Republic Act No.

10175
Cybercrime Prevention Act of 2012
and Related Special Laws

ACP ROBINSON A. LANDICHO

OCP – Pasig City
ralandicho@doj.gov.ph
30 July 2021
 Special Laws
RA 10175 – Cybercrime Prevention Act of 2012
RA 9995 – Anti-Photo and Voyeurism Act of 2009
RA 9775 – Anti-Child Pornography Act of 2009
RA 9208 – Anti-Trafficking in Persons Act of 2003
RA 8792 – E-Commerce Act of 2000
RA 8484 – Access Devices Regulation Act of 1998
RA 7610 – Special Protection of Children Against Abuse,
Exploitation and Discrimination Act
RA 4200 – Anti-Wiretapping Law of 1965
Supreme Court Rules on Electronic Evidence
(a) Offenses against the confidentiality, integrity
and availability of computer data and systems

(b) Computer-Related Offenses

(c) Content-Related Offenses

Other Offenses

All crimes defined and penalized by the Revised

Penal Code, as amended, and special laws, if
committed by, through and with the use of
information and communications technologies
(a) Offenses against the confidentiality,
integrity and availability of computer data
and systems

(1) Illegal Access

(2) Illegal Interception
(3) Data Interference
(4) System Interference
(5) Misuse of Devices
(6) Cyber-squatting
confidentiality = privacy

integrity = unimpaired condition

availability = accessibility
 Illegal Access

This provision covers the basic offence of

dangerous threats to and attacks against the
security (i.e. the confidentiality, integrity and
availability) of computer systems and data.
The need for protection reflects the interests
of organizations and individuals to manage,
operate and control their systems in an
undisturbed and uninhibited manner.
Such intrusions may give access to confidential
data (including passwords, information about
the targeted system) and secrets, to the use of
the system without payment or even
encourage hackers to commit more dangerous
forms of computer-related offences, like
computer-related fraud or forgery.
"Access" comprises the entering of the whole
or any part of a computer system (hardware,
components, stored data of the system
installed, directories, traffic and content-
related data). However, it does not include the
mere sending of an e-mail message or file to
that system.
"Access" includes the entering of another
computer system, where it is connected via
public telecommunication networks, or to a
computer system on the same network, such
as a LAN (local area network) or Intranet
within an organisation. The method of
communication (e.g. from a distance,
including via wireless links or at a close range)
does not matter.
The act must also be committed
‘without right’
 Illegal Interception

This provision aims to protect the right of

privacy of data communication

This provision upholds the right to privacy of

correspondence
This represents the same violation of the
privacy of communications as traditional
tapping and recording of oral telephone
conversations between persons
This principle applies to all forms of electronic
data transfer, whether by telephone, fax, e-
mail or file transfer
Interception by ‘technical means’ relates to listening
to, monitoring or surveillance of the content of
communications, to the procuring of the content of
data either directly, through access and use of the
computer system, or indirectly, through the use of
electronic eavesdropping or tapping devices.
Interception may also involve recording. Technical
means includes technical devices fixed to
transmission lines as well as devices to collect and
record wireless communications. They may include
the use of software, passwords and codes.
The offence applies to ‘non-public’ transmissions
of computer data. The term ‘non-public’ qualifies
the nature of the transmission (communication)
process and not the nature of the data
transmitted. The data communicated may be
publicly available information, but the parties
wish to communicate confidentially. Or data may
be kept secret for commercial purposes until the
service is paid, as in Pay-TV.
For criminal liability to attach, the illegal
interception must be committed
"intentionally", and "without right".
The interception made by technical means

without right

of any non-public transmission of computer

data to, from, or within a computer system
including electromagnetic emissions from a
computer system carrying such computer data
 Data Interference
The aim of this provision is to provide
computer data and computer programs with
protection similar to that enjoyed by
corporeal objects against intentional
infliction of damage. The protected legal
interest here is the integrity and the proper
functioning or use of stored computer data
or computer programs.
‘damaging’ and ‘deteriorating’ as overlapping
acts relate in particular to a negative
alteration of the integrity or of information
content of data and programs.
‘Deletion’ of data is the equivalent of the
destruction of a corporeal thing. It destroys
them and makes them unrecognizable.

Suppressing of computer data means any

action that prevents or terminates the
availability of the data to the person who has
access to the computer or the data carrier on
which it was stored.

The term ‘alteration’ means the modification

of existing data.
The above acts are only punishable if
committed "without right". In addition, the
offender must have acted "intentionally"
This provision seeks to protect the integrity of
computer data, electronic document, or
electronic data message.
The intentional or reckless alteration,
damaging, deletion or deterioration of
computer data, electronic document, or
electronic data message

without right

including the introduction or transmission of

viruses
 System Interference
This is also referred to as computer sabotage

The provision aims at criminalizing the

intentional hindering of the lawful use of
computer systems including
telecommunications facilities by using or
influencing computer data.
The protected legal interest is the interest of
operators and users of computer or
telecommunication systems being able to
have them function properly.
The hindering must furthermore be "serious"
in order to give rise to criminal sanction.

The hindering must be "without right".

The offence must be committed intentionally,

that is the perpetrator must have the intent to
seriously hinder.
The intentional alteration or reckless hindering or
interference with the functioning of a computer or
computer network

by inputting, transmitting, damaging, deleting,

deteriorating, altering or suppressing computer data
or program, electronic document, or electronic data
message

without right or authority

including the introduction or transmission of viruses

 Misuse of Devices
This provision establishes as a separate and
independent criminal offence the intentional
commission of specific illegal acts regarding
certain devices or access data to be misused
for the purpose of committing the above-
described offences against the confidentiality,
the integrity and availability of computer
systems or data.
‘Distribution’ refers to the active act of forwarding
data to others, while ‘making available’ refers to the
placing online devices for the use of others. This
term also intends to cover the creation or
compilation of hyperlinks in order to facilitate access
to such devices. The inclusion of a ‘computer
program’ refers to programs that are for example
designed to alter or even destroy data or interfere
with the operation of systems, such as virus
programs, or programs designed or adapted to gain
access to computer systems.
The offence requires that it be committed
intentionally and without right.
(i) The use, production, sale, procurement,
importation, distribution, or otherwise
making available, without right, of:

(aa) A device, including a computer program

designed or adapted primarily for the purpose

of committing any of the offenses under this
Act; or
(i) The use, production, sale, procurement,
importation, distribution, or otherwise
making available, without right, of:

(bb) A computer password, access code, or

similar data

by which the whole or any part of a computer

system is capable of being accessed

with intent that it be used for the purpose of

committing any of the offenses under this Act.
(ii) The possession of an item referred to in
paragraphs 5(i)(aa) or (bb), Section 4 (a)

with intent to use said devices for the purpose

of committing any of the offenses under this
section
 Cyber-squatting
Also known as domain squatting

According to the United States federal law known as

the Anticybersquatting Consumer Protection Act,
Cybersquatting is the registering, trafficking in, or
using an Internet Domain Name with bad faith intent
to profit from the goodwill of a trademark belonging
to someone else. The cybersquatter then offers to
sell the domain to the person or company who owns
a trademark contained within the name at an
inflated price.
The term is derived from “Squatting”, which is
the act of occupying an abandoned or
unoccupied space or building that the
squatter does not own, rent, or otherwise
have permission to use.

Cyber-squatting, however, is a bit different in

that the domain names that are being
"squatted" are (sometimes but not always)
being paid for through the registration process
by the cybersquatters.
Cybersquatters sometimes register variants of
popular trademarked names, a practice
known as “Typosquatting.”
Cyber-squatting may also be committed
through Renewal Snatching, Extension
Exaggeration, and Alert Angling
As when Internet domain name registrations
are for a fixed period of time. If the owner of a
domain name doesn't re-register the name
with an internet registrar prior to the
domain's expiration date, then the domain
name can be purchased by anybody else after
it expires. At this point the registration is
considered lapsed. A cybersquatter may use
automated software tools to register the
lapsed name the instant it is lapsed.
A domain name is an identification
“string” that defines a realm of administrative
autonomy, authority or control within the
Internet.
Panavision Int'l, L.P. v. Toeppen
141 F.3d 1316 (9th Cir. 1998), aff’g 945 F.
Supp. 1296 (C.D. Cal. 1996)
The Internet is a worldwide network of
computers that enables various individuals and
organizations to share information.
The Internet allows computer users to access
millions of web sites and web pages.
A web page is a computer data file that can
include names, words, messages, pictures,
sounds, and links to other information.
Every web page has its own web site, which is
its address, similar to a telephone number or
street address. Every web site on the Internet
has an identifier called a "domain name."
The domain name often consists of a person's
name or a company's name or trademark. For
example, Pepsi has a web page with a web site
domain name consisting of the company name,
Pepsi, and .com, the "top level" domain
designation.
The Internet is divided into several "top level"
domains: .edu for education; .org for
organizations; .gov for government entities;
.net for networks; and .com for "commercial"
which functions as the catchall domain for
Internet users.
A domain name is the simplest way of
locating a web site.
If a computer user does not know a domain
name, she can use an Internet "search engine."
To do this, the user types in a key word search,
and the search will locate all of the web sites
containing the key word. Such key word
searches can yield hundreds of web sites. To
make it easier to find their web sites,
individuals and companies prefer to have a
recognizable domain name.
Panavision holds registered trademarks to the
names "Panavision" and "Panaflex" in
connection with motion picture camera
equipment. Panavision promotes its trademarks
through motion picture and television credits
and other media advertising.
In December 1995, Panavision attempted to
register a web site on the Internet with the
domain name Panavision.com. It could not do
that, however, because Toeppen had already
established a web site using Panavision's
trademark as his domain name. Toeppen's web
page for this site displayed photographs of the
City of Pana, Illinois.
On December 20, 1995, Panavision's counsel
sent a letter from California to Toeppen in
Illinois informing him that Panavision held a
trademark in the name Panavision and telling
him to stop using that trademark and the
domain name Panavision.com. Toeppen
responded by mail to Panavision in California,
stating he had the right to use the name
Panavision.com on the Internet as his domain
name. Toeppen stated:
If your attorney has advised you otherwise, he
is trying to screw you. He wants to blaze new
trails in the legal frontier at your expense. Why
do you want to fund your attorney's purchase
of a new boat (or whatever) when you can
facilitate the acquisition of `PanaVision.com'
cheaply and simply instead?
Toeppen then offered to "settle the matter" if
Panavision would pay him $13,000 in exchange
for the domain name. Additionally, Toeppen
stated that if Panavision agreed to his offer, he
would not "acquire any other Internet
addresses which are alleged by Panavision
Corporation to be its property.
After Panavision refused Toeppen's demand, he
registered Panavision's other trademark with
NSI as the domain name Panaflex.com.
Toeppen's web page for Panaflex.com simply
displays the word "Hello."
Toeppen then offered to "settle the matter" if
Panavision would pay him $13,000 in exchange
for the domain name. Additionally, Toeppen
stated that if Panavision agreed to his offer, he
would not "acquire any other Internet
addresses which are alleged by Panavision.
Toeppen purposely registered Panavision’s
trademarks as his domain names on the
Internet to force Panavision to pay him $13,000
in exchange for the domain name. Additionally,
Toeppen stated that if Panavision agreed to his
offer, he would not acquire any other Internet
addresses which are alleged by Panavision.
Toeppen purposely registered Panavision’s
trademarks as his domain names on the
Internet to force Panavision to pay him money.
The acquisition of a domain name over the internet

in bad faith

to profit, mislead, destroy reputation

and deprive others from registering the same

if such a domain name is:

(i) Similar, identical, or confusingly similar to an
existing trademark registered with the appropriate
government agency at the time of the domain name
registration:

(ii) Identical or in any way similar with the name of a

person other than the registrant, in case of a
personal name; and

(iii) Acquired without right or with intellectual property

interests in it
A personal name or full name is the set
of names by which an individual is known and
that can be recited as a word-group, with the
understanding that, taken together, they all
relate to that one individual.
Definition of personal name (Merriam Webster
Dictionary)

: a name (as the praenomen or the forename)

by which an individual is intimately known or
designated and which may be displaced or
supplemented by a surname, a cognomen, or a
royal name.
What is NAME? (Black’s Law Dictionary)

The designation of an individual person, or of a

firm or corporation. In law a man cannot have
more than one Christian name. Rex v. Newman,
1 Ld. Raytn. 062. As to the history of Christian
names and surnames and their use and relative
importance in law, see In re Snook, 2 Hilt. (N. Y.)
566.
 What are the 4 types of intellectual property?

Patents. A patent grants property rights on an

invention, allowing the patent holder to exclude
others from making, selling, or using the invention.
...

Trademarks. ...

Trade Secrets. ...

Copyrights.
(b) Computer-related Offenses:

(1) Computer-related Forgery

(2) Computer-related Fraud

(3) Computer-related Identity Theft

Computer-related Forgery

The purpose of this provision is to create

parallel offense to the forgery of tangible
documents.
(i) The input, alteration, or deletion of any
computer data

without right

resulting in inauthentic data

with the intent that it be considered or acted upon

for legal purposes as if it were authentic

regardless whether or not the data is directly

readable and intelligible; or
(ii) The act of knowingly using computer data
which is the product of computer-related
forgery as defined herein

for the purpose of perpetuating a

fraudulent or dishonest design.
Computer-related Fraud

Assets represented or administered in

computer systems [e-funds, e-deposits]
have become targets of manipulation
This provision was enacted against undue
input manipulation in the course of data
processing with the intention to effect an
illegal transfer of property.
The unauthorized input, alteration, or deletion
of computer data or program or interference
in the functioning of a computer system

causing damage thereby

with fraudulent intent

That if no damage has yet been caused, the
penalty imposable shall be one (1) degree
lower
Computer-related Identity Theft
The intentional acquisition, use, misuse,
transfer, possession, alteration or deletion of
identifying information belonging to another,
whether natural or juridical

without right:

That if no damage has yet been caused, the

penalty imposable shall be one (1) degree
lower.
 Republic Act No. 10173
“Data Privacy Act of 2012”

Sec. 3 (g) Personal information refers to any

information whether recorded in a material
form or not, from which the identity of an
individual is apparent or can be reasonably
and directly ascertained by the entity holding
the information, or when put together with
other information would directly and certainly
identify an individual.
(c) Content-related Offenses:
(1) Cybersex

(2) Child Pornography

(3) Unsolicited Commercial Communications

(4) Libel (only with respect to the original author

of the post)
 Cybersex
The willful engagement, maintenance, control, or
operation, directly or indirectly

of any lascivious exhibition of sexual organs or

sexual activity

with the aid of a computer system, for favor or

consideration.
Engaging in the business

of cyber prostitution, white slave trade

and pornography for favor or
consideration

including interactive prostitution and

pornography ie. by webcam.
 Child Pornography

The unlawful or prohibited acts defined

and punishable by Republic Act No.
9775 or the Anti-Child Pornography Act
of 2009

committed through a computer system:

That the penalty to be imposed shall be (1)
one degree higher than that provided for in
Republic Act No. 9775.

An accused charged under this section can

no longer be charged for violation of the
provisions of Republic Act No. 9775 [Double
Jeopardy].

The ACPA already punishes Child

Pornography using electronic, mechanical,
digital, optical, magnetic or any other means.
 Libel
The unlawful or prohibited acts of libel as
defined in Article 355 of the Revised Penal
Code, as amended

committed through a computer system or any

other similar means which may be devised in
the future.
SEC. 5. Other Offenses

(a) Aiding or Abetting in the Commission of

Cybercrime

(b) Attempt in the Commission of Cybercrime

[does not apply to child pornography under

Section 4 (c) (2); unsolicited commercial
communications under Section 4 (c) (3); on-line
libel under Section 4 (c) (4)]
(a) Aiding or Abetting in the Commission of
Cybercrime:

Any person

who willfully abets or aids in the commission

of any of the offenses enumerated in this Act

(b) Attempt in the Commission of
Cybercrime:

Any person

who willfully attempts to commit

any of the offenses enumerated in this Act

SEC. 6. All crimes defined and penalized by
the Revised Penal Code, as amended, and
special laws, if committed by, through and
with the use of information and
communications technologies shall be
covered by the relevant provisions of this
Act: Provided, That the penalty to be
imposed shall be one (1) degree higher than
that provided for by the Revised Penal Code,
as amended, and special laws, as the case
may be.
 Republic Act No. 10844
otherwise known as the Department of
Information and Communications Technology
Act of 2015
 Section 3

(a) Information and Communications

Technology or ICT shall mean the totality of
electronic means to access, create, collect,
store, process, receive, transmit, present and
disseminate information.
SEC. 7. Liability under Other Laws. —

A prosecution under this Act shall be without

prejudice to any liability for violation of any
provision of the Revised Penal Code, as
amended, or special laws. [except
prosecution of an offender under both
Section (c) (4) (on-line libel) and Article 353 of
the RPC (libel); and also where it pertains to
Section 4 (c) (2) (child pornography) for being
in violation of the prohibition against double
jeopardy]
SEC. 9. Corporate Liability. — When any of the
punishable acts herein defined are:

knowingly committed on behalf of or for the

benefit of a juridical person;

by a natural person acting either individually

or as part of an organ of the juridical person;
who has a leading position within, based on:

(a) a power of representation of the juridical person

provided the act committed falls within the scope of
such authority;

(b) an authority to take decisions on behalf of the

juridical person: Provided, That the act committed
falls within the scope of such authority; or

(c) an authority to exercise control within the

juridical person;
the juridical person shall be held liable for a
fine equivalent to at least double the fines
imposable in Section 7 up to a maximum of
Ten million pesos (PhP10,000,000.00).
If the commission of any of the punishable
acts herein defined was made possible due to
the lack of supervision or control by a natural
person referred to and described in the
preceding paragraph;

for the benefit of that juridical person by a

natural person acting under its authority;
the juridical person shall be held liable for a
fine equivalent to at least double the fines
imposable in Section 7 up to a maximum of
Five million pesos (PhP5,000,000.00).
The liability imposed on the juridical person
shall be without prejudice to the criminal
liability of the natural person who has
committed the offense.
SEC. 21. Jurisdiction. —

The Regional Trial Court shall have jurisdiction

over any violation of the provisions of this Act
including any violation committed by a Filipino
national regardless of the place of
commission.
Jurisdiction shall lie if any of the elements
was:

1. committed within the Philippines; or

 2. committed with the use of any computer
system wholly or partly situated in the
country; or
3. when by such commission any damage is
caused to a natural or juridical person who, at
the time the offense was committed, was in
the Philippines.
There shall be designated special cybercrime
courts manned by specially trained judges to
handle cybercrime cases.
 OCA CIRCULAR NO. 18-2017
dated 19 January 2017

Designating Commercial Courts as Cybercrime

Courts and Submission of Reports of
Cybercrime Cases
Rule on Cybercrime Warrants

Section 2.1. Venue of Criminal Actions

The criminal actions for violation of Section 4
(Cybercrime offenses) and/or Section 5
(Other offenses), Chapter II of RA 10175, shall
be filed before the designated cybercrime
court of the province or city where the offense
or any of its elements is committed, or where
any part of the computer system used is
situated, or where any of the damage caused
to a natural or juridical person took
place: Provided, that the court where the
criminal action is first filed shall acquire
jurisdiction to the exclusion of the other
courts.
All other crimes defined and penalized by
the Revised Penal Code, as amended, and
other special laws, committed by, through,
and with the use of ICT, as provided under
Section 6, Chapter II of RA 10175, shall be
filed before the regular or other specialized
regional trial courts, as the case may be.