Octopus Cybercrime Community

The legal framework of the Philippines for cybercrime and electronic evidence is largely in line with the Budapest Convention, with the Cybercrime Prevention Act entered into force in February 2014.

The Philippine Congress enacted Republic Act No. 10175 or “Cybercrime Prevention Act of 2012” which completely address crimes committed against and by means of computer system on 12 September 2012. It includes penal substantive rules, procedural rules and also rules on international cooperation.

Amendatory bills on cybercrime investigations are under work in the Philippines, with new provisions being introduced on procedural powers, responsibilities, and extradition. The aim is for the amendments to provide a structured approach for prosecutors and investigators on cybercrime investigations and to further align national legislation with the Budapest Convention.

Substantive law related to the offences and procedural provisions on measures are included in the following acts:

• The Cybercrime Prevention Act of 2012, [2012];
• Rules and Regulations Implementing Cybercrime Prevention Act of 2012, [2015] 
• Rules on Electronic Evidence, [2001]. The Supreme Court recently issued amendments to the Rules of Civil Procedure and the Revised Rules on Evidence (collectively, the Revised Rules). The Revised Rules will take effect on 1 May 2020.
• Rule on Cybercrime Warrants, [2018]

The Philippine Cybercrime Prevention Act of 2012 focuses on the pre-emption, prevention and prosecution of cybercrimes such as offenses against the confidentiality, integrity and availability of computer data and systems, computer-related offenses, and content-related offenses.

In addition, Section 6 thereof provides that all crimes defined and penalized by the Revised Penal Code, as amended, and special laws, if committed by, through and with the use of information and communications technologies shall be covered by the relevant provisions of Revised Penal Code: Provided, That the penalty to be imposed shall be one (1) degree higher than that provided for by the Revised Penal Code, as amended, and special laws, as the case may be.

Furthermore, Section 7 thereof provides that prosecution under the Cybercrime law shall be without prejudice to any liability for violation of any provision of the Revised Penal Code, as amended, or special laws.

The Philippine Cybercrime Prevention Act of 2012 also provides procedural measures to be undertaken by law enforcement authorities mandated by the law to enforce and implement its provisions. To ensure that the technical nature of cybercrime and its prevention is given focus and the procedures involved for international cooperation considered, law enforcement authorities specifically the computer or technology crime divisions responsible for the investigation of cybercrimes are required to submit timely and regular reports, including pre-operation, post-operation and investigation results and such other documents, as may be required, to the Department of Justice (DOJ) for review and monitoring.

The Supreme Court promulgated Administrative Matter (A.M.) No. 17-11-03-SC or the Rule on Cybercrime Warrants (RCW) to respond to the technical requirements of cybercrime prosecution and aid cybercrime courts in the exercise of their special jurisdiction. It sets forth the procedure for the application and grant of warrants and related orders involving the preservation, disclosure, interception, search, seizure, and/or examination, as well as the custody, and destruction of computer data, as provided under R.A. No. 10175.[1]

In other words, the RCW is a tool afforded to law enforcers and prosecutors to assist them in obtaining electronic evidence necessary to prove their cases. It provides for the following warrants:

• Warrant to Disclose Computer Data (WDCD) [2];
• Warrant to Intercept Computer Data (WICD) [3];
• Warrant to Search, Seize, and Examine Computer Data (WSSECD) [4];
• Warrant to Examine Computer Data (WECD) [5].

[1] Section 1.2, Rule on Cybercrime Warrants (RCW).

[2] Section 4.2, Ibid. A Warrant to Disclose Computer Data (WDCD) is an order in writing issued in the name of the People of the Philippines, signed by a judge, upon application of LEAs, authorizing the latter to issue an order to disclose and accordingly, require any person or service provider to disclose or submit computer data in his/her possession or control.

[3] Section 5.2, Ibid. A Warrant to Intercept Computer Data (WICD) is an order in writing issued in the name of the People of the Philippines, signed by a judge, upon application of LEAs, authorizing the latter to carry out any or all of the following activities: (a) listening to; (b) recording; (c) monitoring; or (d) surveillance of the content of communications.

This includes the procuring of the content of the computer data at the same time that the communication is occurring, either:

a. Directly, through access and use of a computer system; or

b. Indirectly, through the use of electronic eavesdropping or tapping devices.

[4] Section 6.1, Ibid. A Warrant to Search, Seize, and Examine Computer Data (WSSECD) is an order in writing issued in the name of the People of the Philippines, signed by a judge, upon application of LEAs, authorizing the latter to search the particular place for items to be seized and/or examined. The interception of communications and computer data may be conducted during the implementation of the WSSECD.

[5] Section 6.9, Ibid. A Warrant to Examine Computer Data (WECD) is a warrant authorizing the LEA who have acquired possession of computer device or computer system via a lawful warrantless arrest, or by any other method to conduct forensic examination on the computer data contained therein. Interception of communications and computer data may likewise be conducted during the implementation of the WECD.

Besides an extensive legal framework on technical aspects, there are important acts on this field respecting:

• Republic Act No. 10173 or the Data Privacy Act of 2012
• Republic Act No. 9995 or the Anti-Photo and Voyeurism Act of 2009;
• Republic Act No. 9775 or the Anti-Child Pornography Act of 2009;
• Republic Act No. 8792 or the E-Commerce Act of 2000;
• Republic Act No. 8484 or the Access Devices Regulation Act of 1998;
• Republic Act No. 4200 or the Anti-Wiretapping Law of 1965;
• Republic Act No. 9208 or the Anti-Trafficking in Persons Act of 2003, as amended by Republic Act No. 10364 or the Expanded Anti-Trafficking in Persons Act of 2012.