Hacking services

A recent local newspaper report covered the use of hacking services. These will, for a fee, hack into anyone's computer account like an e-mail account, and then provide the customer with the password to access the target account. Many of the hacking services are performed by parties who are overseas.

The above is clearly a case of unauthorised access under section 3 of the Computer Misuse Act. The issue that arises is when does such activity fall under the jurisdiction of the Singapore Court. Under Section 11 of the Act, the Act applies if the computer, program or data was in Singapore at the relevant time, or the accused was in Singapore at the relevant time.

Assuming in all the cases discussed below that the hacker is overseas, let's discuss the following situations (we will refer to the owner of the hacked account as the target and the person using the services of hackers as the customer) -

a) the target is a Singaporean or resident in Singapore. However, the customer uses the password obtained from the hacking services to access this account while the customer is in Singapore. Here, the accused is in Singapore so the offence is committed under the Act;

b) the target is a Singaporean or resident in Singapore, but the customer illegally accesses the account while he is overseas. Here, a big problem arises as to where the computer, program or data is. Even if the Internet Service Provider (ISP) is a Singapore company, there is still a problem since the relevant computer servers may be overseas. So no computer, program or data is in Singapore, and no offence is commmitted under Singapore law. Where the ISP or e-mail service is a foreign one, for example, Yahoo or Google e-mail services, it is even easier to argue that all relevant acts have taken place overseas, and therefore the Singapore courts have no jurisdiction.

A suggestion - the law should be amended to provide that where the account holder is resident in Singapore (to use the language of section 11 of the Act - "where the computer, program, or data is habitually used by a person resident in Singapore"), then the offence should be considered to have been committed in Singapore. This will protect the secrets and interests of Singaporeans and other local residents.