QuestionsQuestions (Republic Act No. 10175)
Section 2 declares that the State recognizes the vital role of ICT and related industries in development, the need to provide an environment for free and intelligible access to information, and the necessity to protect the integrity, confidentiality, and availability of computer systems, networks, databases, and information/data against misuse, abuse, and illegal access. It commits to adopting sufficient powers to prevent and combat offenses, including facilitating detection, investigation, and prosecution domestically and internationally, and providing arrangements for fast and reliable international cooperation.
“Access” means instruction, communication with, storing data in, retrieving data from, or otherwise making use of any resources of a computer system or communication network.
“Without right” refers to conduct undertaken without or in excess of authority, or conduct not covered by established legal defenses, excuses, court orders, justifications, or relevant principles under the law.
Computer data (Sec. 3(e)) is any representation of facts/information/concepts in a form suitable for processing, including programs and electronic documents/data messages, whether stored locally or online. Computer system (Sec. 3(g)) is any device/group of interconnected devices performing automated processing of data under a program, including devices with data processing capabilities like mobile phones and networks, and includes storage media. Computer program (Sec. 3(f)) is a set of instructions executed by the computer to achieve intended results.
Section 3(p) defines traffic data (non-content data) as computer data other than the content of the communication, including origin, destination, route, time, date, size, duration, and type of underlying service. RA 10175 distinguishes it from content data, which is the actual communication content.
Illegal Access (Sec. 4(a)(1)): access to any part of a computer system without right. Illegal Interception (Sec. 4(a)(2)): interception by technical means without right of any non-public transmission of computer data. Data Interference (Sec. 4(a)(3)): intentional or reckless alteration/damaging/deleting/deterioration of computer data/program/e-doc/message without right, including viruses. System Interference (Sec. 4(a)(4)): intentional alteration or reckless hindering/interference with functioning by inputting/transmitting/damaging/deleting/deteriorating/altering/suppressing data/program/message without right or authority, including viruses. Misuse of Devices (Sec. 4(a)(5)): use/production/sale/procurement/import/distribution/availability without right of devices designed for committing such offenses or passwords/access codes with intent to use them.
It requires acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, or deprive others from registering it, where the domain name is (i) similar/confusingly similar to an existing registered trademark; or (ii) identical or similar to the name of a person other than the registrant; and (iii) acquired without right or with no IP interests in it.
Computer-related Forgery is (i) input/alteration/deletion of computer data without right resulting in inauthentic data with intent that it be considered/acted upon for legal purposes as if authentic; or (ii) knowingly using computer data that is the product of such forgery to perpetuate a fraudulent/dishonest design. The clause means that the offense applies even if the manipulated data is not directly readable/intelligible, as long as it is meant to be treated as authentic for legal purposes.
Computer-related Fraud (Sec. 4(b)(2)) focuses on unauthorized input/alteration/deletion or interference in system functioning with fraudulent intent causing damage (or if no damage yet, penalty is one degree lower). Computer-related Forgery (Sec. 4(b)(1)) focuses on producing inauthentic data intended to be treated as authentic for legal purposes, and on knowingly using the product of such forgery.
It is prohibited unless one of the following exists: (i) prior affirmative consent of the recipient; or (ii) primary intent is service/administrative announcements to existing users/subscribers/customers; or (iii) conditions are present including: simple valid reliable opt-out method; no purposeful disguise of the message source; and no purposeful misleading information to induce recipients to read.
Noncompliance refers to failure to comply with Chapter IV provisions, specifically orders from law enforcement authorities. The penalty is imprisonment of prision correctional in its maximum period or a fine of at least Php100,000 or both, for each and every noncompliance with an order issued.
Law enforcement authorities may collect/record traffic data in real time only with due cause and authorization; it must be limited to origin/destination/route/time/date/size/duration/type of underlying service, not content or identities. Other data require court warrant. Service providers must cooperate. The warrant must be issued only upon written application with examination under oath/affirmation and showing reasonable grounds of the cybercrime being committed/being committed/being about to be committed, that evidence is essential to conviction/solution/prevention, and that no other means are readily available.
Traffic data and subscriber information must be preserved for at least six (6) months from the date of the transaction; content data must be preserved for six (6) months from receipt of the order. Authorities may order a one-time extension for another six (6) months. Once preserved data is used as evidence in a case, furnishing the transmittal document to the Office of the Prosecutor is deemed notification to preserve until termination of the case. Service providers must keep orders and compliance confidential.
A court warrant is required. After securing it, law enforcement authorities may issue an order requiring submission/disclosure within seventy-two (72) hours from receipt of the order. The disclosure must relate to a valid complaint officially docketed and assigned for investigation, and must be necessary and relevant for the investigation.
Section 18 provides that any evidence procured without a valid warrant or beyond the authority of the same is inadmissible in any proceeding before any court or tribunal. This ensures due process and guards against unlawful searches/seizures in cybercrime investigations.
RTC has jurisdiction over any violation of RA 10175, including violations committed by a Filipino national regardless of place of commission, where any element was committed within the Philippines or with use of a computer system wholly/partly situated in the country, or where damage was caused to a person in the Philippines at the time of the offense. Special cybercrime courts manned by specially trained judges are designated.