“You may be sly but you cannot outsmart the law.”
With the proliferation of the commission of cybercrimes, the Supreme Court found the need to promulgate rules of procedure for the application, issuance, and implementation of court warrants which are technically-suited for cybercrime offenses under the Cybercrime Prevention Act of 2012. The Supreme Court issued A.M. No. 17-11-03-SC, dated July 3, 2018, otherwise known as the “Rule on Cybercrime Warrants”.
The Rule lays down the procedure for the application and granting of warrants and other related orders involving the preservation, disclosure, interception, search, seizure, and/or examination, as well as the custody, and destruction of computer data (Section 1.2). This Rule supplements the existing Rules of Criminal Procedure (Section 1.3).
Computer data is any representation of facts, information, or concepts in a form suitable for processing in a computer system, including programs that cause a computer system to perform a function, and includes electronic documents and/or electronic data messages, whether stored in local computer systems or online (Section 1.4[c]).
Interception is listening to, recording, monitoring, or surveillance of the content of communications, including the procurement of the data contained, either directly, through the access and use of a computer system; or indirectly, through the use of electronic eavesdropping or tapping devices, at the same time that the communication is occurring (Section 1.4[k].
The criminal actions arising from offenses under Republic Act 10175 such as illegal access, illegal interception, misuse of devices, cyber-squatting, computer-related forgery or fraud, cybersex, child pornography, and cyber-libel, among others, shall be filed before the designated cybercrime court of the province or city where the offense or any of its elements was committed (section 2.1).
It may also be filed where any part of the computer system used is situated, or where any of the damage caused to a natural or juridical person took place, as long as the court where the criminal action is first filed shall acquire jurisdiction, with the exclusion of other courts (Section 2.1).
In the same manner, an application for a cyber warrant shall be filed before the cybercrime courts of the province or the city where the offense or any of its elements has been committed, is being committed, or is about to be committed, or where any part of the computer system used is situated, or where any of the damage caused to a natural or juridical person took place (Section 2.2).
However, the cybercrime courts in Quezon City, the City of Manila, Makati City, Pasig City, Cebu City, Iloilo City, Davao City and Cagayan De Oro City shall have the special authority to act on applications and issue cybercrime warrants which shall be enforceable nationwide and outside the Philippines (Section 2.2).
Once a criminal action is instituted, a motion to quash and other incidents that relate to the warrant shall be heard and resolved by the court that subsequently acquired jurisdiction over the criminal action. The prosecution has the duty to move for the transmittal of records, as well as the transfer of the items’ custody to the court where the case is assigned (Section 2.3).
For persons or service providers situated outside of the Philippines, the service of cyber warrants and/or other court processes shall be coursed through the Department of Justice, Office of Cybercrime, in line with all relevant international instruments and/or agreements on the matter (Section 2.8).
There are essentially four types of cybercrime warrants: (a) Warrant to Disclose Computer Data (WDCD); (b) Warrant to Intercept Computer Data (WICD); (c) Warrant to Search, Seize, and Examine Computer Data (WSSECD); and (d) Warrant to Examine Computer Data (WECD). The last type may be applied for after acquiring possession of a computer device or system through a warrantless arrest or other lawful methods (Section 6.9).
A WDCD is an order in writing issued in the name of the People of the Philippines and signed by a judge, authorizing law enforcement authorities to issue an order to disclose and accordingly, require any person or service provider to disclose or submit a subscriber’s information, traffic data, or relevant data in their possession or control (Section 4.2).
A WICD is an order issued by a judge authorizing law enforcement officers to carry out any or all of the following activities, to: (a) listen; (b) record; (c) monitor; or (d) surveil the content of communications, including the procurement of the computer data. The computer data may be obtained through access and use of a computer system or through the use of electronic eavesdropping or tapping devices (Section 5.2).
A WSSECD is an order issued by a judge, authorizing law enforcement officers to search the particular place for items to be seized and/or examined (section 6.1). A WECD must be applied for by law enforcement officers before searching a computer device or system in their possession for forensic examination of the computer data contained therein (Section 6.9).
Before issuing any of these warrants, the judge must personally examine, in the form of searching questions and answers, in writing and under oath, the applicant and the witnesses he may produce, on facts personally known to them, and attach to the record their sworn statements together with the judicial affidavits submitted (Section 2.4). These are the same requirements for the issuance of search warrants under Rule 126 of the Rules on Criminal Procedure.
The cybercrime warrants shall only be effective for a period of time determined by the court, which shall not exceed ten days from its issuance. The court issuing the warrant may, upon motion, extend its effectivity based only on justifiable reasons for a period not exceeding ten days from the expiration of the original period (Section 2.5). This is unlike a search warrant which has a non-extendible period of ten days only.
The failure to timely file the returns (or reports) for any of the cybercrime warrants or to turn-over to the court’s custody any of the items disclosed, intercepted, searched, seized, and/or examined shall subject the responsible law enforcement authorities to an action for contempt, which procedures shall be governed by Rule 71 of the Rules of Civil Procedure (Section 2.6). Full version at www.manilastandard.net
Furthermore, failure to comply with Section 20, Chapter IV of RA 10175, or in other words, failure to comply with the provisions of Chapter IV on Enforcement and Implementation, specifically orders from law enforcement authorities, shall be punished as a violation of Presidential Decree No. 1829, entitled “Penalizing Obstruction of Apprehension and Prosecution of Criminal Offenders” (Section 2.7).
The integrity of traffic data and subscriber’s information shall be kept, retained, and preserved by a service provider for a minimum period of six (6) months from the date of the transaction. The data shall be preserved for six (6) months from the date of receipt of the order from law enforcement authorities requiring its procurement (Section 3.1; Section 13, Chapter IV of RA 10175).
The service provider ordered to preserve computer data shall keep the order and compliance therewith confidential (Section 3.1). Traffic data refers to computer data other than the content of the communication, which includes, but is not limited to, the communication’s origin, destination, route, time, date, size, duration, or type of underlying service (Section 1.4[s]).
Law enforcement authorities shall, if the circumstances so allow, endeavor to first make a forensic image of the computer data on-site as well as limit their search to the place specified in the warrant. Otherwise, an off-site search may be conducted, provided that a forensic image is nevertheless made, and that the reasons for the said search are stated in the initial return (report) (Section 6.4).
Off-site search refers to the process whereby law enforcement authorities, by virtue of a WSSECD, are allowed to bring the computer device/s and/or parts of the computer system outside the place being searched in order to conduct the forensic examination of the computer data subject of the warrant (Section 1.4[n]).
On the other hand, on-site search refers to the process whereby law enforcement authorities, by virtue of a WSSECD, obtain the computer data subject thereof for forensic examination, without needing to bring the related computer device/s and/or parts of the computer system outside the place being searched (Section 1.4[o]).
A person whose computer devices or computer system have been searched and seized off-site may, upon motion, seek the return of the said items from the court issuing the WSSECD as long as a forensic image of the computer data subject of the WSSECD has already been made (Section 6.4).
Upon the filing of the return (report) for the items subject of a WDCD or WICD, or the final return of items subject of a WSSECD or WECD, all computer data subject thereof shall be simultaneously deposited in a sealed package with the same court that issued the warrant. It shall be accompanied by a complete and verified inventory of all the other items seized in relation thereto, and by the affidavit of the duly authorized law enforcement officer (Section 7.1).
Cybercrime offenders may be technology savvy but they have to be aware that there are investigative and technical techniques that can track them down. Like fingerprints, computer data leaves digital imprints on computers and computer devices. You may be sly; but you cannot outsmart the law.