By Vince Alvic A. F. Nonato, Reporter

New rules for cybercrime law iron out overlaps, official says

Posted on August 13, 2015

THE GOVERNMENT has finally signed the implementing rules and regulations (IRR) of the controversial Cybercrime Prevention Act of 2012, three years after its enactment.

The 29-page IRR was signed during a Wednesday launching ceremony, by Department of Justice (DoJ) Secretary Leila M. de Lima, Department of Science and Technology Secretary Mario G. Montejo, and Department of the Interior and Local Government (DILG) Undersecretary for Operations Edwin R. Enrile (on behalf of Secretary Manuel “Mar” A. Roxas II).

Ms. de Lima said in her remarks that the IRR will launch a “proactive approach” in solving cybercrime cases and “lay out an effective implementation strategy anchored on a regime of electronic evidence.”

Mr. Enrile, meanwhile, said the IRR irons out overlaps in government functions in implementing the anti-cybercrime law.

The IRR was issued after 17 months of consultations with various stakeholders in order to balance public safety concerns with the individual rights to speech and privacy, he added.

Rule 6, Section 26 of the IRR designates a Cybercrime Investigation and Coordinating Center, an interagency body under the supervision of the Office of the President that would formulate a national cybersecurity plan, recommend policies, and facilitate international cooperation.

Meanwhile, Rule 3, Section 9 of the IRR tasks the DoJ-attached National Bureau of Investigation (NBI) and DILG-attached Philippine National Police (PNP) as the law enforcement authorities investigating cybercrimes and conducting data recovery and forensic analysis of electronic evidence.

Ms. de Lima told reporters on the sidelines of the ceremony that the anti-cybercrime functions of PNP and NBI will be managed and monitored through “some sort of umbrella unit” by the DoJ Office of Cybercrime (OOC).

For his part, OOC head Assistant Secretary Geronimo L. Sy said addressing administrative overlaps would help ensure speedier action on cybercrime cases.

“It’s important to [solve] cybercrimes quickly. What may be evidence today is gone in a while, unlike guns or bolos in which case there will be blood,” Mr. Sy said. “Law enforcement should be quick as a team effort.”

However, Ms. de Lima acknowledged in her remarks that law enforcers will face the challenge of catching up to cyber-criminals, who, in the absence of pertinent laws, have had a three-decade headstart “giving them time to hone their malicious craft.”

Mr. Sy, for his part, told reporters that the government would have to prioritize more serious crimes over other acts prohibited under the law.

“We are calling on the people that in reporting crimes, these should be the ones that can really affect [people]. Not just lovers’ quarrels, family feuds, because resources are very limited,” he said.

Mr. Sy said law enforcers would tend to focus on cases of Internet fraud, online sexual abuse and cybersex-related crimes, and attacks on network security (such as hacking and phishing).

Prioritization would be exercised in offenses such as copyright infringement, where focus would fall more on the infringement of drugs and commodities, before media and luxury items.

As for libel, Ms. de Lima said on the sidelines of the signing ceremony that it was not highlighted in the crafting of the IRR.

“Whether or not it is online, libel is a sticky issue that only becomes more controversial when highlighted,” she said, although adding that complaints can still be filed by those aggrieved by online libelous expressions.

Mr. Sy reiterated that the DoJ’s stance was that cyber-libel should not have been provided for under the law in the first place. “But since it’s there, we’ll have to move forward with it,” he said.

He added that “what was already law with regard to libel, we just transposed it to the IRR.”

Section 5 (3) of the IRR defines cyber-libel as the commission of libelous acts under the Revised Penal Code, but through a computer system or similar means. It applies only to the “original author of the post or online libel,” and not those who “simply receive the post or react to it.”

The cybercrime law garnered controversy due to the allegedly vague libel provisions inserted by Senator Vicente “Tito” C. Sotto III. It also attracted criticism due to supposed privacy violations when the law previously provided for warrantless data collection, later struck down by the Supreme Court.

The IRR also set guidelines on the collection of computer data to combat cybercrime. Rule 3 of the IRR said law enforcers will be authorized to collect or record data upon the issuance of a court warrant.

Rule 7 of the IRR, meanwhile, detailed the duties of a service provider -- an entity providing users with communication services or processing computer data for such utilities.

A service provider is tasked with preserving traffic data, subscriber information, and content data for at least six months upon the order of law enforcers.

They are ordered to ensure confidentiality of data preservation orders and destroy data after the examination period has expired.

The DoJ’s 2014-15 Cybercrime Report said an estimated 33.6 million Filipinos use the Internet as of June 2012, citing PNP data.

In 2014, the PNP recorded 614 cybercrime incidents: 22% scam-related, 16% involving libel, 11% on voyeurism, 10% involving online harassment, 9% involving identity theft, 8% involving violations of the Electronic Commerce Act of 2000, and 7% involving “sextortion.”

The rest of the crimes involved child abuse, violence against women, illegal gambling and credit card fraud.

Only 288 incidents were recorded the previous year. Mr. Sy said that with the IRR paving the way for the law’s full implementation, he expects the trend in cybercrime increase to be geometric, jumping by a couple hundred percent.

“We will see more reporting over the years. With laws in place, it will only increase more because of clearer rules,” Mr. Sy said. “What’s important is that the more serious cybercrimes be prevented and caught.”

Formulation of the IRR began February 2014, shortly after the Supreme Court upheld the law’s constitutionality with finality (although striking down certain clauses on warrantless data gathering).

Next up for cybercrime law enforcement would be the drafting of an Investigation Manual for such cases, said Mr. Sy.