Changes to Singapore's cybercrime law passed

Changes to Singapore's cybercrime law passed

Under the amended Computer Misuse and Cybersecurity Act, dealing in personal information obtained via a cybercrime such as trading in hacked credit card details is deemed illegal, as is dealing in hacking tools to commit a computer offence.

SINGAPORE: Changes to the existing Computer Misuse and Cybersecurity Act (CMCA) were passed in Parliament on Monday (Apr 3), amid observations from members that businesses here need to pay heed to the amendments.

Under the amended Act, dealing in personal information obtained via a cybercrime such as trading in hacked credit card details is deemed illegal, as is dealing in hacking tools to commit a computer offence.

It is also now an offence for someone committing a criminal act while overseas, against a computer located overseas, should the act "cause or create a significant risk of serious harm in Singapore". The Ministry of Home Affairs define serious harm as injury or death or disruptions to essential services.

MP Murali Pillai said in Parliament that he supported the Bill, but asked if journalists or researchers could fall afoul of the amended cybercrime law should they use information from leaked information derived from hacks.

To this, Senior Minister of State for Home Affairs Desmond Lee said there is "nothing wrong" to report on a hack, or for a researcher to use the leaked information for research purposes, as long as they do not circulate the personal details that were disclosed through the hack. For instance, there is no need to report victims' hacked credit card details in specificity in a news report on the cybercrime, he said.

"Depending on the circumstances, indiscriminately making available hacked personal information may amount to an offence," he said.

BUSINESSES NEED TO PAY HEED

During the debate on the Bill, Nominated Member of Parliament (NMP) Thomas Chua also noted that in the areas of cyber usage and security, Government agencies have accumulated a wealth of experience, but businesses in comparison, are "obviously lacking" in risk awareness and digital capability.

He also urged businesses to pay heed to the newly amended Bill, particularly in the section on criminal offences, which states that anyone who obtains, retains, sells, creates, supplies or uses methods to commit computer-related offences, or deliberately allows these products to be used, will be committing an offence.

"Moving forward, businesses must be much more vigilant when they are selling products, to avoid being made use of unwittingly," Mr Chua said.

Another NMP, K Thanaletchimi, questioned the awareness level of cybersecurity and its importance among companies here, especially small- and medium-sized enterprises (SMEs).

She asked: "How well are these companies protected? Do these companies see the importance of it and invest adequately in cybersecurity to protect both their individuals’ and clients’ data?"

In response, the Senior Minister of State for Home Affairs said the Singapore Computer Emergency Response Team (SingCERT) does post advisories on its website to warn companies of ongoing online threats and how they can deal with them.

He also noted that in the third quarter of this year, SMEs can get in-person advice on areas such as cybersecurity from a new SME Technology Hub, which will be set up by the Info-communications Media Development Authority of Singapore.

"The amendments to the CMCA help strengthen our response to cybercrime. The threats have so far been under control, but they lurk in many dark corners of cyberspace," Mr Lee said.

"We therefore need to put in place a robust legislative framework, with safeguards, but also with the necessary enforcement levers as part of a comprehensive cybercrime and cybersecurity strategy to ensure that our computers, systems and data are better protected."

Source: CNA/kk