JOSE JESUS DISINI, Jr. v.

THE SECRETARY OF JUSTICE

G.R. No. 203335
11 February 2014
J. Roberto Abad

FACTS:

The present case involves consolidated petitions that assail the constitutionality
of Republic Act 10175 (“RA 10175”) otherwise known as the Cybercrime Prevention Act
of 2012.

Petitioners challenge the constitutionality of the following provisions of the

cybercrime law that regard certain acts as crimes and impose penalties for their
commission as well as provisions that would enable the government to track down and
penalize violators. These provisions are:

1. Section 4(a)(1) on Illegal Access;

2. Section 4(a)(3) on Data Interference;
3. Section 4(a)(6) on Cyber-squatting;
4. Section 4(b)(3) on Identity Theft;
5. Section 4(c)(1) on Cybersex;
6. Section 4(c)(2) on Child Pornography;
7. Section 4(c)(3) on Unsolicited Commercial Communications;
8. Section 4(c)(4) on Libel;
9. Section 5 on Aiding or Abetting and Attempt in the Commission of Cybercrimes;
10. Section 6 on the Penalty of One Degree Higher;
11. Section 7 on the Prosecution under both the Revised Penal Code (RPC) and R.A.
10175;
12. Section 8 on Penalties;
13. Section 12 on Real-Time Collection of Traffic Data;
14. Section 13 on Preservation of Computer Data;
15. Section 14 on Disclosure of Computer Data;
16. Section 15 on Search, Seizure and Examination of Computer Data;
17. Section 17 on Destruction of Computer Data;
18. Section 19 on Restricting or Blocking Access to Computer Data;
19. Section 20 on Obstruction of Justice;
20. Section 24 on Cybercrime Investigation and Coordinating Center (CICC); and
21. Section 26(a) on CICC’s Powers and Functions.

Some petitioners also raise the constitutionality of related Articles 353, 354, 361, and
362 of the RPC on the crime of libel.

RULING OF THE COURT

SECTION 4(a)(1)

Section 4(a)(1) provides:

“Section 4. Cybercrime Offenses. – The following acts constitute the

offense of cybercrime punishable under this Act:

(a) Offenses against the confidentiality, integrity and availability of

computer data and systems:

(1) Illegal Access. – The access to the whole or any part of a

computer system without right.”

The petitioners argue that Section 4(a)(1) fails to meet the strict scrutiny standard
required by laws that interfere with the fundamental rights of the people.

The Court held Section 4(a)(1) to be constitutional finding no reason to apply the
strict scrutiny standard since the said section does not involve any fundamental
freedom. The Court held that the accessing the computer system of another without
right is a universally condemned conduct. The Court further stated that the fear of the
petitioner’s that the section will jeopardize the work of ethical hackers is unfounded
since he does his job with prior permission of the client thus insulating him from the
coverage of this section.

SECTION 4(a)(3)

Section 4(a)(3) provides:

“Section 4. Cybercrime Offenses. – The following acts constitute the

offense of cybercrime punishable under this Act:

(a) Offenses against the confidentiality, integrity and availability of

computer data and systems:

xxxx

(2) Data Interference. – The intentional or reckless

alteration, damaging, deletion or deterioration of
computer data, electronic document, or electronic data
message, without right, including the introduction or
transmission of viruses.”
 Petitioners claim that Section 4(a)(3) suffers from overbreadth in that, while it
seeks to discourage data interference, it intrudes into the area of protected speech and
expression, creating a chilling and deterrent effect on these freedoms.

The Court held that Section 4(a)(3) does not suffer from overbreadth as it does
not even encroach the freedoms of speech and expression. The Section merely punishes
what essentially is a form of vandalism, the act of willfully destroying without right the
things that belong to others, in this case their computer data, electronic document, or
electronic data message. Such act has no connection to guaranteed freedoms. There is
no freedom to destroy other people’s computer systems and private documents.

Neither is there a chilling or deterrent effect. There exists no chilling effect, since
the section clearly describes the evil that it seeks to punish and creates no tendency to
intimidate the free exercise of one’s rights. The Court also noted that all penal laws have
an inherent chilling effect or the fear of possible prosecution against those who would
violate the law.

SECTION 4(a)(6)

Section 4(a)(6) provides:

Section 4. Cybercrime Offenses. – The following acts constitute the

offense of cybercrime punishable under this Act:

(a) Offenses against the confidentiality, integrity and availability of

computer data and systems:

xxxx

(6) Cyber-squatting. – The acquisition of domain name over

the internet in bad faith to profit, mislead, destroy the
reputation, and deprive others from registering the same, if
such a domain name is:

(i) Similar, identical, or confusingly similar to an

existing trademark registered with the appropriate
government agency at the time of the domain name
registration;
(ii) Identical or in any way similar with the name of a
person other than the registrant, in case of a personal
name; and
(iii) Acquired without right or with intellectual
property interests in it.
 Petitioner claims that Section 4(a)(6) violates the equal protection clause, such
that it will cause a user using his real name to e to suffer the same fate as those who use
aliases or take the name of another in satire, parody, or any other literary device.

The Court held that the challenge raised by the Petitioners is baseless. The law is
reasonable in penalizing those who acquire the domain name in bad faith to profit,
mislead, destroy reputation, or deprive others who are not ill motivated of the rightful
opportunity of registering the same.

SECTION 4(b)(3)

Section 4(b)(3) provides:

Section 4. Cybercrime Offenses. – The following acts constitute the
offense of cybercrime punishable under this Act:
xxxx

b) Computer-related Offenses:

xxxx

(3) Computer-related Identity Theft. – The intentional

acquisition, use, misuse, transfer, possession, alteration,
or deletion of identifying information belonging to
another, whether natural or juridical, without right:
Provided: that if no damage has yet been caused, the
penalty imposable shall be one (1) degree lower.

Petitioners assail Section 4(b)(3) for violating the constitutional rights to due
process and to privacy and correspondence, and transgressing the freedom of the press.

The Court held Section 4(b)(3) to be constitutional. According to the Court, the
usual identifying information regarding a person includes his name, his citizenship, his
residence address, his contact number, his place and date of birth, the name of his
spouse if any, his occupation, and similar data. Section 4(b)(3) punishes those who
acquire or use such identifying information without right, implicitly to cause damage
and Petitioners failed to show how it violates the rights to privacy and correspondence
as well as due process of law.

The Court also found that the specific conducts proscribed by Section 4(b)(3) do
not intrude into guaranteed freedoms like speech and that it only regulates specific
actions such as the acquisition, use, misuse or deletion of personal identifying data of
another. There is no fundamental right to acquire another’s personal data.
 Neither does Section 4(b)(3) violate the freedom of the press. The theft of identity
information must be intended for an illegitimate purpose. Moreover, acquiring and
disseminating information made public by the user himself cannot be regarded as a
form of theft.

SECTION 4(c)(1)

Section 4(c)(1) provides:

“Sec. 4. Cybercrime Offenses.– The following acts constitute the

offense of cybercrime punishable under this Act:

xxxx

(c) Content-related Offenses:

(1) Cybersex.– The willful engagement, maintenance,

control, or operation, directly or indirectly, of any
lascivious exhibition of sexual organs or sexual activity,
with the aid of a computer system, for favor or
consideration.”

Petitioners assail the provision on Cybersex for violating the freedom of

expression. They fear that private communications of a sexual character between
husband and wife or consenting adults would be regarded a crime when done “for
favour” in cyberspace.

The Court upheld the validity of Section 4(c)(1). The Court found that the
deliberations of the Bicameral Conference Committee of Congress show that there is no
intention to penalize a private showing between two private persons. Rather, the
element of “engaging in a business” is necessary to constitute the illegal cybersex. The
Court will not declare Section 4(c)(1) unconstitutional where it stands a construction
that makes it apply only to persons engaged in the business of maintaining, controlling,
or operating, directly or indirectly, the lascivious exhibition of sexual organs or sexual
activity with the aid of a computer system as Congress has intended.

SECTION 4(c)(2)

Section 4(c)(2) provides:

Sec. 4. Cybercrime Offenses. – The following acts constitute the

offense of cybercrime punishable under this Act:

xxxx
 (c) Content-related Offenses:

xxxx

(2) Child Pornography. — The unlawful or prohibited acts

defined and punishable by Republic Act No. 9775 or the Anti-Child
Pornography Act of 2009, committed through a computer system:
Provided, That the penalty to be imposed shall be (1) one degree
higher than that provided for in Republic Act No. 9775.

The above provision merely expands the scope of the Anti-Child Pornography
Act of 2009 (ACPA) to cover identical activities in cyberspace. In theory, nothing
prevents the government from invoking the ACPA when prosecuting persons who
commit child pornography using a computer system.

SECTION 4(c)(3)

Section 4(c)(3) provides:

Sec. 4. Cybercrime Offenses. – The following acts constitute the

offense of cybercrime punishable under this Act:

xxxx

(c) Content-related Offenses:

xxxx

(3) Unsolicited Commercial Communications. – The

transmission of commercial electronic communication with the use
of computer system which seeks to advertise, sell, or offer for sale
products and services are prohibited unless:

(i) There is prior affirmative consent from the recipient; or

(ii) The primary intent of the communication is for service
and/or administrative announcements from the sender to its
existing users, subscribers or customers; or
(iii) The following conditions are present:

(aa) The commercial electronic communication

contains a simple, valid, and reliable way for the
recipient to reject receipt of further commercial
electronic messages (opt-out) from the same source;
 (bb) The commercial electronic communication does
not purposely disguise the source of the electronic
message; and
(cc) The commercial electronic communication does
not purposely include misleading information in any
part of the message in order to induce the recipients
to read the message.

Section 4(c)(3) punishes the transmission of unsolicited commercial

communications also known as “spam”. The Government defends the provision on
claims that such unsolicited commercial communications wastes the storage and
network capacities of internet service providers, reduces the efficiency of commerce and
technology, and interferes with the owner’s peaceful enjoyment of his property.
Transmitting spam amounts to trespass to one’s privacy since the person sending out
spams enters the recipient’s domain without prior permission. It is likewise argued that
commercial speech enjoys less protection in law.

The Court declared Section 4(c)(3) unconstitutional. The Court found that the
Government has shown no basis for claiming that unsolicited commercial ads reduce
the efficiency of computers. Moreover, people have been receiving such ads even before
the advent of computers and these have never been outlawed since people might have
interest in such ads. What is essential is that the recipient has the option of not opening
or reading these ads. The same is true with spam. The recipient has the option to delete
or not to read them.

The prohibition of unsolicited commercial ads would deny a person the right to
read his emails even those which are unsolicited. While commercial speech is a separate
category of speech that is not entitled to the same level of protection given to other
constitutionally guaranteed forms of expression it is nonetheless still entitled to
protection. Unsolicited advertisements are legitimate forms of expression.

SECTION 4(c)(4) in relation to Articles 353,354, and 355 of the Revised Penal Code

Section 4(c)(4) reads:

“Sec. 4. Cybercrime Offenses. — The following acts constitute the

offense of cybercrime punishable under this Act:
xxxx

(c) Content-related Offenses:

xxxx
 (4) Libel. — The unlawful or prohibited acts of libel as
defined in Article 355 of the Revised Penal Code, as
amended, committed through a computer system or any
other similar means which may be devised in the
future.”

Petitioners dispute the constitutionality of both the Revised Penal Code

provisions on libel and Section 4(c)(4) on cyberlibel. They claim that the libel
provision of the Cybercrime Law carries with it the requirement of “presumed
malice” and that this infringes on the freedom of expression. They likewise
contend that the laws on libel should be stricken down as the requirement of
“actual malice” established by jurisprudence can easily be set aside even when
the offended party is a public figure.

The Court upheld the constitutionality of Section 4(c)(4) and the Revised
Penal Code provisions on libel. libel is not a constitutionally protected speech
and that the government has an obligation to protect private individuals from
defamation. Indeed, cyberlibel is actually not a new crime since Article 353, in
relation to Article 355 of the penal code, already punishes it. In effect, Section 4(c)
(4) above merely affirms that online defamation constitutes “similar means” for
committing libel.

In addition, the Court reiterated that the requirement to show “actual

malice” remains available where the offended party is a public official or a public
figure. This puts in place a stricter standard of malice in order to convict the
author of a statement made against a public official or figure. On the other hand,
where the offended party is a private individual, the law presumes the existence
of malice from the defamatory character of the statement. The accused must
show that had a justifiable reason for the defamatory statement even if it was in
fact true.

Neither do the libel laws violate the country’s obligations under the
International Covenant on Civil and Political Rights. Nothing therein enjoins the
Philippines to decriminalize libel. The Covenant even states that although
everyone should enjoy freedom of expression, its exercise carries with it special
duties and responsibilities.

SECTION 5

Section 5 provides:

Sec. 5. Other Offenses. — The following acts shall also constitute an

offense:
 (a) Aiding or Abetting in the Commission of Cybercrime. –Any
person who willfully abets or aids in the commission of any of the
offenses enumerated in this Act shall be held liable.

(b) Attempt in the Commission of Cybercrime. — Any person who

willfully attempts to commit any of the offenses enumerated in this
Act shall be held liable.

Section 5 is assailed for suffering from overbreadth and creating a chilling

and deterrent effect on protected expression.

The Court found Section 5 to be unconstitutional in relation to Section 4(c)(4) on

Libel, Section4(c)(3) on Unsolicited Commercial Communications, and Section 4(c)(2) on
Child Pornography.

The Court held that, when it comes to certain cybercrimes, the idea of “aiding or
abetting” becomes muddier and somewhat blurred. In order to illustrate this, the Court
made use of social media sites Facebook and Twitter. The Court posed the query on
whether a person who “Likes”, “Shares” or “Comments” on a defamatory post on
Facebook, may be held liable under Section 5. Similarly, for Twitter, will a person who
replies to or “retweets” a defamatory tweet be liable under Section 5? The Court
characterized such actions as essentially knee-jerk sentiments of readers who may think
little or haphazardly of their response to the original posting.

The Court then went on to state that the concept of “aiding and abetting” when
applied to cyberlibel tends to create a chilling effect since the terms “aiding or abetting”
constitute a broad sweep that generates chilling effect on those who express themselves
through cyberspace posts, comments, and other messages. The particularly complex
web of interaction on social media websites would give law enforcers such latitude that
they could arbitrarily or selectively enforce the law. This same logic applies to Section 5
in relation to child pornography in Section 4(c)(2) and unsolicited commercial
communication under Section 4(c)(3).

The Court likewise noted that libel is a formal crime that is punished only when
consummated. Thus, Section 5(b) does not apply therein.

But the crime of aiding or abetting the commission of cybercrimes under Section
5 should be permitted to apply to Section 4(a)(1) on Illegal Access, Section 4(a)(2) on
Illegal Interception, Section 4(a)(3) on Data Interference, Section 4(a)(4) on System
Interference, Section 4(a)(5) on Misuse of Devices, Section 4(a)(6) on Cyber-squatting,
Section 4(b)(1) on Computer-related Forgery, Section 4(b)(2) on Computer-related
Fraud, Section 4(b)(3) on Computer-related Identity Theft, and Section 4(c)(1) on
Cybersex. None of these offenses borders on the exercise of the freedom of expression.
 Moreover, Section 5(b) applies to these offenses because to not do so will allow
those, who were to unsuccessfully commit these offences due to the vigilance of the
offended party, to evade punishment.

SECTION 6

Section 6 provides:

“Sec. 6. All crimes defined and penalized by the Revised Penal

Code, as amended, and special laws, if committed by, through and with
the use of information and communications technologies shall be covered
by the relevant provisions of this Act: Provided, That the penalty to be
imposed shall be one (1) degree higher than that provided for by the
Revised Penal Code, as amended, and special laws, as the case may be.”

Section 6 was held to be valid as it merely makes the commission of existing

crimes through the internet a qualifying circumstance and there is a substantial
distinction between crimes committed through the internet and those committed
through other means. The offender may evade identification and is able to reach more
victims or cause greater harm.

SECTION 7

Section 7 provides:

Sec. 7. Liability under Other Laws. — A prosecution under this Act shall be
without prejudice to any liability for violation of any provision of the Revised
Penal Code, as amended, or special laws.

With the exception of the crimes of online libel and online child pornography,
the Court would rather leave the determination of the correct application of Section 7 to
actual cases.

However, with respect to online libel, if the libellous material is published in

print and is again posted online or vice versa, that identical material cannot be the
subject of two separate libels. The two offenses involve essentially the same elements
and are in fact one and the same offense. The same is true with child pornography
committed online. Section 4(c)(2) merely expands the ACPA’s scope so as to include
identical activities in cyberspace. As previously discussed, ACPA’s definition of child
pornography in fact already covers the use of “electronic, mechanical, digital, optical,
magnetic or any other means.” Thus, charging the offender under both Section 4(c)(2)
and ACPA would likewise be tantamount to a violation of the constitutional prohibition
against double jeopardy.
SECTION 8

Section 8 provides for the penalties for the following crimes: Sections 4(a) on
Offenses Against the Confidentiality, Integrity and Availability of Computer Data and
Systems; 4(b) on Computer-related Offenses; 4(a)(5) on Misuse of Devices; when the
crime punishable under 4(a) is committed against critical infrastructure; 4(c)(1) on
Cybersex; 4(c)(2) on Child Pornography; 4(c)(3) on Unsolicited Commercial
Communications; and Section 5 on Aiding or Abetting, and Attempt in the Commission
of Cybercrime.

The fixing of penalties was held to be a legislative prerogative and those imposed
by Section 8 appear to be proportionate to the evil sought to be punished. The Courts
should not encroach upon the legislature’s prerogative in the determination of penalties
for crimes.

SECTION 12

Section 12 provides:

Sec. 12. Real-Time Collection of Traffic Data. — Law

enforcement authorities, with due cause, shall be authorized to
collect or record by technical or electronic means traffic data in real-
time associated with specified communications transmitted by
means of a computer system.

Traffic data refer only to the communication’s origin,

destination, route, time, date, size, duration, or type of underlying
service, but not content, nor identities.

All other data to be collected or seized or disclosed will

require a court warrant.

Service providers are required to cooperate and assist law

enforcement authorities in the collection or recording of the above-
stated information

The court warrant required under this section shall only be

issued or granted upon written application and the examination
under oath or affirmation of the applicant and the witnesses he
may produce and the showing: (1) that there are reasonable
grounds to believe that any of the crimes enumerated hereinabove
has been committed, or is being committed, or is about to be
committed; (2) that there are reasonable grounds to believe that
evidence that will be obtained is essential to the conviction of any
 person for, or to the solution of, or to the prevention of, any such
crimes; and (3) that there are no other means readily available for
obtaining such evidence.

Petitioners argue that the power given to law enforcement to collect and record
data traffic in real time violate the right to privacy.

Section 12 allows law enforcement to collect and record real time traffic data with
“due cause”. However, nothing in the law hints at the meaning of “due cause” and is
akin to the use of a general warrant which is Constitutionally prohibited.

The authority that Section 12 gives law enforcement agencies is too sweeping
and lacks restraint. While it says that traffic data collection should not disclose identities
or content data, such restraint is but an illusion. Admittedly, nothing can prevent law
enforcement agencies holding these data in their hands from looking into the identity of
their sender or receiver and what the data contains. This will unnecessarily expose the
citizenry to leaked information or, worse, to extortion from certain bad elements in
these agencies. The power is virtually limitless, enabling law enforcement authorities to
engage in “fishing expedition,”choosing whatever specified communication they want.
This evidently threatens the right of individuals to privacy. The grant of the power to
track cyberspace communications in real time and determine their sources and
destinations must be narrowly drawn to preclude abuses.

Neither may Section 12 be characterized as a valid warrantless search. Such

warrantless search involves a situation where the officer has probable cause to believe a
crime has been committed, there is no opportunity to get a warrant, and that unless the
search is carried out the thing to be searched stands to be removed. These preconditions
do not appear in Section 12.

SECTION 13

Section 13 provides:

“Sec. 13. Preservation of Computer Data. — The integrity of traffic

data and subscriber information relating to communication services
provided by a service provider shall be preserved for a minimum period
of six (6) months from the date of the transaction. Content data shall be
similarly preserved for six (6) months from the date of receipt of the order
from law enforcement authorities requiring its preservation.

Law enforcement authorities may order a one-time extension for

another six (6) months: Provided, That once computer data preserved,
transmitted or stored by a service provider is used as evidence in a case,
the mere furnishing to such service provider of the transmittal document
 to the Office of the Prosecutor shall be deemed a notification to preserve
the computer data until the termination of the case.

The service provider ordered to preserve computer data shall keep

confidential the order and its compliance.”

Petitioners claim that Section 13 constitutes an undue deprivation of property

akin to a form of garnishment of personal property in civil forfeiture proceedings.

The Court held Section 13 to be valid. The data that service providers preserve on
orders of law enforcement authorities are not made inaccessible to users by reason of
the issuance of such orders and the process of preserving data will not unduly hamper
the normal transmission or use of the same.

SECTION 14

Section 14 provides:

Sec. 14. Disclosure of Computer Data. — Law enforcement

authorities, upon securing a court warrant, shall issue an order requiring
any person or service provider to disclose or submit subscriber’s
information, traffic data or relevant data in his/its possession or control
within seventy-two (72) hours from receipt of the order in relation to a
valid complaint officially docketed and assigned for investigation and the
disclosure is necessary and relevant for the purpose of investigation.

The court held that Section 14 is valid. The power to issue subpoenas is also
available to executive agencies as an adjunct of their investigatory powers. Moreover,
Section 14 contemplates the enforcement of a duly issued court warrant. There is thus
no unlawful search nor seizure, nor a violation of the privacy of communications and
correspondence.

SECTION 15

Section 15 provides:

Sec. 15. Search, Seizure and Examination of Computer Data. — Where a

search and seizure warrant is properly issued, the law enforcement
authorities shall likewise have the following powers and duties.

Within the time period specified in the warrant, to conduct

interception, as defined in this Act, and:
(a) To secure a computer system or a computer data storage
medium;
 (b) To make and retain a copy of those computer data secured;
(c) To maintain the integrity of the relevant stored computer data;
(d) To conduct forensic analysis or examination of the computer
data storage medium; and
(e) To render inaccessible or remove those computer data in the
accessed computer or computer and communications network.

Pursuant thereof, the law enforcement authorities may order any

person who has knowledge about the functioning of the computer system
and the measures to protect and preserve the computer data therein to
provide, as is reasonable, the necessary information, to enable the
undertaking of the search, seizure and examination.

Law enforcement authorities may request for an extension of time

to complete the examination of the computer data storage medium and to
make a return thereon but in no case for a period longer than thirty (30)
days from date of approval by the court.

The Court held Section 15 to be valid. It only enumerates the duties of law
enforcement authorities which does not pose any threat to the rights of the person from
whom these were taken by virtue of a court warrant. It merely supplements existing
search and seizure rules.

SECTION 17

Section 17 provides:

Sec. 17. Destruction of Computer Data. — Upon expiration of the

periods as provided in Sections 13 and 15, service providers and law
enforcement authorities, as the case may be, shall immediately and
completely destroy the computer data subject of a preservation and
examination.

Section 17 is valid. It is unclear that the user has a demandable right to require
the service provider to have that copy of the data saved indefinitely for him in its
storage system. If he wanted them preserved, he should have saved them in his
computer when he generated the data or received it. He could also request the service
provider for a copy before it is deleted.

SECTION 19

Section 19 empowers the Department of Justice to restrict or block access to

computer data:
 Sec. 19. Restricting or Blocking Access to Computer Data.— When a
computer data is prima facie found to be in violation of the provisions of
this Act, the DOJ shall issue an order to restrict or block access to such
computer data.

Petitioners assail Section 19 for stifling the freedom of expression and violating
the right against unreasonable searches and seizures.

Section 19 violates the right against unreasonable searches and seizures and
freedom of expression.

Computer data produced or written by its authors is personal property and is

thus protected against unreasonable searches and seizures whether it be stored in the
owner’s personal computer or in the service provider’s systems. The DOJ’s order is not
a substitute for a judicial warrant.

The contents of computer data can also constitute as speech. Section 19

disregards jurisprudential guidelines established to determine validity of restrictions on
speech (i.e. dangerous tendency doctrine, balancing of interest test, clear and present
danger rule). Section 19, however, merely requires that the data to be blocked be found
prima facie in violation of any provision of the cybercrime law. Taking Section 6 into
consideration, this can actually be made to apply in relation to any penal provision.

SECTION 20

Section 20 provides:
Sec. 20. Noncompliance. — Failure to comply with the provisions of
Chapter IV hereof specifically the orders from law enforcement authorities
shall be punished as a violation of Presidential Decree No.1829 with
imprisonment of prision correctional in its maximum period or a fine of
One hundred thousand pesos (Php100,000.00) or both, for each and every
noncompliance with an order issued by law enforcement authorities.

Petitioners allege that Section 20 is a bill of attainder as it makes a mere failure to

comply constitutes a legislative finding of guilt.

Section 20 is valid. since the non-compliance would be punished as a violation of

Presidential Decree (P.D.) 1829, Section 20 necessarily incorporates elements of the
offense which are defined therein. If Congress had intended for Section 20 to constitute
an offense in and of itself, it would not have had to make reference to any other statue
or provision. There must still be a judicial determination of guilt, during which, as the
Solicitor General assumes, defense and justifications for non-compliance may be raised.

SECTION 24 and 26(a)

 Sections 24 and 26(a) provide:

“Sec. 24. Cybercrime Investigation and Coordinating Center.– There is

hereby created, within thirty (30) days from the effectivity of this Act, an
inter-agency body to be known as the Cybercrime Investigation and
Coordinating Center (CICC), under the administrative supervision of the
Office of the President, for policy coordination among concerned agencies
and for the formulation and enforcement of the national cybersecurity
plan.

Sec. 26. Powers and Functions.– The CICC shall have the following
powers and functions:

(a) To formulate a national cybersecurity plan and extend

immediate assistance of real time commission of
cybercrime offenses through a computer emergency
response team.”

Petitioner assail the above sections for being an invalid delegation of legislative
power.

Sections 24 and 26(a) are valid as they meet the completeness and sufficient
standards test for a valid delegation. The cybercrime law is complete in itself when it
directed the CICC to formulate and implement a national cybersecurity plan. Also,
contrary to the position of the petitioners, the law gave sufficient standards for the
CICC to follow when it provided a definition of cybersecurity.

Cybersecurity refers to the collection of tools, policies, risk management

approaches, actions, training, best practices, assurance and technologies that can be
used to protect cyber environment and organization and user’s assets. This definition
serves as the parameters within which CICC should work in formulating the
cybersecurity plan.