Meeting Specificity Requirements for Cybercrime Warrants

Article III, Section 2 of the Philippine Constitution guarantees the right to unreasonable searches and seizures. It couches the right in the negative terms, so as to highlight that the issuance of search warrants occur only under exceptional circumstances. The Constitution requires that there must be “probable cause…determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized.”


Rule 126, Section 4 of the Rules of Court reiterates the constitutional requirements, and further mandates that the probable cause for the search warrant be connected with one specific offense. This additional requirement related to the specificity of the warrant is further emphasized by other provisions in the Rules of Court that further limit the properties to be seized to personal properties that may the subject of the offense, stolen or embezzled and other proceeds, or fruits of the offense, or used or intended to be used in committing an offense[1].


In the online age, traditional crimes such as theft and fraud[2], may be committed through information and communications technologies, facilitated through the of privacy, anonymity, and convenience the internet provides. This was among the concerns that led to the passage of the Cybercrime Prevention Act of 2012[3], which provides not only a comprehensive list of cybercrimes and their corresponding penalties, but also different tools that law enforcement agencies can use in investigating and prosecuting such crimes. These tools include preservation warrant[4], disclosure warrant[5], real-time collection of content data warrant[6], and search, seizure, and examination warrant[7].


Recently, the Supreme Court promulgated the Rule on Cybercrime Warrants (RCW), which took effect last August 15, 2018. The RCW enumerates the different kinds of cybercrime warrants that law enforcement agencies can apply for with the courts, and utilize in their investigations and prosecutions. The different warrants which the courts may issue under the RCW are as follows:


  • The Warrant to Disclose Computer Data (WDCD), which authorizes law enforcement to issue an order to disclose or submit subscriber’s information, traffic data, or relevant data in the possession or control of a person or service provider within seventy-two (72) hours from the receipt of the order[8]. The issuing judge must determine the existence of probable cause to believe that the facts upon which the application for WDCD[9]. Within forty-eight (48) hours from implementation or after the expiration of the effectivity of the WDCD, the authorized law enforcement officer must accomplish a return and to turn over the disclosed computer data or subscriber’s information to the court. The law enforcement may retain a copy of the disclosed data or subscriber’s information, but it must be kept strictly confidential[10].


  • The Warrant to Intercept Computer Data (WICD), which authorizes law enforcement to listen, record, monitor, or surveil the content of the communications through electronic eavesdropping or tapping devices, at the same time the communication is occurring[11]. Similar to a WDCD, the judge must be satisfied that probable cause exists[12], and that a return was filed[13]. There is an additional requirement of notifying the person whose communications or computer data have been intercepted of the activities conducted pursuant to the WICD, within thirty (30) days from the filing of the return or upon the lapse of the forty-eight (48) hour period to file the return[14].


  • The Warrant to Search, Seize, and Examine Computer Data (WSSECD), which authorizes the search the particular place for items to be seized and/or examined[15]. There must be probable cause to believe that the facts upon which the application for the WSSECD exists[16].


The law enforcement is allowed to make a forensic image of the computer on-site and is obligated to limit their search to the place specified in the warrant. If the creation of the forensic image on-site is not possible, an off-site one may be conducted, but it must be explained in the initial return for resorting to such mode[17]. However, the search is only limited to the communications and computer data that are reasonably related to the subject matter of the WSSECD[18].


The remedy of the person subjected to the WSSECD is to file a motion to return the searched and seized items with the court that issued the said WSSECD. The motion may be granted if the court finds that there is no lawful ground to withhold the said items[19].


As discussed, WSSECD requires an initial return, which must be filed within 10 days from the issuance of the said WSSECD stating all the actions of the law enforcement during the implementation of the WSSECD[20]. The court, through an order, will set the period to conclude the examination of all the items seized, which may not exceed thirty (30) days, upon motion, for justifiable reasons[21].


A final return must be filed, along with the turn-over the custody of the seized data, other items seized and/or the communications or computer data intercepted, within forty-eight (48) hours after the expiration of the period to examine[22].


  • The Warrant to Examine Computer Data (WECD) is to allow law enforcement agencies to search a computer device or computer seized during a lawful warrantless arrest or by any other lawful method[23] such as valid warrantless seizure, in flagrante delicto, or by voluntary surrender.


The law enforcement files a verified application, as well as the supporting affidavits, stating the essential facts and narrating the circumstances surrounding the lawful acquisition of the computer device or system containing the data. Again, there must be probable cause to believe that the facts upon which the application for WECD exists[24].


Similar to WSSECD, an initial and final returns must be filed and interception of communications and computer data may be conducted during the implementation of the said WECD[25].


The specificity that is required in warrants by the Supreme Court, whether through the Rules of Court, or through jurisprudence[26] should be expected in cybercrime warrants as well, The cybercrime warrants described above share a common requirement with a traditional search warrant in that a particular description of the computer data or subscriber’s information sought to be disclosed[27], intercepted[28], searched, seized, and examined[29] must be stated in their applications. The RCW refers to such computer data as being in the form of phone calls, text messages, social media internet relay chat, e-mails, or the content data itself[30].


The examples of computer data as supplied in the RCW may help law enforcement agencies in meeting the specificity/particularity requirement. There is no requirement for the absolute identification of the types of computer data sought to be seized (such as details like by providing the make and model of where such data is stored). However, details such as the identification of whose conversations or phone calls are to be searched and seized, or what types of videos or picture are to be examined. Satisfying this requirement of specificity would sufficiently inform the judge and/or the owner of the computer data to be seized as to what the law enforcement agent is searching.


The RCW provides additional measures that protect the person subject of such warrants from unreasonable searches and seizure of their computer data. Templates for the different cybercrime warrants are annexed to the RCW. Under each template, the judge, based on their discretion, is allowed to indicate other terms to be included by the law enforcement agencies that would help in the manner or method of carrying out the disclosure, interception, search, seizure, and examination.




[1] Rule 126, Section 3.

[2] Curtis, Sophie. “Eugene Kaspersky: traditional crime ‘is coming to cyberspace’.” September 30, 2014 (Accessed on January 12, 2019).

[3] Republic Act No. 10175.

[4]Rep. Act. No. 10175 (2012), Section 13.

[5] Rep. Act. No. 10175 (2012), Section 14.

[6] Rep. Act. No. 10175 (2012), Section 12.

[7] Rep. Act. No. 10175 (2012), Section 15.

[8] Rule on Cybercrime Warrants (2018), Section 4.1

[9] Rule on Cybercrime Warrants (2018), Section 4.4

[10] Rule on Cybercrime Warrants (2018), Section 4.5

[11] Rule on Cybercrime Warrants (2018), Section 5.2

[12] Rule on Cybercrime Warrants (2018), Section 5.4

[13] Rule on Cybercrime Warrants (2018), Section 5.5

[14] Rule on Cybercrime Warrants (2018), Section 5.6

[15] Rule on Cybercrime Warrants (2018), Section 6.1

[16] Rule on Cybercrime Warrants (2018), Section 6.3

[17] Rule on Cybercrime Warrants (2018), Section 6.4

[18] Rule on Cybercrime Warrants (2018), Section 6.5

[19] Id at footnote 17.

[20] Rule on Cybercrime Warrants (2018), Section 6.6

[21] Rule on Cybercrime Warrants (2018), Section 6.7

[22] Rule on Cybercrime Warrants (2018), Section 6.8

[23] Rule on Cybercrime Warrants (2018), Section 6.9

[24] Id.

[25] Id.

[26] In Worldwide Web Corporation and Cherryll L. Yu vs. People of the Philippines and Philippine Long Distance Telephone Company (G.R. Nos. 161106 and 161266, January 13, 2014), the Supreme Court recognized the difficulty in the law enforcement meeting the specificity requirement of search warrants, especially when the items to be seized are technical in nature. This is why the Court pronounced that “A search warrant fulfills the requirement of particularity in the description of the things to be seized when the things described are limited to those that bear a direct relation to the offense for which the warrant is being issued.”

[27] Rule on Cybercrime Warrants (2018), Section 4.3

[28] Rule on Cybercrime Warrants (2018), Section 5.3

[29] Rule on Cybercrime Warrants (2018), Section 6.2

[30] Footnote 32 of Rule on Cybercrime Warrants (2018)

Post a Comment