Cybercrime Prevention Act of 2012

The Cybercrime Prevention Act of 2012, officially recorded as Republic Act No. 10175, is a law in the Philippines that was approved on September 12, 2012. It aims to address legal issues concerning online interactions and the Internet in the Philippines. Among the cybercrime offenses included in the bill are cybersquatting, cybersex, child pornography, identity theft, illegal access to data and libel.

While hailed for penalizing illegal acts done via the Internet that were not covered by old laws, the act has been criticized for its provision on criminalizing libel, which is perceived to be a curtailment of the freedom of expression—"cyber authoritarianism". Its use against journalists like Maria Ressa, of Rappler, has drawn international condemnation.

On October 9, 2012, the Supreme Court of the Philippines issued a temporary restraining order, stopping implementation of the Act for 120 days, and extended it on 5 February 2013 "until further orders from the court."

On February 18, 2014, the Supreme Court upheld most of the sections of the law, including the controversial cyberlibel component.

History
The Cybercrime Prevention Act of 2012 is one of the first laws in the Philippines which specifically criminalizes computer crime, which prior to the passage of the law had no strong legal precedent in Philippine jurisprudence. While laws such as the Electronic Commerce Act of 2000 (Republic Act No. 8792 ) regulated certain computer-related activities, these laws did not provide a legal basis for criminalizing crimes committed on a computer in general: for example, Onel De Guzman, the computer programmer charged with purportedly writing the ILOVEYOU computer worm, was ultimately not prosecuted by Philippine authorities due to lack of legal basis to charge him under existing Philippine laws at the time of his arrest.

The first drafts of the Anti-Cybercrime and Data Privacy Acts started in 2001 under the Legal and Regulatory Committee of the former Information Technology and eCommerce Council ([ITECC) which is the forerunner of the Commission on Information and Communication Technology (CICT) and now the Department of Information and Communications Technology (DICT) It was headed by former Secretary Virgilio "Ver" Peña, with the Legal and Regulatory Committee chaired by Atty. Claro Parlade. The creation of the laws was an initiative of the Information Security and Privacy Sub-Committee chaired by Albert P. dela Cruz who was then president of the Philippine Computer Emergency Response Team (PHCERT), together with Anti-Computer Crime and Fraud Division (ACCFD) Chief, Elfren Meneses of the National Bureau of Investigation (NBI). The administrative and operational functions was provided by the Presidential Management Staff (PMS) acting as the CICT secretariat. The initial version] of the law was communicated to various other organizations and special interest groups during that time.

This was superseded by several cybercrime-related bills filed in the 14th and 15th Congress. The Cybercrime Prevention Act ultimately was the product of House Bill No. 5808, authored by Representative Susan Yap-Sulit of the second district of Tarlac and 36 other co-authors, and Senate Bill No. 2796, proposed by Senator Edgardo Angara. Both bills were passed by their respective chambers within one day of each other on June 5 and 4, 2012, respectively, shortly after the impeachment of Renato Corona, and the final version of the Act was signed into law by President Benigno Aquino III on September 12.

Provisions
The Act, divided into 31 sections split across eight chapters, criminalizes several types of offense, including illegal access (hacking), data interference, device misuse, cybersquatting, computer-related offenses such as computer fraud, content-related offenses such as cybersex and spam, and other offenses. The law also reaffirms existing laws against child pornography, an offense under Republic Act No. 9775 (the Anti-Child Pornography Act of 2009), and libel, an offense under Section 355 of the Revised Penal Code of the Philippines, also criminalizing them when committed using a computer system. Finally, the Act includes a "catch-all" clause, making all offenses currently punishable under the Revised Penal Code also punishable under the Act when committed using a computer, with more severe penalties than what was provided by the Revised Penal Code alone.

The Act has universal jurisdiction: its provisions apply to all Filipino nationals regardless of the place of commission. Jurisdiction also lies when a punishable act is either committed within the Philippines, whether the erring device is wholly or partly situated in the Philippines, or whether damage was done to any natural or juridical person who at the time of commission was within the Philippines. Regional Trial Courts shall have jurisdiction over cases involving violations of the Act.

A takedown clause is included in the Act, empowering the Department of Justice to restrict and/or demand the removal of content found to be contrary to the provisions of the Act, without the need for a court order. This provision, originally not included in earlier iterations of the Act as it was being deliberated through Congress, was inserted during Senate deliberations on May 31, 2012. Complementary to the takedown clause is a clause mandating the retention of data on computer servers for six months after the date of transaction, which may be extended for another six months should law enforcement authorities request it.

The Act also mandates the National Bureau of Investigation and the Philippine National Police to organize a cybercrime unit staffed by special investigators whose responsibility will be to exclusively handle cases pertaining to violations of the Act, under the supervision of the Department of Justice. The unit is empowered to, among others, collect real-time traffic data from Internet service providers with due cause, require the disclosure of computer data within 72 hours after receipt of a court warrant from a service provider, and conduct searches and seizures of computer data and equipment.

The enactment of Republic Act 10867 (The National Bureau of Investigation Reorganization and Modernization Act) empowers the NBI to have the primary jurisdiction in investigating violations of Republic Act 10175 (Cybercrime Prevention Act 2012).

Reaction
The new Act received mixed reactions from several sectors upon its enactment, particularly with how its provisions could potentially affect freedom of expression, freedom of speech and data security in the Philippines.

The local business process outsourcing industry has received the new law well, citing an increase in the confidence of investors due to measures for the protection of electronic devices and online data. Media organizations and legal institutions though have criticized the Act for extending the definition of libel as defined in the Revised Penal Code of the Philippines, which has been criticized by international organizations as being outdated: the United Nations for one has remarked that the current definition of libel as defined in the Revised Penal Code is inconsistent with the International Covenant on Civil and Political Rights, and therefore violates the respect of freedom of expression.

Senator Edgardo Angara, the main proponent of the Act, defended the law by saying that it is a legal framework to protect freedoms such as the freedom of expression. He asked the Act's critics to wait for the bill's implementing rules and regulations to see if the issues were addressed. He also added that the new law is unlike the controversial Stop Online Piracy Act and PROTECT IP Act. However, Senator TG Guingona criticized the bill, calling it a prior restraint to the freedom of speech and freedom of expression.

The Electronic Frontier Foundation has also expressed concern about the Act, supporting local media and journalist groups which are opposed to it. The Centre for Law and Democracy also published a detailed analysis criticizing the law from a freedom of expression perspective.

Malacañang has attempted to distance itself from the law; after the guilty verdict was rendered in the Maria Ressa cyberlibel case, presidential spokesman Harry Roque blamed President Duterte's predecessor, Noynoy Aquino, for any negative effects of the law.

Constitutionality
Several petitions were submitted to the Supreme Court questioning the constitutionality of the Act. On October 2, the Supreme Court initially deferred action on the petitions, citing an absence of justices which prevented the Court from sitting en banc. The initial lack of a temporary restraining order meant that the law went into effect as scheduled on October 3. In protest, Filipino netizens reacted by blacking out their Facebook profile pictures and trending the hashtag #NoToCybercrimeLaw on Twitter. "Anonymous" also defaced government websites, including those of the Bangko Sentral ng Pilipinas, the Metropolitan Waterworks and Sewerage System and the Intellectual Property Office.

On October 8, 2012, the Supreme Court decided to issue a temporary restraining order, pausing implementation of the law for 120 days. In early December 2012, the government requested the lifting of the TRO, which was denied. Over four hours of oral arguments by petitioners were heard on January 15, 2013, followed by a three-hour rebuttal by the Office of the Solicitor General, representing the government, on January 29, 2013. This was the first time in Philippine history that oral arguments were uploaded online by the Supreme Court.

Disini v. Secretary of Justice
On February 18, 2014, the Supreme Court ruled that most of the law was constitutional, although it struck down other provisions, including the ones that violated double jeopardy. Notably, likes and "retweets" of libelous content, originally themselves also criminalized as libel under the law, were found to be legal. Only justice Marvic Leonen dissented from the ruling, writing that he believes the whole idea of criminal libel to be unconstitutional.

While motions for reconsideration were immediately filed by numerous petitioners, including the Center for Media Freedom and Responsibility, they were all rejected on April 22, 2014. However, justice Arturo Brion, who originally wrote a separate concurring opinion, changed his vote to dissent after reconsidering whether it was just to impose higher penalties for cyberlibel than for regular libel.

Cyberlibel
On May 24, 2013, the DOJ announced they would seek to drop the online libel provisions of the law, as well as other provisions that "are punishable under other laws already", like child pornography and cybersquatting. The DOJ said it would endorse revising the law to the 16th Congress of the Philippines, but cyberlibel remains on the books as a crime in the Philippines, and has been charged by DOJ prosecutors multiple times since then. Senator Tito Sotto is primarily responsible for the cyberlibel provision, which he added after social media comments accusing him of plagiarism; he has defended his authorship of the last minute amendment, asking reporters if it was fair that "just because [bloggers] are now accountable under the law, they are angry with me?" While libel had been a crime in the Philippines since the American imperial period, before cyberlibel it had a penalty of minimum or medium prisión correccional (six months to four years and two months), but now has a penalty of prisión mayor (six to twelve years).

Duterte's administration has been accused of targeting journalists with the law, in particular Rappler. Journalists charged with cyberlibel since 2013 include Ramon Tulfo, RJ Nieto, and Maria Ressa. An online post does not even need to be public for cases to be filed by the DOJ. Roman Catholic clergy have also faced cyberlibel charges. Even foreigners have both accused others of and been accused of cyberlibel charges. As the act has universal jurisdiction, it is not required that an offender commit the offense in the Philippines; the DOJ brought up an OFW caregiver who lived in Taiwan on charges for allegedly "posting nasty and malevolent materials against President Duterte on Facebook".

Insults that would be seen in other countries as minor have led to DOJ prosecutors filing cyberlibel charges: such as "crazy"; "asshole"; "senile"; and "incompetent".

On March 2, 2020, the first guilty verdict in a cyberlibel case was returned against a local politician, Archie Yongco, of Aurora, Zamboanga del Sur. Yongco was found guilty of falsely accusing another local politician of murder-for-hire via a Facebook post, which he deleted minutes later, but of which archives were made; the court was unconvinced by his denial that he posted the message, and he was sentenced to eight years in jail and ordered to pay damages of 610000 PHP (US$12175).

A Magna Carta for Philippine Internet Freedom was crowdsourced by Filipino netizens with the intent of, among other things, repealing the Cybercrime Prevention Act of 2012; it failed to pass. Several organizations continue to fight for the decriminalization of all forms of libel in the Philippines, including the National Union of Journalists of the Philippines and Vera Files.

Cyberlibel vs. regular libel
The Supreme Court Second Division, in July 2023, ruled that "allegedly libelous" post in social networking sites may be punished only under the cybercrime law and not under regular libel (Article 355, Revised Penal Code). The case originated from a petition of an individual, convicted in a libel case in connection with a Facebook post made in 2011, who argued that such remarks should not be punishable with the case. Since the post was made a year prior to the passage of the law, the court decided that the accused cannot be charged of libel, emphasizing that without a law, no crime are to be punished.

People vs. Luisa Pineda
The Supreme Court of the Philippines in a judgment by Justice Mario Lopez in G.R. No. 262941 (People v. Luisa Pineda, February, 2024) affirmed the lower courts' rulings that found Luisa Pineda guilty of violating the Anti-Child Pornography Act of 2009 and the Cybercrime Prevention Act of 2012 qualified with the use of a computer system (violation of Sections 4(a), (b), and (c) of Republic Act No. (RA) 9775 or the Anti-Child Pornography Act of 2009, in relation to Section 4(c)(2) of RA 10175 or the Cybercrime Prevention Act of 2012). Pineda was thus sentenced to suffer the penalty of imprisonment of reclusion perpetua, a fine of PHP 2,000,000 and PHP 300,000 in civil damages.