The Anti-cybercrime Law in the Philippines

On September 12, 2012, President Benigno “Noynoy” Aquino III has signed and approved Republic Act No. 10175, known as the “Cybercrime Prevention Act of 2012″ or commonly known by the netizens as the Anti-cybercrime Law in the Philippines. The Act is a consolidation of House Bill No. 5808 passed by the House of Representatives on June 4, 2012 and Senate Bill No. 2796 passed by the Senate on June 5, 2012.

Since the publication of this Act, several critics especially the netizens are already raging their questions and sentiments on the said law. One of the most questionable parts of the law is the inclusion of online libel as one of the Cybercrime Offenses punishable by the law under the Revised Penal Code as outlined in Section 4 of the Act.

For almost two weeks now, the Anti-cybercrime law is still the talk of the Philippine social media world. It is still the concern discussed by many people on Facebook, the issue tweeted on Twitter, the topic blogged by many bloggers, and the news published by news websites.

So what is the Anti-cybercrime law all about? Why is it making so much buzz on the news online and offline?

To learn and to understand more, let’s take a closer look at this Act and find some answers on the most common questions about the Cybercrime Prevention Act of 2012.


What is the purpose of this Act?

As its title suggests, Cybercrime Prevention Act of 2012 is enacted to prevent cybercrimes in the country. According to Section 2 of the Act:

“The State recognizes the vital role of information and communications industries such as content production, telecommunications, broadcasting electronic commerce, and data processing, in the nation’s overall social and economic development. The State also recognizes the importance of providing an environment conducive to the development, acceleration, and rational application and exploitation of information and communications technology (ICT) to attain free, easy, and intelligible access to exchange and/or delivery of information; and the need to protect and safeguard the integrity of computer, computer and communications systems, networks, and databases, and the confidentiality, integrity, and availability of information and data stored therein, from all forms of misuse, abuse, and illegal access by making punishable under the law such conduct or conducts. In this light, the State shall adopt sufficient powers to effectively prevent and combat such offenses by facilitating their detection, investigation, and prosecution at both the domestic and international levels, and by providing arrangements for fast and reliable international cooperation.” – Section 2 of the Republic Act No. 10175.

In other words, this Act aims to give the government the authority and power to effectively detect, prevent, fight, punish and stop cybercrime offenses that hinder the growth of our country’s information and communications industries, as well as our overall social and economic development. It also aims to protect people and entities from abuse and illegal access of their cyber properties and important data online.

But the question of many people now is… will this Act really serve its purpose or it will serve other purpose?


What are the Cybercrime offenses punishable by this law?

The Cybercrime offenses that are punishable under the Cybercrime Prevention Act of 2012 and are outlined in Section 4 and 5 of the Act are grouped into the following:

a. Offenses against the confidentiality, integrity and availability of computer data and systems

These offenses include (1) illegal access to a computer system, (2) illegal interception within a computer system, (3) data interference, (4) system interference, (5) misuse of device, and (6) cybersquatting.

According to Section 4, a.6 of the Act, Cyber-squatting means the acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same, if such a domain name is:
 (i) Similar, identical, or confusingly similar to an existing trademark registered with the appropriate government agency at the time of the domain name registration:
(ii) Identical or in any way similar with the name of a person other than the registrant, in case of a personal name; and
(iii) Acquired without right or with intellectual property interests in it.

b. Computer-related Offenses

Computer-related cybercrime offenses include computer-related forgery, fraud, and Identity theft.

Computer-related Identity theft means “the intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying information belonging to another, whether natural or juridical, without right” (Section 4, b.3).

c. Content-related Offenses

Content-related offenses are those cybercrimes committed through content, that is, information and experiences consumed by end-users or audience. Content-related offenses, according to Section 4.c of the Act, include cybersex, child pornography, unsolicited commercial communications, and the controversial online libel.

According to Section 4.c.4 of the Anti-cybercrime Act, online libel is the unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code, as amended, committed through a computer system or any other similar means which may be devised in the future.

Under Article 355 of the Revised Penal Code, libel may be committed by means of writing, printing, lithography, engraving, radio, phonograph, painting, theatrical exhibition, cinematographic exhibition, or any similar means. Art. 353 of the Revised Penal Code, defined libel as “a public and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any act, omission, condition, status, or circumstance tending to cause the dishonor, discredit, or contempt of a natural or juridical person, or to blacken the memory of one who is dead”.

d. Other offenses as stated in Section 5 of the Act.

The following are considered as other offenses under the Act and also subject to penalties, as discussed in Section 9 of the Act.

(a) Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully abets or aids in the commission of any of the offenses enumerated in this Act shall be held liable.
(b) Attempt in the Commission of Cybercrime. — Any person who willfully attempts to commit any of the offenses enumerated in this Act shall be held liable.


What are the penalties for committing a Cybercrime offense?

The punishments or penalties to a natural person who will be found guilty of the cybercrime offenses are outlined in Section 8 of the Act. The penalties for juridical persons or corporate entities are discussed in Section 9 of the Act.

The following penalties for any natural person found guilty of the cybercrime offenses under the Act are excerpted from the Section 8 of the Act:

SEC. 8. Penalties. — Any person found guilty of any of the punishable acts enumerated in Sections 4(a) and 4(b) of this Act shall be punished with imprisonment of prision mayor or a fine of at least Two hundred thousand pesos (PhP200,000.00) up to a maximum amount commensurate to the damage incurred or both.

Any person found guilty of the punishable act under Section 4(a)(5) shall be punished with imprisonment of prision mayor or a fine of not more than Five hundred thousand pesos (PhP500,000.00) or both.

If punishable acts in Section 4(a) are committed against critical infrastructure, the penalty of reclusion temporal or a fine of at least Five hundred thousand pesos (PhP500,000.00) up to maximum amount commensurate to the damage incurred or both, shall be imposed.

Any person found guilty of any of the punishable acts enumerated in Section 4(c)(1) of this Act shall be punished with imprisonment of prision mayor or a fine of at least Two hundred thousand pesos (PhP200,000.00) but not exceeding One million pesos (PhPl,000,000.00) or both.

Any person found guilty of any of the punishable acts enumerated in Section 4(c)(2) of this Act shall be punished with the penalties as enumerated in Republic Act No. 9775 or the “Anti-Child Pornography Act of 2009″: Provided, That the penalty to be imposed shall be one (1) degree higher than that provided for in Republic Act No. 9775, if committed through a computer system.

Any person found guilty of any of the punishable acts enumerated in Section 4(c)(3) shall be punished with imprisonment of arresto mayor or a fine of at least Fifty thousand pesos (PhP50,000.00) but not exceeding Two hundred fifty thousand pesos (PhP250,000.00) or both.

Any person found guilty of any of the punishable acts enumerated in Section 5 shall be punished with imprisonment one (1) degree lower than that of the prescribed penalty for the offense or a fine of at least One hundred thousand pesos (PhPl00,000.00) but not exceeding Five hundred thousand pesos (PhP500,000.00) or both.


How will the government enforce or implement this law?

Section 10 of Chapter 4 states that “the National Bureau of Investigation (NBI) and the Philippine National Police (PNP) are the responsible for the efficient and effective law enforcement of the provisions of the Act. The NBI and the PNP shall also organize a cybercrime unit or center manned by special investigators to exclusively handle cases involving violations of this Act.

Section 12 of the Act gives law enforcers due authority to collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system. But the traffic data mentioned therein only refers to the communication’s origin, destination, route, time, date, size, duration, or type of underlying service, but not content, nor identities. All other data to be collected or seized or disclosed will require a court warrant.

According to Section 12, service providers are also required to cooperate and assist law enforcement authorities in the collection or recording of the above-stated information.

In section 15, the search, seizure and examination of computer data is discussed. It says that where a search and seizure warrant is properly issued, the law enforcement authorities will be granted the powers and duties to conduct interception and to do the following:

(a) To secure a computer system or a computer data storage medium;
(b) To make and retain a copy of those computer data secured;
(c) To maintain the integrity of the relevant stored computer data;
(d) To conduct forensic analysis or examination of the computer data storage medium; and
(e) To render inaccessible or remove those computer data in the accessed computer or computer and communications network.

Interception, as defined in Section 3 of the Act, refers to listening to, recording, monitoring or surveillance of the content of communications, including procuring of the content of data, either directly, through access and use of a computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at the same time that the communication is occurring.

Another notable and controversial provision of the new law lies in Section 19 of the Act or the “Restricting or Blocking Access to Computer Data”. Section 19 states that when a computer data is prima facie found to be in violation of the provisions of this Act, the DOJ shall issue an order to restrict or block access to such computer data.

The term Prima facie comes from the Latin expression prima facie, which means first appearance, first sight, first encounter or first examination. Prima facie is a type of evidence obtained at first examination presumed to be true unless rebutted or disproved.

In interpreting Section 19 of the Act, it could mean that the DOJ can already issue and order to shut down a website or any computer data center that will be found out to be in violation of the Cybercrime Prevention Act in first appearance.


When will this law become effective?

The Cybercrime Prevention Act of 2012 was signed and approved by President Aquino on September 12, 2012. It will take effect fifteen (15) days after the completion of its publication in the Official Gazette or in at least two (2) newspapers of general circulation (SEC. 31).

In every new enacted law there must be an Implementing Rules and Regulations (IRR) to further clarify the law and set out guidelines for its effective implementation.  Section 28 of the Act mandates the    ICTO-DOST, the DOJ and the Department of the Interior and Local Government (DILG) to jointly formulate the necessary rules and regulations within ninety (90) days from approval of the Act (90 days from September 12, 2012).


Final thoughts

A law should promote peace and order. It should protect the rights of the majority of people. It should not only encourage economic development, but also encourage social and moral growth. A law should also be based on the fundamental principle of equality and justice. It should also respect the supreme law of the land – the Philippine Constitution (Saligang Batas ng Pilipinas).

Article III Section 4 of the Bill of Rights provides that: “No law shall be passed abridging the freedom of speech, of expression, or of the press, or the right of the people peaceably to assemble and petition the government for redress of grievances.” Thus, any new law should be carefully implemented not to restrain the freedom of expression of the people, especially if it is expressed to make a good change for our country and for the people.

We have to stay vigilant, not only to protect our own rights, but also to protect equality and justice for all. The implementing rules and regulations (IRR) for the effective implementation of the Anti-cybercrime Act will be released within 90 days from September 12, 2012 – the day it was approved.

There are still many issues to tackle on this new law, but a single blog post cannot accommodate them all. Thus, feel free to share your thoughts and insights by making a comment below so that we can start a discussion.

This article also needs to be updated with the new laws and pronouncements that will come out in the future.

To read the full text of the Republic Act No. 10175 or the “Cybercrime Prevention Act of 2012″, please visit this page from the Official Gazette of the Republic of the Philippines.

Victorino Abrugar is a retired CPA practitioner, a blogger, speaker, and an entrepreneur. He's the President of Optixor, Inc., a digital marketing company based in the Philippines. Follow him on Twitter at @viclogic.

Leave a Reply

Your email address will not be published. Required fields are marked *