Lesson 4 Cybercrime Warrant
Lesson 4 Cybercrime Warrant
1key files
1key files
MENTORING COURSE
OUTLINE
Your own footer Your Logo
COURSE INTENDED LEARNING OUTOMES
Your own footer
cyber warrants
1key files
A. Preliminary Provisions
B. General Provisions
C. Preservation of Computer Data
D. Disclosure of Computer Data
E. Interception of Computer Data
F. Search, Seizure, and Examination of CD
G. Custody of Computer Data
H. Destruction of Computer Data
1key files
Your Logo
SCOPE AND
APPLICABILITY
SUPPLEMENTARY
NATURE OF THIS
RULE TO THE
EXISTING RULES
1key files OF PROCEDURE
AND REMEDIES
A. Preliminary Provisions
B. General Provisions
C. Preservation of Computer Data
D. Disclosure of Computer Data
E. Interception of Computer Data
F. Search, Seizure, and Examination of CD
G. Custody of Computer Data
H. Destruction of Computer Data
Your Logo
Section 6:
Regular or 01
(Sec.4 and 5)
special Court -province/city
-CS is
04
Scene: situated
RTC Branch 54: Filed on
June 24, 2022
RTC Branch 56: Filed on 02 natural or
June 27, 2022 juridical
Q: Determination of what
court acquires the 03 person
jurisdiction
•Section - Law
Enforcement •Section
4. Cybercrime - Offense/Elements
- CS is situated 5. Other
Offenses. - Damage
- However (Courts
with special
Offenses.
Authority
•Section 6. - Law
Enforcement
-regular or
• RPC and SPL specialized
Once a criminal action is instituted, is a
motion to quash and other related
incidents shall be heard and resolved?
Court: Acquired
jurisdiction YES
What are the
prosecution’s duties?
transmittal of the records
ProcedureSection 7.2
Before issuance of a warrant, what
actions shall be considered by the
court?
shall not exceed a period of ten
(10) days from its issuance
-Upon Motion
-Justifiable reasons
-not extending 10 days from the expiration
What is the repercussion when
the Law Enforcement Authorities Action for Contempt
failed to return the warrant,
seized items?
• which procedures
shall be governed
by Rule 71 of the
Rules of Civil
Procedure, insofar
as they are
applicable.
Non-compliance or
failure to comply
on proper filling
•Obstruction of Justice
16
THE RULE ON CYBERCRIME WARRANTS
17
What must the application contain?
Identification of all items seized (make, brand, serial
numbers) 05
How the data was obtained 04
Particulars of computer data including hash values. 03
Particulars of computer data including hash values. 02
Date and time of disclosure, interception, search, seizure, and
examination of data
01
18
These are the following:
Certification that no duplicates has been made or retained by
law enforcement. 09
Name of law enforcement officer allowed to access the deposited
data. 08
Names of officers who delivered the items to the court. 07
Names and position of law enforcement who had access to the data prior
to depositing to the court. 06
19
THE RULE ON CYBERCRIME WARRANTS
20
A. Preliminary Provisions
B. General Provisions
C. Preservation of CD
D. Disclosure of Computer Data
E. Interception of Computer Data
F. Search, Seizure, and Examination of CD
G. Custody of Computer Data
H. Destruction of Computer Data
Your Logo
PRESERVATION OF COMPUTER DATA. -information held by the service provider
-subscribers of its services
1. type of communication
2. Subscriber’s identity
- Pursuant to Section 13, 3. Information on the site-site of the
Chapter IV of R A 10175-by a installation of communication
equipment
service provider
Traffic Data and Subscriber’s
01 Information
Minimum-Six (6) months date of
transaction
Content Data
02
six (6) months from the date of
receipt of the order
YES
Provided, that once computer data that is
preserved, transmitted or stored by a service
provider is used as evidence in a case, the
receipt by the service provider of a copy of the
transmittal document to the Office of the
Prosecutor shall be deemed a notification to
preserve the computer data until the final
termination of the case and/or as ordered by
the court, as the case maybe
Does the service provider
needs to disclose to the
subscriber regarding a
preservation order issued?
NO
The service provider ordered to
preserve computer data shall
keep the order and its
compliance therewith
confidential.
A. Preliminary Provisions
B. General Provisions
C. Preservation of Computer Data
D. Disclosure of CD
E. Interception of Computer Data
F. Search, Seizure, and Examination of CD
G. Custody of Computer Data
H. Destruction of Computer Data
Your Logo
Requirements for service provider:
-Disclose or submit
subscriber's information,
traffic data or other
relevant data.
26
?
How long does the service provider
have to comply with the disclosure
warrant?
27
Probable
Offense
WDCD
Relevance and
-is an order necessity
Place
-foregoing:
contents Names of the
individual or Manner
for the entities
Re: Application for a Warrant to Disclose Computer Data under Section 14 of Republic ACt No. 10175
Applicant.
Greetings:
It appearing to the satisfaction of the undersigned after examining under oath {name of
applicant and his/her witness/es {names of witness/es) that there is probable cause to believe
that {state the probable offense involved has been committed, is being committed or is
about to be committed, a Wairant to Disclose Computer Data (WDCD) is hereby ISSUED,
in accordance with the provisions of Section 4 of A.M. No. , entitled the “Rule on
Cybercrime Warrants”.
{In the judge’s discretion, indicate other terms to be included by the law enforcement
authorities in the order to disclose, as may be gathered from the warrant application, such
as the place where the disclosure is to be enforced,the manner or method hy which the
disclosure is to be carried out, and other relevant terms to attend the implementation of the
order to disclose, subject to the limitations imposed hy law.)
ISSUING JUDGE
29
29
WDCD No. Probable cause
CYBER WARRANTS
30
CYBER WARRANTS
31
CYBER WARRANTS
?
When are law enforcement
authorities no longer allowed to
retain the data?
32
CYBER WARRANTS
?
Justification of Law enforcement
authorities are allowed to retain a
copy
33
CYBER WARRANTS
E. Interception of CD
F. Search, Seizure, and Examination of CD
G. Custody of Computer Data
H. Destruction of Computer Data
Your Logo
WHAT IS
INTERCEPTION?
including procuring of the content data,
either
- directly - indirectly
INTERCEPTION OF
COMPUTER DATA
What is Warrant to
Intercept Computer
Data (WICD)?
Court issued
warrant
Annex B — Warrant to Intercept Computer Data.
Greetings:
It appearing to the satisfaction of the undersigned after examining under oath {name of applicant j and
his/her witness/es {names of witness/es that there is probable cause to believe that {state the probahle offense
involved) has been committed, is being committed or is about to be committed, a Warrant to Intercept
Computer Data (WICD) is hereby ISSUED, in accordance with the provisions of Section 5 of A.M. No. ,
entitled the “Rule on Cybercrime Warrants”.
WHEREFORE, by virtue of this WICD, you are hereby AUTHORIZED to listen to, record, monitor,
and/or conduct surveillance of particular description of the communications and7or computer data sought
to be intercepted), which are communications or computer data of{names of the individuals or entities whose
communication or computer data are soughtto he intercepted, including the names of the individuals or entities
who have control, possession or access thereto, ifavailahle j.
{In the judge’s discretion, indicate other terms to attend the implementation of the WICD as may be
gathered from the warrant application, such as the place where the interception is to he enforced, the manner
or method hy which the interception is to he carried out, and other relevant terms, subject to the limitations
imposed by law.)
The authorized law enforcement officer is COMMANDED to submit a return on the WICD and
simultaneously turn-over the custody of the intercepted communication or computer data to the undersigned,
as well as notify the person whose communications or computer data have been intercepted of the
activities conducted pursuant to this warrant, within the periods and under the terms prescribed in
the Rule on Cybercrime Warrants.
40
Probable cause
ISSUING JUDGE
Same: Section 6.8.
Final Return on the 1. submit a final return on the
WICD
WICD to the court
No filling
CYBER WARRANTS
Does law
enforcement
authorities need to
disclose the
interception to the
accused?
NO:
Except-No
return filed 43
A. Preliminary Provisions
B. General Provisions
Your Logo
Commonalities with
Ordinary Search
“ Warrants
◂ Also 1 crime
◂ Requirements of particularly –
place and items to be searched
45
What is the subject of a warrant to Search, Seize and
Examine? emails,
website, chat
contents
FRUITS OF A
CRIME
CONTRABAND
EVIDENCE OF
CRIME
INSTRUMENTALITY
OF OFFENSE
47
Who can apply for Warrants to Search, Seize and
Examine?
48
Collection of Evidence
Non-tangible items
as subject
Search can be on-site
or off-site – physical v.
intangible search;
examination 49
Items to be Seized
TANGIBLE OBJECTS
04
INTANGIBLE OBJECTS
03
ITEMS SUBJECT TO SEIZURE
02
LIMIT TO SCOPE OF PROBABLE CAUSE
01
50
What data is kept
by law
enforcement?
52
-Unreasonable
US DOJ advice: begin with
an “ all records “ description,
add limiting language stating
Is Warrant seeking to the crime, the suspects and
search, seize and relevant time period if
applicable, include explicit
examine “ all records “ of examples to records to be
a computer valid? seized
YES
OFF-SITE
TYPES OF CYBER WARRANTS
56
When necessary 1
When can
off site Forensic Image 2
search be
conducted? Reasons Initial Return 3
Justification for Off Site Searches
02 impossible Seizure is
necessary
03 Presence of password:
Time Constraint
Off Site Search via Image Copy
•Rather than seize entire
computer system for off siteduplicates every bit and byte on the target drive,
search. including slack space, Master File Table and
metadata in exactly the same order as they appear
Can interception of
communications and
data be done even in a
search, seizure and
examination warrant?
63
What activities are allowed in the implementation of
the WSSECD?
Interception of communications
and computer data
Provided only those reasonably related to
subject matter of Warrant
Relation must be explained in Initial Return
Your Logo
Section 7.1.
Your Logo
Duty of Service
Providers and Law
Enforcement
Authorities to
Destroy.
Destruction and Return of
Computer Data in the
Custody of the Court
- Justifiable reasons
- No PI after 31 days from their deposit
- With PI- lack of probable cause
-sworn certification
-file the said certificate with the same
court
destroyed by shredding, drilling of four
holes through the device, prying
QUESTION
A policeman assigned to the Ayala
Mall, Cebu City responds to a call for
assistance to the department store
security guards . A suspect is being
held who has been complained of
taking unauthorized video of women in
the dressing room. He arrests the man
and takes possession of the man’s
cellular phone.
The women want the cellular phone to
be examined immediately so that their
video may be erased and or verified to
be used as evidence against the man
Can the policeman search the
cellphone in his possession?
NO