BNU: Intellectual Property Attorneys / Lawyers  

IP Views

The Cybercrime Prevention Act
September 20, 2012
By: Jasmine L. Solivas-Dayacap

Closely following the heels of the recently passed Data Privacy Act of 2012, 1 President Benigno Aquino III signed into law Republic Act No. 10175 or the Cybercrime Prevention Act of 2012 last Wednesday, 12 September 2012. The new law is a consolidation of Senate Bill No. 2796 and House Bill No. 5808. Both the Cybercrime Prevention Act of 2012 and the Data Privacy Act of 2012 were sponsored and authored by Senator Edgardo J. Angara.

The Act identifies the National Bureau of Investigation (NBI) and the Philippine National Police (PNP) as the agencies responsible for the law enforcement of its provisions. These law enforcement authorities are granted several powers relating to computer data, such as the power to collect and record, in real time, traffic data, to order the preservation of computer data, to compel disclosure of computer data, to search, seize and examine computer data, to deposit with the court computer data examined via a proper warrant, and to destroy computer data, among others.

The NBI and the PNP are mandated to organize a cybercrime unit or center manned by special investigators to exclusively handle cases involving violations of the Act. Furthermore, an Office of Cybercrime is created within the Department of Justice (DOJ) which is designated as the central authority in all matters related to international mutual assistance and extradition. For policy coordination among concerned agencies and for the formulation and enforcement of the national cybersecurity plan, the Act also mandates the creation of an inter-agency body to be known as the Cybercrime Investigation and Coordinating Center (CICC), which will be under the administrative supervision of the Office of the President.

The offense of “cybercrime” defined

The heart of the new law is its second chapter enumerating thirteen (13) acts constituting the offense of “cybercrime” which are classified into three categories of offenses:

(1) Offenses against the confidentiality, integrity and availability of computer data and systems, i.e., Illegal Access, Illegal Interception, Data Interference, System Interference, Misuse of Devices, and Cyber-squatting;
(2) Computer-related Offenses, i.e., Computer-related Forgery, Computer-related Fraud, and Computer-related Identity Theft.
(3) Content-related Offenses, i.e., Cybersex, Child Pornography, Unsolicited Commercial Communications (otherwise known as spamming), and Libel.

Notably, copyright infringement is not defined as among the content-related offenses.

The Cybercrime Prevention Act also punishes any person who willfully abets or aids in the commission of a cybercrime as well as any person who willfully attempts to commit a cybercrime.

Leaves much to be desired?

While the State’s intent to keep up with the technological developments should be lauded, it appears to have fallen short on making its intent a reality. Many have criticized the provisions of the Act on various grounds. There is some concern over the powers granted to law enforcement agencies.2 Some groups have criticized the inclusion of online libel as among the cybercrimes defined under the Act, arguing that the same is a threat to freedom of expression and therefore unconstitutional.3 Some wonder whether the offense of online libel would also cover messages sent on social network websites such as Twitter. To this, deputy presidential spokesperson Abigail Valte could only say ““We will leave it to the other lawyers to determine ang aktong napapasailalim sa libel na sinasabi nila.” 4

Apart from the foregoing, there are some ambiguous provisions that seem to have escaped the critics’ radar. Section 6 provides that “[a]ll crimes defined and penalized by the Revised Penal Code, as amended, and special laws, if committed by, through and with the use of information and communications technologies shall be covered by the relevant provisions of this Act: Provided, That the penalty to be imposed shall be one (1) degree higher than that provided for by the Revised Penal Code, as amended, and special laws, as the case may be.” Still, it decrees in Section 7 that “[a] prosecution under this Act shall be without prejudice to any liability for violation of any provision of the Revised Penal Code, as amended, or special laws.”

To our mind, it is not clear what the lawmakers intended by phrasing the two provisions as such. Just how do you prosecute a cybercrime offender who also commits a violation of the Revised Penal Code or another special law? Are they prosecuted for violation of the Cybercrime Prevention Act, or the special law, or both? This appears to be a highly legitimate concern, especially considering the fact that the cybercrimes defined under the Cybercrime Prevention Act overlap with the Revised Penal Code and many special laws, such as the Data Privacy Act, Access-Devices Act and E-Commerce Act.

These ambiguous provisions present an issue on implementation and can, thus, be easily clarified via the implementing rules and regulations that the Information and Communications Technology Office under the Department of Science and Technology (ICTO-DOST), the DOJ and the Department of the Interior and Local Government (DILG) are tasked to jointly formulate. Considering the many thorny issues presented by the new Cybercrime Prevention Act, it is safe to say that the ICTO-DOST, the DOJ and the DILG have their work cut out for them.

-----------------

1 The Data Privacy Act of 2012 was signed into law on 15 August 2012; See http://www.gov.ph/2012/08/15/republic-act-no-10173/.

Bengzon Negre Untalan
Intellectual Property Attorneys

2nd Floor SEDCCO Building
Rada cor Legaspi Streets
Makati City, Metro Manila
1229 Philippines

Ph: (632) 813.0120
(632) 892.3228
(632) 892.3252
(632) 751.2713
 
Fax: (632) 894.2073
 
E-mail: bnu@iplaw.ph
URL: www.iplaw.ph