In my lecture tours since last year, I have been requested to dissect the many interesting and complex issues concerning different kinds of cybercrimes for different audiences. I always make it a point to discuss the interconnections between the Cybercrime Prevention Act (R.A. 10175) with the Data Privacy Law (R.A. 10173), both of which were passed in 2012. Since the National Privacy Commission (NPC) was operationalized by the past President only last March 8, 2016, and the Implementing Rules and Regulations for R.A. 10173 are still in the process of being formulated, almost after four years since this law was passed, I have apprised the audiences of the various complications these circumstances have wrought, in the light of several security and data breaches that government agencies and private businesses have suffered, with the personal identifying information of over forty million Philippine registered voters being hacked from the Commission on Elections (COMELEC) database prior to the May 2016 elections, and published on wehaveyourdata.com, a U.S. website, as a most recent reminder that personal data can be lost via official “nincompoopery” and brazen non-accountability.
But a most pressing matter that probably many people would not know about is the LEGALITY of spamming in the Philippines! Yes, Maria, Pedro, Juan, spamming is LEGAL in the Philippines. It was not always so.
R.A. 10175 actually criminalized “The transmission of commercial electronic communication with the use of computer system which seek to advertise, sell, or offer for sale products and services” [Sec.4.c.(3), Chapter II]. The law however made exceptions when spamming is allowed, and these are when any of these conditions are present:
(i) There is prior affirmative consent from the recipient; or
(ii) The primary intent of the communication is for service and/or administrative announcements from the sender to its existing users, subscribers or customers; or
(iii) The following conditions are present:
(aa) The commercial electronic communication contains a simple, valid, and reliable way for the recipient to reject. receipt of further commercial electronic messages (opt-out) from the same source;
(bb) The commercial electronic communication does not purposely disguise the source of the electronic message; and
(cc) The commercial electronic communication does not purposely include misleading information in any part of the message in order to induce the recipients to read the message.
These conditions were placed in the law for the protection of both the recipients and the senders of unsolicited electronic communications.
However, in the February 11, 2014 decision of the Philippine Supreme Court in the consolidated cases of Biraogo v. NBI and PNP, G.R. No. 203299; ALAB NG MAMAMAHAYAG et al. v. Office of the President et al., G.R. No 203306; Adonis et al. v. Exec. Secretary et al., GR 203378; Disini et al v. DOJ Secretary et al., G.R. 203335; Senator Guingona III v. Executive Secretary et al, G.R. No. 203359; Bagong Alyansang Makabayan et al. v. Aquino III, GR 203407; Ateneo Human Rights Center v. Exec. Sec. et al, GR 203440; National. Union of Journalists, PPI, et al, v. Exec. Sec., GR NO. 203454; Castillo, Andres v. DOJ Sec. et al., GR No. 203454; Cruz et al, v. Aquino III, et al., GR 203469; Philippine Bar Association v. Pres. Aquino III, GR NO. 203501; Bayan Muna v. Exec. Sec., GR 203509; National Press Club v. Aquino III, GR 203515; and Philippine Internet Freedom Alliance v. Exec. Sec., et al, GR 203518, ruled that spamming is NOT illegal.
To get the full understanding of how the Supreme Court grasped the issues concerning spam, the relevant three paragraphs of its decision are quoted here:
The Government, represented by the Solicitor General, points out that unsolicited commercial communications or spams are a nuisance that wastes the storage and network capacities of internet service providers, reduces the efficiency of commerce and technology, and interferes with the owner’s peaceful enjoyment of his property. Transmitting spams amounts to trespass to one’s privacy since the person sending out spams enters the recipient’s domain without prior permission. The OSG contends that commercial speech enjoys less protection in law.
But, firstly, the government presents no basis for holding that unsolicited electronic ads reduce the “efficiency of computers.”
Secondly, people, before the arrival of the age of computers, have already been receiving such unsolicited ads by mail. These have never been outlawed as nuisance since people might have interest in such ads. What matters is that the recipient has the option of not opening or reading these mail ads. That is true with spams. Their recipients always have the option to delete or not to read them.
To prohibit the transmission of unsolicited ads would deny a person the right to read his emails, even unsolicited commercial ads addressed to him. Commercial speech is a separate category of speech which is not accorded the same level of protection as that given to other constitutionally guaranteed forms of expression but is nonetheless entitled to protection. The State cannot rob him of this right without violating the constitutionally guaranteed freedom of expression. Unsolicited advertisements are legitimate forms of expression (italics supplied, citations omitted).
This ruling as of now had not been overturned. According to the Philippine Civil Code, the decisions of the Supreme Court form part of the law of the land. Even if this decision is riddled with technical and legal errors, it is the law as far as spamming is concerned.
An interesting development that I discovered in my research on, and advocacies against cybercrime, since 2015 was the Bangko Sentral ng Pilipinas (BSP) Circular issued by the BSP Deputy Governor, Nestor Espenilla Jr., last March 25, 2015, which was Memorandum Circular No. -M2015-017. It had the title “Prohibition against push messages or commonly known as unsolicited text messages”.
Banks and their subsidiaries were reminded by this BSP Circular of Sec. 4 of R.A. 10175 or the Cybercrime Prevention Act concerning the criminalization of spamming or sending unsolicited commercial messages as well as several National Telecommunications Commission’s (NTC) pronouncements including Memorandum Circular No. 03-03-2005 A, dated July 3, 2006, as amended by NTC MC No. 04-07-2009 dated July 7, 2009 on this subject. The BSP Circular even stated that the NTC circulars “protects and promotes the interest of the subscribers/end-users of public telecommunications entities (PTEs) by prohibiting content and/or information providers (CP) from sending and/or initiating push messages. A subscriber who wants to avail the services of the CPs and/or PTEs may send his written consent through correspondence, text message, internet or other similar means of communication to the PTE.”
Finally, the Circular stated that the Banks “shall remain responsible for all the violations of the aforementioned regulations and law committed by their outsourced agency/personnel”.
I apprised the lawyers and employees of the Bank of Philippine Islands in my August 3, 2016 lecture for them sponsored by the BPI LEADr and the BPI University, as well as the lawyers and foreign service officers of the Department of Foreign Affairs, last August 12, 2016 and the lawyers who attended my lecture for the UP IAJ last August 15, 2016, of this matter.
It seems apocryphal, even downright scandalous, that the BSP which has over 200 lawyers in its employ could miss the February 11, 2014 decision of the Supreme Court legalizing spamming, or the “push messages” which it viewed as “criminal” citing the same provision of R.A. 10175 which the Supreme Court struck down as illegal. In the decretal portion of the Supreme Court’s decision, the court even stated:
WHEREFORE, the Court DECLARES:
1.VOID for being UNCONSTITUTIONAL:
a. Section 4(c)(3) of Republic Act 10175 that penalizes posting of unsolicited commercial communications.
Adding to the confusion is the monumental oversight by the NTC in not coming up with a clear guideline [after February 11, 2014 and up to now] that will construe and implement the Supreme Court decision for the telecommunication companies.
This is a very important issue that affects not merely the telecommunication companies, but all Philippine net denizens, whose personal identifying information could have been compromised due to some vicious spamming attacks. More on Part 2 of this series.