Disclaimer: This article involves analysis involving a law or statute from the author’s perspective. The author in no way whatsoever gives any legal advice in this article and advises its readers to proceed with caution and consult your preferred lawyer for any legal questions.

Introduction

The Supreme Court of the Philippines, through A.M. No. 17-11-03-SC issued the Rule on Cybercrime warrants, which took effect last August 15, 2018.

It sets out the procedure for the preservation, disclosure, interception, search, seizure, and/or examination, custody, and destruction of computer data as provided under the Cybercrime Prevention Act of 2012 (R.A. 10175)

General Provisions

Who can issue Cybercrime warrants?

These warrants shall be issued by designated Cybercrime courts, which are also the special commercial courts under the Regional Trial Courts as indicated under A.M. No. 03-03-03-SC issued last November 15, 2016.

Who shall acquire jurisdiction over the Cybercrime offenses?

The Cybercrime court where:

The cybercrime offense was committed

Where the computer system is situated

The place where the damage was caused

Who can file the Cybercrime warrants?

Law enforcement authorities before any of the designated Cybercrime courts

Where can the Cybercrime warrant be enforced?

Within and outside the Philippines

How long are Cybercrime warrants valid?

Ten (10) days from issuance, with the option of extending another ten (10) days

What are other requirements before the Cybercrime warrant is issued?

Personal examination by the judge in the form of searching questions, written and under oath.

What are the contents in an application of a Cybercrime warrant?

Probable offense involved

Relevance and necessity of the data being obtained

Name of individuals or entities involved

Particular description of the data sought to be obtained

Place where information is to enforced

How disclosure/interception/seizure/search/examination of data is to be carried out

Other relevant information

Who has custody over the data or items seized, intercepted, and obtained by law enforcement?

Before filing of return – law enforcement

After filing of return – court

What are the contents of the inventory upon the filing of return by law enforcement?

Date and time of disclosure, interception, search, seizure and examination of data

Particulars of computer data including hash values

How the data was obtained

Identification of all items seized (make, brand, serial numbers)

Names and position of law enforcement who had access to the data prior to depositing to the court

Names of officers who delivered the items to the court

Name of law enforcement officer allowed to access the deposited data

Certification that no duplicates has been made or retained by law enforcement

Who has access to the computer data while under custody?

No one. Unless upon motion granted by the court on trial.

What are the types of Cybercrime warrants?

The following are cybercrime warrants, as further discussed below

Preservation Warrant

Disclosure Warrant

Interception Warrant

Search, Seizure and Examination Warrrant

Examination Warrant for Lawfully Obtained Data

Destruction Warrant

Types of Cybercrime Warrants

Preservation Warrant (Preservation of Computer Data)

A warrant usually issued for law enforcement authorities ordering a provider to preserve data while law enforcement works to obtain a disclosure warrant.

This does not allow law enforcement to view the data but merely to order the provider to hold on to the data of the subscriber.

A service provider may be a telecommunications or infrastructure provider.

Requirements for service provider

Preserve data for a minimum period of six (6) months and further six (6) months from date of receipt of the order from law enforcement authorities

Law enforcement may order a one-time extension for another six (6) months provided that notification shall be made to the Office of the Prosecutor upon transmission

Does the provider need to disclose to the subscriber regarding a preservation order issued?

No, the provider shall keep the order and its compliance confidential

Disclosure Warrant (Disclosure of Computer Data)

A warrant issued for disclosing the data of a subscriber, including all network traffic and data related.

Unlike a preservation warrant, this actually will allow law enforcement to view the data.

Requirements for service provider

Disclose or submit subscriber’s information, traffic data or other relevant data

How long does the service provider have to comply with the disclosure warrant?

Within seventy-two (72) hours

Are law enforcement allowed to keep copies of the data obtained from the disclosure warrant?

Yes, provided that they keep the details and contents of the data strictly confidential for purposes of investigation

When are law enforcement authorities no longer allowed to retain the data?

The data shall be turned over to the court upon filing of a criminal action of the subscriber

Interception Warrant (Interception of Computer Data)

Warrant issued to law enforcement, enabling them to conduct activities such as listening, recording, monitoring and surveillance of data through the use of electronic tapping or interception of computer data pertaining to the accused.

Does law enforcement need to disclose to the interception to the accused?

No. Except, if no return has been filed by the law enforcement agent to the court.

In case of no return filed, the accused shall be informed of all interception activities conducted pertaining to his person and his data.

Search, Seizure and Examination Warrant (Search, Seizure and Examination of Data)

Law enforcement may seize and conduct a search and examination of the data obtained from an accused.

Can the accused seek return of the seized and searched items and data?

Yes, provided that a forensic image has been made by law enforcement

Forensic image is a copy of the entire data structure of an item.

Can interception of communications and data be done even in an search, seizure and examination warrant?

Yes, provided that such interception is reasonably related to the data being seized, searched or examined.

How long are the items seized, returned to the court?

10 days

What data is kept by law enforcement?

List of all items seized (name, make, brand, serial numbers)

Hash value of data seized

How long shall the examination of data be conducted by law enforcement?

Upon the discretion of the court, provided it shall not be extended for more than thirty (30) days.

Examination Warrant (Examine Data Obtained Lawfully)

Is a warrant issued when an item has been seized through lawful warrantless arrest by law enforcement for the purpose of forensic examination of data.

Destruction Warrant (Destruction of Data)

Allows law enforcement to partially or completely destroy data subject to preservation and examination.

May the court order return of the data subject for destruction?

Yes. If no preliminary investigation or case is instituted after thirty-one (31) days from deposit, or if upon lack of probable cause.

How shall the destruction of the data be made?

The court shall ask for the retained copy from law enforcement and in the presence of the Clerk of Court, the accused and his counsel, destroy the data through shredding, drilling of four holes on the device, prying the platters or other methods accepted by international standards of data destruction.

— Ariel Conrad

References: