The Philippines’ first and only industry magazine that deals with safety and security matters pervading the environment today.

Cyber Information Access Without Court Order Is Another Story

Filipinos might have been alarmed by the latest revelation of Samuel Pagdilao Jr., the Director General of Criminal Investigation and Detection Group (CIDG), that the CIDG can look into Internet traffic data even without a court order on hand. But it is worth further scrutiny to learn whether or not people have got something to fear from such a provision.

Chapter IV Section 12 Paragraph 1 of the Republic Act 10175, also known as Cybercrime Prevention Act of 2012, said that “Law enforcement authorities, with due cause, shall be authorized to collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system.”

While it seems that everything revealed by the CIDG Dir. Gen. Pagdilao has been covered by the provision, he might have left out the essential phrase “with due cause.” Would “prospective complaints” constitute “due cause,” and justify the collection of cyber traffic data?

Chief Robert Reyes of CIDG’s Anti-Transnational and Cybercrime Division, however, was quoted saying in an Inquirer News report, “we work only based on complaints filed. We cannot monitor everyone.”

Unfortunately, the CIDG is in no position to come up with a valid “legal construction” of conditions attached on the provision, especially when the law failed to define—or even elaborate—what “due cause” is.

According to George Malcolm, in his book “Philippine Statutory Construction,” “The one cardinal rule of statutory construction then is to ascertain and give an effect to the intention of the law making body.”

By the looks of it, however, legislative intent didn’t shed light on the provision’s condition neither explicitly nor implicitly, but instead ignored the “due cause” component.

Senator Edgardo Angara, the author of the Cybercrime Prevention Act, claimed that “legal authorities can collect traffic data, but only pertaining to size, duration, mode of transmission – not content” in his official website.

Chapter IV Section 12 Paragraph 2 of Republic Act 10175 stated that,  “Traffic data refer only to the communication’s origin, destination, route, time, date, size, duration, or type of underlying service, but not content, nor identities.”

Senator Angara, in his website, nonetheless ensured the public that privacy shall not be encroached along the process of collecting cyber traffic. Further inquiry into the details of certain traffic data may only be permitted once a court warrant, which shall merit investigation, has been secured

Why would the author include the condition “with due cause” if it will only be ignored at the end of the day? Perhaps it would be worthwhile to wait for the “Implementing Rules and Regulations” of the Republic Act 10175 in accordance with the recent plea of Senator Angara and the Malacañang. After all, even the Philippine National Police (PNP) is also waiting for such rules and regulations, with Director General Pagdilao, in an interview with DZBB, admitting that the PNP could not implement the cybercrime law until there are gray areas.

Unfortunately, Senator Teofisto Guingona III, along with some other personalities, could no longer wait for the “Implementing Rules and Regulations” that he already filed a petition before the Supreme Court on September 27, 2012 questioning certain provisions in the Cybercrime Prevention Law.

Does the end justify the means?

As they put it, “what you don’t know won’t hurt you.” Chances are, there are many private companies collecting cyber traffic data other than the CIDG.

Have you been told that Google Adwords has the capability to store traffic data available for online marketing ends? Adwords Remarketing Technique through Google Analytics lets Internet marketers manipulate traffic details to gain sales leads. So don’t get surprised if aggressive ads come popping up on screen from time to time.

In the case of law enforcement authorities, they are likely to use online traffic data for prevention and prosecution of cyber criminals. At least the government gets to justify the act by seeking for a court warrant prior to making further inquiry on traffic details. Not like private entities though.

As for the news that cops may tap on private Skype conversations upon securing a court order, it might not be that bad. Something worse might happen to you—such as getting personal conversations on Skype tapped with hardly any court order.

Dan Gillmor of Guardian News recently reported that, “Occam’s razor strongly suggests that Skype has never been as private as we’ve been encouraged to believe.” He also wrote that, “Skype has always refused to reveal its encryption methods and could now be giving police access to users’ conversations.”

Be that as it may, does cyber crime control justify online privacy encroachment? There’s no doubt that the dilemma on the legality of surveillance at the expense of one’s rights to privacy still persists, although some laws have already set the parameters.

The 1987 Constitution has never been more prepared to respond to such query, particularly the Bill of Rights Section 3 Paragraph 1 that said, “The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.”

Don’t you think it is also high time for authorized surveillance to go online? Besides, the cyber traffic data collection machinery works like the CCTV (closed-circuit television) monitoring system that facilitates efficient post-crime investigation. The only difference is that cyber traffic data collection seems more comprehensive that it can break into private premises as a covert surveillance technique.

Nick Taylor, in his study entitled “State Surveillance and the Right to Privacy,” said that, “There are situations when the state has to intervene in the lives of its citizens, such as to prevent crime, but such intervention must be based on, and restricted by, principled legislation… that not only are covert surveillance practices more tightly controlled, but that overt practices are also adequately regulated.”

With the powerful scope of cyber traffic surveillance, no doubt it calls for responsible operation. Its vulnerability to abuse demands legal safeguards; otherwise, it could be another breeding place of corrupt practices. And that is likely to deviate from the “straight path advocacy” of the Aquino administration, especially when history has always been a testament to many forms of corruption haunting the government to date.