UNIVERSITY OF NEGROS OCCIDENTAL-RECOLETOS

SCHOOL OF LAW
unorlawschl@gmail.com

PRIMER ON CYBERCRIME WARRANTS1

By

Dean J.P. VILLASOR2

On 03 July 2018, the Supreme Court promulgated the new Rule on Cybercrime

Warrants (A.M. No. 17-11-03-SC). The new set of rules was issued after the
passage of the Cybercrime Prevention Act of 2012 (Republic Act No. 10175). It
provides for special procedures to implement various specific remedies under the
said law. The new rule became effective on 15 August 2018.

The Rule provides for general rules on the venue of criminal actions for
cybercrime offenses and for applications for warrants. It also provides specific
rules for: (1) preservation of computer data; (2) disclosure of computer data; (3)
interception of computer data; (4) search, seizure, and examination of computer
data; (5) custody of computer data; and, (6) destruction of computer data, all in
connection with the enforcement of the Cybercrime Prevention Act of 2012.

The new rules do not replace or supersede the existing Rules on Criminal
Procedure. It provides that the new rules only “supplements the existing Rules of
Criminal Procedure, which provisions shall continue to govern the preliminary
investigation and all stages of prosecution of criminal actions involving
violations” of the Cybercrime Prevention Act of 2012. Considering that the
current Rules on Criminal Procedure were issued in 2000, the Rule on
Cybercrime Warrants takes advantage of procedural innovations since then, such
as the designation of cybercrime courts (that have the special authority to act on
applications and issue cybercrime warrants) and the use of judicial affidavits in
supporting applications for cybercrime warrants.

Given that cybercrimes may have perpetrators located in and have an impact in
various jurisdictions, the Rule on Cybercrime Warrants also provides for its
extraterritorial enforcement. Warrants that will be served outside the Philippines
shall be coursed through the Department of Justice – Office of Cybercrime, in
line with relevant international instruments and/or agreements on the matter.

The Rule on Cybercrime Warrants also includes forms for four (4) types of

warrants: (a) warrants to disclose computer data; (b) warrants to intercept

1
Compiled from http://cruzmarcelo.com/2018/09/06/supreme-court-issues-rule-on-cybercrime-warrants/ and
https://www.bakermckenzie.com/en/insight/publications/2018/08/new-rules-on-issuance-of-cybercrime-
warrants. Based on A.M. No. 17-11-03-SC.
2
Dean and Professor of Law, University of Negros Occidental-Recoletos School of Law; BSBA (University of
the Philippines, Diliman, Quezon City); LLB (University of the Philippines, Diliman, Quezon City); MSc
(London School of Economics, London, England); Certificate, 25th National Security Law Institute (Center for
National Security Law, University of Virginia Law School, Charlottesville, Virginia); Certificate, Inaugural
ASEAN Law Academy (Centre for International Law, National University of Singapore); Member, Philippine
Bar, and Registered Foreign Lawyer, Singapore International Commercial Court; Member, London School of
Economics Lawyers’ Alumni Group; Member, American Society of International Law, Asian Society of
International Law and the Philippine Society of International Law; Member, IBP International Law and
International Affairs Committee; Trustee for the Visayas, Board of Trustees, Philippine Association of Law
Schools.
computer data; (d) warrants to search, seize, and examine computer data; and
warrants to examine computer data.

(1) Warrant to Disclose Computer Data (WDCD)

A WDCD requires any person or service provider to disclose subscriber's
information, traffic data, or relevant data in his/her or its possession or control
within 72 hours from receipt of the order. A request for WDCD may only be filed
if there is a complaint officially docketed and assigned for investigation and the
disclosure is necessary and relevant for the investigation. Among others, the
request for WDCD must state the relevance and necessity of the data sought and
describe particularly the information sought to be disclosed.

(2) Warrant to Intercept Computer Data (WICD)

A WICD authorizes the law enforcement authorities to listen to, record, monitor,
or conduct surveillance of the content of communications, including the use of
electronic eavesdropping or tapping devices. The request for a WICD must also
state the relevance and necessity of the data sought and describe particularly the
information sought to be disclosed. Also, the request must state the likely offense
involved.

(3) Warrant to Search, Seize, and Examine Computer Data (WSSECD)

A WSSECD is similar to a search warrant, except the subject matter of a WSSECD

is computer data. The request for a WSSECD must also state the relevance and
necessity of the data sought and describe particularly the information sought to
be seized and examined. Also, the request must state the likely offense involved.
In addition, the request must contain an explanation of the search and seizure
strategy to be implemented.

Upon the conduct of the seizure, law enforcement must file a return stating the
(a) devices that were subject of the WSSECD and (b) the hash value of the
computer data and/or the seized computer device or computer system containing
such data.

(4) Warrant to Examine Computer Data (WECD)

A WECD is a warrant issued when a computer device or system is previously

seized by another lawful method, such as a warrantless arrest. Before searching
any device seized, law enforcement must apply for a WECD. The request for a
WECD must also state the relevance and necessity of the data sought and
describe particularly the information sought to be disclosed. Also, the request
must state the likely offense involved.

Upon the conduct of the seizure, law enforcement must file a return stating the
(a) devices that were subject of the WECD and (b) the hash value of the computer
data and/or the seized computer device or computer system containing such
data.

The four warrants in the new Rule on Cybercrime Warrants are only obtained by
law enforcement agencies (the PNP or the NBI) from Regional Trial Courts
specially designated to handle cybercrime cases. Thus, private complainants will
need to coordinate with such agencies if such warrants are to be obtained. 

Notably, Regional Trial Courts in Quezon City, Manila City, Makati City, Pasig
City, Cebu City, Iloilo City, Davao City, and Cagayan de Oro City are empowered
to issue warrants that are enforceable throughout the Philippines.

2
With the clarification issued by the DOJ, clients have more leeway in deciding
whether to involve law enforcement agencies in an investigation preparatory to
the filing of a cybercrime complaint against an individual. 

Also, clients who are encountering legal difficulties in proceeding with a

cybercrime complaint, or who may have a complaint dismissed for failure to
involve the NBI or PNP, may make use of the DOJ Advisory Opinion.

Clients involved in cybercrime litigation may avail of the remedies afforded by the
4 new warrants, in coordination with law enforcement agencies. 

Meanwhile, considering that these warrants can be directed at “service providers”

– broadly defined as an entity that provides users the ability to communicate
using a computer system or that processes or stores computer data on behalf of a
communication service or user -- clients providing internet services, those
providing platforms for communications and social media, and the like, should
be prepared to respond to such warrants.

The Department of Justice (DOJ) issued Advisory Opinion No. 1, s. 2018,

clarifying the roles of the National Bureau of Investigation (NBI) and the
Philippine National Police (PNP) in the prosecution of cybercrime cases.

Filing a complaint with the NBI or the PNP not a requirement for prosecuting a
cybercrime case.

In the Advisory Opinion, the DOJ clarified that cybercrime complaints can be
filed directly with the prosecutor's office, without need of prior investigation by
the NBI-Cybercrime Division or the PNP Anti-Cybercrime Group. 

The Advisory Opinion was issued in the wake of cybercrime cases being
dismissed by prosecutors, for failure of complainants to first initiate an
investigation by the NBI-Cybercrime Division or the PNP Anti-Cybercrime Group
– citing Section 10 of the Cybercrime Prevention Act of 2012 which provides that
“the NBI and the PNP shall organize a cybercrime unit or center manned by
special investigators to exclusively handle cases involving violations of this Act.” 

The DOJ clarified that the phrase “to exclusively handle cases involving violations
of this Act” in Section 10 of the Cybercrime Prevention Act of 2012 does not
confer on these agencies the sole authority to investigate cybercrime cases. It only
provides a limitation on the type of cases that may be handled by these agencies.
However, parties remain free to ask for these agencies' assistance, or obtain the
services of private forensic experts, if needed.