On 12 September 2012, President Benigno Aquino signed into law the Cybercrime Prevention Act of 2012 (Republic Act No. 10175; full text; legal wiki entry; summary of cybercrimes). We have been interested in this law since it was filed as a bill (see Senate Bill 52). The bill, now the law, certainly has good intentions, but it also has certain provisions that are potentially open to abuse.
There are those who argue that we need a cybercrime law because offenses committed through the internet are not yet covered by existing laws. Take libel, for instance. We’ve argued, however, that existing laws fully cover the crime of libel (refer to our discussions on Internet Libel for Bloggers and Online Writers; Liability for Bloggers arising from Blog Comments; Decriminalizing Libel in the Philippines; SC Issues Guidelines for the Imposition of Libel Penalties).
In our discussions on Identity Theft and Cybercrimes (Protecting your Social Networking Account), our premise is that existing laws apply to crimes committed online. The only difference is the mode of commission — by means of electronic device and using the cyber highway.
If the Cybercrime Prevention Act is meant to protect society, why would we think that this law is prone to abuse? And why is this prejudicial to Philippine-based Internet Service Providers (ISPs)?
R.A. 10175 allows, without any need of a warrant, a real-time collection of traffic data by law enforcement agencies. It also authorizes the Department of Justice (DOJ), by mere prima facie evidence, to block or restrict access to computer data.The relevant provision reads:
Sec. 12. Real-Time Collection of Traffic Data. – Law enforcement authorities, with due cause, shall be authorized to collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system.
Traffic data refer only to the communication’s origin, destination, route, time, date, size, duration, or type of underlying service, but not content, nor identities.
Service providers are required to cooperate and assist law enforcement authorities in the collection or recording of the above-stated information.
Sec. 19. Restricting or Blocking Access to Computer Data. — When a computer data is prima facie found to be in violation of the provisions of this Act, the DOJ shall issue an order to restrict or block access to such computer data.
Section 12 is clear. There is no need to secure a warrant from the court to gain access to traffic data. That means law enforcement, by mere notice/order to the ISP, can require such ISP to divulge and preserve data relating to a communication’s origin, destination, route, time, date, size, duration, or type of underlying service.
Here’s the kicker — the ISP is legally obligated, under pain of fines and IMPRISONMENT, to keep the order confidential. Section 13 provides that the service provider “shall keep confidential the order and its compliance.” This means that the owner/user of the computer data would NOT be notified that he/she is under surveillance for a period of at least one (1) year.
On top of that, the DOJ is also authorized to censor or restrict access to computer data that it deems violative of the cybercrime law. It’s now easy to shut down your blog. There’s no need for a court order, or a chance to be heard, before access to your computer data is restricted. WikiLeaks probably stands no chance here in the Philippines.
Now, if you’re dealing with sensitive data, not necessarily illegal in nature, and would not want any problem with harassment, the logical thing to do is to engage an ISP that is located abroad. Your content is still accessible through the internet, but your ISP is beyond the reach of local law enforcement authorities. That’s bad business news for local ISPs.
The purpose for these powers is to provide law enforcement agencies with effective powers to combat cybercrimes. Still, the potential for abuse of the extensive powers under the cybercrime law is very real. Feel free to argue/express your thoughts in the comment section below.