CYBERCRIME LAW PROVISION MAJORITY

a. Section 4 (a) (1) on Illegal VALID

PETITIONER:
Access;  Petitioners contend that Section 4(a)(1) fails to
meet the strict scrutiny standard required of
laws that interfere with the fundamental rights
of the people and should thus be struck down.
 Petitioners of course fear that this section will
jeopardize the work of ethical hackers,
professionals who employ tools and techniques
used by criminal hackers but would neither
damage the target systems nor steal
information. Ethical hackers evaluate the target
system’s security and report back to the owners
the vulnerabilities they found in it and give
instructions for how these can be remedied.
Ethical hackers are the equivalent of
independent auditors who come into an
organization to verify its bookkeeping records.

RULING:
 In the cases before it, the Court finds
nothing in Section 4(a)(1) that calls for the
application of the strict scrutiny standard
since no fundamental freedom, like speech,
is involved in punishing what is essentially a
condemnable act – accessing the computer
system of another without right. It is a
universally condemned conduct
 Besides, a client’s engagement of an ethical
hacker requires an agreement between
them as to the extent of the search, the
methods to be used, and the systems to be
tested. This is referred to as the "get out of
jail free card."6Since the ethical hacker does
his job with prior permission from the client,
such permission would insulate him from
the coverage of Section 4(a)(1).
b. Section 4 (a) (3) on Data VALID
PETITIONERS:
Interference;  Petitioners claim that Section 4(a)(3) suffers
from overbreadth in that, while it seeks to
discourage data interference, it intrudes
into the area of protected speech and
expression, creating a chilling and deterrent
effect on these guaranteed freedoms.

RULING:

1
  Under the overbreadth doctrine, a proper
governmental purpose, constitutionally
subject to state regulation, may not be
achieved by means that unnecessarily
sweep its subject broadly, thereby invading
the area of protected freedoms.7 But
Section 4(a)(3) does not encroach on these
freedoms at all. It simply punishes what
essentially is a form of vandalism,8 the act of
willfully destroying without right the things
that belong to others, in this case their
computer data, electronic document, or
electronic data message. Such act has no
connection to guaranteed freedoms. There
is no freedom to destroy other people’s
computer systems and private documents.
c. Section 4 (a) (6) on Cyber- VALID
PETITIONERS:
squatting;  Petitioners claim that Section 4(a)(6) or
cyber-squatting violates the equal
protection clause12 in that, not being
narrowly tailored, it will cause a user using
his real name to suffer the same fate as
those who use aliases or take the name of
another in satire, parody, or any other
literary device.
 For example, supposing there exists a well
known billionaire-philanthropist named
"Julio Gandolfo," the law would punish for
cyber-squatting both the person who
registers such name because he claims it to
be his pseudo-name and another who
registers the name because it happens to be
his real name. Petitioners claim that,
considering the substantial distinction
between the two, the law should recognize
the difference.

RULING:
 there is no real difference whether he uses
"Julio Gandolfo" which happens to be his
real name or use it as a pseudo-name for it
is the evil purpose for which he uses the
name that the law condemns. The law is
reasonable in penalizing him for acquiring
the domain name in bad faith to profit,
mislead, destroy reputation, or deprive
others who are not ill-motivated of the
rightful opportunity of registering the same.

2
 The challenge to the constitutionality of
Section 4(a)(6) on ground of denial of equal
protection is baseless.
d. Section 4 (b) (3) on Identity VALID
PETITIONERS:
Theft;  Petitioners claim that Section 4(b)(3)
violates the constitutional rights to due
process and to privacy and correspondence,
and transgresses the freedom of the press.
 Further, petitioners fear that Section 4(b)(3)
violates the freedom of the press in that
journalists would be hindered from
accessing the unrestricted user account of a
person in the news to secure information
about him that could be published.

RULING:
 The usual identifying information regarding
a person includes his name, his citizenship,
his residence address, his contact number,
his place and date of birth, the name of his
spouse if any, his occupation, and similar
data.19 The law punishes those who acquire
or use such identifying information without
right, implicitly to cause damage.
Petitioners simply fail to show how
government effort to curb computer-
related identity theft violates the right to
privacy and correspondence as well as the
right to due process of law.
 Also, the charge of invalidity of this section
based on the overbreadth doctrine will not
hold water since the specific conducts
proscribed do not intrude into guaranteed
freedoms like speech. Clearly, what this
section regulates are specific actions: the
acquisition, use, misuse or deletion of
personal identifying data of another. There
is no fundamental right to acquire another’s
personal data.
 But this is not the essence of identity theft
that the law seeks to prohibit and punish.
Evidently, the theft of identity information
must be intended for an illegitimate
purpose. Moreover, acquiring and
disseminating information made public by
the user himself cannot be regarded as a
form of theft.

3
  The Court has defined intent to gain as an
internal act which can be stablished through
the overt acts of the offender, and it may be
presumed from the furtive taking of useful
property pertaining to another, unless
special circumstances reveal a different
intent on the part of the perpetrator.20 As
such, the press, whether in quest of news
reporting or social investigation, has
nothing to fear since a special circumstance
is present to negate intent to gain which is
required by this Section.
e. Section 4 (c) (1) on Cybersex; VALID
PETITIONERS:
 Petitioners claim that the above violates the
freedom of expression clause of the
Constitution.21 They express fear that
private communications of sexual character
between husband and wife or consenting
adults, which are not regarded as crimes
under the penal code, would now be
regarded as crimes when done "for favor" in
cyberspace.
 The law as written would invite law
enforcement agencies into the bedrooms of
married couples or consenting individuals.

RULING:
 The Court will not declare Section 4(c)(1)
unconstitutional where it stands a
construction that makes it apply only to
persons engaged in the business of
maintaining, controlling, or operating,
directly or indirectly, the lascivious
exhibition of sexual organs or sexual activity
with the aid of a computer system as
Congress has intended.
f. Section 4 (c) (2) on Child VALID
PETITIONERS:
Pornography;  Petitioners point out that the provision of
ACPA that makes it unlawful for any person
to "produce, direct, manufacture or create
any form of child pornography"33 clearly
relates to the prosecution of persons who
aid and abet the core offenses that ACPA
seeks to punish.34 Petitioners are wary that a
person who merely doodles on paper and
imagines a sexual abuse of a 16-year-old is
not criminally liable for producing child

4
 pornography but one who formulates the
idea on his laptop would be. Further, if the
author bounces off his ideas on Twitter,
anyone who replies to the tweet could be
considered aiding and abetting a
cybercrime.

RULING:
 It seems that the above merely expands the
scope of the Anti-Child Pornography Act of
200931 (ACPA) to cover identical activities in
cyberspace. In theory, nothing prevents the
government from invoking the ACPA when
prosecuting persons who commit child
pornography using a computer system.
Actually, ACPA’s definition of child
pornography already embraces the use of
"electronic, mechanical, digital, optical,
magnetic or any other means." Notably, no
one has questioned this ACPA provision.
 Of course, the law makes the penalty higher
by one degree when the crime is committed
in cyberspace. But no one can complain
since the intensity or duration of penalty is
a legislative prerogative and there is rational
basis for such higher penalty.32 The potential
for uncontrolled proliferation of a particular
piece of child pornography when uploaded
in the cyberspace is incalculable.
g. Section 4 (c) (3) on UNCONSTITUTIONAL
GOVERNMENT:
Unsolicited Commercial  The Government, represented by the
Communications; Solicitor General, points out that unsolicited
commercial communications or spams are a
nuisance that wastes the storage and
network capacities of internet service
providers, reduces the efficiency of
commerce and technology, and interferes
with the owner’s peaceful enjoyment of his
property. Transmitting spams amounts to
trespass to one’s privacy since the person
sending out spams enters the recipient’s
domain without prior permission. The OSG
contends that commercial speech enjoys
less protection in law.

RULING: To prohibit the transmission of unsolicited

ads would deny a person the right to read his emails,
even unsolicited commercial ads addressed to him.

5
 Commercial speech is a separate category of speech
which is not accorded the same level of protection
as that given to other constitutionally guaranteed
forms of expression but is nonetheless entitled to
protection.36 The State cannot rob him of this right
without violating the constitutionally guaranteed
freedom of expression. Unsolicited advertisements
are legitimate forms of expression.
h. Section 4 (c) (4) on Libel; VALID
PETITIONERS:
 Petitioners lament that libel provisions of
the penal code37 and, in effect, the libel
provisions of the cybercrime law carry with
them the requirement of "presumed
malice" even when the latest jurisprudence
already replaces it with the higher standard
of "actual malice" as a basis for
conviction.38 Petitioners argue that inferring
"presumed malice" from the accused’s
defamatory statement by virtue of Article
354 of the penal code infringes on his
constitutionally guaranteed freedom of
expression
 Petitioners would go further. They contend
that the laws on libel should be stricken
down as unconstitutional for otherwise
good jurisprudence requiring "actual
malice" could easily be overturned as the
Court has done in Fermin v. People39 even
where the offended parties happened to be
public figures.
 Petitioners peddle the view that both the
penal code and the Cybercrime Prevention
Act violate the country’s obligations under
the International Covenant of Civil and
Political Rights (ICCPR). They point out that
in Adonis v. Republic of the Philippines,47 the
United Nations Human Rights Committee
(UNHRC) cited its General Comment 34 to
the effect that penal defamation laws
should include the defense of truth.

RULING:
 The elements of libel are: (a) the allegation
of a discreditable act or condition
concerning another; (b) publication of the
charge; (c) identity of the person defamed;
and (d) existence of malice.

6
  Parenthetically, the Court cannot accept the
proposition that its ruling in Fermin
disregarded the higher standard of actual
malice or malice in fact when it found
Cristinelli Fermin guilty of committing libel
against complainants who were public
figures. Actually, the Court found the
presence of malice in fact in that case.
 Besides, the UNHRC did not actually enjoin
the Philippines, as petitioners urge, to
decriminalize libel. It simply suggested that
defamation laws be crafted with care to
ensure that they do not stifle freedom of
expression.48Indeed, the ICCPR states that
although everyone should enjoy freedom of
expression, its exercise carries with it
special duties and responsibilities. Free
speech is not absolute. It is subject to
certain restrictions, as may be necessary
and as may be provided by law.
 The Court agrees with the Solicitor General
that libel is not a constitutionally protected
speech and that the government has an
obligation to protect private individuals
from defamation. Indeed, cyberlibel is
actually not a new crime since Article 353, in
relation to Article 355 of the penal code,
already punishes it. In effect, Section 4(c)(4)
above merely affirms that online
defamation constitutes "similar means" for
committing libel.
i. Section 5 on Aiding or VALID
PETITIONERS:
Abetting and Attempt in the  Petitioners assail the constitutionality of
Commission of Cybercrimes; Section 5 that renders criminally liable any
person who willfully abets or aids in the
commission or attempts to commit any of
the offenses enumerated as cybercrimes. It
suffers from overbreadth, creating a chilling
and deterrent effect on protected
expression.

RULING:
 the crime of aiding or abetting the
commission of cybercrimes under Section 5
should be permitted to apply to Section
4(a)(1) on Illegal Access, Section 4(a)(2) on
Illegal Interception, Section 4(a)(3) on Data
Interference, Section 4(a)(4) on System

7
 Interference, Section 4(a)(5) on Misuse of
Devices, Section 4(a)(6) on Cyber-squatting,
Section 4(b)(1) on Computer-related
Forgery, Section 4(b)(2) on Computer-
related Fraud, Section 4(b)(3) on Computer-
related Identity Theft, and Section 4(c)(1) on
Cybersex. None of these offenses borders
on the exercise of the freedom of
expression.
 the actors aiding and abetting the
commission of such acts can be identified
with some reasonable certainty through
adroit tracking of their works. Absent
concrete proof of the same, the innocent
will of course be spared.
 Section 5 with respect to Section 4(c)(4) is
unconstitutional. Its vagueness raises
apprehension on the part of internet users
because of its obvious chilling effect on the
freedom of expression, especially since the
crime of aiding or abetting ensnares all the
actors in the cyberspace front in a fuzzy
way. What is more, as the petitioners point
out, formal crimes such as libel are not
punishable unless consummated.71 In the
absence of legislation tracing the
interaction of netizens and their level of
responsibility such as in other countries,
Section 5, in relation to Section 4(c)(4) on
Libel, Section 4(c)(3) on Unsolicited
Commercial Communications, and Section
4(c)(2) on Child Pornography, cannot stand
scrutiny.
j. Section 6 on the Penalty of VALID
RULING:
One Degree Higher;  Section 6 merely makes commission of
existing crimes through the internet a
qualifying circumstance. As the Solicitor
General points out, there exists a
substantial distinction between crimes
committed through the use of information
and communications technology and similar
crimes committed using other means. In
using the technology in question, the
offender often evades identification and is
able to reach far more victims or cause
greater harm. The distinction, therefore,
creates a basis for higher penalties for
cybercrimes.

8
k. Section 7 on the Prosecution VALID
GOVERNMENT:
under both the Revised  The Solicitor General points out that Section
Penal Code (RPC) and R.A. 7 merely expresses the settled doctrine that
a single set of acts may be prosecuted and
10175; penalized simultaneously under two laws, a
special law and the Revised Penal Code.
When two different laws define two crimes,
prior jeopardy as to one does not bar
prosecution of the other although both
offenses arise from the same fact, if each
crime involves some important act which is
not an essential element of the other.74 With
the exception of the crimes of online libel
and online child pornography, the Court
would rather leave the determination of the
correct application of Section 7 to actual
cases.

RULING:

 Online libel is different. There should be no

question that if the published material on
print, said to be libelous, is again posted
online or vice versa, that identical material
cannot be the subject of two separate libels.
The two offenses, one a violation of Article
353 of the Revised Penal Code and the other
a violation of Section 4(c)(4) of R.A. 10175
involve essentially the same elements and
are in fact one and the same offense.
Indeed, the OSG itself claims that online
libel under Section 4(c)(4) is not a new crime
but is one already punished under Article
353. Section 4(c)(4) merely establishes the
computer system as another means of
publication.75 Charging the offender under
both laws would be a blatant violation of the
proscription against double jeopardy.76
 The same is true with child pornography
committed online. Section 4(c)(2) merely
expands the ACPA’s scope so as to include
identical activities in cyberspace. As
previously discussed, ACPA’s definition of
child pornography in fact already covers the
use of "electronic, mechanical, digital,
optical, magnetic or any other means."
Thus, charging the offender under both
Section 4(c)(2) and ACPA would likewise be
tantamount to a violation of the

9
 constitutional prohibition against double
jeopardy.

l. Section 8 on Penalties; VALID

RULING:

 The matter of fixing penalties for the

commission of crimes is as a rule a
legislative prerogative. Here the legislature
prescribed a measure of severe penalties for
what it regards as deleterious cybercrimes.
They appear proportionate to the evil
sought to be punished. The power to
determine penalties for offenses is not
diluted or improperly wielded simply
because at some prior time the act or
omission was but an element of another
offense or might just have been connected
with another crime.77 Judges and
magistrates can only interpret and apply
them and have no authority to modify or
revise their range as determined by the
legislative department.
 The courts should not encroach on this
prerogative of the lawmaking body.

m. Section 12 on Real-Time UNCONSTITUTIONAL

PETITIONERS:
Collection of Traffic Data;  Petitioners assail the grant to law
enforcement agencies of the power to
collect or record traffic data in real time as
tending to curtail civil liberties or provide
opportunities for official abuse. They claim
that data showing where digital messages
come from, what kind they are, and where
they are destined need not be incriminating
to their senders or recipients before they
are to be protected. Petitioners invoke the
right of every individual to privacy and to be
protected from government snooping into
the messages or information that they send
to one another.
 Petitioners of course point out that the
provisions of Section 12 are too broad and
do not provide ample safeguards against
crossing legal boundaries and invading the
people’s right to privacy.

10
 RULING:
 The authority that Section 12 gives law
enforcement agencies is too sweeping and
lacks restraint. While it says that traffic data
collection should not disclose identities or
content data, such restraint is but an
illusion. Admittedly, nothing can prevent
law enforcement agencies holding these
data in their hands from looking into the
identity of their sender or receiver and what
the data contains. This will unnecessarily
expose the citizenry to leaked information
or, worse, to extortion from certain bad
elements in these agencies.
 Section 12, of course, limits the collection of
traffic data to those "associated with
specified communications." But this
supposed limitation is no limitation at all
since, evidently, it is the law enforcement
agencies that would specify the target
communications. The power is virtually
limitless, enabling law enforcement
authorities to engage in "fishing
expedition," choosing whatever specified
communication they want. This evidently
threatens the right of individuals to privacy.
n. Section 13 on Preservation VALID
PETITIONERS:
of Computer Data;  Petitioners in G.R. 20339197 claim that
Section 13 constitutes an undue deprivation
of the right to property. They liken the data
preservation order that law enforcement
authorities are to issue as a form of
garnishment of personal property in civil
forfeiture proceedings. Such order prevents
internet users from accessing and disposing
of traffic data that essentially belong to
them.

RULING:
 By virtue of Section 13, however, the law
now requires service providers to keep
traffic data and subscriber information
relating to communication services for at
least six months from the date of the
transaction and those relating to content
data for at least six months from receipt of
the order for their preservation.

11
  Actually, the user ought to have kept a copy
of that data when it crossed his computer if
he was so minded. The service provider has
never assumed responsibility for their loss
or deletion while in its keep.
 At any rate, as the Solicitor General
correctly points out, the data that service
providers preserve on orders of law
enforcement authorities are not made
inaccessible to users by reason of the
issuance of such orders. The process of
preserving data will not unduly hamper the
normal transmission or use of the same.

o. Section 14 on Disclosure of VALID

PETITIONERS:
Computer Data;  The process envisioned in Section 14 is
being likened to the issuance of a subpoena.
Petitioners’ objection is that the issuance of
subpoenas is a judicial function.

RULING:
 But it is well-settled that the power to issue
subpoenas is not exclusively a judicial
function. Executive agencies have the
power to issue subpoena as an adjunct of
their investigatory powers.
 Besides, what Section 14 envisions is merely
the enforcement of a duly issued court
warrant, a function usually lodged in the
hands of law enforcers to enable them to
carry out their executive functions. The
prescribed procedure for disclosure would
not constitute an unlawful search or seizure
nor would it violate the privacy of
communications and correspondence.
Disclosure can be made only after judicial
intervention.

p. Section 15 on Search, VALID

PETITIONERS:
Seizure and Examination of  Petitioners challenge Section 15 on the
Computer Data; assumption that it will supplant established
search and seizure procedures.

RULING:
 On its face, however, Section 15 merely
enumerates the duties of law enforcement
authorities that would ensure the proper

12
 collection, preservation, and use of
computer system or data that have been
seized by virtue of a court warrant. The
exercise of these duties do not pose any
threat on the rights of the person from
whom they were taken. Section 15 does not
appear to supersede existing search and
seizure rules but merely supplements them.
q. Section 17 on Destruction of VALID
PETITIONERS:
Computer Data;  Petitioners claim that such destruction of
computer data subject of previous
preservation or examination violates the
user’s right against deprivation of property
without due process of law.

RULING:
 Section 17 would have the computer data,
previous subject of preservation or
examination, destroyed or deleted upon the
lapse of the prescribed period. The Solicitor
General justifies this as necessary to clear
up the service provider’s storage systems
and prevent overload. It would also ensure
that investigations are quickly concluded.
 it is unclear that the user has a demandable
right to require the service provider to have
that copy of the data saved indefinitely for
him in its storage system. If he wanted them
preserved, he should have saved them in his
computer when he generated the data or
received it. He could also request the
service provider for a copy before it is
deleted.
r. Section 19 on Restricting or UNCONSTITUTIONAL
PETITIONERS:
Blocking Access to Computer  Petitioners contest Section 19 in that it
Data; stifles freedom of expression and violates
the right against unreasonable searches and
seizures. The Solicitor General concedes
that this provision may be unconstitutional.
RULING:
 Not only does Section 19 preclude any
judicial intervention, but it also disregards
jurisprudential guidelines established to
determine the validity of restrictions on
speech. Restraints on free speech are
generally evaluated on one of or a
combination of three tests: the dangerous

13
 tendency doctrine, the balancing of interest
test, and the clear and present danger
rule.101 Section 19, however, merely requires
that the data to be blocked be found prima
facie in violation of any provision of the
cybercrime law. Taking Section 6 into
consideration, this can actually be made to
apply in relation to any penal provision. It
does not take into consideration any of the
three tests mentioned above.
 The Court is therefore compelled to strike
down Section 19 for being violative of the
constitutional guarantees to freedom of
expression and against unreasonable
searches and seizures.

s. Section 20 on Obstruction of VALID

PETITIONERS:
Justice;  Petitioners challenge Section 20, alleging
that it is a bill of attainder. The argument is
that the mere failure to comply constitutes
a legislative finding of guilt, without regard
to situations where non-compliance would
be reasonable or valid.

RULING:
 Thus, the act of non-compliance, for it to be
punishable, must still be done "knowingly or
willfully." There must still be a judicial
determination of guilt, during which, as the
Solicitor General assumes, defense and
justifications for non-compliance may be
raised. Thus, Section 20 is valid insofar as it
applies to the provisions of Chapter IV which
are not struck down by the Court.
t. Section 24 on Cybercrime VALID
PETITIONERS:
Investigation and  Petitioners mainly contend that Congress
Coordinating Center (CICC); invalidly delegated its power when it gave
the Cybercrime Investigation and
and Coordinating Center (CICC) the power to
u. Section 26 (a) on CICC's Powers formulate a national cybersecurity plan
without any sufficient standards or
and Functions. parameters for it to follow.

RULING:

 Here, the cybercrime law is complete in

itself when it directed the CICC to formulate

14
 and implement a national cybersecurity
plan. Also, contrary to the position of the
petitioners, the law gave sufficient
standards for the CICC to follow when it
provided a definition of cybersecurity.
 Cybersecurity refers to the collection of
tools, policies, risk management
approaches, actions, training, best
practices, assurance and technologies that
can be used to protect cyber environment
and organization and user’s assets.104 This
definition serves as the parameters within
which CICC should work in formulating the
cybersecurity plan.

15