Lesson Objectives
At the end of this lesson, learners should be able to identify the major categories of cybercrime offenses and explain why the law organizes them into different groups.
A Structure That Makes the Law Easier to Understand
RA 10175 may appear intimidating because it contains legal definitions, investigative provisions, penalties, and technical language. It becomes easier to understand when its principal offenses are organized into three broad groups.
The first group covers offenses against the confidentiality, integrity, and availability of computer data and systems. These offenses directly attack accounts, data, devices, networks, or computer services.
The second group consists of computer-related offenses. These are familiar forms of deception or falsification that are carried out by manipulating computer data or systems.
The third group originally consisted of content-related offenses, where the unlawful conduct concerns material communicated, displayed, distributed, or published through digital technology. However, this group must now be understood together with later Supreme Court rulings and newer legislation.
Confidentiality, Integrity, and Availability
The first category uses three words that frequently appear in cybersecurity discussions: confidentiality, integrity, and availability. Together, these are sometimes called the CIA triad. Here, “CIA” does not refer to an intelligence agency. It is simply an abbreviation formed from the first letters of the three concepts.
Confidentiality means that information is seen or accessed only by persons who are authorized to receive it. If someone secretly reads private messages or copies confidential records, confidentiality may be violated.
Integrity means that data remains accurate, complete, and unaltered except by authorized action. If someone changes grades, transaction figures, names, or official records without permission, the integrity of the data may be damaged.
Availability means that a system or information remains accessible and usable when authorized users need it. If an attacker overwhelms or damages a service so that employees or customers cannot use it, availability may be affected.
These principles help explain why some cybercrimes do not involve financial theft. Secretly viewing information, altering data, or preventing legitimate access can independently cause serious harm.
Computer-Related Offenses
Computer-related offenses involve the use or manipulation of computer data to commit forgery, fraud, or identity theft.
These crimes may resemble traditional offenses, but the method is digital. Instead of physically altering a paper document, an offender may change an electronic file. Instead of presenting a handwritten false identity, the offender may use stolen account details, altered digital records, or another person’s personal information.
Technology increases the speed and scale of such conduct. A single false electronic document may be sent to many victims, and stolen identity information may be used across several platforms.
Content-Related Offenses and Important Legal Changes
Content-related offenses concern material communicated or published through computer systems. The original text of RA 10175 included provisions on cybersex, child pornography, unsolicited commercial communications, and libel committed through a computer system.
However, learners should not treat the original 2012 list as if no legal developments occurred afterward.
The Supreme Court declared the original provision on unsolicited commercial communications unconstitutional in Disini v. Secretary of Justice. The Court also reviewed other provisions and limited the application of certain parts of the law.
In addition, Republic Act No. 11930, enacted in 2022, expressly repealed the original cybersex provision under Section 4(c)(1) of RA 10175 and repealed RA 9775. The present specialized framework uses the terms Online Sexual Abuse or Exploitation of Children, or OSAEC, and Child Sexual Abuse or Exploitation Material, or CSAEM.
Cyber libel remains a legally recognized offense, although its application requires the elements of libel and the use of a computer system or ICT. The Supreme Court has explained that RA 10175 did not invent an entirely separate defamatory act; rather, it recognized ICT as a means through which libel under the Revised Penal Code may be committed and imposed the corresponding legal consequences.
Why Categories Matter
The categories determine what the prosecution must establish.
For illegal access, the issue is whether a person entered a computer system without right. For computer-related fraud, the issue involves dishonest manipulation or interference that causes damage with fraudulent intent. For cyber libel, the issue concerns the publication of defamatory material through a computer system together with the legal elements of libel.
It is therefore incorrect to treat every cybercrime as “hacking.” The act must be examined according to its specific nature.
Professional and Practical Relevance
When an incident happens, organizations should describe the actions separately instead of using a vague label.
Rather than saying only, “We were hacked,” an incident report should explain that an unknown user entered an account, downloaded customer records, changed payment instructions, and sent messages using the compromised identity.
A detailed description helps technical personnel, management, law enforcement, and legal advisers determine which offenses, security failures, and evidence may be involved.
Key Takeaways
- RA 10175 groups offenses according to the nature of the unlawful conduct.
- Confidentiality protects secrecy, integrity protects accuracy, and availability protects access and usability.
- Computer-related offenses include digital forms of forgery, fraud, and identity theft.
- The original content-related provisions must be read together with Supreme Court rulings and later legislation.
- One incident may involve several distinct actions and possible offenses.