MEMORANDUM

To : AAV

From : PTC

Date : April 7, 2014

Re: : Criminal and Civil Liability of Briony Els and Gunther McAvoy

Facts:

Briony Els, a 32-year old college drop-out from University of Northern Manila (UNM)

created a computer system application called PostMe, inspired by the Secret Files Facebook

pages. The Facebook Secret Files works in a way wherein those people who want to post secrets

or almost anything will send their posts to an anonymous person who will later on publish this

to the Secret Files Facebook page. This application guarantees the anonymity of the original

author of the post. The PostMe application works in the same manner, however unlike the

Facebook Secret Files, it does not have a gatekeeper. The account holders or the original author

of the posts may directly post on the social networking site, without Els’ intervention, where only

other account holders can see them. Likewise, the PostMe application promises that all the posts

made by the account holders will be deleted from the site 24 hours after posting. However, these

posts may be made permanent by allowing other account users to do the “Print Screen” option

before the post is deleted. It is to be understood that Els sent an invite to some of the students of

UNM, a university which has around 5,500 students. It then became viral and other students from

different schools created their own accounts. All kinds of secrets were posted and published on

the site. There are scandalous and derogatory posts as well as innocent and mundane ones.

With the intervention of Gunther McAvoy, Els’ long-time partner, the identities of the

PostMe users were revealed. Having suspicions about Els’ faithfulness, McAvoy tinkered with

Els’ PostMe account to know if she posted anything with regard to infidelity. As a consequence,

all the e-mail and usernames of the PostMe account holders were published on everyone’s

PostMe feed. Some of the users were traced and identified. A PostMe Revealed Facebook page

was then created by an unknown person where all the secrets and identities of the PostMe users

were exposed. This page was later on shut down after three days of operation. All these

circumstances clearly show the vulnerability of the PostMe application to knowledgeable hackers

or those knowledgeable on software engineering – meaning, it can easily be hacked. Also, it is to

be noted that the said application was still in the testing phase as it became viral.

As a further consequence, the identity of a PostMe user named, Dorian Flaherty was

revealed. Dorian posted derogatory remarks against his father’s sexual orientation using the

PostMe application. His father plans to sue him for this.

Issues:
 1. The Civil Code of the Philippines necessitates that a person must exercise due

diligence in performing an obligation. If not, he shall be liable for negligence resulting

to breach1. With this, can we say that Briony Els exercised due diligence in securing

the anonymity of the account holders?

2. Our criminal laws2 punish those who maliciously publish defamatory remarks against

a particular person to put the latter’s reputation in danger. Does Briony Els have a

criminal liability for providing the software application that is used by Dorian

Flaherty to post the allegedly libelous words against his father?

3. Our law3 punishes the one who causes the publication of allegedly libelous words

against a person. Also it is unlawful to seize a person’s documents for the purpose of

knowing the latter’s secrets4. Having said this and based on the facts provided, is

Gunther McAvoy criminally liable? What are his possible criminal and civil liabilities?

Discussion:

I. Briony Els is civilly liable under article 1170

of the Civil Code of the Philippines.

Briony Els, the creator of the PostMe application has an obligation to secure the anonymity

of the identities of its users. There is no doubt that she offered the service, and the users accepted

the terms of its use. The users published their posts knowing that the same will remain

anonymous as guaranteed. Article 1170 of the Civil Code of the Philippines states, “Those who

in the performance of their obligations are guilty of fraud, negligence, or delay, and those who in

any manner contravene the tenor thereof, are liable for damages”. Briony Els was negligent as

she failed to exercise the due diligence required by law. The last paragraph of Article 1173 of the

Civil Code provides, “if the law or contract does not state the diligence which is to be observed

in the performance, that which is expected of a good father of a family shall be required”.

Diligence of a good father of the family is the diligence of an ordinary person in a given

circumstance. If one acts below this standard, he or she is guilty of negligence 5. To exercise

diligence of a good father, Briony Els should have made sure that the application is not vulnerable

enough to online hackers known as “cyber criminals”. It is said that “social engineering is a tactic

1 CIVIL CODE, art. 1170

2
REVISED PENAL CODE, art. 353 in rel. to Rep. Act. No. 10175, § 4 (4). This is the Cybercrime Prevention
Act of 2012.
3
REVISED PENAL CODE, art. 360 in rel. to Rep. Act. No. 10175, § 4 (4). This is the Cybercrime Prevention
Act of 2012.
4
REVISED PENAL CODE, art. 290
5
ARTURO TOLENTINO, COMMENTARIES AND JURISPRUDENCE ON THE CIVIL CODE OF THE PHILIPPINES 124
(1960).
used by cyber criminals that uses lies and manipulation to trick people into revealing their

personal information”6.

Briony Els spread the application in a large number of students of UNM while it is still in

the testing phase. With this, she had to make sure that the control of the application will only be

in her hands. This conveys that she should secure the location files of the e-mail addresses and

usernames of the account holders. Gunther McAvoy, whom we think did not have enough

knowledge on software engineering and just tinkered on Briony’s PostMe account, caused the

revelation of the users’ identity. Had Briony properly secured the files that contain the users’

identities and provided mechanisms to lock them up, this consequence should have been

avoided. If the PostMe application is vulnerable to someone who just fiddled on it in the person

of Gunther McAvoy, what more to those who have sufficient knowledge on software engineering

and really intended to maliciously reveal the users’ identities? Having said this, Briony Els failed

to exercise the proper diligence required by law in securing the anonymity of the PostMe users.

II. Briony Els has no criminal liability

The Cybercrime Prevention Act of 2012 punishes those who publish online derogatory

remarks against a particular person7. The Supreme Court decision8 on the constitutionality of the

said statute emphasized that the original author of the post shall be the only one responsible to

the crime. However according to the first two paragraphs of Article 360 of the Revised Penal

Code:

Any person who shall publish, exhibit, or cause the publication or

exhibition of any defamation in writing or by similar means, shall be

responsible for the same.

The author or editor of a book or pamphlet, or the editor or business

manager of a daily newspaper, magazine or serial publication, shall be

responsible for the defamation contained therein to the same extent as if he

were the author thereof.

It is said that one cannot excuse himself from liability although he did not participate in the

preparation of the libelous article. Even the manager of the publishing company can be held liable

because it is the manager’s responsibility to check first the contents of the company’s papers

before publishing9. In Smith v. Utley10 it was said that “an editor or manager of a newspaper, who

has active charge and control of its management, conduct, and policy, generally is held to be

equally liable with the owner for the publication therein of a libelous article”. Furthermore, in

6
Carnegie Mellon University, How Cyber Criminals Operate, at
http://www.carnegiecyberacademy.com/facultyPages/cyberCriminals/operate.html (last visited April 1,
2014).
7
Rep. Act. No. 10175, § 4 (4). This is the Cybercrime Prevention Act of 2012.
8
Disini, Jr. v. Secretary of Justice, GR No. 203335, Feb. 18, 2014.
9
LUIS B. REYES, THE REVISED PENAL CODE: CRIMINAL LAW 1034 (18th ed. 2012).
10
92 Wis 133, 65 NW 744 (1896).
Faulkner v. Martin11 it was mentioned that “it is immaterial whether or not the editor or manager

knew the contents of the publication”. It is to be noted that websites can now be considered in

addition to books, pamphlets, newspaper, magazines or serial publication as a tool in the crime.

This is because of the provision12 in the Cybercrime Prevention Act that includes online contents

as a means in committing crimes under the Revised Penal Code.

Briony Els cannot be held liable under the criminal provisions mentioned in the preceding

paragraph. First, she is not the original author of the said derogatory remarks; second, she did

not cause the publication of the post in question; and third, although she can be considered as the

manager of the application, it is impossible for Briony Els to have full control of the posts

published by all the users at all times. As stated on the facts, the PostMe application, unlike the

Facebook Secret Files, has no gatekeeper. The users can publish posts using their respective

accounts anytime they want. They can publish directly on their walls and let their posts be seen

on others’ PostMe newsfeed. Managing social networking sites is far from managing newspapers

or other printed materials. Social networks “are suffering from scaling issues, as a result, their

sites have a great deal of downtime or latency. The complicated applications will only increase in

intricacy as more users are added13”. The previous statement illustrates how managing social

networking sites can be so difficult, especially when more and more users come in. These sites

shut down because of the bulk of data they are receiving and often, managers cannot see all the

contents at once. With this, Briony Els cannot be held liable for online libel.

III. Liability of Gunther McAvoy

As seen on the discussion above, Article 360 of the Revised Penal Code punishes the

person who publishes, exhibits, or causes the publication of the libelous remarks. In online libel

or libel per se, one of its elements is the publication with malice. Malice here is presumed. “When

the imputation is defamatory, the prosecution or the plaintiff need not prove malice on the part

of the defendant. The law presumes that the defendant’s imputation [or publication] is

malicious14”.

On whether Gunther McAvoy, by causing the publication of the libelous remarks made

by Dorian, is guilty of online libel, I say that he can be considered as such. It was he who was

responsible for the revelation of Dorian’s identity. As a result, Dorian’s father was also identified

with the defamatory remarks posted by his son. As stated in the preceding paragraph, in causing

the publication of the libelous words, malice is presumed. Gunther McAvoy may be liable under

this principle and the burden of proving otherwise is in him.

However, the facts states that the posting of the e-mail addresses and usernames of the

PostMe account holders was done by Gunther while he was tinkering on the PostMe account of

11
133 NJL 605, 45 A2d 596 (1946).
12
Rep. Act. No. 10175, § 6. This is the Cybercrime Prevention Act of 2012.
13
Jeremiah Owyang, The Many Challenges of Social Netwrok Sites, at http://www.web-
strategist.com/blog/2008/02/11/the-many-challenges-of-social-networks/ (last visited April 1, 2014).
14
LUIS B. REYES, THE REVISED PENAL CODE: CRIMINAL LAW 997 (18th ed. 2012).
Briony Els due to suspicions on the latter’s infidelity. With this, the element of publishing with

malice can be scrapped. If this is the case, Gunther McAvoy cannot be considered liable for online

libel. He can only be charged under Article 2176 of the Civil Code which says:

Whoever by act or omission causes damage to another, there being fault or

negligence, is obliged to pay for the damage done. Such fault or negligence, if

there is no pre-existing contractual relation between the parties, is called a

quasi-delict and is governed by the provisions of this Chapter.

Gunther McAvoy has no contractual obligation with the PostMe users whose identities were

exposed. In tinkering with Els’ account, Gunther McAvoy acted negligently that caused damage

to the users.

Furthermore, Gunther McAvoy is liable under the Cybercrime Prevention Act on illegal

access15. Under the law, illegal access is “the access to the whole or any part of a computer system

without right.” By secretly meddling on the PostMe account of Briony Els, McAvoy should be

held criminally liable. Likewise, he is liable under the Cybercrime Law for the act of Data

Interference. Data Interference is “The intentional or reckless alteration, damaging, deletion or

deterioration of computer data, electronic document, or electronic data message, without right,

including the introduction or transmission of viruses16”. The facts of this case made it clear that

Gunther McAvoy recklessly altered and damaged the PostMe application which is considered as

a computer data. When the users’ e-mail addresses and usernames were posted, the application

is considered damaged.

The Cybercrime Prevention Act of 201217 included online materials as means of

committing crimes under the Revised Penal Code. Thus, Gunther McAvoy shall also be liable

under Article 290 of the Revised Penal Code or discovering secrets through seizure of

correspondence. Its first paragraph states:

The penalty of prision correccional in its minimum and medium periods

and a fine not exceeding 500 pesos shall be imposed upon any private

individual who, in order to discover secrets of another, shall seize his

papers or letters and reveal the contents thereof.

This particular provision applies to seizing of online documents to discover secrets of an

individual. It is just that in Cybercrime, the penalty is higher by one degree than that prescribed

by the Revised Penal Code, as amended.

The following are the elements of Article 29018:

1. That the offender is a private individual or even a public officer not in the

exercise of his official function.

15
Rep. Act. No. 10175, § 4(a)(1). This is the Cybercrime Prevention Act of 2012.
16
§ 4(a)(3).
17
§ 6.
18
LUIS B. REYES, THE REVISED PENAL CODE: CRIMINAL LAW 648-649 (18th ed. 2012).
 2. That he seizes the papers or letters of another.

3. That the purpose is to discover the secrets of such another person.

4. That the offender is informed of the contents of the papers or letters seized19.

There is no doubt that Gunther McAvoy is a private individual. The word “seize” as seen in the

2nd element means “to place in the control of someone a thing” even for a short period of time

only20. McAvoy had in his possession the control of Briony Els’ PostMe account without the

latter’s consent. It was stated that his purpose was to know whether his partner was having

infidelity issues. This is obviously a purpose of discovering a secret of an individual. Lastly,

McAvoy knew the contents of the PostMe account. It is known to him that by accessing the

account of Briony Els, it is most likely that the contents will help him on confirming his suspicions.

Having satisfied all the elements, Gunther McAvoy can be considered as guilty under Article 290

of the Revised Penal Code. In the said crime, damage caused to the party, whose secrets are being

discovered by the offender, is not necessary21.

19
People v. Singh, C.A., 40 O.G., Supp.5, 35,
20
LUIS B. REYES, THE REVISED PENAL CODE: CRIMINAL LAW 649 (18th ed. 2012) .
21
Id. at 650.