CYBERCRIME LAW IS UNCONSTITUTIONAL
By
SENATOR MIRIAM DEFENSOR SANTIAGO
(Keynote speech, Part 1, at the inter-university conference on business economics
at Adamson University Theatre on 6 October 2012.)

The prefix "cyber" relates to the culture of computers, information technology, the internet, and virtual reality. The term "cybercrime" refers to criminal activities carried out by means of computers or the internet.

Just like any other human activity, the internet carries with it new avenues of illegal behavior. The internet makes it easier to commit certain crimes, such as dissemination of pornography, copyright infringement, and defamation. The internet also gives rise to crimes exclusive to the internet, such as computer hacking and misuse. And the internet can make certain crimes complicated, because they could be illegal in some countries, but not in others.

Computer misuse was dramatically demonstrated in 2000, when a Filipino hacker attacked and destroyed data in 45 million computers. He created a virus that the media called the "Love Bug," because it used the subject line "I love you" in the emails that carried it. The estimated cost in damages was $10 billion. The Filipino was never punished, because the Philippines at that time had no law criminalizing computer misuse.

Accordingly, in 2001, the Council of Europe drafted the Cybercrime Convention in Budapest. The Philippines is not yet a party to this treaty. If we become a party, the Philippines would be duty-bound to adopt a Cybercrime Prevention Act. But the Philippine Congress has already anticipated future global pressure to end computer abuse.

In the United States, there are several laws to protect the public from computer misuse, notably the Computer Fraud and Abuse Act (18 U.S.C. 1030) and the 1996 Telecommunications Act (Sec. 230). Although the U.S. considers internet gambling to be illegal, this year three bills were filed to legalize internet gambling in America.

As economics and business students, you are already aware that cybercrime works to prejudice ecommerce. Companies with online operations are subject to credit card fraud, identity theft, phishing, and intellectual property crimes. Cybercriminals continue to negatively impact ecommerce.

In short, in today's world, cybercrime prevention is a necessity. This is why I was active during the interpellation and amendment periods of the Cybercrime Prevention Act. Unfortunately, I was absent because of hypertension, during the voting period.

In my humble opinion, the law as presently worded is unconstitutional.

In our Constitution, freedom of speech occupies a preferred position. In his immortal argument for a "marketplace of ideas," the great Justice Holmes wrote: "They may come to believe . . . that the ultimate good desired is better reached by free trade in ideas - that the best test of truth is the power of the thought to get itself accepted in the competition of the market . . . ." In fact, the constitutional provision, on the surface, sounds absolute: "No law shall be passed abridging the freedom of speech." I humbly submit that while the general rule is that a law is presumed to be constitutional, there is an exception when the law limits free speech. In that case, the law is presumed to be either neutral, or presumed to be unconstitutional. Because it limits free speech, the Cybercrime Act begins with a presumption of unconstitutionality.

The Cybercrime Act is a law that dangerously limits the growth of the marketplace of ideas. Therefore, it is presumed to be unconstitutional. But in addition, the law is unconstitutional, because it uses language that is overbroad, and language that is too vague. In other words, it violates the overbreadth doctrine and the void for vagueness doctrine in constitutional law.

The overbreadth doctrine holds that if a law is so broadly written that it deters free expression, then the Supreme Court will strike it down in its face, because of its chilling effect. The vagueness doctrine refers to a law that provides a punishment without specifying what conduct is punishable, and therefore the law is void because it violates due process.

Among the provisions of the Cybercrime Act that are too broad or too vague are:

Sec. 4 para 4. It makes libel a cybercrime, if committed online;

Sec. 5. It punishes any person who aids or abets the commission of any cybercrime, even if it is only through Facebook or Twitter;

Sec. 6. It adopts the entire Penal Code, if the crime is committed by the use of information technology, but the penalty shall be one degree higher;

Sec. 7. It makes the same crime punishable, both under the Penal Code and the Cybercrime Act;

Sec. 19. It authorizes the Department of Justice to issue an order to restrict access to computer data which is found to be prima facie in violation of the new law. Sec. 19 is called "the takedown clause."

For these reasons, I humbly predict that the Supreme Court will strike down the Cybercrime Act as unconstitutional. Otherwise, it will be a black, black day for freedom of speech.