Constitutional: Cybercrime offense of data interference under Section 4(a) (3) of R.A. 10175

R.A. 10175 or the Philippine Cybercrime Prevention Act of 2012 penalizes the cybercrime offense of data interference under Section 4 (a) (3).

In the various petitions filed before the Supreme Court, Petitioners sought to invalidate this provision primarily through the doctrine of overbreadth.

This provision penalizing the cybercrime offense of data interference is reflected in Section 4 (a) (3) of R.A. 10175, which is faithfully reproduced herein:

Section 4. Cybercrime Offenses. – The following acts constitute the offense of cybercrime punishable under this Act:

(a) Offenses against the confidentiality, integrity and availability of computer data and systems:

x x x x

(3) Data Interference. – The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.

Based on the above-cited provision, the Cybercrime Offense of Data Interference is the “intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.”

There are two various modes of committing Data Interference: intentional or reckless. The first one presupposes that the offender knowingly committed the act. The second one contemplates that the offender may not have intentionally committed such act but it was committed by sheer recklessness.

Regardless of the mode, the end result is that there is an alteration/damaging/deletion/deterioration of a computer data/electronic document/electronic data message – without right. This includes introduction or transmission of viruses.

R.A. 10175 provides for a definition of alteration. Alteration refers to “the modification or change, in form or substance, of an existing computer data or program.”[1] There is no definition of damaging, deletion, or deterioration. Hence, their ordinary meanings or significations would apply. To damage is to impair. To delete is to erase completely without a trace; deletion should be distinguished from transferring as the computer data still exists and has not been erased. To deteriorate is to depreciate.

On the other hand, the object of the alteration/damaging/deletion/deterioration are the computer data/electronic document/electronic data message. Computer data refers to “any representation of facts, information, or concepts in a form suitable for processing in a computer system including a program suitable to cause a computer system to perform a function and includes electronic documents and/or electronic data messages whether stored in local computer systems or online.”[2] The definition of electronic document or electronic data may be derived from the E-Commerce Law.

As with Illegal Access, the best defense available for Data Interference if it was done with a right. Without right refers to “either: (i) conduct undertaken without or in excess of authority; or (ii) conduct not covered by established legal defenses, excuses, court orders, justifications, or relevant principles under the law.”[3]

Constitutional: Cybercrime Offense of Data Interference, Section 4 (a) (3) of R.A. 10175

In pursuing the invalidation on Section 4 (a) (3), Petitioners claimed that it was invalid under the doctrine of overbreadth. That is to say, the legal provision intrudes on the constitutionally protected areas of free speech resulting in the creation of a chilling and deterrent effect.

The Supreme Court declared Section 4 (a) (3) of R.A. 10175 constitutional.

As pointed out by the Supreme Court, there is no application of the doctrine of overbreadth on this legal provision as Section 4 (a) (3) penalizes an act that is essentially “a form of vandalism.” Similar to the act of willfully destroying another’s property without right, Data Interference is a vandalism involving the willful destruction without right another’s computer data/electronic document/electronic data message.

In the overbreadth doctrine, “a proper governmental purpose, constitutionally subject to state regulation, may not be achieved by means that unnecessarily sweep its subject broadly, thereby invading the area of protected freedoms.” The legal provision does not intrude or encroach on these fundamental freedoms. Moreover, the Petitioners were unable to discharge the heavy burden required in the doctrine of overbreadth. They were not able to prove that the law will not be valid under any set of circumstances.

On the matter of chilling effect, the Supreme Court takes note all penal laws have a chilling effect. It is an in terrorem effect or “the fear of possible prosecution that hangs on the heads of citizens who are minded to step beyond the boundaries of what is proper.” The State cannot be prevented from promulgating criminal laws just because it creates fear. To do so, it would render the Government powerless in addressing and penalizing socially harmful conduct. The supposed chilling effect of Section 4 (a) (3) is an illusion.

Commentary

Would a draft prepared by an employee in the company’s laptop and later on deleted be subject of data interference? What if a principal sends via e-mail a softcopy of a document to an agent who later on changed it without asking consent – is it covered? Is it already intentional or reckless if a person earlier learned that his USB flash driver contained a virus but still plugged it in a computer system?

As with Illegal Access, the Cybercrime Offense of Data Interference has extensive application. The elements to constitute this crime are fairly simple: that the offender caused the alteration/damaging/deletion/deterioration of a computer data/electronic document/electronic data message including the introduction of/transmission of viruses, that it was done either intentionally or recklessly, and that it was without right.

Thus, any individual in possession or receives of another’s computer data/electronic document/electronic data should now be on guard against its alteration/damaging/deletion/deterioration. Likewise, an individual would be very wary of plugging a USB flash driver in another’ computer system that might result in the transmission of a virus. For the first one, it could be as absurd as an employee being given a company’s Annual Report via email which would then be downloaded in the company laptop. If the employee somehow deletes such report on the computer system owned by the company without any authorization, does that result in criminal liability of Data Interference?

As for transmission of viruses, the mode contemplates recklessness but did not provide for parameters. Would it be reckless if a person plugged his USB flash drive in an Internet Café shop and later plugged the same in another’s laptop resulting in a transmission of virus? Further, does virus cover malware, grime, Trojan, and similar thereto?

These may be addressed once actual case and controversies are brought to the Supreme Court. As R.A. 10175 is a relatively new law, there is not much jurisprudence on the matter that would serve as precedents and guide to the application of the law. This may soon change as various cases are already being filed left and right using the Philippine Cybercrime Prevention Act of 2012. It is only through the court system can such law be properly understood once there are operative facts already. As it is, everything is theory and intellectual discourse.

 

References:

[1] Ibid. Sec. 3 (b).

[2] R.A. 10175. Sec. 3 (e).

[3] R.A. 10175. Sec. 3 (h).