Вы находитесь на странице: 1из 9

Disini, Jr.

vs Secretary of Justice (2014)

Summary Cases:

● Jose Jesus M. Disini, Jr. vs. The Secretary of Justice

Strict Scrutiny Standard; Overbreadth Doctrine; “As Applied” challenge in relation to Void for
Vagueness/Overbreadth; Equal Protection Clause; Right to Privacy, Freedom of Expression, Child
Pornography; Unsolicited Ads (“Spam”) as Protected Commercial Speech; Libel; Use of ICT as a
Qualifying Circumstance; Double Jeopardy; Fixing of Penalties; Right to Privacy (Real Time Collection
and Recording of Traffic Data); Right to Property (preservation and Destruction of Computer Data); Right
Against Unreasonable Search (Disclosure and Blocking of Computer Data); Bill of Attainder; Undue
Delegation of Legislative Power

Petitioners Jose Jesus M. Disini, Jr. and company, as taxpayers, file a Petition for Certiorari and
Prohibition under Rule 65, seeking to nullify Sections 4(c)(4), 6, 7, 12 and 19 of RA 10175 (Cybercrime
Prevention Act of 2012) for violating the fundamental rights protected under the Constitution.


Strict Scrutiny Standard

1. Petitioners contend that Section 4(a)(1) --which punishes Illegal Access to a computer system-- fails
to meet the strict scrutiny standard and should be struck down

2. According to the strict scrutiny standard, a legislative classification that impermissibly interferes with
the exercise of fundamental right or operates to the peculiar class disadvantage of a suspect class is
presumed unconstitutional. The burden is on the government to prove that the classification is necessary
to achieve a compelling state interest and that it is the least restrictive means to protect such interest.
Later, the strict scrutiny standard was used to assess the validity of laws dealing with the regulation of
speech, gender, or race as well as other fundamental rights, as expansion from its earlier applications to
equal protection.

3. The Court finds nothing in Section 4(a)(1) that calls for the application of the strict scrutiny standard
since no fundamental freedom, like speech, is involved in punishing what is essentially a condemnable
act – accessing the computer system of another without right. It is a universally condemned conduct.

4. With respect to ethical hackers, a client’s engagement of an ethical hacker requires an agreement
between them as to the extent of the search, the methods to be used, and the systems to be tested.
Since the ethical hacker does his job with prior permission from the client, such permission would
insulate him from the coverage of Section 4(a)(1).

Overbreadth Doctrine (Data Interference)

5. Petitioners claim that Section 4(a)(3) suffers from overbreadth in that, while it seeks to discourage
data interference, it intrudes into the area of protected speech and expression, creating a chilling and
deterrent effect on these guaranteed freedoms.

6. Under the overbreadth doctrine, a proper governmental purpose, constitutionally subject to state
regulation, may not be achieved by means that unnecessarily sweep its subject broadly, thereby
| Page 1 of 9
invading the area of protected freedoms.

7. Section 4(a)(3) does not encroach on these freedoms at all. It simply punishes what essentially is a
form of vandalism, the act of willfully destroying without right the things that belong to others, in this case
their computer data, electronic document, or electronic data message. Such act has no connection to
guaranteed freedoms.

8. All penal laws, like the cybercrime law, have of course an inherent chilling effect, an in terrorem effect
or the fear of possible prosecution that hangs on the heads of citizens who are minded to step beyond
the boundaries of what is proper. But to prevent the State from legislating criminal laws because they
instill such kind of fear is to render the state powerless in addressing and penalizing socially harmful
conduct. Here, the chilling effect that results in paralysis is an illusion since Section 4(a)(3) clearly
describes the evil that it seeks to punish and creates no tendency to intimidate the free exercise of one’s
constitutional rights.

9. Besides, the overbreadth challenge places on petitioners the heavy burden of proving that under no
set of circumstances will Section 4(a)(3) be valid. Petitioner has failed to discharge this burden

Overbreadth Doctrine (Aiding and Abetting)

10. Section 5 (Aiding and Abetting) in relation to Section 4(c)(4) on Libel, Section 4(c)(3) on
Unsolicited Commercial Communications, and Section 4(c)(2) on Child Pornography is unconstitutional.

11. Section 5 renders criminally liable any person who willfully abets or aids in the commission or
attempts to commit any of the offenses enumerated as cybercrimes. It suffers from overbreadth, creating
a chilling and deterrent effect on protected expression.

12. Penal laws should provide reasonably clear guidelines for law enforcement officials and triers of facts
to prevent arbitrary and discriminatory enforcement. The terms “aiding or abetting” constitute broad
sweep that generates chilling effect on those who express themselves through cyberspace posts,
comments, and other messages.

13. In effect, actions such as “Liking”, or Commenting” on or “Sharing” an online post that is found to be
defamatory is not punishable as “aiding or abetting” a cybercrime offense

14. However, if the “Comment” does not merely react to the original posting but creates an altogether
new defamatory story, then that should be considered an original posting published on the internet. Both
the penal code and the cybercrime law clearly punish authors of defamatory publications.

15. But the crime of aiding or abetting the commission of cybercrimes under Section 5 should be
permitted to apply to Section 4(a)(1) on Illegal Access, Section 4(a)(2) on Illegal Interception, Section
4(a)(3) on Data Interference, Section 4(a)(4) on System Interference, Section 4(a)(5) on Misuse of
Devices, Section 4(a)(6) on Cyber-squatting, Section 4(b)(1) on Computer-related Forgery, Section
4(b)(2) on Computer-related Fraud, Section 4(b)(3) on Computer-related Identity Theft, and Section
4(c)(1) on Cybersex. None of these offenses borders on the exercise of the freedom of expression.The
crime of willfully attempting to commit any of these offenses is for the same reason not objectionable.

“As Applied” challenge in relation to Void for Vagueness/Overbreadth

16. Generally, the void for vagueness doctrine does not apply to penal statutes. By way of exception,
when a penal statute encroaches upon the freedom of speech, a facial challenge grounded on the
| Page 2 of 9
void-for-vagueness doctrine is acceptable.

17. In an “as applied” challenge, the petitioner who claims a violation of his constitutional right can
raise any constitutional ground – absence of due process, lack of fair notice, lack of ascertainable
standards, overbreadth, or vagueness. One can challenge the constitutionality of a statute only if he
asserts a violation of his own rights. It prohibits one from assailing the constitutionality of the statute
based solely on the violation of the rights of third persons not before the court. This rule is also known as
the prohibition against third-party standing.

18. But this rule admits of exceptions. A petitioner may for instance mount a “facial” challenge to the
constitutionality of a statute even if he claims no violation of his own rights under the assailed statute
where it involves free speech on grounds of overbreadth or vagueness of the statute. The rationale for
this exception is to counter the “chilling effect” on protected speech that comes from statutes violating
free speech. A person who does not know whether his speech constitutes a crime under an overbroad or
vague law may simply restrain himself from speaking in order to avoid being charged of a crime. The
overbroad or vague law thus chills him into silence

Equal Protection Clause

19. Petitioners claim that Section 4(a)(6) or cyber-squatting violates the equal protection clause in that,
not being narrowly tailored, it will cause a user using his real name to suffer the same fate as those who
use aliases or take the name of another in satire, parody, or any other literary device.

20. But there is no real difference whether he uses his real name or a pseudo-name for it is the evil
purpose for which he uses the name that the law condemns. The law is reasonable in penalizing him for
acquiring the domain name in bad faith to profit, mislead, destroy reputation, or deprive others who are
not ill-motivated of the rightful opportunity of registering the same. The challenge to the constitutionality
of Section 4(a)(6) on ground of denial of equal protection is baseless.

Right to Privacy

21. Petitioners claim that Section 4(b)(3) on Computer Related Identity Theft violates the
constitutional rights to due process and to privacy and correspondence, and transgresses the freedom of
the press.

22. The right to privacy, or the right to be let alone, was institutionalized in the 1987 Constitution as a
facet of the right protected by the guarantee against unreasonable searches and seizures. But the Court
acknowledged that the right to privacy exists independently of its identification with liberty; it is in itself
fully deserving of constitutional protection. (Morfe v. Mutuc)

23. Zones of privacy are recognized and protected in our laws. Two constitutional guarantees create
these zones of privacy: (a) the right against unreasonable searches and seizures, which is the basis of
the right to be let alone, and (b) the right to privacy of communication and correspondence.

24. In assessing the challenge that the State has impermissibly intruded into these zones of privacy, a
court must determine whether a person has exhibited a reasonable expectation of privacy and, if so,
whether that expectation has been violated by unreasonable government intrusion.

25. The law punishes those who acquire or use identifying information (such as name, citizenship,
residence address, contact number, place and date of birth, name of his spouse if any, occupation)
without right, implicitly to cause damage. Petitioners fail to show how government effort to curb
| Page 3 of 9
computer-related identity theft violates the right to privacy and correspondence as well as the right to due
process of law.

26. Neither does the law violate freedom of the press by restricting the ability of journalists to access and
publish unrestricted information about a person in the news. The theft of identity information must be
intended for an illegitimate purpose. Moreover, acquiring and disseminating information made public by
the user himself cannot be regarded as a form of theft. Moreover, theft requires the element of “intent to
gain” which is not present in the situation described.

27. Also, the charge of invalidity of this section based on the overbreadth doctrine will not hold water
since the specific conducts proscribed do not intrude into guaranteed freedoms like speech. Clearly,
what this section regulates are specific actions: the acquisition, use, misuse or deletion of personal
identifying data of another. There is no fundamental right to acquire another’s personal data.

Freedom of Expression

28. Petitioners claim that Section 4(c)(1) on Cybersexviolates the freedom of expression clause of the
Constitution, i.e., that private communications of sexual character between husband and wife or
consenting adults, which are not regarded as crimes under the penal code, would now be regarded as
crimes when done “for favor” in cyberspace.

29. The deliberations of the Bicameral Committee of Congress reveal that the element of “engaging in
a business” is necessary to constitute the illegal cybersex. The Act actually seeks to punish cyber
prostitution, white slave trade, and pornography for favor and consideration.

30. In Nogales v. People, the Court weighed the property rights of individuals against the public welfare.
Private property, if containing pornographic materials, may be forfeited and destroyed. Likewise,
engaging in sexual acts privately through internet connection, perceived by some as a right, has to be
balanced with the mandate of the State to eradicate white slavery and the exploitation of women.

Child Pornography

31. Section 4(c)(2) on Child Pornography merely expands the scope of the Anti-Child Pornography Act
of 2009 (ACPA) to cover identical activities in cyberspace.

32. As to making the penalty higher by one degree when the crime is committed in cyberspace, the
intensity or duration of penalty is a legislative prerogative and there is rational basis for such higher
penalty. The potential for uncontrolled proliferation of a particular piece of child pornography when
uploaded in the cyberspace is incalculable.

Unsolicited Ads (“Spam”) as Protected Commercial Speech

33. Section 4(c)(3) on Unsolicited Commercial Communications penalizes the transmission of

unsolicited commercial communications, also known as “spam.”

34. The court did not uphold the argument that spams should be outlawed as a form of nuisance, stating
that what matters is that recipients have the option of deleting or not reading the spams.

35. Commercial speech is a separate category of speech which is not accorded the same level of
protection as that given to other constitutionally guaranteed forms of expression but is nonetheless
entitled to protection. Unsolicited advertisements are legitimate forms of expression.
| Page 4 of 9

36. Libel is not a constitutionally protected speech and that the government has an obligation to protect
private individuals from defamation.

37. The elements of libel are: (a) the allegation of a discreditable act or condition concerning another;
(b) publication of the charge; (c) identity of the person defamed; and (d) existence of malice

38. Where the offended party is a public figure, a showing of actual malice or malice in fact is
required. There is “actual malice” when the offender makes the defamatory statement with the
knowledge that it is false or with reckless disregard of whether it was false or not. Gross or even extreme
negligence is not sufficient to establish actual malice.

39. But, where the offended party is a private individual, the prosecution need not prove the presence
of malice. The law explicitly presumes its existence (malice in law) from the defamatory character of
the assailed statement. For his defense, the accused must show that he has a justifiable reason for the
defamatory statement even if it was in fact true.

40. Article 361 of the Penal Code recognizes truth as a defense but under the condition that the
accused has been prompted in making the statement by good motives and for justifiable ends.

Use of ICT as a Qualifying Circumstance

41. Section 6 merely makes commission of existing crimes through the internet a qualifying
circumstance. There exists a substantial distinction between crimes committed through the use of
information and communications technology (ICT) and similar crimes committed using other means. In
using ICT, the offender often evades identification and is able to reach far more victims or cause greater
harm. The distinction, therefore, creates a basis for higher penalties for cybercrimes.

Double Jeopardy

42. Section 7 provides that “A prosecution under this Act shall be without prejudice to any liability for
violation of any provision of the Revised Penal Code, as amended, or special laws.”

43. When two different laws define two crimes, prior jeopardy as to one does not bar prosecution of the
other although both offenses arise from the same fact, if each crime involves some important act which
is not an essential element of the other.

44. With the exception of the crimes of online libel and online child pornography, the Court would
leave the determination of the correct application of Section 7 to actual cases.

45. Online libel is different. There should be no question that if the published material on print, said to
be libelous, is again posted online or vice versa, that identical material cannot be the subject of two
separate libels. The two offenses, one a violation of Article 353 of the Revised Penal Code and the other
a violation of Section 4(c)(4) of RA 10175 involve essentially the same elements and are in fact one and
the same offense. Online libel under Section 4(c)(4) is not a new crime but is one already punished
under Article 353. Section 4(c)(4) merely establishes the computer system as another means of
publication. Charging the offender under both laws would be a blatant violation of the proscription
against double jeopardy

46. The same is true with child pornography committed online. Section 4(c)(2) merely expands the
| Page 5 of 9
ACPA’s scope so as to include identical activities in cyberspace.

Fixing of Penalties

47. The matter of fixing penalties for the commission of crimes is as a rule a legislative prerogative. Here
the legislature prescribed a measure of severe penalties for what it regards as deleterious cybercrimes.
They appear proportionate to the evil sought to be punished. The power to determine penalties for
offenses is not diluted or improperly wielded simply because at some prior time the act or omission was
but an element of another offense or might just have been connected with another crime. Judges can
only interpret and apply them and have no authority to modify or revise their range as determined by the
legislative department. The courts should not encroach on this prerogative of the lawmaking body

Right to Privacy (Real Time Collection and Recording of Traffic Data)

48. Petitioners assail the grant to law enforcement agencies of the power to collect or record traffic data
in real time as tending to curtail civil liberties or provide opportunities for official abuse.

49. The first question is whether or not Section 12 (Real-Time Collection of Traffic Data) has a proper
governmental purpose since a law may require the disclosure of matters normally considered private
upon showing (1) that such requirement has a rational relation to the purpose of the law, (2) that there is
a compelling State interest behind the law, and (3) that the provision itself is narrowly drawn.

Compelling state interest and rational relation

50. The State has a compelling interest in enacting the cybercrime law for there is a need to put order
to the tremendous activities in cyberspace for public good. To do this, it is within the realm of reason that
the government should be able to monitor traffic data to enhance its ability to combat all sorts of
cybercrimes. The requirement of “real time” collection is critical because there are many ways the cyber
criminals can quickly erase their tracks. it is only real-time traffic data collection or recording and a
subsequent recourse to court-issued search and seizure warrant that can succeed in ferreting them out.

51. Privacy is classified into two categories: Decisional privacy involves the right to independence in
making certain important decisions, while Informational privacy refers to the interest in avoiding
disclosure of personal matters. It is the right to informational privacy that those who oppose government
collection or recording of traffic data in real-time seek to protect.

52. Informational privacy has two aspects: (1) the right not to have private information disclosed, and
(2) the right to live freely without surveillance and intrusion.

53. In determining whether or not a matter is entitled to the right to privacy, this Court has laid down a
two-fold test.

(a) subjective test, where one claiming the right must have an actual or legitimate expectation of
privacy over a certain matter.

(b) objective test, where his or her expectation of privacy must be one society is prepared to accept as
objectively reasonable.

54. ICT users must know that they cannot communicate or exchange data with one another over
cyberspace except through some service providers to whom they must submit certain traffic data that are
needed for a successful cyberspace communication. The conveyance of this data takes them out of the
| Page 6 of 9
private sphere, making the expectation to privacy in regard to them an expectation that society is not
prepared to recognize as reasonable.

Not narrowly drawn

55. Section 12 empowers law enforcement authorities, “with due cause,” to collect or record by
technical or electronic means traffic data in real-time. But the cybercrime law fails to hint at the meaning
it intends for the phrase “due cause”, thus justifying a general gathering of data. It is akin to the use of a
general search warrant that the Constitution prohibits.

56. The power is virtually limitless, enabling law enforcement authorities to engage in “fishing
expedition,” choosing whatever specified communication they want. This evidently threatens the right of
individuals to privacy. Section 12 is therefore invalid.

Right to Property (preservation and Destruction of Computer Data)

57. Petitioners claim that Section 13 (Preservation of Computer Data) constitutes an undue
deprivation of the right to property. They liken the data preservation order that law enforcement
authorities are to issue as a form of garnishment of personal property in civil forfeiture proceedings. Such
order prevents internet users from accessing and disposing of traffic data that essentially belong to them.

58. By virtue of Section 13, the law now requires service providers to keep traffic data and subscriber
information relating to communication services for at least six months from the date of the transaction
and those relating to content data for at least six months from receipt of the order for their preservation.

59. The data that service providers preserve on orders of law enforcement authorities are not made
inaccessible to users by reason of the issuance of such orders. The process of preserving data will not
unduly hamper the normal transmission or use of the same.

60. Similarly, Section 17 (Destruction of Computer Data) does not violate the user’s right against
deprivation of property without due process of law. The user has no clear demandable right to require
the service provider to have that copy of the data saved indefinitely for him in its storage system. If he
wanted them preserved, he should have saved them in his computer when he generated the data or
received it. He could also request the service provider for a copy before it is deleted

Right Against Unreasonable Search (Disclosure and Blocking of Computer Data)

61. Section 14 (Disclosure of Computer Data) provides that “Law enforcement authorities, upon
securing a court warrant, shall issue an order requiring any person or service provider to disclose or
submit subscriber’s information, traffic data or relevant data in his/its possession or control ….”

62. Section 14 is being likened to the issuance of a subpoena. The power to issue subpoenas is not
exclusively a judicial function. Executive agencies have the power to issue subpoena as an adjunct of
their investigatory powers.

63. The prescribed procedure for disclosure would not constitute an unlawful search or seizure nor would
it violate the privacy of communications and correspondence. Disclosure can be made only after judicial

64. Section 19 (Restricting or Blocking Access to Computer Data), provides that “When a computer
data is prima facie found to be in violation of the provisions of this Act, the Department of Justice shall
| Page 7 of 9
issue an order to restrict or block access to such computer data.”

65. Computer data, produced or created by their writers or authors may constitute personal property.
Consequently, they are protected from unreasonable searches and seizures, whether while stored in
their personal computers or in the service provider’s systems

66. Section 2, Article III of the 1987 Constitution provides that no search warrant shall issue except
upon probable cause to be determined personally by the judge. Here, the Government, in effect, seizes
and places the computer data under its control and disposition without a warrant. The Department of
Justice order cannot substitute for judicial search warrant.

67. The content of the computer data can also constitute speech. In such a case, Section 19 operates as
a restriction on the freedom of expression over cyberspace.

68. Section 19 is void for being violative of the freedom of expression and against unreasonable
searches and seizures.

Bill of Attainder

69. Petitioners claim that Section 20 (Non Compliance) is a bill of attainder since the mere failure to
comply constitutes a legislative finding of guilt, without regard to situations where non-compliance would
be reasonable or valid.

70. But since the non-compliance would be punished as a violation of PD 1829, Section 20 necessarily
incorporates elements of the offense which are defined therein. If Congress had intended for Section 20
to constitute an offense in and of itself, it would not have had to make reference to any other statue or

71. The act of non-compliance, for it to be punishable, must be done “knowingly or willfully.” There must
still be a judicial determination of guilt, during which, defense and justifications for non-compliance may
be raised. Thus, Section 20 is valid insofar as it applies to the provisions of Chapter IV which are not
struck down by the Court

Undue Delegation of Legislative Power

72. Petitioners contend that Congress invalidly delegated its power when it gave the Cybercrime
Investigation and Coordinating Center (CICC) the power to formulate a national cybersecurity plan
without any sufficient standards or parameters for it to follow.

73. In order to determine whether there is undue delegation of legislative power, the Court has adopted
two tests: Under the completeness test, the law must be complete in all its terms and conditions when it
leaves the legislature such that when it reaches the delegate, the only thing he will have to do is to
enforce it. The sufficient standard test mandates adequate guidelines or limitations in the law to
determine the boundaries of the delegate’s authority and prevent the delegation from running riot.

74. Here, the cybercrime law is complete in itself when it directed the CICC to formulate and implement a
national cybersecurity plan. Also, the law gave sufficient standards for the CICC to follow when it
provided a definition of cybersecurity.

75. Cybersecurity refers to the collection of tools, policies, risk management approaches, actions,
training, best practices, assurance and technologies that can be used to protect cyber environment and
| Page 8 of 9
organization and user’s assets. This definition serves as the parameters within which CICC should work
in formulating the cybersecurity plan.Further, the policy of the law is adopted in the interest of law and
order, which has been considered as sufficient standard. Hence, Sections 24 and 26(a) are likewise

| Page 9 of 9