Chapter III

DOJ OFFICE OF CYBERCRIME AND THE PNP ANTI-CYBERCRIME GROUP

• The Office of Cybercrime (OOC) was established within the DOJ by the Republic Act No. 10175
or the Cybercrime Prevention Act of 2012 and named it as the Central Authority for all
matters relating to international and mutual assistance and extradition for cybercrime and
cyber-related matters.

POWERS AND FUNCTIONS

• a. Act as a competent authority for all requests for assistance for investigation or proceedings
concerning cybercrimes, facilitate the provisions of legal or technical advice, preservation and
production of data, collection of evidence, giving legal information and location of suspects;
• b. Act on complaints/referrals, and cause the investigation and prosecution of cybercrimes and
other violations of the Act;
• c. Issue preservation orders addressed to service providers;

• d. Administer oaths, issue subpoena and summon witnesses to appear in an investigation or

proceedings for cybercrime;

• e. Require the submission of timely and regular reports including pre-operation, post-operation
and investigation results, and such other documents from the PNP and NBI for monitoring and
review;

• f. Monitor the compliance of the service provide with the provisions of Chapter IV of the Act,
and Rules 7 and 8 hereof,

• g. Facilitate international cooperation with law enforcement agencies on intelligence, her

investigations, training and capacity-building related to cybercrime prevention, suppression

• h. Issue and promulgate guidelines, advisories and procedure in all matters related to
cybercrime forensic evidence recovery , and forensic data analysis consistent with industry
forensic data standard practices;

• i.Prescribe forms and templates, including, but not limited to, those for preservation orders, not
chain of custody, consent to search, consent to assume account/ online identity, and request for
computer forensic examination;

• j. Undertake the specific roles and responsibilities of the DOJ related to cybercrime under the
Implementing Rules and Regulation of Republic Act No. 9775 or the "Anti-Child Pornography Act
of 2009"; and

• k. Perform such other acts necessary for the implementation of the Act.

THE PNP ANTI CYBERCRIME GROUP (ACG)

The PNP - ACG conceptualized and believed Components in order to improve cyber security
combat cybercrime and to improved cyber security.
 • The PNP conducted consultations and networks with various foreign law enforcement agencies,
ICT industries, academies and other stakeholders in order to create a credible cybercrime unit
within the CIDG

• The Government Information Security Incident Response Team (GCSIRT) was launched on
August 5 2004, in line with the program of the Task Force for the Security of Critical
Infrastructures (TFSC) under the Office of the President of the Philippines.

• Via CIDG's Anti-Transnational Crime Division, GCSIRT became the focal point for reporting on all
internet-related security breaches and organized support structures across all government
departments to respond to such threats.

ORGANIZATIONAL FUNCTIONS

Director

 Guide, supervise and monitor the ACG of the PNP,

 Conduct intensive and sustained cybercrime Syndicate operations by organized crime

groups, syndicate groups, high-profile Internet-using celebrities and computer-related
devices as the key component of their illegal activities;

 Strengthen its capability and capacity to enforce investigate and digitally analyze anti-
cyber crime operations; and

Deputy Director

 Assist the PNP ACG Director

 Advising and supporting the PNP ACG Director and

 Perform other duties in the PNP ACG as second in command

Chief of Staff

 Guide, oversee and manage the group's administrative affairs, as well as encourage
cooperation among the various PNP ACG divisions and units; and

 To perform other duties as directed by the PNP ACG Director.

ADMINISTRATIVE &s RESOURCE MANAGEMENT DIVISION (ARMD)

 Advise the Director, PNP ACG on staff and service support matters;

 Supervising, preparation and coordination of the group's administrative functions;

 Formulate and execute plans and programs relating to the personnel matters,
organizational, financial, maintenance and other administrative needs; and

 Perform other assignments as directed.

INVESTIGATION MANAGEMENT DIVISION (LIMD)

  Oversees the conduct of the Division's intelligence, procedures and investigative
activities;

 Formulate policies on PNP ACG information, operations and investigations;

 Create and maintain the PNP ACG database, including data from evidence;

 Monitoring all incidents of cybercrime;

 Conduct digital forensic research on confiscated evidencce;

 Recommend steps to work with law enforcement authorities to increase the admission
of digital forensic evidence to the courts;

 Coordinate on issues to resolve digital forensic analysis issues with other agencies
Attend trials in court

 Perform advanced training and workshops on cybercrime activities (in conjunction with
the PNP Training Service);

 Send to the Director, PNP ACG, periodic reports; and Perform other assignments as
directed.

CYBER SECURITY UNIT (CSU)

 Planning and coordinating the execution of the Group's cyber security research;

 Conduct analysis and research to strengthen PNP ACG's

 Recommend policy amendment steps

 Coordinating on issues to combat cybercrime

 To manage the website of the PNP ACG and other associated public web services; and

 Perform other assignments as directed.

PNP ANTI-CYBERCRIME FIELD UNITS

 Carrying out information , program , operation and inquiries in the AOR against cybercrime and
cyber security;

 To enforce the PNP ACG plans , order , directives and programs in the AOR

 Ensure the submission of regional level periodic reports and case monitoring;

 Collaborate with other regional-level agencies to discuss issues of cyber crime and cyber security
in the region;

 Digital Forensic Analysis of the facts provided in the AOR

 Perform the required regional level training.

 Perform other assignments as directed.

CAPABILITIES OF PNP ANTI CYBERCRIME GROUP (ACG)

Cyber Response

 Investigating cybercrime

 Cybercriminal Arrest

 Seizure of digital evidence

Cyber Security

 Perform vulnerable assessment

 Carrying out penetration testing

 Post bulletins on cyber security

 Carrying out seminars on cyber security

Digital Forensic

 Computer forensic exam output

 Performance of forensic analysis of mobile phones

 Conducting a video forensic exam

LOCATION OF THE PNP SIX (6) FULLY FUNCTIONAL DIGITAL FORENSIC LABORATORIES

1. Camp Crame

2. Cebu City

3. Davao City General Santos City

4. 5. Legazpi City

5. 6. Zamboanga City.

CHAPTER V

Republic Act No. 10175

Republic Act No. 10175-known as the "Cybercrime Prevention Act of 2012“

The State recognizes the vital role of information communications industries such as and content
production, telecommunications, broadcasting electronic commerce, and data processing, in the
nation's overall social and economic development.

The State also recognizes the importance of providing an environment conducive to the development,
acceleration, and rational application and exploitation of information and Communications technology
(ICT). Need to protect and safeguard the integrity of computer, computer communications systems,
networks, and databases, and the confidentiality, integrity, and availability of information and data
stored therein.

The State shal adopt sufficient powers to effectively prevent and combat such offenses by facilitating
their detection, investigation, and prosecution at both the domestic and internationai reliable levels,
and by providing arrangements for fast and reliable international cooperation.

PUNISHABLE ACTS-Cybercrime Offense

A. Offenses against the confidentiality, integrity and availability or computer data and systems:

1. llegal Access. -The access to the whole or any part of a computer system without right.

2. llegal Interception. The interception made by technical means without right of any non-public
transmission of computer data.

3. Data Interference.- The intentional or reckless alteration, damaging, deletion or deterioration

of computer data, electronic document, or electronic data message, without right.

4.System Interference. The intentional alteration or reckless hindering or interference with the
functioning of a computer or computer network without right or authority,.

5. Misuse of Devices

• (i) The use, production, sale, procurement, importation, distribution, or otherwise making
available, without right, of:

• (aa) A device, including a computer program, designed or adapted primarily for the
purpose of committing any of the offenses under this Act; or

• (bb) A computer password, access code, or similar data by which the whole or any part
of a computer system is capable of being accessed with intent that it be used for the
purpose of committing any of the offenses under this Act.

• (ii) The possession of an item referred to in paragraphs 5(i)(aa) or (bb) above with intent to use
said devices for the purpose of committing any of the offenses under this section.

6. Cyber-squatting. – The acquisition of a domain name over the internet in bad faith to profit,
mislead, destroy reputation, and deprive others from registering the same, if such a domain name
is:

• (i) Similar, identical, or confusingly similar to an existing trademark registered with the
appropriate government agency at the time of the domain name registration:

• (ii) Identical or in any way similar with the name of a person other than the registrant, in
case of a personal name; and

• (iii) Acquired without right or with intellectual property interests in it.

B. Computer-related Offenses:

1. Computer-related Forgery. —
 • (i) The input, alteration, or deletion of any computer data without right
resulting in inauthentic data with the intent that it be considered or
acted upon for legal purposes as if it were authentic, regardless whether
or not the data is directly readable and intelligible; or

• (ii) The act of knowingly using computer data which is the product of
computer-related forgery as defined herein, for the purpose of
perpetuating a fraudulent or dishonest design.

2. Computer-related Fraud. — The unauthorized input, alteration, or deletion of computer data

or program or interference in the functioning of a computer system, causing damage thereby
with fraudulent intent:

3. Computer-related Identity Theft. – The intentional acquisition, use, misuse, transfer,

possession, alteration or deletion of identifying information belonging to another, whether
natural or juridical, without right.

C. Content-related Offenses:

• Cybersex— The willful engagement, maintenance, control, or operation, directly or

indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of
a computer system, for favor or consideration.

• Child Pornography. — The unlawful or prohibited acts defined and punishable by

Republic Act No. 9775 or the Anti-Child Pornography Act of 2009, committed through a
computer system.

• Libel. — The unlawful or prohibited acts of libel as defined in Article 355 of the Revised
Penal Code, as amended, committed through a computer system or any other similar
means which may be devised in the future.

PENALTIES

• A- Any person found guilty of any of the punishable acts enumerated below:

a) Offenses against the confidentiality, integrity and availability of Computer data and
systems

(b) Computer-related Offenses

Shall be punished with imprisonment of prision mayor or a fine of at least Two hundred
thousand pesos (PhP200,000.00) up to a maximum amount commensurate to the damage
incurred or both.

B - Any person found guilty of the punishable act under Section 4(a)(5)

• 4(a) Offenses against the confidentiality., integrity and availability of Computer data
and systems.

• 5 Misuse of Devices.
 Shall be punished with imprisonment of prision mayor or a fine of not more than Five hundred
thousand pesos(PhP500,000.00) or both.

If punishable acts in Section 4(a) are committed against critical infrastructure, the penalty of
reclusion temp ne of at least Five hundred thousand pesos (PhHP500,000.00) un to maximum
amount commensurate to the damage incurred or both, shall be imposed.

C-Any person found guilty of any of the punishable acts enumerated in Section 4(c)(1)

4(c) Content-related Offenses:

(1) Cybersex.

Shall be punished with imprisonment of prision mayor or a fine of at least Two hundred
thousand pesos (PhP200,000.00) but not exceeding One million pesos (PhPI,000,000.00)or
both.

D - Any person found guilty of any of the punishable acts enumerated in Section 4(c)(2)

4(c) Content-related Offenses

(2) Child Pornography

Shall be punished with the penalties as enumerated in Republic Act No. 9775 or the "Anti-Child
Pornography Act of 2009: Provided,That the penalty to be imposed shall be one (1) degree
higher than that provided for in RepubliC ACt No. 9775, if committed through a computer
system.

E - Any person found guilty of any of the punishable acts enumerated in Section 4(c)(3)

4(c) Content-related Offenses

(3) Unsolicited Commercial Communications

Shall be punished with imprisonment of arresto mayor or a fine of at least Fifty thousand
pesos (PhP50,000.00) but not exceeding, Two hundred fifty thousand pesos (PhP250,000.00) or
both.

ENFORCEMENT AND IMPLEMENTATION

The National Bureau of Investigation (NBI) and the Philippine National Police (PNP) will be in charge of
enforcing the Act's provisions in an efficient and reliable manner. The PNP is required to establish an
anti- cybercrime unit, which will be led by at least a Police Director.

The DOJ - Office of Cybercrime (OOC) created under the Act shall coordinate the efforts of the NBI and
the PNP in enforcing the provisions of the Act (Section 9).

Powers and Functions of the PNP and NBI as provided in this Act

a. Investigate all cybercrimes where computer systems are involved;

b. Conduct data recovery and forensic analysis on Computer systems and other electronic evidence
seized; c. Formulate guidelines in investigation, forensic evidence recovery, and forensic data analysis
consistent with industry standard practices;

d. Provide technological support to investigating units within the PNP and NBI including the search,
seizure, evidence preservation and forensic recovery of data from crime scenes and systems used in
crimes, and provide testimonies;

e. Develop public, private sector, and law enforcement agency relations in addressing cybercrimes;

f. Maintain necessary and relevant databases for statistical and/or monitoring purposes;

g. Develop capacity within their organizations in order to perform such duties necessary for the
enforcement of the Act; h. Support the formulation and enforcement of the national cybersecurity plan;
and

i. Perform other functions as may be required by the Act.

What are the Duties of Law Enforcement Authorities (Section 11)

1. To ensure that the technical nature of cybercrime and its prevention is given focus.

2. Submit timely and regular reports including pre-operation, Post-operation and investigation results,
and such other documents as may be required to the Department of Justice (DOJ) of Cybercrime tor
review and monitoring.

PRESERVATION AND RETENTION OF COMPUTER DATA

A service provider must keep, protect, and maintain the confidentiality of traffic data and subscriber
records for a minimum of six (6) months after the purchase.

Law enforcement authorities may issue a six- month extension on a one-time basis: The mere act of
providing such service provider with a copy of the transmittal document to the Office of the Prosecutor
shall be deemed a notification to preserve the computer data until the final termination of the case
and/or as ordered by the Court, as the case may be.

The service provider ordered to preserve computer data shall keep the order and its compliance there
with Confidential (Section 12).

COLLECTION OF COMPUTER DATA

Law enforcement authorities, upon the issuance of a court warrant, shall be authorized to collect or
record by technical or electronic means, and the service providers are required to collect or records by
technical or electronic means and/or to cooperate and assist in the collection or recording of computer
data that are associated with specified communications transmitted by means of a computer system

DISCLOSURE OF COMPUTER DATA

Law enforcement authorities shall issue an order requiring any person or service provider to disclose or
submit subscriber information, traffic data, or relevant data in his or her possession or control, within 72
hours of receipt of such order, in relation to a valid complaint officially docketed and assigned for
investigation by law enforcement authorities

SEARCH ,SEIZURE AND EXAMINATION OF COMPUTER DATA

When a valid search and seize warrant is released law enforcement officers may still have the following
rights and responsibilities:

A. To perform interception, as stated in these Rules within the time period specified in the
warrant, within and to:

1. Search and seize computer data;

2. Secure a computer system or a computer data storage medium;

3. Make and retain a copy of those computer data secured;

4. Maintain the integrity of the relevant stored computer data;

5. Conduct forensic analysis or examination of the computer data storage medium; and

6. Render inaccessible or remove those computer data in the accessed computer or

computer and communications network.

B. Law enforcement with authorities may require any person With knowledge of the operation
of the computer system and the measures in place to protect and maintain the computer data
contained therein to provide, as soon as reasonably possible, the required information to allow
the search, seizure, and inspection to be conducted.

c. Law enforcement officials can seek an extension of time to complete the inspection and
return of the electronic data storage medium, but not for more than thirty (30) days from the
date of the court's approval.

CUSTODY OF COMPUTER DATA

All computer data examined under a proper rant, including content and traffic data, must
deposited with the court in a sealed package within forty-eight (48) hours of the expiration of the
period set forty-eight the therein.

DESTRUCTION OF COMPUTER DATA

The service providers and law enforcement authorities shall, as the case may be, destroy the
computer data pursuant to the order or warrant for retention and analysis immediately and entirely
upon the expiration of the periods provided for in Sections 12 and 15 of the Act, or until the full
termination of the case and/or as ordered by the Court, as the case may be.

JURISDICTION

Any violation of the Act's rules, including any violation committed by Filipino national ,
regardless the position of commission, falls under the jurisdiction of Regional Trial Court. , If either of
the elements performed within the Philippines, or through the use of the of a computer device that is
wholly or partly located in the country, or if any harm is incurred to a natural or juridical individual who
was in the Philippines at the time the crime was committed, the court would have jurisdiction (Rule 4,
Section 21).

VENUE

The RTC of the province or city where the where the cybercrime or any of its elements is
committed, or where any part of the computer system used is located or where some of the damage
caused to a natural or Juridical person occurred, may file a criminal action for violation of the Act:
Provided, That the court where the criminal action is first filed shall acquire jurisdiction to the exclusion
of all other courts: (Section 22).

DESIGNATION OF CYBERCRIME COURT

There shall be designated special cybercrime courts manned by specially trained judges to
handle cybercrime cases.

DESIGNATION OF SPECIAL PROSECUTORS AND INVESTIGATORS

The Secretary of Justice will appoint lawyers and analysts to form a litigation task force or
division under the Department of Justice's Office of Cybercrime, which will prosecute cybercrime
prosecutions.