The internet gives us information and opportunities beyond anything that we have ever imagined, now and then. Access to the internet and an uninterrupted flow of information determine how businesses work on a day-to-day basis and how other sectors of the society function as a whole. However, it also bites back to us by allowing these opportunities and information to be used maliciously and later on causing us harm.
Cybersecurity incidents, either intentional or accidental, are now abundant, and aggravating situations can be seen and felt. They are prevalent in that it severely disrupts essential services as well as economic and societal activities.
A significant and growing threat to digital security and systems that cause devastating effects to all sectors throughout the world is considered, as well, as cybercrime, among others.
Cybercrime, as defined by Merriam-Webster, is committed using a computer especially to illegally access, transmit, or manipulate data and to commit criminal activities such as fraud, theft, cyber libel or distribution of child pornography via the internet.1
By abusing modern technology, cybercrime emerges and ruins businesses and even lives. With how progressive modern technology is now, and how accessible information is, rampant cases of cybercrime can be seen everyday, hence becoming a growing, global problem.
Whether you are a small business, a part of the Top 100 companies in the country, a digital savvy person, or wanting to become a cybersecurity expert, you need to be aware of cybercrime. Such has a worldwide pernicious ramifications.
Most, but not all, think that cybercrime is committed by professional hackers. Well there is some truth into this but not all. Cybercriminals are sometimes digital savvy or technically skilled people who know not just to hack but to access encrypted data, create malware or viruses.
Their main aim is to damage computers, steal data or information, or create malware attacks to gain profit or extort money from their victims. They utilize digital technology to proliferate their illegal activities.
To learn more on what cybercrime is, how these cybercriminals are penalized, and what you can do to protect yourself, we shall discuss the same in a nutshell detail.
What is a Cybercrime Warrant?
Cybercrime warrants are judicial orders that involve the following acts relevant to computer data:
- The keeping of data that is protected from deterioration
- Disclosure of confidential data or information
- Monitoring and listening of the content of communications
- Search, seizure, and/or examination
- Custody and destruction of computer data
These are in connection with Republic Act [RA] No. 101752 which also known as the “Cybercrime Prevention Act of 2012”
The purpose of this rule is not to replace the existing Rules of Criminal Procedure but to expand the same. The provisions of which shall remain to govern the preliminary investigation as well as all stages of prosecution of criminal actions that involves any violations of RA 10175.
The Cybercrime Prevention law also includes all crimes specified and penalized by the Revised Penal Code and violations of special laws perpetrated by, through and with the use of electronic means in transmitting, collecting and disseminating data.
Considering that cybercrime may be committed anywhere and may have an effect on different jurisdictions, the Rule on Cybercrime Warrants also prescribes for its rules in extraterritorial enforcement. Such warrants that shall be served outside the Philippine jurisdiction shall be pursued through the Office of Cybercrime under the Department of Justice.
What is the applicable rule with respect to the issuance of Cybercrime Warrants?
Pursuant to Section 5 (5), Article VIII of the 1987 Constitution, the Supreme Court is vested with the power to promulgate rules concerning the pleading, practice, and procedure in all courts.
Thus, in order to complement the state policy leading to the enactment of RA 10175, the Supreme Court, having in mind the necessity to provide rules for the detection, investigation, and prosecution of cybercrime offenses, especially for the application, issuance, and implementation of court warrants technically-suited to the nature of cybercrime offenses, promulgated A. M. No. 17-11-03-SC,3 otherwise known as the Rule on Cybercrime Warrants.
What are the 4 cybercrime warrants [A.M. No. 17-11-03-SC]?
The Rule on Cybercrime Warrants also provides the forms of four types of warrants which are:4
- The warrants to intercept computer data, an order in writing which authorizes the listening, recording, monitoring, or surveillance of the content of communications through the use of a computer system, electronic eavesdropping or tapping devices;
- The warrants to disclose computer data, which is a written order that authorizes the issuance of an order to reveal confidential data and command any person or service provider to disclose subscriber’s information or any relevant data he/she possess;
- The warrants to examine computer data, which is a requirement by the law enforcement authorities before searching the computer system of the lawfully arrested person/s in order to gain forensic examination of latter’s computer data;
- Lastly, the warrants to search, seize, and examine computer data. It is an order in writing which authorizes the law enforcement authorities, to search the particular place relevant to the commission of the violations of cybercrime, in order to seize or examine.
The application for warrant can be filed before any of the cybercrime courts designated by law where the offense or the elements of which has been committed or the location of any part of the computer system used or the place where the damage to a natural or juridical person arises.
Warrant to disclose computer data
A warrant to Disclose Computer Data is defined under Section 4.2 of the Rules on Cybercrime Warrants as:
Section 4.2. Warrant to Disclose Computer Data (WDCD). – A WDCD is an order in writing issued in the name of the People of the Philippines, signed by a judge, upon application of law enforcement authorities, authorizing the latter to issue an order to disclose and accordingly, require any person or service provider to disclose or submit subscriber’s information, traffic data, or relevant data in his/her or its possession or control.5
This provision is in pursuant to the provision in the Cybercrime Prevention Act of 2012 which provides that:
SEC. 14. Disclosure of Computer Data. — Law enforcement authorities, upon securing a court warrant, shall issue an order requiring any person or service provider to disclose or submit subscriber’s information, traffic data or relevant data in his/its possession or control within seventy-two (72) hours from receipt of the order in relation to a valid complaint officially docketed and assigned for investigation and the disclosure is necessary and relevant for the purpose of investigation.6
It is important to remember that only judges have the authority to issue warrants since this is provided in our Constitution.
How long are cybercrime warrants valid?
Cybercrime warrants are valid only up to a period not exceeding ten (10) days after its issuance. This is provided under Section 2.5 of the Rule on Cybercrime Warrants which provides that:
Section 2.5. Effective Period of Warrants. – Any warrant issued under this Rule shall only be effective for the length of time as determined by the court, which shall not exceed a period of ten (10) days from its issuance. The court issuing the warrant may, upon motion, extend its effectivity based only on justifiable reasons for a period not exceeding ten (10) days from the expiration of the original period.7
Moreover, under Section 4.1 of the Rules on Cybercrime Warrants:
Section 4.1. Disclosure of Computer Data. – Pursuant to Section 14, Chapter IV of RA 10175, law enforcement authorities, upon securing a Warrant to Disclose Computer Data (WDCD) under this Rule, shall issue an order requiring any person or service provider to disclose or submit subscriber’s information, traffic data or relevant data in his/her or its possession or control within seventy-two (72) hours from receipt of the order in relation to a valid complaint officially docketed and assigned for investigation and the disclosure is necessary and relevant for the purpose of investigation.8
Thus, the law enforcer should be able to execute the warrant within 10 days otherwise the warrant will be void if executed beyond the period provided by the law.
How can a person or entity be subject of a cybercrime warrant?
In light of the passage of RA 10175 or the Cybercrime Prevention Act of 2012, said law provides that a court shall grant the issuance of a warrant “upon written application and the examination under oath or affirmation of the applicant and the witnesses he may produce and the showing:
 that there are reasonable grounds to believe that any of the crimes enumerated herein above has been committed, or is being committed, or is about to be committed: (2) that there are reasonable grounds to believe that evidence that will be obtained is essential to the conviction of any person for, or to the solution of, or to the prevention of, any such crimes; and (3) that there are no other means readily available for obtaining such evidence.”9
The Supreme Court, in view of its Constitutional power to promulgate rules concerning procedures in all courts,10 has issued on July 3, 2018, A.M. No. 17-11-03-SC or the Rule on Cybercrime Warrants.
With this rule, the issuance of warrants in relation with cybercrime offenses became in order. Generally, any person or entity can be subject of a cybercrime warrant when there is:
“violation of Section 4 (Cybercrime Offenses) and/or Section 5 (Other Offenses), and Section 6 (all crimes defined and penalized the Revised Penal Code, as amended, and other special penal laws, if committed by through, and with the use of ICT), Chapter II of RA 10175.”11
Thus, under the rule, any person or service provider may be required to disclose or submit subscriber’s information, traffic data or relevant data in his/her or its possession or control in relation to a valid complaint and when the disclosure is necessary or relevant for the purpose of investigation.12
Also, a warrant, for purposes of interception of computer data,13 may also be issued to carry any or all of the following activities:
(a) listening to,14
(c) monitoring, or16
(d) surveillance of the content of communications, including procuring of the content of computer data, either directly, through access and use of a computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at the same time that the communication is occurring.17
What has been decided
The landmark case of Disini vs. Secretary of Justice18 has set the judicial precedent in cases involving cybercrime offenses. In the said case, petitioners challenged the constitutionality of Cybercrime Prevention Act of 2012. We will delve with issues challenging the validity of cybercrime warrants.
As earlier mentioned, one of the warrants under the Rule19 is the Warrant to Intercept Computer Data (WICD).
Petitioners argued that data interference20 “suffers from overbreadth in that, while it seeks to discourage data interference, it intrudes into the area of protected speech and expression, creating a chilling and deterrent effect on these guaranteed freedoms.”21
In upholding its validity, the Supreme Court ruled:
“[u]nder the overbreadth doctrine, a proper governmental purpose, constitutionally subject to state regulation, may not be achieved by means that unnecessarily sweep its subject broadly, thereby invading the area of protected freedoms. But Section 4(a)(3) does not encroach on these freedoms at all. It simply punishes what essentially is a form of vandalism, the act of willfully destroying without right the things that belong to others, in this case their computer data, electronic document, or electronic data message. Such an act has no connection to guaranteed freedoms. There is no freedom to destroy other people’s computer systems and private documents.”22
Petitioners further assailed the validity of Sec. 12 authorizing law enforcement authorities to “collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system.”23 They claim that “record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system.”24
In declaring Sec. 12 of the law unconstitutional, the Supreme Court ruled:
“The authority that Section 12 gives law enforcement agencies is too sweeping and lacks restraint. While it says that traffic data collection should not disclose identities or content data, such restraint is but an illusion. Admittedly, nothing can prevent law enforcement agencies holding these data in their hands from looking into the identity of their sender or receiver and what the data contains. This will unnecessarily expose the citizenry to leaked information or, worse, to extortion from certain bad elements in these agencies.25
xxx xxx xxx
This Court is mindful that advances in technology allow the government and kindred institutions to monitor individuals and place them under surveillance in ways that have previously been impractical or even impossible. ‘All the forces of a technological age x x x operate to narrow the area of privacy and facilitate intrusions into it. In modern terms, the capacity to maintain and support this enclave of private life marks the difference between a democratic and a totalitarian society.’ The Court must ensure that laws seeking to take advantage of these technologies be written with specificity and definiteness as to ensure respect for the rights that the Constitution guarantees.”26
As regards Section 15 of the law, the Supreme Court held:
“petitioners challenge Section 15 on the assumption that it will supplant established search and seizure procedures. On its face, however, Section 15 merely enumerates the duties of law enforcement authorities that would ensure the proper collection, preservation, and use of computer system or data that have been seized by virtue of a court warrant. The exercise of these duties do not pose any threat on the rights of the person from whom they were taken. Section 15 does not appear to supersede existing search and seizure rules but merely supplements them.”27
Emerging technologies like the rapidly developing internet, cloud services, robotic technology, wireless communication and artificial intelligence are now becoming an essential and integral part of our lives.
These technologies may be a doorway to a more cost effective, faster and efficient future for the business world and even in our personal lives.
Unfortunately, they can also backfire as these are the favorite avenues for criminals to commit larger and potentially more complicated cybercrime.
Criminals can now use mobile phones, laptop computers, and network servers in the course of committing their crimes just like launching hacker attacks against vulnerable network servers, disseminate computer viruses.
The dramatic increase in computer-related crime requires prosecutors and law enforcement agents to know how to obtain electronic evidence stored in computers and just like any other crimes or offenses punishable in our country, a search warrant is an integral requirement to aid in the prosecution of cybercrime.
A cybercrime warrant gives law enforcement officers the authority to search and seizure of computer hardware, digital information, or both.
Needless to say, the surge of cybercrime is quite alarming. With how fast technology progresses and how quick people can adapt to these changes, cybercrime will increase by leaps and bounds in the years to come which will become a threat across all sectors of society worldwide.
With this realization, more harsher and stringent laws should be enacted that can really restrict this kind of criminal activity and make cybercriminals be more vigilant before they can think of committing one.
- Cybercrime, Meaning
- RA 10175
- Rule on Cybercrime Warrants
- Sec. 14, RA 10175, Supra.
- Sec. 2.5, Rule on Cybercrime Warrant, Supra.
- Sec. 4.1, Id.
- Sec. 12, RA 10175, Supra.
- Sec. 5 (5), Art. VIII, 1987 Constitution
- Sec. 2, A.M. No. 17-11-03-SC, Supra.
- Sec. 4.1, Id.
- Sec. 5.1, Id.
- Sec. 5.2, Id.
- G.R. No. 203335, February 11, 2014
- A.M. No. 17-11-03-SC or Rule on Cybercrime Warrants, Supra.
- Sec. 4[a], RA 10175, Supra.
- G.R. No. 203335, February 11, 2014, Supra.
- G.R. No. 203335, February 11, 2014, Supra.