solution of, or to the prevention of, any such crimes; and (iii) there are no other means
readily available for obtaining such evidence (Section 12).
2) Order the preservation of content data for a period of six months from the date of the
receipt of their order by the service provider. The NBI and the PNP may order a one-time
extension of another six months (Section 13).
3) Order the disclosure of computer data (upon securing a court warrant) In this connection,
the NBI and the PNP may require any person or service provider to disclose or submit
subscribers information, traffic data or relevant data in ones possession or control within 72
hours from the receipt of the order in relation to a valid complaint officially docketed and
assigned for investigation and the disclosure is necessary and relevant for the purposed of
investigation (Section 14).
4) Search, seizure and examination of computer data (where a search and seizure warrant is
properly issued) In this connection, the NBI and the PNP may conduct interception, and (i)
secure a computer system or a computer data storage medium; (ii) make and retain a copy of
those computer data secured; (iii) maintain the integrity of the relevant stored computer data; (iv)
conduct forensic analysis or examination of the computer data storage medium; and (v) render
inaccessible or remove those computer data in the accessed computer or computer and
communications network.
Law enforcement authorities may order any person who has knowledge about the functioning of
the computer system and the measures to protect and preserve the computer data therein to
provide the necessary information to enable the undertaking of the search, seizure and
examination. They may also request an extension of time to complete the examination of the
computer data storage medium and to make a return thereon for a period no longer than 30 days
from date of approval by the court (Section 15).
In order to ensure its integrity and non-violability, all examined computer data, shall within 48
hours after the expiration of the period fixed, be deposited with the court in a sealed package,
accompanied by the affidavit of the law enforcement authority stating the dates and times
covered by the examination, and the law enforcement authority who may access the
deposit. They shall also certify that no duplicates or copies of the whole or any part thereof have
been made, or if made, that all such duplicates or copies are included in the package deposited
with the court. The package shall not be opened, or the recordings replayed, or used in evidence,
or their contents revealed, except upon order of the court, with due notice and opportunity to be
heard to the person/s whose communications have been recorded (Section 16).
Upon the expiration of the periods provided in Section 13 and 15 of the Act, service providers
and law enforcement authorities shall immediately and completely destroy the computer data
subject of a preservation and examination (Section 17).
The Department of Justice is also authorized to exercise its exclusionary or take-down powers
when a computer data is prima facie found to be in violation of the provisions of the Act (Section
18). This new precautionary measure, which is reported to have not been included in the earlier
versions of the Act but was later inserted during the amendments of the Senate plenary, now
allows the government to speedily restrict or block access to computer data sans a court order.
D. Universal Jurisdiction
The Regional Trial Court shall have jurisdiction over any violation of the Act including any
violation by a Filipino national regardless of the place of commission. It is sufficient that any of
the elements of the cybercrime was committed within the Philippines or committed with the use
of any computer system wholly or partly situated in the country, or when by such commission
any damage is caused to a natural or juridical person who, at the time the cybercrime was
committed, was in the Philippines.
On October 9, 2012, the Supreme Court issued a temporary restraining order, stopping
implementation of the Act for 120 days. We should soon know the fate of the Cybercrime
Prevention Act of 2012.