Section 11.

 Duties of Law Enforcement Authorities. — To ensure that the technical

nature of cybercrime and its prevention is given focus and considering the procedures
involved for international cooperation, law enforcement authorities specifically the
computer or technology crime divisions or units responsible for the investigation of
cybercrimes are required to submit timely and regular reports including pre-operation,
post-operation and investigation results and such other documents as may be required
to the Department of Justice (DOJ) for review and monitoring.

Section 12. Real-Time Collection of Traffic Data. — Law enforcement authorities, with

due cause, shall be authorized to collect or record by technical or electronic means
traffic data in real-time associated with specified communications transmitted by means
of a computer system.

Traffic data refer only to the communication’s origin, destination, route, time, date, size,
duration, or type of underlying service, but not content, nor identities.

All other data to be collected or seized or disclosed will require a court warrant.

Service providers are required to cooperate and assist law enforcement authorities in
the collection or recording of the above-stated information.

The court warrant required under this section shall only be issued or granted upon
written application and the examination under oath or affirmation of the applicant and
the witnesses he may produce and the showing: (1) that there are reasonable grounds
to believe that any of the crimes enumerated hereinabove has been committed, or is
being committed, or is about to be committed: (2) that there are reasonable grounds to
believe that evidence that will be obtained is essential to the conviction of any person
for, or to the solution of, or to the prevention of, any such crimes; and (3) that there are
no other means readily available for obtaining such evidence.

In the case of Disini vs. Executive Secretary, the petitioners assail the validity of several
provision of the Republic Act (R.A.) 10175, the Cybercrime Prevention Act of 2012.

Section 12 was declared in violation of the right to privacy because it lacked sufficient
specificity and definiteness in collecting real-time computer data. 

Section 12 of the Act authorizes the law enforcement without a court warrant “to collect
or record traffic data in real-time associated with specified communications transmitted
by means of a computer system.”  Traffic data under this Section includes the origin,
destination, route, size, date, and duration of the communication, but not its content nor
the identity of users.
The Petitioners argued that such warrantless authority curtails their civil liberties and set
the stage for abuse of discretion by the government.  They also claimed that this
provision violates the right to privacy and protection from the government’s intrusion into
online communications.
According to the Court, since Section 12 may lead to disclosure of private
communications, it must survive the rational basis standard of whether it is narrowly
tailored towards serving a government’s compelling interest.  The Court found that the
government did have a compelling interest in preventing cyber crimes by monitoring
real-time traffic data.

Next slide

As to whether Section 12 violated the right to privacy, the Court first recognized that the
right at stake concerned informational privacy, defined as “the right not to have private
information disclosed, and the right to live freely without surveillance and intrusion.”  In
determining whether a communication is entitled to the right of privacy, the Court
applied a two-part test: (1) Whether the person claiming the right has a legitimate
expectation of privacy over the communication, and (2) whether his expectation of
privacy can be regarded as objectively reasonable in the society. 
The Court noted that internet users have subjective reasonable expectation of privacy
over their communications transmitted online.  However, it did not find the expectation
as objectively reasonable because traffic data sent through internet “does not disclose
the actual names and addresses (residential or office) of the sender and the recipient,
only their coded Internet Protocol (IP) addresses.” 

Even though the Court ruled that real-time traffic data under Section 12 does not enjoy
the objective reasonable expectation of privacy, the existence of enough data may
reveal the personal information of its sender or recipient, against which the Section fails
to provide sufficient safeguard.  The Court viewed the law as “virtually limitless, enabling
law enforcement authorities to engage in “fishing expedition,” choosing whatever
specified communication they want.”

Accordingly, the Court struck down Section 12 for lack of specificity and definiteness as
to ensure respect for the right to privacy.

Section 13. Preservation of Computer Data. — The integrity of traffic data and

subscriber information relating to communication services provided by a service
provider shall be preserved for a minimum period of six (6) months from the date of the
transaction. Content data shall be similarly preserved for six (6) months from the date of
receipt of the order from law enforcement authorities requiring its preservation.

Law enforcement authorities may order a one-time extension for another six (6)
months: Provided, That once computer data preserved, transmitted or stored by a
service provider is used as evidence in a case, the mere furnishing to such service
provider of the transmittal document to the Office of the Prosecutor shall be deemed a
notification to preserve the computer data until the termination of the case.

The service provider ordered to preserve computer data shall keep confidential the
order and its compliance.

Petitioners in G.R. No. 203391 (Palatino v. Ochoa)claim that Section 13 constitutes an

undue deprivation of the right to property. They liken the data preservation order that
law enforcement authorities are to issue as a form of garnishment of personal property
in civil forfeiture proceedings. Such order prevents internet users from accessing and
disposing of traffic data that essentially belong to them.

No doubt, the contents of materials sent or received through the internet belong to their
authors or recipients and are to be considered private communications. But it is not
clear that a service provider has an obligation to indefinitely keep a copy of the same as
they pass its system for the benefit of users. By virtue of Section 13, however, the law
now requires service providers to keep traffic data and subscriber information relating to
communication services for at least six months from the date of the transaction and
those relating to content data for at least six months from receipt of the order for their
preservation.

The Supreme Court agreed with the Solicitor General that it correctly points out, the
data that service providers preserve on orders of law enforcement authorities are not
made inaccessible to users by reason of the issuance of such orders. The process of
preserving data will not unduly hamper the normal transmission or use of the same.

Hence, valid and constitutional

Section 14. Disclosure of Computer Data. — Law enforcement authorities, upon

securing a court warrant, shall issue an order requiring any person or service provider to
disclose or submit subscriber’s information, traffic data or relevant data in his/its
possession or control within seventy-two (72) hours from receipt of the order in relation
to a valid complaint officially docketed and assigned for investigation and the disclosure
is necessary and relevant for the purpose of investigation.

The process envisioned in Section 14 is being likened to the issuance of a subpoena.

Section 14 envisions is merely the enforcement of a duly issued court warrant, a

function usually lodged in the hands of law enforcers to enable them to carry out their
executive functions. The prescribed procedure for disclosure would not constitute an
unlawful search or seizure nor would it violate the privacy of communications and
correspondence. Disclosure can be made only after judicial intervention.

Disini vs Executive Secretary

 Petitioners claimed that the issuance of subpoenas is a judicial function.

ISSUE: Whether or not the issuance of subpoenas is exclusively judicial function.

RULING: No. A subpoena is an order issued by the court. The subpoena usually
requires you to appear at a certain place, date, and time to testify as a witness about a
particular case. It is well-settled that the power to issue subpoenas is not exclusively a
judicial function. Executive agencies have the power to issue subpoena as an adjunct of
their investigatory powers.

Again, Section 14 envisions is merely the enforcement of a duly issued court warrant, a
function usually lodged in the hands of law enforcers to enable them to carry out their
executive functions. The prescribed procedure for disclosure would not constitute an
unlawful search or seizure nor would it violate the privacy of communications and
correspondence. Disclosure can be made only after judicial intervention.

Hence, tSection 14 of R.A. 10175 is valid and constitutional.

Section 15. Search, Seizure and Examination of Computer Data. — Where a search

and seizure warrant is properly issued, the law enforcement authorities shall likewise
have the following powers and duties.

Within the time period specified in the warrant, to conduct interception, as defined in this
Act, and:

(a) To secure a computer system or a computer data storage medium;

(b) To make and retain a copy of those computer data secured;

(c) To maintain the integrity of the relevant stored computer data;

(d) To conduct forensic analysis or examination of the computer data storage

medium; and

(e) To render inaccessible or remove those computer data in the accessed

computer or computer and communications network.

Pursuant thereof, the law enforcement authorities may order any person who has
knowledge about the functioning of the computer system and the measures to protect
and preserve the computer data therein to provide, as is reasonable, the necessary
information, to enable the undertaking of the search, seizure and examination.

Law enforcement authorities may request for an extension of time to complete the
examination of the computer data storage medium and to make a return thereon but in
no case for a period longer than thirty (30) days from date of approval by the court.
Petitioners challenge Section 15 on the assumption that it will supplant established search and
seizure procedures. On its face, however, Section 15 merely enumerates the duties of law
enforcement authorities that would ensure the proper collection, preservation, and use of computer
system or data that have been seized by virtue of a court warrant. The exercise of these duties do
not pose any threat on the rights of the person from whom they were taken. Section 15 does not
appear to supersede existing search and seizure rules but merely supplements them

REFERENCES:

https://www.projectjurisprudence.com/2017/05/disini-v-secretary-of-justice-gr-no-
203335.html
https://globalfreedomofexpression.columbia.edu/cases/disini-v-the-secretary-of-justice/
https://www.lawphil.net/judjuris/juri2014/feb2014/gr_203335_2014.html