Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

Use of hacking tools or hacked data to be criminalised in Singapore

Obtaining hacking tools to commit a crime or using personal data obtained by hacking would become a crime under proposed changes to Singapore's Computer Misuse and Cybersecurity Act (CMCA).10 Mar 2017

Singapore introduced a computer misuse act in 1993, to criminalise unauthorised access or modification of computer material, and other computer crimes, the Ministry of Home Affairs said.

This act was amended to include cybersecurity rules in 2013, it said.

The changes have been proposed to tackle the "increasing scale and transnational nature of cybercrime, as well as the evolving tactics of cybercriminals", the Ministry said.

Under the proposals, the act of dealing in personal information obtained through an act in contravention of the CMCA would be criminalised.

"For example, criminals may trade hacked credit card information even though they themselves may not have been responsible for hacking the credit card information. This amendment makes it an offence for persons to obtain or deal in such personal information for illegitimate purposes," the Ministry said.

Dealing in items that can be used to commit a CMCA offence, such as malware and post scanners, would also become a crime. These can be used to illegally access computers and are readily available online, it said.

The Ministry has also proposed making it an offence under the CMCA to commit a criminal act while overseas, if it causes or created "a significant risk of serious harm in Singapore".

The Ministry has also proposed a new section of the act, called "amalgamating of charges", to apply when a person is alleged to have committed two or more acts under the same provision, involving the same computer and within 12 months. Enhanced penalties would apply when the combined acts cause higher damage, it said.

Technology law expert Bryan Tan of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind said: "The CMCA is one of the most frequently amended pieces of legislation in Singapore and rightly so. Threats of computer misuse have only been increasing in frequency and complexity."

"The new amendments provide new reach in terms of space, through extra-territoriality, and time, through the amalgamation of acts. The cybercriminal has no need to break through the walls of a bank vault with a stopwatch – he can operate from overseas and pick the lock, then bide his time for the right moment. The amendments are starting to move away from the traditional construct of penal statutes to address these new features," Tan said.