Maria Ressa, CEO of Rappler, may be in trouble for leaking that unauthorized confidential DFA document on the telephone conversation between US president Donald Trump and Philippine president Rodrigo Duterte. In that conversation, Trump told Duterte confidentially there were two nuclear subs he sent to Korea and got pilloried for it by the US media.
She could be charged under the US Espionage Act, like Julian Assange, founder of Wikileaks. That Act was designed to punish acts of interference in foreign relations as well as acts of espionage that interfere with operations or success of the US armed forces or promote success of its enemies.
According to a former US Homeland Security officer now with the Heritage Foundation, it is immaterial that Ressa is a journalist or a non-US citizen or whether the individual distributing the confidential information is the initial thief or intermediary. If indicted by the US Attorney-General her chances of being convicted are high. The US does not take this kind of offense lightly.
A conviction is punishable by death or by imprisonment for not more than 30 years or both.
In 1919 the US Supreme Court unanimously ruled in Schenck vs United States that the Espionage Act did not violate freedom of speech. The right of access to information of public concern is not absolute. It does not extend to diplomatic secrets and matters affecting national security.
What about the liability of the DFA official who leaked the document? Under Memorandum Circular No.78 dated August 14, 1964 governing the security of classified material in Philippine government offices, Sec. IV, Art.17 defines a confidential matter as information prejudicial to the interest or prestige of the nation or of great advantage to a foreign nation. Sec. XII, Art.57 states that any violation of regulations in that Circular makes the public officer liable administratively without prejudice to any criminal prosecution if the violation constitutes an offense under the Revised Penal Code or any other penal law. Same with the unauthorized publication of classified material by the parties concerned.
In the Philippines, RA10173 known as the Data Privacy Act of 2012 protects all forms of information that are personal, private, or privileged. Under its Sec.32, any unauthorized disclosure without the consent of the data subject shall be subject to imprisonment ranging from one to three years and a fine of not less than 500,000 pesos but not more than one million. Under its Sec.36, any offense committed by a public officer carries an accessory penalty consisting in his disqualification to hold public office for a term double the term of the criminal penalty imposed.