Law Summary
Declaration of Policy
- Recognizes vital role of ICT industries in social and economic development.
- Aims to provide an environment for free, easy access to information and protection of computer systems.
- Seeks to make punishable all forms of misuse, abuse, and illegal access to computer data and systems.
- Adopts powers for effective prevention, detection, investigation, and prosecution at domestic and international levels.
Definitions
- Provides comprehensive definitions of terms such as Access, Alteration, Computer, Computer System, Digital Evidence, Cybersex, Cybersecurity, Service Provider, Traffic Data, and more.
- Defines key concepts like Critical Infrastructure, National Cybersecurity Plan, and Forensics relevant to cybercrime prevention.
Core Cybercrime Offenses and Penalties
- Enumerates core offenses including Illegal Access, Illegal Interception, Data Interference, System Interference, and Misuse of Devices.
- Penalties range from prison terms of prision mayor and fines from P200,000 to amounts commensurate to damage incurred.
- Enhanced penalties apply when offenses are committed against critical infrastructure.
Computer-Related Offenses
- Includes Computer-related Forgery, Fraud, and Identity Theft.
- Punishments include prison terms and fines similar to core offenses, adjusted for damage or intent.
Content-Related Offenses
- Child Pornography punishable under RA 9775 with penalty one degree higher if committed through computer systems.
Other Cybercrimes
- Includes Cyber-squatting (acquisition of domain names in bad faith), Cybersex, and Online Libel.
- Specifies penalties varying from prision mayor to fines ranging from P6,000 upwards.
- Provisions on aiding, abetting, and attempts included.
Corporate Liability
- Juridical persons may be held liable for offenses committed on their behalf or benefit.
- Fines can reach up to P10 million depending on degree of control or negligence.
- Criminal liability of natural persons remains unaffected.
Relation to Other Laws
- Cybercrimes committed through ICT may receive penalties one degree higher than prescribed by the Revised Penal Code or special laws.
- Prosecution under this Act does not preclude liability under other laws, with specific exceptions noted.
Enforcement Authorities
- NBI and PNP responsible for enforcement, each with designated cybercrime units.
- DOJ-Office of Cybercrime coordinates efforts and supervises law enforcement cybercrime divisions.
Powers and Duties of Law Enforcement
- Investigate cybercrimes, conduct forensic analysis, formulate investigation guidelines.
- Provide technological support, maintain databases, and assist national cybersecurity efforts.
- Submit timely reports and comply with procedures issued by competent authorities.
Preservation, Collection, and Disclosure of Computer Data
- Service providers must preserve traffic and subscriber data for six months, content data upon order.
- Law enforcement needs court-issued warrants to collect, disclose, or seize computer data.
- Orders for disclosure must be complied with within 72 hours.
Search, Seizure, Custody and Destruction of Computer Data
- Warrants authorize search, seizure, forensic examination, and securing of computer data.
- Custody protocols require sealed court deposits and affidavits to maintain integrity.
- Destroy preserved data after case termination or court order.
Exclusionary Rule and Non-compliance
- Evidence obtained without a valid warrant or beyond its authority is inadmissible.
- Non-compliance with lawful orders punishable by imprisonment or fines.
Liability of Service Providers
- Service providers are not liable for user-generated content unless aware of wrongdoing and financially benefited.
- Obligations under contract or law and court orders for injunctive relief remain binding.
Jurisdiction and Venue
- Regional Trial Courts have jurisdiction over violations committed wholly or partly in the Philippines.
- Venue lies where any element of the crime, damages, or computer system location is.
- Special cybercrime courts and designated prosecutors/investigators established.
International Cooperation
- Act supports mutual legal assistance based on international treaties and domestic laws.
- DOJ coordinates requests for preservation, interception, access, and extradition related to cybercrimes.
- Dual criminality waived for data preservation requests with exceptions for political offenses.
Competent Authorities
- Cybercrime Investigation and Coordinating Center (CICC) composed of representatives from DOST, NBI, PNP, DOJ, private sector, and academe.
- CICC formulates cybersecurity plans, oversees cybercrime cases, facilitates cooperation, and conducts awareness programs.
- DOJ Office of Cybercrime serves as central authority and operations center.
- DOST-ICT Office operates Computer Emergency Response Team (CERT) for cybersecurity coordination.
Duties of Service Providers
- Preserve data for mandated periods, maintain confidentiality of preservation orders.
- Cooperate with law enforcement in collection and disclosure of data.
- In child pornography cases, install blocking technology and notify authorities.
- Preserve customer records for investigations.
Prescribed Forms and Procedures
- DOJ Office of Cybercrime to issue guidelines, templates, and procedures for investigation and evidence handling congruent with international best practices.
Appropriations, Separability, and Effectivity
- Annual budget of P50 million appropriated for implementation.
- Invalid provisions do not affect the remainder of rules.
- These rules take effect 15 days after publication in at least two newspapers of general circulation.