The Cybercrime Prevention Act of 2012 and Rules on Cyber Warrants

Share

Summary

This training session details the history and salient features of the Cybercrime Prevention Act of 2012 (RA 10175) in the Philippines, including various types of cybercrime offenses and the legal framework for cybercrime warrants. It covers offenses against confidentiality, integrity, and availability (CIA) of computer data and systems, computer-related offenses, and content-related offenses, alongside the roles of law enforcement agencies and the procedures for obtaining different types of cyber warrants.

Highlights

Data Interference
00:28:37

Data interference occurs when an offender alters, damages, or deletes computer data or electronic documents without right and with intentional or reckless behavior. This includes introducing viruses. The offense aims to protect the integrity and proper functioning of stored computer data or programs, such as through unauthorized encryption.

Introduction to the Cybercrime Prevention Act of 2012
00:00:34

This session introduces the Cybercrime Prevention Act of 2012 (RA 10175) and its related cybercrime warrants. It outlines the history of cybercrime laws in the Philippines, starting with the 'I Love You' virus incident in 2000, which highlighted the lack of malware laws and led to the e-Commerce Act of 2000 and subsequently RA 10175, modeled after the Budapest Convention.

Policy of the State and Salient Features of RA 10175
00:03:54

The state policy behind RA 10175 is to protect computer data and systems confidentiality, integrity, and availability, and to prevent and combat cyber offenses both domestically and internationally. The law has three main features: substantive provisions criminalizing certain acts, procedural provisions for law enforcement tools like cybercrime warrants, and provisions for international cooperation.

Offenses Against Confidentiality, Integrity, and Availability (CIA)
00:09:46

The first type of cybercrime offenses, as per Section 4 of RA 10175, are against the Confidentiality, Integrity, and Availability (CIA) of computer data and systems. Confidentiality refers to the privacy of data, integrity to its trustworthiness and accuracy, and availability to its accessibility. Six specific CIA offenses are enumerated, which will be discussed in detail.

Illegal Access
00:13:52

Illegal access occurs when an offender enters a computer system without right or authorization. Common examples include unauthorized access to personal computers or social media accounts. Key points include access being 'without right' (without authority or legal justification) and the broad definition of 'access' and 'computer system'. This offense can lead to other serious crimes like fraud or identity theft.

Illegal Interception
00:20:33

Illegal interception involves intercepting non-public transmission of computer data by technical means without right or authority, while the communication is ongoing. It protects the privacy of data communication, similar to traditional wiretapping. Examples include intercepting private messages or financial transaction details during online shopping.

System Interference
00:32:08

System interference, also known as computer sabotage, involves intentionally or recklessly hindering or interfering with the functioning of a computer or computer network without right. The key difference from data interference is the seriousness of the effect, impacting the entire computer system or telecommunications facility, preventing its proper function.

Misuse of Devices
00:36:19

Misuse of devices covers the use, production, sale, procurement, importation, or distribution of devices (including computer programs or access codes) designed to commit cybercrimes, or the possession of such devices, without right and with the intention to commit an offense under RA 10175. This includes making hacking tools available online.

Cybersquatting
00:40:01

Cybersquatting is the acquisition of a domain name in bad faith, intending to profit, mislead, destroy reputation, or deprive others from registering it. This applies if the domain name is similar to an existing trademark or a personal name without intellectual property interest. An example is registering a famous person's name as a domain to sell it back to them.

Computer-Related Forgery
00:46:01

Computer-related forgery involves inputting, altering, or deleting computer data without right, resulting in inauthentic data, with the intent that it be acted upon as authentic for legal purposes. It also includes knowingly using such forged data to perpetrate fraud. This offense parallels traditional forgery of tangible documents.

Computer-Related Fraud
00:51:23

Computer-related fraud is committed when an offender, with fraudulent intent and without authority, alters, inputs, or deletes computer data or interferes with a computer system, possibly leading to an illegal transfer of property. Phishing emails, leading to the unauthorized transfer of funds or loads, are common examples.

Computer-Related Identity Theft
00:56:01

Computer-related identity theft involves intentionally acquiring, using, misusing, transferring, possessing, altering, or deleting another person's identifying information without right or consent. The mere act of acquiring such information without authorization is considered illegal, even without immediate damage, as seen in harvesting data from public Wi-Fi.

Content-Related Offenses: Cybersex, Child Pornography, and Cyber Libel
01:00:08

Three content-related cybercrime offenses are cybersex, online child abuse/child pornography, and cyber libel. Cybersex is defined as interactive prostitution via webcam by those in the business of maintaining such activities. Online child pornography, committed through a computer system, incurs a higher penalty under RA 10175 than provided in the Anti-Child Pornography Act. Cyber libel extends traditional libel (public and malicious imputation of a crime or defect) to statements made through computer systems like social media, with only the author being penalized, unless comments are also libelous.

Other Cybercrime Offenses and Jurisdiction
01:10:04

RA 10175 also criminalizes aiding or abetting, and attempting the commission of cybercrime, except for cyber libel and online child pornography. Section 6 is a catch-all provision, increasing the penalty for traditional crimes committed using information and communications technology. Regional Trial Courts have jurisdiction over cybercrime cases if committed in the Philippines, by a Filipino national, through a computer system partially in the Philippines, or causing damage to a person in the Philippines. The NBI and PNP have specialized cybercrime units.

Unconstitutional Provisions and Legal Framework for Cyber Warrants
01:15:01

The Supreme Court in *Disini v. Secretary of Justice* upheld RA 10175's constitutionality but declared some provisions unconstitutional, including those on unsolicited commercial communications, aiding/abetting/attempted cyber libel and online child pornography, real-time collection of traffic data, and blocking access to computer data. The legal framework for cybercrime warrants includes the e-Commerce Act, rules on electronic evidence, RA 10175, and the Rule on Cybercrime Warrants.

Scope and Applicability of the Rule on Cybercrime Warrants
01:17:51

The Rule on Cybercrime Warrants sets procedures for applying for warrants related to preservation, disclosure, interception, search, seizure, examination, custody, and destruction of computer data under RA 10175. This applies not only to cybercrime cases but also to traditional crimes involving electronic evidence or computer data, like examining a cell phone for a murder investigation.

Types of Computer Data
01:21:09

Computer data is classified into three types: subscriber information (data held by a service provider about its subscribers, e.g., name, email), traffic or non-content data (computer-generated data about communication, e.g., IP address, sender/recipient of email, but not the message content), and content data (the actual contents of communication, e.g., messages in Facebook Messenger or emails).

Preservation of Computer Data
01:26:01

Preservation of computer data is crucial. Law enforcement authorities can issue a preservation order to service providers to maintain the integrity of suspect computer data before applying for a warrant. Service providers are legally obliged to preserve subscriber information and traffic data for a minimum of six months, and content data upon receiving a preservation order.

Types of Cybercrime Warrants: WCD, WICD, WSSECD, WECD
01:31:37

There are four main types of cybercrime warrants: Warrant for Disclosure of Computer Data (WDCD), Warrant for Interception of Computer Data (WICD), Warrant for Search, Seizure and Examination of Computer Data (WSSECD), and Warrant for Examination of Computer Data (WECD). These warrants provide technical tools for law enforcement.

Filing Applications and General Contents
01:34:22

Applications for cybercrime warrants related to RA 10175 offenses are filed in cybercrime courts. For traditional crimes, they are filed in regular or specialized courts. Warrants enforceable nationwide or extraterritorially (e.g., for foreign entities like Facebook) must be issued by designated cybercrime courts. Applications must include probable offense, relevance of data, names of individuals/entities, description of data, place of enforcement, and method of disclosure/implementation.

Warrant for Disclosure of Computer Data (WDCD)
01:38:54

After a preservation order, the WDCD authorizes law enforcement to order service providers or data holders to disclose computer data. This involves a production order, with compliance generally required within 72 hours. Law enforcement can retain a copy for case build-up and preliminary investigation, keeping it confidential.

Warrant for Interception of Computer Data (WICD)
01:41:47

The WICD authorizes law enforcement to listen, record, monitor, and surveil the content of communications and computer data at the same time they are occurring. If information is accessed after communication, a WDCD or WSSECD might be needed. A return must be filed within 48 hours, and the intercepted person must be notified within 30 days.

Warrant for Search, Seizure, and Examination of Computer Data (WSSECD)
01:45:29

The WSSECD permits searching a place for items to be seized and/or examined, covering both physical and virtual searches. Interception of related communications may also be conducted. The examination period, initially up to 30 days, can be extended once. On-site forensic imaging is preferred, but off-site searches are allowed with justification. This warrant requires disclosure of search/seizure strategy.

Warrant for Examination of Computer Data (WECD)
01:54:02

The WECD is required to conduct forensic examinations on computer data in devices lawfully acquired through warrantless arrest or other legal means. This ensures proper legal process before examining data found incidentally. The application needs to detail the circumstances of lawful acquisition. Allowable activities similar to WSSECD. All warrants are effective for 10 days, extendable once for 10 days.

Sanctions and Custody of Seized Data
01:57:17

Failure to file returns or turnover seized items by law enforcement can lead to contempt. Non-compliance by service providers or individuals with court orders can result in charges for obstruction of justice. Seized computer data, except for WDCD copies, must be turned over to the court, and a motion is required to access or use this data as evidence.

Extraterritorial Service of Warrants
02:00:00

Warrants needing to be served on service providers or persons with data custody outside the Philippines must be processed through the Department of Justice Office of Cybercrime, as mandated by the law and the Rule on Cybercrime Warrants.

Recently Summarized Articles

Loading...