Implementing Anti-Cybercrime Law In I-Cafés
You may have noticed my once-a-month blogging since the start of 2014. It could be because I decided to blog only about my actual experiences and I may have none worthy of getting blogged. However, for the month of April 2014, I had been to a public consultation on the Implementing Rules and Regulations of R.A. 10175 or the Cybercrime Prevention Act of 2012, an important birthday party, a Holy Week tradition and a winner of a technology gadget. No matter what, thank you for bearing with me.
I do not plan to blog about them in one sitting. I will do it one at a time so let me begin by writing about my attendance to the public consultation on the IRR for the anti-cybercrime law organized by the Department of Justice – Office of Cybercrime last April 8, 2014.
I was invited to the said public consultation by virtue of my advocacy for the internet café (i-café) in the country. The organizer wanted to get the opinions of various sectors on the draft rules to be followed in the implementation of Republic Act No. 10175 otherwise known as Cybercrime Prevention Act of 2012.
As possible scene of a cybercrime, the i-cafés will be covered by the law according to its definition of a Service Provider that refers to any public or private entity that provides to users of its service the ability to communicate by means of a computer system. Under the Act, service providers are required to cooperate and assist law enforcement authorities in the collection or recording of the traffic data that refer only to the communication’s origin, destination, route, time, date, size, duration, or type of underlying service, but not content, nor identities.
As service providers, the i-cafés will have the following duties stipulated in Chapter VII, Rule 7, Section 27 of the draft IRR on the subject of Duties of a Service Provider:
- Preserve the integrity of traffic data and subscriber information for a minimum period of six (6) months from the date of the transaction;
- Preserve the integrity of computer data for an extended period of six (6) months from the date of the receipt of the order from law enforcement authorities requiring extension on its preservation;
- Preserve the integrity of computer data until the termination of the case upon receipt of a copy of the transmittal document to the Office of the Prosecutor;
- Ensure the confidentiality of the preservation orders and its compliance;
- Collect or record by technical or electronic means, and/or cooperate and assist law enforcement authorities in the collection and recording of computer data associated with specified communications transmitted by means of a computer system;
- Disclose or submit subscriber’s information, traffic data or relevant data in his/its possession or control to law enforcement authorities within seventy-two (72) hours upon receipt of order and copy of the court warrant;
- Immediately and completely destroy the computer data subject of a preservation and examination after the expiration of the period provided in Section 13 and 15 of the Act; and
- To perform such other duties as may be necessary and proper to carry into effect the provisions of the Act.
In case of failure on the part of service providers to perform the above duties, Section 19 of the draft IRR on Non-compliance states that . . . Failure to comply with the provisions of Chapter IV of the Act specifically the orders fro the law enforcement authorities shall be punished as a violation of P.D. No. 1829 with imprisonment of prision correccional in its maximum period or a fine of One Hundred Thousand (₱ 100,000.00) Pesos or both, for each and every non-compliance with an order issued by the law enforcement authorities.
For my part, I told the participants in the public consultation that i-cafés will find it difficult to perform the duties of service providers provided in the Act because most, if not all, i-cafés use roll-back application software that erase all logs made and data used by a customer once the computer unit is rebooted. However, it was pointed out that the Act only requires service providers to cooperate and assist in the collection or recording of the traffic data that refer only to the communication’s origin, destination, route, time, date, size, duration, or type of underlying service, but not content, nor identities. As such, an i-café server with the proper software could satisfy the requirement.
I also told them about the operations of PisoNet computers that the law enforcement authorities may find difficulty in asking owners to comply with the provisions of the Act. Add the WiFi Zones and you will see how difficult it would be to implement the Cybercrime Prevention Act of 2012. No matter what, I am personally in favor of this Act with respect to its purpose of preventing cybercrime except its provision on online libel.