Status regarding Budapest ConventionStatus : Party Ratified / acceded : 28/03/2018 Declarations and reservations : Articles concerned: 24, 27, 35 See legal profile
The Philippines is a party to the Budapest Convention since 2018 and they have given full implementation at the domestic level through the adoption and enforcement of a sound cybercrime legislation.
Nevertheless, the Philippine government has yet to adopt its draft National Cybercrime Strategy, which intends to provide the current landscape of cybercrime investigation, prosecution, and suppression in the Philippines, while embedding a whole-nation approach that will bolster the fight against cybercrime and cyber-related offenses, in line with international best practices.
The draft Strategy includes a vital multi-year cybercrime data/statistics based on official reports, actual operations, information and research, as well as analysis thereof, which were received from concerned agencies, such as the National Bureau of Investigation – Cybercrime Division (NBI-CCD) and the Philippine National Police – Anti-Cybercrime Group (PNP-ACG).
It also proceeds with a concise narrative, summing up the Philippine strategy against cybercrime based on policy framework, situation analysis, and international commitments and comity, which consists of the following key elements:
- Bolstering legal framework by enacting up-to-date laws, rules, and other government issuances that are dynamic to cope up with the technological challenges;
- Harmonizing and coordinating efforts among government agencies concerned in fighting cybercrimes and cyber-related offenses;
- Capacitating all members of the justice sector in the field of cybercrime and electronic evidence;
- Strengthening international cooperation in order to tackle the problem of cybercrime by and large;
- Promoting and encouraging public-private partnership in assuring service growth and development of a safe and secure cyber environment where the industry could continue to be competitive; and
- Increasing the level of the public’s cognizance and to help them develop the required knowledge to prevent being victims of cybercrime, through provision of public awareness seminars and trainings.
It is worthy to note that the draft was disseminated to relevant stakeholders for consultation, inputs and comments. Some of the data and policies contained in the draft were adopted, and complemented, by the draft National Cybersecurity Plan 2022 (NCSP) which was formally launched by the Department of Information and Communications Technology (DICT) in December 2016.
The primary goals of the NCSP are as follows: (1) assuring the continuous operation of the nation’s critical infostructures, public and military networks (2) implementing cyber resiliency measures to enhance the ability to respond to threats before, during and after attacks, (3) effective coordination with law enforcement agencies and (4) a cybersecurity educated society.
The National Cybersecurity Plan 2022 wants to reach the state of having a “Trusted and Resilient Infostructure” by the achievement of the following mission objectives:
- To systematically and methodically harden the Critical Information Infrastructure (CII) for resiliency;
- To prepare and secure government Infostructure;
- To raise awareness in the business sector on cyber risk and use of security measures among businesses to prevent and protect, respond and recover from attacks;
- To raise awareness of individuals on cyber risks and build a cybersecurity-educated society.
State of cybercrime legislation
The legal framework of the Philippines for cybercrime and electronic evidence is largely in line with the Budapest Convention, with the Cybercrime Prevention Act entered into force in February 2014.
The Philippine Congress enacted Republic Act No. 10175 or “Cybercrime Prevention Act of 2012” which completely address crimes committed against and by means of computer system on 12 September 2012. It includes penal substantive rules, procedural rules and also rules on international cooperation.
Amendatory bills on cybercrime investigations are under work in the Philippines, with new provisions being introduced on procedural powers, responsibilities, and extradition. The aim is for the amendments to provide a structured approach for prosecutors and investigators on cybercrime investigations and to further align national legislation with the Budapest Convention.
Substantive law related to the offences and procedural provisions on measures are included in the following acts:
- The Cybercrime Prevention Act of 2012, ;
- Rules and Regulations Implementing Cybercrime Prevention Act of 2012, 
- Rules on Electronic Evidence, . The Supreme Court recently issued amendments to the Rules of Civil Procedure and the Revised Rules on Evidence (collectively, the Revised Rules). The Revised Rules will take effect on 1 May 2020.
- Rule on Cybercrime Warrants, 
The Philippine Cybercrime Prevention Act of 2012 focuses on the pre-emption, prevention and prosecution of cybercrimes such as offenses against the confidentiality, integrity and availability of computer data and systems, computer-related offenses, and content-related offenses.
In addition, Section 6 thereof provides that all crimes defined and penalized by the Revised Penal Code, as amended, and special laws, if committed by, through and with the use of information and communications technologies shall be covered by the relevant provisions of Revised Penal Code: Provided, That the penalty to be imposed shall be one (1) degree higher than that provided for by the Revised Penal Code, as amended, and special laws, as the case may be.
Furthermore, Section 7 thereof provides that prosecution under the Cybercrime law shall be without prejudice to any liability for violation of any provision of the Revised Penal Code, as amended, or special laws.
The Philippine Cybercrime Prevention Act of 2012 also provides procedural measures to be undertaken by law enforcement authorities mandated by the law to enforce and implement its provisions. To ensure that the technical nature of cybercrime and its prevention is given focus and the procedures involved for international cooperation considered, law enforcement authorities specifically the computer or technology crime divisions responsible for the investigation of cybercrimes are required to submit timely and regular reports, including pre-operation, post-operation and investigation results and such other documents, as may be required, to the Department of Justice (DOJ) for review and monitoring.
The Supreme Court promulgated Administrative Matter (A.M.) No. 17-11-03-SC or the Rule on Cybercrime Warrants (RCW) to respond to the technical requirements of cybercrime prosecution and aid cybercrime courts in the exercise of their special jurisdiction. It sets forth the procedure for the application and grant of warrants and related orders involving the preservation, disclosure, interception, search, seizure, and/or examination, as well as the custody, and destruction of computer data, as provided under R.A. No. 10175.
In other words, the RCW is a tool afforded to law enforcers and prosecutors to assist them in obtaining electronic evidence necessary to prove their cases. It provides for the following warrants:
- Warrant to Disclose Computer Data (WDCD) ;
- Warrant to Intercept Computer Data (WICD) ;
- Warrant to Search, Seize, and Examine Computer Data (WSSECD) ;
- Warrant to Examine Computer Data (WECD) .
 Section 1.2, Rule on Cybercrime Warrants (RCW).
 Section 4.2, Ibid. A Warrant to Disclose Computer Data (WDCD) is an order in writing issued in the name of the People of the Philippines, signed by a judge, upon application of LEAs, authorizing the latter to issue an order to disclose and accordingly, require any person or service provider to disclose or submit computer data in his/her possession or control.
 Section 5.2, Ibid. A Warrant to Intercept Computer Data (WICD) is an order in writing issued in the name of the People of the Philippines, signed by a judge, upon application of LEAs, authorizing the latter to carry out any or all of the following activities: (a) listening to; (b) recording; (c) monitoring; or (d) surveillance of the content of communications.
This includes the procuring of the content of the computer data at the same time that the communication is occurring, either:
a. Directly, through access and use of a computer system; or
b. Indirectly, through the use of electronic eavesdropping or tapping devices.
 Section 6.1, Ibid. A Warrant to Search, Seize, and Examine Computer Data (WSSECD) is an order in writing issued in the name of the People of the Philippines, signed by a judge, upon application of LEAs, authorizing the latter to search the particular place for items to be seized and/or examined. The interception of communications and computer data may be conducted during the implementation of the WSSECD.
 Section 6.9, Ibid. A Warrant to Examine Computer Data (WECD) is a warrant authorizing the LEA who have acquired possession of computer device or computer system via a lawful warrantless arrest, or by any other method to conduct forensic examination on the computer data contained therein. Interception of communications and computer data may likewise be conducted during the implementation of the WECD.
Related laws and regulations
Besides an extensive legal framework on technical aspects, there are important acts on this field respecting:
- Republic Act No. 10173 or the Data Privacy Act of 2012
- Republic Act No. 9995 or the Anti-Photo and Voyeurism Act of 2009;
- Republic Act No. 9775 or the Anti-Child Pornography Act of 2009;
- Republic Act No. 8792 or the E-Commerce Act of 2000;
- Republic Act No. 8484 or the Access Devices Regulation Act of 1998;
- Republic Act No. 4200 or the Anti-Wiretapping Law of 1965;
- Republic Act No. 9208 or the Anti-Trafficking in Persons Act of 2003, as amended by Republic Act No. 10364 or the Expanded Anti-Trafficking in Persons Act of 2012.
- Department of Justice – Office of Cybercrime
- National Bureau of Investigation – Cybercrime Division
- Philippine National Police – Anti-Cybercrime Group
- Cybercrime Investigation and Coordination Center (CICC) 
- Cybercrime Courts
 Not yet operational as of date.
Competent authorities and channels
In the case of Disini vs. the Secretary of Justice, G.R. No. 203335, which involves consolidated petitions seeking to declare several provisions of R.A. 10175 or the Cybercrime Prevention Act of 2012 unconstitutional and void, the Supreme Court upheld the constitutionality of the law while striking few provisions as unconstitutional.
Sources and links
- Philippines 2014-2015 Cybercrime Report - https://www.doj.gov.ph/files/cybercrime_office/2014-2015_Annual_Cybercrime_Report.pdf
- 87% of Filipino Internet users have been victims of cybercrimes–DOJ - http://technology.inquirer.net/21557/87-of-filipino-internet-users-have-been-victims-of-cybercrimes-doj
- RA 10175 - Cybercrime Prevention Act of 2012; dispositive part of 2012 SC decision declaring what provisions are constitutional and unconstitutional - http://attylaserna.blogspot.fr/2015/09/ra-10175-cybercrime-prevention-act-of.html