Legal Bulletin April 2017

Home : Publications:Legal Bulletin April 2017

Published date: 27 Apr 2017

Parliament passes Computer Misuse and Cybersecurity (Amendment) Bill: Tackling increasing scale and transnational nature of cybercrime and evolving tactics of cybercriminals

On 3 April 2017, the Computer Misuse and Cybersecurity (Amendment) Bill (“Bill”) was passed in Parliament. It is not yet in force. As highlighted in the second reading speech on the Bill, there has been an increase in the number of cybercrime cases in recent years. Apart from the increase in volume, cybercrime cases have also increased in complexity. For example, Internet of Things (IoT) devices have been attacked, massive breaches of personal information have become commonplace and hacked personal information has been used to facilitate crimes like theft and cheating. Given the current high Internet penetration rate, it is important to safeguard against cybercrime, and be able to take firm enforcement action against criminals that make use of the anonymity and borderless nature of the Internet to commit cybercrimes. As such, the Bill seeks to amend the Computer Misuse and Cybersecurity Act (“CMCA”) to tackle the increasing scale and transnational nature of cybercrime, as well as the evolving tactics of cybercriminals.
The Bill proposes the following key amendments:
·         Dealing in hacked personal information is an offence: The Bill will introduce a new section 8A to the CMCA which criminalises acts done in relation to personal information of individuals that the perpetrator knows or has reason to believe had been obtained by committing a computer crime. The act of obtaining or retaining such personal information will be an offence; as will be supplying, offering to supply, transmitting or making available the information.
It is not an offence if the individual obtained or retained the personal information for a legitimate purpose. It is also not an offence if the individual supplied, offered to supply, transmitted or made available the personal information for a legitimate purpose, and they did not know or have reason to believe that the information will be or is likely to be used to commit an offence.
·         Dealing in hacking tools, with criminal intent is an offence: A new section 8B in the CMCA will criminalise acts carried out in relation to an item that is designed primarily for committing a computer crime, or is capable of being used for such purposes. Such items are commonly known as “hacking tools” and will include physical devices, software, passwords and access codes. The prohibited acts include obtaining or retaining the hacking tool, and making, supplying, or making available the hacking tool. It is an offence only if the act is carried out with the intention of committing or facilitating the commission of a computer crime.
·         Allowing the amalgamation of charges under the CMCA: The new section 11A in the CMCA will allow the prosecution to amalgamate as a single charge of one offence, two or more acts that are the same computer offence, and which have been committed over a 12-month or shorter period in relation to the same computer. This amendment allows for multiple acts of a similar nature to be amalgamated as a single charge. Enhanced penalties may be meted out when the combined acts result in higher aggregate damage.
·         Extraterritorial application of CMCA offences with “serious harm” to Singapore: Section 11 of the CMCA will be amended to give extraterritorial application to computer offences, where the act causes or creates a significant risk of serious harm in Singapore. “Serious harm in Singapore” is defined to include illness, injury or death of individuals in Singapore, disruption of essential services in Singapore, and disruption of the carrying out of governmental duties and functions.
Police will be able to initiate investigations against cybercriminals located overseas and collaborate with their foreign counterparts to provide and share evidence of such cases, with a view to extraditing these offenders to Singapore, where possible, and prosecuting them before Singapore courts. The Ministry of Home Affairs is working with the Ministry of Law to specify offences under the CMCA as extradition offences.
The changes in the Bill will take effect when the Computer Misuse and Cybersecurity (Amendment) Act is gazetted and a commencement date appointed.
Reference materials
The following materials are available on the Parliament website and the Ministry of Home Affairs website
For further information, please contact:
+65 6890 7883
+65 6890 7710
+65 6890 7526
+65 6890 7627

<Back to Legal Bulletin April 2017

Find a Publication

For more information on Singapore law, please go to: