These consolidated petitions aim to challenge the constitutionality and

validity of several provisions of Republic Act (R.A.) 10175, also known as the
Cybercrime Prevention Act of 2012.

The Cybercrime law is designed to oversee the access to and utilization of

cyberspace. Through laptops or computers, individuals can connect to the
internet, a system that interconnects them with other computers, facilitating
various activities, including:

1. Accessing virtual libraries and encyclopedias for research, study,

amusement, upliftment, or pure curiosity.
2. Posting notices or messages, along with pictures and videos, for the
general public or specific audiences such as associates, classmates, or
friends, and reading posts from others.
3. Advertising, promoting goods or services, making purchases, and
payments.
4. Inquiring and conducting business with institutional entities like
government agencies, banks, stock exchanges, trade houses, credit
card companies, public utilities, hospitals, and schools.
5. Communicating in writing or by voice with any person through email or
telephone.

Cyberspace, a system accommodating millions and billions of simultaneous

internet accesses and uses, serves the needs of the current generation for
greater information and communication facility. However, the system faces
challenges, as it cannot filter out individuals with malicious intent seeking to
exploit cyberspace for mischief and criminal activities. Individuals can use
the system to unjustly harm others' reputations or engage in bullying
through defamatory online statements.

Furthermore, ill-intentioned individuals can exploit cyberspace for theft by

hacking into or surreptitiously accessing bank accounts or credit cards, or
engaging in fraud through false representations. The malicious use of
cyberspace extends to illicit activities such as trafficking in sex and exposing
innocent children to pornography. Therefore, the government asserts a
legitimate right to regulate cyberspace usage to prevent and penalize
wrongdoing.

However, petitioners argue that the methods employed by the Cybercrime

law to regulate undesirable cyberspace activities infringe upon certain
constitutional rights. The government contends that the law seeks to
reasonably organize cyberspace activities, penalize misconduct, and prevent
harmful attacks on the system.

Issue: ssues:
Petitioners challenge the constitutionality of the following provisions
of the cybercrime law that regard certain acts as crimes and impose
penalties for their commission as well as provisions that would
enable the government to track down and penalize violators. These
provisions are:

1.
Section 4(a)(1) on Illegal Access;
2.
Section 4(a)(3) on Data Interference;
3.
Section 4(a)(6) on Cyber-squatting;
4.
Section 4(b)(3) on Identity Theft;
5.
Section 4(c)(1) on Cybersex;
6.
Section 4(c)(2) on Child Pornography;
7.
Section 4(c)(3) on Unsolicited Commercial Communications;
8.
Section 4(c)(4) on Libel;
9.
Section 5 on Aiding or Abetting and Attempt in the
Commission of Cybercrimes;
10. Section 6 on the Penalty of One Degree Higher;
11. Section 7 on the Prosecution under both the Revised
Penal Code (RPC) and R.A. 10175;
12. Section 8 on Penalties;
13. Section 12 on Real-Time Collection of Traffic Data;
14. Section 13 on Preservation of Computer Data;
15. Section 14 on Disclosure of Computer Data;
16. Section 15 on Search, Seizure and Examination of
Computer Data;
17. Section 17 on Destruction of Computer Data;
18. Section 19 on Restricting or Blocking Access to Computer
Data;
19. Section 20 on Obstruction of Justice;
20. Section 24 on Cybercrime Investigation and Coordinating
Center (CICC); and
21. Section 26(a) on CICC’s Powers and Functions.
Some petitioners also raise the constitutionality of related Articles
353, 354, 361, and 362 of the RPC on the crime of libel.

Held:

Sec. 4(a)(1) – Illegal Access

Section 4. Cybercrime Offenses. – The following acts constitute the offense of

cybercrime punishable under this Act:
(a) Offenses against the confidentiality, integrity and availability of computer
data and systems:

(1) Illegal Access. – The access to the whole or any part of a computer
system without right.

Petitioner’s Contention
Fails to meet the strict scrutiny standard required of laws that interfere
with the fundamental rights

Constitutional.
The Court finds nothing in Section 4(a)(1) that calls for the application of the
strict scrutiny standard since no fundamental freedom, like speech, is
involved in punishing what is essentially a condemnable act – accessing the
computer system of another without right. It is a universally condemned
conduct.

Sidenote: Ethical hackers are not covered by the provision, and thus, are
not punishable.

Sec. 4(a)(3) – Data Interference

(3) Data Interference. – The intentional or reckless alteration, damaging,

deletion or deterioration of computer data, electronic document, or
electronic data message, without right, including the introduction or
transmission of viruses.

Petitioner’s Contention
Suffers from overbreadth as it intrudes into the area of protected speech
and expression

Constitutional.
But Section 4(a)(3) does not encroach on these freedoms at all. It simply
punishes what essentially is a form of vandalism, the act of willfully
destroying without right the things that belong to others, in this case their
computer data, electronic document, or electronic data message. Such act
has no connection to guaranteed freedoms. There is no freedom to destroy
other people’s computer systems and private documents.

Sec. 4(a)(6) – Cybersquatting

Section 4(a)(6) provides:

Section 4. Cybercrime Offenses. – The following acts constitute the offense of
cybercrime punishable under this Act:
(a) Offenses against the confidentiality, integrity and availability of computer
data and systems:

xxx

(6) Cyber-squatting. – The acquisition of domain name over the internet in

bad faith to profit, mislead, destroy the reputation, and deprive others from
registering the same, if such a domain name is:

(i) Similar, identical, or confusingly similar to an existing trademark

registered with the appropriate government agency at the time of the
domain name registration;

(ii) Identical or in any way similar with the name of a person other than the
registrant, in case of a personal name; and

(iii) Acquired without right or with intellectual property interests in it.

Petitioner’s contention
Violates equal protection clause in that, not being narrowly tailored, it will
cause a user using his real name to suffer the same fate as those who use
aliases or take the name of another in satire, parody, or any other literary
device.

Constitutional.
The law is reasonable in penalizing <the person> for acquiring the domain
name in bad faith to profit, mislead, destroy reputation, or deprive others
who are not ill-motivated of the rightful opportunity of registering the same.
The challenge to the constitutionality of Section 4(a)(6) on ground of denial
of equal protection is baseless.

Sec.4(b)(3) – Computer-related Identity Theft

Section 4(b)(3) provides:

Section 4. Cybercrime Offenses. – The following acts constitute the offense of
cybercrime punishable under this Act:
xxxx

b) Computer-related Offenses:

xxxx

(3) Computer-related Identity Theft. – The intentional acquisition, use,

misuse, transfer, possession, alteration, or deletion of identifying information
belonging to another, whether natural or juridical, without right: Provided:
that if no damage has yet been caused, the penalty imposable shall be one
(1) degree lower.

Violates the constitutional rights to due process and to privacy and

correspondence, and transgresses the freedom of the press.

Constitutional.
The law punishes those who acquire or use such identifying information
without right, implicitly to cause damage. Petitioners simply fail to show how
government effort to curb computer-related identity theft violates the right
to privacy and correspondence as well as the right to due process of law.

Also, the charge of invalidity of this section based on the overbreadth

doctrine will not hold water since the specific conducts proscribed do not
intrude into guaranteed freedoms like speech. Clearly, what this section
regulates are specific actions: the acquisition, use, misuse or deletion of
personal identifying data of another. There is no fundamental right to
acquire another’s personal data.

Further, petitioners fear that Section 4(b)(3) violates the freedom of the
press in that journalists would be hindered from accessing the unrestricted
user account of a person in the news to secure information about him that
could be published. But this is not the essence of identity theft that the law
seeks to prohibit and punish. Evidently, the theft of identity information must
be intended for an illegitimate purpose. Moreover, acquiring and
disseminating information made public by the user himself cannot be
regarded as a form of theft.

Sec.4(c)(1) – Cybersex

(c) Content-related Offenses:

(1) Cybersex.– The willful engagement, maintenance, control, or operation,
directly or indirectly, of any lascivious exhibition of sexual organs or sexual
activity, with the aid of a computer system, for favor or consideration.

Violates freedom of expression insofar as between husband and wife or

consenting adults.

Constitutional.
The understanding of those who drew up the cybercrime law is that the
element of “engaging in a business” is necessary to constitute the illegal
cybersex. The Act actually seeks to punish cyber prostitution, white slave
trade, and pornography for favor and consideration. This includes interactive
prostitution and pornography, i.e., by webcam.
Sec 4(c)(2) – Child Pornography

(2) Child Pornography. — The unlawful or prohibited acts defined and

punishable by Republic Act No. 9775 or the Anti-Child Pornography Act of
2009, committed through a computer system: Provided, That the penalty to
be imposed shall be (1) one degree higher than that provided for in Republic
Act No. 9775.

Petitioners point out that the provision of ACPA that makes it unlawful for
any person to “produce, direct, manufacture or create any form of child
pornography” clearly relates to the prosecution of persons who aid and abet
the core offenses that ACPA seeks to punish. Petitioners are wary that a
person who merely doodles on paper and imagines a sexual abuse of a 16-
year-old is not criminally liable for producing child pornography but one who
formulates the idea on his laptop would be. Further, if the author bounces off
his ideas on Twitter, anyone who replies to the tweet could be considered
aiding and abetting a cybercrime.

Constitutional.

It seems that the above merely expands the scope of the Anti-Child
Pornography Act of 2009.

The question of aiding and abetting the offense by simply commenting on it

will be discussed elsewhere below. For now the Court must hold that the
constitutionality of Section 4(c)(2) is not successfully challenged.

Sec.4(c)(3) – Unsolicited Commercial Communications

(3) Unsolicited Commercial Communications. – The transmission of
commercial electronic communication with the use of computer system
which seeks to advertise, sell, or offer for sale products and services are
prohibited unless:
(i) There is prior affirmative consent from the recipient; or

(ii) The primary intent of the communication is for service and/or

administrative announcements from the sender to its existing users,
subscribers or customers; or

(iii) The following conditions are present:

(aa) The commercial electronic communication contains a simple, valid, and

reliable way for the recipient to reject receipt of further commercial
electronic messages (opt-out) from the same source;
(bb) The commercial electronic communication does not purposely disguise
the source of the electronic message; and

(cc) The commercial electronic communication does not purposely include

misleading information in any part of the message in order to induce the
recipients to read the message.

The above penalizes the transmission of unsolicited commercial

communications, also known as “spam.”

Unconstitutional.

But, firstly, the government presents no basis for holding that unsolicited
electronic ads reduce the “efficiency of computers.” Secondly, people, before
the arrival of the age of computers, have already been receiving such
unsolicited ads by mail. These have never been outlawed as nuisance since
people might have interest in such ads. What matters is that the recipient
has the option of not opening or reading these mail ads. That is true with
spams. Their recipients always have the option to delete or not to read them.

To prohibit the transmission of unsolicited ads would deny a person the right
to read his emails, even unsolicited commercial ads addressed to him.
Commercial speech is a separate category of speech which is not accorded
the same level of protection as that given to other constitutionally
guaranteed forms of expression but is nonetheless entitled to protection. The
State cannot rob him of this right without violating the constitutionally
guaranteed freedom of expression. Unsolicited advertisements are legitimate
forms of expression.

Art. 353, 354, and 355 of Revised Penal Code

Sec.4(c)(4) of Cybercrime Law – Libel

Art. 353 – Definition of Libel
Art. 354 – Requirement for Publicity

Art. 355 – Libel means by writings or similar means

Note: RPC Libel requires existence of malice. Where the offended party is a
public individual, actual malice is required to be proven. If the offended
party is a private individual, malice is presumed.
Sec.4(c)(4) Libel. — The unlawful or prohibited acts of libel as defined in
Article 355 of the Revised Penal Code, as amended, committed through a
computer system or any other similar means which may be devised in the
future.

The libel provisions of the cybercrime law carry with them the requirement of
“presumed malice” even when the latest jurisprudence already replaces it
with the higher standard of “actual malice” as a basis for conviction.
Petitioners argue that inferring “presumed malice” from the accused’s
defamatory statement by virtue of Article 354 of the penal code infringes on
his constitutionally guaranteed freedom of expression.

Petitioners would go further. They contend that the laws on libel should be
stricken down as unconstitutional for otherwise good jurisprudence requiring
“actual malice” could easily be overturned as the Court has done in Fermin
v. People even where the offended parties happened to be public figures.

Also, petitioners contend that the laws violate the International Covenant of
Civil and Political Rights to the effect that penal defamation laws should
include defense of truth.

Constitutional.

See SC’s discussion on the Fermin case.

As to the ICCPR, General Comment 34 does not say that the truth of the
defamatory statement should constitute an all-encompassing defense. As it
happens, Article 361 recognizes truth as a defense but under the condition
that the accused has been prompted in making the statement by good
motives and for justifiable ends. Besides, the UNHRC did not actually enjoin
the Philippines, as petitioners urge, to decriminalize libel. It simply suggested
that defamation laws be crafted with care to ensure that they do not stifle
freedom of expression.

The Court agrees with the Solicitor General that libel is not a constitutionally
protected speech and that the government has an obligation to protect
private individuals from defamation.
The internet is characterized as encouraging a freewheeling, anything-goes
writing style. In a sense, they are a world apart in terms of quickness of the
reader’s reaction to defamatory statements posted in cyberspace, facilitated
by one-click reply options offered by the networking site as well as by the
speed with which such reactions are disseminated down the line to other
internet users. Whether these reactions to defamatory statement posted on
the internet constitute aiding and abetting libel, acts that Section 5 of the
cybercrime law punishes, is another matter that the Court will deal with next
in relation to Section 5 of the law.

Sec. 5 – Other Offenses

(a) Aiding or Abetting in the Commission of Cybercrime

(b) Attempt in the Commission of Cybercrime

Sec. 5. Other Offenses. — The following acts shall also constitute an offense:
(a) Aiding or Abetting in the Commission of Cybercrime. – Any person who
willfully abets or aids in the commission of any of the offenses enumerated in
this Act shall be held liable.

(b) Attempt in the Commission of Cybercrime. — Any person who willfully

attempts to commit any of the offenses enumerated in this Act shall be held
liable.

Petitioners assail the constitutionality of Section 5 that renders criminally

liable any person who willfully abets or aids in the commission or attempts to
commit any of the offenses enumerated as cybercrimes. It suffers from
overbreadth, creating a chilling and deterrent effect on protected expression.

Unconstitutional as to Aiding or Abetting in Sec.4c4 (Libel), 4c3

(Unsolicited Commercial Communications), and 4c2 (Child
Pornography).

Constitutional as to Aiding or Abetting in Sec.4a1 (Illegal Access),

4a2 (Illegal Interception), 4a3 (Data Interference), 4a4 (System
Interference), 4a5 (Misuse of Devices, 4a6 (Cyber-squatting), 4b1
(Forgery), 4b2 (Fraud), 4b3 (Identity Theft), and 4c1 (Cybersex).

Constitutional as to Attempting to commit any of these offenses.

The question is: are online postings such as “Liking” an openly defamatory
statement, “Commenting” on it, or “Sharing” it with others, to be regarded
as “aiding or abetting?” – NO.

The old parameters for enforcing the traditional form of libel would be a
square peg in a round hole when applied to cyberspace libel. Unless the
legislature crafts a cyber libel law that takes into account its unique
circumstances and culture, such law will tend to create a chilling effect on
the millions that use this new medium of communication in violation of their
constitutionally-guaranteed right to freedom of expression. Vague and
overbroad. The severity of criminal sanctions may well cause speakers to
remain silent rather than communicate even arguably unlawful words, ideas,
and images.

The terms “aiding or abetting” constitute broad sweep that generates

chilling effect on those who express themselves through cyberspace posts,
comments, and other messages. Hence, Section 5 of the cybercrime law that
punishes “aiding or abetting” libel on the cyberspace is a nullity.

Section 5 with respect to Section 4(c)(4) Libel is unconstitutional.

Its vagueness raises apprehension on the part of internet users
because of its obvious chilling effect on the freedom of expression,
especially since the crime of aiding or abetting ensnares all the
actors in the cyberspace front in a fuzzy way. In the absence of
legislation tracing the interaction of netizens and their level of
responsibility such as in other countries, Section 5, in relation to
Section 4(c)(4) on Libel, Section 4(c)(3) on Unsolicited Commercial
Communications, and Section 4(c)(2) on Child Pornography, cannot
stand scrutiny.
But the crime of aiding or abetting the commission of cybercrimes
under Section 5 should be permitted to apply to Section 4(a)(1) on
Illegal Access, Section 4(a)(2) on Illegal Interception, Section 4(a)(3)
on Data Interference, Section 4(a)(4) on System Interference,
Section 4(a)(5) on Misuse of Devices, Section 4(a)(6) on Cyber-
squatting, Section 4(b)(1) on Computer-related Forgery, Section
4(b)(2) on Computer-related Fraud, Section 4(b)(3) on Computer-
related Identity Theft, and Section 4(c)(1) on Cybersex. None of
these offenses borders on the exercise of the freedom of
expression.

The crime of willfully attempting to commit any of these offenses is for the
same reason not objectionable. A hacker may for instance have done all that
is necessary to illegally access another party’s computer system but the
security employed by the system’s lawful owner could frustrate his effort.
Another hacker may have gained access to usernames and passwords of
others but fail to use these because the system supervisor is alerted. If
Section 5 that punishes any person who willfully attempts to commit this
specific offense is not upheld, the owner of the username and password
could not file a complaint against him for attempted hacking. But this is not
right. The hacker should not be freed from liability simply because of the
vigilance of a lawful owner or his supervisor.

Petitioners of course claim that Section 5 lacks positive limits and could
cover the innocent. While this may be true with respect to cybercrimes that
tend to sneak past the area of free expression, any attempt to commit the
other acts specified in Section 4(a)(1), Section 4(a)(2), Section 4(a)(3),
Section 4(a)(4), Section 4(a)(5), Section 4(a)(6), Section 4(b)(1), Section 4(b)
(2), Section 4(b)(3), and Section 4(c)(1) as well as the actors aiding and
abetting the commission of such acts can be identified with some reasonable
certainty through adroit tracking of their works. Absent concrete proof of the
same, the innocent will of course be spared.

Sec.6
Sec. 6. All crimes defined and penalized by the
Revised Penal Code, as amended, and special
laws, if committed by, through and with the use
of information and communications
technologies shall be covered by the relevant
provisions of this Act: Provided, That the
penalty to be imposed shall be one (1) degree
higher than that provided for by the Revised
Penal Code, as amended, and special laws, as
the case may be.

Constitutional.

Section 6 merely makes commission of existing crimes through the internet

a qualifying circumstance. As the Solicitor General points out, there exists a
substantial distinction between crimes committed through the use of
information and communications technology and similar crimes committed
using other means. In using the technology in question, the offender often
evades identification and is able to reach far more victims or cause greater
harm. The distinction, therefore, creates a basis for higher penalties for
cybercrimes.
 Sec. 7. Liability under Other Laws. — A prosecution
under this Act shall be without prejudice to any liability
for violation of any provision of the Revised Penal Code,
Sec.7 as amended, or special laws.

Violation of the right against double jeopardy

Unconstitutional as to online libel and online child pornography.

For the others, to be determined by courts.

When two different laws define two crimes, prior jeopardy as to one does not
bar prosecution of the other although both offenses arise from the same fact,
if each crime involves some important act which is not an essential element
of the other. With the exception of the crimes of online libel and online child
pornography, the Court would rather leave the determination of the correct
application of Section 7 to actual cases.

Online libel is different. There should be no question that if the published

material on print, said to be libelous, is again posted online or vice versa,
that identical material cannot be the subject of two separate libels. The two
offenses, one a violation of Article 353 of the Revised Penal Code and the
other a violation of Section 4(c)(4) of R.A. 10175 involve essentially the same
elements and are in fact one and the same offense. Indeed, the OSG itself
claims that online libel under Section 4(c)(4) is not a new crime but is one
already punished under Article 353. Section 4(c)(4) merely establishes the
computer system as another means of publication. Charging the offender
under both laws would be a blatant violation of the proscription against
double jeopardy.

The same is true with child pornography committed online. Section 4(c)(2)
merely expands the ACPA’s scope so as to include identical activities in
cyberspace. As previously discussed, ACPA’s definition of child pornography
in fact already covers the use of “electronic, mechanical, digital, optical,
magnetic or any other means.” Thus, charging the offender under both
Section 4(c)(2) and ACPA would likewise be tantamount to a violation of the
constitutional prohibition against double jeopardy.

Sec.8 Section 8 provides for the penalties for the following

crimes: Sections 4(a) on Offenses Against the
Confidentiality, Integrity and Availability of Computer
Data and Systems; 4(b) on Computer-related Offenses;
 4(a)(5) on Misuse of Devices; when the crime punishable
under 4(a) is committed against critical infrastructure;
4(c)(1) on Cybersex; 4(c)(2) on Child Pornography; 4(c)
(3) on Unsolicited Commercial Communications; and
Section 5 on Aiding or Abetting, and Attempt in the
Commission of Cybercrime.

Penalties are too severe.

Constitutional.

The matter of fixing penalties for the commission of crimes is as a rule a

legislative prerogative. Here the legislature prescribed a measure of severe
penalties for what it regards as deleterious cybercrimes. They appear
proportionate to the evil sought to be punished. xxx Judges and magistrates
can only interpret and apply them and have no authority to modify or revise
their range as determined by the legislative department. The courts should
not encroach on this prerogative of the lawmaking body.

Sec.12

Sec. 12. Real-Time Collection of Traffic Data. — Law enforcement authorities,

with due cause, shall be authorized to collect or record by technical or
electronic means traffic data in real-time associated with specified
communications transmitted by means of a computer system.
Traffic data refer only to the communication’s origin, destination, route, time,
date, size, duration, or type of underlying service, but not content, nor
identities.

All other data to be collected or seized or disclosed will require a court

warrant.

Service providers are required to cooperate and assist law enforcement

authorities in the collection or recording of the above-stated information.

The court warrant required under this section shall only be issued or
granted upon written application and the examination under oath or
affirmation of the applicant and the witnesses he may produce and the
showing: (1) that there are reasonable grounds to believe that any of the
crimes enumerated hereinabove has been committed, or is being committed,
or is about to be committed; (2) that there are reasonable grounds to believe
that evidence that will be obtained is essential to the conviction of any
person for, or to the solution of, or to the prevention of, any such crimes; and
(3) that there are no other means readily available for obtaining such
evidence.

Petitioners assail the grant to law enforcement agencies of the power to

collect or record traffic data in real time as tending to curtail civil liberties or
provide opportunities for official abuse. They claim that data showing where
digital messages come from, what kind they are, and where they are
destined need not be incriminating to their senders or recipients before they
are to be protected. Petitioners invoke the right of every individual to privacy
and to be protected from government snooping into the messages or
information that they send to one another.

Unconstitutional.

See full text for the discussion regarding the right to privacy, touching the
topics of informational privacy and the technicalities of traffic data and
computer data transferred through the internet.

In much the same way, ICT users must know that they cannot
communicate or exchange data with one another over cyberspace
except through some service providers to whom they must submit
certain traffic data that are needed for a successful cyberspace
communication. The conveyance of this data takes them out of the
private sphere, making the expectation to privacy in regard to them
an expectation that society is not prepared to recognize as
reasonable.

The Court, however, agrees with Justices Carpio and Brion that
when seemingly random bits of traffic data are gathered in bulk,
pooled together, and analyzed, they reveal patterns of activities
which can then be used to create profiles of the persons under
surveillance. With enough traffic data, analysts may be able to
determine a person’s close associations, religious views, political
affiliations, even sexual preferences. Such information is likely
beyond what the public may expect to be disclosed, and clearly falls
within matters protected by the right to privacy.
However, SC struck down the provision as unconstitutional because of the
vagueness of the provision. What constitutes “due cause”? The authority
that Section 12 gives law enforcement agencies is too sweeping and lacks
restraint. While it says that traffic data collection should not disclose
identities or content data, such restraint is but an illusion. Admittedly,
nothing can prevent law enforcement agencies holding these data in their
hands from looking into the identity of their sender or receiver and what the
data contains. This will unnecessarily expose the citizenry to leaked
information or, worse, to extortion from certain bad elements in these
agencies.
Sec. 13. Preservation of Computer Data. — The integrity
of traffic data and subscriber information relating to
communication services provided by a service provider
shall be preserved for a minimum period of six (6)
months from the date of the transaction. Content data
shall be similarly preserved for six (6) months from the
date of receipt of the order from law enforcement
authorities requiring its preservation.
Law enforcement authorities may order a one-time
extension for another six (6) months: Provided, That
once computer data preserved, transmitted or stored by
a service provider is used as evidence in a case, the
mere furnishing to such service provider of the
transmittal document to the Office of the Prosecutor
shall be deemed a notification to preserve the computer
data until the termination of the case.

The service provider ordered to preserve computer data

shall keep confidential the order and its compliance.
Sec.13

Section 13 constitutes an undue deprivation of the right to property. They

liken the data preservation order that law enforcement authorities are to
issue as a form of garnishment of personal property in civil forfeiture
proceedings. Such order prevents internet users from accessing and
disposing of traffic data that essentially belong to them.

Constitutional.

The data that service providers preserve on orders of law enforcement

authorities are not made inaccessible to users by reason of the issuance of
such orders. The process of preserving data will not unduly hamper the
normal transmission or use of the same.

Sec.14 Sec. 14. Disclosure of The process Constitutional.

Computer Data. — Law envisioned in
enforcement Section 14 is
authorities, upon being likened it is well-settled that
securing a court to the issuance the power to issue
 warrant, shall issue an
order requiring any
person or service
provider to disclose or
submit subscriber’s
information, traffic data
or relevant data in
his/its possession or
control within seventy-
two (72) hours from
receipt of the order in
relation to a valid subpoenas is not
complaint officially of a subpoena. exclusively a judicial
docketed and assigned Petitioners’ function. Executive
for investigation and the objection is agencies have the
disclosure is necessary that the power to issue
and relevant for the issuance of subpoena as an
purpose of subpoenas is a adjunct of their
investigation. judicial investigatory
function. powers.

Sec.15 Sec. 15. Search, Petitioners Constitutional.

Seizure and challenge
Examination of Section 15 on
Computer Data. — the On its face,
Where a search and assumption however, Section
seizure warrant is that it will 15 merely
properly issued, the law supplant enumerates the
enforcement authorities established duties of law
shall likewise have the search and enforcement
following powers and seizure authorities that
duties. procedures. would ensure the
Within the time period proper collection,
specified in the preservation, and
warrant, to conduct use of computer
interception, as defined system or data that
in this Act, and: have been seized
by virtue of a court
(a) To secure a warrant. The
computer system or a exercise of these
computer data storage duties do not pose
medium; any threat on the
rights of the person
(b) To make and retain from whom they
a copy of those were taken. Section
computer data secured; 15 does not appear
to supersede
(c) To maintain the existing search and
integrity of the relevant seizure rules but
stored computer data; merely
supplements them.
(d) To conduct forensic
analysis or examination
of the computer data
storage medium; and

(e) To render
inaccessible or remove
those computer data in
the accessed computer
or computer and
communications
network.
Pursuant thereof, the
law enforcement
authorities may order
any person who has
knowledge about the
functioning of the
computer system and
the measures to protect
and preserve the
computer data therein
to provide, as is
reasonable, the
necessary information,
to enable the
undertaking of the
search, seizure and
examination.

Law enforcement
authorities may request
for an extension of time
to complete the
examination of the
computer data storage
medium and to make a
 return thereon but in no
case for a period longer
than thirty (30) days
from date of approval
by the court.

Constitutional.

But, as already
stated, it is unclear
that the user has a
demandable right
to require the
service provider to
Petitioners have that copy of
claim that the data saved
Sec. 17. Destruction of such indefinitely for him
Computer Data. — destruction of in its storage
Upon expiration of the computer data system. If he
periods as provided in subject of wanted them
Sections 13 and 15, previous preserved, he
service providers and preservation should have saved
law enforcement or examination them in his
authorities, as the case violates the computer when he
may be, shall user’s right generated the data
immediately and against or received it. He
completely destroy the deprivation of could also request
computer data subject property the service provider
of a preservation and without due for a copy before it
Sec.17 examination. process of law. is deleted.

Sec.19 Sec. 19. Restricting or Petitioners Unconstitutional.

Blocking Access to contest
Computer Data.— Section 19 in
When a computer data that it stifles Violative of the
is prima facie found to freedom of constitutional
be in violation of the expression guarantees to
provisions of this Act, and violates freedom of
the DOJ shall issue an the right expression and
order to restrict or against against
unreasonable
block access to such unreasonable searches and
computer data. searches and seizures.
seizures.

Computer data may

constitute personal
property, and thus,
are protected from
unreasonable
searches and
seizures whether
while stored in their
personal computers
or in the service
provider’s systems.

The content of the

computer data can
also constitute
speech. In such a
case, Section 19
operates as a
restriction on the
freedom of
expression over
cyberspace.
Certainly not all
forms of speech are
protected.
Legislature may,
within
constitutional
bounds, declare
certain kinds of
expression as
illegal. But for an
executive officer to
seize content
alleged to be
unprotected
without any judicial
warrant, it is not
enough for him to
be of the opinion
that such content
violates some law,
for to do so would
make him judge,
jury, and
executioner all
rolled into one.

Not only does

Section 19 preclude
any judicial
intervention, but it
also disregards
jurisprudential
guidelines
established to
determine the
validity of
restrictions on
speech. Section
19, however,
merely requires
that the data to be
blocked be
found prima facie in
violation of any
provision of the
cybercrime law.
Taking Section 6
into consideration,
this can actually be
made to apply in
relation to any
penal provision. It
does not take into
consideration any
of the dangerous
tendency test,
balancing of
 interest test, and
clear and present
danger test.

Constitutional.

But since the non-

compliance would
be punished as a
violation of
Presidential Decree
(P.D.) 1829, Section
20 necessarily
incorporates
elements of the
offense which are
defined therein.
xxx Thus, the act of
Sec. non-compliance, for
20. Noncompliance. — it to be punishable,
Failure to comply with Petitioners must still be done
the provisions of challenge “knowingly or
Chapter IV hereof Section 20, willfully.” There
specifically the orders alleging that it must still be a
from law enforcement is a bill of judicial
authorities shall be attainder. The determination of
punished as a violation argument is guilt, during which,
of Presidential Decree that the mere as the Solicitor
No. 1829 with failure to General assumes,
imprisonment of prision comply defense and
correctional in its constitutes a justifications for
maximum period or a legislative non-compliance
fine of One hundred finding of guilt, may be raised.
thousand pesos without regard Thus, Section 20 is
(Php100,000.00) or to situations valid insofar as it
both, for each and where non- applies to the
every noncompliance compliance provisions of
with an order issued by would be Chapter IV which
law enforcement reasonable or are not struck down
Sec.20 authorities. valid. by the Court.

Sec.24 a Sec. 24. Cybercrime Petitioners Constitutional.

 Investigation and
Coordinating Center.–
There is hereby
created, within thirty
(30) days from the
effectivity of this Act,
an inter-agency body to
be known as the
Cybercrime
Investigation and
Coordinating Center
(CICC), under the
administrative
supervision of the
Office of the President, mainly
for policy coordination contend that
among concerned Congress
agencies and for the invalidly
formulation and delegated its
enforcement of the power when it
national cybersecurity gave the
plan. Cybercrime
Sec. 26. Powers and Investigation
Functions.– The CICC and
shall have the following Coordinating
powers and functions: Center (CICC)
(a) To formulate a the power to
national cybersecurity formulate a
plan and extend national
immediate assistance cybersecurity
of real time commission plan without
of cybercrime offenses any sufficient It passes the
through a computer standards or completeness test
emergency response parameters for and sufficient
nd 26a team (CERT); x x x. it to follow. standard test.

Hence,
VOID for being UNCONSTITUTIONAL:

1. Section 4(c)(3) of Republic Act 10175 that penalizes posting

of unsolicited commercial communications;
2. Section 12 that authorizes the collection or recording of
traffic data in real-time; and
 3. Section 19 of the same Act that authorizes the Department
of Justice to restrict or block access to suspected Computer
Data.
VALID and CONSTITUTIONAL:

1. Section 4(a)(1) that penalizes accessing a computer system

without right;
2. Section 4(a)(3) that penalizes data interference, including
transmission of viruses;
3. Section 4(a)(6) that penalizes cyber-squatting or acquiring
domain name over the internet in bad faith to the prejudice
of others;
4. Section 4(b)(3) that penalizes identity theft or the use or
misuse of identifying information belonging to another;
5. Section 4(c)(1) that penalizes cybersex or the lascivious
exhibition of sexual organs or sexual activity for favor or
consideration;
6. Section 4(c)(2) that penalizes the production of child
pornography;
7. Section 6 that imposes penalties one degree higher when
crimes defined under the Revised Penal Code are committed
with the use of information and communications
technologies;
8. Section 8 that prescribes the penalties for cybercrimes;
9. Section 13 that permits law enforcement authorities to
require service providers to preserve traffic data and
subscriber information as well as specified content data for
six months;
10. Section 14 that authorizes the disclosure of computer
data under a court-issued warrant;
11. Section 15 that authorizes the search, seizure, and
examination of computer data under a court-issued warrant;
12. Section 17 that authorizes the destruction of previously
preserved computer data after the expiration of the
prescribed holding periods;
13. Section 20 that penalizes obstruction of justice in relation
to cybercrime investigations;
14. Section 24 that establishes a Cybercrime Investigation
and Coordinating Center (CICC);
15. Section 26(a) that defines the CICC’s Powers and
Functions; and
 16. Articles 353, 354, 361, and 362 of the Revised Penal Code
that penalizes libel.
Further, the Court DECLARES:
1. Section 4(c)(4) that penalizes online libel
as VALID and CONSTITUTIONALwith respect to the original author
of the post; but VOID and UNCONSTITUTIONAL with respect to
others who simply receive the post and react to it; and
2. Section 5 that penalizes aiding or abetting and attempt in the
commission of cybercrimes as VALID and CONSTITUTIONAL only
in relation to Section 4(a)(1) on Illegal Access, Section 4(a)(2) on
Illegal Interception, Section 4(a)(3) on Data Interference, Section
4(a)(4) on System Interference, Section 4(a)(5) on Misuse of
Devices, Section 4(a)(6) on Cyber-squatting, Section 4(b)(1) on
Computer-related Forgery, Section 4(b)(2) on Computer-related
Fraud, Section 4(b)(3) on Computer-related Identity Theft, and
Section 4(c)(1) on Cybersex;
but VOID and UNCONSTITUTIONAL with respect to Sections 4(c)
(2) on Child Pornography, 4(c)(3) on Unsolicited Commercial
Communications, and 4(c)(4) on online Libel.
Lastly, the Court RESOLVES to LEAVE THE DETERMINATION of
the correct application of Section 7 that authorizes prosecution of
the offender under both the Revised Penal Code and Republic Act
10175 to actual cases, WITH THE EXCEPTION of the crimes of:
1. Online libel as to which, charging the offender under both
Section 4(c)(4) of Republic Act 10175 and Article 353 of the
Revised Penal Code constitutes a violation of the
proscription against double jeopardy; as well as
2. Child pornography committed online as to which, charging
the offender under both Section 4(c)(2) of Republic Act
10175 and Republic Act 9775 or the Anti-Child Pornography
Act of 2009 also constitutes a violation of the same
proscription,
and, in respect to these, is VOID and UNCONSTITUTIONAL.