Just like in any other crime, a search warrant is necessary to aid in the prosecution of cybercrime [i]. Aiming to protect the fundamental right against unreasonable searches and seizures, the policy of procuring search warrants for cybercrimes is definitely sensible on paper. However, the unique nature of data and computer systems makes it troublesome. Can service providers be the solution?

The unique nature of search warrants in cyberspace

The procurement of a search warrant is a crucial part of the criminal prosecution process. By means of the warrant, law enforcement officers can secure material pieces of evidence [ii]. Without such prior authorization, persons can invoke the right against unreasonable searches and seizures and refuse to reveal the location of personal properties that could later be used as evidence.

Our laws recognize possible violations against the right to privacy, hence, no less than our Constitution and the Rules of Court (ROC) provide for safeguards for issuances of these search warrants. These provisions are applicable in pursuit of any criminal offence [iii], whether under the Revised Penal Code (RPC) or under special penal laws like the Cybercrime Prevention Act.

First, probable cause must be determined personally by the judge through an examination under oath or affirmation of the one seeking for the issuance of the warrant, as well as of the witnesses he may produce [iv]. Second, the warrant must particularly describe the place to be searched and the things to be seized [v]. Third, the probable cause must be in connection with one specific offense [vi]. Lastly, only the following personal property may be seized: the subject of the offense; those that are the proceeds or fruits of an offense; and those that were used or intended to be used as the means of committing an offense [vii].

The Implementing Rules and Regulations (IRR)[viii] of the Cybercrime Prevention Act also requires additional requisites for a warrant to be issued in connection to a cybercrime. Before law enforcement authorities may collect computer data, they must first establish: (1) that there are reasonable grounds to believe that any of the cybercrimes has been committed, is being committed, or is about to be committed; (2) that there are reasonable grounds to believe that evidence that will be obtained is essential to the conviction of any person for, or to the solution of, or to the prevention of, any such cybercrimes; and (3) that there are no other means readily available for obtaining such evidence.

With regard to the procedure of obtaining the warrant, the Cybercrime Prevention Act, is silent. Hence, Rule 126 of the ROC on search and seizures would apply. This view was affirmed by the Supreme Court in Disini v. Secretary of Justice [ix], where Section 12 [x] of the law, dealing with real time data collection, was declared as unconstitutional. The Court reasoned that it failed to comply with the requisites of a valid warrant [xi]. Section 19 [xii], which contained the controversial takedown clause, was also struck down for violating the Constitutional right to freedom of expression and against unreasonable searches and seizures.

Difficulty in complying with safeguards

These Constitutional and statutory safeguards should not be taken lightly because a search warrant, once issued, produces drastic effects. Law enforcement authorities are given wide powers, including conducting interception and surveillance over one’s computer data, seizing and retaining his computer data, and even causing computer data to be removed or be inaccessible [xiii]. They may also order any person, who has knowledge of the computer system subject of the warrant, to supply them with the necessary information to enable the undertaking of the search, seizure, and examination [xiv].

There is then a greater need to ensure that each search warrant issued in pursuance of a cybercrime investigation complies with all these safeguards.

However, the peculiar environment where cybercrimes are committed brings with it certain difficulties in complying with these mandates. For instance, in cybercrimes committed through stealth, such as hacking, personal knowledge may be impossible to procure if not from the perpetrator himself. In these cases, search warrants may be impossible to secure.

Assistance from Service Providers

In response to these inherent difficulties, the Cybercrime Prevention Act involves service providers, or those public or private entities that provide users the ability to communicate by means of a computer system, or any other entity that processes or stores computer data on behalf of such communication service or users of such service [xv], in the investigation of cyber offenses. Examples of these would be telecommunications companies that provide Internet access through DSL or mobile data plans.

Under the law [xvi], service providers are required to preserve the integrity of traffic data and subscriber information for a period of not less than six months from the date of transaction, without any necessary government order. Content data shall be similarly preserved, but only after a preservation order from law enforcement authorities – which may be valid for six months with a one-time extension of another six months. Once a copy of the transmittal document has been received by the Office of the Prosecutor, the service provider is mandated to preserve the integrity of such data until the final termination of the case, or as ordered by the Court [xvii].

This preservation order is different from a search warrant. It is issued only by law enforcement authorities, and not by a judge, and its goal is only to maintain the integrity of the data which may eventually be used as evidence in actual court proceedings. By virtue of a preservation order alone, law enforcement officers are not authorized to search through the computer data and seize the relevant information they need to pursue a criminal case. Yet it still important as it binds service providers to confidentiality. In effect, cybercriminals may not be able to quash evidence simply by changing service providers for every cybercrime they commit. This paves way for looking for people with actual personal knowledge of the wrongdoing – whether as an accomplice, a witness to the physical acts of cybercrimes, or as an offended party – without fear of losing important data.

More so, the IRR imposes civil and criminal liability on service providers under certain conditions [xviii]. Though the general rule is that one who acts as a service provider, by the mere fact of providing access, will not be liable for the cybercrimes committed through his/her service, it becomes apparent that the rules prescribe some situations wherein such service provider would be liable.

When computer data (or any statement made therein) is made, published, disseminated, or distributed, the service provider may be held criminally or civilly liable if: (1) the service provider has actual knowledge, or is aware of the facts or circumstances from which it is apparent that the making, publication, dissemination or distribution of the material is unlawful or constitutes infringement of any rights in relation to such material; and (2) the service provider knowingly receives financial benefit directly attributable to such unlawful or infringing activity.

Aiding the issuance of search warrants

From the foregoing, it would appear that law enforcement authorities may find refuge in their ability to issue confidential preservation orders directed to service providers as a solution to the difficulty in imputing personal knowledge in the issuance of a search warrant. These ISPs are required by law to maintain the integrity of the computer data even before any finding of probable cause.

While these orders may not exactly prevent the commission of cybercrimes, they may still aid investigators in seeking out patterns of use of suspected criminals, even across different service providers. Yet there is a seeming loophole – the law does not provide for the grounds when these orders may issue or for grounds on when service providers may refuse to comply with such orders. Given these broad powers, the preservation orders may be used as tools to uncover facts that would constitute personal knowledge. By virtue of this knowledge, there is no more obstacle to getting a search warrant with respect to cybercrimes.

[i]The Cybercrime Prevention Act of 2012 penalizes three kinds of cybercrimes — against confidentiality, integrity and availability of computer data and systems (RA 10175, Sec. 4), computer-related crimes such as computer-related forgery, computer-related fraud, and computer-related identity theft (Sec. 4. (b)), and content-related offenses such as cybersex, child pornography, unsolicited commercial communications, and libel (Sec. 4. (c)). In addition to all of these, the law also punishes all felonies covered by the RPC, if “committed by and through and with the use of information and communications technologies” (Sec. 6).

[ii]The Revised Rules of Criminal Procedure (effective December 1, 2000), Rule 126, Sec. 1.

[iii]Note that AM No. 02-1-06-SC, prescribing special rules on search and seizure with respect to infringement of intellectual property rights, are applicable only to civil actions.

[iv]The 1987 Constitution, Art. III. Sec. 2.


[vi]Rule 126 Sec. 4.

[vii]Rule 126 Sec. 3.

[viii]Rules and Regulations Implementing RA 19175 (IRR), Sec. 13. reproduces Sec 12 above (Footnote xviii), except that “with due cause” was replaced with “upon the issuance of a court warrant.”

[ix]G.R. No. 203335, February 11, 2014.

[x]The original provision, before it was struck down as unconstitutional, reads as follows:

Sec. 12. Real-Time Collection of Traffic Data. — Law enforcement authorities, with due cause, shall be authorized to collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system.

Traffic data refer only to the communication’s origin, destination, route, time, date, size, duration, or type of underlying service, but not content, nor identities.

All other data to be collected or seized or disclosed will require a court warrant.

Service providers are required to cooperate and assist law enforcement authorities in the collection or recording of the above-stated information.

[xi]The Court held that Sec. 12, in effect, justifies the issuance of a general warrant, which is against the Constitution. Further, the authority that Sec. 12 gives to law enforcement authorities is “too sweeping and lack restraint”

[xii]The original provision, before it was struck down as unconstitutional, reads as follows:

Sec. 19. Restricting or Blocking Access to Computer Data.— When a computer data is prima facie found to be in violation of the provisions of this Act, the DOJ shall issue an order to restrict or block access to such computer data.

[xiii]RA 10175, Sec. 15


[xv]RA 10175, Sec. 3. (n).

[xvi]IRR, Sec. 13.

[xvii]IRR, Sec 30 (d).

screen_shot_2016-11-23_at_10-36-47_am[xviii]IRR Sec 20.

Leave a Comment

Your email address will not be published. Required fields are marked *