Proposed laws to keep up with evolving nature of cybercrime

Four key amendments to Singapore's laws were tabled in the House yesterday to keep up with cybercrime's changing and increasingly transnational nature.

The Computer Misuse and Cybersecurity (Amendment) Bill seeks to criminalise the act of dealing and trading in personal information, such as credit card details for nefarious purposes, even though the trader may not have hacked into computers to obtain it.

The buying and selling of hacking tools, such as malware and port scanners from online marketplaces, will be an offence if the intention is criminal, said the Ministry of Home Affairs (MHA) in a statement.

If the amendments are passed, it will also criminalise offences under the existing Computer Misuse and Cybersecurity Act which are committed abroad, against an overseas computer.

"This amendment makes this an offence... if the act causes or creates a significant risk of serious harm in Singapore," said MHA.

Serious harm includes illness, injury or death, and disruptions to essential services, national security and Singapore's foreign relations.

Essential services include energy, water, finance, government, healthcare, information communication and transportation.

Examples of offences include releasing to the public people's bank account details, hospital patients' medical records or confidential government documents.

A new Section 11A also proposes to allow, among other things, multiple unauthorised access to one computer, for a period of 12 months or less, to be combined under a single charge. A perpetrator may do this to prepare for a cyber attack on the system.

Combining the multiple acts into a single criminal charge will allow for damage caused to be aggregated, so that a heavier penalty under a specified section can be imposed.

The maximum penalty under the Computer Misuse and Cybersecurity Act varies, depending on the crime, from a $5,000 fine and two years' jail, to a $100,000 fine and 20 years' jail.

The Act was last amended in 2013 - when it was renamed from the previous Computer Misuse Act - to grant the Government enhanced powers to counter cyber threats against Singapore's national security and essential services.

There is currently no overarching cyber security law in Singapore to tackle cyber threats.

But a new Cybersecurity Act will be introduced in the middle of this year, after public consultations to plug any existing legislative gaps.

A version of this article appeared in the print edition of The Straits Times on March 10, 2017, with the headline 'Proposed laws to keep up with evolving nature of cybercrime'. Print Edition | Subscribe