CYBERCRIME PREVENTION ACT

I. BACKGROUND
The fast paced development in the field of technology has caught the law flat-footed. A slew of
crimes, involving the unregulated use, specifically the misuse and abuse of the internet, has
prompted authorities to belatedly address the ill consequences of the non-existence of relevant
laws.
While these crimes are evidently unlawful, perpetrators of cybercrimes have remained scot-free.
Indeed, if there is no law to punish it, then there is no crime. When the controversial Cybercrime
Prevention Act of 2012 was passed, there was an impression that this law was done in haste.
But actually, the law was almost 11 years in the making.
Here is a timeline of developments that happened through the years involving the struggles of
many in pushing for a cybercrime legislation.
Year 2000
When the E-Commerce Law (Republic Act 8792) was passed, the Philippines then was
considered as one of the countries with advance legislation in prosecuting cybercrime. As the
legislation was only passed last June 2000, it wasnt able to prosecute Onel De Guzman who
is believed to be the culprit behind the I Love You Virus as the cybercrime got committed a
month prior to the laws passage.
The I Love You Virus case brought us to the reality of how global cybercrime can be where
prosecution in one country may not be sufficient when majority of victims maybe residing in
another location. The said virus caused damage from US$2 to 5 billion.
Efforts in registering the Philippine Computer Emergency Response Team (PH-CERT) started
with the support of the National Computer Center.
Year 2001 2002
Nearly two years after the laws passage, a growing number of hacking attacks and
cybercrimes were recorded. Most victims do not file a complaint for lack of clarity on how the
process works. Law enforcement was lagging behind due to lack of resources as the law did
not specifically provided for it.
In 2001, a Convention on Cybercrime was proposed encouraging countries with cybercrime
legislation to become a signatory. Countries with cybercrime legislation will pave the way for
hackers who have caused havoc to be accountable in countries where he or she has cause
damage. As the Philippines did not have one, it cant participate in these efforts.
Philippine Computer Emergency Response Team (PH-CERT) was launched at One Internet
Day 2001.

However, a Anti-Cybercrime bill (2001) was filed as early as then by former Congressman
Eric D. Singson. In the Senate, Senator Ramon Magsaysay Jr. was also a supporter of the
said legislation.
First Internet libel case filed when DotPH CEO Joel Disini sued Fernando Contreras Jr. of
Philippine Domain Authority Convenors. Both parties used electronic documents against each
other as evidence in court. The case was dismissed for lack of evidence.
Year 2003
Another Cybercrime bill was filed in 2003 that is seen as a complement to the E-Commerce
Law and Intellectual Property Code.
A growing number of companies are coming out as well announcing cases they have filed
against local scammers and hackers taking advantage of Filipino e-commerce sites. TSSI in
2003, with the cooperation of authorities, entrapped 3 suspected money remittance service
fraudster who uses stolen credit cards to load money in the service.
With the growing number of crimes, organizations such as the Philippine Computer
Emergency Response Team (PH-CERT) took on the advocacy of pushing for the passage of
a Cybercrime legislation.
Year 2004
The growth of home-based workers and BPO industries further strengthen the need for a
Cybercrime Law as it is seen a factor in contributing to the future growth of this sector. This is
important as investors have a lot of choices in the region and having an efficient cybercrime
legislation is seen as critical. Although most legislations around the world are local in
application by nature.
Year 2005
First cybercrime conviction happened with JJ Maria Giner convicted under the E-Commerce
Law for hacking the governments .gov.ph site. (Criminal Case No. 419672-CR filed at Branch
14 of the Metropolitan Trial Court of Manila under Judge Rosalyn Mislos-Loja)
On its 10th revision, the Cybercrime Prevention Bill was revised and covered cellphone
transactions and anti-spam measures. The International Intellectual Property Alliance saw
theCybercrime bill as an important measure in fighting copyright piracy on the Internet.
Data Privacy legislation need became evident this year for outsourcing competitiveness.
Year 2006
In 2006, the enactment of a cybercrime legislation was also included in the countrys ICT
roadmap.

Year 2007
The CICT took a proactive role in advocating for various laws such as the Cybercrime
Bill.Various groups also participated in hearings and consultation on various ICT policies.
Growth in cybersex and child trafficking rings were noted. Worries that not having a
Cybercrime Law will make the Philippines a haven for individuals engage in various
cybercrime. The DOJ believes that the proposed law should not duplicate other laws to avoid
giving an escape clause for offenders.
Interest surge for a law also happened this year when the site Boy Bastos got Senator Loren
Legardas attention as it linked to porn and sex scandal videos. He was caught but was later
released for lack of law covering cyber-pornography.
An International Conference on Cybercrime took place this year that paved the way for a
consolidated Cybercrime bill. Internet piracy provisions were also considered.
Efforts to form a Government Security Incident Response Team (GSIRT) started.
However, as in the past years, cybercrime legislation was observed to be of low priority.
Year 2008
08 Cybercrime and Security Policy Issues
As the years and technology has evolved, the E-Commerce Law was deemed lacking
inprosecuting a growing number of forms of cybercrime as technologies evolve. The lack of a
law also unable the country to participate in conventions that intends to facilitate mutual
cooperation.
It was noted 87% of emails Filipino received this year were spam.
Law enforcement was also becoming impatient as much is expected from them but the lack
of law is preventing them from making progress. Although investigation methodology
improvements were being made continuously.
CICT proceeded in endorsing its Cybercrime Bill versions.
Senator Manny Villar also filed his version of Anti-Cybercrime Act. Former Congressman
Joseph Santiago also has counterpart Cybercrime bills.
The first case filed this year involved stealing of company secrets.
First public key infrastructure seminar also happened this year which done to support plans
for a National Public Key Infrastructure.
Guidelines for Habeas Data came out this year.

Year 2009
Need for a Cybercrime bill got a renewed boost this year when the Katrina Hall and Hayden
Kho sex scandal went viral as it involves computer theft and unauthorized access to
information that got posted online.
CICT formed its own cybercrime unit.
Senator Antonio Trillianes IV filed his version of Cybercrime Bill.
Committee report on the Cybercrime Bill (report #770 resulting to Senate Bill 3553) were
referred to the Committee on Rules this year. House Bill 6794 got approved. Legislators
exerted effort to fast track it.
Atty. Geronimo Sy sees constant advocacy as key to push for legislation passage.

Year 2010

In 2010, Norton reported that 9 out of 10 Filipinos are victims of various forms of cybercrime
ranging from hacking attacks to online scams.
PH-CERT also renewed calls for the passage of Cybercrime Bill. It was passed at the House
of Representatives but got stalled in the Senate due to the election season.
Year 2011
Committee Report on Cybercrime Bill was submitted to the House of Representatives.

The Cybercrime Law (RA 10175) was proposed by the government to the public to address the
problems in the online world specifically to the violators in the internet. Thirteen senators
approved the vote of implementing the said law. The Anti-Cybercrime Law or Cybercrime
Prevention Act of 2012 has been officially approved and sealed on the 12 th day of September
2012.
The main contents of the law are illegal access, illegal interception, data or system interference,
misuse of devices, cybersquatting, computer related unlawful acts like frauds, identity theft,
cybersex and child pornography which are punishable by at least 6 years up to 20 years of
imprisonment and a fine ranging from 50,000 PHP to 500,000 PHP depending on the gravity of
crime committed and upon what section of the law was violated. (http://www.gov.ph).
Analysing the Cybercrime Prevention Act of 2012, this group came up with the following
advantages and disadvantages:

ADVANTAGES

DISADVANTAGES
The law will involve the members of the general public who probably may not even know that, in
writing something in their computer, they may already be committing an act that may put them
behind bars. These provisions may infringe their constitutional freedom of expression.
Section 4 (4) of the Cybercrime law provides that "the unlawful and prohibited acts of libel as
defined in Article 355 of the Revised Penal Code, as amended, committed through a computer
system or any other similar means which may be devised in the future." Libel is a contentrelated offense that can be committed by just about anybody using the computer.
Libel is defined in Article 353 of the Revised Penal Code (RPC) as a "public imputation and
malicious imputation of a crime, or of a vice or defect, real or imaginary, or any act, omission,
condition, status, or circumstances tending to cause the dishonor, discredit, or contempt of a
natural or juridical person, or to blacken the memory of one who is dead."
"Public" means that the imputation was heard, read or seen by somebody else, regardless of
number, other than the person to whom the imputation was directed. Article 355 provides that
this can be committed "by means of writing, printing, lithography, engraving, radio, phonograph,
painting, theatrical exhibition, cinematographic exhibition, or any similar means". Libel is
punishable by imprisonment that can last as long as 4 years and 2 months in jail.
Prior to the Cybercrime Law, it was not clear whether or not the phrase "or any similar means" in
our libel law included computers. Computers were non-existent in 1932, the year our 80-yearold Revised Penal Code took effect, and therefore could not have been contemplated or even
foreseen by the framers of the law.
Moreover, it is most likely that any libel case based on written messages, comments, blogs, or
posts in sites such as Facebook, Twitter, or any other comment-spaces of other social media in
the Internet could be dismissed as it is doubtful that computers are included in the law and the
uncertainty should be applied in favor of the accused. Moreover, considering that statements
and opinions written in the Internet are within the penumbra of the people's constitutional right of
speech, the preference is for the protection of the expressions made.
Perhaps this was the reason why the unchecked and uncensored inter-active written
communications, comments, replies, blogs, and messages in the Internet have at times
bordered on libel, if not actually constituting libel. One only has to look at the comment-spaces
in the various articles written in the Opinion section of Interaksyon.com, and in the websites of
various newspapers. Very strong and negative comments can readily be read. Even comments
in Facebook and Twitter show these. But somehow, this kind of free-wheeling interaction,
though at times very offensive, has developed through time a kind of special tolerance among
the inter-actors. The public has found an accessible direct medium to ventilate their opinions,
and people are learning to go beyond offensive opinions and accept them as just another point

of view. This is a very healthy development in a democracy where free expression must be
actively robust.

II. SUPREME COURT RULING

In Disini vs Secretary of Justice, petitioners challenge the constitutionality of some of the
provisions of the cybercrime law that regard certain acts as crimes and impose penalties for
their commission as well as provisions that would enable the government to track down and
penalize violators.
While the court held that (a) Section 4(c)(3) that penalizes posting unsolicited commercial
communications, (b) Section 12 that authorizes the collection or recording of traffic data in realtime and (3) Section 19 that authorizes the Department of Justice to restrict or block access to
suspected data as VOID for being UNCONSTITUTIONAL, the following provisions of the
cybercrime law were validly upheld as CONSTITUTIONAL:
a. Section 4(a)(1) that penalizes accessing a computer system without right;
The Court finds nothing in Section 4(a)(1) that calls for the application of the strict
scrutiny standard since no fundamental freedom, like speech, is involved in punishing
what is essentially a condemnable act accessing the computer system of another
without right. It is a universally condemned conduct.
b. Section 4(a)(3) that penalizes data interference, including transmission of viruses;
It simply punishes what essentially is a form of vandalism, the act of willfully destroying
without right the things that belong to others, in this case their computer data,
electronic document, or electronic data message. Such act has no connection to
guaranteed freedoms. There is no freedom to destroy other peoples computer
systems and private documents.
c. Section 4(a)(6) that penalizes cyber-squatting or acquiring domain name over the
internet in bad faith to the prejudice of others;
The challenge to the constitutionality of Section 4(a)(6) on ground of denial of equal
protection is baseless.
d. Section 4(b)(3) that penalizes identity theft or the use or misuse of identifying
information belonging to another;

Petitioners simply fail to show how government effort to curb computer-related identity
theft violates the right to privacy and correspondence as well as the right to due process
of law.
Also, the charge of invalidity of this section based on the overbreadth doctrine will not
hold water since the specific conducts proscribed do not intrude into guaranteed
freedoms like speech. Clearly, what this section regulates are specific actions: the
acquisition, use, misuse or deletion of personal identifying data of another. There is no
fundamental right to acquire anothers personal data.
e. Section 4(c)(1) that penalizes cybersex or the lascivious exhibition of sexual organs or
sexual activity for favor or consideration;
The Court will not declare Section 4(c)(1) unconstitutional where it stands a
construction that makes it apply only to persons engaged in the business of
maintaining, controlling, or operating, directly or indirectly, the lascivious exhibition of
sexual organs or sexual activity with the aid of a computer system as Congress has
intended.
f. Section 4(c)(2) that penalizes the production of child pornography;
The law makes the penalty higher by one degree when the crime is committed in
cyberspace. But no one can complain since the intensity or duration of penalty is a
legislative prerogative and there is rational basis for such higher penalty.32 The
potential for uncontrolled proliferation of a particular piece of child pornography when
uploaded in the cyberspace is incalculable.
g. Section 6 that imposes penalties one degree higher when crimes defined under the
Revised Penal Code are committed with the use of information and communications
technologies;
It merely makes commission of existing crimes through the internet a qualifying
circumstance. The distinction of between crimes committed through the use of
information and communications technology and similar crimes committed using other
means creates a basis for higher penalties for cybercrimes.
h. Section 8 that prescribes the penalties for cybercrimes;
The matter of fixing penalties for the commission of crimes is as a rule a legislative
prerogative. Here the legislature prescribed a measure of severe penalties for what it
regards as deleterious cybercrimes. They appear proportionate to the evil sought to be
punished.
i. Section 13 that permits law enforcement authorities to require service providers to
preserve traffic data and subscriber information as well as specified content data for six
months;

At any rate, the data that service providers preserve on orders of law enforcement
authorities are not made inaccessible to users by reason of the issuance of such orders.
The process of preserving data will not unduly hamper the normal transmission or use of
the same.
j. Section 14 that authorizes the disclosure of computer data under a court-issued
warrant;
The prescribed procedure for disclosure would not constitute an unlawful search or
seizure nor would it violate the privacy of communications and correspondence.
Disclosure can be made only after judicial intervention.
k. Section 15 that authorizes the search, seizure, and examination of computer data
under a court-issued warrant;
On its face, Section 15 merely enumerates the duties of law enforcement authorities
that would ensure the proper collection, preservation, and use of computer system or
data that have been seized by virtue of a court warrant. The exercise of these duties do
not pose any threat on the rights of the person from whom they were taken. Section 15
does not appear to supersede existing search and seizure rules but merely supplements
them.
l. Section 17 that authorizes the destruction of previously preserved computer data after
the expiration of the prescribed holding periods;
It is unclear that the user has a demandable right to require the service provider to have
that copy of the data saved indefinitely for him in its storage system. If he wanted them
preserved, he should have saved them in his computer when he generated the data or
received it. He could also request the service provider for a copy before it is deleted.
m. Section 20 that penalizes obstruction of justice in relation to cybercrime
investigations;
The act of non-compliance, for it to be punishable, must still be done "knowingly or
willfully." There must still be a judicial determination of guilt, during which, as the Solicitor
General assumes, defense and justifications for non-compliance may be raised. Thus,
Section 20 is valid insofar as it applies to the provisions of Chapter IV which are not
struck down by the Court.
n. Section 24 that establishes a Cybercrime Investigation and Coordinating Center
(CICC);
o. Section 26(a) that defines the CICCs Powers and Functions

Here, the cybercrime law is complete in itself when it directed the CICC to formulate and
implement a national cybersecurity plan. Also, contrary to the position of the petitioners,
the law gave sufficient standards for the CICC to follow when it provided a definition of
cybersecurity.
Cyberspace is a system that accommodates millions and billions of simultaneous and
ongoing individual accesses to and uses of the internet. The cyberspace is a boon to the need
of the current generation for greater information and facility of communication. But all is not well
with the system since it could not filter out a number of persons of ill will who would want to use
cyberspace technology for mischiefs and crimes. One of them can, for instance, avail himself of
the system to unjustly ruin the reputation of another or bully the latter by posting defamatory
statements against him that people can read.
And because linking with the internet opens up a user to communications from others, the illmotivated can use the cyberspace for committing theft by hacking into or surreptitiously
accessing his bank account or credit card or defrauding him through false representations. The
wicked can use the cyberspace, too, for illicit trafficking in sex or for exposing to pornography
guileless children who have access to the internet. For this reason, the government has a
legitimate right to regulate the use of cyberspace and contain and punish wrongdoings.

III. EX ANTE PERSPECTIVE

In the present era of information technology, the technology in World has become more
advanced; law enforcement agencies must provide their computer crime investigators with the
technology required to conduct complex computer investigations. Besides access to technology,
law enforcement agencies must also be given Forensic Computer support as many computer
crimes leave footprints on the computer as well as on the internet. Most prosecutors also lack
the training and specialization to focus on the prosecution of criminals who use computer-based
and Internet system as a means of committing crimes. Thus, they must have a working
knowledge of computer-based and Internet investigations if they are to handle these crimes
effectively.
The rapid change occurring in the present era of Information Technology and the computer has
gained popularity in every aspect of our lives. This includes the use of computers by persons
involved in the commission of crimes. Today, computers play a major role in almost every crime
that is committed. Every crime that is committed is not necessarily a computer crime, but it does
mean that law enforcement must become much more computer literate just to be able to keep
up with the criminal element. Extending the rule of law into cyberspace is a critical step to create
a trustworthy environment for people and different activities. Computer forensic science helps in
maintaining the trustworthy environment for cyber society by applying a set of procedure and
integrated analytical techniques to extract evidence when computer is used as evidence in
criminal investigation. To provide this self-protection, computer forensic science should focus on

implementing cyber security plans addressing people, process, and technology issues. There is
need to commit the resources to educate employees on security practices, develop thorough
plans for the handling of sensitive data, records and transactions, and incorporate robust
security technology, such as firewalls, anti-virus software, intrusion detection tools, and
authentication services, throughout the organizations' computer systems [1]. One of the major
challenges, we are facing in law improvement in this new era is keeping up with growing
demands of technology. Computer technology changes are so rapid that if a department is up to
date today; their equipment will probably be outdated. Since the budgets have not been
increased to keep pace with the rapid change in technology its becoming difficult for law
enforcement agencies to keep up with this rapid change. The criminal element is not as
challenged to keep pace, and being usually well financed and having the resources to continue
purchasing the newer technologies