THE CYBER CRIME

AND ENVIROMENTAL
LAWS
INTRODUCTION
• This course covers an overview of cybercrime, including a basic
understanding of computer technology, history of
• cybercrimes, nature and types of cybercrimes, incident response,
collection and preservation; digital investigative plan, and the
applicable
• legal provision. This also covers the study of the concepts and
principles of environment specifically on ecosystem and
biodiversity, various
• threats to their existence and its impact on humankind. It includes
the study of relevant environmental laws and jurisprudence, the
detection,
• investigation, and gathering of evidence in the prosecution of cases
 RA 10175
• AN ACT DEFINING CYBERCRIME, PROVIDING FOR
THE PREVENTION, INVESTIGATION, SUPPRESSION
AND THE IMPOSITION OF PENALTIES THEREFOR AND
FOR OTHER PURPOSES
• Cybercrime Offenses. – The following acts constitute the
offense of core cybercrime punishable under the
• A. Offenses against the confidentiality, integrity and
availability of computer data and systems shall be punished
with imprisonment of prision mayor or a fine of at least Two
Hundred Thousand Pesos (P200,000.00) up to a maximum
amount commensurate to the damage incurred, or both
The following are the cybercrime offenses
• 1. Illegal Access – The access to the whole or any part of a computer system without right.
• 2. Illegal Interception – The interception made by technical means and without right, of any nonpublic
transmission of computer data to, from, or within a computer system, including electromagnetic emissions
from a computer system carrying such computer data: Provided, however, That it shall not be unlawful for
an officer, employee, or agent of a service provider, whose facilities are used in the transmission of
communications, to intercept, disclose or use that communication in the normal course of employment,
while engaged in any activity that is necessary to the rendition of service or to the protection of the rights
or property of the service provider, except that the latter shall not utilize service observing or random
monitoring other than for purposes of mechanical or service control quality checks.
• 3. Data Interference – The intentional or reckless alteration, damaging, deletion or deterioration of
computer data, electronic document or electronic data message, without right, including the introduction or
transmission of viruses.
• 4. System Interference – The intentional alteration, or reckless hindering or interference with the
functioning of a computer or computer network by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data or program, electronic document or electronic data
message, without right or authority, including the introduction or transmission of viruses.
• 5. Misuse of Devices, which shall be punished with imprisonment of prision mayor, or a fine of not more
than Five Hundred Thousand Pesos (P500,000.00), or both, is committed through any of the following acts:
• B. Computer-related Offenses, which shall be punished with imprisonment of prision mayor, or a fine of at least Two Hundred
Thousand Pesos (P200,000.00) up to a maximum amount commensurate to the damage incurred, or both, are as follows:
• 1. Computer-related Forgery – a. The input, alteration or deletion of any computer data without right, resulting in inauthentic
data, with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the
data is directly readable and intelligible; or Instructional Module on Introduction to Cyber Crime and Environmental Laws 38
• b. The act of knowingly using computer data, which is the product of computer-related forgery as defined herein, for the
purpose of perpetuating a fraudulent or dishonest design.
• 2. Computer-related Fraud – The unauthorized “Input, alteration or deletion of computer data or program, or interference in the
functioning of a computer system, causing damage thereby with fraudulent intent: Provided, That if no damage has yet been
caused, the penalty imposable shall be one (1) degree lower.
• 3. Computer-related Identity Theft – The intentional acquisition, use, misuse, transfer, possession, alteration or deletion of
identifying information belonging to another, whether natural or juridical, without right: Provided, That if no damage has yet
been caused, the penalty imposable shall be one (1) degree lower.
• C. Content-related Offenses:
• 1. Any person found guilty of Child Pornography shall be punished in accordance with the penalties set forth in Republic Act
No. 9775 or the “Anti-Child Pornography Act of 2009”: Provided, That the penalty to be imposed shall be one (1) degree
higher than that provided for in Republic Act No. 9775 if committed through a computer system.
• Other Cybercrimes. – The following constitute other cybercrime offenses punishable under the Act:
• 1. Cyber-squatting – The acquisition of a domain name over the internet, in bad faith, in order to profit, mislead, destroy
reputation, and deprive others from registering the same

Cyber-squatting shall be punished with imprisonment of prision mayor, or a fine of at least Two Hundred
Thousand Pesos (P200,000.00) up to a maximum amount commensurate to the damage incurred, or
both: Provided, That if it is committed against critical infrastructure, the penalty of reclusion temporal, or a
fine of at least Five Hundred Thousand Pesos (P500,000.00) up to maximum amount commensurate to the
damage incurred, or both shall be imposed.
• 2. Cybersex – The willful engagement, maintenance, control or operation, directly or indirectly, of any lascivious exhibition of sexual
organs or sexual activity, with the aid of a computer system, for favor or consideration. Any person found guilty cybersex shall be
punished with imprisonment of prision mayor, or a fine of at least Two Hundred Thousand Pesos (P200,000.00), but not exceeding One
Million Pesos (P1,000,000.00), or both.
punishable under Republic Act No. 9208, as amended, a prosecution under the Act shall be without prejudice to any liability for violation
of any provision of the Revised Penal Code, as amended, or special laws, including R.A. No. 9208, consistent with Section 8
3. Libel – The unlawful or prohibited acts of libel, as defined in Article 355 of the Revised Penal Code, as
amended, committed through a computer system or any other similar means which may be devised in the
future shall be punished with prision correccional in its maximum period to prision mayor in its minimum
period or a fine ranging from Six Thousand Pesos (P6,000.00) up to the maximum amount determined by
Court, or both, in addition to the civil action which may be brought by the offended party: Provided, That
this provision applies only to the original author of the post or online libel, and not to others who simply
receive the post and react to it.
4. Other offenses – The following acts shall also constitute an offense which shall be punished with
imprisonment of one (1) degree lower than that of the prescribed penalty for the offense, or a fine of at least One Hundred Thousand Pesos
(P100,000.00) but not exceeding Five Hundred Thousand Pesos
(P500,000.00)
A. Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully abets, aids, or
financially benefits in the commission of any of the offenses enumerated in the Act shall be held
liable, except with respect to Sections 4(c)(2) on Child Pornography and 4(c)(4) on online Libel.
B. Attempt to Commit Cybercrime. – Any person who willfully attempts to commit any of the offenses
enumerated in the Act shall be held liable, except with respect to Sections 4(c)(2) on Child
Pornography and 4(c)(4) on online Libel.
• Corporate Liability. – When any of the punishable acts herein
defined are knowingly committed on behalf of or for the
benefit of a juridical person, by a natural person acting either
individually or as part of an organ of the juridical person, who
has a leading position within, based on: (a) a power of
representation of the juridical person; (b) an authority to take
decisions on behalf of the juridical person; or (c) an authority
to exercise control within the juridical person, the juridical
person shall be held liable for a fine equivalent to at least
double the fines imposable in Section 7 up to a maximum of
Ten Million Pesos (P10,000,000.00).
• Violation of the Revised Penal Code, as Amended, Through
and With the Use of Information and Communication
Technology. – All crimes defined and penalized by the Revised
Penal Code, as amended, and special criminal laws committed
by, through and with the use of information and
communications technologies shall be covered by the relevant
provisions of the Act: Provided, That the penalty to be imposed
shall be one (1) degree higher than that provided for by the
Revised Penal Code, as amended, and special laws
• Liability under Other Laws. – A prosecution under the Act shall be without prejudice to
any liability for violation of any provision of the Revised Penal Code, as amended, or
special laws: Provided, That this provision shall not apply to the prosecution of an
offender under (1) both Section 4(c)(4) of R.A. 10175 and Article 353 of the Revised
Penal Code; and (2) both Section 4(c)(2) of R.A. 10175 and R.A. 9775 or the
• “Anti-Child Pornography Act of 2009”.
Enforcement and Implementation
• Law Enforcement Authorities. – The National Bureau of Investigation (NBI) and the
Philippine National Police (PNP) shall be responsible for the efficient and effective law
enforcement of the provisions of the Act. The NBI and the PNP shall organize a
cybercrime division or unit to be manned by Special Investigators to exclusively handle
cases involving violations of the Act.The NBI shall create a cybercrime division to be
headed by at least a Head Agent. The PNP shall create an anti-cybercrime unit headed by
at least a Police Director.
• The DOJ – Office of Cybercrime (OOC) created under the Act shall coordinate the
efforts of the NBI and the PNP in enforcing the provisions of the Act.
 RA 9995
• This law is geared towards the prohibition of taking photo or video
coverage of a person or group of persons performing sexual act or any
similar activity or to capture an image of the private area of a person/s such
as the naked or undergarment clad genitals, public area, buttocks or female
breast without the consent of the person/s involved and under
circumstances in which the person/s has/have a reasonable expectation of
privacy; Copying or reproduction, or cause to be copied or reproduced,
such photo or video or recording of sexual act or any similar activity with
or without consideration; Selling and distribution or cause to be sold or
distributed, such photo or video or recording of sexual act, whether it be
the original copy or reproduction thereof; or publishing and broadcasting,
or cause to be published or broadcast, whether in print or broadcast media,
or show or exhibit the photo or video coverage or recordings of such
sexual act or any similar activity through VCD/DVD,
 RA 9775
• Unlawful or Prohibited Acts. – It shall be unlawful for any person:
• (a) To hire, employ, use, persuade, induce or coerce a child to perform in the creation or production of
• any form of child pornography;
• (b) To produce, direct, manufacture or create any form of child pornography;
• (c) To publish offer, transmit, sell, distribute, broadcast, advertise, promote, export or import any form of
• child pornography;
• (d) To possess any form of child pornography with the intent to sell, distribute, publish, or broadcast:
• Provided. That possession of three (3) or more articles of child pornography of the same form shall be
• prima facie evidence of the intent to sell, distribute, publish or broadcast;
• (e) To knowingly, willfully and intentionally provide a venue for the commission of prohibited acts as, but
• not limited to, dens, private rooms, cubicles, cinemas, houses or in establishments purporting to be a
• legitimate business;
• (f) For film distributors, theaters and telecommunication companies, by themselves or in cooperation with
• other entities, to distribute any form of child pornography;
• (g) For a parent, legal guardian or person having custody or control of a child to knowingly permit the
• child to engage, participate or assist in any form of child pornography;
• (h) To engage in the luring or grooming of a child;
• (i) To engage in pandering of any form of child pornography;
• (j) To willfully access any form of child pornography;
• (k) To conspire to commit any of the prohibited acts stated in this section. Conspiracy to commit any form
• of child pornography shall be committed when two (2) or more persons come to an agreement concerning
• the commission of any of the said prohibited acts and decide to commit it; and (l) To possess any form of child pornography.
• Syndicated Child Pornography – The crime of child pornography is deemed committed by a syndicate
if carried out by a group of three (3) or more persons conspiring or confederating with one another
and shall be punished under Section 15(a) of this Act.
• Who May File a Complaint. – Complaints on cases of any form of child pornography and other
offenses punishable under this Act may be filed by the following:
• (a) Offended party;
• (b) Parents or guardians;
• (c) Ascendant or collateral relative within the third degree of consanguinity;
• (d) Officer, social worker or representative of a licensed child-caring institution;
• (e) Officer or social worker of the Department of Social Welfare and Development (DSWD);
• (f) Local social welfare development officer;
• (g) Barangay chairman;
• (h) Any law enforcement officer;
• (i) At least three (3) concerned responsible citizens residing in the place where the violation
• occurred; or
• (j) Any person who has personal knowledge of the circumstances of the commission of any
• offense under this Act
• What is the “Access Devices Regulation Act of 1998”?
• It is Republic Act No. 8484, which is an act regulating the issuance and use of access
devices and prohibiting the fraudulent acts committed relative thereto, among others.
By enacting this legislation, the State recognizes the recent advances in technology
and the widespread use of access devices in commercial transactions.
• What is an “Access Device”?
• It is any card, plate, code, account number, electronic serial number, personal
identification number, or other telecommunications service, equipment, or
instrumental identifier, or other means of account access
• that can be used to obtain money, good, services, or any other thing of value or to
initiate a transfer of funds (other than a transfer originated solely by paper
instrument). It includes a credit card.
• What is a “credit card”?
• It is any card, plate, coupon book, or other credit device existing for the purpose of
obtaining money, goods, property, labor or services or any thing of value on credit.
• Republic Act No. 11449 amends Republic Act No. 8484 also
known as the Access Devices Regulation
• Act of 1998, to impose stiffer penalties to crimes involving
skimming, forging of credit and debit cards, as well as
possession of devices used to illegally access bank systems and
accounts.
• The state declares that the commission of a crime using access
devices is a form of economic sabotage and a heinous crime
and shall be punishable to the maximum level allowed by law.
• The National Privacy Commission, which was created to
enforce RA 10173, will check whether
• companies are compliant based on a company having 5
elements:
• 1. Appointing a Data Protection Officer
• 2. Conducting a privacy impact assessment
• 3. Creating a privacy knowledge management program
• 4. Implementing a privacy and data protection policy
• 5. Exercising a breach reporting procedure
 PENALTIES
• The unauthorized processing of personal information shall be penalized
by imprisonment ranging from one (1) year to three (3) years and a fine
of not less than Five hundred thousand pesos (Php500,000.00) but not
more than Two million pesos (Php2,000,000.00) shall be imposed on
persons who process personal information without the consent of the data
subject, or without being authorized under this Act or any existing law
• (b) The unauthorized processing of personal sensitive information shall
be penalized by imprisonment ranging from three (3) years to six (6)
years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than Four million pesos
(Php4,000,000.00) shall be imposed on persons who process personal
information without the consent of the data subject, or without being
authorized under this Act or any existing law
• Improper Disposal of Personal Information and Sensitive Personal Information. – (a)
The improper
• disposal of personal information shall be penalized by imprisonment ranging from six
(6) months to two (2) years and a fine of not less than One hundred thousand pesos
(Php100,000.00) but not more than Five hundred thousand pesos (Php500,000.00)
shall be imposed on persons who knowingly or negligently dispose, discard or
abandon the personal information of an individual in an area accessible to the public
or has otherwise placed the personal information of an individual in its container for
trash collection.
• (b) The improper disposal of sensitive personal information shall be penalized by
imprisonment ranging from one (1) year to three (3) years and a fine of not less than
One hundred thousand pesos (Php100,000.00) but not more than One million pesos
(Php1,000,000.00) shall be imposed on persons who knowingly or negligently
dispose, discard or abandon the personal information of an individual in an area
accessible to the public or has otherwise placed the personal information of an
individual in its container for trash collection.
• Processing of Personal Information and Sensitive Personal
Information for Unauthorized Purposes. – The processing of
personal information for unauthorized purposes shall be
penalized by imprisonment ranging from one (1) year and six
(6) months to five (5) years and a fine of not less than Five
hundred thousand pesos (Php500,000.00) but not more than
One million pesos (Php1,000,000.00) shall be imposed on
persons processing personal information for purposes not
authorized by the data subject, or otherwise authorized under
this Act or under existing laws
• Unauthorized Access or Intentional Breach. – The penalty of imprisonment
ranging from one (1) year to three (3) years and a fine of not less than Five
hundred thousand pesos (Php500,000.00) but not more than Two million pesos
(Php2,000,000.00) shall be imposed on persons who knowingly and unlawfully,
or violating data confidentiality and security data systems, breaks in any way
into any system where personal and sensitive personal information is stored.
• Concealment of Security Breaches Involving Sensitive Personal
Information. – The penalty of imprisonment of one (1) year and six (6) months
to five (5) years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than One million pesos (Php1,000,000.00) shall
be imposed on persons who, after having knowledge of a security breach and of
the obligation to notify the Commission pursuant to Section 20(f), intentionally
or by omission conceals the fact of such security breach.
• Malicious Disclosure. – Any personal information controller or personal information processor or any of
its officials, employees or agents, who, with malice or in bad faith, discloses unwarranted or false
information relative to any personal information or personal sensitive information obtained by him or
her, shall be subject to imprisonment ranging from one (1) year and six (6) months to five (5) years and a
fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos
(Php1,000,000.00).

Unauthorized Disclosure. – (a) Any personal information controller or personal information processor or
any of its officials, employees or agents, who discloses to a third party personal information not covered
by the immediately preceding section without the consent of the data subject, shall he subject to
imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred
thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).
(b) Any personal information controller or personal information processor or any of its officials, employees
or agents, who discloses to a third party sensitive personal information not covered by the immediately
preceding section without the consent of the data subject, shall be subject to imprisonment ranging from
three (3) years to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00)
but not more than Two million pesos (Php2,000,000.00).
• Combination or Series of Acts. – Any combination or series of acts as defined in
Sections 25 to 32 shall make the person subject to imprisonment ranging from
three (3) years to six (6) years and a fine of not less than One million pesos
(Php1,000,000.00) but not more than Five million pesos (Php5,000,000.00)
• Extent of Liability. – If the offender is a corporation, partnership or any juridical
person, the penalty shall be imposed upon the responsible officers, as the case may
be, who participated in, or by their gross negligence, allowed the commission of
the crime. If the offender is a juridical person, the court may suspend or revoke any
of its rights under this Act. If the offender is an alien, he or she shall, in addition to
the penalties herein prescribed, be deported without further proceedings after
serving the penalties prescribed. If the offender is a public official or employee and
lie or she is found guilty of acts penalized under Sections 27 and 28 of this Act, he
or she shall, in addition to the penalties prescribed herein, suffer perpetual or
temporary absolute disqualification from office
• Large-Scale. – The maximum penalty in the scale of penalties
respectively provided for the preceding offenses shall be imposed
when the personal information of at least one hundred (100) persons
is harmed, affected or involved as the result of the above mentioned
actions.
• Offense Committed by Public Officer. – When the offender or the
person responsible for the offense is a public officer as defined in the
Administrative Code of the Philippines in the exercise of his or her
duties, an accessory penalty consisting in the disqualification to
occupy public office for a term double the term of criminal penalty
imposed shall he applied.
• Restitution. – Restitution for any aggrieved party shall be governed
by the provisions of the New Civil Code.
 RA 4200
• With advancements in mobile technology, the average person can
now record a documentary, or even an explosive exposé, merely
using one’s mobile phone, with crystal clear picture and sound, that
may even impress professionals. However, you must always be
careful with who and what you record with your phone. Chances
are, if you recorded a conversation with a person, and that
conversation was intended to be between you and that Instructional
Module on Introduction to Cyber Crime and Environmental Laws
44 person only (or between the two persons to the conversation
only), and without his or her (or both parties’) express consent, you
may be liable for wiretapping. In the Philippines, wiretapping is a
crime punished under Republic Act No. 4200, also known as “The
Anti-Wiretapping Act”.
The following are base on Supreme Court
decisions according to the laws of this Act
in the case of Salcedo-Ortanez vs. Court of Appeals (G.R. No.
110662, 04 August 1994), held that unless there is a clear showing that
both parties to the conversation allowed its recording, the recording is
illegal and may subject the person who made the recording to the
penalties provided under Republic Act No. 4200.Where the
conversation was recorded using a mobile phone, whether the
recording is video or only audio, the best evidence that both parties to
the conversation allowed its recording should be found in the recorded
conversation itself. This is the import of the decision of the Supreme
Court in the case of Salcedo-Ortanez, where the party who is
recording or is presenting the recording, must establish a “clear
showing” that both parties to the conversation allowed its recording.
• in the case of Ramirez vs. Court of Appeals (G.R. No. 93833, 28 September
1995), it also does not matter who made the unconsented video or audio
recording. The law makes no distinction as to whether the party sought to be
penalized by the statute ought to be a party other than or different from those
involved in the private communication. The intent of Republic Act NO. 4200
is to penalize all persons unauthorized to make such recording. The use of the
qualifier “any” in the law establishes that. Consequently, “even a (person)
privy to a communication who records his private conversation with another
without the knowledge of the latter (will) qualify as a violator” under R.A.
4200.It also does not matter where the recording was done. Whether the
conversation was made in the confines of a private space such as a house or
private room, or in a public place, such as a park or restaurant, the audio or
video recording of a conversation, done without the consent of both parties, is
still illegal and punished under the Anti-Wiretapping Law.
• in the cases of Mamba vs. Garcia (G.R. No. 93833, 28
September 1995), and Office of the Court Administrator vs.
Floro (G.R. No. RTJ-99-1460, 31 March 2006), ruled that the
recorded conversation between a judge and other persons, done
in the judge’s chambers, is illegal, without the consent of all the
parties. Note should be made that the Supreme Court classified
the judge’s chambers as a public place.Finally, it is settled in
Philippine law and jurisprudence that due to the inherent
illegality of a video or audio recording, done without the consent
of both parties to the conversation, the recorded conversation
cannot be used in any proceeding, used by either party against
the other, nor can be the basis of any case, claim or right.