Octopus Cybercrime Community

There are several pieces of domestic legislation that deal with cybercrime in Singapore, from traditional penal statutes such as the Penal Code, to the more recently enacted Remote Gambling Act. However, the primary statutes used are:

• Computer Misuse and Cybersecurity Act of 2007 (Chapter 50A)
• Computer Misuse and Cybersecurity (Amendment) Bill of 2017 (Bill No. 15/2017)

The Computer Misuse Act (the CMA) is Singapore’s fundamental law that deals with matter related to cybercrimes. It was introduced in 1993. The Singapore cyber attacks in 2013 were a major incident which got the government’s attention towards the growing cybercrimes and its direct consequences.

Following the 2013 Singapore cyberattacks, in 2007 the Computer Misuse Act was renamed to

Computer Misuse and Cybersecurity Act (CMCA).

On 3 April 2017 the Parliament approved the amendments to the CMCA of 2007. The amendment text looks in line with the Singapore Infocomm Development Authority’s National Cybersecurity Masterplan 2018 and aims to deal with the changing modus operandi with which computer offences are carried out.

The CMCA punishes several offences, including:

1. unauthorised access to computer material;
2. access with intent to commit or facilitate the commission of offence;
3. unauthorised modification of computer material;
4. unauthorised use or interception of computer material;
5. unauthorised obstruction of use of computer; and
6. unauthorised disclosure of access code.

The amended text of the Computer Crimes Act specifies some additional offences, for example

1) Supplying, etc., personal information obtained in contravention of certain provisions.

The aim of this offence is to punish the use of personal information obtained illegally, through hacks for example, to commit or facilitate crimes such as identity fraud. Other examples include the trading of hacked credit card details even though they did not commit the act of hacking to obtain the information.

2) Obtaining, etc., items capable of being used to commit certain offences.

The aim of this offence is to punish the obtaining or retention of items capable to commit CMCA relevant offences, such as accessing a computer illegally, unauthorised modification of computer material, unauthorised use or interception of computer services, etc. This section applies to all items, like computer programs, passwords and access codes that can be used for committing or facilitating certain computer offence.

3) Extraterritorial application of CMCA offences with “serious harm” to Singapore.

This Section expand the applicability of CMCA even if someone commits a criminal act while overseas, against a computer located overseas, but the impact creates “serious harm” in Singapore.

For “serious harm” must be intended as: illness, injury or death of individuals; disruption or serious diminution of public confidence in providing any essential service; disruption or serious diminution of public confidence in the performance of any duty or function or the exercise of any power by the Government, an Organ of State or a statutory board; damage to the national security, defence or foreign relations of Singapore.

4) Amalgamation of charges for CMCA offences

This Section aims to allow the prosecution to amalgamate, as a single charge of one offence, two or more acts that are the same computer offence, and are committed over a 12-month or shorter period in relation to the same computer.

terms of procedural powers, the Criminal Procedure Code defines in its Part IV formation to Police and Powers of Investigation the actions a police officer or an authorised person (as defined in the Sections 39 and 40 of the Code) can undertake with or without Public Prosecutor’s order when accessing computers or decryption information.

Section 39 defines the powers to access computer for a police or an authorised person (at any time, when investigating an arrestable offence). These powers consist in accessing a computer, search for data and copying it, as well as in preventing any other person from accessing or using such a computer. A police officer or an authorised person can order any person to stop accessing or using such a computer or to access it and use it in the conditions specified by him/her. A police officer or an authorised person can order to a person who is suspected of using or having used the computer in connection to the arrestable offence, to a person having charge of the computer, or to a person is believed to have access to credentials to access the computer, to offer assistance. As for computers located outside Singapore, the police officer or the authorised person can exercise the previous powers if the owner of the computer consents or via any power of investigation under any written law in certain circumstances detailed in this section. The access to the computer can be extended to any data contained on it if the owner consents.

Section 40 on access to decryption information extends the previous section powers, under the issuance of the Public Prosecutor order. Under this article, a police officer or an authorised person can access any information, code or technology capable of transforming encrypted data into text, can require any person suspected of using the computer in connection to the arrestable offence or any person in charge of computer, to provide technical assistance in transforming encrypted data into text, as well as to require to any person suspected of being in possession of any decryption information to grant access to such information for investigation purposes.

The Constitution of the Republic of Singapore offers guarantees through its Part IV Fundamental liberties.

The Constitution guarantees the liberty of the person (in accordance with law), equal protection for all persons before the law, freedom of speech, assembly and association.

Penal Code

Criminal Procedure Code

Remote Gambling Act

Cybersecurity Act 2018

As described in NCAP, Singapore is the Association of Southeast Asian Nations (ASEAN) Voluntary Lead Shepherd on Cybercrime, responsible for charting ASEAN’s initiatives against cybercrime.

With the unanimous support of ASEAN Member States, Singapore established the ASEAN Senior Officials Meeting on Transnational Crime (SOMTC) Working Group on Cybercrime in 2013. The Working Group, chaired by Singapore, provides a platform for the ASEAN Member States to coordinate the regional approach to cybercrime, and work together on capacity building, training and the sharing of information to combat cybercrime. This is also the platform through which the ASEAN Member States engage ASEAN Dialogue Partners such as the People’s Republic of China, Japan and the Republic of Korea on cybercrime collaboration.

At the international level, Singapore hosts the INTERPOL Global Complex for Innovation (IGCI), which is the INTERPOL’s global hub on cybercrime.

Singapore’s goal is to leverage INTERPOL’s resources to build global operational networks, capacities and capabilities to tackle cybercrime, especially within Asia.