DISINI v. SEC.

of JUSTICE
G.R. No. 203335 (plus 13 consolidated cases) |February 11, 2014|ABAD, J.:
Since there 14 cases sobrang dami ng petitioners and respondents but the impt. thing is itong set nato MELENCIO
S. STA. MARIA, SEDFREY M. CANDELARIA, AMPARITA STA. MARIA, RAY PAOLO J. SANTIAGO, GILBERT V.
SEMBRANO, and RYAN JEREMIAH D. QUAN (all of the Ateneo Human Rights Center)


These consolidated petitions seek to declare several provisions of Republic Act (R.A.) 10175, the Cybercrime
Prevention Act of 2012, unconstitutional and void.
SUMMARY: RA10175 or the Cybercrime Prevention Act aims to regulate access and use of the cyberspace.
Petitioners in this case however, claim that the means adopted by the cybercrime law for regulating undesirable
cyberspace activities violate certain of their constitutional rights. Issue is W/N RA 10175 is constitutional (YES, except
for the 3 void provisions)
RATIO:
a. Illegal Access (VALID) There is no basis to apply the strict scrutiny standard since no fundamental freedom, like
speech, is involved in punishing what is essentially a condemnable act accessing the computer system of another
without right. It is a universally condemned conduct. With regard to ethical hackers prior permission from the client,
would insulate him from the coverage of Section 4(a)(1).
b. Data Interference (VALID)- . It simply punishes what essentially is a form of vandalism, the act of willfully
destroying without right the things that belong to others, in this case their computer data, electronic document, or
electronic data message. Such act has no connection to guaranteed freedoms. There is no freedom to destroy other
peoples computer systems and private documents.
c. Cyber-squatting (VALID) - The law is reasonable in penalizing him for acquiring the domain name in bad faith to
profit, mislead, destroy reputation, or deprive others who are not ill-motivated of the rightful opportunity of
registering the same. The challenge to the constitutionality of Section 4(a)(6) on ground of denial of equal protection
is baseless.
d. Identity Theft (VALID) Petitioners simply fail to show how government effort to curb computer-related identity
theft violates the right to privacy and correspondence as well as the right to due process of law. The theft of identity
information must be intended for an illegitimate purpose. Acquiring and disseminating information made public by
the user himself cannot be regarded as a form of theft.
e. Cybersex (VALID) it will apply only to persons engaged in the business of maintaining, controlling, or operating,
directly or indirectly, the lascivious exhibition of sexual organs or sexual activity with the aid of a computer system as
Congress has intended.
f. Child Pornography (VALID)- It merely expands the scope of the Anti-Child Pornography Act of 2009 (ACPA) to cover
identical activities in cyberspace. Notably, no one has questioned this ACPA provision.
g. Unsolicited Commercial Communications (VOID) Government presents no basis for holding that unsolicited
electronic ads (SPAMS) reduce the "efficiency of computers." Secondly, people, before the arrival of the age of
computers, have already been receiving such unsolicited ads by mail. What matters is that the recipient has the
option of not opening or reading these mail ads. To prohibit the transmission of unsolicited ads would deny a person
the right to read his emails, even unsolicited commercial ads addressed to him.
h. Libel (VALID) - Cyberlibel is not a new crime, since RPC already punishes it. In effect, Section 4(c)(4) above merely
affirms that online defamation constitutes "similar means" for committing libel. But the court only penalizes the
author of the libelous statement or article.
i. Aiding or Abetting and Attempt in the Commission of Cybercrimes (VALID to provisions not relating to freedom of
expression but VOID as to Child Pornography, Unsolicited Commercial Com and Online Libel) Court held that there
is no clear definition on aiding and abetting under the Cybercrime law. Netizens are not given "fair notice" or warning
as to what is criminal conduct and what is lawful conduct. (so likers or sharers are not penalized) But if the
"Comment" does not merely react to the original posting but creates an altogether new defamatory story, then
that should be considered an original posting published on the internet. Both the penal code and the cybercrime law
clearly punish authors of defamatory publications
j. Penalty of One Degree Higher (VALID) Section 6 merely makes commission of existing crimes through the internet a
qualifying circumstance. There exists a substantial distinction between crimes committed through the use of
information and communications technology and similar crimes committed using other means. In using the
technology in question, the offender often evades identification and is able to reach far more victims or cause greater
harm.
k. Real-Time Collection of Traffic Data (VOID) The cybercrime law, dealing with a novel situation, fails to hint at the
meaning it intends for the phrase "due cause." The Solicitor General suggests that "due cause" should mean "just
reason or motive" and "adherence to a lawful procedure." But the Court cannot draw this meaning since Section 12
does not even bother to relate the collection of data to the probable commission of a particular crime. It just says,
"with due cause," thus justifying a general gathering of data. It is akin to the use of a general search warrant that the
Constitution prohibits. The power is virtually limitless, enabling law enforcement authorities to engage in "fishing
expedition," choosing whatever specified communication they want. This evidently threatens the right of individuals
to privacy.
l. Preservation of Computer Data (VALID) Court held that the user ought to have kept a copy of that data when it
crossed his computer if he was so minded. The service provider has never assumed responsibility for their loss or
deletion while in its keep.
o. Disclosure of Computer Data (VALID) Executive agencies have the power to issue subpoena as an adjunct of their
investigatory powers. Besides, it only envisions the enforcement of a duly issued court warrant, a function usually
lodged in the hands of law enforcers to enable them to carry out their executive functions.
p. Search, Seizure and Examination of Computer Data (VALID) Section 15 merely enumerates the duties of law
enforcement authorities that would ensure the proper collection, preservation, and use of computer system or data
that have been seized by virtue of a court warrant. The exercise of these duties do not pose any threat on the rights
of the person from whom they were taken. Section 15 does not appear to supersede existing search and seizure rules
but merely supplements them
q. Destruction of Computer Data (VALID) It is unclear that the user has a demandable right to require the service
provider to have that copy of the data saved indefinitely for him in its storage system. If he wanted them preserved,
he should have saved them in his computer when he generated the data or received it. He could also request the
service provider for a copy before it is deleted.
r. Restricting or Blocking Access to Computer Data (VOID) Computer Data produced or created by their writers or
authors may constitute personal property. Consequently, they are protected from unreasonable searches and
seizures, whether while stored in their personal computers or in the service providers systems. Here, the
Government, in effect, seizes and places the computer data under its control and disposition without a warrant. The
Department of Justice order cannot substitute for judicial search warrant.
s. Obstruction of Justice (VALID) The act of non-compliance, for it to be punishable, must still be done "knowingly or
willfully." There must still be a judicial determination of guilt, during which, as the Solicitor General assumes, defense
and justifications for non-compliance may be raised. Thus, Section 20 is valid insofar as it applies to the provisions of
Chapter IV which are not struck down by the Court.
t. Section 24 on Cybercrime Investigation and Coordinating Center (CICC) and Section 26(a) on CICCs Powers and
Functions. (VALID)
The cybercrime law is complete in itself when it directed the CICC to formulate and implement a national
cybersecurity plan. The law gave sufficient standards for the CICC to follow when it provided a definition of
cybersecurity. Cybersecurity refers to the collection of tools, policies, risk management approaches, actions,
training, best practices, assurance and technologies that can be used to protect cyber environment and
organization and users assets.
FACTS:
The cybercrime law aims to regulate access to and use of the cyberspace. The cyberspace, is a system that
accommodates millions and billions of simultaneous and ongoing individual accesses to and uses of the internet
and a boon to the need of the current generation for greater information and facility of communication,
however, it could not filter out a number of persons of ill will who would want to use cyberspace technology for
mischiefs and crimes.
Reasons for the need to regulate
o it could be availed to unjustly ruin the reputation of another or bully the latter by posting defamatory
statements against him that people can read.
o Can be used to commit theft by hacking into or surreptitiously accessing his bank account or credit card
or defrauding him through false representations.
o Can be used to illicit trafficking in sex or for exposing to pornography guileless children who have
access to the internet.
o Can be used for sending electronic viruses or virtual dynamites that destroy those computer systems,
networks, programs, and memories. The government certainly has the duty and the right to prevent
these tomfooleries from happening and punish their perpetrators, hence the Cybercrime Prevention
Act.
Petitioners claim that the means adopted by the cybercrime law for regulating undesirable cyberspace activities
violate certain of their constitutional rights.
ISSUES:
W/N the enumerated provisions are unconstitutional.
a. Section 4(a)(1) on Illegal Access;
b. Section 4(a)(3) on Data Interference;
c. Section 4(a)(6) on Cyber-squatting;
d. Section 4(b)(3) on Identity Theft;
e. Section 4(c)(1) on Cybersex;
f. Section 4(c)(2) on Child Pornography;
g. Section 4(c)(3) on Unsolicited Commercial Communications;
h. Section 4(c)(4) on Libel;
i. Section 5 on Aiding or Abetting and Attempt in the Commission of Cybercrimes;
j. Section 6 on the Penalty of One Degree Higher;
k. Section 7 on the Prosecution under both the Revised Penal Code (RPC) and R.A. 10175;
l. Section 8 on Penalties;
m. Section 12 on Real-Time Collection of Traffic Data;
n. Section 13 on Preservation of Computer Data;
o. Section 14 on Disclosure of Computer Data;
p. Section 15 on Search, Seizure and Examination of Computer Data;
q. Section 17 on Destruction of Computer Data;
r. Section 19 on Restricting or Blocking Access to Computer Data;
s. Section 20 on Obstruction of Justice;
t. Section 24 on Cybercrime Investigation and Coordinating Center (CICC); and
u. Section 26(a) on CICCs Powers and Functions.
RATIO:
a. ILLEGAL ACCESS
Definition: Illegal Access. The access to the whole or any part of a computer system without right.
Consti Violation: Failed to meet the Strict Scrutiny Standard
Courts Decision: Court finds nothing that calls for the application of the strict scrutiny standard since no
fundamental freedom, like speech, is involved in punishing what is essentially a condemnable act accessing the
computer system of another without right. It is a universally condemned conduct.

Petitioners fear that this may
jeopardize ethical hackers
1
but the court said that they are the equivalent of independent auditors who come
into an organization to verify its bookkeeping records

and a clients engagement of an ethical hacker requires an
agreement between them as to the extent of the search, the methods to be used, and the systems to be tested.
Since the ethical hacker does his job with prior permission from the client, such permission would insulate him
from the coverage of Section 4(a)(1).
b. DATA INTERFERENCE

1
Ethical hackers evaluate the target systems security by employing tools and techniques used by criminal hackers
and report back to the owners the vulnerabilities they found in it and give instructions for how these can be
remedied.
Definition: The intentional or reckless alteration, damaging, deletion or deterioration of computer data,
electronic document, or electronic data message, without right, including the introduction or transmission of
viruses.
Consti Violation: Overbreadth Doctrine, Intrudes protected speech and expression
Courts Decision: Under the overbreadth doctrine, a proper governmental purpose, constitutionally subject to
state regulation, may not be achieved by means that unnecessarily sweep its subject broadly, thereby invading
the area of protected freedoms.But Section 4(a)(3) does not encroach on these freedoms at all. It simply
punishes what essentially is a form of vandalism, the act of willfully destroying without right the things that
belong to others, in this case their computer data, electronic document, or electronic data message. Such act has
no connection to guaranteed freedoms. There is no freedom to destroy other peoples computer systems and
private documents.
c. CYBER-SQUATTING
Definition :The acquisition of domain name over the internet in bad faith to profit, mislead, destroy the
reputation, and deprive others from registering the same, if such a domain name is:
(i) Similar, identical, or confusingly similar to an existing trademark registered with the appropriate
government agency at the time of the domain name registration;
(ii) Identical or in any way similar with the name of a person other than the registrant, in case of a personal
name; and
(iii) Acquired without right or with intellectual property interests in it.
Consti Violation: EPC since it will cause a user using his real name to suffer the same fate as those who use aliases
or take the name of another in satire, parody, or any other literary device
Courts Decision: Petitioners claim that this will cause a user using his real name to suffer the same fate as those
who use aliases or take the name of another in satire, parody, or any other literary device, considering the substantial
distinction between the two, the law should recognize the difference. But there is no real difference whether one
uses his real name or uses a pseudo-name for it is the evil purpose for which he uses the name that the law
condemns. The law is reasonable in penalizing him for acquiring the domain name in bad faith to profit, mislead,
destroy reputation, or deprive others who are not ill-motivated of the rightful opportunity of registering the same.
The challenge to the constitutionality of Section 4(a)(6) on ground of denial of equal protection is baseless.
d. COMPUTER-RELATED IDENTITY THEFT
Definition :The intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying
information belonging to another, whether natural or juridical, without right:
Consti Violation: Due Process, privacy and correspondence, and freedom of the press.
Courts Decision:Zones of privacy are recognized and protected in our laws. Within these zones, any form of
intrusion is impermissible unless excused by law and in accordance with customary legal process. The meticulous
regard we accord to these zones arises not only from our conviction that the right to privacy is a "constitutional
right" and "the right most valued by civilized men," but also from our adherence to the Universal Declaration of
Human Rights which mandates that, "no one shall be subjected to arbitrary interference with his privacy" and
"everyone has the right to the protection of the law against such interference or attacks."Two constitutional
guarantees create these zones of privacy: (a) the right against unreasonable searches and seizures, which is the
basis of the right to be let alone, and (b) the right to privacy of communication and correspondence. In assessing
the challenge that the State has impermissibly intruded into these zones of privacy, a court must determine
whether a person has exhibited a reasonable expectation of privacy and, if so, whether that expectation has
been violated by unreasonable government intrusion. The usual identifying information regarding a person
includes his name, his citizenship, his residence address, his contact number, his place and date of birth, the
name of his spouse if any, his occupation, and similar data. The law punishes those who acquire or use such
identifying information without right, implicitly to cause damage. Petitioners simply fail to show how
government effort to curb computer-related identity theft violates the right to privacy and correspondence as
well as the right to due process of law. Further, petitioners fear that Section 4(b)(3) violates the freedom of the
press in that journalists would be hindered from accessing the unrestricted user account of a person in the news
to secure information about him that could be published. But this is not the essence of identity theft that the law
seeks to prohibit and punish. Evidently, the theft of identity information must be intended for an illegitimate
purpose. Moreover, acquiring and disseminating information made public by the user himself cannot be
regarded as a form of theft.
e. CYBERSEX
Definition :The willful engagement, maintenance, control, or operation, directly or indirectly, of any lascivious
exhibition of sexual organs or sexual activity, with the aid of a computer system, for favor or consideration.
Consti Violation: Freedom Of Expression
Courts Decision:Petitioners claim that that private communications of sexual character between husband and
wife or consenting adults, which are not regarded as crimes under the penal code, would now be regarded as
crimes when done "for favor" in cyberspace. In common usage, the term "favor" includes "gracious kindness," "a
special privilege or right granted or conceded," or "a token of love (as a ribbon) usually worn
conspicuously."
22
This meaning given to the term "favor" embraces socially tolerated trysts. The law as written
would invite law enforcement agencies into the bedrooms of married couples or consenting individuals. Court
held that the understanding of those who drew up the cybercrime law is that the element of "engaging in a
business" is necessary to constitute the illegal cybersex. The Act actually seeks to punish cyber prostitution,
white slave trade, and pornography for favor and consideration. This includes interactive prostitution and
pornography, i.e., by webcam. The court added that lascivious of sexual organs is not a subject novel since it is
also punished in Art. 201 of RPC and Anti-Trafficking in Persons Act of 2003.Engaging in sexual acts privately
through internet connection, perceived by some as a right, has to be balanced with the mandate of the State to
eradicate white slavery and the exploitation of women.In any event, consenting adults are protected by the
wealth of jurisprudence delineating the bounds of obscenity. The Court will not declare Section 4(c)(1)
unconstitutional where it stands a construction that makes it apply only to persons engaged in the business of
maintaining, controlling, or operating, directly or indirectly, the lascivious exhibition of sexual organs or sexual
activity with the aid of a computer system as Congress has intended.
f. CHILD PORNOGRAPHY
Definition : The unlawful or prohibited acts defined and punishable by Republic Act No. 9775 or the Anti-Child
Pornography Act of 2009, committed through a computer system
Consti Violation:
Courts Decision: It merely expands the scope of the Anti-Child Pornography Act of 2009 (ACPA) to cover
identical activities in cyberspace. Notably, no one has questioned this ACPA provision.
g. UNSOLICITED COMMERCIAL COMMUNICATIONS.
Definition: The transmission of commercia:l electronic communication with the use of computer system which
seeks to advertise, sell, or offer for sale products and services are prohibited. This penalizes the transmission of
unsolicited commercial communications, also known as "spam."
Courts Decision: Solgen claims that spams are a nuisance that wastes the storage and network capacities of
internet service providers, reduces the efficiency of commerce and technology, and interferes with the owners
peaceful enjoyment of his property. Transmitting spams amounts to trespass to ones privacy since the person
sending out spams enters the recipients domain without prior permission. But, firstly, the government presents
no basis for holding that unsolicited electronic ads reduce the "efficiency of computers." Secondly, people,
before the arrival of the age of computers, have already been receiving such unsolicited ads by mail. What
matters is that the recipient has the option of not opening or reading these mail ads. To prohibit the
transmission of unsolicited ads would deny a person the right to read his emails, even unsolicited commercial
ads addressed to him. Commercial speech is a separate category of speech which is not accorded the same level
of protection as that given to other constitutionally guaranteed forms of expression but is nonetheless entitled
to protection. The State cannot rob him of this right without violating the constitutionally guaranteed freedom of
expression. Unsolicited advertisements are legitimate forms of expression.
h. ONLINE LIBEL.
Definition : The unlawful or prohibited acts of libel as defined in Article 355 of RPC committed through a
computer system or any other similar means which may be devised in the future.
Consti Violation: Obligations in ICCPR
Courts Decision: Petitioners claim that requiring presumed malice which was changed to actual malice by
recent jurisprudence is unconstitutional as it infringes freedom of expression. "Actual malice" or malice in fact
is when the offender makes the defamatory statement with the knowledge that it is false or with reckless
disregard of whether it was false or not. The reckless disregard standard used here requires a high degree of
awareness of probable falsity. If offended party is a public official he has the burden of proving actual malice. If
private person, it need not prove the presence of malice. The law explicitly presumes its existence (malice in law)
from the defamatory character of the assailed statement. As to violation of ICCPR, court held that General
Comment 34 does not say that the truth of the defamatory statement should constitute an all-encompassing
defense. Truth as a defense is recognized but under the condition that the accused has been prompted in making
the statement by good motives and for justifiable ends. UNHRC did not actually enjoin the Philippines to
decriminalize libel. It simply suggested that defamation laws be crafted with care to ensure that they do not
stifle freedom of expression. The ICCPR states that although everyone should enjoy freedom of expression, its
exercise carries with it special duties and responsibilities. Cyberlibel is not a new crime, since RPC already
punishes it. In effect, Section 4(c)(4) above merely affirms that online defamation constitutes "similar means" for
committing libel. But the court only penalizes the author of the libelous statement or article.
i. AIDING OR ABETTING AND ATTEMPT IN THE COMMISSION OF CYBERCRIMES
Definition: Aiding or Abetting - Any person who willfully abets or aids in the commission of any of the offenses
enumerated in this Act
Attempt in the Commission of Cybercrime. Any person who willfully attempts to commit any of the offenses
enumerated in this Act
Consti Violation: Overbreadth
Courts Decision: Aiding or abetting do not have a well-defined meaning, so the question is, are online postings
such as "Liking" an openly defamatory statement, "Commenting" on it, or "Sharing" it with others, to be
regarded as "aiding or abetting?" As already stated, the cyberspace is an incomparable, pervasive medium of
communication. It is inevitable that any government threat of punishment regarding certain uses of the medium
creates a chilling effect on the constitutionally-protected freedom of expression of the great masses that use it.
In this case, the particularly complex web of interaction on social media websites would give law enforcers such
latitude that they could arbitrarily or selectively enforce the law.Netizens are not given "fair notice" or warning
as to what is criminal conduct and what is lawful conduct. Of course, if the "Comment" does not merely react to
the original posting but creates an altogether new defamatory story, then that should be considered an
original posting published on the internet. Both the penal code and the cybercrime law clearly punish authors of
defamatory publications. As to the service provider (ex. Google) Cybercrime law lacks a provision exempting the
provider (that is present in the American law on child pornography)
2

Section 5 with respect to Section 4(c)(4) is unconstitutional. Its vagueness raises apprehension on the
part of internet users because of its obvious chilling effect on the freedom of expression, especially
since the crime of aiding or abetting ensnares all the actors in the cyberspace front in a fuzzy way.
What is more, as the petitioners point out, formal crimes such as libel are not punishable unless
consummated.
But the crime of aiding or abetting the commission of cybercrimes should be permitted to apply to
Illegal Access, Illegal Interception, Data Interference, System Interference, Misuse of Devices, Cyber-
squatting, Computer-related Forgery, Computer-related Fraud, on Computer-related Identity Theft,
and Cybersex. None of these offenses borders on the exercise of the freedom of expression.
j. PENALTY OF ONE DEGREE HIGHER;
Definition: All crimes defined and penalized by RPC if committed through use of information and
communications technologies shall shall have a penalty of one degree higher.
Courts Decision: Section 6 merely makes commission of existing crimes through the internet a qualifying
circumstance. There exists a substantial distinction between crimes committed through the use of information
and communications technology and similar crimes committed using other means. In using the technology in
question, the offender often evades identification and is able to reach far more victims or cause greater harm.
k. PROSECUTION UNDER BOTH THE REVISED PENAL CODE (RPC) AND R.A. 10175

2
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any
information provided by another information content provider and cannot be held civilly liable for any action
voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be
obscene...whether or not such material is constitutionally protected
Section 7 merely expresses the settled doctrine that a single set of acts may be prosecuted and penalized
simultaneously under two laws, a special law and the Revised Penal Code. With the exception of the crimes
of online libel and online child pornography, the Court would rather leave the determination of the correct
application of Section 7 to actual cases. For online libel its different if the published material on print, said
to be libelous, is again posted online or vice versa, that identical material cannot be the subject of two
separate libels. It involve essentially the same elements and are in fact one and the same offense. The same
is true with child pornography committed online. Section 4(c)(2) merely expands the ACPAs scope so as to
include identical activities in cyberspace. ACPAs definition of child pornography in fact already covers the
use of "electronic, mechanical, digital, optical, magnetic or any other means." Thus, charging the offender
under both Section 4(c)(2) and ACPA would likewise be tantamount to a violation of the constitutional
prohibition against double jeopardy.
l. PENALTIES
The matter of fixing penalties for the commission of crimes is as a rule a legislative prerogative. Here the
legislature prescribed a measure of severe penalties for what it regards as deleterious cybercrimes. They appear
proportionate to the evil sought to be punished.
m. REAL-TIME COLLECTION OF TRAFFIC DATA
Definition: Law enforcement authorities, with due cause, shall be authorized to collect or record by technical or
electronic means traffic data in real-time associated with specified communications transmitted by means of a
computer system. Traffic data refer only to the communications origin, destination, route, time, date, size,
duration, or type of underlying service, but not content, nor identities. All other data to be collected or seized or
disclosed will require a court warrant.
Consti Violation: Right to Privacy
Courts Decision: The first question is W/N Section 12 has a proper governmental purpose since a law may
require the disclosure of matters normally considered private but then only upon showing that such requirement
has a rational relation to the purpose of the law. Undoubtedly, the State has a compelling interest in enacting
the cybercrime law for there is a need to put order to the tremendous activities in cyberspace for public
good.Crime-fighting is a state business. Indeed, as Chief Justice Sereno points out, the Budapest Convention on
Cybercrimes requires signatory countries to adopt legislative measures to empower state authorities to collect or
record "traffic data, in real time, associated with specified communications." Section 12 does not permit law
enforcement authorities to look into the contents of the messages and uncover the identities of the sender and
the recipient. Section 12 empowers law enforcement authorities, "with due cause," to collect or record by
technical or electronic means traffic data in real-time. Petitioners point out that the phrase "due cause" has no
precedent in law or jurisprudence and that whether there is due cause or not is left to the discretion of the
police. The cybercrime law, dealing with a novel situation, fails to hint at the meaning it intends for the phrase
"due cause." The Solicitor General suggests that "due cause" should mean "just reason or motive" and
"adherence to a lawful procedure." But the Court cannot draw this meaning since Section 12 does not even
bother to relate the collection of data to the probable commission of a particular crime. It just says, "with due
cause," thus justifying a general gathering of data. It is akin to the use of a general search warrant that the
Constitution prohibits. Due cause is also not descriptive of the purpose for which data collection will be used.
The authority that Section 12 gives law enforcement agencies is too sweeping and lacks restraint. While it says
that traffic data collection should not disclose identities or content data, such restraint is but an illusion.
Admittedly, nothing can prevent law enforcement agencies holding these data in their hands from looking into
the identity of their sender or receiver and what the data contains. This will unnecessarily expose the citizenry to
leaked information or, worse, to extortion from certain bad elements in these agencies.Section 12, of course,
limits the collection of traffic data to those "associated with specified communications." But this supposed
limitation is no limitation at all since, evidently, it is the law enforcement agencies that would specify the target
communications. The power is virtually limitless, enabling law enforcement authorities to engage in "fishing
expedition," choosing whatever specified communication they want. This evidently threatens the right of
individuals to privacy.
n. PRESERVATION OF COMPUTER DATA
Definition: integrity of traffic data and subscriber information relating to communication services provided by a
service provider shall be preserved for a minimum period of 6 months from the date of the transaction. Content
data preservation shall be 6 mo. also.
Consti Violation: Undue deprivation of right to property.
They liken the data preservation order as a form of garnishment of personal property in civil forfeiture
proceedings. Such order prevents internet users from accessing and disposing of traffic data that essentially
belong to them.
Courts Decision: Court held that the user ought to have kept a copy of that data when it crossed his computer if
he was so minded. The service provider has never assumed responsibility for their loss or deletion while in its
keep. The data that service providers preserve on orders of law enforcement authorities are not made
inaccessible to users by reason of the issuance of such orders. The process of preserving data will not unduly
hamper the normal transmission or use of the same.
o. DISCLOSURE OF COMPUTER DATA
Definition: Law enforcement authorities, upon securing a court warrant, shall issue an order requiring any
person or service provider to disclose or submit subscribers information, traffic data or relevant data in his/its
possession or control within seventy-two (72) hours from receipt of the order in relation to a valid complaint
officially docketed and assigned for investigation and the disclosure is necessary and relevant for the purpose of
investigation. (process is likened to issuance of a subpoena)
Consti Violation: Issuance of subpoenas is a judicial function.
Court: It is well-settled that the power to issue subpoenas is not exclusively a judicial function. Executive
agencies have the power to issue subpoena as an adjunct of their investigatory powers. Besides, it only envisions
the enforcement of a duly issued court warrant, a function usually lodged in the hands of law enforcers to enable
them to carry out their executive functions.
p. SEARCH, SEIZURE AND EXAMINATION OF COMPUTER DATA
Definition: Where a search and seizure warrant is properly issued, law enforcement authorities shall have the
power to intercept computer system or data storage, make and retain a copy of it, conduct forensic analysis on
the data, and do some other stuff to it.
Consti violation: Search and Seizure procedures
Court: Section 15 merely enumerates the duties of law enforcement authorities that would ensure the proper
collection, preservation, and use of computer system or data that have been seized by virtue of a court warrant.
The exercise of these duties do not pose any threat on the rights of the person from whom they were taken.
Section 15 does not appear to supersede existing search and seizure rules but merely supplements them.
q. DESTRUCTION OF COMPUTER DATA
Definition:Upon expiration of the periods as provided in Sections 13 and 15, service providers and law
enforcement authorities, as the case may be, shall immediately and completely destroy the computer data
subject of a preservation and examination.
Consti Violation: Deprivation of property without due process of law.
Court: It is unclear that the user has a demandable right to require the service provider to have that copy of the
data saved indefinitely for him in its storage system. If he wanted them preserved, he should have saved them in
his computer when he generated the data or received it. He could also request the service provider for a copy
before it is deleted.
r. RESTRICTING OR BLOCKING ACCESS TO COMPUTER DATA;
Definition: When a computer data is prima facie found to be in violation of the provisions of this Act, the DOJ
shall issue an order to restrict or block access to such computer data.
Consti Violation: Freedom of Expression and right against unreasonable searches and seizures.
Court: Computer Data produced or created by their writers or authors may constitute personal property.
Consequently, they are protected from unreasonable searches and seizures, whether while stored in their
personal computers or in the service providers systems. Here, the Government, in effect, seizes and places the
computer data under its control and disposition without a warrant. The Department of Justice order cannot
substitute for judicial search warrant. The content of the computer data can also constitute speech, thus sec. 19
operates as a restriction on the freedom of expression over cyberspace. For an executive officer to seize content
alleged to be unprotected without any judicial warrant, it is not enough for him to be of the opinion that such
content violates some law, for to do so would make him judge, jury, and executioner all rolled into one. The
Court is therefore compelled to strike down Section 19 for being violative of the constitutional guarantees to
freedom of expression and against unreasonable searches and seizures.
s. OBSTRUCTION OF JUSTICE
Consti Violation: bill of attainder - mere failure to comply constitutes a legislative finding of guilt, without regard
to situations where non-compliance would be reasonable or valid.
Court: The act of non-compliance, for it to be punishable, must still be done "knowingly or willfully." There must
still be a judicial determination of guilt, during which, as the Solicitor General assumes, defense and justifications
for non-compliance may be raised. Thus, Section 20 is valid insofar as it applies to the provisions of Chapter IV
which are not struck down by the Court.
t. CYBERCRIME INVESTIGATION AND COORDINATING CENTER (CICC) CICCS POWERS AND FUNCTIONS.
Consti Violation: Undue delegation of legislative power - when it gave the Cybercrime Investigation and
Coordinating Center (CICC) the power to formulate a national cybersecurity plan without any sufficient standards
or parameters for it to follow.
Court: Here, the cybercrime law is complete in itself when it directed the CICC to formulate and implement a
national cybersecurity plan. The law gave sufficient standards for the CICC to follow when it provided a definition
of cybersecurity. Cybersecurity refers to the collection of tools, policies, risk management approaches, actions,
training, best practices, assurance and technologies that can be used to protect cyber environment and
organization and users assets. This definition serves as the parameters within which CICC should work in
formulating the cybersecurity plan.Further, the formulation of the cybersecurity plan is consistent with the policy
of the law to "prevent and combat such [cyber] offenses by facilitating their detection, investigation, and
prosecution at both the domestic and international levels, and by providing arrangements for fast and reliable
international cooperation." This policy is clearly adopted in the interest of law and order, which has been
considered as sufficient standard. Hence, Sections 24 and 26(a) are likewise valid.
Held:
1. VOID for being UNCONSTITUTIONAL:
a.Section 4(c)(3) of Republic Act 10175 that penalizes posting of unsolicited commercial communications;
b. Section 12 that authorizes the collection or recording of traffic data in real-time; and
c. Section 19 of the same Act that authorizes the Department of Justice to restrict or block access to suspected
Computer Data.
2. VALID and CONSTITUTIONAL:
a. Section 4(a)(1) that penalizes accessing a computer system without right;
b. Section 4(a)(3) that penalizes data interference, including transmission of viruses;
c. Section 4(a)(6) that penalizes cyber-squatting or acquiring domain name over the internet in bad faith to the
prejudice of others;
d. Section 4(b)(3) that penalizes identity theft or the use or misuse of identifying information belonging to another;
e. Section 4(c)(1) that penalizes cybersex or the lascivious exhibition of sexual organs or sexual activity for favor or
consideration;
f. Section 4(c)(2) that penalizes the production of child pornography;
g. Section 6 that imposes penalties one degree higher when crimes defined under the Revised Penal Code are
committed with the use of information and communications technologies;
h. Section 8 that prescribes the penalties for cybercrimes;
i. Section 13 that permits law enforcement authorities to require service providers to preserve traffic data and
subscriber information as well as specified content data for six months;
j. Section 14 that authorizes the disclosure of computer data under a court-issued warrant;
k. Section 15 that authorizes the search, seizure, and examination of computer data under a court-issued warrant;
l. Section 17 that authorizes the destruction of previously preserved computer data after the expiration of the
prescribed holding periods;
m. Section 20 that penalizes obstruction of justice in relation to cybercrime investigations;
n. Section 24 that establishes a Cybercrime Investigation and Coordinating Center (CICC);
o. Section 26(a) that defines the CICCs Powers and Functions; and
p. Articles 353, 354, 361, and 362 of the Revised Penal Code that penalizes libel.
Further, the Court DECLARES:
1. Section 4(c)(4) that penalizes online libel as VALID and CONSTITUTIONAL with respect to the original author of the
post; but VOID and UNCONSTITUTIONAL with respect to others who simply receive the post and react to it; and
2. Section 5 that penalizes aiding or abetting and attempt in the commission of cybercrimes as VA L I D and
CONSTITUTIONAL only in relation to Section 4(a)(1) on Illegal Access, Section 4(a)(2) on Illegal Interception, Section
4(a)(3) on Data Interference, Section 4(a)(4) on System Interference, Section 4(a)(5) on Misuse of Devices, Section
4(a)(6) on Cyber-squatting, Section 4(b)(1) on Computer-related Forgery, Section 4(b)(2) on Computer-related Fraud,
Section 4(b)(3) on Computer-related Identity Theft, and Section 4(c)(1) on Cybersex; but VOID and
UNCONSTITUTIONAL with respect to Sections 4(c)(2) on Child Pornography, 4(c)(3) on Unsolicited Commercial
Communications, and 4(c)(4) on online Libel.1wphi1
Lastly, the Court RESOLVES to LEAVE THE DETERMINATION of the correct application of Section 7 that authorizes
prosecution of the offender under both the Revised Penal Code and Republic Act 10175 to actual cases, WITH THE
EXCEPTION of the crimes of:
1. Online libel as to which, charging the offender under both Section 4(c)(4) of Republic Act 10175 and Article 353 of
the Revised Penal Code constitutes a violation of the proscription against double jeopardy; as well as
2. Child pornography committed online as to which, charging the offender under both Section 4(c)(2) of Republic Act
10175 and Republic Act 9775 or the Anti-Child Pornography Act of 2009 also constitutes a violation of the same
proscription, and, in respect to these, is VOID and UNCONSTITUTIONAL.