MAKILALA INSTITUTE OF SCIENCE AND TECHNOLOGY

COLLEGE OF CRIMINAL JUSTICE EDUCATION

BACHELOR OF SCIENCE IN CRIMINOLOGY

CRIMINOLOGY DEPARTMENT
_________________________________________________________________________________________________
INTRODUCTION TO CYBERCRIME AND ENVIRONMENTAL LAWS AND PROTECTION
Course Number : CDI 9 Instructor: JEANIEL JOY H. BABOL, RCRIM
Course Title : Introduction to Cybercrime and Environmental Laws and Protection
Credits Units : 3 Units Email Address: [email protected]
Module No :6 Facebook: https://www.facebook.com/jaji924
Duration : 1 hr. & 30 mins. Mobile No.: 09916140840

I. LEARNING OUTCOME
At the end of this lesson, the students should be able to:
1. Explain the key concepts related to cybercrime enforcement and implementation, including the duties of law
enforcement authorities and the Cybercrime Investigation and Coordinating Center.
2. Describe the importance of real-time collection of traffic data and its role in cybercrime prevention and investigation.
3. Analyze and apply the procedures for the preservation, disclosure, search, seizure, examination, custody, and
destruction of computer data in cybercrime cases.
4. Evaluate the implications of the exclusionary rule in cybercrime investigations, and its impact on the admissibility of
evidence in court.
5. Explain the primary objective of the Cyber Intelligence Program, which is to improve threat intelligence capabilities
and issue regular warnings and advisories on cyber threats and security measures for critical infrastructure owners,
law enforcement, and the public in the Philippines.
6. Discuss the main components of the law enforcement enhancement program, including the deployment of forensic
investigators, the establishment of forensic laboratories, and the training provided to judges, prosecutors, and
lawyers in addressing cybercrimes in the Philippines.

II. TOPICS/SUBJECT MATTER

CHAPTER IV: ENFORCEMENT AND IMPLEMENTATION

 Duties of Law Enforcement Authorities and Cybercrime Investigation and Coordinating Center
 Real-time Collection of Traffic Data
 Computer Data
 Preservation
 Disclosure
 Search, seizure and Examination
 Custody
 Destruction
 Exclusionary Rule

III. REFERENCES
Adelene Maghinay Florendo & Rizza Ruth Maghinay Florendo. (2020). Introduction to Cybercrime and
Environmental Laws and Protection. Wiseman's Books Trading, Inc.

IV. COURSE CONTENT

CHAPTER IV: ENFORCEMENT AND IMPLEMENTATION

Welcome to Chapter IV of this modular handout, where we delve into 'Enforcement and Implementation.' Here, we explore
the roles of law enforcement authorities, the Cybercrime Investigation and Coordinating Center, real-time traffic data
collection, computer data management, and associated legal aspects. We'll also discuss the Exclusionary Rule, a vital
safeguard in cybercrime investigations. This chapter provides a comprehensive understanding of enforcement mechanisms
and legal nuances in cybersecurity, ensuring effective application of laws and individual rights protection in the digital
realm.

DUTIES OF LAW ENFORCEMENT AUTHORITIES AND CYBERCRIME INVESTIGATION AND COORDINATING CENTER

- The National Bureau of Investigation (NBI) and the Philippine National Police (PNP) have been designated as the primary law
enforcement agencies responsible for the effective implementation of cybercrime laws in the Philippines.

- Both the NBI and the PNP are required to establish dedicated cybercrime units or centers staffed by specially trained investigators.
These units are exclusively tasked with handling cases involving violations of cybercrime laws.

- Recognizing the technical complexity of cybercrimes and the need for international cooperation, the law mandates that law enforcement
authorities, particularly specialized divisions or units focused on computer and technology-related crimes, submit timely and regular
reports.

- Law enforcement authorities are obligated to provide various types of reports, including pre-operation plans, post-operation
summaries, and investigation results.

1. Pre-Operation Plan: Before initiating the operation, the cybercrime investigation unit develops a detailed pre-operation plan
outlining the objectives, strategies, and methodologies to be employed. This plan involves outlining the roles of each team
member, allocating resources effectively, and coordinating with other relevant agencies such as the Cybercrime Investigation
and Coordinating Center (CICC). The plan also includes obtaining necessary warrants and ensuring legal compliance
throughout the operation.

2. Post-Operation Summary: Following the successful execution of the operation, law enforcement authorities are required to
compile a post-operation summary report. This report outlines the actions taken during the operation, including any arrests
made, evidence seized, and any challenges encountered. It also provides an assessment of the operation's effectiveness in
achieving its objectives and identifies areas for improvement in future operations.

Page 1 of 5
 MAKILALA INSTITUTE OF SCIENCE AND TECHNOLOGY
COLLEGE OF CRIMINAL JUSTICE EDUCATION
BACHELOR OF SCIENCE IN CRIMINOLOGY

CRIMINOLOGY DEPARTMENT
_________________________________________________________________________________________________
3. Investigation Results Report: After thorough analysis and examination of the seized digital evidence, the investigation team
compiles a detailed investigation results report. This report includes information about the perpetrators, their methods, the
extent of the cybercrime network, and the impact on victims. It also highlights the techniques used for data preservation,
examination, and the compliance with legal protocols during the investigation.

In the Philippine setting, these reports serve as crucial documentation for transparency, accountability, and legal compliance in
cybercrime enforcement. They contribute to the overall efforts of law enforcement authorities in combatting cybercrimes
effectively while ensuring that the procedures followed align with legal frameworks and regulations, such as the Cybercrime
Prevention Act of 2012 and related guidelines issued by the Department of Justice.

Office of Cybercrime
Republic Act No. 10175 or the Cybercrime Prevention Act of 2012 created the Office of Cybercrime (OOC) within the DOJ and designated
it as the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime and cyber-related
matters.
It also acts as the focal agency in formulating and implementing law enforcement investigation and prosecution strategies in curbing
cybercrime and cyber-related offenses nationwide.

REAL-TIME COLLECTION OF TRAFFIC DATA

1. Authorization for Real-Time Traffic Data Collection:

- Law enforcement authorities are authorized to collect or record traffic data in real-time related to specific communications transmitted
through computer systems.
- Traffic data pertains to information such as the communication's origin, destination, route, time, date, size, duration, or type of
underlying service. It does not include content or identities.

Origin: Your mobile phone's IP address or location. For example, your mobile phone's IP address might be 192.168.1.100, indicating that
the request is coming from your device.
Destination: The website's IP address or domain name. Let's say you're visiting "www.example.com," which might resolve to the IP address
203.0.113.27.
Route: The path the data takes through various servers and routers to reach the website. This could include a series of intermediary servers
and routers, each responsible for routing the data. The exact route could be complex and could involve multiple hops.
Time: The time at which you accessed the website. For example, you accessed the website at 10:30 AM.
Date: The date on which you accessed the website. Let's say you visited the website on October 21, 2023.
Size: The amount of data transmitted between your mobile phone and the website. This could be, for example, 1.5 MB of data that you
downloaded while visiting the website.
Duration: How long your session on the website lasted. You spent 15 minutes browsing the website.
Type of Underlying Service: For example, you accessed the website over a 4G mobile data connection.

However, it's important to note that this traffic data does not include the actual content of the website you were browsing (text, images,
videos) or specific information about your identity (such as your name, email address, or phone number). Traffic data is used for
technical purposes like routing and network optimization, and it doesn't reveal the specific content of your online activities or personal
details.

2. Requirement of a Court Warrant for Other Data:

- Any data collection or seizure beyond traffic data requires a court warrant.
- Service providers are obligated to cooperate with and assist law enforcement authorities in obtaining the specified information.

3. Conditions for Issuing a Court Warrant:

- Court warrants can only be issued or granted based on specific conditions:

(1) Reasonable grounds to believe that one of the enumerated crimes has been, is being, or is about to be committed.

Example: In the case of a cybercrime-related warrant, law enforcement may request a

warrant to investigate a suspected online hacking incident where an individual is
believed to have gained unauthorized access to a company's computer network,
potentially compromising sensitive customer data. The reasonable grounds for the
warrant could be based on evidence such as logs showing suspicious activity and
attempted unauthorized logins.

(2) Reasonable grounds to believe that the evidence to be obtained is crucial for the
conviction, solution, or prevention of such crimes.

Example: In a cybercrime investigation, law enforcement may request a warrant to

seize a suspect's computer and digital devices to gather evidence related to online
harassment and cyberbullying. The reasonable grounds for the warrant could be
based on messages, social media posts, or digital communications that are crucial for identifying the perpetrator and prosecuting them for
the harassment.

(3) No other readily available means exist for obtaining this evidence.

Example: Law enforcement may seek a warrant to access the email account of a suspect in a cybercrime case involving online fraud. In this
scenario, they believe that important evidence, such as email correspondence with victims, is stored in the suspect's email account. If the
suspect refuses to cooperate, and there are no other methods available to obtain this evidence, a warrant may be sought to access the email
account as a last resort, ensuring that no alternative means exist for collecting the crucial evidence.

CYBERCRIME WARRANTS
1. Warrant to Disclose Computer Data (WDCD)
An order to disclose and accordingly, require any person or service provider to disclose or submit subscriber’s information, traffic data, or
relevant data in his/her controversial or is possession or control

2. Warrant to Intercept Computer Data (WICD)

Page 2 of 5
 MAKILALA INSTITUTE OF SCIENCE AND TECHNOLOGY
COLLEGE OF CRIMINAL JUSTICE EDUCATION
BACHELOR OF SCIENCE IN CRIMINOLOGY

CRIMINOLOGY DEPARTMENT
_________________________________________________________________________________________________
An order authorizing law enforcement authorities to carry out any or all of the following activities: (a) listening to, (b) recording, (c)
monitoring, or (d) surveillance of the content of communications, including procuring of the content of computer data, either directly,
through access and use of a computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at the same
time that the communication is occurring

3. Warrant to Search, Seize and Examine Computer Data (WSSECD)

An order authorizing law enforcement authorities to search a particular place for items to be seized and/or examined

4. Warrant to Examine Computer Data (WECD)

Upon acquiring possession of a computer divide or computer system via a lawful warrantless arrest, or by any other lawful method, law
enforcement authorities shall first apply for a WECD before searching the said computer device or computer system for the purpose of
obtaining forensic examination the computer data contained therein

RELATED ORDERS

1. Preservation Order
An order requiring a service provider to keep, retain and preserve:
– The integrity of traffic data and subscriber’s information for a minimum period of 6 months from the date of transaction
– Content data for 6 months from the date of receipt of the order

2. Destruction Order or Return Order

An order requiring the complete or partial destruction, or the return to its lawful owner or possessor, of the computer data or any related
items turned over to the court’s custody

Where to file an application for a warrant Before any of the designated cybercrime courts of the province or the city where the offense
or any of its elements has been committed, is being committed, or is about to be committed, or where any part of the computer system
used is situated, or where any of the damage caused to a natural or juridical person took place. Cybercime courts in Quezon City, the
City of Manila, Makati City, Pasig City, Cebu City, Iloilo City, Davao City and Cagayan de Oro City shall have the special authority to act
on applications and issue warrants which shall be enforceable nationwide and outside the Philippines. Effective Period of Warrants For
the length of time as determined by the court, which shall not exceed 10 days from its issuance. Extendible, based on justifiable, for not
more than 10 days from the expiration of the original period. Extraterritorial Service of Warrants and Other Court Processes For
persons or service providers situated outside the Philippines, service of warrants and other court processes shall be coursed through the
DOJ – Office of Cybercrime.

Exclusionary Rule. — Any evidence procured without a valid warrant or beyond the authority of the same shall be inadmissible for any
proceeding before any court or tribunal.

Noncompliance. — Failure to comply with the provisions of Chapter IV hereof specifically the orders from law enforcement authorities
shall be punished as a violation of Presidential Decree No. 1829 with imprisonment of prision correctional in its maximum period or a
fine of One hundred thousand pesos (Php100,000.00) or both, for each and every noncompliance with an order issued by law
enforcement authorities.

The "Preventive Capability Programs" consist of various initiatives aimed at enhancing cybersecurity and ensuring the security of
critical infrastructure in the Philippines. Two of the key components of these programs are the "Cyber Intelligence" and "Warnings &
Advisories" programs, each serving a specific purpose:

1. Cyber Intelligence Program:

The Cyber Intelligence Program is designed to gather, analyze, and disseminate intelligence related to cyber threats and cybercriminal
activities. It aims to provide law enforcement and military units with the necessary information to counteract and interdict threats posed
by terrorists, spies, and criminals. Here are the key components of this program:

a. Creation of a Cyber Special Operations Unit: This involves establishing a specialized unit under the supervision of the Task Force on
Cybercrime (TFSCI). This unit is tasked with conducting intelligence operations focused on potential threats in the cyber domain. Its
mission is to gain a better understanding of threat actors, their organizational structures, modus operandi (methods of operation), plans,
and linkages.

b. Monthly National Intelligence Estimates (NIE): The program generates regular NIE reports that provide strategic and operational
intelligence on various aspects of cybersecurity, including cybercrimes, cyber terrorism, and foreign and competitive intelligence
operations. These reports help keep relevant agencies and entities informed about evolving cyber threats.

c. Development and Management of a Hacker's Database: A comprehensive database is established to gather information on known
cybercriminals, threat actors, and their tactics. This database aids in tracking and identifying individuals and groups involved in
cybercriminal activities.

d. Specialized Cyber-Intelligence Training Curriculum: The program focuses on the development and implementation of specialized
training for intelligence personnel in the Armed Forces of the Philippines (AFP) and the Philippine National Police (PNP). This training is
integrated into their intelligence training institutions, enhancing their capacity to conduct cyber intelligence operations effectively.

2. Warnings & Advisories Program:

The Warnings & Advisories Program is aimed at sharing timely and critical information related to cyber threats and security concerns
with various stakeholders, including critical infrastructure owners and operators, as well as the general public. The program helps
individuals and organizations take proactive measures to protect themselves from cyber threats. Here are the key elements of this
program:

- Dissemination of Threat Information: The program provides information on emerging threats, security alerts, and related matters to
critical infrastructure owners, operators, and the general public. This information can include details on ongoing computer attacks,
attack trends, the modus operandi (methods) of attackers, alerts about wanted cybercriminals and terrorists, and updates on security
patches and protective measures.

Page 3 of 5
 MAKILALA INSTITUTE OF SCIENCE AND TECHNOLOGY
COLLEGE OF CRIMINAL JUSTICE EDUCATION
BACHELOR OF SCIENCE IN CRIMINOLOGY

CRIMINOLOGY DEPARTMENT
_________________________________________________________________________________________________
- Public Awareness: By making threat information and advisories available to the general public, this program helps raise awareness
about cybersecurity issues. It empowers individuals to take necessary precautions and strengthen their security measures, contributing
to a more informed and vigilant society.

In summary, the Preventive Capability Programs in the Philippines, particularly the Cyber Intelligence and Warnings & Advisories
programs, are designed to proactively gather intelligence, assess cyber threats, and disseminate timely information to safeguard national
security and critical infrastructure. These programs not only help law enforcement and military units but also foster a cybersecurity-
conscious society.

ENHANCEMENT OF LAW ENFORCEMENT CAPABILITY

1. Cyber Cops:
The "Cyber Cops" program is designed to bolster the existing law enforcement capabilities of the Philippine National Police (PNP) and
the National Bureau of Investigation (NBI). This initiative involves deploying a minimum of one to two forensic investigators and incident
responders to each provincial and regional PNP and NBI command office. These personnel will receive training, both locally and
internationally, in areas such as forensic investigation, incident response, evidence preservation, data recovery and analysis, digital
intelligence, and other relevant courses. This program empowers local law enforcement to effectively combat cybercrime and respond to
digital threats.
2. Establishment of National Forensic Laboratory:
The "Establishment of National Forensic Laboratory" program aims to create a state-of-the-art facility known as the National Computer
Forensic Laboratory (NCFL). This laboratory will serve as a processing center and repository for computer crime evidence. It will not only
support law enforcement operations by processing digital evidence but also conduct training in computer forensics and investigation. The
NCFL is set to become a vital resource for the analysis and preservation of digital evidence in cybercrime cases.
3. Establishment of Regional Forensic Laboratory:
This program focuses on establishing strategically located regional forensic laboratories to provide localized support for law
enforcement units. These regional facilities will play a crucial role in enhancing the forensic analysis and investigative capabilities of
regional law enforcement. By distributing forensic resources across regions, the program ensures that a wider geographical area benefits
from specialized support in handling cybercrime cases.
4. Capacity-Building for Judges and Prosecutors:
The "Capacity-Building for Judges and Prosecutors" program is centered on providing comprehensive training for judges, prosecutors,
and lawyers. The training is designed to equip legal professionals with the skills and knowledge necessary for effectively handling cases
involving cybercrimes. By enhancing the understanding and competence of the judiciary and prosecution in cyber-related legal matters,
this program aims to ensure the fair and efficient administration of justice in the realm of cybersecurity.

V. EVALUATION
Multiple Choice: Select the correct answer by marking the letter (A, B, C, or D) on your answer sheet. Please ensure that you review your
choices before submitting your responses. Good luck!

1. Who are the primary law enforcement agencies responsible 7. When would law enforcement authorities request an
for implementing cybercrime laws in the Philippines? extension of data preservation?
A. Department of Justice (DOJ) A. Never
B. National Bureau of Investigation (NBI) and Philippine B. When they have time
National Police (PNP) C. Under specific circumstances
C. Cybercrime Investigation and Coordinating Center D. Every six months
D. Department of Cybersecurity
8. What is the notification requirement for preserving computer
2. What is the primary responsibility of dedicated cybercrime data used as evidence?
units or centers within law enforcement agencies? A. Notify the service provider directly
A. Handling all types of criminal cases B. No requirement for notification
B. Investigating only physical crimes C. Furnish the transmittal document to the Office of the
C. Focusing on violations of cybercrime laws Prosecutor
D. Handling financial crimes D. Notify the court

3. Why is international cooperation essential in addressing 9. What is the primary reason for keeping orders to preserve
cyber threats? computer data confidential?
A. To share cyber attack techniques A. To protect sensitive data
B. To create global cyber policies B. To maintain the integrity of investigations and legal
C. Cyber threats have no international impact proceedings
D. Given the global nature of cybercrimes C. To avoid legal complications
D. To speed up the process
4. What information is typically included in traffic data?
A. Content and identities 10. How soon after the warrant's expiration should examined
B. Origin, destination, route, time, date, and more computer data be deposited with the court?
C. Subscriber names and addresses A. Within 48 hours
D. Social media posts B. Within 7 days
C. Within 30 days
5. What's an example of traffic data? D. Immediately
A. The content of an email
B. The website's IP address 11. What is the purpose of sealing the package containing
C. The subscriber's name examined computer data?
D. The entire webpage's content A. To hide the data from law enforcement authorities
B. To protect the data from unauthorized access
6. Under what condition is a court warrant required for data C. To destroy the data
collection beyond traffic data? D. To ensure the data is never used
A. Always required
B. Only when collecting traffic data 12. Who provides the affidavit accompanying the deposited data
C. For any form of data collection in a sealed package?
D. Any data collection or seizure beyond traffic data A. The suspect
B. The court
C. The law enforcement authority who executed the warrant

Page 4 of 5
 MAKILALA INSTITUTE OF SCIENCE AND TECHNOLOGY
COLLEGE OF CRIMINAL JUSTICE EDUCATION
BACHELOR OF SCIENCE IN CRIMINOLOGY

CRIMINOLOGY DEPARTMENT
_________________________________________________________________________________________________
D. The victim
23. How long after the expiration of a search and seizure
13. What is the significance of the certification of no duplicates? warrant should examined computer data be deposited with the
A. To ensure the data is never duplicated court?
B. To confirm that no duplicates or copies have been made A. Within 24 hours
C. To create additional copies of the data B. Within 7 days
D. To share the data with the court C. Within 30 days
D. Within 48 hours
14. When can the package containing examined data be opened
and the recordings replayed? 24. What is the Exclusionary Rule?
A. Immediately after deposition A. A rule that allows all evidence in court proceedings, even if
B. After a court order obtained unlawfully
C. After 30 days B. A rule that excludes all evidence from court proceedings if
D. At the discretion of law enforcement authorities obtained without a valid warrant or beyond the authority of the
warrant
15. In what circumstances can the court grant access to C. A rule that allows evidence obtained without a warrant
examined data? D. A rule that allows evidence obtained without due process
A. Upon law enforcement authority's request
B. Without a motion 25. What is the consequence of noncompliance with orders from
C. Upon request of any interested party law enforcement authorities under Presidential Decree No.
D. Upon motion, with due notice and an opportunity to be 1829?
heard A. Fine of PHP 10,000
B. Community service
16. What is the purpose of the Exclusionary Rule? C. No consequences
A. To admit all evidence without scrutiny D. Imprisonment of prision correctional in its maximum
B. To exclude all evidence from court proceedings period
C. To admit evidence obtained without a valid warrant
D. To exclude evidence procured without a valid warrant

17. What is the consequence of noncompliance with the orders

from law enforcement authorities?
A. No consequences
B. Warning letter
C. Imprisonment of 6 years and 1 day to 6 years
D. Fine of PHP 10,000

18. What is the penalty for noncompliance with an order issued

by law enforcement authorities under Presidential Decree No.
1829?
A. Warning
B. Fine of PHP 1,000
C. Imprisonment of prision correctional in its maximum
period
D. Community service

19. Law enforcement authorities are obligated to provide various

types of reports, including pre-operation plans, post-operation
summaries, and investigation results, and submitted to whom?
A. The Department of Justice (DOJ)
B. The Cybercrime Investigation and Coordinating Center
C. The National Bureau of Investigation (NBI) and the
Philippine National Police (PNP)
D. The Department of Cybersecurity

20. What type of data is typically considered traffic data, and

what does it include?
A. Traffic data includes content and identities.
B. Traffic data pertains to the communication's origin,
destination, route, time, date, size, duration, or type of
underlying service, but not content or identities.
C. Traffic data includes detailed content.
D. Traffic data includes subscriber information.

21. Under what conditions can a court warrant be issued for

data collection beyond traffic data?
A. A court warrant is always required for any data collection.
B. A court warrant is never required for data collection.
C. A court warrant can be issued based on specific
conditions, including reasonable grounds to believe a crime has
been, is being, or is about to be committed, and no other readily
available means exist for obtaining the evidence.
D. A court warrant can be issued without any specific
conditions.

22. What is the primary reason for keeping orders to preserve

computer data confidential?
A. To protect sensitive data
B. To speed up the investigation
C. To maintain the integrity of investigations and legal
proceedings
D. To prevent the suspect from knowing about the
investigation

Page 5 of 5