Cybercrime Law

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 32

Republic Act No.

10175
AN ACT DEFINING CYBERCRIME, PROVIDING FOR THE
PREVENTION, INVESTIGATION, SUPPRESSION AND
THE IMPOSITION OF PENALTIES THEREFOR AND FOR
OTHER PURPOSES (Cybercrime Prevention Act)
CYBERCRIME OFFENSES
The following acts constitute the offense of cybercrime punishable under
this Act:
(a) Offenses against the confidentiality, integrity and availability of
computer data and systems;
(b) Computer-related Offenses; and
(c) Content-related Offenses (cyber libel, cybersex, and cyber child
pornography)
Liability under Other Laws

A prosecution under this Act shall be without


prejudice to any liability for violation of any
provision of the Revised Penal Code, as
amended, or special laws.
Take Note

Despite Section 7, the offender cannot be prosecuted for


cyber child pornography under RA 10175 and child
pornography under RA 9775 or cyber libel under the
Revised Penal Code in relation to RA 10175 and libel
under the RPC because this will offend the Constitutional
Rule on Double Jeopardy. (Disini v. Secretary of Justice)
Offenses against the confidentiality, integrity
and availability of computer data and systems
Computer data refers to any representation of facts,
information, or concepts in a form suitable for processing
in a computer system including a program suitable to cause
a computer system to perform a function and includes
electronic documents and/or electronic data messages
whether stored in local computer systems or online.
Computer system refers to any device or group of interconnected
or related devices, one or more of which, pursuant to a program,
performs automated processing of data. It covers any type of
device with data processing capabilities including, but not limited
to, computers and mobile phones. The device consisting of
hardware and software may include input, output and storage
components which may stand alone or be connected in a network
or other similar devices. It also includes computer data storage
devices or media.
1. Illegal Access
The access to the whole or any part of a computer system without right.

Ex. Hacking Facebook password


2. Illegal Interception

The interception made by technical means without right


of any non-public transmission of computer data to,
from, or within a computer system including
electromagnetic emissions from a computer system
carrying such computer data.
e.g. intercepting wireless cellphone communication
3. Data Interference

The intentional or reckless alteration, damaging,


deletion or deterioration of computer data,
electronic document, or electronic data message,
without right, including the introduction or
transmission of viruses.
4. System Interference

The intentional alteration or reckless hindering or


interference with the functioning of a computer or
computer network by inputting, transmitting, damaging,
deleting, deteriorating, altering or suppressing computer
data or program, electronic document, or electronic data
message, without right or authority, including the
introduction or transmission of viruses.
5. Misuse of Devices
The use, production, sale, procurement, importation, distribution, or
otherwise making available, without right, of:
(aa) A device, including a computer program, designed or adapted primarily
for the purpose of committing any cybercrime; or

(bb) A computer password, access code, or similar data by which the whole
or any part of a computer system is capable of being accessed with intent
that it be used for the purpose of committing any of any cybercrime.
6. Cyber-squatting
The acquisition of a domain name over the internet in bad faith to profit, mislead, destroy
reputation, and deprive others from registering the same, if such a domain name is:
(i) Similar, identical, or confusingly similar to an existing trademark registered with the
appropriate government agency at the time of the domain name registration:
(ii) Identical or in any way similar with the name of a person other than the registrant, in
case of a personal name; and
(iii) Acquired without right or with intellectual property interests in it.
COMPUTER RELATED OFFENSES
(1) Computer-related Forgery
(i) The input, alteration, or deletion of any computer data without right resulting in
inauthentic data with the intent that it be considered or acted upon for legal purposes
as if it were authentic, regardless whether or not the data is directly readable and
intelligible; or

(ii) The act of knowingly using computer data which is the product of computer-
related forgery as defined herein, for the purpose of perpetuating a fraudulent or
dishonest design.
(2) Computer-related Fraud. — The unauthorized
input, alteration, or deletion of computer data or
program or interference in the functioning of a
computer system, causing damage thereby with
fraudulent intent: Provided, That if no

damage has yet been caused, the penalty imposable


shall be one (1) degree lower.
(3) Computer-related Identity Theft. – The
intentional acquisition, use, misuse, transfer,
possession, alteration or deletion of identifying
information belonging to another, whether
natural or juridical, without right: Provided, That
if no damage has yet been caused, the penalty
imposable shall be one (1) degree lower.
Content-related Offenses
(1) Cybersex. — The willful engagement, maintenance, control, or operation,
directly or indirectly, of any lascivious exhibition of sexual organs or sexual
activity, with the aid of a computer system, for favor or consideration.
(2) Child Pornography. — The unlawful or prohibited acts defined and
punishable by Republic Act No. 9775 or the Anti-Child Pornography Act of
2009, committed through a computer system: Provided, That the penalty to be
imposed shall be (1) one degree higher than that provided for in Republic Act
No. 9775.
(3) Unsolicited Commercial Communications. — The
transmission of commercial electronic communication with the
use of computer system which seek to advertise, sell, or offer for
sale products and services are prohibited. (Declared as
unconstitutional: ratio denial of his or her right to read his or her
emails)
(4) Libel. — The unlawful or prohibited acts of libel as defined in
Article 355 of the Revised Penal Code, as amended, committed
through a computer system or any other similar means which may
be devised in the future.
Other Offenses
(a) Aiding or Abetting in the Commission of Cybercrime. – Any
person who willfully abets or aids in the commission of any of
the offenses enumerated in this Act shall be held liable. (Declared
as unconstitutional.)
(b) Attempt in the Commission of Cybercrime. — Any person
who willfully attempts to commit any of the offenses enumerated
in this Act shall be held liable.
Enforcement and Implementation
Law Enforcement Authorities. – The National Bureau of
Investigation (NBI) and the Philippine National Police (PNP)
shall be responsible for the efficient and effective law
enforcement of the provisions of the Act. The NBI and the PNP
shall organize a cybercrime division or unit to be manned by
Special Investigators to exclusively handle cases involving
violations of the Act.
The NBI shall create a cybercrime division to be headed by at
least a Head Agent. The PNP shall create an anti-cybercrime unit
headed by at least a Police Director.

The DOJ – Office of Cybercrime (OOC) created under the Act


shall coordinate the efforts of the NBI and the PNP in enforcing
the provisions of the Act.
Powers and Functions of Law Enforcement
Authorities
The NBI and PNP cybercrime unit or division shall have the following powers and functions:
1. Investigate all cybercrimes where computer systems are involved;
2. Conduct data recovery and forensic analysis on computer systems and other electronic
evidence seized;
3. Formulate guidelines in investigation, forensic evidence recovery, and forensic data
analysis consistent with industry standard practices;
4. Provide technological support to investigating units within the PNP and NBI including the
search, seizure, evidence preservation and forensic recovery of data from crime scenes and
systems used in crimes, and provide testimonies;
5. Develop public, private sector, and law enforcement agency relations in
addressing cybercrimes;
6. Maintain necessary and relevant databases for statistical and/or
monitoring purposes;
7. Develop capacity within their organizations in order to perform such
duties necessary for the enforcement of the Act;
8. Support the formulation and enforcement of the national cybersecurity
plan; and
9. Perform other functions as may be required by the Act.
Duties of Law Enforcement Authorities.
To ensure that the technical nature of cybercrime and its prevention is given
focus, and considering the procedures involved for international cooperation,
law enforcement authorities, specifically the computer or technology crime
divisions or units responsible for the investigation of cybercrimes, are
required to submit timely and regular reports including pre-operation, post-
operation and investigation results, and such other documents as may be
required to the Department of Justice (DOJ) – Office of Cybercrime for
review and monitoring.
Preservation and Retention of Computer
Data
The integrity of traffic data and subscriber information
shall be kept, retained and preserved by a service provider
for a minimum period of six (6) months from the date of
the transaction. Content data shall be similarly preserved
for six (6) months from the date of receipt of the order
from law enforcement authorities requiring its
preservation.
Law enforcement authorities may order a one-time extension
for another six (6) months: Provided, That once computer data
that is preserved, transmitted or stored by a service provider is
used as evidence in a case, the mere act of furnishing such
service provider with a copy of the transmittal document to the
Office of the Prosecutor shall be deemed a notification to
preserve the computer data until the final termination of the
case and/or as ordered by the Court, as the case may be.
The service provider ordered to preserve computer data shall
keep the order and its compliance therewith confidential.
Collection of Computer Data.

Law enforcement authorities, upon the issuance of a court


warrant, shall be authorized to collect or record by technical
or electronic means, and the service providers are required to
collect or record by technical or electronic means and/or to
cooperate and assist in the collection or recording of
computer data that are associated with specified
communications transmitted by means of a computer system.
Procedure for application of Warrant
The court warrant required under this section shall be issued or granted upon
written application, after the examination under oath or affirmation of the
applicant and the witnesses he may produce, and the showing that: (1) there
are reasonable grounds to believe that any of the crimes enumerated
hereinabove has been committed, is being committed or is about to be
committed; (2) there are reasonable grounds to believe that the evidence that
will be obtained is essential to the conviction of any person for, or to the
solution of, or to the prevention of any such crimes; and (3) there are no
other means readily available for obtaining such evidence.
Disclosure of Computer Data
Law enforcement authorities, upon securing a court warrant, shall issue an
order requiring any person or service provider to disclose or submit, within
seventy-two (72) hours from receipt of such order, subscriber’s information,
traffic data or relevant data in his/its possession or control, in relation to a valid
complaint officially docketed and assigned for investigation by law
enforcement authorities, and the disclosure of which is necessary and relevant
for the purpose of investigation.
Law enforcement authorities shall record all sworn complaints in their official
docketing system for investigation.
Search, Seizure and Examination of
Computer Data
Where a search and seizure warrant is properly issued, the law enforcement authorities shall likewise have
the following powers and duties:
a. Within the time period specified in the warrant, to conduct interception, as defined in this Rules, and to:
1. Search and seize computer data;
2. Secure a computer system or a computer data storage medium;
3. Make and retain a copy of those computer data secured;
4. Maintain the integrity of the relevant stored computer data;
5. Conduct forensic analysis or examination of the computer data storage medium; and
6. Render inaccessible or remove those computer data in the accessed computer or computer and
communications network.
b. Pursuant thereto, the law enforcement authorities may order
any person, who has knowledge about the functioning of the
computer system and the measures to protect and preserve the
computer data therein, to provide, as is reasonable, the necessary
information to enable the undertaking of the search, seizure and
examination.
c. Law enforcement authorities may request for an extension of
time to complete the examination of the computer data storage
medium and to make a return thereon, but in no case for a period
longer than thirty (30) days from date of approval by the court.
Destruction of Computer Data

Upon expiration of the periods as provided in Sections 12


and 15 hereof (6 mos. and 30 days, respectively), or until the
final termination of the case and/or as ordered by the Court,
as the case may be, service providers and law enforcement
authorities, as the case may be, shall immediately and
completely destroy the computer data that are the subject of
a preservation and examination order or warrant.
Exclusionary Rule

Any evidence obtained without a valid warrant or beyond


the authority of the same shall be inadmissible for any
proceeding before any court or tribunal.

The Rules of Court shall have suppletory application in


implementing the Act.

You might also like