On 8 March 2017, the Singapore Ministry of Home Affairs (MHA) announced the key proposed changes to the Computer Misuse and Cybersecurity Act (CMCA), after the amendment Bill was introduced for its first reading in Parliament. This legislative shift follows the Government's recent focus on implementing its new cybersecurity strategy and building robust cybersecurity capabilities.
The Bill seeks to extend the reach of the CMCA by criminalising acts which are enabled by cybersecurity attacks. In this regard, it would be an offence to use personal data obtained via an act in breach of the CMCA. For example, it would be unlawful for a person to use hacked credit card details, even if the act of hacking was committed by another.
In addition, the Bill also targets acts which enable cybercrime, by criminalising the act of obtaining and the act of dealing in tools which may be used to commit a CMCA offence. This would include hacking tools such as malware.
In relation to exterritorial application, the CMCA presently criminalises acts committed overseas against a computer located in Singapore. However, the CMCA stops short of criminalising acts committed overseas against a computer located overseas, even if the harm occurs in Singapore.
The Bill deals with this lacuna by criminalising acts that cause or create a significant risk of harm in Singapore, which is defined as injury or death or disruptions to essential services.
Finally, the Bill gives the CMCA more teeth by allowing for enhanced penalties when cyber criminals commit multiple offences against a computer over a period of time. The Bill further permits these acts to be combined as a single charge.
The proposed changes, if implemented, are likely to address the increasingly borderless nature of cybercrime and strengthen Singapore's cybersecurity enforcement regime.
On this note, it will be interesting to see if the proposed amendments gain traction in Parliament, and whether any further changes will be introduced.