INTRODUCTION TO

CYBERCRIME LAW
(REPUBLIC ACT
NO. 10175)
PRESENTED BY
ATTY. IVY JOYCE L. DE PEDRO
WHAT IS A CYBERCRIME?
Cybercrime, also called computer crime, is the use of a computer as an
instrument to further illegal ends such as committing fraud trafficking child
pornography, intellectual property violations, stealing identities or violation of
privacy. The difference between traditional criminal offences from cybercrime is
the use of the computer in committing such offences. Majorly cybercrime is an
attack on the information of Individuals, governments or corporations.

The main difference between a cybercrime and crime committed in the physical
world is that cybercrime is committed with or through the use of information
and communication technology. Furthermore, cybercrimes are punishable
under special cybercrime laws and subject to distinct law enforcement
provisions.
THE PHILIPPINES’ CYBER LANDSCAPE
The Philippines, just like its ASEAN neighbors, is continuously utilizing technology in
almost every sector in its society and economy. The country has an estimated population
of 103,775,002 as of 2012. An estimated 31.33% or 33,600,000 of its 2011 population use
the Internet. As of 2011, an estimated 84.91% or 88,119,840 Filipinos are mobile phone
subscribers while 25.77% or 26,752,000 have active social networking profiles. Of the
Internet users in the country, 75% use personal computers while 25% use their mobile
phones to access the Internet, whether for personal or business purposes.
The average age for Internet users in the country is estimated to be 23 years old and
below, and most of them spend around 21.5 hours per week browsing the Internet and
51% of Internet users have active YouTube profiles. As of 2012, the Philippines ranked 6th
in the total number of Internet users in Asia and 3rd in the world in the number of
Facebook users where 48% are male and 52% are female.
In the Philippines, as many as 87 percent of Filipinos were identified as victims of
malicious activities committed online, according to DOJ, which quoted a 2010 report of
the security software firm Symantec. These include victims of malware invasion, sexual
predation, and online or phishing scams.
CYBERCRIME STATUS BEFORE RA 10175
The use of technology in the commission of traditional crimes and the new found ways
of committing crime in the country pose an investigative challenge to the Philippine
National Police. There is a rising incidence of financially motivated cybercrime and
politically motivated cyber-attacks on government by cyber actors in the Philippines.

From CY 2003 up to CY 2012, a total of 2,778 cybercrime related offenses was recorded
by the PNP. While the country awaits the implementation of a comprehensive
cybercrime law, cyber criminals continue to use technology both in conducting criminal
activity and preventing its detection. This trend in criminal activity necessitates the
need for a dedicated unit within the PNP to go after these offenders and improve its
cyber security posture.

From CY 2010 to CY 2012, the PNP has recorded a total of 1,184 incidents with the
highest being the attacks targeting government websites where a total of 940 website
defacements have been recorded.
WHAT WAS THE TREND OF
CYBERCRIME IN THE GLOBAL SETUP
AND IN THE PHILIPPINES?
Cybercrime is one of the fastest growing crimes globally. According to Norton Cyber
Crime Report, 431 million adults worldwide were victims of cybercrimes in 2011. The
costs that cybercrimes caused in 2011 amounted to $114 billion. Globally, the top
cybercrimes in 2011 were (1) computer viruses or malware - 54% overall; (2) online
Scams - 11% overall; and (3) phishing - 10% overall.

In a 2010 report of the security software firm Symantec, 87% of Filipino internet users
were identified as victims of crimes and malicious activities committed online. The
following activities were: (1) malware (virus and Trojan) invasion; (2) online or phishing
scams; (3) sexual predation; and (4) services in social networking site like Facebook and
Twitter. The Anti-Transnational Crime Division (ATCD) of the Criminal Investigation and
Detection Group (CIDG) of the Philippine National Police (PNP) has encountered 2,778
referred cases of computer crimes from government agencies and private individuals
nationwide from 2003 to 2012.
Crimes Committed
by, Through and
with the Use of
ICTs
 NOTABLE ANTI-CYBERCRIME OPERATIONS

A. Terrorist Financing “Telecom Fraud Scam”

B. Transnational Telecom Fraud Scam “Chinese & Taiwanese Fraud Ring”
C. ATM / Credit Card Fraud Syndicate
D. Internet Fraud/Scam “ WakaNetwork.com”
E. Illegal Internet Pharmacy Operation
F. Corporate Illegal System Hacking
G. Oplan Fountain
H. COMLEC Data Breach Incident
I. Online Child Abuse Cases
WHAT ARE THE CYBERCRIME-RELATED
LAWS IN THE PHILIPPINES?
(1) RA 10175 – Cybercrime Prevention Act of 2012;
(2) RA 9995 - Anti-Photo and Voyeurism Act of 2009;
(3) RA 9725 - Anti-Child Pornography Act of 2009;
(4) RA 9208 - Anti-Trafficking in Persons Act of 2003;
(5) RA 8792 - E-Commerce Act of 2000;
(6) RA 8484 - Access Device Regulation Act of 1998; and
(7) RA 4200 - Anti- Wiretapping Law of 1965
(8) RA 11934 - Subscriber Identity Module (SIM) Registration Act of 2022
WHAT AND WHEN WAS THE FIRST RECORDED
CYBERCRIME IN THE PHILIPPINES?

In 2000, Onel de Guzman released the “I Love You” virus. The case filed against
De Guzman was dismissed at the first stage because there was no law
punishing the deed as of that time in May 2000, in the Philippines.

In the Philippines, have we already convicted a cybercriminal?

Yes. The first one was pursued by the PNP-CIDG; a person was convicted in
September 2005 for pleading guilty of hacking the government portal “gov.ph”
and other government websites. The NBI pursued a cybercrime case that led to
the second cybercrime conviction; the person used the BPO call center provider
Sitel Philippines Corporation to illegally secure credit card information from the
company’s sister firm, Sitel USA. The two convictions were secured under the
Section 33(a) of RA 8972 that penalizes hacking.
 THE CYBERCRIME PREVENTION ACT OF 2012
(RA 10175)
Republic Act No. 10175 is a law considered to be 11 years in the making as
various groups, organizations, and personalities lobbied for its passage. It took
a while for the law to be passed as legislators and various stakeholders need to
understand the magnitude of cybercrime and whether the penalty provisions
indicated in the E-Commerce Law – Republic Act 8792 is sufficient or not.
It aims to address legal issues concerning online interactions and the
Internet in the Philippines.
The Act is divided into 31 sections split across eight chapters, criminalizes
several types of offense, including illegal access (hacking), data interference,
device misuse, cybersquatting, computer-related offenses such as computer
fraud, content-related offenses such as cybersex and spam, and other offenses.
 POLICE RESPONSE UPON ENACTMENT OF
RA 10175
• In order to address the increasing incidence of cybercrime, the PNP Anti
Cybercrime Group was activated on March 20, 2013. The establishment of a
PNP Anti-Cybercrime Group is a strong signal to criminals that the PNP is
very serious in addressing cybercrime in the country.

• The PNP-ACG has conceptualized and believed that to fight cybercrime and to
strengthen cyber security, there must be a synergy among the following
components: Competence and Capability building of the Organization and
Personnel; Public and Private Partnership; strong International Cooperation;
Advocacy and Public Awareness and the implementation of strong Laws,
Policies and Regulations.
 SOME IMPORTANT DEFINITIONS

• Computer data refers to any representation of facts, information, or concepts

in a form suitable for processing in a computer system including a program
suitable to cause a computer system to perform a function and includes
electronic documents and/or electronic data messages whether stored in
local computer systems or online.
• Computer system refers to any device or group of interconnected or related
devices, one or more of which, pursuant to a program, performs automated
processing of data. It covers any type of device with data processing
capabilities including, but not limited to, computers and mobile phones. The
device consisting of hardware and software may include input, output and
storage components which may stand alone or be connected in a network or
other similar devices. It also includes computer data storage devices or
media.
 CYBERCRIME OFFENSES UNDER
RA 10175

1. Offenses Against Confidentiality, Integrity, and Availability of

Computer Data and Systems
2. Computer-Related Offenses
3. Content-Related Offenses
4. Other cybercrime offenses
 OFFENSES AGAINST CONFIDENTIALITY,
INTEGRITY, AND AVAILABILITY OF COMPUTER
DATA AND SYSTEMS

Illegal access - committed by any person, who shall access to the whole or any
part of a computer system without right. Ethical hackers are professionals
who employ tools and techniques used by criminal hackers but would neither
damage the target systems nor steal information. Since the ethical hacker
does his job with prior permission from the client, such permission would
insulate him from the coverage cybercrime law on illegal access
 OFFENSES AGAINST CONFIDENTIALITY,
INTEGRITY, AND AVAILABILITY OF
COMPUTER DATA AND SYSTEMS

Illegal interception - Illegal interception is committed by any person, who shall

intercept by technical means without right of any non-public transmission of
computer data to, from, or within a computer system including electromagnetic
emissions from a computer system carrying such computer data.
 OFFENSES AGAINST CONFIDENTIALITY,
INTEGRITY, AND AVAILABILITY OF COMPUTER
DATA AND SYSTEMS

Data Interference – Data interference is committed by any person, who shall

intentionally, or recklessly alter, damage, delete or deteriorate computer data,
electronic document, or electronic data message, without right, including the
introduction or transmission of viruses. This is considered as cyber vandalism.
 OFFENSES AGAINST CONFIDENTIALITY,
INTEGRITY, AND AVAILABILITY OF
COMPUTER DATA AND SYSTEMS

System Interference – System interference is committed by any person, who

shall intentionally alter or recklessly hinder or interfere with the functioning of
a computer or computer network by inputting, transmitting, damaging,
deleting, deteriorating, altering or suppressing computer data or program,
electronic document, or electronic data message, without right or authority,
including the introduction or transmission of viruses.
 OFFENSES AGAINST CONFIDENTIALITY,
INTEGRITY, AND AVAILABILITY OF
COMPUTER DATA AND SYSTEMS

Misuse of Devices – Misuse of devise is committed by any person, who shall

use, produce, sell, procure, import, distribute, or otherwise make available, or
possession with intent to use, without right any of the following: (1) a device,
including a computer program, designed or adapted primarily for the purpose of
committing any cybercrime; or (2) a computer password, access code, or similar
data by which the whole or any part of a computer system is capable of being
accessed with intent that it be used for the purpose of committing any
cybercrime;
 OFFENSES AGAINST CONFIDENTIALITY,
INTEGRITY, AND AVAILABILITY OF
COMPUTER DATA AND SYSTEMS

Cyber Squatting – Cyber-squatting is committed by any person, who shall

acquire a domain name over the internet in bad faith to profit, mislead, destroy
reputation, and deprive others from registering the same, if such a domain
name is: (a) similar, identical, or confusingly similar to an existing trademark
registered with the appropriate government agency at the time of the domain
name registration; (b) identical or in any way similar with the name of a person
other than the registrant, in case of a personal name; and (c) acquired without
right or with intellectual property interests in it.
COMPUTER-RELATED OFFENSES

Computer-related forgery- Computer-related forgery is committed by any

person, who shall input, alter, or delete any computer data without right
resulting in inauthentic data with the intent that it be considered or acted upon
for legal purposes as if it were authentic, regardless whether or not the data is
directly readable and intelligible; or who shall knowingly use computer data
which is the product of computer-related forgery for the purpose of
perpetuating a fraudulent or dishonest design.
COMPUTER-RELATED OFFENSES

Computer-related Fraud - Computer-related fraud is committed by any person,

who without authority shall input, alter, or delete computer data or program or
interfere in the functioning of a computer system with fraudulent intent
causing damage thereby. The penalty is lower if no damage has yet been
caused.
COMPUTER-RELATED OFFENSES

Computer-related Identity Theft - Computer-related identity theft is committed

by any person, who shall intentionally acquire, use, misuse, transfer, posses,
alter or delete identifying information belonging to another, whether natural or
juridical, without right. The penalty is lower if no damage has yet been caused.
Using the name of another person and his pictures in opening a facebook
account without authority constitutes cybercrime offense.
CONTENT-RELATED OFFENSES

Cybersex – Cybersex under RA No. 10175 is committed by any person, who

shall willfully engage, maintain, control, or operate, directly or indirectly, any
lascivious exhibition of sexual organs or sexual activity, with the aid of a
computer system, for favor or consideration.
CONTENT-RELATED OFFENSES

Child Pornography – In RA No. 9208 child pornography is committed by

electronic, mechanical, digital, optical, magnetic or any other means,
responsible persons are liable for child pornography under RA No. 9775. RA No.
9775 is comprehensive enough to include cyber pornography by requiring a
child to show her private parts to a client through the internet. If child
pornography is committed through a computer system, the crime committed is
cyber child pornography under RA No. 10175 and the penalty is one degree
higher.
CONTENT-RELATED OFFENSES

SPAM - Unsolicited commercial communications is committed by any person,

who shall transmit commercial electronic communication with the use of
computer system which seeks to advertise, sell, or offer for sale products and
services. Transmission of unsolicited commercial communications is also
known as "spam." In Disini case, the provision of RA No. 10175 prohibiting
spam is declared unconstitutional. It was held that to prohibit the transmission
of unsolicited ads would deny a person the right to read his emails, even
unsolicited commercial ads addressed to him. The State cannot rob him of this
right without violating the constitutionally guaranteed freedom of expression.
Unsolicited advertisements are legitimate forms of expression.
CONTENT-RELATED OFFENSES

Libel - Libel is not a constitutionally protected speech and that the government
has an obligation to protect private individuals from defamation. Indeed, cyber
libel is actually not a new crime since Article 353, in relation to Article 355 of
the Revised Penal Code, already punishes it. Online defamation constitutes
“similar means” for committing libel
LIBEL UNDER THE REVISED PENAL CODE

Article 353. Definition of libel. - A libel is public and malicious

imputation of a crime, or of a vice or defect, real or imaginary, or any act,
omission, condition, status, or circumstance tending to cause the
dishonor, discredit, or contempt of a natural or juridical person, or to
blacken the memory of one who is dead.
 OTHER CYBERCRIME OFFENSES
• Other cybercrime offense is also committed by any person who shall willfully abet or
aid in the commission of any of the cybercrime offenses or any person who willfully
attempts to commit any of the cybercrime offenses.
• The provision on aiding or abetting cybercrime in relation to cyber libel, child
pornography and unsolicited commercial communication was declared
unconstitutional in the Disini case. The terms "aiding or abetting" constitute broad
sweep that generates chilling effect on those who express themselves through
cyberspace posts, comments, and other messages. Hence, this provision that
punishes "aiding or abetting" libel on the cyberspace is a nullity since it encroaches
upon freedom of speech on grounds of overbreadth or vagueness of the statute. A
blogger who originally posted a libelous or child pornographic message is liable for
cybercrime. But netizens, who merely reacted to the defamatory or child
pornographic message on the Facebook by clicking button for "Like," "Comment" or
"Share" or on a Tweeter account by retweeting it, are not liable for aiding or abetting
cybercrime. But the provision on aiding or abetting cybercrime in relation to other
cybercrimes such as illegal access, illegal interception, data interference etc. is
declared constitutional.
QUALIFYING CIRCUMSTANCE OF USE OF
INFORMATION TECHNOLOGY

• Use of information and communications technologies in committing felony or

offense under special law is a qualifying circumstance under Section 6 of RA
No. 10175.

• Under Section 6 of RA No. 10175, the penalty for crimes punishable under
special laws committed through and with the use of information and
communication technologies shall be one degree higher than that provided
the law. However, this provision requires the application of the rules on
graduation of penalties under the Revised Penal Code. Hence, Section 6 finds
application only if special law involved has adopted the technical
nomenclature of the penalties of Revised Penal Code.
 AUTHORITIES UNDER THE CYBERCRIME
PREVENTION ACT

• Cybercrime Investigation and Coordinating Center

• National Bureau of Investigation – Cybercrime Division
• Philippine National Police – Anti-Cybercrime Group
WHERE TO GO IF YOU ARE A VICTIM?
• The National Bureau of Investigation and Philippine National Police are
the law enforcement authorities for the Cybercrime Prevention Act of
2012. Both shall organize a cybercrime unit or center staffed by special
investigators to handle cases involving violations of this Cybercrime
Prevention Act of 2012 exclusively.
1. To ensure that the technical nature of cybercrime and its prevention get
the attention it deserves.
2. To submit timely and regular reports to the Department of Justice for
review and monitoring, including pre-operation, post-operation, and
investigation outcomes, as well as any other materials that may be
necessary.
3. Authorized to collect or record traffic statistics in real-time related to
specific communications conducted via a computer system using technical
or electronic means.
JURISDICTION

• The Regional Trial Court shall have jurisdiction over any violation of the
provisions of this Cybercrime Prevention Act of 2012. Including any violation
committed by a Filipino national regardless of the place of commission.
Jurisdiction shall lie if any of the elements was committed within the
Philippines or committed with the use of any computer system wholly or
partly situated in the country, or when by such commission any damage is
caused to a natural or juridical person who, at the time the offense was
committed, was in the Philippines.
 CYBERCRIME WARRANTS
• On 03 July 2018, the Supreme Court promulgated the new Rule on Cybercrime
Warrants (A.M. No. 17-11-03-SC). The new set of rules was issued after the passage of
the Cybercrime Prevention Act (Republic Act No. 10175). It provides for special
procedures to implement various specific remedies under the said law. The new rule
became effective on 15 August 2018.
• The Rule provides for general rules on the venue of criminal actions for cybercrime
offenses and for applications for warrants. It also provides specific rules for: (1)
preservation of computer data; (2) disclosure of computer data; (3) interception of
computer data; (4) search, seizure, and examination of computer data; (5) custody of
computer data; and, (6) destruction of computer data, all in connection with the
enforcement of the Cybercrime Prevention Act.
• Given that cybercrimes may have actors located in and have an impact on various
jurisdictions, the Rule on Cybercrime Warrants also provides for its extraterritorial
enforcement. Warrants that will be served outside the Philippines shall be coursed
through the Department of Justice – Office of Cybercrime, in line with relevant
international instruments and/or agreements on the matter.
CYBERCRIME WARRANTS

(1) Warrant to Disclose Computer Data (WDCD)

• A WDCD requires any person or service provider to disclose subscriber's
information, traffic data, or relevant data in his/her or its possession or
control within 72 hours from receipt of the order. A request for WDCD may
only be filed if there is a complaint officially docketed and assigned for
investigation and the disclosure is necessary and relevant for the
investigation. Among others, the request for WDCD must state the relevance
and necessity of the data sought and describe particularly the information
sought to be disclosed.
CYBERCRIME WARRANTS

(2) Warrant to Intercept Computer Data (WICD)

• A WICD authorizes the law enforcement authorities to listen to, record,
monitor, or conduct surveillance of the content of communications, including
the use of electronic eavesdropping or tapping devices. The request for a
WICD must also state the relevance and necessity of the data sought and
describe particularly the information sought to be disclosed. Also, the request
must state the likely offense involved.
CYBERCRIME WARRANTS

• (3) Warrant to Search, Seize, and Examine Computer Data (WSSECD)

• A WSSECD is similar to a search warrant, except the subject matter of a
WSSECD is computer data. The request for a WSSECD must also state the
relevance and necessity of the data sought and describe particularly the
information sought to be seized and examined. Also, the request must state
the likely offense involved. In addition, the request must contain an
explanation of the search and seizure strategy to be implemented.
• Upon the conduct of the seizure, law enforcement must file a return stating
the (a) devices that were subject of the WSSECD and (b) the hash value of the
computer data and/or the seized computer device or computer system
containing such data.
CYBERCRIME WARRANTS

(4) Warrant to Examine Computer Data (WECD)

• A WECD is a warrant issued when a computer device or system is previously
seized by another lawful method, such as a warrantless arrest. Before
searching any device seized, law enforcement must apply for a WECD. The
request for a WECD must also state the relevance and necessity of the data
sought and describe particularly the information sought to be disclosed. Also,
the request must state the likely offense involved.
• Upon the conduct of the seizure, law enforcement must file a return stating
the (a) devices that were subject of the WECD and (b) the hash value of the
computer data and/or the seized computer device or computer system
containing such data.
CORPORATE LIABILITY

When any of the punishable acts herein defined are knowingly

committed on behalf of or for the benefit of a juridical person, by a
natural person acting either individually or as part of an organ of the
juridical person, who has a leading position within, based on:
(a) a power of representation of the juridical person provided the act
committed falls within the scope of such authority;
(b) (b) an authority to take decisions on behalf of the juridical person.
Provided, That the act committed falls within the scope of such
authority; or
(c) (c) an authority to exercise control within the juridical person, It also
includes commission of any of the punishable acts made possible due
to the lack of supervision or control.
 OTHER INITIATIVES BY DIFFERENT
GOVERNMENT AGENCIES

• Capacity Building
• Public-Private Partnership
• Inter-agency Cooperation
• International Cooperation
THANK YOU!