Singapore Government
Link to Homepage
Home | About Us | Browse | Advanced Search | Results | My Preferences | FAQ | Help | PLUS
Slider
Left Corner
Print   Link to Viewed VersionLink to In-Force Version
 
On 26/09/2017, you requested the version in force on 26/09/2017 incorporating all amendments published on or before 26/09/2017. The closest version currently available is that of 01/06/2017.
Slider
PART II
OFFENCES
Unauthorised access to computer material
3.
—(1)  Subject to subsection (2), any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both.
[21/98]
(2)  If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
[21/98]
(3)  For the purposes of this section, it is immaterial that the act in question is not directed at —
(a)
any particular program or data;
(b)
a program or data of any kind; or
(c)
a program or data held in any particular computer.
[UK CMA 1990, s. 1]
Access with intent to commit or facilitate commission of offence
4.
—(1)  Any person who causes a computer to perform any function for the purpose of securing access to any program or data held in any computer with intent to commit an offence to which this section applies shall be guilty of an offence.
[21/98]
(2)  This section shall apply to an offence involving property, fraud, dishonesty or which causes bodily harm and which is punishable on conviction with imprisonment for a term of not less than 2 years.
[21/98]
(3)  Any person guilty of an offence under this section shall be liable on conviction to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 10 years or to both.
[21/98]
(4)  For the purposes of this section, it is immaterial whether —
(a)
the access referred to in subsection (1) is authorised or unauthorised;
(b)
the offence to which this section applies is committed at the same time when the access is secured or at any other time.
[21/98]
[UK CMA 1990, s. 2]
Unauthorised modification of computer material
5.
—(1)  Subject to subsection (2), any person who does any act which he knows will cause an unauthorised modification of the contents of any computer shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both.
[21/98]
(2)  If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
[21/98]
(3)  For the purposes of this section, it is immaterial that the act in question is not directed at —
(a)
any particular program or data;
(b)
a program or data of any kind; or
(c)
a program or data held in any particular computer.
(4)  For the purposes of this section, it is immaterial whether an unauthorised modification is, or is intended to be, permanent or merely temporary.
[UK CMA 1990, s. 3]
Unauthorised use or interception of computer service
6.
—(1)  Subject to subsection (2), any person who knowingly —
(a)
secures access without authority to any computer for the purpose of obtaining, directly or indirectly, any computer service;
(b)
intercepts or causes to be intercepted without authority, directly or indirectly, any function of a computer by means of an electro-magnetic, acoustic, mechanical or other device; or
(c)
uses or causes to be used, directly or indirectly, the computer or any other device for the purpose of committing an offence under paragraph (a) or (b),
shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both.
[21/98]
(2)  If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
[21/98]
(3)  For the purposes of this section, it is immaterial that the unauthorised access or interception is not directed at —
(a)
any particular program or data;
(b)
a program or data of any kind; or
(c)
a program or data held in any particular computer.
[Canada CLAA 1985, s. 301.2 (1)]
Unauthorised obstruction of use of computer
7.
—(1)  Any person who, knowingly and without authority or lawful excuse —
(a)
interferes with, or interrupts or obstructs the lawful use of, a computer; or
(b)
impedes or prevents access to, or impairs the usefulness or effectiveness of, any program or data stored in a computer,
shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both.
[21/98]
(2)  If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
[21/98]
Unauthorised disclosure of access code
8.
—(1)  Any person who, knowingly and without authority, discloses any password, access code or any other means of gaining access to any program or data held in any computer shall be guilty of an offence if he did so —
(a)
for any wrongful gain;
(b)
for any unlawful purpose; or
(c)
knowing that it is likely to cause wrongful loss to any person.
[21/98]
(2)  Any person guilty of an offence under subsection (1) shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both.
[21/98]
Supplying, etc., personal information obtained in contravention of certain provisions
8A.
—(1)  A person shall be guilty of an offence if the person, knowing or having reason to believe that any personal information about another person (being an individual) was obtained by an act done in contravention of section 3, 4, 5 or 6 —
(a)
obtains or retains the personal information; or
(b)
supplies, offers to supply, transmits or makes available, by any means the personal information.
(2)  It is not an offence under subsection (1)(a) if the person obtained or retained the personal information for a purpose other than —
(a)
for use in committing, or in facilitating the commission of, any offence under any written law; or
(b)
for supply, transmission or making available by any means for the personal information to be used in committing, or in facilitating the commission of, any offence under any written law.
(3)  It is not an offence under subsection (1)(b) if —
(a)
the person did the act for a purpose other than for the personal information to be used in committing, or in facilitating the commission of, any offence under any written law; and
(b)
the person did not know or have reason to believe that the personal information will be or is likely to be used to commit, or facilitate the commission of, any offence under any written law.
     Example 1.— A comes across a list of credit card numbers on the Internet belonging to individuals who are customers of B, which A has reason to believe were obtained by securing access without authority to B’s server. A downloads the list for the purpose of reporting the unauthorised access to B’s server to the police.
       A retains the list of credit card numbers and transmits it to B for the purpose of informing B of the unauthorised access to B’s server.
      A has downloaded and retained the list of credit card numbers for purposes other than those mentioned in subsection (2)(a) and (b). Therefore A does not commit an offence under subsection (1)(a) by reason of subsection (2).
    A has transmitted the list to B for a purpose other than for it to be used in committing or in facilitating the commission of an offence. If A did not know or have reason to believe that the list so transmitted will be or is likely to be used to commit or facilitate the commission of an offence, then A does not commit an offence under subsection (1)(b) by reason of subsection (3).
     Example 2.— C, an employee of B, after receiving the list from A in Example 1, transmits it to D, another employee of B, for the purpose of facilitating B’s investigation of the unauthorised access of B’s server.
     C has transmitted the list to D for a purpose other than for it to be used in committing or in facilitating the commission of an offence. If C did not know or have reason to believe that the list so transmitted will be or is likely to be used to commit or facilitate the commission of an offence, then C does not commit an offence under subsection (1)(b) by reason of subsection (3).
(4)  For the purposes of subsection (1)(b), a person does not transmit or make available personal information merely because the person provides, or operates facilities for network access, or provides services relating to, or provides connections for, the transmission or routing of data.
(5)  A person guilty of an offence under subsection (1) shall be liable on conviction —
(a)
to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both; and
(b)
in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both.
(6)  For the purpose of proving under subsection (1) that a person knows or has reason to believe that any personal information was obtained by an act done in contravention of section 3, 4, 5 or 6, it is not necessary for the prosecution to prove the particulars of the contravention, such as who carried out the contravention and when it took place.
(7)  In this section —
(a)
personal information is any information, whether true or not, about an individual of a type that is commonly used alone or in combination with other information to identify or purport to identify an individual, including (but not limited to) biometric data, name, address, date of birth, national registration identity card number, passport number, a written, electronic or digital signature, user authentication code, credit card or debit card number, and password; and
(b)
a reference to an offence under any written law includes an offence under subsection (1).
Obtaining, etc., items for use in certain offences
8B.
—(1)  A person shall be guilty of an offence if the person —
(a)
obtains or retains any item to which this section applies —
(i)
intending to use it to commit, or facilitate the commission of, an offence under section 3, 4, 5, 6 or 7; or
(ii)
with a view to it being supplied or made available, by any means for use in committing, or in facilitating the commission of, any of those offences; or
(b)
makes, supplies, offers to supply or makes available, by any means any item to which this section applies, intending it to be used to commit, or facilitate the commission of, an offence under section 3, 4, 5, 6 or 7.
(2)  This section applies to the following items:
(a)
any device, including a computer program, that is designed or adapted primarily, or is capable of being used, for the purpose of committing an offence under section 3, 4, 5, 6 or 7;
(b)
a password, an access code, or similar data by which the whole or any part of a computer is capable of being accessed.
(3)  A person guilty of an offence under subsection (1) shall be liable on conviction —
(a)
to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both; and
(b)
in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both.
Enhanced punishment for offences involving protected computers
9.
—(1)  Where access to any protected computer is obtained in the course of the commission of an offence under section 3, 5, 6 or 7, the person convicted of such an offence shall, in lieu of the punishment prescribed in those sections, be liable to a fine not exceeding $100,000 or to imprisonment for a term not exceeding 20 years or to both.
[21/98]
(2)  For the purposes of subsection (1), a computer shall be treated as a “protected computer” if the person committing the offence knew, or ought reasonably to have known, that the computer or program or data is used directly in connection with or necessary for —
(a)
the security, defence or international relations of Singapore;
(b)
the existence or identity of a confidential source of information relating to the enforcement of a criminal law;
(c)
the provision of services directly related to communications infrastructure, banking and financial services, public utilities, public transportation or public key infrastructure; or
(d)
the protection of public safety including systems related to essential emergency services such as police, civil defence and medical services.
[21/98]
(3)  For the purposes of any prosecution under this section, it shall be presumed, until the contrary is proved, that the accused has the requisite knowledge referred to in subsection (2) if there is, in respect of the computer, program or data, an electronic or other warning exhibited to the accused stating that unauthorised access to that computer, program or data attracts an enhanced penalty under this section.
[21/98]
Abetments and attempts punishable as offences
10.
—(1)  Any person who abets the commission of or who attempts to commit or does any act preparatory to or in furtherance of the commission of any offence under this Act shall be guilty of that offence and shall be liable on conviction to the punishment provided for the offence.
(2)  For an offence to be committed under this section, it is immaterial where the act in question took place.