Parliamentary Speeches

Online Criminal Harms Bill – Wrap-Up Speech by Mrs Josephine Teo, Minister for Communications and Information & Second Minister for Home Affairs

Published: 05 July 2023

Mr Deputy Speaker, 

1. I thank Members for their support for the Bill. 
 
2. They raised many relevant points which I will do my best to address. 


Circumstances Under Which the Government Will Use the Levers and the Impact on Stakeholders

3. Let me first address the questions on the circumstances under which the Government will use the levers provided in the Bill, such as Directions. Ms Janet Ang,  Mr Yip Hon Weng, and Mr Zhulkarnain Rahim had questions in this regard. 

4. Where there is reasonable suspicion that a specified offence has been committed and that an online activity is in fact helping the offence to be carried out, designated officers can issue Directions. In many cases, it would be apparent whether the threshold of “reasonable suspicion” is crossed, and action can be taken immediately. For example, child sexual abuse materials that are uploaded onto the internet. They are quite clear for everyone to see. In less clear-cut cases, the officers would first carry out investigations. 

5. In my opening speech, I had given examples of when the “reasonable suspicion” threshold may not have been crossed.  To recap, they include for example, initial contacting and grooming of victims of scams, blank websites that are not yet activated. These are the examples where the “reasonable suspicion” threshold may not have been crossed. So, Police action is not unfettered – you have to cross the threshold - and the Bill sets the bounds within which Police can act, and beyond which it cannot. 

6. To Mr Pritam Singh’s question, he may have missed my explanation in the opening speech – I may not have specifically used Clause 6(1)(a) which describes the general threshold, and Clause 6(1)(b) which describes the threshold for scams and malicious cyber activities. But it is this. Clause 6(1)(b) also covers the preparation for the offence, even when the offence has not yet occurred. So I hope this clarifies the terms that were being used. 

7. Mr Yip asked how quickly the Government can take action upon detection of online criminal content or activities. Where the magnitude of the criminal harm is high, and the impact is spreading fast, the authorities will seek to swiftly ‘nip it in the bud’. This would be the case for scams. The Police set up the Anti-Scam Command in 2022, and staff from the banks are co-located with Police officers at the Anti-Scam Centre. This has enabled us to sense-make and act quickly to prevent scams from harming more victims. And as I had mentioned in my opening speech, the threshold we have provided in the Bill for taking action against scams, is lower than for other offences, so that we can take action early and swiftly. As far as possible, we do not want to wait until a victim has fallen prey before acting. 
 
8. Ms Ang and Mr Melvin Yong asked about the responsibilities and expectations that will be placed on online service providers. Where we have identified a need for measures to be taken by such companies in order to tackle criminal activities, we would be requiring them in the law. The interventions would be designed with implementation in mind, and with emphasis on the outcome more than the how.  This approach recognises that every online platform has its unique features and operating considerations. The Government will be reasonable in applying the requirements under the Bill. 

9. To Ms Ang’s comment that there is appreciation of the consultative approach that the Government has been taking in developing this Bill, and her suggestion that such collaboration needs to continue; let me assure her we will do so. For example, in developing the Codes of Practice, we will engage the online platforms which we intend to designate, and take an outcome-oriented approach. We will also provide reasonable timeframes for platforms to comply with Codes and Directives.

10. Ms Ang and Mr Zhulkarnain asked how the Bill may affect privacy. Let me assure Members that the Government will strike an appropriate balance between preventing online criminal harms and privacy. For example, this Bill will not require online companies to “break” end-to-end encryption in private messaging. However, to combat a crime, we can issue Directions to the messaging platform to restrict the accounts which are being used to commit the crime.  We may also require information on the suspected offenders and other platform users involved, in order to fully investigate the case.

11. Mr Zhulkarnain asked that free speech and legitimate content continues to be protected. Article 14 of the Constitution provides such protections. At the same time, reasonable boundaries are needed because unfettered and absolute free speech can cause harm to individuals and society. It is therefore not uncommon to find laws in some jurisdictions that limit free speech; examples include prohibitions against hate speech.  

12. The Bill as it stands, applies only to online content and activity that already constitute a criminal offence in Singapore, such as incitement to hatred against a religious group.  I hope Mr Zhulkarnain will agree this does not create any new criminal offences in respect of speech, nor does it curtail legitimate content. 


Other Clarifications

13. I will move on to other queries about the Bill.

14. Mr Yip, Ms Ang, and Mr Louis Ng cited the challenges relating to jurisdictional issues and asked how the Bill will be applicable to websites and online services that are based overseas. The Bill has provisions that allow us to issue Directions, notices, Directives, and Orders to entities and individuals, even if they have no presence in Singapore.

15. We know, however, that some of them may choose not to comply, which is a challenge many countries similarly face. There are further steps that we can take. First, we can prosecute for non-compliance, where possible. Second, the Bill allows the Competent Authority to issue Orders to restrict access to the non-compliant online service, to prevent the criminal activity and content from being accessed by persons in Singapore. For example, an Access Blocking Order can be issued to internet access service providers to prevent non-compliant online services from continuing to reach users in Singapore and do them harm. These levers will be used judiciously and only when necessary.

16. Mr Murali Pillai asked about the offence penalties and whether they were decided with extradition in mind. Relatedly, Mr Yong also asked whether we intend to hold key executives of e-commerce platforms criminally liable. The penalties in the Online Criminal Harms Act are aligned with similar legislation, such as FICA and POFMA.  We want the executives of online platforms to take online harms seriously and to comply with the Directions, but this does not mean they must be personally liable for non-compliance. There are more effective measures such as access blocking. I don’t think any executive in his or her right mind, would find it easy to explain to their colleagues why because of non-compliance, access had been blocked; and since there is no personal liability, the need for extradition for non-compliance with Directions or Orders is moot. However, extradition can be undertaken in respect of the individuals carrying out the underlying specified offences, in accordance with the Extradition Act. I would add, however, that in the era of user-generated content, a lot of these content creators are very hard to pin down. So we have to ask ourselves what is the priority. If the priority is to prevent harm from continuing to reach our people, you can try and chase down the original perpetrator of the offence; or you can try and prevent the harm from happening first. We want to be able to do both, but we need to be able to ‘nip it in the bud’ quickly first. 

17. Mr Raj Joshua Thomas asked about the factors that will be taken into account, in deciding whether a person should be granted bail when the offence is failure to comply with the Directions. A key consideration is the risk profile of the offender. The nature of the underlying offence, which triggered the issuance of the Direction in the first place, will not usually be taken into account, because the essence of the offence is the failure to comply with the Direction issued. Also, a person liable for non-compliance to a Direction could be an internet service provider or online service, and thus may not be the perpetrator of the underlying offence to begin with. This shows that the offence of non-compliance and the underlying offence should be assessed separately.

18. Mr Yip asked how the Bill would relate to existing legislation, such as FICA and POFMA. POFMA and FICA were designed specifically to handle online falsehoods and foreign interference respectively, and will continue to be used for such threats. We recognise, however, that some cases are complex and levers under multiple legislation could apply.  We will consider the unique aspects of each case and use the appropriate levers. 

19. Here it may be useful for me to address a point that Mr Gerald Giam made. I believe he asked specifically – that we already have some levers under the Broadcasting Act when the Online Safety Bill was passed, and now we are trying to pass the Online Criminal Harms Bill – what is it that the new Bill will do that we weren’t able to do in the previous legislation. Perhaps it is useful to then compare more broadly, what this set of legislation or legislative tools are designed to achieve, that we weren’t able to do previously. There are essentially three areas. First, is in terms of the scope of the content that is covered. The amended Broadcasting Act covers egregious content as defined in the Act, with a key focus on online safety, including content advocating or instructing on suicide, or self-harm, content posing public health risk in Singapore, and content likely to cause racial and religious disharmony in Singapore. So those were the kinds of things we covered last year, when we debated the Online Safety Bill. The Online Criminal Harms Bill will cover a broader scope of online criminal harms, including illegal money-lending, unlawful gambling, and drug-related offences. So the scope of coverage is not identical. 

20. Secondly, the scope of services covered. They overlap to some extent but are also not identical. The amended Broadcasting Act applies to online communication services. As a start, only social media services are subject to the provisions under the amended Broadcasting Act. The Online Criminal Harms Bill will cover all mediums of online communications through which criminal activities could be conducted. So that’s the second difference. Thirdly, the levers to deal with scams and malicious cyber activities are quite different. The Broadcasting Act’s Code of Practice for Online Safety will require social media services to respond to user reports on scams – a user submits a report, the Code says, you, as a social media service have a responsibility to act on that report. But given the need to protect victims from falling prey to scams, and to ensure that scams can be efficiently and effectively addressed, the Online Criminal Harms Act, when it takes effect, will take one step further to provide the Government with the targeted levers to issue directions against scams and malicious cyber activities, including against online activity that is suspected to be in preparation for such offences - this is the part that is quite key. The offence may not yet have materialised, it has not necessarily taken place, but it looks to be, from past cases, that this is preparation in service of that offence. There will also be requirements for the designated online services to put in place proactive measures to detect and prevent scams and malicious cyber activities. So those are the three areas where the two differ; and the two actually complement each other. 

21. Mr Murali asked about the structure and delineation of roles between the “competent authority”, “authorised officer” and “designated officer”. He suggested that given the role of the Competent Authority, it should operate separately from the investigation arm of a law enforcement agency. This will indeed be our approach. The Competent Authority will be sited within the Singapore Police Force, and will be structurally separate from the Police units that perform investigative functions. In building up the Competent Authority’s office, the appointment of authorised officers by the Minister will take into account the expertise and relationships required to effectively administer the Bill, as Mr Murali has pointed out.

22. Designated officers would be those who are charged with detecting, enforcing, or investigating the specified offences. They would be the best placed to determine whether and what kind of Directions should be issued, and will do so independently of the Competent Authority.  

23. Administratively, we intend for there to be a single point of contact to issue the Directions. This function will reside with the Competent Authority. The Competent Authority will therefore have an overall picture of all the Directions being issued. 

24. Mr Singh asked for the details of the Codes of Practice. Mr Yong asked whether the Codes of Practice could include requirements for e-commerce platforms, such as seller verification and escrow accounts. The purposes of the Codes of Practice are set out in the Third Schedule, and they do provide for user verification and payment protections. The Codes will apply to designated online services, which can include e-commerce platforms that are assessed to pose significant risk of scams or malicious cyber activities. 

25. Requirements for designated e-commerce platforms will take reference from the E-commerce Marketplace Transaction Safety Ratings (TSR). The TSR is a publicly available report that rates major e-commerce platforms based on the anti-scam measures they have in place. The higher the rating, the more anti-scam features a platform has. I encourage members of the public to refer to the TSR when transacting online, and exercise caution when transacting on platforms with lower ratings. When engaging your residents on how to protect themselves from scams, Members can also encourage your residents to refer to the TSR when transacting online. 

26. Mr Murali and Mr Ng had queries on the technical provisions in the Codes of Practice. Codes of Practice issued under Clause 21(4) of the Bill do not have legislative effect. This means that they do not constitute law. Such provisions are common for Codes of Practice under Singapore legislation. 

27. In our case, given the fast-evolving nature of the online space, we anticipate that the Competent Authority may need to adjust provisions in the Codes of Practice every now and then, to keep pace with emerging threats and industry developments, including tailoring the codes to different types of online services. This is similar to how licensing conditions in regulated sectors are today determined and varied as necessary by the licensing authority. 

28. Let me reassure Mr Murali that notwithstanding the legal position of the Codes of Practice, we have provided in the Bill that persons acting reasonably to comply with the Codes of Practice will not incur civil and criminal liability. We will also be able to take action if any provision of the Codes are not complied with, which Mr Yong was also concerned about.  In such instances, the Competent Authority is empowered to issue a rectification notice to a non-compliant entity. It will be an offence under this Bill if the designated online service does not comply with the notice. 

29. Mr Ng asked about the provision that the requirements of a Code of Practice have effect, despite duties imposed by any rule of law, contract, or rule of professional conduct. This clause is similar to provisions under POFMA and the amended Broadcasting Act. As an example, one rule of law is the obligation of confidentiality under contract or common law. However, with the said provision in this Bill, an online service cannot reject a requirement to provide information on the basis that it is under an obligation of confidentiality. To reassure Mr Ng, the Competent Authority cannot issue any Code as it pleases. Any Code being considered must fulfil the purposes set out in the Third Schedule. Any amendments to the Third Schedule must be presented to Parliament.

30. Ms Ang and Mr Zhulkarnain asked whether Directions and Orders will need to be complied with while the reconsideration or the appeal is ongoing. The answer is yes, because any stay on reconsideration or appeal would mean that more people would continue to be harmed by the online criminal activity. To reassure Members, we have provided within the Bill that the Reviewing Tribunal must complete its work expeditiously. 

31. On Mr Murali’s question about the finality of appeals made to the Minister or to the Reviewing Tribunal, there is no ouster clause within this Bill. Decisions made by the Minister and Reviewing Tribunal will be documented, and can be subject to judicial review.

32. Mr Zhulkarnain asked that the Bill be periodically reviewed to keep up-to-date with evolving online criminal harms, and the state of technology. We agree this is important. The Bill has been drafted with this in mind, allowing us to add further offences via amendments to the First and Second Schedules, where necessary. MHA will work closely with other agencies to monitor developments in the technology space, and respond nimbly to threats that can be posed by emerging technology, such as generative AI.

33. Mr Singh asked what other harms the Online Criminal Harms Act might cover in the future. Mr Ng asked about the inclusion of offences relating to the sale of animals, birds and wildlife. For now, the Bill focuses on criminal offences that pertain to national security, national harmony and individual safety. We will consider Mr Ng’s suggestion in future reviews. As to other harms, they must be criminal in nature, and have an online nexus. 

34. Ms Ang had queries about the information request provisions for investigating underlying offences.  While we seek to investigate cases expeditiously, we will set reasonable timelines for online services to comply with such requests.


Suggestions and Clarifications Outside the Scope of the Bill

35. Next, I will deal with the questions and suggestions which relate to our broader efforts against online criminal harms and scams. Strictly, these fall outside of the scope of today’s Bill, and some of them have been discussed in this House before. I shall therefore be brief. 

36. With respect to the points made by Mr Singh regarding other legislation, these have already been debated in great detail on previous occasions, and they have no bearing on today’s Bill in particular. I will, however, make three brief points. The first is that, I believe Mr Singh mentioned POFMA, and that with POFMA, the Government decides what is truth. I think that’s not quite a correct characterisation. Mr Singh knows very well that POFMA deals with false statements of fact. These false statements of fact can be proven. There has to be a basis for making those allegations. Opinions – people are free to continue to make. But if you say something that is factually incorrect, it is carried online, it can go very far, and it has public interest, then that is where POFMA could be considered. That is the first point. Other than that, opinions – anyone is free to continue to offer theirs. The second point is that in the vast majority of the cases where POFMA directions have been issued, the receivers have complied in full, and the content they had put out originally remain fully accessible. Most of the POFMA directions are like that. Anyone can still read what was originally made available. They can decide for themselves. To the third point, Mr Singh specifically mentioned Asian Sentinel, I do not wish to go into that in great detail, because it has no bearing on the Bill we are debating. I would invite him, if he is very interested, to file a Parliamentary Question, and we can address his concerns. 

37. Ms Ang asked what technology and capabilities the Government is investing in. Given the speed and scale at which online criminal harms can be perpetrated, manual processes will not be effective. The Government is making more use of analytics and also Artificial Intelligence (AI), for example, to detect and shut down scam websites faster. In implementing AI, we will keep in mind the potential downsides as shared by Mr Zhulkarnain.

38. In line with Mr Yip’s suggestions, we will continue to work with agencies such as GovTech to make reporting channels for the public more easily accessible. 

39. On Ms Ang and Mr Yip’s queries about overseas perpetrators, cooperation across borders is needed to take them to task. We will certainly continue to strengthen our international partnerships.
 
40. Mr Yip has asked how we would deal with attempts by members of the public to circumvent the Directions. The Government will do its best to protect the people in Singapore by preventing online criminal content and activities from reaching them.  However, if individuals choose to circumvent these protections and use VPN or other means to access dubious content sources, they do so at their own risk. We can’t protect people who deliberately avoid the protection.  

41. Mr Yip, and I believe Mr Giam, also called for greater efforts to educate the public, and to sensitise them to the threat of online harms. We fully agree with them. The Police have worked with several stakeholders to educate the public and raise awareness on scams. Some of these initiatives include the proactive dissemination of information and advisories on scams, and sharing of successful prosecutions on a regular basis. E-Shoppers on Watch interest group; collaborations with e-commerce platforms such as Shopee for the interactive in-app anti-scam quiz; collaborations with retailers such as Gardenia, iJooz and Canadian Pizza to display anti-scam messages on their platforms. 

42. The Police have also set up the Scam Public Education Office to drive anti-scam outreach, which will involve working closely with community partners. The Scam Public Education Office will collaborate with the National Crime Prevention Council to create and curate anti-scam educational content for the public. It will partner the private sector and community agencies to tailor anti-scam material for different population groups. such as youths and seniors, migrant workers, banking service users and digital platform users. 

43. SPF also works closely with the CSA and IMDA to develop joint cyber safe materials, and participate in public events to share the materials with members of the public. Some examples include the Digital For Life Festival organised by IMDA, and the sharing on the safe use of the internet by IMDA’s Digital Ambassadors with seniors in particular - I know this is a group that Mr Yip is particularly concerned about. 

44. Mr Deputy Speaker, I believe I have covered most of the ground. I have in my notes here, points that were made by Mr Giam, with respect to calls. I think he said that shutting down websites is one thing – what about calls? Actually, the topic of whether calls should be blocked had been covered separately. I think in previous updates on anti-scam measures, we talked about the fact that IMDA implements call-blocking on a very wide scale. If my memory serves me right, as recently as February or March [last year], I think we updated the House that upwards of 55 million calls are blocked every single day right now – that’s just how many you have. It is either every single day, or every single week, or every single month. Anyway, it is 55 million. Calls are not the primary target of this Bill. Calls are an important way in which scammers reach their victims, and we have taken active steps to block them. I can update the House that IMDA is seriously looking at giving phone users the option to block all international calls, which is primarily how scam calls get piped through. That is something in the works, and I hope to be able to give Members an update in the not too distant future. I thank Mr Giam for his acknowledgement of the value that ScamShield brings. We will continue to improve the product to make it more robust, and make it easier as you say for people to report scams, and to as best as possible, try and block the verified scam callers, as well as content. But I must caution, that our developers are mindful that we do not go beyond what people expect of privacy protection. So that is them exercising a degree of self-restraint. In discussing such issues with my colleagues from other jurisdictions, I shan’t mention where – where the population is much more accustomed to a far higher degree of surveillance – yes, indeed, some of these measures can go a lot further. I am mindful, and I think Members have continued to remind us, that there is only so much you can do, and there are certain thresholds we should not cross. 


Conclusion

45. Mr Deputy Speaker, I thank the Members for their support for the Bill. 

46. It is another important step towards creating a safer online space for Singaporeans. It complements existing efforts to act more effectively against online criminal activities, through partnership between our people, the Government and industry.

47. Mr Deputy Speaker, I beg to move.