30 March 2023

In February 2023, during their respective Committee of Supply 2023 (“COS”) debates, the Ministry of Home Affairs (“MHA”) and the Ministry of Communications and Information (“MCI”) announced and discussed several measures which aim to counter online criminal harms and ensure safe and secure digital spaces.  

These measures are summarised below.

New Online Criminal Harms Act to counter online crimes

MHA will be introducing the Online Criminal Harms Act (“Act”) later this year to tackle online content which is criminal in their own right, or content which facilitates or abets crimes. Such content includes syndicated crimes such as scams, online incitement of mass public disorder, and malicious cyber activities such as phishing and the distribution of malware. The new Act will include powers to stop or remove online communications that facilitate crimes in the physical world, such as inciting violence, and will cover all mediums of online communication through which criminal activities could be conducted. It will also introduce upstream measures to detect and reduce scams, such as safeguards against inauthentic accounts. The Act will also apply to other malicious cyber activities such as phishing.

New Code of Practice for App Stores

MCI notes that app stores may carry apps with harmful content, especially for children. This could include content depicting explicit sexual activities or inciting violence. As with social media services, app stores should be expected to have systems and processes in place to deal with harmful content. MCI therefore plans to strengthen online safety through a new Code of Practice for App Stores (“new Code”). The new Code will take time to be developed and involve industry engagement. MCI will provide details in due course.

Online games

MCI will also look into online games. When the new Code is introduced, the risks of exposure to harmful content through games on these stores will be curtailed. Apps with egregious content may also become unavailable for download. But games may still be accessed through platforms other than app stores. MCI will study how to deal with this. A possible measure is to introduce a classification scheme for online games, much as MCI already does for video games. This will clarify the age appropriateness of games, and help parents exercise better supervision over their children’s online gaming. MCI will work towards these moves over the next 12 to 18 months.

Update on review of cybersecurity

During last year’s COS debate, MCI announced that that the Cyber Security Agency of Singapore (“CSA”) was reviewing the Cybersecurity Act 2018. One area under review is how to adapt the regulatory framework to allow the safe and secure use of virtualised systems, beyond critical information infrastructure. CSA has identified cloud services and data centres as foundational digital infrastructure that needs to be better protected.

With increasing industry digitalisation, demand for cybersecurity services has been growing domestically and overseas. CSA is hence examining how to develop the entire cybersecurity ecosystem, ranging from nurturing talent to promoting innovation and capability development.

Further details will be provided later this year.

Upcoming PDPC Advisory Guidelines

MCI announced that the Personal Data Protection Commission will be publishing two new Advisory Guidelines later this year:

  • Advisory Guideline on the Use of Personal Data in AI Systems: This will encourage artificial intelligence (“AI”) users to abide by standards of transparency and explainability, so that customers will know when and how AI is being used to process their personal data. It will also contain best practices on how industry can use personal data to train, test and monitor AI systems.
  • Advisory Guideline on Children’s Personal Data: This will set out clear, actionable standards for social media services and companies whose products interface with children. For instance, they must obtain parental consent before collecting data from children under the age of 13 and implement protective defaults such as making sure that children’s profiles are not made public.

Tighten law against those facilitating movement of scam proceeds

MHA intends to tighten the law against those who facilitate the movement of scam proceeds (“money mule”). Currently, the vast majority of money mule investigations do not result in prosecution. Based on current laws, there is a need to prove that the money mule knew that the monies he was handling were linked to criminal activity. MHA will amend the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 to prescribe specific conduct for which money mules can be held criminally liable.

MHA is also working with the Smart Nation and Digital Government Office on legislative amendments to the Penal Code to curb abuse of SingPass credentials as a vector to perpetrate scams. 

Reference materials

The following materials are available from the MHA website www.mha.gov.sg and MCI website www.mci.gov.sg: