You are on page 1of 5

Ysabella Jenell J.

Cruz 11580224

A.M. No. 17-11-03-SC or the Rule on Cybercrime Warrants was published on July 28, 2018 and
which became effective on August 24, 2018. The said rule sets forth the procedure for the
application and grant of warrants and related orders involving the preservation, disclosure,
interception, search, seizure, and/or examination, as well as the custody, and destruction of
computer data, as provided under Republic Act No. (R.A.) 10175, otherwise known as the
"Cybercrime Prevention Act of 2012."1

The venue for violations of Cybercrime Offenses under Section 4 and Other Offenses under
Section 5 of the Cybercrime Law and application for respective warrants2 shall be filed before
the designated cybercrime court of the province or city where the offense of any of its elements
is committed, or where any part of the computer system is situated, or where any of the damage
caused to a natural or juridical person took place.3 However, the cybercrime courts in Quezon
City, the City of Manila, Makati City, Pasig City, Cebu City, Iloilo City, Davao City and Cagayan
De Oro City shall have the special authority to act on applications and issue warrants which
shall be enforceable nationwide and outside the Philippines.4

Unlike for violations of Sections 4 and 5, an application for warrant in violation of Section 6 of
RA 10175 shall be filed by the law enforcement authorities with the regular or other specialized
regional trial courts, as the case may be, within its territorial jurisdiction in the places above-
described.5

In the event that the persons or service providers concerned are situated outside of the
Philippines, the service of warrants and/or other court processes shall be coursed through the
Department of Justice - Office of Cybercrime of the Department of Justice, in line with all
relevant international instruments and/or agreements on the matter.6

The Rule on Cybercrime Warrants provide for four (4) different warrants, to wit:
(1) Warrant to Disclose Computer Data (WDCD);
(2) Warrant to Intercept Computer Data (WICD);
(3) Warrant to Search, Seize and Examine Computer Data (WSSECD); and
(4) Warrant to Examine Computer Data (WECD).

A Warrant to Disclose Computer Data (WDCD) is defined as an order in writing issued in the
name of the People of the Philippines, signed by a judge, upon application of law enforcement
authorities, authorizing the latter to issue an order to disclose and accordingly, require any

1
Sec. 1.2, A.M. No. 17-11-03-SC
2
Sec. 2.2, A.M. No. 17-11-03-SC
3
Sec. 2.1, A.M. No. 17-11-03-SC
4
Id. at note 2
5
Ibid.
6
Sec. 2.8, A.M. No. 17-11-03-SC
person or service provider to disclose or submit subscriber's information, traffic data, or relevant
data in his/her or its possession or control7 within seventy-two (72) hours from receipt of the said
order.8

The application for a WDCD must state the following essential facts:
(1) The probable offense involved;
(2) Relevance and necessity of the computer data or subscriber's information sought to be
disclosed for the purpose of the investigation;
(3) Names of the individuals or entities whose computer data or subscriber's information are
sought to be disclosed, including the names of the individuals or entities who have
control, possession or access thereto, if available;
(4) Particular description of the computer data or subscriber's information sought to be
disclosed;
(5) Place where the disclosure of computer data or subscriber's information is to be
enforced, if available;
(6) Manner or method by which the disclosure of the computer data or subscriber's
information is to be carried out, if available; and
(7) Other relevant information that will persuade the court that there is a probable cause to
issue a WDCD.9

Once the WDCD is implemented by the law enforcement officer concerned or upon the
expiration of the effectivity thereof, whichever comes first, the said officer is required to submit a
return on the WDCD and to simultaneously turn over the custody of the disclosed computer data
or subscriber’s information. The law enforcement authorities are also allowed to retain a copy of
the disclosed computer data or subscriber's information subject of the WDCD for case build-up
or preliminary investigation purposes, without the need of any court intervention. It is provided,
however, that the details of the data or information obtained shall be kept strictly confidential
and that the retained copy shall be labelled as such.10

The retained copy shall then be turned over upon the filing of a criminal action involving the
disclosed computer data or subscriber's information to the court where such action has been
instituted, or if no criminal action has been filed, upon order of the issuing court. Upon its turn-
over, the retained copy shall always be kept, destroyed, and/or returned together with the
computer data or subscriber's information that was originally turned over to the issuing court.11

Another warrant that may be applied for in Cybercrime cases is the Warrant to Intercept
Computer Data (WICD). It is an order issued in the name of the People of the Philippines,
signed by a judge, upon application of law enforcement authorities, authorizing the latter to carry
out any or all of the following activities:

7
Sec. 4.2, A.M. No. 17-11-03-SC
8
Sec. 4.1, A.M. No. 17-11-03-SC
9
Sec. 4.3, A.M. No. 17-11-03-SC
10
Sec. 4.2, A.M. No. 17-11-03-SC
11
Ibid.
(a) Listening to,
(b) Recording,
(c) Monitoring, or
(d) Surveillance of the content of communications, including procuring of the content of
computer data, either directly, through access and use of a computer system or
indirectly, through the use of electronic eavesdropping or tapping devices, at the same
time that the communication is occurring.12

Such application must include similar contents as that of an application for WDCD except that
the subject matter is the communication or computer data sought to be intercepted.13

The authorized law enforcement officer has the duty to notify the person whose communications
or computer data have been intercepted of the activities conducted pursuant to the WICD.
Within 10 days from notice, the person whose communication or computer data have been
intercepted may challenge the legality of the interception by motion.14

On the other hand, a Warrant to Search, Seize and Examine Computer Data (WSSECD) is an
order in writing issued in the name of the People of the Philippines, signed by a judge, upon
application of law enforcement authorities, authorizing the latter to search the particular place
for items to be seized and/or examined.15

The application for a WSSECD must state the essential facts similar to those in an application
for a WDCD, except that the subject matter is the computer data sought to be searched, seized,
and examined, and all other items related thereto. In addition, the application shall contain an
explanation of the search and seizure strategy to be implemented, including a projection of
whether or not an off-site or on-site search will be conducted, taking into account the nature of
the computer data involved, the computer or computer system's security features, and/or other
relevant circumstances, if such information is available.16

For WSSECDs, the off-site and on-site principle is applied. As a rule, law enforcement
authorities shall, if the circumstances so allow, endeavor to first make a forensic image of the
computer data on-site as well as limit their search to the place specified in the warrant.
Otherwise, an off-site search may be conducted, provided that a forensic image is,
nevertheless, made, and that the reasons for the said search are stated in the initial return.17

In case an off-site search is made, the person whose computer devices or computer system
have been searched and seized may, upon motion, seek the return of the said items from the
court issuing the WSSECD. Provided, however, that a forensic image of the computer data

12
Sec. 5.2, A.M. No. 17-11-03-SC
13
Sec. 5.3, A.M. No. 17-11-03-SC
14
Sec. 5.6, A.M. No. 17-11-03-SC
15
Sec. 6.1, A.M. No. 17-11-03-SC
16
Sec. 6.2, A.M. No. 17-11-03-SC
17
Sec. 6.4, A.M. No. 17-11-03-SC
subject of the WSSECD has already been made. If the court finds that no lawful ground exists to
otherwise withhold the return of such items, the motion may be granted.18

The Rules also allow the interception of communications and computer data during the
implementation of the WSSECD. The interception activities, however, shall only be limited to
communications and computer data that are reasonably related to the subject matter of the
WSSECD; and that the said activities are fully disclosed, and the foregoing relation duly
explained in the initial return.19

Lastly, a Warrant to Examine Computer Data (WECD) should likewise be applied for before
searching the computer device or computer system for the purpose of obtaining for forensic
examination the computer data contained therein. This is done upon obtaining possession the of
the computer device or system through a lawful warranties arrest or any other lawful method.20

The verified application for a WECD, as well as the supporting affidavits, shall state the
essential facts similar to those in Section 4.3, except that the subject matter is the computer
data sought to be examined. In addition, the application shall disclose the circumstances
surrounding the lawful acquisition of the computer device or computer system containing the
said computer data.21

Once the computer data has been seized and deposited, the opening, or replaying of its
recordings, or revelation of its contents are prohibited, except upon motion duly granted by the
court. The motion for the purpose shall state:
(1) The relevance of the computer data sought to be opened, replayed, revealed, or used as
evidence; and
(2) The names of the persons who will be allowed to have access thereto, if the motion is
granted.22

Pursuant to Section 17 of RA 10175 (Destruction of Computer Data), upon expiration of the


periods as provided in Sections 13 (Preservation of Computer Data) and 15 (Search, Seizure
and Examination of Computer Data) of the said law, service providers and law enforcement
authorities, as the case may be, shall immediately and completely destroy the computer data
subject of preservation and examination.23

If the computer data is in the custody of the court, the court may for justifiable reasons, order the
complete or partial destruction, or the return to its lawful owner or possessor, of the computer
data or any of the related items turned over to its custody.24

18
Ibid.
19
Sec. 6.5, A.M. No. 17-11-03-SC
20
Sec. 6.9, A.M. No. 17-11-03-SC
21
Ibid.
22
Sec. 7.3, A.M. No. 17-11-03-SC
23
Sec. 8.1, A.M. No. 17-11-03-SC
24
Sec. 8.2, A.M. No. 17-11-03-SC
The destruction of computer data and related items, if so allowed by the court in the preceding
paragraph, shall be made in the presence of the Branch Clerk-of-Court, or in his/her absence, in
the presence of any other person duly designated by the court to witness the same. The
accused or the person/s from whom such items were seized, or his/her representative or
counsel, as well as the law enforcement officer allowed access to such items as indicated in the
inventory, or his/her duly authorized representative, may also be allowed to witness the said
activity. Within twenty-four (24) hours from the destruction of the computer data, the Branch
Clerk-of-Court or the witness duly designated by the court shall issue a sworn certification as to
the fact of destruction and file the said certificate with the same court.25

25
Sec. 8.3, A.M. No. 17-11-03-SC