The Telecommunications Act of 1999 (The Telecoms Act), passed by Parliament in tandem with the IDA ACT, provided much of the legal basis for IDA’s actions as industry promoter and market regulator.
The Telecoms Act empowered IDA with the right to provide all telecommunications services within Singapore and gave it the authority to transfer that right to operators through its power to issue licences. IDA was also able attach conditions to licences, and it modifies those conditions where necessary.
Apart from licensing, the Telecoms Act also gave IDA three general options through which it could implement regulations. IDA could issue:
“Codes of practice” and “standards of performance” that apply to all licensees offering services;
“Directions” to specific licensees, instructing them to alter their behaviour and giving them a time limit for compliance; and
IDA also had the authority to allocate radio communications spectrum for both public sector and private sector uses. IDA collaborates with the Media Development Authority (MDA), the broadcast regulator, for the latter to assign frequencies to broadcast after IDA has decided on the national spectrum allocation for broadcasting service and cleared the technical operation for broadcast transmitters.
Beyond policy and regulation, IDA was tasked to promote the development of info-communications within Singapore. In general, its promotional activities can be grouped into three categories: (1) outreach to residents and companies to promote the use of information and networking technologies; (2) promotion and development of Singapore’s info-communications industry itself; and (3) outreach beyond Singapore’s borders to stimulate investment and provide an outlet for exports. IDA pursues these, in part, through organised and well-funded programmes to proactively subsidise and sponsor the development and adoption of new technologies, applications, services and business models. Initiatives and promotional activities range from technology fairs and expositions to providing seed money for research and development efforts.
Electronics Transactions Act
The Electronic Transactions Act, administered by IDA, was passed in 1998 as an enabling legislation to remove the uncertainty around the legality of contracts that are formed electronically, to give recognition to electronic signatures and to clarify the liability of network service providers that merely carry traffic. It establishes the voluntary licensing of certification authorities as trusted third parties in the online world to provide the basis for other trust relationships to be established. The Electronic Transactions (Certification Authority) Regulations stipulate the requirements for a certification authority to obtain a licence in Singapore, and the accompanying Security Guidelines for Certification Authorities (IDA 1999) stipulate the technical security requirements that must be met. There are also provisions in the Electronic Transactions Act that enable government agencies to easily implement electronic systems to transact with the public without the need to amend their own parent legislation.
Computer Misuse Act
The Computer Misuse Act, administered by the Ministry of Home Affairs and the Singapore Police Force, was passed in 1993 to deal with increasing incidents of computer crimes that were not readily caught by the provisions under the existing Penal Code. Before its enactment, criminal acts involving computers did not clearly fall under traditional crimes such as theft or criminal breach of trust, thus making it difficult for the public prosecutor to bring charges against offenders. The Act thus created new offences, specifically unauthorised access and modification of computer systems. In 1998, the Act was further amended to address new attacks that had evolved with the spread of the Internet (e.g., denial-of-service attacks). It also recognises that some computer systems are critical to Singapore (e.g., the system for banking and finance, emergency services and public services) and thus metes out harsher punishment for offenders who gain unauthorised access to such systems.
In 2003, the act was amended again to make provisions in two specific areas. The first is for the Minister of Home Affairs to be able to authorise a person or an organisation to take steps necessary to prevent or to counter a threat to national security, essential services, defence, or foreign relations of Singapore, where there are reasonable grounds to believe that such a threat exists, before the offence is committed. The provision also grants added protection for the informants of such threats. The second area is for certain offences under the act to be compounded, thus allowing the police greater flexibility in taking action in incidents of minor offences. The act, since its enactment in 1993, has been extra-territorial in nature—that is, it applies to any person, regardless of nationality or citizenship, both outside and within Singapore. In particular, it will apply if the computer, program or data relating to an offence is in Singapore. The act does not require every computer crime to be reported. However, the MAS has required that all incidents involving financial institutions to be reported to it.
Public Key Infrastructure and Licensing of Certification Authority
The Electronic Transactions Act (Cap 88) (ETA) and the Electronic Transactions (Certification Authority) Regulations (ET(CA)R) provided for a voluntary licensing regime of CAs and empowered the Controller of Certification Authorities (CCA) to regulate and license the activities of CAs in Singapore. The Director-General (Telecommunications) of the Infocomm Development Authority of Singapore (IDA) is the CCA. As CAs perform a trusted role in verifying the identities of parties in electronic transactions, the CCA seeks to provide the assurance that the CAs’ responsibilities are met and that these services are made available with high integrity, security and service standards. Only CAs that meet the standards set up by the Controller are licensed. There is currently one licensed operating CA in Singapore—Netrust Pte Ltd as of 14 June 2002.
A licensed CA enjoys the following benefits:
Evidentiary presumption for digital signatures generated from the certificates it issues. With the presumption, the party relying on the signature merely has to show that the signature has been correctly verified and the onus is on the other party disputing the signature to prove otherwise. Evidentiary presumption hence assures online merchants of the security of their transactions when they use such signatures to validate electronic contracts and transmit them over the Internet (or by other electronic means).
Limited liability under the ETA. The CA will not be liable for any loss caused by reliance on a false or forged digital signature of a subscriber as long as the CA has complied with requirements under the Act. The CA will also not be liable in excess of the reliance limit amount specified in the certificate, even if it failed to observe some of its obligations.
Licensing of a CA by the Controller is an indication to the public that the CA has met stringent regulatory requirements and is therefore trustworthy and deserving of consumer confidence.
Personal Data Protection
Singapore has both a strong common law tradition as well as appropriately structured statutory provisions to regulate use of personal data. Under the general law, confidential information may be protected under a duty of confidence. Personal information is also protected under sector-specific laws such as the Banking Act, Statistics Act, the Official Secrets Act and the Statutory Bodies and Government Companies (Protection of Secrecy) Act. There is, however, no overarching legislation for the protection of personal data in Singapore.
In February 2002, the National Internet Advisory Committee (NIAC) released a draft “Model Data Protection Code for the Private Sector” which is modelled on internationally recognised standards. The IDA and the National Trust Council (NTC) conducted a public consultation on the code. Based on comments from the industry and members of the public, the Model Code was fine tuned and released in December 2002 for private sector adoption.
The Model Code is a generic code that is available for adoption by the entire private sector. It applies to any private sector organisation that collects and installs personal data in electronic form, online or offline, using the Internet or any other electronic media. In the e-commerce area, the NTC has aligned its trust mark programme with the principles of the Model Code.
Intellectual Property Rights
In order to strike a balance between the protection of rights for owners of creative works and increased public access to intellectual property, Singapore ensured that its intellectual property and copyright laws are harmonised with the underlying principles in global laws on intellectual property rights (IPRs). For example, IPRs are accorded the standards of protection as prescribed by international agreements such as the World Trade Organisation’s Trade-Related Aspects of Intellectual Property Rights (TRIPS) Agreement, and the Berne and Paris Conventions. The lead agency for IPR protection in Singapore is the IPOS. The Infocomm Development Authority of Singapore (IDA) provides support in the info-communications aspects.
While the Internet has extended the reach of providers of information and other forms of content, it has also changed radically the ease to reproduce, distribute and publish such information and content. This has posed new challenges for intellectual property protection. The Copyright Act (Cap 63) was amended in August 1999 to reinforce Singapore’s commitment to provide a strong and conducive IPR regime to encourage the growth of a knowledge-based economy and promote electronic commerce and creative innovations. The amendments aimed to:
Improve copyright protection and enforcement measures for copyright owners in the digital environment, thus promoting the use of the Internet for business. For example, the amendments—
Extended copyright protection to multimedia and interactive productions which qualify as intellectual creations;
Clarified that copyright owners enjoy protection against the making of electronic and transient copies of their work; and
Provided the conditions allowing an additional avenue whereby copyright owners may require Internet Service Providers to “take down” materials which may be guilty of copyright infringement, even before the owners initiate enforcement proceedings against the actual infringes.
Promote legal certainty in the usage of the Internet by clarifying the rights and obligations of copyright owners, intermediaries such as network service providers, and users such as educational institutions. For example, the amendments allowed end-users to browse materials made available on the Internet. The amendments also spelt out when intermediaries such as Internet Service Providers are exempted from liabilities.
Spam Control Framework
Spam is a complex, multi-faceted issue. As such, Singapore adopts a multi-pronged policy approach to address spam related concerns from users. This approach serves as a concerted effort by the public and private sectors to address the issues and curb spam in Singapore. This includes public education (including the use of appropriate technology measures), industry self-regulation, anti-spam legislation and international cooperation. The three major Internet Service Providers (ISPs), Pacific Internet (PacNet), SingNet and StarHub, under the facilitation of IDA, have come together to set up anti-spam guidelines. These guidelines serve as guiding principles to be adopted jointly by the three ISPs to help reduce e-mail spam for their subscribers. The DMAS launched an E-mail Marketing Code of Practice for its members. It also set up a Consumer Communications Preference Programme to allow e-mail users to register their preference not to receive unsolicited commercial e-mails. IDA and the Attorney-General’s Chambers of Singapore (AGC) have completed joint consultations on a legislative framework to control e-mail and mobile spam in Singapore. The proposed legislative framework seeks to balance the legitimate interests and concerns of different groups such as consumers and ISPs on the one hand, and marketers on the other.