Ministry of Home Affairs (MHA) has introduced the Computer Misuse and Cybersecurity (Amendment) for First Reading in Parliament on Thursday (9 March) to tackle the increasing scale and transnational nature of cybercrime, as well as the evolving tactics of cyber criminals.
According to MHA, the Computer Misuse Act (CMA) was enacted in 1993 to criminalise unauthorised access or modification of computer material, and other computer crimes. The Act was amended twice between 1994 and 2012 to, amongst other things, introduce new offences to keep pace with changes in criminal behaviour. In 2013, the CMA was amended to include
The Act was amended twice between 1994 and 2012 to, amongst other things, introduce new offences to keep pace with changes in criminal behaviour. In 2013, the CMA was amended to include cyber security measures and renamed the Computer Misuse and Cybersecurity Act (CMCA).
“In developing this Bill, we had consulted businesses and professionals in the internet services and cyber security industries, and have taken their views into account,” the Minister noted.
MHA stated that the key proposed amendments are summarised below:
Criminalise the act of dealing in personal information obtained via an act in contravention of the CMCA
MHA stressed that criminals may use personal information obtained illegally from a computer (e.g. hacking) to commit or facilitate the commission of crimes (e.g. identity fraud).
For example, criminals may trade hacked credit card information even though they themselves may not have been responsible for hacking the credit card information.
“This amendment makes it an offence for persons to obtain or deal in such personal information for illegitimate purposes,” it said.
Criminalise the act of dealing in items capable of being used to commit a CMCA offence
MHA said that criminals could gain easy access to items that are capable of facilitating the illegal access of a computer (commonly known as hacking tools). Examples of such hacking tools include malware and port scanners, which can be readily obtained online.
It said that this amendment criminalises the act of obtaining such items to commit or facilitate the commission of a computer offence, as well as the act of dealing in such items, intending it to be used for committing or facilitating the commission of a computer offence.
Extraterritorial application of CMCA offences with “serious harm” to Singapore
Currently, it is not an offence under the CMCA if the perpetrator commits a criminal act while overseas, against a computer located overseas, even if the impact is felt within Singapore.
MHA said that this amendment makes this an offence under the CMCA, if the act causes or creates a significant risk of serious harm in Singapore. Serious harm in Singapore would include, among other things, illness, injury or death of individuals in Singapore, as well as disruptions to essential services in Singapore.
MHA then added that these following acts are prohibited under Sections 3 to 8 of the CMCA:
- Unauthorised access to computer material.
- Access with intent to commit or facilitate commission of offence.
- Unauthorised modification of computer material.
- Unauthorised interception of computer service.
- Unauthorised obstruction of use of computer.
- Unauthorised disclosure of access code.