ELECTRONIC COMMERCE ACT

a. What law punishes violations of the Electronic Commerce Act?

- Republic Act No 8792

b. What are the acts in violations of Electronic Commerce Act?

PNP Criminal Investigation Manual 2011 5 - 34 -
1. Any acts of hacking or cracking or unauthorized access into or interference in a computer
system/server or information and communication system; or any access in order to corrupt, alter, steal, or
destroy using a computer or other similar information and communication devices including the
introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or
loss of electronic data messages or electronic documents.

2. Any act of Piracy or the unauthorized copying, reproduction, dissemination, or distribution, importation,
use, removal, alteration, substitution, modification, storage, uploading, downloading, communication,
making available to the public, or broadcasting of protected material, electronic signature or copyrighted
works including legally protected sound recording or phonograms or information material on protected
works, through the use of telecommunication networks, such as, but not limited to, the internet, in a
manner that infringes intellectual property rights.

3. The access is without the knowledge and consent of the owner of the computer or information and
communications system.

4. Other analogous acts

c. What is the evidence needed to file a case for violation of Electronic Commerce Act?

1. Testimonial Evidence – Affidavit of Complainants and witnesses

2. Documentary Evidence –Cyber or Computer Forensic Results, Police records, transaction records and
other documents

3. Object Evidence - Computer and any device used to hack or crack or pirate the computer information,
Original Documents copied or pirated Documents.

4. Other relevant evidence

PNP Criminal Investigation Manual 2011 5 - 35 -
5.7 PROCEDURES IN HANDLING OF COMPUTER/CYBERCRIME CASES 5.7.1 LEGAL BASIS
- R.A. 8792 Electronic Commerce Act of 2000

- R.A. 8484 Access Device Act

5.7.2 PURPOSE The standard operating procedure prescribes a uniform and step-by-step process to be
observed by all personnel of CIDG in the conduct of investigation regarding Computer/Cybercrime cases.
5.7.3 SCOPE OF APPLICATION This procedure shall be strictly observed by investigators handling
computer/cybercrime cases. The head of office or Chief must always be informed of the disposition or
action taken on complaints. Computer and Network can be involved in crimes in several ways:
a. Computer or network can be a tool of crime (used to commit the crime)

b. Computer or network can be a target of the crime (the “victim”)

c. Computer or network can be used for incidental purposes related to the crime

5.7.4 DEFINITION OF TERMS (Based on Webster Computer Dictionary New Revised Edition)
a. Computer Server – is a computer or device on a network that manages network resources. For
example, a file server is a computer and storage device dedicated to storing files. Any user in the network
can store files on the server. A print server is a computer that manages one or more printer, and a
network server is a computer that manages network traffic. A database server is a computer system that
processes database queries.

b. Computer Network – is a collection of computers and devices connected to each other. The network
allows computers to communicate with each other and share resources and information.

c. Computer Crime – Any illegal behavior directed by means of electronic operations that targets the
security of computer systems and the data processed by them. (UN Definition)
PNP Criminal Investigation Manual 2011 5 - 36 -
d. Cyber Crime – Any illegal behavior committed by means of, or in relation to, a computer system or
network, including such crimes as illegal possession, offering or distributing information by means of a
computer system or network. (UN Definition)

e. Domain Name – is an identification label to define realms of administrative autonomy, authority, or

control in the internet, based on the Domain Name System.

f. Electronic Mail – often abbreviated as e-mail or email, is a method of exchanging digital messages,
designed primarily for human use. A message at least consists of its content, an author, address, and one
or more recipient addresses.

g. Internet Protocol (IP) Address – a numerical identification and logical address that is assigned to
devices participating in a computer network utilizing the Internet Protocol for communication.

h. Electronic Evidence – is any probative information stored or transmitted in digital form that a party to a
court case may use at trial.

i. Electronic Crime Scene - A crime scene where there are electronic evidence found.

j. Web Hosting Service – is an individual or organizations providing website or Internet hosting service
that allows individuals or organizations to provide their own website accessible via the World Wide Web.

k. Web site (Group of Web pages) – is a collection of related web pages, images, videos or other digital
assets that are addressed with a common domain name or IP address in an Internet Protocol-based
network. A web site is hosted on at least one web serer, accessible via the Internet or a private local area
network.

l. Social Network Website – a web site that focuses on building online communities of people who share
interests and/or activities, or who are interested in exploring the interests and activities of others.

m. Hacking or Cracking (Lifted from R.A. 8792 Sec 33 para A) – Refers to unauthorized access into or
interference in a computer system/server or information and communication system; or any access in
order to corrupt, alter, steal, or destroy using a computer or other similar information and communication
devices, without the knowledge and consent of the owner of the computer or information and
communications system, including the introduction of computer viruses and the like, resulting in the
corruption, destruction, alteration, theft or loss of electronic data messages or electronic documents shall
PNP Criminal Investigation Manual 2011 5 - 37 -
be punished by a minimum fine of One Hundred Thousand pesos (P 100,000.00) and a maximum
commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3)
years;

5.7.5 POLICY GUIDELINES OF COMMAND

a. Guidelines and Procedures in the Conduct of Arrested Person under Custodial Investigation (R.A. No.
7438).

b. Guidelines on Police Intervention Operations such as arrest, raid, Search and seizure and others.

c. Guidelines on PNP personnel to strictly respect and uphold Human Rights.

5.7.6 PROCEDURES
a. Walk-in Complainant

NOTE: Complaints can be handled by RCIDU or coordinated with ATCD.

1. Complaint(s) will be guided to fill up a complaint sheet and affix his/her signature.

2. Sworn statements and other necessary documents will be prepared.

3. If the nature of complaint is pertaining to Computer/Cyber Crime cases such as but not limited to:

a) Hacking/Cracking

b) Email Cases (Hacking/Threat/Extortion)

c) Identity theft or in relation to Social Networking cases

NOTE: The investigator shall determine the Internet Protocol (IP) address or Domain Name Service
(DNS) Address in question/involved in the investigation.
4. The investigator shall then conduct online WHOIS tracing on the identified IP address or Domain name
(website) to determine its Internet Service Provider (ISP) and Web Hosting Company.
PNP Criminal Investigation Manual 2011 5 - 38 -
5. If the result of the WHOIS traces to the local IP address and Local Domain Name Hosting, the
investigator shall coordinate with the ISP and Web Hosting Company through letters rogatory to preserve
the log files and further identify the owner of the IP address and the registrant of Domain Name (website).

6. Else, If the WHOIS traces foreign IP address and Foreign Domain Name Hosting, the investigator shall
coordinate with the foreign counter-part Law Enforcement Agency through Mutual Legal Assistance
Treaty (MLAT) procedures to get the information on the owner of the IP address and the registrant of
Domain Name (website). Coordination should be made with Legal Division, CIDG.

7. After the completion of the investigative requirements, the case will be filed in court for possible arrest
and conviction of the suspect. If not,pursued the solution of the case.

NOTE: All seized devices should be sent to Computer Forensic Sec, ATCD, CIDG for
Computer/Cellphone Forensic examination. (Requirements stated in Part VI para 3)
8. If the nature of the complaint is pertaining to cellphone-related cases such as but not limited to:

a. Text Scam

b. Cellphone Threat

c. Cellphone Extortion, and etc.

NOTE: The investigator shall identify the Subscriber Identity Module (SIM) Card number and its
corresponding Telecommunication Company (TELCO) carrier. (SMART/GLOBE/SUN/PLDT, etc) If the
SIM card number belongs to a local TELCO, then the investigator shall coordinate through letter
derogatory to determine the owner of the SIM card number and any logs/records pertaining to the said
SIM.
9. If the SIM card number belongs to a foreign TELCO, then the investigator shall coordinate through
letter rogatory with the foreign counter-part Law Enforcement Agency through Mutual Legal Assistance
Treaty (MLAT) procedures to get the
PNP Criminal Investigation Manual 2011 5 - 39 -
information on the owner of the SIM card number and other log/records pertaining to the said SIM.

10. After completion of the investigative requirements, the case will be filed in court for possible arrest and
conviction of the suspect. If not, pursue the solution of the case.

NOTE: All seized devices should be sent to Computer Forensic Sec, ATCD, CIDG for
Computer/Cellphone Forensic examination. (Requirements stated in Part VI para 3)