Summary
Republic Act No. 10175: Cybercrime Prevention Act of 2012
Highlights
Republic Act No. 10175, known as the 'Cybercrime Prevention Act of 2012', recognizes the critical role of information and communications industries in national development. It emphasizes the need to protect the integrity of computer systems, networks, and data from misuse and illegal access. The state commits to combating these offenses through detection, investigation, prosecution, and international cooperation. The act defines key terms such as 'access', 'alteration', 'communication', 'computer', 'computer data', 'computer program', 'computer system', 'without right', 'cyber', 'critical infrastructure', 'cybersecurity', 'database', 'interception', 'service provider', 'subscriber’s information', and 'traffic data' among others.
The act categorizes cybercrime offenses including offenses against confidentiality, integrity, and availability of computer data and systems (e.g., illegal access, illegal interception, data interference, system interference, misuse of devices, cyber-squatting). Computer-related offenses include computer-related forgery, fraud, and identity theft. Content-related offenses cover cybersex, child pornography (with higher penalties when committed through a computer system), unsolicited commercial communications (spam), and libel committed through a computer system. Additionally, aiding or abetting and attempting to commit any of these cybercrimes are also punishable offenses. The act also stipulates that crimes defined in the Revised Penal Code and special laws, when committed through information and communications technologies, will be covered by this act, with higher penalties.
Penalties for cybercrime offenses vary, ranging from imprisonment (prision mayor, reclusion temporal, arresto mayor) and/or significant fines (from fifty thousand pesos to ten million pesos), depending on the severity and nature of the offense. Offenses against critical infrastructure incur higher penalties. Child pornography committed via a computer system carries a penalty one degree higher than the Anti-Child Pornography Act of 2009. Corporate bodies can also be held liable for offenses committed for their benefit, with fines up to double the individual penalties or a maximum of Ten million pesos, without prejudice to the criminal liability of the natural person who committed the offense.
The National Bureau of Investigation (NBI) and the Philippine National Police (PNP) are responsible for enforcing this act, with dedicated cybercrime units. Law enforcement authorities are authorized to collect real-time traffic data with due cause and court warrants, and service providers must cooperate. Computer data and subscriber information must be preserved for six months, with possible extensions. Disclosure, search, seizure, and examination of computer data require a court warrant. Evidence procured without a valid warrant is inadmissible. The Department of Justice (DOJ) can restrict or block access to computer data found in violation of the act. Noncompliance with law enforcement orders is punishable. Regional Trial Courts have jurisdiction over violations, including those committed by Filipino nationals abroad or involving computer systems in the Philippines, with special cybercrime courts designated.
The act embraces international cooperation principles for investigations and proceedings concerning cybercrime. An Office of Cybercrime is established within the DOJ to act as the central authority for international mutual assistance and extradition. The Cybercrime Investigation and Coordinating Center (CICC) is created under the Office of the President to coordinate policy, formulate a national cybersecurity plan, assist in suppressing cybercrime, monitor cases, facilitate international cooperation, engage with various sectors, and recommend relevant laws. The CICC is chaired by the Executive Director of the ICTO-DOST, with the Director of the NBI as Vice Chairperson, and includes representatives from the PNP, DOJ, private sector, and academe.
Fifty million pesos is appropriated annually for the act's implementation. The ICTO-DOST, DOJ, and DILG are tasked with formulating implementing rules and regulations within ninety days. A separability clause ensures that if any provision is found invalid, the rest of the act remains in effect. Inconsistent laws are repealed or modified, including Section 33(a) of the Electronic Commerce Act. The act took effect fifteen days after publication in the Official Gazette or in at least two newspapers of general circulation, approved on September 12, 2012.