By Chan Yu Meng
I am sure by now that many of you would have read in the news not too long ago about two lawyers being charged in Court with offences under the Computer Misuse Act (Cap.50A) for unauthorised copying of computer files from their employer’s computer systems after they had tendered their resignations.
Or how about the case of the seventeen year old student who was sentence to two months imprisonment for committing offences also under the Computer Misuse Act? He pleaded guilty to charges of hacking into a computer system to obtain free internet services.
Come to think of it, a lot of us use computers in our everyday lives, especially at work. Yet most of us know little about the Computer Misuse Act (the “Act”) and some of us may even be breaking the law without knowing it. So what is this Act all about and how does it affect us?
Types of offences under the Act
In general terms, the Act sets out a few types of criminal offences most of which involve the unauthorised use of computers, namely: access to computer material; modification to computer material; use or interception of computer service; obstruction of use of computer; and disclosure of access code. Another criminal offence covered by the Act deals with the access of computers with the intent to commit or facilitate the commission of an offence.
Unauthorised access to computer material
It is an offence if a person knowingly changes, erases, copies, moves, prints or even uses a program or data in a computer without permission. The sentence on conviction is a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or both.
Examples of this type of offence include the copying or deletion by the employee of client data and sales information from a company after his permission to do so has been revoked.
Unauthorised modification of computer material
This is an offence whereby a person knowingly and without authority does an act which causes the contents of a computer to be changed, erased, added to or impairs the normal operations of the computer. The sentence on conviction is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both.
This type of offence usually refers to the hacking into of computer server systems vandalising it or leaving malicious computer viruses.
Unauthorised use or interception of a computer service
Any person who knowingly and without authority: (i) secures access to any computer to obtain services; or (ii) intercepts, records or listens to a function or a communication to or from a computer; or (iii) uses any other device to carry out acts (i) or (ii), shall be guilty of an offence and the sentence on conviction is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or both.
These offences would refer to the hacking of computer systems for the purpose of gaining free internet services or to carry out spying activities.
Unauthorised obstruction of the use of a computer
Any person who, knowingly and without authority or lawful excuse: (i) interferes, interrupts or obstructs the use of a computer; or (ii) impedes or prevent access to, or impairs the usefulness or effectiveness of a program or data stored in a computer shall be guilty of an offence punishable upon conviction to a fine not exceeding $10,000 or imprisonment for a term not exceeding 3 years or both.
An example of this offence would be email bombing.
Unauthorised disclosure of access code
It is an offence to disclose one’s access code to any program or data held in any computer if the disclosure was for a wrongful gain, unlawful purpose or with the knowledge that it is likely to cause wrongful loss to any person. If found guilty, a fine not exceeding $10,000 is imposed or imprisonment for a term not exceeding 3 years or both.
Access with intent to commit or facilitate commission of an offence
Any person who changes, erases, copies, moves, prints or even uses a program or data from a computer, whether or not he was authorised to do so, with the intention to commit an offence involving property, fraud, dishonesty or which causes bodily harm shall be guilty of an offence and the sentence on conviction is a fine not exceeding $50,000 or to imprisonment for a term not exceeding 10 years or both.
A greater penalty other that the ones mentioned above will be imposed by the Courts: (i) if any damage is caused as a result of offences committed under the Act involving unauthorised usage of computers; or (ii) if a person has been convicted for the same offence before
In addition, persons committing offences under the Act involving unauthorised usage or access of computers that are used in connection with national security, public safety and key infrastructure will also suffer greater penalty, that is, sentencing on conviction is a fine not exceeding $100,000 or to imprisonment for a term not exceeding 20 years or both.
Scope of the Act
The Act applies to Singaporeans and non-Singaporeans alike and any offence committed under the Act outside of Singapore may be treated as being committed within Singapore.
In addition the Act will apply if at the time of the commission of the offence, either the person accused of committing the offence or the computer, program or data in question was in Singapore.
Police Investigative Powers
If a police officer has reasonable cause to suspect that a computer is or has been used in connection with any offences under the Act, he may be entitled at any time to have access to and inspect the operation of the computer and with the consent of the Public Prosecutor may require the person having charge of the computer to release information sufficient for the police officer to decrypt scrambled data held in the computer for inspection and investigation.
The presence of computers will continue to permeate our lives more and more with each passing day, and so will its importance in our lives as we hand over to it the operation of increasingly complex and life critical tasks.
Parliament having recognised that there will always be some among us who will choose to disrupt and take advantage of this reliance on computers for self gain, choose way back in 1993 to enact the Computer Misuse Act. Parliament then followed up in 1998 to update and enhance the provisions of the Act so that it continues to serve as a form of protection against these people and as a deterrence against the commission of more computer crimes.