THE OLIVAR CASE
The Olivar case may be summed up this way –
* Drew Olivar posted in his Facebook page that a bomb may go off on September 21
* Bomb-scare jokes are criminalized by PD No. 1727
* Olivar and Mocha Uson were invited to the Philippine National Police, where Olivar apologized for his Facebook post
*The PNP filed a criminal complaint with the Department of Justice for violation of PD No. 1727
*The DOJ declined to accept the complaint because, reportedly, the PNP did not include the IP address of Olivar as part of its evidence.
Questions:
1. Did Olivar commit a cybercrime? If yes, what is the nature of the cybercrime?
2. Is the Department of Justice correct in rejecting the complaint filed by the PNP on the ground that it did not include as evidence the IP address of Olivar?
3. Is an IP address required as evidence in a complaint for violation of PD 1727 using social media, specifically Facebook?
4. How does one build a case for a criminal complaint for an offense committed by means of social media?
5. How is the Olivar case different from the former flight stewardess who emailed a bomb threat to an airline?
Q: Did Olivar commit a cybercrime? If yes, what is the nature of the cybercrime?
A: Section 4 of Republic Act No. 10175 defines and penalizes cybercrimes, which are categorized as follows --
1. Offenses against the confidentiality, integrity and availability of computer data and system, specifically: illegal access, illegal interception, data interference, system interference, misues of devices, and cyber-squatting.
2. Computer-related offenses, specifically: computer-related forgery, computer-related fraud, and computer-related identity theft.
3. Content-related offenses, specifically, cybersex, child pornography, unsolicited commercial communications, and libel.
Section 5 of the same law also penalizes aiding or abetting in the commission of a cybercrime, as well as attempt to commit a cybercrime.
Violation of PD 1727 is not one of those acts defined by RA No. 10175 as a cybercrime. Hence, strictly speaking, a bomb-scare joke such as the Facebook post of Olivar is not a cybercrime.
But, it will be asked, he posted the bomb-scare joke on Facebook; Facebook has no physical manifestation and resides solely in cyberspace and in the interfaces we call computers and smartphones. Is it not logical that it should be called a cybercrime?
Unfortunately, criminal law is such that if a behavior or misbehavior – be it in the real world or in cyberspace – is not defined by the Legislature as a crime, then it is not.
How, then, to characterize a bomb-scare joke posted on Facebook? Or on Twitter? Meaning, in cyberspace?
Orin Kerr, an authority on computer crime law in the United States, says this --
“There are two reasons to label criminal conduct a computer crime. First, an individual might use a computer to engage in criminal activity. Second, the evidence needed to prove a criminal case might be stored in computerized form. The law governing use of a computer to commit a crime is substantive computer crime law, because it concerns the scope of substantive conduct that has been criminalized. The law governing the collection of computer evidence is procedural computer crime law, because it concerns the legal procedures investigators can use to collect digital evidence in criminal investigations.”
Kerr then categorizes substantive computer crime law into two – computer misuse crimes, and traditional crimes. Computer misuse crimes are those that can be committed only with the use of computers; for example, hacking offenses, introduction of malware, and denial-of-service attacks. These are what may be called as pure cybercrimes.
Traditional crimes, however, may also be committed with – but not necessarily only by – the use of computers. The examples Kerr cites are Internet fraud schemes, online threats, distribution of child pornography images, and theft of trade secrets.
Olivar’s Facebook post, if it qualifies as a crime for violating PD No. 1727, may thus be considered as a computer crime of the second category – i.e. a traditional crime that has been committed with the use of a computer.
Q. Was the Department of Justice correct in not accepting the complaint filed by the PNP on the ground that it failed to include the IP address of Olivar as part of the evidence that it submitted?
A. Procedurally speaking, it would not be correct for a prosecutor to not accept a complaint on the ground of insufficient evidence. When a complainant, by himself or by through a lawyer, goes to the docket section, the receiving clerk checks only if the formalities have been observed – complaint-affidavit and affidavits of witnesses properly sworn to, attachment/s are truly attached, etc. The receiving clerk does not determine whether or not the evidence submitted are sufficient. The complaint and its attachments (whether complete or incomplete) should have been stamped received and docketed accordingly. Only when the complaint has been assigned to the investigating prosecutor will the sufficiency or insufficiency of the evidence submitted be determined.
Q. Is the IP address of a respondent in an alleged violation of PD 1727 (or cyberlibel or cyberthreats) posted on Facebook necessary?
A. What the hell is an IP address? And what role does it play in the investigation and prosecution of, in this case, an alleged violation of PD 1727?
An IP (or Internet Protocol) address is a number assigned to a computer whenever it connects to the Internet. Without an IP address, the other computers connected to the Internet (providing services such as email, websites, etc.) would not know where to send the information you requested.
At this very moment, I googled my IP address and it gave me this information: my ISP is Skycable, and the physical location of my IP address in Quezon City in the Province of Batangas. Google got my ISP and my city correct, but not my province/region.
Why is that? Because the IP address which Google traced is the IP address of my Internet Service Provider and its server is located in Batangas. Which means additional steps have to be taken to determine my exact location. But let us go into that another time.
An IP address is important, therefore, in determining the location of the particular computer which is the source of the offending material posted on Facebook or Twitter. And when law enforcement locate that particular computer in its physical location then, in all likelihood (but not at all times), the person or persons living/working in that physical location is the one who posted the offending material.
In sum, an IP address would be vital if the investigators (and the prosecutors) need to locate and identify who posted the offending material on Facebook. This would specially be true if the person who posted it created a persona/avatar on Facebook or Twitter different from his name and real identity. It could be that he assumed the name of another living person, or it could be that he just invented a new name for himself. In which case, an IP address would be necessary.
In the Olivar case, however, it is no longer necessary to establish his identity and his location. His public apology in the presence of police authorities and on mainstream media is an admission that it was he who posted the “bomb-scare joke” on his Facebook page. Such public apology may also be characterized as part of the res gestae, a spontaneous declaration by Olivar after the outrage of his FB post. To require an IP address would be superfluous.
[This also answers Question No. 4, above.]
Q. How is the Olivar case different from the former flight stewardess who emailed a bomb threat to an airline?
Olivar posted on his Facebook page with thousands of followers. In short, his post was very much public. And his FB page is identified with himself and no one else. Anyone of his followers could take a screenshot and be a witness to what he posted.
In an American case decided by the US Court of Appeals for the Eleventh Circuit, this was how the court recounted the investigation done on a person accused of recruiting for ISIS on Facebook:1
In March of 2015, Suarez created a Facebook account under the name “Almlak Benitez.” He used it to post ISIS propaganda, to request help in building bombs, and to invite others to join him as a brother of the Islamic State. The FBI received a tip about the Benitez profile and linked the Benitez profile to Suarez. The FBI then used a confidential source named “Mohammed” to become Facebook “friends” with Suarez.
Suarez and Mohammed engaged in numerous Facebook, phone, and text message conversations. During these discussions, Suarez expressed his intention to attack the United States and his desire to recruit others to join him. He told Mohammed that he had already obtained two handguns and a bulletproof vest, and that he was looking to obtain a long gun. He asked if Mohammed knew how to make bombs.
Suarez and Mohammed also met in person. During one meeting, they went to a pawn shop in Key West to pick up an AK-47 rifle that Suarez had ordered. But because Suarez had incorrectly filled out the paperwork by indicating that he was buying the gun for someone else, he was not allowed to take possession of the gun. Afterwards, the pair began to make ISIS recruitment videos. Suarez dictated the script, which Mohammed transcribed. Suarez—dressed in a black tactical vest, a black shirt, a black face mask, and a yellow and black scarf—read the script while Mohammed recorded.
That the same for the former flight stewardess. The email was not a public post, hence no law enforcement (or an agent of law enforcement) could engage him in FB conversations. The method of investigation would, naturally, be different. But it would necessarily involve investigating the email account (in this case, reportedly Yahoo Mail) and the Internet Service Provider through which she connected to the Internet.
Those familiar with digital forensics know how to trace a particular email, including the other computers in the Internet which bounced the packets of information until these packets re-formed at the final destination, i.e. the email addressee.
Depending thus on the mode of commission – was it through social media or was it through email – the investigation would take different forms. In the case of the emailed bomb threat, a search warrant would have been needed in order to seize the computer or smartphone used to send the email after tracing the IP of the ISP and, ultimately, the ISP subscriber. In a social media post, there may be no need for a search warrant because such posts are (unless otherwise controlled through privacy settings) usually public and, therefore, with no expectation of privacy.
1For those interested in reading the entire case, please go to: http://media.ca11.uscourts.gov/opinions/pub/files/201711906.pdf
