REPUBLIC OF SINGAPORE
GOVERNMENT GAZETTE
ACTS SUPPLEMENT
Published by Authority

NO. 28]Friday, July 24 [1998

The following Act was passed by Parliament on 30th June 1998 and assented to by the President on 3rd July 1998:—
Computer Misuse (Amendment) Act 1998

(No. 21 of 1998)


I assent.

ONG TENG CHEONG
President.
3rd July 1998.
Date of Commencement: 1st August 1998
An Act to amend the Computer Misuse Act (Chapter 50A of the 1994 Revised Edition).
Be it enacted by the President with the advice and consent of the Parliament of Singapore, as follows:
Short title and commencement
1.  This Act may be cited as the Computer Misuse (Amendment) Act 1998 and shall come into operation on such date as the Minister may, by notification in the Gazette, appoint.
Amendment of section 2
2.  Section 2(1) of the Computer Misuse Act (referred to in this Act as the principal Act) is amended —
(a)by deleting the words "but does not include an automated typewriter or typesetter, a portable hand held calculator or other similar device which is non-programmable or which does not contain any data storage facility;" at the end of the definition of "computer" and substituting the following words:
but does not include —
(a)an automated typewriter or typesetter;
(b)a portable hand held calculator;
(c)a similar device which is non-programmable or which does not contain any data storage facility; or
(d)such other device as the Minister may, by notification in the Gazette, prescribe;”; and
(b)by inserting, immediately after the definition of "computer service", the following definition:
“ “damage” means, except for the purposes of section 10, any impairment to a computer or the integrity or availability of data, a program or system, or information, that —
(a)causes loss aggregating at least $10,000 in value, or such other amount as the Minister may, by notification in the Gazette, prescribe except that any loss incurred or accrued more than one year after the date of the offence in question shall not be taken into account;
(b)modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment or care of one or more persons;
(c)causes or threatens physical injury or death to any person; or
(d)threatens public health or public safety;”.
Amendment of section 3
3.  Section 3 of the principal Act is amended —
(a)by deleting "$2,000" in the sixth line of subsection (1) and substituting "$5,000";
(b)by inserting, immediately after the word "both" at the end of subsection (1), the words "and, in the case of a second or subsequent conviction, to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both"; and
(c)by deleting subsection (2) and substituting the following subsection:
(2)  If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.”.
Repeal and re-enactment of section 4
4.  Section 4 of the principal Act is repealed and the following section substituted therefor:
Access with intent to commit or facilitate commission of offence
4.—(1)  Any person who causes a computer to perform any function for the purpose of securing access to any program or data held in any computer with intent to commit an offence to which this section applies shall be guilty of an offence.
(2)  This section shall apply to an offence involving property, fraud, dishonesty or which causes bodily harm and which is punishable on conviction with imprisonment for a term of not less than 2 years.
(3)  Any person guilty of an offence under this section shall be liable on conviction to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 10 years or to both.
(4)  For the purposes of this section, it is immaterial whether —
(a)the access referred to in subsection (1) is authorised or unauthorised;
(b)the offence to which this section applies is committed at the same time when the access is secured or at any other time.”.
Amendment of section 5
5.  Section 5 of the principal Act is amended —
(a)by deleting the words "$2,000 or to imprisonment for a term not exceeding 2 years or to both" at the end of subsection (1) and substituting the words "$10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both"; and
(b)by deleting subsection (2) and substituting the following subsection:
(2)  If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.”.
Amendment of section 6
6.  Section 6 of the principal Act is amended —
(a)by deleting the words "$2,000 or to imprisonment for a term not exceeding 2 years or to both" at the end of subsection (1) and substituting the words "$10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both"; and
(b)by deleting subsection (2) and substituting the following subsection:
(2)  If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.”.
New sections 6A, 6B and 6C
7.  The principal Act is amended by inserting, immediately after section 6, the following sections:
Unauthorised obstruction of use of computer
6A.—(1)  Any person who knowingly and without authority or lawful excuse —
(a)interferes with, or interrupts or obstructs the lawful use of, a computer; or
(b)impedes or prevents access to, or impairs the usefulness or effectiveness of, any program or data stored in a computer,
shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both.
(2)  If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
Unauthorised disclosure of access code
6B.—(1)  Any person who, knowingly and without authority, discloses any password, access code or any other means of gaining access to any program or data held in any computer shall be guilty of an offence if he did so —
(a)for any wrongful gain;
(b)for any unlawful purpose; or
(c)knowing that it is likely to cause wrongful loss to any person.
(2)  Any person guilty of an offence under subsection (1) shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both.
Enhanced punishment for offences involving protected computers
6C.—(1)  Where access to any protected computer is obtained in the course of the commission of an offence under section 3, 5, 6 or 6A, the person convicted of such an offence shall, in lieu of the punishment prescribed in those sections, be liable on conviction to a fine not exceeding $100,000 or to imprisonment for a term not exceeding 20 years or to both.
(2)  For the purposes of subsection (1), a computer shall be treated as a "protected computer" if the person committing the offence knew, or ought reasonably to have known, that the computer or program or data is used directly in connection with or necessary for —
(a)the security, defence or international relations of Singapore;
(b)the existence or identity of a confidential source of information relating to the enforcement of a criminal law;
(c)the provision of services directly related to communications infrastructure, banking and financial services, public utilities, public transportation or public key infrastructure; or
(d)the protection of public safety including systems related to essential emergency services such as police, civil defence and medical services.
(3)  For the purposes of any prosecution under this section, it shall be presumed, until the contrary is proved, that the accused has the requisite knowledge referred to in subsection (2) if there is, in respect of the computer or program or data, an electronic or other warning exhibited to the accused stating that unauthorised access to that computer or program or data attracts an enhanced penalty under this section.”.
New section 11
8.  The principal Act is amended by inserting, immediately after section 10, the following section:
Saving for investigations by police and law enforcement officers
11.  Nothing in this Act shall prohibit a police officer, a person authorised in writing by the Commissioner of Police under section 14(1) or any other duly authorised law enforcement officer from lawfully conducting investigations pursuant to his powers conferred under any written law.”.
Repeal and re-enactment of section 14
9.  Section 14 of the principal Act is repealed and the following section substituted therefor:
Power of police officer to access computer and data
14.—(1)  A police officer or a person authorised in writing by the Commissioner of Police shall —
(a)be entitled at any time to —
(i)have access to and inspect and check the operation of any computer to which this section applies;
(ii)use or cause to be used any such computer to search any data contained in or available to such computer; or
(iii)have access to any information, code or technology which has the capability of retransforming or unscrambling encrypted data contained or available to such computer into readable and comprehensible format or text for the purpose of investigating any offence under this Act or any other offence which has been disclosed in the course of the lawful exercise of the powers under this section;
(b)be entitled to require —
(i)the person by whom or on whose behalf, the police officer or investigation officer has reasonable cause to suspect, any computer to which this section applies is or has been used; or
(ii)any person having charge of, or otherwise concerned with the operation of, such computer,
to provide him with such reasonable technical and other assistance as he may require for the purposes of paragraph (a); or
(c)be entitled to require any person in possession of decryption information to grant him access to such decryption information necessary to decrypt data required for the purpose of investigating any such offence.
(2)  This section shall apply to a computer which a police officer or a person authorised in writing by the Commissioner of Police has reasonable cause to suspect is or has been in use in connection with any offence under this Act or any other offence which has been disclosed in the course of the lawful exercise of the powers under this section.
(3)  The powers referred to in paragraphs (a)(ii) and (iii) and (c) of subsection (1) shall not be exercised except with the consent of the Public Prosecutor.
(4)  Any person who obstructs the lawful exercise of the powers under subsection (1)(a) or who fails to comply with a request under subsection (1)(b) or (c) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both.
(5)  For the purposes of this section —
“decryption information” means information or technology that enables a person to readily retransform or unscramble encrypted data from its unreadable and incomprehensible format to its plain text version;
“encrypted data” means data which has been transformed or scrambled from its plain text version to an unreadable or incomprehensible format, regardless of the technique utilised for such transformation or scrambling and irrespective of the medium in which such data occur or can be found for the purposes of protecting the content of such data;
“plain text version” means original data before it has been transformed or scrambled to an unreadable or incomprehensible format.”.