Online Criminal Harms Bill

Order for Second Reading read.

Mr Deputy Speaker: Minister for Home Affairs.

2.00 pm

The Second Minister for Home Affairs (Mrs Josephine Teo) (for the Minister for Home Affairs): Mr Deputy Speaker, Sir, I beg to move, "That the Bill be now read a Second time".

Last year, Parliament amended the Broadcasting Act through the Online Safety Bill, which targets harmful online content such as advocacy of suicide and self-harm.

The Online Criminal Harms Bill we are debating today focuses instead on online content or activity which is criminal in nature, or which is used to facilitate or abet crimes.

There is growing international consensus that new rules and levers are needed to combat criminal harms online. There is also growing recognition that proactive approaches are needed to prevent such harms, and that Government efforts alone will not be enough.

The United Kingdom (UK), the European Union (EU), Germany and Australia have or are introducing new laws in this regard. They have been useful references as we formulated our proposals.

In general, we have taken a targeted approach, focusing on areas that are most problematic. We have also taken a pragmatic and collaborative approach. For example, we recognise and encourage initiatives by online services to improve online safety. But we also know that they tend to be designed for a global user base and do not cater to the unique circumstances in specific locations.

Where we have identified a need for additional measures to tackle risks of criminal activities, it will be better to require them by law than to leave things to chance. The specific interventions should however be designed for ease of implementation, with strong emphasis on effective outcomes.

Sir, with those comments as backdrop, let me outline the broad features of the Bill.

First, the Bill allows Directions to be issued to online service providers, other entities, or individuals, when specified criminal offences take place.

Second, the Bill makes special provisions for scams and malicious cyber activities. Such activities tend to unfold with great speed and scale. They inflict great harms on the victims, not just in terms of financial losses. The threshold to issue Directions should therefore be lower than for the other specified criminal offences.

We will also require designated online services to put in place systems and processes to counter scams and malicious cyber activities.

Members would be familiar with the use of Directions to restrict the exposure of users in Singapore to online criminal content and activity. Directions are also a feature of the Protection from Online Falsehoods and Manipulation Act (POFMA), the Foreign Interference (Countermeasures) Act (FICA) and the Broadcasting Act (BA).

What criminal offences can Directions be used for? These are criminal offences that affect national security, national harmony, and individual safety, and which have an online nexus. They are specified in the First Schedule of the Bill.

Clause 6(1)(a) provides the legal threshold for Directions to be issued against online activity. Directions can be issued only when there is reasonable suspicion that a specified offence under Part 1 of the First Schedule has been committed and the online activity is in furtherance of that offence.

Designated officers will issue Directions for criminal offences under their agency's purview. For example, designated officers from the Central Narcotics Bureau (CNB) will be authorised to issue Directions for offences under the Misuse of Drugs Act.

While designated officers may be sited in several agencies, a competent authority sited under the Singapore Police Force (SPF) will serve as a single point of contact across the Government, for recipients of Directions, such as online service providers.

Clauses 8 to 12 set out the scope of the five types of Direction. For example, where the Police have reasonable suspicion that an account on a social media service is being used for unlicensed moneylending activity, they can issue the social media service provider: one, a Disabling Direction, so that the offending post or page is prevented from reaching a person in Singapore; or two, an Account Restriction Direction, so that an offending account is prevented from interacting with persons in Singapore.

As a second example, a Stop Communication Direction may be issued to someone who posts text or images, inciting violence against people of a certain race.

The use of Directions limits the reach of criminals and prevents more persons from being exposed to the harm. For scams and malicious cyber activities, we will however need a different approach, one which is more proactive and pre-emptive.

Many scams and malicious cyber activities are carried out through deception. For example, scammers may create online accounts or websites that seem authentic and legitimate. Such accounts or websites are then used to convince victims to transit to another platform, where they are then targeted for scams.

Victims may also inadvertently download malware that have the ability to steal their login credentials or other personal information. Such methods are commonly used for investment and job scams, which together saw close to 10,000 cases in 2022, with victims losing more than $300 million.

Unfortunately, the initial contacting and grooming of victims may not yet constitute a criminal offence, even if they are a necessary step. As a result, they may not cross the threshold of reasonable suspicion for Directions to be issued.

Malicious actors are also quite "kiasu", in the sense of preparing much more than the bare minimum. For example, thousands of blank websites are created in advance, with domain names that resemble those of legitimate organisations.

When the malicious actor is ready to strike, these blank websites are swiftly activated, populated with scam content and pushed out to the public, who may fall prey within minutes. But until these blank websites and preparatory locations are activated, they may also not cross the threshold of reasonable suspicion for Directions to be issued.

Faced with such opponents, Members might understand why our response needs to also be "kiasu"; to be extraordinarily careful. This is why clause 6(1)(b) of the Bill introduces a lower threshold for issuing Directions for scams and malicious cyber activity offences that are specified under part 2 of the First Schedule.

This is when there is suspicion or reason to believe that any online activity is being carried out in preparation for or as part of the commission of a scam or malicious cyber activity offence. Law enforcement would then be able to issue Directions proactively, once such activities are detected, and even before an offence is committed. For instance, we could issue Access Blocking Directions to Internet service providers to prevent the blank websites I mentioned earlier from being accessed by Singapore users, even before scammers activate these sites.

We would also be able to issue App Removal Directions to remove scam apps that are used to commit scam offences, from Singapore app storefronts and third-party app stores. In addition, we will require providers of designated online services to put in place systems and processes to counter possible offences under the Second Schedule. For now, the only group specified within the Second Schedule will be scam and malicious cyber activity offences. But this approach allows us to respond more quickly if new classes of offences emerge which also require counter actions by designated online services.

Sir, we have decided to involve online service providers in crime prevention because they have much more knowledge about what is happening on their platforms. Law enforcement agencies obtain information only when Police reports are filed by victims, or through online trawling, which is not exhaustive and is more akin to finding a needle in a haystack. On the other hand, online services have direct and full access to relevant data about activities on their platform, and can also perform analytics to detect and respond to crime on their platform.

Through successful partnerships with the Police, online service providers have also found that it helps them plug information gaps and take more effective actions. For example, a scammer may first approach a victim through an online service but carry out the scam on a different online service. The first online service may not be aware of the scam and will act to identify and remove the source only when alerted by the Police.

Such collaboration will be promoted through codes of practice. Their requirements will be framed in terms of outcomes which designated online services must meet. This gives a provider the flexibility to customise its approach depending on the nature of its service. The competent authority will consult and work with the providers of designated online services in developing the codes of practice. The codes will be updated periodically in response to new and evolving threats, and technological developments.

If designated online services are found to be non-compliant with the codes of practice, clause 23 allows that the competent authority be able to serve the providers of these services with a Rectification Notice to correct the non-compliance by a specified time, before escalation to prosecution. Clause 24 provides that the competent authority may issue the provider of a designated online service an Implementation Directive to put in place any system, process, or measure, if it is satisfied that this is necessary or expedient to address a relevant offence under the Second Schedule.

Unlike codes of practice, an Implementation Directive will be specific and prescriptive. For example, the competent authority may issue an Implementation Directive for a designated online service to put in place a specific form of multi-factor authentication to protect against the misuse of accounts to commit crimes.

We are providing for such Directives as a complement to the codes of practice. For example, where there may be an urgent need to put in place a specific measure to address the proliferation of a specific scam operation, an Implementation Directive would be more effective in this instance.

Clause 20 provides for the competent authority to designate online services that would be subject to the codes of practice and Implementation Directives to be applied against offences in the Second Schedule of the Bill. In designating online services, we will consider the extent and impact of the harms relating to the specified offence groups, the reach of the online service, the design and nature of the online service and any other relevant factors.

Clauses 28 to 31 provide the competent authority with powers to issue Access Blocking Orders, App Removal Orders or Service Restriction Orders, where there has been non-compliance with a Direction, a Rectification Notice, an Implementation Directive, or another Order.

In other words, Orders are intended to be an escalatory enforcement measure taken only where necessary, if there has been non-compliance. Their purpose is to limit the further exposure of persons in Singapore to the criminal activity. Orders operate alongside and do not replace other possible measures that we can take for non-compliance, such as prosecution.

Sir, the Bill provides for appeal mechanisms against Directions, Orders against non-compliance, designation of online services, the application and content of codes of practice, and Implementation Directives.

For Directions and Orders, an appellant must first seek reconsideration from the agency that gave the Direction or Order. If the reconsideration request is unsuccessful, the appellant can then appeal to a specialised Reviewing Tribunal under clause 18 or 37. This allows timely and efficient remedies to be delivered via an independent channel instead of via general appeal to the Courts.

Appeals against designation of online services, the application and content of codes of practice, and Implementation Directives will be heard by the Minister for Home Affairs. Such appeals involve assessments of the online landscape and policy considerations on how regulatory levers should be applied. For example, an appeal by a designated online service against a provision in a code of practice may be resolved through varying that provision. This will, however, impact other designated providers that are similarly subject to that code and thus should be decided by the Minister for Home Affairs.This appeal mechanism is similar to that provided for appeals against codes of practice in other legislation such as the Broadcasting Act, which are also appealed to the relevant Minister.

Clause 48 provides that Police officers and enforcement officers may request information from online service providers or owners of online locations where there is reasonable suspicion that a specified offence has been committed and there is online activity on that online service or location which is in aid of the specified offence. This is to facilitate investigations and criminal proceedings. These powers also apply to entities that are based overseas and information which is stored overseas. For example, the Police may require account information relating to persons who are distributing child sex abuse material from an online service provider that is not based in Singapore.

Sir, to conclude, there is no silver bullet to resolving the complexities of the online world. This Bill is calibrated to allow us to respond more effectively to online criminal harms while enabling us to continue to enjoy the many benefits which the Internet has brought us. Sir, I beg to move.

Question proposed.

Mr Deputy Speaker: Mr Pritam Singh.

2.19 pm

Mr Pritam Singh (Aljunied): Mr Deputy Speaker, before I speak on the substantive aspects of this Bill, I want to make the point that not all legislation passed in this House targeting online content is equal. The Workers' Party (WP) will support rules aimed at online content when they are in Singaporeans' interest, such as with this Bill, but not otherwise.

My speech is in three parts.

First, I will reiterate why the WP did not support previous Bills concerning online content. It is important to highlight to Singaporeans that each piece of legislation needs to be scrutinised on its own merits. The Government must be made to justify each statute it wishes to pass by this House, including those that restrict Singaporeans' access to online content.

Second, I will set out why we support the current Bill as a whole.

Third, despite my general agreement with the Bill, I will raise questions for the Minister on specific points of concern.

Mr Deputy Speaker, I move on to the first part of my speech on previous legislation targeted at online content.

In its press release on 8 May, the Ministry of Home Affairs (MHA) called this Bill, "the next piece in our suite of legislation, including the Protection from Online Falsehoods and Manipulation Act (POFMA), Foreign Interference (Countermeasures) Act (FICA) and the recently amended Broadcasting Act to better protect the public in Singapore from various harms in the online space."

The Ministry of Home Affairs (MHA) groups these four Acts together – the Broadcasting Act, POFMA, FICA and now, if I may coin the obvious acronym, OCHA. However, we need to remind ourselves in this House and we need to remind Singaporeans generally that these statutes are very different from one another.

Three points connect these statutes: firstly, they relate to online content; secondly, the Government says that these laws are needed to protect Singaporeans from harm; thirdly, the Government can implement broad, powerful measures to restrict Singaporeans' access to online content and to impose severe penalties on individuals and entities for non-compliance.

But these statutes differ in critical ways. They target exceedingly diverse online content.

OCHA targets online content that could result in Singaporeans being victims of scams and other crimes. POFMA and FICA restrict the access of Singaporeans to information that the Government considers false, manipulative or constitutes foreign interference in our domestic affairs.

Reasonable people can disagree with the Government on what types of online content are harmful and whether Singaporeans need to be protected from them. Reasonable people can also desire that the Government not be given draconian powers that could be used, whether now or by future governments, to stifle points of view different from those of the government of the day.

Regarding FICA, the WP did not vote in favour of FICA as promulgated by the Government. We were not against FICA in principle. We understand that there are foreign actors who wish Singapore harm and that the Government should have powers to combat and counter malignant forces, but our view is that FICA confers extraordinary powers which need the most robust of independent oversight by the judicial arm of our Government, namely, the Supreme Court.

The WP was also of the view that the wording in FICA such as "is likely to" and "where the Minister suspects" creates low thresholds of proof that could be unfairly used against individuals or entities. The WP proposed more than 40 amendments which we opined would allow FICA to achieve its aims of curbing unwanted foreign influence, while at the same time ensuring appropriate checks on the Government that protect the rights of Singaporeans.

As for POFMA, the WP opposed it because POFMA entrusts the Ministers and their alternate authorities to decide what is truth and what is a falsehood. In certain cases, they would not be neutral parties, but would be making decisions as interested parties. For instance, if a Government decision is criticised in an article published on a website, it is the Minister himself or herself who decides whether the article is true or false. The Minister would be able to make such a decision with limited oversight by the Courts. The High Court cannot inquire into the merits of a Minister's POFMA decision.

In addition, the powers under POFMA are extreme. If a Correction Order is made, an entire website is blocked, not just the offending article. My view is that when websites are blocked under POFMA, it is Singaporeans who lose out. Singaporeans are not able to read alternate viewpoints. If such alternate viewpoints are false, the Government can counter those viewpoints by publishing the facts as it sees them in the mainstream local media, both in print as well as online.

The recent case involving Asia Sentinel is instructive on how POFMA can be deployed by the Government. The Government recently issued a POFMA Correction Direction to Asia Sentinel, a California-registered publication, over an article titled, "Singapore kills a Chicken to Scare the Monkeys."

Asia Sentinel took certain actions to comply, but the Ministry of Communications and Information (MCI) said, "While Asia Sentinel carried the Correction Notices, this was not done in compliance with the requirements of the Correction Direction for the respective Correction Notices to be situated at the top of the article and at the top of the main page of the website."

I believe that Asia Sentinel placed the Correction Notice at the top of the article but did not place it at the top of the main page of the website.

Because Asia Sentinel did not comply fully with the Government's order, Internet service providers in Singapore are ordered to block access in Singapore to Asia Sentinel's website. The article and the website are no longer accessible by computers and smart phones with Singapore Internet Protocol (IP) addresses.

In particular, I find it draconian to expect a news website to place a Correction Direction at the top of the main page of the website. Surely, a Correction Notice situated at the top of the article should be sufficient if the Government's concern is for Singaporeans to be able to read the Government's point of view in contrast to that of the news publication.

My concern is not for Asia Sentinel in itself. They are a foreign website. It is of not much concern to me whether they lose readership or revenue by being blocked in Singapore. What I do care about is that I and other Singaporeans cannot access Asia Sentinel to read the article in question and decide what we think about it for ourselves.

Indeed, anyone using a computer with a Singapore IP address can no longer access any articles published on Asia Sentinel, even those that have nothing to do with Singapore. Surely, that smacks of the Government wanting to punish the publishers of the website, rather than merely wanting to correct falsehoods in a specific article.

The Singapore Government must have many tools at its disposal to ensure that its viewpoint is available to Singaporeans. Is it really in the best interest of Singapore Citizens that the Government blocks not only an article the Government deems false, but an entire publication?

What if The New York Times or The Financial Times were to republish the Asia Sentinel article or any other POFMA-sanctioned article? Would the Singapore Government seriously mean to block either The New York Times or The Financial Times if it refuses to publish the Correction Notices in the required format? Would this blocking be in the best interest of Singaporeans?

Mr Deputy Speaker, let me move on to the second part of my speech on my support for the current Bill.

The WP agrees that it is necessary to protect Singaporeans from scams and other crimes that may be perpetrated using online methods. I believe it is right for the authorities to have available the use of Part 2 Directions against those who control relevant material or websites, online service providers, Internet service providers and app stores.

I am sure that legitimate business operators in these areas would have no objection to cooperating with Singapore authorities to protect those who live here from online criminal harms. In particular, I support the development of codes of practice for designated online services as provided for in Part 4. Ultimately, a proactive approach rather than a reactive one is certainly important in view of how quickly online scams evolve.

Overall, the WP's assessment is that OCHA is very different from POFMA and FICA when it comes to the online harms targeted. This Bill deserves the support of the House.

Mr Deputy Speaker, this brings me to the third part of my speech, where I have some questions for the Minister on specific points of concern.

My first question for the Minister is, what exactly is the difference between the use in Part 2, specifically clause 6(1), of the words "reasonably suspects" compared to the word "suspects" in limb A and limb B of the clause specifically?

MHA's press release acknowledges that the word "suspects" has a lower threshold than "reasonably suspects", but what is the practical effect of this difference in the context of combating online crimes? Perhaps the Minister could explain this distinction using the standards of proof used in our Courts. Could the standards on a balance of probabilities, prima facie or reasonable doubt help us understand the difference better?

Mr Deputy Speaker, may also ask the Minister to give more details about the codes of practice?

While in principle, a proactive approach in having codes of practice is good, the fact that there are sanctions for non-compliance reiterates the importance, if not the critical role, designated online services and other intermediary services play to disrupt scammers. Under Part 4 of the Bill, the Government may issue Rectification Notices and Implementation Directives to designated online services. Non-compliance with notices or directives attract prosecution and severe fines that can go into the millions of dollars.

Could the Minister give details of how codes of practice will be developed, including what consultations and engagements will be undertaken with the industry? To this end, Mr Deputy Speaker, how would these codes of practice apply in practice to disrupt online scams?

I note the Minister gave a broad outline in her opening speech, but let me suggest a particular context for consideration.

The days of receiving phone calls from people pretending to be Immigration, Ministry of Health (MOH) or bank officers are fast becoming yesterday's scams. Today's online scams that lure individuals – one that was recounted to me at this Monday's Meet-the-People Session just two days ago – are very sophisticated.

A resident was lured by an offer of a supposedly genuine job to raise the profile of products sold on e-commerce platforms such as Qoo10. The resident received a payment for services rendered on the first day of her assignment. Convinced that the arrangement was legitimate as money had been transferred to the resident, the resident got trapped in a quasi-investment scam, hoping to see more returns and thereby increased her engagement with the scammer. The resident at my Meet-the-People Session on Monday told me that she lost more than $300,000 in total. The scammer actually paid her close to $1,000 on the first day of the engagement, winning her trust.

I am sure Members have heard similar sad outcomes for some of our residents and their residents. Can the Minister share how this Bill and the codes of practice will operate to disrupt such scammers, particularly with reference to e-commerce companies, or online service providers through whom such scams are unknowingly perpetrated?

While it is hoped that this Bill will serve as an important line of defence to disrupt online scams, the future is even more ominous, with artificial intelligence (AI) portending the prospect of a far more intelligent scammer than ever before. To this end, it cannot be left to agencies like the Anti-Scam Command, the Police or even legislation such as this Bill, to serve as the first line of defence for Singaporeans. The general public has to be far more vigilant with respect to its engagements online, especially when it comes to the transfer of funds and engagement with individuals who are not known to them.

Finally, Mr Deputy Speaker, the introductory words of the explanatory statement to the Bill say that this Bill seeks to counter online criminal activity and protect against online harms. Currently, the target of the Bill appears to be scams and other criminal activity, but the fact that the explanatory statement says that the Bill seeks to also protect against online harms suggests that activities other than criminal ones have been contemplated by the drafters of the Bill.

Could the Minister shed light on what other activities the Bill could potentially address or conceivably address? Could the Minister let us know what other scenarios beyond criminal activity were discussed or are being deliberated? For example, the Government previously mentioned that it would seek to address "cancel culture". Could this be one of the areas that is being contemplated as potentially coming within the scope of the Bill?

In conclusion, Mr Deputy Speaker, this Bill is very different from POFMA and FICA, which the WP did not support. POFMA and FICA carry the possibility of Ministers depriving Singaporeans of hearing valid alternative viewpoints without adequate judicial checks. OCHA is targeted at protecting members of the public from scams and offences that can cause financial and other harm. If it remains focused on this target, the WP will continue to be in favour of its implementation. Mr Deputy Speaker, I support the Bill.

Mr Deputy Speaker: Mr Murali Pillai.

2.33 pm

Mr Murali Pillai (Bukit Batok): Mr Deputy Speaker, I support this eagerly awaited Bill, and I am glad to note from the speech of the hon Leader of the Opposition that it also enjoys the support of my hon friends across the aisle.

This Bill, if passed, will provide the legislative levers that will enable our enforcement officers to take proactive measures to protect Singapore residents from falling victim to scams. This Bill creates a potentially powerful instrument that can be used to great effect.

In my speech, I shall point out three ways to make this instrument more precise, more powerful and longer in reach. I will also focus on the organisational structure as well as the processes that are being contemplated to be put into place to administer and enforce the powers and the responsibilities spelt out in this Bill once it comes into effect.

Let me start off with a point on governance, which is embedded in the definitions of “competent authority”, “designated persons” and “authorised persons” as stated in clauses 3 and 4 of the Bill. May I please ask the hon Second Minister for Home Affairs whether she intends that a separate independent body be created as a competent authority to administer the Act once it comes into being?

In this regard, I note that the competent authority has a dual role. First, it facilitates enforcement work. In this role, it is intended that the “competent authority” be vested with the power to issue Orders for non-compliance of Government Directions to specific entities aimed at proactively dealing with cases where specified criminal offences are suspected to be committed. Second, it is vested with the responsibility to develop a framework in the form of codes of practice that designated online service providers will have to comply with a view to, amongst others, facilitate information sharing on suspicious online activities and design of features to make online platforms more scam-proof.

To achieve the legislative objective, I foresee the need to foster a relationship of candour, the hon Minister mentioned "partnership" between the online service providers and the competent authority. The online service providers will need some assurance that if they were to provide inputs in good faith, there will be no serious repercussions against them.

The hon Second Minister mentioned that the competent authority will be a unit within the Singapore Police Force (SPF). I wonder whether this unit within the SPF, will be structurally separated from the investigative arm. This will prevent any conflict in the dual roles contemplated for the authority.

One possible example to follow could be the Suspicious Transactions Reports Office (STRO) of the Commercial Affairs Department (CAD). The STRO has a responsibility in dealing with information- sharing concerning anti-money laundering activities and others with financial institutions. The STRO is sited within the CAD’s intel and admin group, which is separate from CAD’s investigative arm, its financial investigation group.

I also note that it is proposed that the Minister may appoint any public officer from any Ministry, department or an employee from a Statutory Board as an authorised person. Potentially, this is quite wide. Under Clause 5 of the Bill, it is proposed that the competent authority may delegate the exercise of its powers to authorised persons. It may also issue Directions of a general character to them and they must give effect to the Directions. May I ask what will be the hon Minister’s considerations when exercising this power that is proposed to be vested in her?

Apart from the issue of independence that I already raised, it seems to me, given the specialist nature of the duties that will be vested in the competent authority, would it not be better to create a department which can be more focused on developing the expertise and the relations necessary to achieve the legislative objectives of this Bill as opposed to allowing authorised persons to be appointed across the Civil Service?

Finally, for my last point on the governance structure, I turn to the definition of designated officer. Under the Bill, it is the designated officers who will be vested with the power to issue Government Directions in respect of online activity so as to be able to proactively manage suspected crime cases and prevent more people from falling victims to scams. However, I am not able to find any direct statutory lever that the competent authority may exercise over the designated officer. What is specifically provided though, is that under clause 4(5) of the Bill, a designated officer must act in accordance with his departmental head.

Given that the competent authority has the responsibility to administer the Act once it comes into force and the interplay between the designated officer’s and competent authority’s roles, may I ask why is it felt that it is not necessary to allow the competent authority to issue Directions that the designated officer should heed? It could be as simple as requiring the designated officer to notify the competent authority at the point when he or she exercises the powers under this Act once it comes into force.

These three points on governance may appear to be quite technical but they go towards sharpening this powerful law against scams.

I now turn to processes stipulated in the Bill which speaks to the power of this instrument.

The first has to do with the status of codes of practice issued by the competent authority. I note that it is proposed that the competent authority be vested with, amongst others, the following powers: (a) to stipulate an online service of an online service provider as a designated online service and online service providers as designated providers; and (b) to issue codes of practice that designated providers will have to comply with.

As the hon Minister mentioned, non-compliance may trigger the issuance of rectification notice and failure to comply with this notice may even be a criminal offence. Clause 19(4) also provides that the requirement of a code of practice has an effect despite any duty of confidentiality, privacy or arising from contract or any rule of professional conduct.

Against this backdrop, may I please ask why it is then stipulated in clause 21(4) of the Bill that the code of practice issued under the said clause does not have legislative effect? Would it not be better to provide that the code of Practice constitutes subsidiary legislation under the Act once it comes into force? I seek the hon Minister’s clarification on this point.

I now move on to the provisions in the Bill dealing with appeals. I note that a dual track of appeals is being proposed in this Bill. Appeals may be made to the Minister in relation to decisions made by the competent authority under Part 4 of the Bill. Appeals against actions in relation to Government directives under Part 2 of the Bill and Orders under Part 6 of the Bill may be appealed to the Reviewing Tribunal. It is provided under the respective clauses of the Bill that the decisions of the Minister and the Reviewing Tribunal are final.

My question is what is intended by the word “final”. The lawyers in this House would know that Courts do not always interpret “final” as “final”, as if nothing further can be said or challenged. In a good number of cases, the Courts have decided that usage of such words do not oust the jurisdiction of the Courts to judicially review the decisions made on appeal.

May I clarify that the intent in this Bill is not to oust the power of the Court to revisit decisions of the Minister or the Reviewing Tribunal on appeal based on the traditional grounds of judicial review? If so, is it contemplated that the Minister and the Reviewing Tribunal will have to provide written grounds of decisions when deciding on appeals so that the Court will be able to properly scrutinise the matter should its jurisdiction to review Government action be invoked? The “final” here therefore is not incompatible with “still open for challenge”.

Finally, I turn to Part 11 of the Bill that deals with, amongst others, offences for breaches of Directions and Orders issued under the Bill. I am glad to note that the offences provided for in this part have extraterritorial reach, having regard to the transnational nature of the scams today.

I have a query as to why the provision for punishment for the offence created under clause 52, which deals with persons who do not obey a Part 6 Order issued by the competent authority as a result of a failure to comply with a Part 2 Direction, falls below the threshold for making it an extradition offence.

As I understand, clause 6 and clause 28 of the Bill complement each other. Clause 6 contemplates a designated officer to issue a Part 2 Direction to any person even if he may be located outside Singapore. The focus here is to proactively deal with situations where certain specified criminal offences are suspected to be committed so as to prevent even more people in Singapore from becoming victims of scams. Where any person does not comply with the Part 2 Direction, the competent authority may give a Part 6 Order under clause 28. This involves, amongst others, the issuance of an Order to the provider of an app distribution service to stop distributing the relevant app to Singapore persons or an Order to a provider of non-compliant online service to suspend or stop the provision of such service to Singapore persons. It is important to note that it is specifically provided in clause 28 that the recipient of a Part 6 Order may not necessarily be the same as the recipient of the original Part 2 Direction.

For a person who fails to comply with a Part 2 Direction, he would have committed an offence under clause 50 of the Bill. As the said clause provides for a maximum punishment of two years, which is the minimum threshold as provided for in the Extradition Act 1968 for an offence to be an extradition offence, under the current legislative scheme, so long as the Second Schedule of the Mutual Assistance in Criminal Matters Act is subsequently updated to include this specific offence as a “serious offence”, this offence becomes extraditable.

This is not the case for clause 52 of the Bill which creates the offence for breaching a Part 6 Order. This is because the maximum punishment for a breach of clause 52 is one year, which is below the minimum threshold provided for in the Extradition Act.

Since these provisions are meant to complement each other, may I ask the hon Minister why is there a difference? I would have thought that, having provided these offences to be extraterritorial, it would be important to ensure that the more serious offences in this Bill should be made extradition offences. Otherwise, the fear is that the punishment provisions, insofar as they apply to individuals based outside Singapore, will become toothless. To harmonise the two would allow this instrument a greater, and to my mind, a proper reach.

Mr Deputy Speaker, the arm of the law, when dealing with scams, must not only be long, it must also be powerful and precise. It is with these considerations in mind that I have raised some concerns about the Bill in its current form, with attention to its governance structures, the standing of codes of practices issued and its punitive reach. With these issues properly addressed, we will have a stronger legislative instrument suited to fight the rising public menace of online criminal harms. Sir, notwithstanding my comments, I support the Bill.

Mr Deputy Speaker: Mr Gerald Giam.

2.45 pm

Mr Gerald Giam Yean Song (Aljunied): Mr Deputy Speaker, the Online Criminal Harms Bill was introduced for the purpose of empowering the authorities to combat online crimes more effectively and safeguard the public in Singapore from various online harms. It is also supposed to enable swift Government action against online criminal activities, proactively preventing scams and malicious cyber activities to protect potential victims.

Scams are the online criminal activities that loom largest against Singaporeans these days. While I support the Bill, I would like to seek clarification on how the Bill will be able to empower the authorities to deal with scams in ways that existing legislation does not.

According to data from SPF, the victims of some 31,700 scam cases were cheated of almost $661 million in 2022, $29 million more than the year before. This works out to an average of almost $21,000 cheated per case. These are staggering amounts of hard-earned savings of Singaporeans lost to scammers. Quite a few victims are my residents who approached me for help to recover their lost savings. Sadly, in most cases, the money had been spirited overseas and could not be recovered.

The Infocomm Media Development Authority (IMDA) and the Police currently work with Internet service providers to block scam websites. In 2021, 12,000 suspected scam websites were blocked, many with the help of artificial intelligence (AI) algorithms that can quickly detect and block scam websites. This means that if a new phishing website was set up to collect usernames and passwords of bank customers, the Government is already empowered to immediately order that website to be blocked, so that no more users in Singapore can access it. What difficulties have the authorities faced in expeditiously blocking actual scam websites, that necessitates the introduction of this Bill?

I note the Minister's explanation in her speech just a moment ago that this Bill will enable authorities to block websites if there is reasonable suspicion that they are being prepared in advance of a scam. Can I confirm with the Minister if this means that if someone were to register a domain name that is a variant of, say, "dbs.com", it will get proactively blocked, even if the website does not contain any content yet and even if that domain is registered overseas?

Similarly, if a telephone number is reported to have been used to carry out scams, is the Government already empowered to direct telcos to immediately block such numbers? Are there any encumbrances to doing so now that require this Bill?

The Minister previously said that scam calls made over the Internet, such as through messaging apps like WhatsApp, are currently not blocked. With this Bill, would scam calls made over the Internet now be blocked through an Account Restriction Direction that can be issued to online service providers?

Will short message service (SMS) redirection attacks, which redirect text messages containing one-time passwords (OTPs) sent from banks to hackers, be more effectively blocked under this Bill, and if so, how will it be more effectively prevented than under the current regime?

The National Crime Prevention Council (NCPC) and Open Government Products has developed ScamShield, an anti-scam app which automatically blocks scam calls, detects scam messages and allows users to report scam messages and calls. I am glad to note that a version of ScamShield for Android devices has finally been released. However, in order for SMSes from known scam numbers to be blocked, a user will need to install the ScamShield app and give the app permissions to read their SMSes and contacts. This is a multi-step process, which some non-technical users may struggle with. Indeed, even technical users may be reluctant to grant such intrusive access on their phones.

The NCPC says that more than 600,000 people have downloaded the ScamShield app. This means that more than five million residents in Singapore still do not have ScamShield installed, and presumably more do not have the app setup to block scam messages.

To better protect potential victims of scams who are unaware of ScamShield or choose not to install the app on their phones, the Government should direct telcos to block all verified scam messages and calls, without depending on end users to install ScamShield. These should include those scam phone numbers reported by end users through ScamShield and verified by the NCPC and the Police. Time is of the essence, since it only takes seconds for an unwitting victim to click on a phishing link and enter their username, password and OTP, and for the scammers to clear out their bank account or Central Provident Fund (CPF) accounts.

While the ScamShield app, ScamShield bot and website do provide forms for people to report suspected scams, how many people are aware of these reporting channels and actually use them? How does the Government intend to promote its use? How will they encourage their use and explain it to those who find it challenging, adopting such technology?

The ScamShield bot is able to take in reports of scam messages in non-English languages, but can only reply to users in English. Are there plans to enable it to reply in Chinese, Malay and Tamil, so that more non-English speakers can interact with the bot?

More should be done to leverage the knowledge of the entire population to quickly and comprehensively identify scams, and block scam numbers before more people fall victim to them. This can be done through better publicity of these reporting channels, giving updates to users when their reports were used for Police investigations or when the number is blocked, and making it easier for users to report scams.

The scam epidemic is a gargantuan problem which needs to be tackled more effectively by the Government, telcos and financial institutions. I hope that this Bill will give these agencies and organisations more levers to do so, to prevent more Singaporeans from falling victim and losing their hard-earned savings to these criminals.

Mr Deputy Speaker: Mr Melvin Yong.

2.51 pm

Mr Melvin Yong Yik Chye (Radin Mas): Thank you, Mr Deputy Speaker. I stand in support of the Bill, which seeks to introduce levers to enable the authorities to deal more effectively with online activities that are criminal in nature. However, I have some questions and suggestions.

Before I begin, I would like to declare my interest as President of the Consumers Association of Singapore (CASE).

Sir, I commend the Bill's proposal to classify offences related to scams and malicious cyber activities as a specified criminal offence in the First Schedule. This will allow the Government to issue Directions to better combat online scams, and this is vital, because just as the e-commerce boom has supercharged the way consumers shop today, it has also led to a sharp increase in online scams in recent years. In 2022, CASE received 2,530 consumer complaints regarding e-commerce purchases. This is a 15% increase from 2021. In the first five months of this year alone, CASE has received 1,408 related complaints and this is over 55% of last year's case load.

Some of the common complaints by consumers pertaining to e-commerce transactions often involve misleading and false claims, non-delivery of orders and receiving counterfeit products. To address these complaints, CASE has been advocating for mandatory seller verification by all online marketplaces.

Over the weekend, Members may have read a The Straits Times article about how Nicholas Ong Chang Hui, a recalcitrant scammer who was sentenced to 23 months and six weeks' imprisonment, was able to obtain a verified tick on Carousell, even after he was caught previously scamming victims on the same platform. The report said that Nicholas Ong had used separate accounts to perpetuate his scams. This shows how important mandatory seller verification is to prevent such scams.

I would therefore like to ask the Minister if the codes of practice that will be issued under this Bill will include mandatory seller verification for e-commerce platforms. If so, what legislative teeth will the codes provide, should platforms refuse to comply? What will be the threshold, before the competent authority issues a Direction to mandate the implementation of such verification, and will there be a time frame given to the platform to comply with such a Direction? And if so, what would be the timeframe?

Beyond seller verification, we must put in place a suite of measures to combat e-commerce scams. One proposal that I have repeatedly raised is for the Government to require online marketplaces to put in place an escrow account. This is a simple but effective mechanism that would serve to protect the consumer's monies until the consumer confirms that the goods bought are delivered in satisfactory condition. Escrow accounts would give consumers a greater peace of mind when shopping online. Where there are issues with the goods or in instances of non-delivery of goods, consumers would have the assurance that their monies are protected. I would therefore like to ask the Minister if the Bill could require the creation of escrow accounts under the codes of practice or under a Direction.

Sir, to ensure that e-commerce platforms truly pay attention to combatting online harms perpetuated through scams on their platforms, we must ensure that the company's executives, such as the chief executive officer (CEO) and the key management staff, will be made liable for their actions, or inactions, subject to the circumstances. I would therefore like to ask the Minister if the e-commerce platforms' key executives will be criminally liable for offences under this Bill, or if they direct their firms not to comply, or to partially comply with the Directions issued.

Beyond legislation, I am happy to share that CASE has been working hard in the past year engaging many industry stakeholders to foster a trusted online marketplace for all consumers. In April this year, Shopee Singapore signed a Memorandum of Understanding (MOU) with CASE, to adopt CASE's Standard Dispute Management Framework for E-marketplaces. Including CASE's earlier MOU with Lazada Singapore, we now have two of the leading online marketplaces in Singapore, covering a significant market share of the local e-commerce sales, committed to resolve consumer disputes efficiently and equitably. I call on all other online marketplaces with local presence to come onboard too.

CASE will also be launching a new CaseTrust accreditation scheme for e-commerce businesses in the second half of this year. The scheme will cover the entire range of e-commerce practices from pre-sale to post-sales and will address common consumer pain points when they shop online. We hope to provide consumers shopping via accredited e-commerce sites with greater assurance through this accreditation scheme.

Sir, in conclusion, combatting scams and other criminal activities perpetuated through online means will require our authorities to constantly remain a step ahead of the criminals. This Bill is a timely measure that will allow our authorities to better protect the public in Singapore from various harms in the online space. I hope that the codes of practice and the Directions proposed under this Bill will include measures, such as mandating seller verification and escrow accounts, to better safeguard our consumers when they shop online. Sir, I support the Bill.

Mr Deputy Speaker: Mr Zhulkarnain Abdul Rahim.

2.58 pm

Mr Zhulkarnain Abdul Rahim (Chua Chu Kang): Mr Deputy Speaker, Sir, I stand in support of the Online Criminal Harms Bill. This Bill is a significant piece of legislation that will help Singaporeans from online harms.

During my Meet-the-People session this past Monday, I met a couple who had lost their life savings, over $240,000, through elaborate and unauthorised transfers from their bank accounts. They were devastated. That night alone, we had three cases of residents facing online scams.

I have met many during my house visits and Meet-the-People sessions, many who had fallen victims to the scams or know of someone who had. With online scams becoming increasingly sophisticated and deploying various methods and technology, I welcome this Bill to combat against online scams and protect our fellow Singapore residents from falling prey.

The Bill introduces a number of new measures to combat online crime, including: firstly, issuance of Government Directions to online service providers to take down content or disable accounts that are suspected of being used for criminal activity; secondly, online service providers will be required to comply with codes of practice that set out standards for preventing and responding to online harms; thirdly, enhanced enforcement powers allow the Police to investigate and prosecute online crimes.

I believe that the Bill is a necessary step to protect Singaporeans from online harms. However, I have three clarifications.

My first clarification is in relation to the appeals process and the oversight of the implementation of the Bill. I echo what hon Member Mr Murali Pillai said, "'Final' does not necessarily mean final". The lawyers would always want to have the final word.

The Bill gives the Minister for Home Affairs broad powers to order Internet intermediaries to remove or block online content. These powers are not subject to judicial oversight, save for an appeal to a Reviewing Tribunal in the case of a Part 2 Direction or an appeal to the Minister or an Appeals Advisory Committee in other appeals.

Some are concerned about censorship of legitimate content. May I ask the Minister to clarify the appeals process and explain how the process will not be used to restrict free speech or legitimate content?

In this regard, firstly, what are the criteria that will be used to determine whether a content is considered to be "online criminal harms"? Secondly, what safeguards will be put in place to protect the privacy of users?

My second clarification is in relation to the interim measures pending the conclusion of the appeals stage.

For clauses 17 and 36 of the Bill, there is a requirement that the designated officer or competent authority affirm, cancel or substitute the Direction or Order within a "reasonable time" after receipt of an application for re-consideration.

As a starting point, I welcome the flexibility given to the relevant authorities to deal with the differing situations that may arise. This is because such decisions should be made expeditiously to address the evolving situation and the decision should be made within a reasonable time. However, until reconsideration or final decision of an appeal, such decisions and orders remain in force.

In the premises, will the Ministry consider establishing rules, possibly by way of a subsidiary legislation, to enabling the Reviewing Tribunal or such other appeals committee, in the appropriate circumstances, to either, first, hear cases on an expedited basis; second, stay the Direction or Order pending the final decision of the Reviewing Tribunal; or third, make interim measures/orders where appropriate and necessary?

My third and final clarification is in relation to keeping up with the forms of online criminal harms using artificial intelligence (AI) or other technological developments.

We are faced with new online platforms, media and technology all the time. Just earlier this week, Meta announced that it will be launching a new social media app called "Threads" on its Instagram platform rivalling Twitter. These new platforms and technologies will only increase in number and sophistication as society progresses.

I would humbly suggest a constant monitoring and review of the online criminal harms space in this regard. I hope that the Minister can assure this House that the Bill or its Schedule can be periodically reviewed on a frequent basis to ensure that we keep up-to-date and possibly even abreast with the various new online criminal harms and technological platforms that may arise in the future so as to ensure that the legislation will still remain fit for purpose. In this regard, how will MHA be working with MCI or other agencies to ensure this?

In such evolving circumstances, perhaps, the use of AI intervention may be deployed to benefit us, as Member Mr Gerald Giam mentioned earlier. However, I must say that this must be exercised with caution as the use of AI and other technological tools, comes with its pitfalls and necessary risks.

In June 2022, the US Federal Trade Commission issued a report to Congress warning about safeguards when using AI to combat online harms. The report encourages legislators to create policies that ensure AI tools do not cause additional problems. Some recommendations include avoiding over-reliance due to false positives and false negatives, using more human oversight, improving platform AI interventions and passing laws that change the business models or incentives that allow harmful content to proliferate.

Singapore can also be a contributor to the global effort to harmonise the rules of AI regulations and, in particular, by using to detect and deter online criminal harms and also the approach in the case of online criminal harms perpetrated by AI itself.

In conclusion, Mr Deputy Speaker, Sir, this Bill will put us in good stead to combat online criminal harms and we will have a comprehensive legal framework in this regard with legislations like POFMA, FICA and recent amendments to the Broadcasting Act and the recent enhanced deterrents against money mules in online scams.

Sir, there is a quote, "Curiosity pulls people into the scam and the fraudster's greatest liability is the certainty that his fraud is too clever to be detected." We must correct this. Instead of curiosity, we must make our people circumspect when faced with possible scams. Instead of arrogance, we must make scammers afraid of the certainty that they will not be able to get away with it. At the same time, we should continue with our proactive approach to the prevention of online criminal harms.

I hope that the Ministry will continue the good work by working with all stakeholders, from corporates, online platforms to educational institutions and our youths who are digital natives, in raising public awareness and collective vigilance as a nation against online criminal harms. Sir, notwithstanding my clarifications, I stand in support of this Bill.

Mr Deputy Speaker: Ms Janet Ang.

3.07 pm

Ms Janet Ang (Nominated Member): Mr Deputy Speaker, I stand in support of the Online Criminal Harms Bill.

Online services have become a part of our daily lives and changed how we interact with people, businesses and Government. The convenience of doing things from the palm of our hands has forever transformed how we live, work and play, bringing new opportunities for people and businesses. At the same time, however, the online space is also increasingly being exploited by criminals and our digital footprint expose us to the risks of scams and malicious cyber activities.

The Government has spared no effort in public education and engaging private sector stakeholders, such as banks and telecommunications companies (telcos), to join in the fight against online criminal harms. As users, we all need to be extra careful and diligent and not let our fingers do the thinking. A wrong single click may lead to a regret of grave magnitude or even the loss of one's life savings. As users, we need to unlearn doing everything with speed. With all the instant tools around us, we, in fact, need to relearn how to allow ourselves some time to think and reflect before we act. Let us not get impatient and frustrated in having to read the repeated warnings about scams and the advice not to release our one-time passwords (OTPs) or to simply click the links in messages without validating. As users, we do need to be vigilant against bad actors by setting up our digital house in order and doing the regular "digital spring cleaning" and "digital health checks".

But given the pervasive threat and grave impact of online criminal harms on victims, it is timely that the Government is enacting this Online Criminal Harms Bill to tackle online content which is criminal in nature or used to facilitate or abet crimes.

As spelt out in the First Reading of the Bill and in Minister's speech earlier as well, "complementing public education efforts and the steps being taken to build a discerning citizenry, this Bill enables the Government, in partnership with industry, to act more effectively against online criminal activities, including scams and malicious cyber activities." The Minister has also shared during her Committee of Supply (COS) speech last year that Australia, the UK and the EU are also looking into online safety legislation that provide powers for the authorities to seek take-downs of harmful online content.

I support the approach which will be taken under the proposed Bill, but I do have a few clarifications for the Minister.

When this Bill is enacted into law, Government Directions may be issued when there is reasonable suspicion that an online activity is being carried out to commit a crime. To ensure speed of response, lower threshold for taking action enables the Government to disrupt scams and malicious cyber activities before anyone falls prey.

How will the competent authority qualify "reasonable suspicion"? How much investigation time will be given to the online services to assist in validating the identity of the suspected perpetrator? In fact, will the investigation be before or after the directions are issued?

The collaboration of the online service platform providers is imperative. They are the middlemen, so to speak, in the middle of the crime being committed. While the tech industry is committed towards apprehending scams, but compliance may be an issue considering the broad nature of the legislative text. So, what responsibilities are expected of them? How does the Government ensure compliance? As most of these online services are global tech companies, they most likely have their own processes and tools and ways of doing things. How much flexibility will the online service providers have to arrive at the outcomes expected by this Bill?

Cyber criminals often use anonymisation tools and encryption techniques to conceal their identities and activities online. How will MHA handle the challenge of tracing and identifying offenders to take them to task?

And, of course, we know, the Internet transcends geographical boundaries. Service providers may also run into issues where data or processes are not stored and run solely in Singapore. In some cases, Directions may touch on issues out of jurisdiction and time may be needed to fully comply. There may be requests that are subject to further legal processes, such as a government-level request under a mutual legal assistance treaty with other countries. How will the Ministry handle the challenge of jurisdictional issues?

There is an appeals mechanism within the Bill. Will the timeline for the adjudication commensurate with the amount of time provided under a relevant Government Direction or will the Government Direction have to be complied with while the appeal is being looked into?

Can Minister clarify how, in the implementation of this Bill, the Government will balance the need for effective law enforcement with privacy rights and legal safeguards? And, of course, what technology and capabilities are we investing in to fight this war against online crimes?

In speaking with the industry players, there is appreciation of the consultative approach that the Government has been taking and welcome continued engagement as the Government work on drawing up the codes of practice under this OCHA as this Bill is referred to. For there to be a win-win-win, this public-private collaboration needs to continue. Can Minister share plans if any, for deepening this collaboration to facilitate the win-win-win? Notwithstanding my clarifications, Sir, I support the Bill.

Mr Deputy Speaker: Mr Louis Ng.

3.13 pm

Mr Louis Ng Kok Kwang (Nee Soon): Sir, this Bill will allow us to tackle criminal online activities. It will empower the Government to issue directions against online activities which may be criminal, act proactively against scams and malicious cyber activities and introduce appeal mechanisms to safeguard the exercise of powers.

I have three points of clarification to raise.

My first point is on offences relating to the sale of animals. The Second Schedule of the Bill sets out offences that the Bill intends to combat. This does not include offences related to the illegal trade of animals and wildlife under the Animals and Birds Act, Wildlife Act and the Endangered Species (Import and Export) Act.

We know that a significant volume of illegal trade of animals and wildlife is taking place online. In 2021, a report by Traffic, a non-governmental organisation (NGO), found that 3,354 live birds were put on sale in 44 Singapore-based Facebook groups from December 2018 to April 2019. The sellers were unlicensed and the sales illegal.

Data published by tech companies highlight the scale of the problem. A 2021 report by the Coalition to End Wildlife Trafficking states that tech companies in the group, including Google, Facebook and TikTok, had blocked or removed nearly 12 million listings of endangered species and associated products.

Can Minister share why offences under the Animals and Birds Act, Wildlife Act and the Endangered Species (Import and Export) Act have not been included in the Second Schedule? Will the Ministry consider including these offences under the Second Schedule?

My second clarification is on the nature and effects of the codes of practices.

Section 19(4) provides that a requirement of a code of practice has effect despite any duty of confidentiality imposed by any rule of law or a duty imposed by any contract or any rule of professional conduct. This effectively allows a code of practice to override legislative and contractual rules. However, section 21(4) also provides that a code of practice does not have legislative effect. Can the Minister clarify the nature of the code of practice?

A code of practice can be introduced and amended by the competent authority without going through Parliament. It would appear inappropriate for such a code to override any duty of confidentiality that is imposed by any rule of law, including any rule introduced by Parliament. Can the Minister give specific examples of rules that the codes may override?

My third and final clarification is on the extraterritorial applications of the provision.

Under section 19(2), notices and directives can be given to designated providers even if they are constituted or operating outside of Singapore. Part 11 of the Bill deems non-compliance with Directions and notices to be offences even if committed by persons outside of Singapore.

Can the Minister elaborate on how these rules and offences will operate in practice when the service providers or individuals are located overseas? How will we ensure implementation of our notices and directives by service providers or individuals located overseas? In the event that a prosecution has to be brought against service providers or individuals located overseas, will steps be taken to secure their attendance in Court?

Sir, notwithstanding these clarifications, I stand in support of the Bill.

Mr Deputy Speaker: Mr Joshua Raj Thomas.

3.17 pm

Mr Raj Joshua Thomas (Nominated Member): Sir, I stand in support of the Online Criminal Harms Bill.

Singapore is one of the most Internet-connected countries in the world. Further to this, as the hon Minister said at the Stack 2022 Developer Conference last year, effectively all transactions between citizens and the Government can already be completed digitally end-to-end. Most of our commercial transactions can also be transacted online, including e-shopping and e-banking. Retail payments have also largely gone digital. While this has significantly improved convenience, efficiency and the productivity of Government agencies and commercial entities, it has also increased Singaporeans’ exposure to potential online harms, including scams and other types of criminal activity perpetrated through an online medium.

This Bill is, therefore, timely and important to update our laws to deal with new types of criminal offences arising from the online sphere.

Two aspects of the Bill are of particular importance.

First, the Bill is one of the few laws that will have extraterritorial jurisdiction. This is important, given the transnational nature of the Internet as regards to users as well as service providers. The Bill provides that liability for various offences have extraterritorial jurisdiction and, likewise, that other measures ordered by the competent authority or designated officer may apply to persons who are not in Singapore.

Second, the Bill also takes a proactive approach to empower the competent authority to promote or require good practices by designated providers to prevent the commission of various offences. The competent authority may also require designated providers to implement appropriate systems, processes or measures. This provision will allow the competent authority to pre-empt potential emerging online harms and to take steps to help prevent them. It also grants the competent authority the ability to set out norms for current and new operators and, in this, it is an important preemptive operation of the Bill.

I have one technical clarification to make. Clause 55 of the Bill makes offences under clauses 50, 51 and 52 arrestable and non-bailable. Arrestable and non-bailable offences are offences in which the Police or the Courts would not normally offer bail, and would consider bail only on a case-by-case basis. These conditions are imposed for more serious offences and essentially mean that, after being charged, an accused person would be held in remand in prison while waiting for the final verdict.

Clause 50, in particular, criminalises the failure to comply with Orders or Directions made under Part 2 of the Bill. Clause 6(a) in Part 2 empowers a designated officer to make certain directions if he reasonably suspects that a specified offence has been committed and that online activity is in furtherance of the offence. The specific offences are enumerated at Part 1 of the First Schedule. My clarification is as regards offences that are listed in Part 1 of the First Schedule that are not arrestable and non-bailable. For example, number 32 of Part 1 of the First Schedule reads: “Offences under Part 2 of the Protection from Harassment Act”. These offences include causing fear, alarm or distress and are generally bailable offences.

Under the current Bill, if a person was reasonably suspected of, say, online harassment, and was given a Direction to stop communication and fails to comply – the putative offence would have the nature of being arrestable and non-bailable – which means that, if charged, the accused person would likely be held in remand until the matter is concluded. I ask specifically about this because for most of the offences in Part 1 of the First Schedule, the online harm is sufficiently heinous for a failure to comply with a Part 2 Direction to be considered a serious crime, whereas for some offences, like those in Part 2 of the Protection from Harassment Act, it may not necessarily be so. It is also important to note that a similar offence like cyberbullying would also not be an arrestable and non-bailable offence.

As such, it may be useful for some clarification from the hon Minister that this may be one of the factors that the Court or the Police could take into account when considering whether to offer bail, which despite being non-bailable, may be offered on a case-by-case basis, for a person charged under clause 50 of the Bill, read with clause 55.

Sir, notwithstanding my clarifications, I support the Bill.

Mr Deputy Speaker: Mr Yip Hon Weng.

3.21 pm

Mr Yip Hon Weng (Yio Chu Kang): Mr Deputy Speaker, Sir, as we navigate an era of advancing technology and ever-evolving artificial intelligence (AI) capabilities, it is becoming increasingly challenging to detect scams and cybercrimes. Gone are the days when we could rely on simple indicators like poor English or obvious typos. Today, we must remain vigilant and employ more sophisticated means to identify and combat these illicit activities.

This Bill serves as a valuable complement to our existing legislation, such as POFMA, FICA and the Broadcasting Act. By incorporating the Online Criminal Harms Bill into our legislative arsenal, we can enhance our ability to safeguard the public from the perils of the digital realm. I would like to raise clarifications on five areas.

First, Mr Deputy Speaker, Sir, reporting channels must be easily accessible. For this Bill to be successful, people must be willing and know how to come forward to report malicious sites. It is essential to establish clear and accessible avenues for reporting such sites. Can the Minister elaborate on the designated reporting channels? Will the Singapore Cyber Emergency Response Team (SingCERT) or IMDA serve as the primary agency to which these sites can be reported? Furthermore, what measures are being implemented to ensure that residents find it easy to report these sites? Increasing awareness and providing user-friendly reporting mechanisms can encourage more individuals to come forward and contribute to the early detection and prevention of online criminal activities.

Second, Mr Deputy Speaker, Sir, we need to be quick to take action. In the digital era, given the urgency in preventing more victims from falling prey to scams or misinformation, time is of the essence in taking appropriate action against malicious sites. It would be helpful to understand the time interval between reporting a site and the issuance of any necessary Directions under this Bill. Can the Minister shed light on the timeline or processes involved in evaluating reported sites and initiating the appropriate actions? Swift and timely response is critical in the context of how fast such scams can spread online to minimise the potential harm suffered by unsuspecting individuals.

Third, Mr Deputy Speaker, Sir, virality and reach play a part in determining the impact of the online content. When considering the issuance of Directions, will MHA take into account factors such as the virality and the reach of social media platforms and websites? It is important to recognise that platforms with a large following or significant potential for virality can pose a greater risk of rapid and widespread harm, even if their content is equally harmful to that of websites with limited reach. Could the Minister provide insights into the considerations when assessing the severity and impact of a malicious site?

Fourth, Mr Deputy Speaker, Sir, we should address the means by which individuals or entities might attempt to circumvent the bans on accessing malicious sites. While penalties are primarily aimed at non-compliance with Directions, what provisions does the Bill include to address individuals or entities that might modify website addresses or employ other strategies to evade the initial directions? How do we deter residents from using virtual private network (VPN) or other digital means to access these malicious sites which have been banned? It would be beneficial to understand the measures put in place to mitigate such attempts at circumvention and maintain effective control over the identified malicious sites and apps.

Mr Deputy Speaker, Sir, my fifth clarification concerns dealing with overseas websites and perpetrators. Many malicious websites originate overseas, posing challenges in terms of identifying and holding individuals responsible. It raises the important question of how the relevant agency would know whom to direct a Disabling or Restriction Direction to. Moreover, why should the creators of such sites who are based overseas comply with such Directions? What penalties do they face and what alternatives do we have, if they refuse?

Clause 56 of the Bill indicates that individuals committing offences outside Singapore may be dealt with as if the offences were committed wholly within Singapore. However, in cases where extradition is not feasible due to the absence of an extradition treaty or the foreign enforcement agency's inability to apprehend the overseas culprits, what implications do the penalties outlined in the Bill have for individuals who cannot be brought back to Singapore for prosecution? Can the Minister elaborate on the plans and strategies in place to collaborate with foreign counterparts in apprehending these perpetrators and ensuring that they face legal consequences?

How does this law also impact on falsehoods or foreign interference by state actors that may seek to destabilise our society? What powers does this law have to act on these powerful and subversive entities? Will this law also have overlaps with FICA or POFMA?

In conclusion, Mr Deputy Speaker, Sir, this Bill is a critical step in strengthening our legal framework to combat scams and cybercrimes in the digital age. With rapid technology advancements which enable growing sophistication of perpetrators, it is imperative that we remain vigilant and adapt our strategies to stay one step ahead. At the same time, we must acknowledge the challenges we face.

One such challenge is the global nature of such crimes. As mentioned, many malicious sites and perpetrators are based overseas, making it difficult to bring them to justice promptly. While efforts are being made to collaborate with foreign counterparts, we must accept the limitations and understand that immediate action may not always be possible.

Additionally, the ever-changing nature of scams and online harms necessitates a proactive approach. Legislation alone is necessary but insufficient. Legislation alone cannot entirely eradicate these issues. Enforcement, education and awareness remain our key defence. It is essential to prioritise efforts to educate the public about online safety, raise awareness about common scams and promote responsible digital practices. This can be achieved through robust digital literacy programmes, continuous education initiatives and comprehensive awareness campaigns, especially for our seniors. By strengthening these initiatives, we can equip individuals with the necessary knowledge and skills to navigate the digital landscape safely and confidently. I support the Bill.

Mr Deputy Speaker: Minister Josephine Teo.

3.28 pm

Mrs Josephine Teo: Mr Deputy Speaker, I thank Members for their support for the Bill. They raised many relevant points which I will do my best to address.

Let me first address the questions on the circumstances under which the Government will use the levers provided in the Bill, such as Directions. Ms Janet Ang, Mr Yip Hon Weng and Mr Zhulkarnain Rahim had questions in this regard.

Where there is reasonable suspicion that a specified offence has been committed and that an online activity is, in fact, helping the offence to be carried out, designated officers can issue Directions. In many cases, it would be apparent whether the threshold of “reasonable suspicion” is crossed and action can be taken immediately, for example, child sexual abuse materials that are uploaded onto the Internet. They are quite clear for everyone to see. In less clear-cut cases, the officers would first carry out investigations.

In my opening speech, I had given examples of when the “reasonable suspicion” threshold may not have been crossed. To recap, they include, for example, initial contacting and grooming of victims of scams and blank websites that are not yet activated. These are the examples where the "reasonable suspicion" threshold may not have been crossed. So, Police action is not unfettered – you have to cross the threshold and the Bill sets the bounds within which the Police can act and beyond which it cannot.

To Mr Pritam Singh's question, he may have missed my explanation in the opening speech. I may not have specifically used clause 6(1)(a), which describes the general threshold, and clause 6(1)(b) which describes the threshold for scams and malicious cyber activities. But it is this – clause 6(1)(b) also covers the preparation for the offence, even when the offence has not yet occurred. So, I hope this clarifies the terms that were being used.

Mr Yip asked how quickly the Government can take action upon detection of online criminal content or activities. Where the magnitude of the criminal harm is high, and the impact is spreading fast, the authorities will seek to swiftly nip it in the bud.

This would be the case for scams. The Police set up the Anti-Scam Command in 2022, and staff from the banks are co-located with Police officers at the Anti-Scam Centre. This has enabled us to sense-make and act quickly to prevent scams from harming more victims.

And as I had mentioned in my opening speech, the threshold we have provided in the Bill for taking action against scams, is lower than for other offences, so that we can take action early and swiftly. As far as possible, we do not want to wait until a victim has fallen prey before acting.

Ms Ang and Mr Melvin Yong asked about the responsibilities and expectations that will be placed on online service providers. Where we have identified a need for measures to be taken by such companies in order to tackle criminal activities, we would be requiring them in the law. The interventions would be designed with implementation in mind and with emphasis on the outcome more than the how. This approach recognises that every online platform has its unique features and operating considerations. The Government will be reasonable in applying the requirements under the Bill.

To Ms Ang’s comment that there is appreciation of the consultative approach that the Government has been taking in developing this Bill, and her suggestion that such collaboration needs to continue. Let me assure her we will do so. For example, in developing the codes of practice, we will engage the online platforms which we intend to designate, and take an outcome-oriented approach. We will also provide reasonable timeframes for platforms to comply with codes and Directives.

Ms Ang and Mr Zhulkarnain asked how the Bill may affect privacy. Let me assure Members that the Government will strike an appropriate balance between preventing online criminal harms and privacy. For example, this Bill will not require online companies to “break” end-to-end encryption in private messaging. However, to combat a crime, we can issue Directions to the messaging platform to restrict the accounts which are being used to commit the crime. We may also require information on the suspected offenders and other platform users involved, in order to fully investigate the case.

Mr Zhulkarnain asked that free speech and legitimate content continue to be protected. Article 14 of the Constitution provides such protections. At the same time, reasonable boundaries are needed because unfettered and absolute free speech can cause harm to individuals and society. It is therefore not uncommon to find laws in some jurisdictions that limit free speech; examples include prohibitions against hate speech.

The Bill, as it stands, applies only to online content and activity that already constitute a criminal offence in Singapore, such as incitement to hatred against a religious group. I hope Mr Zhulkarnain will agree this does not create any new criminal offences in respect of speech, nor does it curtail legitimate content.

I will move on to other queries about the Bill.

Mr Yip, Ms Ang and Mr Louis Ng cited the challenges relating to jurisdictional issues and asked how the Bill will be applicable to websites and online services that are based overseas.

The Bill has provisions that allow us to issue Directions, Notices, Directives and Orders to entities and individuals, even if they have no presence in Singapore. We know, however, that some of them may choose not to comply, which is a challenge many countries similarly face. There are further steps that we can then take.

First, we can prosecute for non-compliance, where possible. Second, the Bill allows the competent authority to issue Orders to restrict access to the non-compliant online service, to prevent the criminal activity and content from being accessed by persons in Singapore. For example, an Access Blocking Order can be issued to Internet access service providers to prevent non-compliant online services from continuing to reach users in Singapore and do them harm. These levers will be used judiciously and only when necessary.

Mr Murali Pillai asked about the offence penalties and whether they were decided with extradition in mind. Relatedly, Mr Yong also asked whether we intend to hold key executives of e-commerce platforms criminally liable.

The penalties in the Online Criminal Harms Act are aligned with similar legislation, such as FICA and POFMA. We want the executives of online platforms to take online harms seriously and to comply with Directions, but this does not mean they must be personally liable for non-compliance. There are more effective measures such as access blocking. I do not think any executive in his or her right mind would find it easy to explain to their colleagues why because of non-compliance, access has been blocked; and since there is no personal liability, the need for extradition for non-compliance with Directions or Orders is moot. However, extradition can be undertaken in respect of the individuals carrying out the underlying specified offences, in accordance with the Extradition Act.

I would add, however, in the era of user-generated content, a lot of these content creators are very hard to pin down. So, we have to ask ourselves what is the priority. If the priority is to prevent harm from continuing to reach our people, you can try and chase down the original perpetrator of the offence or you can try to prevent the harm from happening first. We want to be able to do both, but we need to be able to nip it in the bud quickly first.

Mr Raj Joshua Thomas asked about the factors that will be taken into account, in deciding whether a person should be granted bail when the offence is failure to comply with the Directions. A key consideration is the risk profile of the offender. The nature of the underlying offence, which triggered the issuance of the direction in the first place, will not usually be taken into account, because the essence of the offence is the failure to comply with the Direction issued.

Also, a person liable for non-compliance to a Direction could be an Internet service provider or online service, and thus may not be the perpetrator of the underlying offence to begin with. This shows that the offence of non-compliance and the underlying offence should be assessed separately.

Mr Yip asked how the Bill would relate to existing legislation such as FICA and POFMA. POFMA and FICA were designed specifically to handle online falsehoods and foreign interference respectively, and will continue to be used for such threats. We recognise, however, that some cases are complex and levers under multiple legislation could apply. We will consider the unique aspects of each case and use the appropriate levers.

Here, it may be useful for me to address a point that Mr Gerald Giam made. I believe he asked specifically that we already have some levers under the Broadcasting Act, when the Online Safety Bill was passed and now we are trying to pass the Online Criminal Harms Bill – what is it that the new Bill will do that we were not able to do in the previous legislation?

Perhaps it is useful to then compare and contrast more broadly what this set of legislation or legislative tools are designed to achieve that we were not able to do previously.

There are essentially three areas. First is in terms of the scope of content that is covered. The amended Broadcasting Act covers egregious content as defined in the Act, with the key focus on online safety, including content advocating or instructing on suicide, or self-harm, content posing public health risk in Singapore and content likely to cause racial and religious disharmony in Singapore. So, those were the kinds of things that we covered last year, when we debated the Online Safety Bill. The Online Criminal Harms Bill will cover a broader scope of online criminal harms, including illegal moneylending, unlawful gambling and drug-related offences. So, the scope of coverage is not identical.

Secondly is the scope of services covered. They overlap to some extent but are also not identical. The amended Broadcasting Act applies to online communication services, but as a start, only social media services are subject to the provisions under the amended Broadcasting Act. The Online Criminal Harms Bill will cover all mediums of online communications through which criminal activities could be conducted. So, that is the second difference.

Thirdly, the levers to deal with scams and malicious cyber activities are quite different. The Broadcasting Act's code of practice for online safety will require social media services to respond to user reports on scams. A user submits a report, the code says, you, as a social media service, have a responsibility to act on that report. But given the need to protect victims from falling prey to scams and to ensure that scams can be efficiently and effectively addressed, the Online Criminal Harms Act, when it takes effect, will take one step further to provide the Government with the targeted levers to issue Directions against scams and malicious cyber activities, including against online activity that is suspected to be in preparation for such offences.

This is the part that is quite key. The offence may not yet have materialised. It has not necessarily taken place, but it looks to be, from past cases, that this is preparation in service of that offence. There will also be requirements for the designated online services to put in place proactive measures to detect and minimise scams and malicious cyber activities.

So, those are the three areas where the two differ; and the two actually complement each other.

Mr Murali asked about the structure and delineation of roles between the competent authority, authorised officer and designated officer. He suggested that given the role of the competent authority, it should operate separately from the investigation arm of a law enforcement agency. This will indeed be our approach. The competent authority will be sited within the Singapore Police Force (SPF), and will be structurally separate from the Police units that perform investigative functions. In building up the competent authority’s office, the appointment of authorised officers by the Minister will take into account the expertise and relationships required to effectively administer the Bill, as Mr Murali has pointed out.

Designated officers would be those who are charged with detecting, enforcing, or investigating the specified offences. They would be best placed to determine whether and what kind of Directions should be issued, and will do so independently of the competent authority. Administratively, we intend for there to be a single point of contact to issue the Directions. This function will reside with the competent authority. The competent authority will therefore have an overall picture of all the Directions being issued.

Mr Singh asked for the details of the codes of practice. Mr Yong asked whether the codes of practice could include requirements for e-commerce platforms, such as seller verification and escrow accounts.

The purposes of the codes of practice are set out in the Third Schedule, and they do provide for user verification and payment protections. The Codes will apply to designated online services, which can include e-commerce platforms that are assessed to pose significant risk of scams or malicious cyber activities.

Requirements for designated e-commerce platforms will take reference from the E-commerce Marketplace Transaction Safety Ratings (TSR). The TSR is a publicly available report that rates major e-commerce platforms based on the anti-scam measures they have in place. The higher the rating, the more anti-scam features a platform has. I encourage members of the public to refer to the TSR when transacting online and exercise caution when transacting on platforms with lower ratings.

When engaging your residents on how to protect themselves from scams, Members can also encourage your residents to refer to the TSR when transacting online.

Mr Murali and Mr Ng had queries on the technical provisions in the codes of practice. Codes of practice issued under clause 21(4) of the Bill do not have legislative effect. This means that they do not constitute law. Such provisions are common for codes of practice under Singapore legislation.

In our case, given the fast-evolving nature of the online space, we anticipate that the competent authority may need to adjust provisions in the codes of practice every now and then, to keep pace with emerging threats and industry developments, including tailoring the codes to different types of online services. This is similar to how licensing conditions in regulated sectors are today determined and varied as necessary by the licensing authority.

Let me reassure Mr Murali that notwithstanding the legal position of the codes of practice, we have provided in the Bill that persons acting reasonably to comply with the codes of practice will not incur civil and criminal liability.

We will also be able to take action if any provision of the codes are not complied with, which Mr Yong was also concerned about. In such instances, the competent authority is empowered to issue a rectification notice to a non-compliant entity. It will be an offence under this Bill if the designated online service does not comply with the notice.

Mr Ng asked about the provision that the requirements of a code of practice have effect, despite duties imposed by any rule of law, contract, or rule of professional conduct. This clause is similar to provisions under POFMA and the amended Broadcasting Act. As an example, one rule of law is the obligation of confidentiality under contract or common law. However, with the said provision in this Bill, an online service cannot reject a requirement to provide information on the basis that it is under an obligation of confidentiality.

To reassure Mr Ng, the competent authority cannot issue any code as it pleases. Any code being considered must fulfil the purpose set out in the Third Schedule. Any amendments to the Third Schedule must be presented to Parliament.

Ms Ang and Mr Zhulkarnain asked whether Directions and Orders will need to be complied with while the reconsideration or the appeal is ongoing. The answer is yes, because any stay on reconsideration or appeal would mean that more people would continue to be harmed by the online criminal activity. To reassure Members, we have provided within the Bill that the Reviewing Tribunal must complete its work expeditiously.

On Mr Murali's question about the finality of appeals made to the Minister or to the Reviewing Tribunal, there is no ouster clause within this Bill. Decisions made by the Minister and the Reviewing Tribunal will be documented and can be subject to judicial review.

Mr Zhulkarnain asked that the Bill be periodically reviewed to keep up-to-date with evolving online criminal harms and the state of technology. We agree this is important. The Bill has been drafted with this in mind, allowing us to add further offences via amendments to the First and Second Schedules, where necessary. MHA will work closely with other agencies to monitor developments in the technology space and respond nimbly to threats that can be posed by emerging technology, such as generative AI.

Mr Singh asked what other harms the Online Criminal Harms Act might cover in future. Mr Ng asked about the inclusion of offences relating to the sale of animals, birds and wildlife. For now, the Bill focuses on criminal offences that pertain to national security, national harmony and individual safety. We will consider Mr Ng's suggestion in future reviews. As to other harms, they must be criminal in nature and have an online nexus.

Ms Ang had queries about the information request provisions for investigating underlying offences. While we seek to investigate cases expeditiously, we will set reasonable timelines for online services to comply with such requests.

Next, I will deal with the questions and suggestions which relate to our broader efforts against online criminal harms and scams. Strictly, these fall outside the scope of today's Bill and some of them have been discussed in this House before. I shall therefore be brief.

With respect to the points made by Mr Singh regarding other legislation, these have already been debated in great detail on previous occasions, and they have no bearing on today's Bill in particular. I will however make three brief points.

The first is that I believe Mr Singh mentioned POFMA and that with POFMA, the Government decides what is truth.

I think that is not quite a correct characterisation. Mr Singh knows very well that POFMA deals with false statements of fact. These false statements of fact can be proven. There has to be a basis for making those allegations. Opinions – people are free to continue to make. But if you say something that is factually incorrect and it is carried online, it can go very far and it has public interest, and that is where POFMA could be considered. That is the first point. Other than that, opinions – anyone is free to continue to offer theirs.

The second point is that in the vast majority of the cases where POFMA directions have been issued, the receivers have complied in full and the content they had put up originally remain fully accessible. Most of the POFMA directions are like that. Anyone can still read what was originally made available. They can decide for themselves.

To the third point, Mr Pritam Singh specifically mentioned Asia Sentinel. I do not wish to go into that in great detail because it has no bearing on the Bill we are debating. I would invite him, if he is very interested, to file a Parliamentary Question and we can address his concerns.

Ms Ang asked what technology and capabilities the Government is investing in. Given the speed and scale at which online criminal harms can be perpetrated, manual processes will not be effective. The Government is making more use of analytics and also AI, for example, to detect and shut down scam websites faster. In implementing AI, we will keep in mind the potential downsides as shared by Mr Zhulkarnain.

In line with Mr Yip's suggestions, we will continue to work with agencies such as the Government Technology Agency (GovTech) to make reporting channels for the public more easily accessible.

On Ms Ang's and Mr Yip's queries about overseas perpetrators, cooperation across borders is needed to take them to task. We will certainly continue to strengthen our international partnerships.

Mr Yip asked how we would deal with attempts by members of the public to circumvent the Directions. The Government will do its best to protect the people in Singapore by preventing online criminal content and activities from reaching them. However, if individuals choose to circumvent these protections and use VPN or other means to access dubious content sources, they do so at their own risk. We cannot protect people who deliberately avoid the protection.

Mr Yip, and I believe, Mr Giam, also called for greater efforts to educate the public and to sensitise them to the threat of online harms. We fully agree with them. The Police have worked with several stakeholders to educate the public and raise awareness on scams. Some of these initiatives include proactive dissemination of information and advisories on scams and sharing of successful prosecutions on a regular basis; e-shoppers on watch interest group, collaborations with e-commerce platforms such as Shopee for the interactive in-app anti-scam quiz and collaborations with retailers such as Gardenia, iJooz and Canadian Pizza to display anti-scam messages on their platforms.

The Police have also set up the Scam Public Education Office to drive anti-scam outreach, which will involve working closely with community partners. The Scam Public Education Office will collaborate with the National Crime Prevention Council to create and curate anti-scam educational content for the public. It will partner the private sector and community agencies to tailor anti-scam material for different population groups such as youths and seniors, migrant workers, banking services users and digital platform users.

SPF also works closely with the Cyber Security Agency (CSA) and the IMDA to develop joint cybersafe materials and participate in public events to share the materials with members of the public. Some examples include the Digital for Life Festival organised by IMDA and the sharing on the safe use of the internet by IMDA's Digital Ambassadors with seniors in particular. I know this is a group that Mr Yip is particularly concerned about.

Mr Deputy Speaker, I believe I have covered most of the ground. I have on my notes here points that were made by Mr Giam with respect to calls. I think he said that shutting down websites is one thing – what about calls?

Actually, the topic of whether calls should be blocked has been covered separately. I think in previous updates on anti-scam measures, we had talked about the fact that IMDA implements call blocking on a very wide scale. If my memory serves me right, as recently as February or March, I think we updated the House that upwards of 55 million calls are blocked every single day right now. That is just how many you have. It is either every single day, every single week or every single month; any way, it is 55 million – a big number.

Calls are not the primary target of this Bill. Calls are an important way in which scammers reach their victims and we have taken active steps to block them.

I can update the House that IMDA is seriously looking at giving phone users the option to block all international calls, which is primarily how scam calls get piped through. That is something in the works, and I hope to be able to give Members an update in the not-too-distant future.

I thank Mr Giam for his acknowledgment of the value that the ScamShield brings. We will continue to improve the product to make it more robust and make it easier, as you say, for people to report the scams and to as best as possible, try and block the verified scam callers, as well as content. But I must caution that our developers are mindful that we do not go beyond what people expect of privacy protection. So, that is them exercising a degree of self-restraint.

In discussing such issues with my colleagues from other jurisdictions – I shall not mention where – where the population is much more accustomed to a far higher degree of surveillance, yes indeed, some of these measures can go a lot further. I am mindful, and I think Members have continued to remind us that there is only so much you can do and there are certain thresholds we should not cross.

Mr Deputy Speaker, I thank the Members for their support of the Bill. It is another important step towards creating a safer online space for Singaporeans. It complements existing efforts to act more effectively against online criminal activities, through partnerships with our people, the Government and industry. Mr Deputy Speaker, I beg to move.

Mr Deputy Speaker: Mr Giam, do you have a clarification?

3.59 pm

Mr Gerald Giam Yean Song: Sir, I thank the Minister for answering many of my questions. I still have a few outstanding questions on which I need a bit more clarification.

If someone were to register a domain name that is a variant of a bank's website and there is reasonable suspicion that there might be plans to impersonate the bank, can this website be proactively blocked under clause 6(1)(b) even if that website does not contain any content yet? I just want some clarification on that point.

Secondly, I know that you said that this Bill does not cover calls, specifically, but will scam calls made over WhatsApp, WeChat and other online messaging services be blocked through this Bill as well?

The Minister also did not answer my questions about SMS redirection – whether or not SMS redirection attempts will be or can be blocked under this Bill.

Mrs Josephine Teo: Sir, the answer to Mr Giam's first question is yes, but I also must caution Members against becoming overly comforted by the idea that even a website that is blank for now, but looks like it could be used, will be or can be blocked under the law.

These websites can be spawned in the millions. It is very easy. There are so many permutations that the scammers can think of. As much as the Police would like to be able to shut them down, I must caution that we do not expect that they will all be eliminated.

Second, I think in terms of WhatsApp, WhatsApp has end-to-end encryption. So, you and I actually can report a user who makes contact with us. Any message that you receive from an unwelcome party, you can make a request to the service provider, and the service providers have their own policies as to whether it is blocked or not.

As to the question of whether the levers within this Bill can apply to WhatsApp – yes, if we believe that there is an underlying offence that is being carried out and there is some indication as to how it is being perpetuated through this particular communication service. The answer is yes.

On SMS redirection – I am afraid I am not very clear about the nature of the Member's question. Perhaps I could trouble him to explain it to me a little bit more.

Mr Deputy Speaker: Mr Giam.

Mr Gerald Giam Yean Song: Sir, SMS redirection has been discussed in this House before. It is the situation where a bank sends out an SMS One-time Password (OTP) meant for the customer but it gets redirected to a scammer. So, the scammer receives the OTP and is then able to enter it to complete the transfer of funds. This is how some Singaporeans have fallen victim to it. It happened during the OCBC scandal, I think, at the end of 2021.

So, I just want to find out whether or not this Bill will cover and be able to prevent such actions from being taken.

Mrs Josephine Teo: Technically speaking, SMS is not anything that is offered online. If we apply the strict definition of an online scam, SMSes are not strictly covered.

What you have described as SMS redirection, we have dealt with it earlier at two levels. Firstly, at the network level, there were possible gaps – vulnerabilities that allow for such kinds of messages to be intercepted. That gap has been plugged.

What you described as SMS interception very often refers to victims unknowingly giving up their credentials. The two are different. If it is a technical issue, the gap has been plugged. If it is a matter of individuals being tricked or being deceived into giving up their credentials, then that is quite another matter.

Mr Deputy Speaker: Mr Singh, do you have a clarification?

Mr Pritam Singh: Thank you, Mr Deputy Speaker. I refer to the points I made about related legislation, FICA and POFMA. I brought them up because of the statement released by MHA when the Bill came up for First Reading, the comparison that was made about this being a suite of legislation. But I take the Minister's point about pursuing a query I made in my speech through a Parliamentary Question.

My question relates to the point I made about the scam that affected my resident earlier, specifically with regard to e-commerce websites that are part of this whole chain of scam activities. The scammer uses Telegram. Then, they get them on WhatsApp. Then, from WhatsApp, you get a payment through PayNow. There are multiple platforms to chase up.

The question I have is with e-commerce platforms like Qoo10, when there is an encouragement for an innocent person to be part of an enterprise where you click on a feature of that website which raises the profile of some products on sale, for example.

How do the codes of practice, for example – what sort of influence will they have on these online service providers and these e-commerce companies to address that sort of problem which actually tends to direct more traffic to their website anyway?

I am just trying to understand how the codes of practices will compel a certain behaviour to address the scams we have to deal with.

Mrs Josephine Teo: Mr Deputy Speaker, there are essentially two areas of interventions that could be very helpful.

First, you must be able to catch the perpetrators. One of the difficulties of many of these platforms is that your identity can be shielded. In fact, the platform does not really know who you are.

So, one of the requirements of the codes of practice – I say this with the caveat, and I hope Members understand this – the codes of practice have yet to be published, even in draft form. I do not want to give the impression that this is what has been decided. But one of the potential and, I think, a very useful area of intervention has to do with account verification. Who is actually behind the account? Who is operating the account? We may impose certain requirements through the code on service providers in determining a user authentication process. That is one area of intervention that could be fruitful.

I mentioned this in relation to the TSR. The TSR gives you a broad sense. You could think of the TSR as something that we have put out on a voluntary basis. But if you introduce a code of practice, then you are essentially saying to service providers that you now need to introduce these measures.

The other probably useful intervention is in terms of requiring some confirmation that the good has been received before the money is released. Mr Yong talked about an escrow account, but that is not the only way in which you can assure the buyer using any particular platform, any e-commerce platform, that he has not been deceived.

In other words, he makes a payment. The payment is held on his behalf. Only upon his confirmation of the receipt of the goods is the money released to the purported seller. These are two broad areas of interventions that could be helpful.

But I would encourage Members to watch out for when the draft codes are actually published. At that time, you are certainly welcome to give your views.

4.08 pm

Mr Deputy Speaker: There being no further clarifications, I will put the question.

Question put, and agreed to.

Bill accordingly read a Second time and committed to a Committee of the whole House.

The House immediately resolved itself into a Committee on the Bill. – [Mrs Josephine Teo].

Bill considered in Committee; reported without amendment; read a Third time and passed.