cybercrime: implementing rules and regulations

8/20/2019 Cybercrime: Implementing Rules and Regulations

1/29

Rules and Regulations Implementing

Republic Act No. 10175, Otherwise Known as the

!"bercrime #re$ention Act o% &01&'

Pursuant to the authority of the Department of Justice, Department of

Interior and Local Government, and Department of Science and Technology under

Republic ct !o" #$#%&, other'ise (no'n as the )*ybercrime Prevention ct of

+$#+, the follo'ing rules and regulations are hereby promulgated to implement

the provisions of said ct-

R()* 1

#reliminar" #ro$isions

+ection 1. Title. These Rules shall be referred to as the Implementing Rules and

Regulations of Republic ct !o" #$#%&, or the )*ybercrime Prevention ct of

+$#+"

+ection &. Declaration of Policy. . The State recogni/es the vital role of

information and communications industries, such as content production,

telecommunications, broadcasting, electronic commerce and data processing, in the

State0s overall social and economic development"

The State also recogni/es the importance of providing an environment conducive

to the development, acceleration, and rational application and e1ploitation of

information and communications technology to attain free, easy, and intelligible

access to e1change and2or delivery of information3 and the need to protect and

safeguard the integrity of computer, computer and communications systems,

net'or(s and databases, and the confidentiality, integrity, and availability of

information and data stored therein from all forms of misuse, abuse and illegal

access by ma(ing punishable under the la' such conduct or conducts"

The State shall adopt sufficient po'ers to effectively prevent and combat such

offenses by facilitating their detection, investigation and prosecution at both the

domestic and international levels, and by providing arrangements for fast and

reliable international cooperation"

1


2/29

+ection -. Definition of Terms. . The follo'ing terms are defined as follo's-

a4 Access refers to the instruction, communication 'ith, storing data in,

retrieving data from, or other'ise ma(ing use of any resources of a

computer system or communication net'or(3

b4 Act refers to Republic ct !o" #$#%& or the )*ybercrime Prevention ct of

+$#+3

c4 Alteration refers to the modification or change, in form or substance, of an

e1isting computer data or program3

d4 Central Authority refers to the D5J . 5ffice of *ybercrime3

e4 Child Pornography refers to the unla'ful or prohibited acts defined and

punishable by Republic ct !o" 6%%& or the )nti7*hild Pornography ct of

+$$6, committed through a computer system- Provided, that the penalty to

be imposed shall be one 8#4 degree higher than that provided for in Republic

ct !o" 6%%&3

f4 Collection refers to gathering and receiving information3

g4 Communication refers to the transmission of information through

information and communication technology 8I*T4 media, including voice,

video and other forms of data3

h4 Competent Authority refers to either the *ybercrime Investigation and

*oordinating *enter or the D5J . 5ffice of *ybercrime, as the case may be3

i4 Computer refers to an electronic, magnetic, optical, electrochemical, or

other data processing or communications device, or grouping of such

devices, capable of performing logical, arithmetic, routing or storagefunctions, and 'hich includes any storage facility or e9uipment or

communications facility or e9uipment directly related to or operating in

con:unction 'ith such device" It covers any type of computer device,

including devices 'ith data processing capabilities li(e mobile phones,

smart phones, computer net'or(s and other devices connected to the

internet3

2


3/29

:4 Computer data refers to any representation of facts, information, or concepts

in a form suitable for processing in a computer system, including a program

suitable to cause a computer system to perform a function, and includes

electronic documents and2or electronic data messages 'hether stored in local

computer systems or online3

(4 Computer program refers to a set of instructions e1ecuted by the computer

to achieve intended results3

l4 Computer system refers to any device or group of interconnected or related

devices, one or more of 'hich, pursuant to a program, performs automated

processing of data" It covers any type of device 'ith data processing

capabilities, including, but not limited to, computers and mobile phones" The

device consisting of hard'are and soft'are may include input, output andstorage components, 'hich may stand alone or be connected to a net'or( or

other similar devices" It also includes computer data storage devices or

media3

m4 Content Data refers to the communication content of the communication,

the meaning or purport of the communication, or the message or information

being conveyed by the communication, other than traffic data"

n4Critical infrastructure

refers to the computer systems, and2or net'or(s,

'hether physical or virtual, and2or the computer programs, computer data

and2or traffic data that are so vital to this country that the incapacity or

destruction of or interference 'ith such system and assets 'ould have a

debilitating impact on security, national or economic security, national

public health and safety, or any combination of those matters3

o4 Cybersecurity refers to the collection of tools, policies, ris( management

approaches, actions, training, best practices, assurance and technologies that

can be used to protect the cyber environment, and organi/ation and user0s

assets3

p4 National Cybersecurity Plan refers to a comprehensive plan of actions

designed to improve the security and enhance cyber resilience of

infrastructures and services" It is a top7do'n approach to cybersecurity that

contains broad policy statements and establishes a set of national ob:ectives

and priorities that should be achieved 'ithin a specific timeframe3

3


4/29

94 Cybersex refers to the 'illful engagement, maintenance, control or

operation, directly or indirectly, of any lascivious e1hibition of se1ual organs

or se1ual activity, 'ith the aid of a computer system, for favor or

consideration3

r4 Cyber refers to a computer or a computer net'or(, the electronic medium in

'hich online communication ta(es place3

s4 Database refers to a representation of information, (no'ledge, facts,

concepts or instructions 'hich are being prepared, processed or stored, or

have been prepared, processed or stored in a formali/ed manner, and 'hich

are intended for use in a computer system3

t4 Digital evidence refers to digital information that may be used as evidencein a case" The gathering of the digital information may be carried out by

confiscation of the storage media 8data carrier4, the tapping or monitoring of

net'or( traffic, or the ma(ing of digital copies 8e.g., forensic images, file

copies, etc"4, of the data held3

u4 Electronic evidence refers to evidence, the use of 'hich is sanctioned by

e1isting rules of evidence, in ascertaining in a :udicial proceeding, the truth

respecting a matter of fact, 'hich evidence is received, recorded,

transmitted, stored, processed, retrieved or produced electronically3

v4 Forensics refers to the application of investigative and analytical techni9ues

that conform to evidentiary standards, and are used in, or appropriate for, a

court of la' or other legal conte1t3

'4 Forensic image, also (no'n as a forensic copy, refers to an e1act bit7by7bit

copy of a data carrier, including slac(, unallocated space and unused space"

There are forensic tools available for ma(ing these images" ;ost tools

produce information, li(e a hash value, to ensure the integrity of the image3

14 ash value refers to the mathematical algorithm produced against digital

information 8a file, a physical dis( or a logical dis(4 thereby creating a

)digital fingerprint or )digital D! for that information" It is a one7'ay

algorithm and thus it is not possible to change digital evidence 'ithout

changing the corresponding hash values3

4


5/29

y4 !dentifying information refers to any name or number that may be used

alone or in con:unction 'ith any other information to identify any specific

individual, including any of the follo'ing-

#" !ame, date of birth, driver0s license number, passport number or ta1

identification number3

+"


6/29

ff4 %ervice provider refers to-

#" any public or private entity that provides users of its service 'ith the

ability to communicate by means of a computer system3 and

+" any other entity that processes or stores computer data on behalf of

such communication service or users of such service"

gg4 %ubscriber&s information refers to any information contained in the form of

computer data or any other form that is held by a service provider, relating

to subscribers of its services, other than traffic or content data, and by

'hich any of the follo'ing can be established-

#" The type of communication service used, the technical provisionsta(en thereto and the period of service3

+" The subscriber0s identity, postal or geographic address, telephone and

other access number, any assigned net'or( address, billing and

payment information that are available on the basis of the service

agreement or arrangement3 or

=" ny other available information on the site of the installation of

communication e9uipment that is available on the basis of the service

agreement or arrangement"

hh4 Traffic Data or Non'Content Data refers to any computer data other than

the content of the communication, including, but not limited to the

communication0s origin, destination, route, time, date, si/e, duration, or

type of underlying service3 and

ii4 (ithout )ight refers to either- 8i4 conduct underta(en 'ithout or in e1cess of

authority3 or 8ii4 conduct not covered by established legal defenses, e1cuses,

court orders, :ustifications or relevant principles under the la'"

R()* &

#unishable Acts and #enalties

!"bercrimes

6


7/29

+ection . Cybercrime $ffenses. . The follo'ing acts constitute the offense of

core cybercrime punishable under the ct-

" O%%enses against the con%identialit", integrit" and a$ailabilit" o%

computer data and s"stems shall be punished 'ith imprisonment of

prision mayor or a fine of at least T'o ?undred Thousand Pesos

8 +$$,$$$"$$4 up to a ma1imum amount commensurate to the damage₽

incurred, or both, e1cept 'ith respect to number & herein-

#" Illegal Access . The access to the 'hole or any part of a computer

system 'ithout right"

+" Illegal Interception . The interception made by technical means and

'ithout right, of any non7public transmission of computer data to, from,or 'ithin a computer system, including electromagnetic emissions from a

computer system carrying such computer data- Provided, however , That

it shall not be unla'ful for an officer, employee, or agent of a service

provider, 'hose facilities are used in the transmission of

communications, to intercept, disclose or use that communication in the

normal course of employment, 'hile engaged in any activity that is

necessary to the rendition of service or to the protection of the rights or

property of the service provider, except that the latter shall not utili/e

service observing or random monitoring other than for purposes of

mechanical or service control 9uality chec(s"

=" /ata Inter%erence . The intentional or rec(less alteration, damaging,

deletion or deterioration of computer data, electronic document or

electronic data message, 'ithout right, including the introduction or

transmission of viruses"

@" +"stem Inter%erence . The intentional alteration, or rec(less hindering

or interference 'ith the functioning of a computer or computer net'or(

by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document or electronic

data message, 'ithout right or authority, including the introduction or

transmission of viruses"

7


8/29

&" isuse o% /e$ices, 'hich shall be punished 'ith imprisonment of

prision mayor, or a fine of not more than Aive ?undred Thousand Pesos

8 &$$,$$$"$$4, or both, is committed through any of the follo'ing acts-₽

a. The use, production, sale, procurement, importation, distribution or

other'ise ma(ing available, intentionally and 'ithout right, of any of

the follo'ing-

i" device, including a computer program, designed or adapted

primarily for the purpose of committing any of the offenses

under this rules3 or

ii" computer pass'ord, access code, or similar data by 'hich the

'hole or any part of a computer system is capable of being

accessed 'ith the intent that it be used for the purpose of committing any of the offenses under this rules"

b. The possession of an item referred to in subparagraphs &8a48i4 or 8ii4

above, 'ith the intent to use said devices for the purpose of

committing any of the offenses under this section"

Provided, That no criminal liability shall attach 'hen the use, production,

sale, procurement, importation, distribution, other'ise ma(ing available,

or possession of computer devices or data referred to in this section is for

the authori/ed testing of a computer system"

If any of the punishable acts enumerated in Section @84 is committed

against critical infrastructure, the penalty of reclusion temporal , or a fine of

at least Aive ?undred Thousand Pesos 8 &$$,$$$"$$4 up to ma1imum₽

amount commensurate to the damage incurred, or both shall be imposed"

>" !omputerrelated O%%enses, 'hich shall be punished 'ith imprisonment of

prision mayor , or a fine of at least T'o ?undred Thousand Pesos

8 +$$,$$$"$$4 up to a ma1imum amount commensurate to the damage₽incurred, or both, are as follo's-

#" !omputerrelated 2orger" .

8


9/29

a" The input, alteration or deletion of any computer data 'ithout right,

resulting in inauthentic data, 'ith the intent that it be considered or

acted upon for legal purposes as if it 'ere authentic, regardless

'hether or not the data is directly readable and intelligible3 or

b" The act of (no'ingly using computer data, 'hich is the product of

computer7related forgery as defined herein, for the purpose of

perpetuating a fraudulent or dishonest design"

+" !omputerrelated 2raud . The unauthori/ed input, alteration or

deletion of computer data or program, or interference in the functioning

of a computer system, causing damage thereby 'ith fraudulent intent-

Provided, That if no damage has yet been caused, the penalty imposable

shall be one 8#4 degree lo'er"

=" !omputerrelated Identit" 3he%t . The intentional ac9uisition, use,

misuse, transfer, possession, alteration or deletion of identifying

information belonging to another, 'hether natural or :uridical, 'ithout

right- Provided, That if no damage has yet been caused, the penalty

imposable shall be one 8#4 degree lo'er"

*" !ontentrelated O%%enses-

#" ny person found guilty of *hild Pornography shall be punished in

accordance 'ith the penalties set forth in Republic ct !o" 6%%& or the

)nti7*hild Pornography ct of +$$6- Provided, That the penalty to be

imposed shall be one 8#4 degree higher than that provided for in Republic

ct !o" 6%%& if committed through a computer system"

+ection 5. $ther Cybercrimes. . The follo'ing constitute other cybercrime

offenses punishable under the ct-

#" !"bers4uatting . The ac9uisition of a domain name over the internet,in bad faith, in order to profit, mislead, destroy reputation, and deprive

others from registering the same, if such a domain name is-

a" Similar, identical, or confusingly similar to an e1isting trademar(

registered 'ith the appropriate government agency at the time of the

domain name registration3

9


10/29

b" Identical or in any 'ay similar 'ith the name of a person other than

the registrant, in case of a personal name3 and

c" c9uired 'ithout right or 'ith intellectual property interests in it"

*yber7s9uatting shall be punished 'ith imprisonment of prision mayor ,

or a fine of at least T'o ?undred Thousand Pesos 8 +$$,$$$"$$4 up to a₽

ma1imum amount commensurate to the damage incurred, or both-

Provided, That if it is committed against critical infrastructure, the

penalty of reclusion temporal , or a fine of at least Aive ?undred

Thousand Pesos 8 &$$,$$$"$$4 up to ma1imum amount commensurate to₽

the damage incurred, or both shall be imposed"

+" !"berse . The 'illful engagement, maintenance, control or operation,directly or indirectly, of any lascivious e1hibition of se1ual organs or

se1ual activity, 'ith the aid of a computer system, for favor or

consideration" ny person found guilty cyberse1 shall be punished 'ith

imprisonment of prision mayor , or a fine of at least T'o ?undred

Thousand Pesos 8 +$$,$$$"$$4, but not e1ceeding 5ne ;illion Pesos₽

8 #,$$$,$$$"$$4, or both"₽

*yberse1 involving a child shall be punished in accordance 'ith the

provision on child pornography of the ct"

Bhere the maintenance, control, or operation of cyberse1 li(e'ise

constitutes an offense punishable under Republic ct !o" 6+$C, as

amended, a prosecution under the ct shall be 'ithout pre:udice to any

liability for violation of any provision of the Revised Penal *ode, as

amended, or special la's, including R"" !o" 6+$C, consistent 'ith

Section C hereof"

=" )ibel . The unla'ful or prohibited acts of libel, as defined in rticle =&&

of the Revised Penal *ode, as amended, committed through a computer system or any other similar means 'hich may be devised in the future

shall be punished 'ith prision correccional in its ma1imum period to

prision mayor in its minimum period or a fine ranging from Si1

Thousand Pesos 8 ,$$$"$$4 up to the ma1imum amount determined by₽

*ourt, or both, in addition to the civil action 'hich may be brought by

the offended party- Provided, That this provision applies only to the

10


11/29

original author of the post or online libel, and not to others 'ho simply

receive the post and react to it"

@" Other o%%enses . The follo'ing acts shall also constitute an offense

'hich shall be punished 'ith imprisonment of one 8#4 degree lo'er than

that of the prescribed penalty for the offense, or a fine of at least 5ne

?undred Thousand Pesos 8 #$$,$$$"$$4 but not e1ceeding Aive ?undred₽

Thousand Pesos 8 &$$,$$$"$$4, or both-₽

" iding or betting in the *ommission of *ybercrime" . ny person

'ho 'illfully abets, aids, or financially benefits in the commission of

any of the offenses enumerated in the ct shall be held liable, e1cept

'ith respect to Sections @8c48+4 on *hild Pornography and @8c48@4 on

online Libel"

>" ttempt to *ommit *ybercrime" . ny person 'ho 'illfully attempts

to commit any of the offenses enumerated in the ct shall be held

liable,

e1cept 'ith respect to Sections @8c48+4 on *hild Pornography and @8c48@4

on online Libel"

Other )iabilities and #enalties

+ection 6. Corporate "iability. . Bhen any of the punishable acts herein defined

are (no'ingly committed on behalf of or for the benefit of a :uridical person, by a

natural person acting either individually or as part of an organ of the :uridical

person, 'ho has a leading position 'ithin, based on- 8a4 a po'er of representation

of the :uridical person3 8b4 an authority to ta(e decisions on behalf of the :uridical

person3 or 8c4 an authority to e1ercise control 'ithin the :uridical person, the

:uridical person shall be held liable for a fine e9uivalent to at least double the fines

imposable in Section % up to a ma1imum of Ten ;illion Pesos 8 #$,$$$,$$$"$$4"₽

If the commission of any of the punishable acts herein defined 'as made possible due to the lac( of supervision or control by a natural person referred to

and described in the preceding paragraph, for the benefit of that :uridical person by

a natural person acting under its authority, the :uridical person shall be held liable

for a fine e9uivalent to at least double the fines imposable in Section % up to a

ma1imum of Aive ;illion Pesos 8 &,$$$,$$$"$$4"₽

11


12/29

The liability imposed on the :uridical person shall be 'ithout pre:udice to

the criminal liability of the natural person 'ho has committed the offense"

+ection 7. *iolation of the )evised Penal Code+ as Amended+ Through and (ith

the ,se of !nformation and Communication Technology. . ll crimes defined

and penali/ed by the Revised Penal *ode, as amended, and special criminal la's

committed by, through and 'ith the use of information and communications

technologies shall be covered by the relevant provisions of the ct- Provided, That

the penalty to be imposed shall be one 8#4 degree higher than that provided for by

the Revised Penal *ode, as amended, and special la's, as the case may be"

+ection . "iability under $ther "a#s. . prosecution under the ct shall be

'ithout pre:udice to any liability for violation of any provision of the RevisedPenal *ode, as amended, or special la's- Provided , That this provision shall not

apply to the prosecution of an offender under 8#4 both Section @8c48@4 of R""

#$#%& and rticle =&= of the Revised Penal *ode3 and 8+4 both Section @8c48+4 of

R"" #$#%& and R"" 6%%& or the )nti7*hild Pornography ct of +$$6"

R()* -

*n%orcement and Implementation

+ection 8. "a# Enforcement Authorities. . The !ational >ureau of Investigation

8!>I4 and the Philippine !ational Police 8P!P4 shall be responsible for the

efficient and effective la' enforcement of the provisions of the ct" The !>I and

the P!P shall organi/e a cybercrime division or unit to be manned by Special

Investigators to e1clusively handle cases involving violations of the ct"

The !>I shall create a cybercrime division to be headed by at least a ?ead gent"

The P!P shall create an anti7cybercrime unit headed by at least a Police Director"

The D5J 7 5ffice of *ybercrime 855*4 created under the ct shall coordinate theefforts of the !>I and the P!P in enforcing the provisions of the ct"

+ection 10. Po#ers and Functions of "a# Enforcement Authorities. . The !>I

and P!P cybercrime unit or division shall have the follo'ing po'ers and

functions-

12


13/29

a" Investigate all cybercrimes 'here computer systems are involved3

b" *onduct data recovery and forensic analysis on computer systems and

other electronic evidence sei/ed3

c" Aormulate guidelines in investigation, forensic evidence recovery, and

forensic data analysis consistent 'ith industry standard practices3

d" Provide technological support to investigating units 'ithin the P!P and

!>I including the search, sei/ure, evidence preservation and forensic

recovery of data from crime scenes and systems used in crimes, and

provide testimonies3

e" Develop public, private sector, and la' enforcement agency relations inaddressing cybercrimes3

f" ;aintain necessary and relevant databases for statistical and2or

monitoring purposes3

g" Develop capacity 'ithin their organi/ations in order to perform such

duties necessary for the enforcement of the ct3

h" Support the formulation and enforcement of the national cybersecurity

plan3 and

i" Perform other functions as may be re9uired by the ct"

+ection 11. Duties of "a# Enforcement Authorities. . To ensure that the technical

nature of cybercrime and its prevention is given focus, and considering the

procedures involved for international cooperation, la' enforcement authorities,

specifically the computer or technology crime divisions or units responsible for the

investigation of cybercrimes, are re9uired to submit timely and regular reportsincluding pre7operation, post7operation and investigation results, and such other

documents as may be re9uired to the Department of Justice 8D5J4 . 5ffice of

*ybercrime for revie' and monitoring"

La' enforcement authorities shall act in accordance 'ith the guidelines, advisories

and procedures issued and promulgated by the competent authority in all matters

13


14/29

related to cybercrime, and utili/e the prescribed forms and templates, including,

but not limited to, preservation orders, chain of custody, consent to search, consent

to assume account2online identity and re9uest for computer forensic e1amination"

+ection 1&. Preservation and )etention of Computer Data. . The integrity of

traffic data and subscriber information shall be (ept, retained and preserved by a

service provider for a minimum period of si1 84 months from the date of the

transaction" *ontent data shall be similarly preserved for si1 84 months from the

date of receipt of the order from la' enforcement authorities re9uiring its

preservation"

La' enforcement authorities may order a one7time e1tension for another si1 84

months- Provided , That once computer data that is preserved, transmitted or stored

by a service provider is used as evidence in a case, the mere act of furnishing suchservice provider 'ith a copy of the transmittal document to the 5ffice of the

Prosecutor shall be deemed a notification to preserve the computer data until the

final termination of the case and2or as ordered by the *ourt, as the case may be"

The service provider ordered to preserve computer data shall (eep the order and its

compliance there'ith confidential"

+ection 1-. Collection of Computer Data.La' enforcement authorities, upon the

issuance of a court 'arrant, shall be authori/ed to collect or record by technical or

electronic means, and the service providers are re9uired to collect or record by

technical or electronic means and2or to cooperate and assist in the collection or

recording of computer data that are associated 'ith specified communications

transmitted by means of a computer system"

The court 'arrant re9uired under this section shall be issued or granted upon

'ritten application, after the e1amination under oath or affirmation of the applicant

and the 'itnesses he may produce, and the sho'ing that- 8#4 there are reasonable

grounds to believe that any of the crimes enumerated hereinabove has beencommitted, is being committed or is about to be committed3 8+4 there are

reasonable grounds to believe that the evidence that 'ill be obtained is essential to

the conviction of any person for, or to the solution of, or to the prevention of any

such crimes3 and 8=4 there are no other means readily available for obtaining such

evidence"

14


15/29

+ection 1. Disclosure of Computer Data. . La' enforcement authorities, upon

securing a court 'arrant, shall issue an order re9uiring any person or service

provider to disclose or submit, 'ithin seventy7t'o 8%+4 hours from receipt of such

order, subscriber0s information, traffic data or relevant data in his2its possession or

control, in relation to a valid complaint officially doc(eted and assigned for

investigation by la' enforcement authorities, and the disclosure of 'hich is

necessary and relevant for the purpose of investigation"

La' enforcement authorities shall record all s'orn complaints in their official

doc(eting system for investigation"

+ection 15. %earch+ %ei-ure and Examination of Computer Data. . Bhere a

search and sei/ure 'arrant is properly issued, the la' enforcement authorities shallli(e'ise have the follo'ing po'ers and duties-

a" Bithin the time period specified in the 'arrant, to conduct interception,

as defined in this Rules, and to-

#" Search and sei/e computer data3

+" Secure a computer system or a computer data storage medium3

=" ;a(e and retain a copy of those computer data secured3

@" ;aintain the integrity of the relevant stored computer data3

&" *onduct forensic analysis or e1amination of the computer data

storage medium3 and

" Render inaccessible or remove those computer data in the accessed

computer or computer and communications net'or("

b" Pursuant thereto, the la' enforcement authorities may order any person,

'ho has (no'ledge about the functioning of the computer system and the

measures to protect and preserve the computer data therein, to provide, as

is reasonable, the necessary information to enable the underta(ing of the

search, sei/ure and e1amination"

15


16/29

c" La' enforcement authorities may re9uest for an e1tension of time to

complete the e1amination of the computer data storage medium and to

ma(e a return thereon, but in no case for a period longer than thirty 8=$4

days from date of approval by the court"

+ection 16. Custody of Computer Data. . ll computer data, including content

and traffic data, that are e1amined under a proper 'arrant shall, 'ithin forty7eight

8@C4 hours after the e1piration of the period fi1ed therein, be deposited 'ith the

court in a sealed pac(age, and shall be accompanied by an affidavit of the la'

enforcement authority e1ecuting it, stating the dates and times covered by the

e1amination, and the la' enforcement authority 'ho may have access to the

deposit, among other relevant data" The la' enforcement authority shall also

certify that no duplicates or copies of the 'hole or any part thereof have been madeor, if made, that all such duplicates or copies are included in the pac(age deposited

'ith the court" The pac(age so deposited shall not be opened, or the recordings

replayed, or used in evidence, or their contents revealed, e1cept upon order of the

court, 'hich shall not be granted e1cept upon motion, 'ith due notice and

opportunity to be heard to the person or persons 'hose conversation or

communications have been recorded"

+ection 17. Destruction of Computer Data. .


17/29

la' enforcement authorities, shall be punished as a violation of Presidential 5rder

!o" #C+6 8entitled ) Penalizing Obstruction Of Apprehension And Prosecution Of

Criminal Offenders”4 'ith imprisonment of prision correccional in its ma1imum

period, or a fine of 5ne ?undred Thousand Pesos 8 #$$,$$$"$$4, or both for each₽

and every noncompliance 'ith an order issued by la' enforcement authorities"

+ection &0. Extent of "iability of a %ervice Provider . . F1cept as other'ise

provided in this Section, no person or party shall be sub:ect to any civil or criminal

liability in respect of a computer data for 'hich the person or party acting as a

service provider merely provides access if such liability is founded on-

a. The obligations and liabilities of the parties under a computer data3

b. The ma(ing, publication, dissemination or distribution of such computer data or any statement made in such computer data, including possible

infringement of any right subsisting in or in relation to such computer

data- Provided , That-

#" The service provider does not have actual (no'ledge, or is not a'are

of the facts or circumstances from 'hich it is apparent, that the

ma(ing, publication, dissemination or distribution of such material is

unla'ful or infringes any rights subsisting in or in relation to such

material3

+" The service provider does not (no'ingly receive a financial benefit

directly attributable to the unla'ful or infringing activity3 and

=" The service provider does not directly commit any infringement or

other unla'ful act, does not induce or cause another person or party to

commit any infringement or other unla'ful act, and2or does not

directly benefit financially from the infringing activity or unla'ful act

of another person or party- Provided, further , That nothing in this

Section shall affect-

i" ny obligation arising from contract3

ii" The obligation of a service provider as such under a licensing or

other regulatory regime established under la'3

17


18/29

iii" ny obligation imposed under any la'3 or

iv" The civil liability of any party to the e1tent that such liability

forms the basis for in:unctive relief issued by a court under any

la' re9uiring that the service provider ta(e or refrain from

actions necessary to remove, bloc( or deny access to any

computer data, or to preserve evidence of a violation of la'"

R()*

9urisdiction

+ection &1. urisdiction. The Regional Trial *ourt shall have :urisdiction over

any violation of the provisions of the ct, including any violation committed by a

Ailipino national regardless of the place of commission" Jurisdiction shall lie if anyof the elements 'as committed 'ithin the Philippines, or committed 'ith the use

of any computer system that is 'holly or partly situated in the country, or 'hen by

such commission any damage is caused to a natural or :uridical person 'ho, at the

time the offense 'as committed, 'as in the Philippines"

+ection &&. *enue. / *riminal action for violation of the ct may be filed 'ith the

RT* of the province or city 'here the cybercrime or any of its elements is

committed, or 'here any part of the computer system used is situated, or 'hereany of the damage caused to a natural or :uridical person too( place- Provided ,

That the court 'here the criminal action is first filed shall ac9uire :urisdiction to

the e1clusion of other courts"

+ection &-. Designation of Cybercrime Courts. / There shall be designated

special cybercrime courts manned by specially trained :udges to handle cybercrime

cases"

+ection &. Designation of %pecial Prosecutors and !nvestigators. / The

Secretary of Justice shall designate prosecutors and investigators 'ho shall

comprise the prosecution tas( force or division under the D5J75ffice of

*ybercrime, 'hich 'ill handle cybercrime cases in violation of the ct"

18


19/29

R()* 5

International !ooperation

+ection &5. !nternational Cooperation. . ll relevant international instruments on

international cooperation on criminal matters, and arrangements agreed on the basis of uniform or reciprocal legislation and domestic la's shall be given full

force and effect, to the 'idest e1tent possible for the purposes of investigations or

proceedings concerning crimes related to computer systems and data, or for the

collection of electronic evidence of crimes"

The D5J shall cooperate and render assistance to other contracting parties, as 'ell

as re9uest assistance from foreign states, for purposes of detection, investigation

and prosecution of offenses referred to in the ct and in the collection of evidence

in electronic form in relation thereto" The principles contained in Presidential

Decree !o" #$6 and other pertinent la's, as 'ell as e1isting e1tradition andmutual legal assistance treaties, shall apply" In this regard, the central authority

shall-

a" Provide assistance to a re9uesting State in the real7time collection of traffic

data associated 'ith specified communications in the country transmitted by

means of a computer system, 'ith respect to criminal offenses defined in the

ct for 'hich real7time collection of traffic data 'ould be available, sub:ect

to the provisions of Section #= hereof3

b" Provide assistance to a re9uesting State in the real7time collection, recording

or interception of content data of specified communications transmitted by

means of a computer system, sub:ect to the provision of Section #= hereof3

c" llo' another State to-

#" ccess publicly available stored computer data located in the country or

else'here3 or

+" ccess or receive, through a computer system located in the country,stored computer data located in another country, if the other State obtains

the la'ful and voluntary consent of the person 'ho has the la'ful

authority to disclose the data to said other State through that computer

system"

19


20/29

d" Receive a re9uest of another State for it to order or obtain the e1peditious

preservation of data stored by means of a computer system located 'ithin

the country, relative to 'hich the re9uesting State shall submit a re9uest for

mutual assistance for the search or similar access, sei/ure or similar

securing, or disclosure of the stored computer data- Provided , That-

#" re9uest for preservation of data under this section shall specify-

i" The authority see(ing the preservation3

ii" The offense that is the sub:ect of a criminal investigation or

proceedings and a brief summary of the related facts3

iii" The stored computer data to be preserved and its relationship to the

offense3

iv" The necessity of the preservation3 and

v" That the re9uesting State shall submit a re9uest for mutual assistance

for the search or similar access, sei/ure or similar securing, or

disclosure of the stored computer data"

+"


21/29

confidentiality of, or other'ise pre:udice the re9uesting State0s

investigation, it shall promptly so inform the re9uesting State" The

re9uesting State 'ill determine 'hether its re9uest should be e1ecuted3

and

&" ny preservation effected in response to the re9uest referred to in

paragraph 8d4 shall be for a period not less than si1ty 8$4 days, in order

to enable the re9uesting State to submit a re9uest for the search or similar

access, sei/ure or similar securing, or disclosure of the data" Aollo'ing

the receipt of such a re9uest, the data shall continue to be preserved

pending a decision on that re9uest"

e" ccommodate re9uest from another State to search, access, sei/e, secure, or

disclose data stored by means of a computer system located 'ithin the

country, including data that has been preserved under the previoussubsection"

The Philippine Government shall respond to the re9uest through the proper

application of international instruments, arrangements and la's, and in

accordance 'ith the follo'ing rules-

#" The re9uest shall be responded to on an e1pedited basis 'here-

i" There are grounds to believe that relevant data is particularly

vulnerable to loss or modification3 or

ii" The instruments, arrangements and la's referred to in paragraph 8b4

of this section other'ise provide for e1pedited cooperation"

+" The re9uesting State must maintain the confidentiality of the fact or the

sub:ect of re9uest for assistance and cooperation" It may only use the

re9uested information sub:ect to the conditions specified in the grant"

f" ;a(e a re9uest to any foreign state for assistance for purposes of detection,investigation and prosecution of offenses referred to in the ct3

g" The criminal offenses described under *hapter II of the ct shall be deemed

to be included as e1traditable offenses in any e1tradition treaty 'here the

Philippines is a party- Provided , That the offense is punishable under the

21


22/29

la's of both Parties concerned by deprivation of liberty for a minimum

period of at least one year or by a more severe penalty"

The Secretary of Justice shall designate appropriate State *ounsels to handle all

matters of international cooperation as provided in this Rule"

R()* 6

!ompetent Authorities

+ection &6. Cybercrime !nvestigation and Coordinating Center0 Composition.

The inter7agency body (no'n as the *ybercrime Investigation and *oordinating

*enter 8*I**4, under the administrative supervision of the 5ffice of the President,

established for policy coordination among concerned agencies and for the

formulation and enforcement of the national cyber security plan, is headed by theF1ecutive Director of the Information and *ommunications Technology 5ffice

under the Department of Science and Technology 8I*T57D5ST4 as *hairperson3

the Director of the !>I as Eice7*hairperson3 and the *hief of the P!P, the ?ead of

the D5J 5ffice of *ybercrime, and one 8#4 representative each from the private

sector, non7governmental organi/ations, and the academe as members"

The *I** members shall be constituted as an F1ecutive *ommittee and shall be

supported by Secretariats, specifically for *ybercrime, dministration, and

*ybersecurity" The Secretariats shall be manned from e1isting personnel or representatives of the participating agencies of the *I**"

The *I** may enlist the assistance of any other agency of the government

including government7o'ned and 7controlled corporations, and the follo'ing-

a" >ureau of Immigration3

b" Philippine Drug Fnforcement gency3

c" >ureau of *ustoms3

d" !ational Prosecution Service3

e" nti7;oney Laundering *ouncil3

f" Securities and F1change *ommission3

22


23/29

g" !ational Telecommunications *ommission3 and

h" Such other offices, agencies and2or units, as may be necessary"

The D5J 5ffice of *ybercrime shall serve as the *ybercrime 5perations *enter of

the *I** and shall submit periodic reports to the *I**"

Participation and representation in the Secretariat and2or 5perations *enter does

not re9uire physical presence, but may be done through electronic modes such as

email, audio7visual conference calls, and the li(e"

+ection &7. Po#ers and Functions. . The *I** shall have the follo'ing po'ers

and functions-

a" Aormulate a national cybersecurity plan and e1tend immediate assistance

for the suppression of real7time commission of cybercrime offenses

through a computer emergency response team 8*FRT43

b" *oordinate the preparation of appropriate and effective measures to

prevent and suppress cybercrime activities as provided for in the ct3

c" ;onitor cybercrime cases being handled by participating la'

enforcement and prosecution agencies3

d" Aacilitate international cooperation on intelligence, investigations,

training and capacity7building related to cybercrime prevention,

suppression and prosecution through the D5J75ffice of *ybercrime3

e" *oordinate the support and participation of the business sector, local

government units and !G5s in cybercrime prevention programs and

other related pro:ects3

f" Recommend the enactment of appropriate la's, issuances, measures and

policies3

g" *all upon any government agency to render assistance in the

accomplishment of the *I**0s mandated tas(s and functions3

23


24/29

h" Fstablish and perform community a'areness program on cybercrime

prevention in coordination 'ith la' enforcement authorities and

sta(eholders3 and

i" Perform all other matters related to cybercrime prevention and

suppression, including capacity7building and such other functions and

duties as may be necessary for the proper implementation of the ct"

+ection &. Department of ustice 1D$20 Functions and Duties. The D5J7

5ffice of *ybercrime 855*4, designated as the central authority in all matters

related to international mutual assistance and e1tradition, and the *ybercrime

5perations *enter of the *I**, shall have the follo'ing functions and duties-

a" ct as a competent authority for all re9uests for assistance for investigation or proceedings concerning cybercrimes, facilitate the

provisions of legal or technical advice, preservation and production of

data, collection of evidence, giving legal information and location of

suspects3

b" ct on complaints2referrals, and cause the investigation and prosecution

of cybercrimes and other violations of the ct3

c" Issue preservation orders addressed to service providers3

d" dminister oaths, issue subpoena and summon 'itnesses to appear in an

investigation or proceedings for cybercrime3

e" Re9uire the submission of timely and regular reports including pre7

operation, post7operation and investigation results, and such other

documents from the P!P and !>I for monitoring and revie'3

f" ;onitor the compliance of the service providers 'ith the provisions of

*hapter IE of the ct, and Rules % and C hereof3

g" Aacilitate international cooperation 'ith other la' enforcement agencies

on intelligence, investigations, training and capacity7building related to

cybercrime prevention, suppression and prosecution3

24


25/29

h" Issue and promulgate guidelines, advisories, and procedures in all matters

related to cybercrime investigation, forensic evidence recovery, and

forensic data analysis consistent 'ith industry standard practices3

i" Prescribe forms and templates, including, but not limited to, those for

preservation orders, chain of custody, consent to search, consent to

assume account2online identity, and re9uest for computer forensic

e1amination3

:"


26/29

@" Issuing relevant alerts and advisories on emerging threats to computer

security"

&" *oordinating cyber security incident responses 'ith trusted third parties

at the national and international levels3 and

" *onducting technical training on cyber security and related topics"

The Philippine !ational Police and the !ational >ureau of Investigation shall serve

as the field operations arm of the *FRT" The *FRT may also enlist other

government agencies to perform *FRT functions"

RULE 7

Duties of Service Providers

+ection -0. Duties of a %ervice Provider. . The follo'ing are the duties of a

service provider-

a" Preserve the integrity of traffic data and subscriber information for a

minimum period of si1 84 months from the date of the transaction3

b" Preserve the integrity of content data for si1 84 months from the date of

receipt of the order from la' enforcement or competent authorities

re9uiring its preservation3

c" Preserve the integrity of computer data for an e1tended period of si1 84

months from the date of receipt of the order from la' enforcement or

competent authorities re9uiring e1tension on its preservation3

d" Preserve the integrity of computer data until the final termination of the

case and2or as ordered by the *ourt, as the case may be, upon receipt of a

copy of the transmittal document to the 5ffice of the Prosecutor3

e" Fnsure the confidentiality of the preservation orders and its compliance3

f" *ollect or record by technical or electronic means, and2or cooperate and

assist la' enforcement or competent authorities in the collection or

recording of computer data that are associated 'ith specified

26


27/29

communications transmitted by means of a computer system, in relation

to Section #= hereof3

g" Disclose or submit subscriber0s information, traffic data or relevant data

in his2its possession or control to la' enforcement or competent

authorities 'ithin seventy7t'o 8%+4 hours after receipt of order and2or

copy of the court 'arrant3

h" Report to the D5J . 5ffice of *ybercrime compliance 'ith the

provisions of *hapter IE of the ct, and Rules % and C hereof3

i" Immediately and completely destroy the computer data sub:ect of a

preservation and e1amination after the e1piration of the period provided

in Sections #= and #& of the ct3 and

:" Perform such other duties as may be necessary and proper to carry into

effect the provisions of the ct"

+ection -1. Duties of a %ervice Provider in Child Pornography Cases. / In line

'ith R6%%& or the )nti7*hild Pornography ct of +$$6, the follo'ing are the

duties of a service provider in child pornography cases-

#" n internet service provider 8ISP42internet content host shall install

available technology, program or soft'are, such as, but not limited to,

system2technology that produces hash value or any similar calculation, to

ensure that access to or transmittal of any form of child pornography 'ill

be bloc(ed or filtered3

+" Service providers shall immediately notify la' enforcement authorities

'ithin seven 8%4 days of facts and circumstances relating to any form

child pornography that passes through or are being committed in their

system3 and

=" service provider or any person in possession of traffic data or

subscriber0s information, shall, upon the re9uest of la' enforcement or

competent authorities, furnish the particulars of users 'ho gained or

attempted to gain access to an internet address that contains any form of

child pornography" ISPs shall also preserve customer data records,

specifically the time, origin, and destination of access, for purposes of

27


28/29

investigation and prosecution by relevant authorities under Sections 6

and ## of R"" 6%%&"

RULE 8

Prescribed Forms and Procedures

+*!. -&. Prescribed Forms and Procedures. The D5J . 5ffice of *ybercrime

shall issue and promulgate guidelines, advisories, and procedures in all matters

related to cybercrime, investigation, forensic evidence recovery, and forensic data

analysis consistent 'ith international best practices, in accordance 'ith Section

+C8h4 and 8i4 hereof"

It shall also prescribe forms and templates such as, but not limited to, preservation

orders, chain of custody, consent to search, consent to assume account2onlineidentity, re9uest for computer forensic assistance, 'rite7bloc(ing device validation

and first responder chec(list"

R()* 8

2inal #ro$isions

+*!. --. Appropriations. The amount of Aifty ;illion Pesos 8 &$,$$$,$$$"$$4₽

shall be appropriated annually for the implementation of the ct under the fiscalmanagement of D5J 7 5ffice of *ybercrime"

+ection -. %eparability Clause. If any provision of these Rules is held invalid,

the other provisions not affected shall remain in full force and effect"

+ection -5. )epealing Clause. ll rules and regulations inconsistent 'ith these

Rules are hereby repealed or modified accordingly"

+ection -6. Effectivity. These rules and regulations shall ta(e effect fifteen 8#&4

days after the completion of its publication in at least t'o 8+4 ne'spapers of

general circulation"

28


29/29

D5!F in the *ity of ;anila, this HHHH of HHHHHHHHHHHHHHH +$#&"

AN(*) A. RO:A+ II

Secretary

Department of Interior and Local

Government

ARIO ;. ON3*9O

Secretary

Department of Science and Technology

)*I)A . /* )IA

Secretary

Department of Justice

cybercrime: implementing rules and regulations

Documents