Antonio A.

Castillo
JD-4A
Information Technology Law
Dr. Arthur Velasquez

G.R. No. 203335               February 11, 2014

DISINI VS SEC OF JUSTICE CASE ABAD, J.:

Facts:

These consolidated petitions seek to declare several provisions of Republic Act (R.A.) 10175, the
Cybercrime Prevention Act of 2012, unconstitutional and void.

The cybercrime law aims to regulate access to and use of the cyberspace. Using his laptop or computer,
a person can connect to the internet, a system that links him to other computers and enable him,
among other things, to:

1. Access virtual libraries and encyclopedias for all kinds of information that he needs for
research, study, amusement, upliftment, or pure curiosity;

2. Post billboard-like notices or messages, including pictures and videos, for the general public
or for special audiences like associates, classmates, or friends and read postings from them;

3. Advertise and promote goods or services and make purchases and payments;

4. Inquire and do business with institutional entities like government agencies, banks, stock
exchanges, trade houses, credit card companies, public utilities, hospitals, and schools; and

5. Communicate in writing or by voice with any person through his e-mail address or telephone.

Issues:

WON the following provisions of the cybercrime law are unconstitutional

a. Section 4(a)(1) on Illegal Access;

b. Section 4(a)(3) on Data Interference;
c. Section 4(a)(6) on Cyber-squatting;
d. Section 4(b)(3) on Identity Theft;
e. Section 4(c)(1) on Cybersex;
f. Section 4(c)(2) on Child Pornography;
g. Section 4(c)(3) on Unsolicited Commercial Communications;
h. Section 4(c)(4) on Libel;
i. Section 5 on Aiding or Abetting and Attempt in the Commission of Cybercrimes;
j. Section 6 on the Penalty of One Degree Higher;
k. Section 7 on the Prosecution under both the Revised Penal Code (RPC) and R.A. 10175;
l. Section 8 on Penalties;
m. Section 12 on Real-Time Collection of Traffic Data;
n. Section 13 on Preservation of Computer Data;
o. Section 14 on Disclosure of Computer Data;
p. Section 15 on Search, Seizure and Examination of Computer Data;
q. Section 17 on Destruction of Computer Data;
r. Section 19 on Restricting or Blocking Access to Computer Data;
s. Section 20 on Obstruction of Justice;
t. Section 24 on Cybercrime Investigation and Coordinating Center (CICC); and
u. Section 26(a) on CICC’s Powers and Functions.

Ruling:

The Supreme Court declared the following provisions of R.A. 10175 void for being unconstitutional:

A. Section 4(c)(3) Unsolicited commercial communication, as per declaration of the Court U.C. Ads
are prohibit unless:
a.1 There is prior affirmative consent from the recipient
a.2 The primary intent of the communication is for service and /or administrative
announcements from the sender to its existing users, subscribers or customers.
a.3 The following conditions are present:
aa. The commercial electronic communication contains a simple valid and reliable way
for the recipient to reject of further offers.
bb. The e-ad does not purposely disguise source of the e-message.
cc. The e-ad does not purposely include misleading information in any part of the
message in order to induce the recipient to read the message.

According to the SolGen unsolicited commercial communication or spams are a nuisance that wastes the
storage and network capacities of internet service providers (ISP), reduces the efficiency of commerce
and technology, and interferes with the owner’s peaceful enjoyment of his property.

The court stated that the government presents no basis for holding U.E.A. reduce the efficiency of
computers, and people even before the arrival of computer have been receiving unsolicited ads by mail,
“junk mails.”

B. Section 12 that authorizes the collection or recording of traffic data in real-time;

Traffic data only refers to the communication’s origin, destination route, time date, size,
duration, or type of underlying service, but not content, nor identities.
 Petitioners assailed the grant to law enforcement agencies of the power to collect or record
traffic data in real time as tending to curtail civil liberties or provide opportunities for official
abuse.

Petitioners of course point out that the provisions of section 12 are too broad and do not
provide ample safeguards against crossing legal boundaries and invading the people’s right to
privacy.

The Court is aware of the fact traffic bits of random data when gathered in bulk, pooled together and
analyzed, they reveal patterns of activities which can then be used to create profiles. Section 12
empowers law enforcement “with due cause,” to collect or record by technical or electronic mean traffic
data in real time. Petitioners point out that the phrase “due cause” has no precedent in law or
jurisprudence and whether is due cause or not, it is left to the discretion of the police. According to the
Court, while it says that traffic data collection should not disclose identities or content data such
restraint remains to be an illusion.

C. Section 19 of the same Act that authorizes the DOJ to restrict or block access to suspected
computer data.

Petitioners claim section 19 stifles freedom of expression and violates the right against
unreasonable search and seizures, the SolGen concedes that this provision may be
unconstitutional. However the law enjoys a presumption of regularity. According to the Court
the content of a computer data can also constitute speech, in such a case section 19 operates as
a restriction on the freedom of expression. The Court stated in order to evaluate the validity of
restriction of speech, it may use one (1) or a combination of three (3) test:

A. Dangerous tendency doctrine: If the words uttered create a dangerous tendency which the
state has a right to prevent, then such words ae punishable.
B. Balancing interest test: in a situation it should appear that there is an urgent necessity for
protecting the national security against improvident exercise of freedom of expression, the
right must yield. But if there is none, the right must prevail.
C. Clear and present danger test: US Supreme Court, it is a working principle that the
substantive evil must be extremely serious and the degree of imminence extremely high
before the utterance can be punished.

Section 19 does take into consideration any of the test mentioned, therefore the Court is
compelled to strike down section 19 for being violation of the constitutional guarantee to
freedom of expression and against unreasonable search and seizures.
Section 4(a)(1) Data interference.
Petitioners contends that section 4(a)(1) Illegal Access fails to meet the strict scrutiny standard required
of law that interfere with the fundamental rights of the people and should be struck down.
• Strict scrutiny standard, a process in determining the constitutionality of laws that tends
to target a class of things or people.
• According to the standard, a legislative classification that impermissibly interferes with
the exercise of fundamental right or operates to the peculiar class disadvantage to a
suspected class is presumed unconstitutional.

Petitioners fear that this section will jeopardize the work of ethical hackers, and also allege that
legislature has unduly delegated its legislative power when it allowed CICC to formulate its security
plans. The Court stated in order to determine whether there is undue delegation of legislative power,
the court has adopted two tests:
• Completeness test – the law must be complete in all its terms and conditions when it leaves the
legislature such that when it reaches the delegate, the only thing left to do is to enforce it.
• Sufficient standard test – the test mandates adequate guidelines or limitations in the law to
determine the boundaries of the delegate’s authority and prevent the delegation from running
riot.

The Court finds nothing in Section 4(a)(1) that calls for the application of the strict scrutiny standard,
since no fundamental freedom, like freedom of speech is involved in punishing what is considered
condemnable act. With regards to the Ethical Hackers they are covered by a prior agreement, so there is
no illegal access in the activity.

Section 4(a)(3) Data interference, including transmission of data.

Petitioners claim that the provision suffer from overbreadth, when the law is unnecessary
sweep its subject broadly, thereby invading the area of protected right. The section does not
encroach on these freedoms at all.

Section 4(a)(6) Cyber-squatting

• Petitioners claim that the provision violates equal protection clause in that, not being
narrowly tailored, it will cause a user using his real name to suffer the same fate as those
who use aliases or take the name of another in satire, parody or any other literary device.
• According to the Court it is not the use of name or pseudo name that is punished by the law,
it is the evil purpose that which he uses the name that the law condemns.
 • The law is reasonable for penalizing violators for acquiring the domain name in bad faith to
profit, mislead, and destroy reputation.
• The claim of petitioners that the provision is unconstitutional on the grounds of denial of
equal protection is baseless

Section 4(b)(3) Identity theft

• Petitioner claim that the provision violate the constitutional rights to due process and to
privacy and correspondence, and transgresses the freedom of the press. Relevant to any
discussion of the right to privacy is the concept known as the “zone of privacy.”
• Zone of privacy, these are recognized and protected in our laws. Within these zones, any
form of intrusion is impermissible unless excused by law and in accordance with
customary legal process. Two constitutional guarantees create theses zone of privacy:
a. Right against unreasonable search and seizure.
b. The right to privacy of communication and correspondence.

• The Court said the law punishes those who acquire of use such identifying information
without right, implicitly to cause damage.

• Petitioners simply fail to show how government effort to curb-computer-related identity theft
violates the right to privacy and correspondences as well as the right to due process.

Section 4(c)(1) Cybersex

• Petitioners claims that the provision violates freedom of expression.

• Private communication of sexual character between spouses, or consenting adult would
now be considered as a crime when done with favor.
• The law as written would invite law enforcers into the bedrooms of married couples.

• The court pointed out during the deliberations of the bicameral committee of Congress,
the understanding of those who drew up the cybercrime law, the element of engaged in a
business is necessary to constitute the illegal cybersex.

Section 4(c)(2) Child pornography

• Petitioners points out that a person that doodle on paper and imagine a sexual abuse of a 16
year old is not criminally liable for producing child pornography but one who formulates the
idea on his laptop would be.
• The Court’s perception on the provision at hand merely expands the scope of R.A. 9775
wherein the given definition already include the use of computers in child pornography.
• The Court will uphold the constitutionality of the provision
Section 6 imposition of penalties

• The section merely makes the commission of exiting crimes through the internet a qualifying
circumstance. In using technology the offender evades identification, and is able to reach far
more victims or cause greater harm. Therefore, creates a basis for higher penalties.

Section 8 prescribe penalties

• The matter of fixing penalties for the commission of a crime is as a rule a legislative
prerogative. The power to determine penalties for the offense is not diluted or improperly
wielded simply because at some prior time the act or omission was an element of another
offense or might just have been connected with another crime.

Section 13 Preservation of Computer Data

• The imposition of e data retention constitute undue deprivation of the right to property. The
data preservation order can be liken as a form of garnishment.
• The court agreed with the Sol-Gen that the preservation order of law enforcement are not
made inaccessible to users, the preservation of the data will not unduly hamper the normal
transmission or use of the same.

Section 14 Disclosure of Computer Data

Petitioners objection is that the issuance of subpoenas is a juridical function, but it is well settled
that the power to issue subpoena is not exclusively a judicial function. Executive agencies have the
power to issue subpoena as an adjunct to their function.

Section 15 Search, seizure and examination of computer data

Accordingly to the provisions of section 15, merely enumerates the duties of law enforcement
authorities that would ensure the proper collection, preservation, and the use of computer system or
data seized by virtue of court warrant.

Section 17 Destruction of Computer Data

Petitioners claim that such destruction of computer data subject to previous preservation or
examination violates the users right against deprivation of property without due process of law. As
already stated if the user would like to preserve the data indefinitely he should have save the data in his
computer.

Section 20 Non compliance

 Petitioner allege that section 20 is a bill of attainder. The argument is that the mere failure to
comply constitutes a legislative finding of guilt, without regards to situation where non-compliance
would be reasonable or valid. In section 20 the act of non-compliance must be done knowingly or
willfully, and the must be a judicial determination of guilt. Section 20 is valid insofar as applied.

Section 24 and 26:

Section 24 Cybercrime Investigation and Coordinating Center and section 26 the powers and function.

Petitioners contends that congress invalidly delegated its power when it gave the CICC the power
to formulate a national cybersecurity plan without sufficient standards or parameters for it to follow. In
order to determine whether there is undue delegation of legislative power, the court has adopted two
test: the completeness test and the sufficiency standard test.

Section 24 and 26,

Section 24, Cybercrime Investigation and coordination center

Section 26, Power and function.

Cybersecurity, refers to the collection of tools, policies, risk management approaches, actions, training,
best practices, assurance and technologies that can be used to protect cyber environment and
organization and user’s assets