DISINI VS.

SECRETARY OF JUSTICE
G.R. No. 203335
February 11, 2014

FACTS:

These consolidated petitions seek to declare several provisions of Republic Act (R.A.) 10175, the
Cybercrime Prevention Act of 2012, unconstitutional and void. These provisions are:
a. Section 4(a)(1) on Illegal Access;
b. Section 4(a)(3) on Data Interference;
c. Section 4(a)(6) on Cyber-squatting;
d. Section 4(b)(3) on Identity Theft;
e. Section 4(c)(1) on Cybersex;
f. Section 4(c)(2) on Child Pornography;
g. Section 4(c)(3) on Unsolicited Commercial Communications;
h. Section 4(c)(4) on Libel;
i. Section 5 on Aiding or Abetting and Attempt in the Commission of Cybercrimes;
j. Section 6 on the Penalty of One Degree Higher;
k. Section 7 on the Prosecution under both the Revised Penal Code (RPC) and R.A. 10175;
l. Section 8 on Penalties;
m. Section 12 on Real-Time Collection of Traffic Data;
n. Section 13 on Preservation of Computer Data;
o. Section 14 on Disclosure of Computer Data;
p. Section 15 on Search, Seizure and Examination of Computer Data;
q. Section 17 on Destruction of Computer Data;
r. Section 19 on Restricting or Blocking Access to Computer Data;
s. Section 20 on Obstruction of Justice;
t. Section 24 on Cybercrime Investigation and Coordinating Center (CICC); and
u. Section 26(a) on CICC’s Powers and Functions.

Some petitioners also raise the constitutionality of related Articles 353, 354, 361, and 362 of the
RPC on the crime of libel.

ISSUE:

Whether or not the said provisions are unconstitutional

RULING:

I. Section 4(a)(1) on Illegal Access – CONSTITUTIONAL

Section 4(a)(1) provides:

Section 4. Cybercrime Offenses. – The following acts constitute the offense of cybercrime
punishable under this Act:

(a) Offenses against the confidentiality, integrity and availability of computer data and
systems:

(1) Illegal Access. – The access to the whole or any part of a computer system without right.
 The strict scrutiny standard, an American constitutional construct, is useful in determining the
constitutionality of laws that tend to target a class of things or persons. According to this standard, a
legislative classification that impermissibly interferes with the exercise of fundamental right or
operates to the peculiar class disadvantage of a suspect class is presumed unconstitutional. The
Court finds nothing in Section 4(a)(1) that calls for the application of the strict scrutiny standard since
no fundamental freedom, like speech, is involved in punishing what is essentially a condemnable act
– accessing the computer system of another without right. It is a universally condemnable act.

II. Section 4(a)(3) on Data Interference – CONSTITUTIONAL

Section 4(a)(3) provides:

Section 4. Cybercrime Offenses. – The following acts constitute the offense of cybercrime
punishable under this Act:

(a) Offenses against the confidentiality, integrity and availability of computer data and
systems:

xxxx

(3) Data Interference. – The intentional or reckless alteration, damaging, deletion or

deterioration of computer data, electronic document, or electronic data message, without
right, including the introduction or transmission of viruses.

Under the overbreadth doctrine, a proper governmental purpose, constitutionally subject to

state regulation, may not be achieved by means that unnecessarily sweep its subject broadly,
thereby invading the area of protected freedoms.7 But Section 4(a)(3) does not encroach on these
freedoms at all. It simply punishes what essentially is a form of vandalism,8 the act of willfully
destroying without right the things that belong to others, in this case their computer data, electronic
document, or electronic data message. Such act has no connection to guaranteed freedoms. There
is no freedom to destroy other people’s computer systems and private documents.

III. Section 4(a)(6) on Cyber-squatting; - CONSTITUTIONAL

Section 4(a)(6) provides:

Section 4. Cybercrime Offenses. – The following acts constitute the offense of cybercrime
punishable under this Act:

(a) Offenses against the confidentiality, integrity and availability of computer data and
systems:

xxxx

(6) Cyber-squatting. – The acquisition of domain name over the internet in bad faith to profit,
mislead, destroy the reputation, and deprive others from registering the same, if such a
domain name is:

(i) Similar, identical, or confusingly similar to an existing trademark registered with

the appropriate government agency at the time of the domain name registration;
 (ii) Identical or in any way similar with the name of a person other than the registrant,
in case of a personal name; and

(iii) Acquired without right or with intellectual property interests in it.

But there is no real difference whether he uses "Julio Gandolfo" which happens to be his real
name or use it as a pseudo-name for it is the evil purpose for which he uses the name that the law
condemns. The law is reasonable in penalizing him for acquiring the domain name in bad faith to
profit, mislead, destroy reputation, or deprive others who are not ill-motivated of the rightful
opportunity of registering the same. The challenge to the constitutionality of Section 4(a)(6) on
ground of denial of equal protection is baseless.

IV. Section 4(b)(3) on Identity Theft- CONSTITUTIONAL

Section 4(b)(3) provides:

Section 4. Cybercrime Offenses. – The following acts constitute the offense of cybercrime
punishable under this Act:

xxxx

b) Computer-related Offenses:

xxxx

(3) Computer-related Identity Theft. – The intentional acquisition, use, misuse, transfer,
possession, alteration, or deletion of identifying information belonging to another, whether
natural or juridical, without right: Provided: that if no damage has yet been caused, the
penalty imposable shall be one (1) degree lower.

Petitioners fail to show how government effort to curb computer-related identity theft violates
the right to privacy and correspondence as well as the right to due process. There is no fundamental
right to acquire another’s personal right.

V. Section 4(c)(1) on Cybersex – CONSTITUTIONAL

Section 4(c)(1) provides:

Sec. 4. Cybercrime Offenses.– The following acts constitute the offense of cybercrime
punishable under this Act:

xxxx

(c) Content-related Offenses:

(1) Cybersex.– The willful engagement, maintenance, control, or operation, directly or

indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of a
computer system, for favor or consideration.
 The subject of Section 4(c)(1)—lascivious exhibition of sexual organs or sexual activity—is
not novel. Article 201 of the RPC punishes "obscene publications and exhibitions and indecent
shows." The Anti-Trafficking in Persons Act of 2003 penalizes those who "maintain or hire a person
to engage in prostitution or pornography."26 The law defines prostitution as any act, transaction,
scheme, or design involving the use of a person by another, for sexual intercourse or lascivious
conduct in exchange for money, profit, or any other consideration.27

In any event, consenting adults are protected by the wealth of jurisprudence delineating the
bounds of obscenity.30The Court will not declare Section 4(c)(1) unconstitutional where it stands a
construction that makes it apply only to persons engaged in the business of maintaining, controlling,
or operating, directly or indirectly, the lascivious exhibition of sexual organs or sexual activity with the
aid of a computer system as Congress has intended.

VI. Section 4(c)(2) on Child Pornography – CONSTITUTIONAL

Section 4(c)(2) provides:

Sec. 4. Cybercrime Offenses. – The following acts constitute the offense of cybercrime
punishable under this Act:

xxxx

(c) Content-related Offenses:

xxxx

(2) Child Pornography. — The unlawful or prohibited acts defined and punishable by
Republic Act No. 9775 or the Anti-Child Pornography Act of 2009, committed through a
computer system: Provided, That the penalty to be imposed shall be (1) one degree higher
than that provided for in Republic Act No. 9775.

For now the Court must hold that the constitutionality of Section 4(c)(2) is not successfully
challenged. It seems that the above merely expands the scope of the Anti-Child Pornography Act of
200931 (ACPA) to cover identical activities in cyberspace. In theory, nothing prevents the government
from invoking the ACPA when prosecuting persons who commit child pornography using a computer
system. Actually, ACPA’s definition of child pornography already embraces the use of "electronic,
mechanical, digital, optical, magnetic or any other means." Notably, no one has questioned this
ACPA provision.

Of course, the law makes the penalty higher by one degree when the crime is committed in
cyberspace. But no one can complain since the intensity or duration of penalty is a legislative
prerogative and there is rational basis for such higher penalty.32 The potential for uncontrolled
proliferation of a particular piece of child pornography when uploaded in the cyberspace is
incalculable.

VII. Section 4(c)(3) on Unsolicited Commercial Communications - CONSTITUTIONAL

Section 4(c)(3) provides:

Sec. 4. Cybercrime Offenses. – The following acts constitute the offense of cybercrime
punishable under this Act:
 xxxx

(c) Content-related Offenses:

xxxx

(3) Unsolicited Commercial Communications. – The transmission of commercial electronic

communication with the use of computer system which seeks to advertise, sell, or offer for
sale products and services are prohibited unless:

(i) There is prior affirmative consent from the recipient; or

(ii) The primary intent of the communication is for service and/or administrative
announcements from the sender to its existing users, subscribers or customers; or

(iii) The following conditions are present:

(aa) The commercial electronic communication contains a simple, valid, and

reliable way for the recipient to reject receipt of further commercial electronic
messages (opt-out) from the same source;

(bb) The commercial electronic communication does not purposely disguise

the source of the electronic message; and

(cc) The commercial electronic communication does not purposely include

misleading information in any part of the message in order to induce the
recipients to read the message.

The constitutionality of Section 4(c)(3) is not successfully challenged. The law makes the
penalty higher by one degree when the crime is committed in cyberspace. But no one can complain
since the intensity or duration of penalty is a legislative prerogative and there is a rational basis for
such higher penalty.

VIII. Section 4(c)(4) on Libel – UNCONSTITIONAL

Section 4(c)(4) reads:

Sec. 4. Cybercrime Offenses. — The following acts constitute the offense of cybercrime
punishable under this Act:

xxxx

(c) Content-related Offenses:

xxxx

(4) Libel. — The unlawful or prohibited acts of libel as defined in Article 355 of the Revised
Penal Code, as amended, committed through a computer system or any other similar means
which may be devised in the future.
 To prohibit the transmission of unsolicited ads would deny a person the right to read his
emails, even unsolicited commercial ads addressed to him. Commercial speech is a separate
category of speech which us not accorded the same level of protection as that given to other
constitutionally guaranteed forms of expression but is nonetheless entitled to protection. The State
cannot rob him of this right without violating the constitutionally guaranteed freedom of expression.
Thus, unsolicited advertisements are legitimate forms of expression.

IX. Section 5 on Aiding or Abetting and Attempt in the Commission of Cybercrimes -

UNCONSTITUTIONAL

Sec. 5. Other Offenses. — The following acts shall also constitute an offense:

(a) Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully
abets or aids in the commission of any of the offenses enumerated in this Act shall
be held liable.

(b) Attempt in the Commission of Cybercrime. — Any person who willfully attempts to
commit any of the offenses enumerated in this Act shall be held liable.

Section 5 with respect to Section 4(c)(4) is unconstitutional. Its vagueness raises

apprehension on the part of internet users because of its obvious chilling effect on the freedom of
expression, especially since the crime of aiding or abetting ensnares all the actors in the cyberspace
front in a fuzzy way. What is more, as the petitioners point out, formal crimes such as libel are not
punishable unless consummated.71 In the absence of legislation tracing the interaction of netizens
and their level of responsibility such as in other countries, Section 5, in relation to Section 4(c)(4) on
Libel, Section 4(c)(3) on Unsolicited Commercial Communications, and Section 4(c)(2) on Child
Pornography, cannot stand scrutiny.

But the crime of aiding or abetting the commission of cybercrimes under Section 5 should be
permitted to apply to Section 4(a)(1) on Illegal Access, Section 4(a)(2) on Illegal Interception,
Section 4(a)(3) on Data Interference, Section 4(a)(4) on System Interference, Section 4(a)(5) on
Misuse of Devices, Section 4(a)(6) on Cyber-squatting, Section 4(b)(1) on Computer-related
Forgery, Section 4(b)(2) on Computer-related Fraud, Section 4(b)(3) on Computer-related Identity
Theft, and Section 4(c)(1) on Cybersex. None of these offenses borders on the exercise of the
freedom of expression.

X. Section 6 on the Penalty of One Degree Higher - CONSTITUTIONAL

Section 6 merely makes commission of existing crimes through the internet a qualifying
circumstance. As the Solicitor General points out, there exists a substantial distinction between
crimes committed through the use of information and communications technology and similar crimes
committed using other means. In using the technology in question, the offender often evades
identification and is able to reach far more victims or cause greater harm. The distinction, therefore,
creates a basis for higher penalties for cybercrimes.

XI. Section 7 on the Prosecution under both the Revised Penal Code (RPC) and R.A. 10175 -
CONSTITUTIONAL

Section 7 provides:
 Sec. 7. Liability under Other Laws. — A prosecution under this Act shall be without prejudice
to any liability for violation of any provision of the Revised Penal Code, as amended, or
special laws.

Section 7 merely expresses the settled doctrine that a single set of acts may be prosecuted
and penalized simultaneously under two laws, a special law and the Revised Penal Code. When two
different laws define two crimes, prior jeopardy as to one does not bar prosecution of the other
although both offenses arise from the same fact, if each crime involves some important act which is
not an essential element of the other.With the exception of the crimes of online libel and online child
pornography, the Court would rather leave the determination of the correct application of Section 7
to actual cases.

XII. Section 8 on Penalties - CONSTITUTIONAL

Section 8 provides:

Sec. 8. Penalties. — Any person found guilty of any of the punishable acts enumerated in
Sections 4(a) and 4(b) of this Act shall be punished with imprisonment of prision mayor or a
fine of at least Two hundred thousand pesos (Ph₱200,000.00) up to a maximum amount
commensurate to the damage incurred or both.

Any person found guilty of the punishable act under Section 4(a)(5) shall be punished with
imprisonment of prision mayor or a fine of not more than Five hundred thousand pesos
(Ph₱500,000.00) or both.

The courts should not encroach on this prerogative of the lawmaking body. The matter of
fixing penalties for the commission of crimes is as a rule a legislative prerogative. Here the
legislature prescribed a measure of severe penalties for what it regards as deleterious cybercrimes.
They appear proportionate to the evil sought to be punished. The power to determine penalties for
offenses is not diluted or improperly wielded simply because at some prior time the act or omission
was but an element of another offense or might just have been connected with another crime.
Judges and magistrates can only interpret and apply them and have no authority to modify or revise
their range as determined by the legislative department.

XIII. Section 12 on Real-Time Collection of Traffic Data – UNCONSTITUTIONAL

Section 12 provides:

Sec. 12. Real-Time Collection of Traffic Data. — Law enforcement authorities, with due
cause, shall be authorized to collect or record by technical or electronic means traffic data in
real-time associated with specified communications transmitted by means of a computer
system.

Traffic data refer only to the communication’s origin, destination, route, time, date, size,
duration, or type of underlying service, but not content, nor identities.

All other data to be collected or seized or disclosed will require a court warrant.

Service providers are required to cooperate and assist law enforcement authorities in the
collection or recording of the above-stated information.
 The court warrant required under this section shall only be issued or granted upon written
application and the examination under oath or affirmation of the applicant and the witnesses
he may produce and the showing: (1) that there are reasonable grounds to believe that any
of the crimes enumerated hereinabove has been committed, or is being committed, or is
about to be committed; (2) that there are reasonable grounds to believe that evidence that
will be obtained is essential to the conviction of any person for, or to the solution of, or to the
prevention of, any such crimes; and (3) that there are no other means readily available for
obtaining such evidence.

The authority that Section 12 gives law enforcement agencies is too sweeping and lacks
restraint. While it says that traffic data collection should not disclose identities or content data, such
restraint is but an illusion. Admittedly, nothing can prevent law enforcement agencies holding these
data in their hands from looking into the identity of their sender or receiver and what the data
contains. This will unnecessarily expose the citizenry to leaked information or, worse, to extortion
from certain bad elements in these agencies.

Section 12, of course, limits the collection of traffic data to those "associated with specified
communications." But this supposed limitation is no limitation at all since, evidently, it is the law
enforcement agencies that would specify the target communications. The power is virtually limitless,
enabling law enforcement authorities to engage in "fishing expedition," choosing whatever specified
communication they want. This evidently threatens the right of individuals to privacy.

XIV. Section 13 on Preservation of Computer Data –CONSTITUTIONAL

Section 13 provides:

Sec. 13. Preservation of Computer Data. — The integrity of traffic data and subscriber
information relating to communication services provided by a service provider shall be
preserved for a minimum period of six (6) months from the date of the transaction. Content
data shall be similarly preserved for six (6) months from the date of receipt of the order from
law enforcement authorities requiring its preservation.

Law enforcement authorities may order a one-time extension for another six (6) months:
Provided, That once computer data preserved, transmitted or stored by a service provider is
used as evidence in a case, the mere furnishing to such service provider of the transmittal
document to the Office of the Prosecutor shall be deemed a notification to preserve the
computer data until the termination of the case.

The service provider ordered to preserve computer data shall keep confidential the order and
its compliance.

There was no undue deprivation of property since the data that service providers preserve
on orders of law enforcement authorities are not made accessible to users by reasons of the
issuance of such orders.

XV. Section 14 on Disclosure of Computer Data – CONSTITUTIONAL

Section 14 provides:

Sec. 14. Disclosure of Computer Data. — Law enforcement authorities, upon securing a
court warrant, shall issue an order requiring any person or service provider to disclose or
 submit subscriber’s information, traffic data or relevant data in his/its possession or control
within seventy-two (72) hours from receipt of the order in relation to a valid complaint
officially docketed and assigned for investigation and the disclosure is necessary and
relevant for the purpose of investigation.

What Section 14 envisions is merely the enforcement of a duly issued court warrant, a
function usually lodged in the hands of law enforcers to enable them to carry out their executive
functions. The prescribed procedure for disclosure would not constitute an unlawful search or
seizure nor would it violate the privacy of communications and correspondence. Disclosure can be
made only after judicial intervention.

XVI. Section 15 on Search, Seizure and Examination of Computer Data – CONSTITUTIONAL

Section 15 provides:

Sec. 15. Search, Seizure and Examination of Computer Data. — Where a search and
seizure warrant is properly issued, the law enforcement authorities shall likewise have the
following powers and duties.

Within the time period specified in the warrant, to conduct interception, as defined in this Act,
and:

(a) To secure a computer system or a computer data storage medium;

(b) To make and retain a copy of those computer data secured;

(c) To maintain the integrity of the relevant stored computer data;

(d) To conduct forensic analysis or examination of the computer data storage

medium; and

(e) To render inaccessible or remove those computer data in the accessed computer
or computer and communications network.

On its face, Section 15 merely enumerates the duties of law enforcement authorities that
would ensure the proper collection, preservation, and use of computer system or data that have
been seized by virtue of a court warrant. The exercise of these duties do not pose any threat on the
rights of the person from whom they were taken. Section 15 does not appear to supersede existing
search and seizure rules but merely supplements them.

XVII. Section 17 on Destruction of Computer Data – CONSTITUTIONAL

Section 17 provides:

Sec. 17. Destruction of Computer Data. — Upon expiration of the periods as provided in
Sections 13 and 15, service providers and law enforcement authorities, as the case may be,
shall immediately and completely destroy the computer data subject of a preservation and
examination
XVIII. Section 19 on Restricting or Blocking Access to Computer Data – UNCONSTITUTIONAL

Section 19 empowers the Department of Justice to restrict or block access to computer data:

Sec. 19. Restricting or Blocking Access to Computer Data.— When a computer data is prima
facie found to be in violation of the provisions of this Act, the DOJ shall issue an order to
restrict or block access to such computer data.

Not only does Section 19 preclude any judicial intervention, but it also disregards
jurisprudential guidelines established to determine the validity of restrictions on speech. Restraints
on free speech are generally evaluated on one of or a combination of three tests: the dangerous
tendency doctrine, the balancing of interest test, and the clear and present danger rule. Section 19,
however, merely requires that the data to be blocked be found prima facie in violation of any
provision of the cybercrime law. Taking Section 6 into consideration, this can actually be made to
apply in relation to any penal provision. It does not take into consideration any of the three tests
mentioned above.

The Court is therefore compelled to strike down Section 19 for being violative of the
constitutional guarantees to freedom of expression and against unreasonable searches and
seizures.

XIX. Section 20 on Obstruction of Justice – CONSTITUTIONAL

Section 20 provides:

Sec. 20. Noncompliance. — Failure to comply with the provisions of Chapter IV hereof
specifically the orders from law enforcement authorities shall be punished as a violation of
Presidential Decree No. 1829 with imprisonment of prision correctional in its maximum
period or a fine of One hundred thousand pesos (Php100,000.00) or both, for each and
every noncompliance with an order issued by law enforcement authorities.

Section 20 is valid insofar as it applies to the provisions of Chapter IV which are not struck
down by the Court.

XX. Section 24 on Cybercrime Investigation and Coordinating Center (CICC) and Section 26(a) on
CICC’s Powers and Functions – both CONSTITUTIONAL

Sections 24 and 26(a) provide:

Sec. 24. Cybercrime Investigation and Coordinating Center.– There is hereby created, within
thirty (30) days from the effectivity of this Act, an inter-agency body to be known as the
Cybercrime Investigation and Coordinating Center (CICC), under the administrative
supervision of the Office of the President, for policy coordination among concerned agencies
and for the formulation and enforcement of the national cybersecurity plan.

Sec. 26. Powers and Functions.– The CICC shall have the following powers and functions:

(a) To formulate a national cybersecurity plan and extend immediate assistance of real time
commission of cybercrime offenses through a computer emergency response team (CERT);
x x x.