Republic Act No.

10175, or the Cybercrime Prevention Act of 2012

Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, was signed into law by President
Aquino on Sept. 12, 2012.

RA 10175 punishes content-related offenses such as cybersex, child pornography and libel which may
be committed through a computer system. It also penalizes unsolicited commercial communication or
content that advertises or sells products or services.

But there are exemptions relating to the sending of unsolicited material: It is not a crime if there is prior
consent from the recipient, the communication is an announcement from the sender to users, and if
there is an easy, reliable way for the recipient to reject it, among others.

The law also penalizes offenses against the confidentiality, integrity and availability of computer data
and system, such as illegal access, illegal interference, data interference, system interference, misuse of
devices, and cybersquatting.

It defines cybersquatting as the acquisition of a domain name on the Internet in bad faith or with the
intent to profit, mislead, destroy one’s reputation or deprive others from registering the same domain
name. Also covered by the law are computer-related forgery, fraud and identity theft.
As many as 87 percent of Filipino Internet users were identified as victims of crimes and malicious
activities committed online, according to a November 2012 primer released by the DOJ, which quoted
a 2010 report of the security software firm Symantec.

These included being victimized in activities such as malware (virus and Trojan) invasion, online or
phishing scams and sexual predation.

From 2003 to 2012, the Anti-Transnational Crime Division of the Criminal Investigation and Detection
Group of the Philippine National Police looked into 2,778 referred cases of computer crimes from
government agencies and private individuals nationwide.

History
The Cybercrime Prevention Act of 2012 is the one of the first law in the Philippines which specifically
criminalizes computer crime, which prior to the passage of the law had no strong legal precedent in
Philippine jurisprudence. While laws such as the Electronic Commerce Act of 2000 (Republic Act No.
8792) regulated certain computer-related activities, these laws did not provide a legal basis for
criminalizing crimes committed on a computer in general.
The first draft of the law started in 2001 under the Legal and Regulatory Committee of the former
Information Technology and eCommerce Council (ITECC) which is the forerunner of the Commission
on Information and Communication Technology (CICT). It was headed by former Secretary Virgilio
"Ver" Peña and the committee was chaired by Atty. Claro Parlade (+). It was an initiative of the
Information Security and Privacy Sub-Committee chaired by Albert Dela Cruz who was the President
of PHCERT together with then Anti-Computer Crime and Fraud Division Chief, Atty. Elfren Meneses
of the NBI. The administrative and operational functions was provided by the Presidential Management
Staff (PMS) acting as the CICT secretariat.[10]
This was superseded by several cybercrime-related bills filed in the 14th and 15th Congress. The
Cybercrime Prevention Act ultimately was the product of House Bill No. 5808, authored by
Representative Susan Yap-Sulit of the second district of Tarlac and 36 other co-authors, and Senate Bill
No. 2796, proposed by Senator Edgardo Angara. Both bills were passed by their respective chambers
within one day of each other on June 5 and 4, 2012, respectively, shortly after the impeachment of
Renato Corona, and the final version of the Act was signed into law by President Benigno Aquino
III on September 12.

The Cybercrime Prevention Act of 2012 (CPA) defines the following as cybercrimes:

 offences against the confidentiality, integrity and availability of computer data and systems
(illegal access, illegal interception, data interference, system interference, misuse of devices and
cybersquatting);
 computer-related offences (computer-related forgery, computer-related fraud and computer-
related identity theft); and
 content-related offences (cybersex, child pornography, unsolicited commercial communications
and libel).

Cybercrime Prevention Act specifically penalizes sixteen types of cybercrime. They are:
1. Illegal access
Unauthorized access (without right) to a computer system or application.

2. Illegal interception
Unauthorized interception of any non-public transmission of computer data to, from, or within a
computer system.

3. Data Interference

Unauthorized alteration, damaging, deletion or deterioration of computer data, electronic document, or

electronic data message, and including the introduction or transmission of viruses.Authorized action
can also be covered by this provision if the action of the person went beyond agreed scope resulting to
damages stated in this provision.

4. System Interference

Unauthorized hindering or interference with the functioning of a computer or computer network by

inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or
program, electronic document, or electronic data messages, and including the introduction or
transmission of viruses.Authorized action can also be covered by this provision if the action of the
person went beyond agreed scope resulting to damages stated in this provision.

5. Misuse of devices

The unauthorized use, possession, production, sale, procurement, importation, distribution, or

otherwise making available, of devices, computer program designed or adapted for the purpose of
committing any of the offenses stated in Republic Act 10175.Unauthorized use of computer password,
access code, or similar data by which the whole or any part of a computer system is capable of being
accessed with intent that it be used for the purpose of committing any of the offenses under Republic
Act 10175.

6. Cyber-squatting

Acquisition of domain name over the Internet in bad faith to profit, mislead, destroy reputation, and
deprive others from the registering the same. This includes those existing trademark at the time of
registration; names of persons other than the registrant; and acquired with intellectual property interests
in it.Those who get domain names of prominent brands and individuals which in turn is used to damage
their reputation – can be sued under this provision.Note that freedom of expression and infringement on
trademarks or names of person are usually treated separately. A party can exercise freedom of
expression without necessarily violating the trademarks of a brand or names of persons.

7. Computer-related Forgery

Unauthorized input, alteration, or deletion of computer data resulting to inauthentic data with the intent
that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not
the data is directly readable and intelligible; orThe act of knowingly using computer data which is the
product of computer-related forgery as defined here, for the purpose of perpetuating a fraudulent or
dishonest design.
8. Computer-related Fraud

Unauthorized input, alteration, or deletion of computer data or program or interference in the

functioning of a computer system, causing damage thereby with fraudulent intent.

9. Computer-related Identity Theft

Unauthorized acquisition, use, misuse, transfer, possession, alteration or deletion of identifying

information belonging to another, whether natural or juridical.

10. Cybersex

Willful engagement, maintenance, control, or operation, directly or indirectly, of any lascivious

exhibition of sexual organs or sexual activity, with the aid of a computer system, for favor or
consideration.There is a discussion on this matter if it involves “couples” or “people in relationship”
who engage in cybersex. For as long it is not done for favor or consideration, I don’t think it will be
covered. However, if one party (in a couple or relationship) sues claiming to be forced to do cybersex,
then it can be covered.

11. Child Pornography

Unlawful or prohibited acts defined and punishable by Republic Act No. 9775 or the Anti-Child
Pornography Act of 2009, committed through a computer system.

12. Libel

Unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code, as amended
committed through a computer system or any other similar means which may be devised in the
future.Revised Penal Code Art. 355 states Libel means by writings or similar means. — A libel
committed by means of writing, printing, lithography, engraving, radio, phonograph, painting,
theatrical exhibition, cinematographic exhibition, or any similar means, shall be punished by prision
correccional in its minimum and medium periods or a fine ranging from 200 to 6,000 pesos, or both, in
addition to the civil action which may be brought by the offended party.The Cybercrime Prevention
Act strengthened libel in terms of penalty provisions.The electronic counterpart of libel has been
recognized since the year 2000 when the E-Commerce Law was passed. The E-Commerce Law
empowered all existing laws to recognize its electronic counterpart whether commercial or not in
nature.

13. Aiding or Abetting in the commission of cybercrime – Any person who willfully abets or aids in
the commission of any of the offenses enumerated in this Act shall be held liable.

14. Attempt in the commission of cybercrime Any person who willfully attempts to commit any
of the offenses enumerated in this Act shall be held liable.

15. All crimes defined and penalized by the Revised Penal Code, as amended, and special laws, if
committed by, through and with the use of information and communications technologies shall
be covered by the relevant provisions of this Act.
Although not exactly a cybercrime, I am including this here as penalties are also imposed by the law.

16. Corporate Liability. (Section 9)

When any of the punishable acts herein defined are knowingly committed on behalf of or for the
benefit of a juridical person, by a natural person acting either individually or as part of an organ of the
juridical person, who has a leading position within, based on:(a) a power of representation of the
juridical person provided the act committed falls within the scope of such authority;(b) an authority to
take decisions on behalf of the juridical person. Provided, That the act committed falls within the scope
of such authority; or(c) an authority to exercise control within the juridical person,It also includes
commission of any of the punishable acts made possible due to the lack of supervision or control.

Responsibilities of the Philippine National Police (PNP) and National Bureau of Investigation
(NBI)

The CPA appointed the National Bureau of Investigation (NBI) and Philippine National Police (PNP)
as enforcement authorities, and regulates their access to computer data, creating the Cybercrime
Investigation and Coordinating Center (CICC) as an inter-agency body for policy coordination and
enforcement of the national cybersecurity plan, and an Office of Cybercrime within the Department of
Justice (DOJ-OC) for international mutual assistance and extradition.

The law gave police authorities the mandate it needs to initiate an investigation to process the various
complaints/report it gets from citizens. There are instances of online attacks, done anonymously, where
victims approach police authorities for help. They often find themselves lost in getting investigation
assistance as police authorities can’t effectively initiate an investigation (only do special request) – as
their legal authority to request for logs or data does not exist at all unless a case is already filed. (which
in case of anonymously done – will be hard to initiate)

This law gives citizen victims, regardless of stature, the necessary investigation assistance they deserve.

The PNP and NBI shall be responsible for the enforcement of this law. This includes:
(a) The PNP and NBI are mandated to organize a cybercrime unit or center manned by special
investigators to exclusively handle cases involving violations of this Act. (Section 10).
(b) The PNP and NBI are required to submit timely and regular reports including pre-operation, post-
operation, and investigation results and such other documents as may be required to the Department of
Justice for review and monitoring. (Section 11)

OBJECTIVES:
1. To inform students of the country’s standing policies on cyber security policies in order to
increase awareness of the risks in the cyber world and discourage any practice that might be
considered violations of our cyber security.
2. To enable students to understand the importance of cyber security awareness and its
implications especially during these times when information is mostly communicated online.
3. To help students apply knowledge on cyber security to protect themselves from possible cyber
threats and cyber attacks and encourage them to report actual knowledge of such violations.