Connect with us

Current Affairs

本社要求内政部撤回更正指示 遭高庭驳回

Published

on

新加坡内政部于22日援引《防止网络假信息和防止网络操纵法案》(POFMA),对于马国捍卫自由律师团(LHL)、《网络公民》、雅虎新闻以及新闻工作者韩俐颖,发出更正指示。

本社已向内政部长尚穆根要求撤回指示,不过被部长驳回,为此本社在上月28日转向高庭上诉。即便准备法庭文件,都需要989元六角的费用,约占了本社运营成本的10巴仙。

昨日(19日)高庭作出判决,驳回本社的申请,高庭法官洪素燕(Belinda Ang)称本社的辩驳出现“两个严重错误”,首先误以为在《防假消息法》下对于“陈述”(Statement)还有其他诠释,实则在该法第17项下只有两种:“事实(fact)”和“意见(opinion)”

至于其他理智人士阅读本社有关报导,都会以为那是“事实陈述”。故此法官裁定本社在这一论点的辩述失败。

上月16日,本社报导捍卫自由律师团发表一篇新闻稿,指责樟宜监狱以残酷和不合法方式处决囚犯。包括本社、雅虎新闻以及马国主流媒体,都有报导上述律师组织的声明。

本社在申诉中强调,报导中已对资讯作出均衡报导,也强调那是来自上述组织的的第三方指控,且本社亦有向内政部求证,惟未获得后者核实。

根据判决书,法官也认为本社应证实有关陈述的真实性,而不是由被告(指内政部)证实。

在《防假消息法》第17(5)项下,如有关人士未在新加坡传播有关陈述、有关陈述不是事实陈述/确实是真相,又或者技术上无法发出更正指示,高庭才可裁决撤回指示。

总检察署的论点是,内政部长对本社发出的更正指示,是针对有关樟宜监狱行刑手法的指控。且本社未能提出任何证据,来抵消举证的责任。

对此法官认为,本社的“举报辩护”(reporting defence)是基于对有关陈述的误解。

此外,在《防假消息法》第11(4)项之下,只要有关人士在新加坡传播虚假事实,即便他并不知道/或者没有理由断定有关消息是虚假的。

故此,法官认为即便本社并不清楚,有关捍卫自由律师团的声明是否属实,也“无实质性的考量”。

再者,法官洪素燕认为,“举报辩护”可能会“阻挠”(frustrate)订立《防假消息法》以作预防的目的。

她解释,在《防假消息法》第5(a)项和第11(4)项,不仅针对“制造消息者”,也针对“消息传播者”,这意味着传播假消息者的诚实、不知情或无辜,并不在考量范围。

故此,本社单纯报导捍卫自由律师团,却未证实声明的真实性,并不能当作辩护。

在有关举证的问题,法官认为本社未能履行证实消息真伪的法律和证据责任。

不过法官有要求樟宜监狱局运营管理总监的宣誓书,并表示“不质疑总监提出的证据”。

Continue Reading

Current Affairs

Man arrested for alleged housebreaking and theft of mobile phones in Yishun

A 23-year-old man was arrested for allegedly breaking into a Yishun Ring Road rental flat and stealing eight mobile phones worth S$3,400 from five tenants. The Singapore Police responded swiftly on 1 September, identifying and apprehending the suspect on the same day. The man has been charged with housebreaking, which carries a potential 10-year jail term.

Published

on

SINGAPORE: A 23-year-old man has been arrested for allegedly breaking into a rental flat along Yishun Ring Road and stealing eight mobile phones from five tenants.

The incident occurred in the early hours on Sunday (1 September), according to a statement from the Singapore Police Force.

The authorities reported that they received a call for assistance at around 5 a.m. on that day.

Officers from the Woodlands Police Division quickly responded and, through ground enquiries and police camera footage, were able to identify and apprehend the suspect on the same day.

The stolen mobile phones, with an estimated total value of approximately S$3,400, were recovered hidden under a nearby bin.

The suspect was charged in court on Monday with housebreaking with the intent to commit theft.

If convicted, he could face a jail term of up to 10 years and a fine.

In light of this incident, the police have advised property owners to take precautions to prevent similar crimes.

They recommend securing all doors, windows, and other openings with good quality grilles and padlocks when leaving premises unattended, even for short periods.

The installation of burglar alarms, motion sensor lights, and CCTV cameras to cover access points is also advised. Additionally, residents are urged to avoid keeping large sums of cash and valuables in their homes.

The investigation is ongoing.

Last month, police disclosed that a recent uptick in housebreaking incidents in private residential estates across Singapore has been traced to foreign syndicates, primarily involving Chinese nationals.

Preliminary investigations indicate that these syndicates operate in small groups, targeting homes by scaling perimeter walls or fences.

The suspects are believed to be transient travelers who enter Singapore on Social Visit Passes, typically just a day or two before committing the crimes.

Before this recent surge in break-ins, housebreaking cases were on the decline, with 59 reported in the first half of this year compared to 70 during the same period last year.

However, between 1 June and 4 August 2024, there were 10 reported housebreaking incidents, predominantly in private estates around the Rail Corridor and Bukit Timah Road.

The SPF has intensified efforts to engage residents near high-risk areas by distributing crime prevention advisories, erecting alert signs, and training them to patrol their neighborhoods, leading to an increase in reports of suspicious activity.

Continue Reading

Current Affairs

Consumers Association of Singapore fined S$20,000 for PDPA breaches following two data security incidents

Published

on

By

The Consumers Association of Singapore (CASE) has been fined S$20,000 by the Personal Data Protection Commission (PDPC) for breaches under the Personal Data Protection Act (PDPA).

According to a judgement which was published on 28 August, the fine was imposed due to the consumer watchdog’s failure to implement reasonable security measures to protect the personal data in its possession and to establish necessary policies and practices required under the PDPA.

The breaches resulted in two significant incidents, one in October 2022 and another in June 2023, where the personal data of up to 34,760 individuals was potentially compromised.

Both incidents were handled under the Expedited Decision Procedure (EDP) at the request of CASE, with the organization admitting to all the facts and contraventions of the PDPA, leading to a faster resolution of the case.

The First Incident: Phishing Attack in October 2022

The first incident occurred in October 2022 when a threat actor accessed CASE’s email accounts and sent phishing emails from its official email addresses.

On 8 October 2022, some consumers received unsolicited emails from “[email protected],” which falsely claimed that their complaints had been escalated to the “collections and compensation department” and that they were eligible for compensation.

The recipients were asked to provide their banking details by clicking on a chat icon.

The following day, similar phishing emails were sent from “[email protected],” an account used for complaints that had progressed to mediation. CASE later discovered that the phishing emails had affected up to 22,542 email addresses.

Further investigations revealed that the phishing emails likely resulted from the threat actor obtaining login credentials from a CASE employee via a phishing attack.

The compromised accounts led to the sending of 5,205 phishing emails to 4,945 recipients. Although CASE acted swiftly to suspend the affected accounts and reset all administrator passwords, three consumers reported that they had clicked on the phishing links and collectively lost S$217,900. CASE subsequently lodged a police report.

The Second Incident: Data Breach During Vendor Migration

While PDPC was investigating the first incident, a second breach came to light in June 2023. On 22 June 2023, PDPC received a complaint about a phishing email that replicated a consumer’s complaint previously submitted to CASE.

This led to the discovery that the personal data of 12,218 individuals, including names, email addresses, contact numbers, and complaint details, had been exposed. The PDPC concluded that the breach likely occurred during a data migration exercise conducted by CASE between December 2019 and January 2020 when CASE switched vendors.

Investigations revealed that CASE’s contract with one of its vendors, Total eBiz Solutions Pte Ltd (TES), did not stipulate clear security responsibilities. This lack of contractual clarity contributed to the data breach during the migration process, highlighting CASE’s negligent vendor management.

PDPC Findings and Penalties

The PDPC found that CASE had failed to enforce its password management policy, with some passwords not meeting minimum length and complexity requirements and others remaining unchanged for up to four years. Furthermore, CASE’s vendor management was deemed negligent, as one of its contracts did not specify clear security responsibilities, putting personal data at risk.

CASE admitted to not conducting regular security awareness training for its staff, with the last session held five years before the first incident.

The PDPC also noted that CASE lacked an Information and Communications Technology (ICT) policy, particularly in relation to patching and maintaining IT systems. The absence of a documented IT infrastructure management plan, insufficient logging and monitoring practices, and the lack of security reviews over the three years preceding the first breach were significant failures highlighted in the judgment.

In assessing the financial penalty, the PDPC considered the nature and gravity of the breaches, the duration of non-compliance, and CASE’s annual turnover. The fine of $20,000 was determined to be appropriate in light of these factors.

Remedial Actions by CASE

It is said that CASE, which is headed by Mr Melvin Yong, People’s Action Party Member of Parliament for Radin Mas, has implemented several measures to enhance its cybersecurity in response to the breaches.

These include introducing multi-factor authentication for all web-based applications, strengthening password complexity requirements, decommissioning end-of-life devices, and implementing patch management software for security updates.

CASE has also revised its contracts with outsourced vendors to include data protection clauses and mandated annual data protection training for all staff members.

CASE is working towards obtaining the Cyber Essentials Mark and the Data Protection Trust Mark to reinforce its commitment to safeguarding personal data and complying with PDPA obligations.

The PDPC has directed CASE to review and update its data protection policies, rectify all identified security gaps, and report back within one week of completion. The organization has also been instructed to conduct a penetration test after addressing the vulnerabilities to ensure no further security gaps exist.

The post Consumers Association of Singapore fined S$20,000 for PDPA breaches following two data security incidents appeared first on Gutzy Asia.

Continue Reading

Trending