Singapore’s Regulation of Cybercrime Hee Jhee JIOW National University of Singapore
Agenda1. Survey Global & Local Cybercrime scene2. Highlight several pertinent characteristics of the victims and perpetrators3. Adopt Lessig’s 4 modalities to observe Singapore’s approaches
Why Singapore?1. Highly connected nation – Broadband penetration rate 142.4% (IDA, 2012) – Mobile phone penetration rate 148.5% (IDA, 2012)2. High global cybercrime victimization rate – 80% of Internet users in Singapore have experienced cybercrime – 4th highest rate in the world (Symantec Corporation, 2011)3. Active promotion of Internet usage & posture towards cybercrime – Intelligent Nation 2015 Masterplan (IDA) – Consistently ranked 1st globally for infocomm development (Weizhen, 2009) – INTERPOL’s Global Complex to be established in Singapore (MHA, 2010)
Scope of Cybercrimes• Definition: “Any violations of criminal law that involve a knowledge of computer technology, for their perpetration, investigation and prosecution.” (Keyser, 2003, p. 290)• Common crimes (APCERT, 2010; Jin-Cheon, Hao, Yong, Hao & Kandan, 2009; Symantec Corporation, 2011) – Virus/Malware, fraud, scams, ID theft, cyber harassment etc. – Exclude cyber-terrorist type
Observations (Perpetrators)Misguided Rationalizations “As with most types of crimes, there is no1. Curiosity single motive” (Kirwan & Power, 2012, p. 79) that accounts for all these behaviors. – Virus/Malware creators, Hackers However, many of these behaviors2. Differential Association Syndrome observed stem from misjudgment of the – Hacking - Colleagues taking paper consequences or inappropriate clips and using photocopy machine rationalization, such that perpetrators do for personal purposes, why cant I use computer resources? not see their behavior as harmful or criminal.3. Higher Ethic Motive – Theft/Scam/Fraud - An accountant chose to embezzle company funds instead of allowing his mafia-linked bosses to profit from their ill-gotten gains4. Ignorance – Harassment type – Ignorant of the magnitude and consequences of their actions5. Others – IP Violators – Not denying anybody of its use, therefore not considered theft (traditional definition)
Observations (Victims)Lack of Astuteness1. Fraud/Scams/Hacking – typically prey on victims’ ignorance and gullibility (Parker, 1998) – victims lack understanding on how such scams exploit their psychological weaknesses and ignorance (KPMG, 2011)2. Harassment Type – availing of personal information (Kirwan & Power, 2012)
Observations (Perpetrators/Victims)High Involvement of Youths1. Victims – Harassment type, such as cyberbullying and sexting (Gwee, 2008; Kirwan & Power, 2012; Lenhart, 2009; Tham & Toh, 2012) – Virus and Malware attacks - consume and share contaminated music and video content frequently (Yar, 2006)2. Perpetrators – Intellectual Property violators (Kirwan & Power, 2012) – Virus creators/transmitters, hackers (Ubas, 2008) – Harrassments
4 Modalities of Constraints (Lessig)Internet behaviors can be regulated by 4 constraints1. Law – stipulates which behaviors can be carried out to avoid legal punishment2. Architecture – affordance of technology or design of technology3. Markets – financial costs that would constrain user behavior4. Social Norms – “constrain through the stigma that community imposes” (Lessig, 2006, p. 124)
Law1. Globally ineffective as a constraint – 10% cybercrimes reported, and less than 2% of reported cases successfully prosecuted (Jewkes, 2003; Symantec Corporation, 2011) – Huge difficulties in cross-border enforcements – Typically viewed as the worst constraint (Grabosky, et al., 2001)2. Supporting international Internet laws – Subscriptions: Wassenaar Agreement, The World Intellectual Property Organization etc.3. Continually updated (Attorney-Generals Chambers, 2010; Brenner & Koops, 2004; Leong & Wai, 2005; Urbas, 2008) – To accommodate newer forms of cybercrime – Extend its territorial jurisdiction – Align with international interests – Examples: The Electronic Transactions Act, Evidence Act, Spam Control Act and Computer Misuse Act4. Proficient use of existing legislations (Urbas, 2008) – The Penal Code, Copyright Act and Trade Marks Act
Architecture1. Globally unstable as a constraint (see-saw battle) – Lessig claims that technology is the “predominant regulatory institution for cyberspace” (Grabosky et al., 2001, p. 7) – Cyberspace’s architecture created the potential for more criminal activities to occur (Jewkes, 2003)2. Heavy investments into security infrastructure – S$70 million in the Infocomm Security Masterplan (MP2) – 2-Factor-Authentication process for banking transactions (Leong & Wai, 2005)3. Singapore has seen some success in this regard – Absence of successful technological attacks
Markets1. Globally limited as a constraint – Movies/Music/Software: cheaper compared to physical counterparts and the past – IP violation increasing, and creative industry losing billions (Symantec Corporation, 2011; Yar, 2006) – Efforts, such has the implementation of the Digital Rights Management (DRM) system, have little impact2. Singapore has seen some success in this regard – The Business Software Alliance in Singapore encourages whistle- blowers, via a reward of S$20,000, to expose piracy activities. – This has led to falling software piracy rates over the years (Tham, 2012)
Social Norms1. Globally powerful as a constraint – Stop Online Piracy Act [SOPA] episode: Social norm of free speech VS stringent anti-piracy law – SOPA successfully rallied against the Law2. Locally powerful as a constraint (Singapore) – Many cases of online shaming have been shown to influence Internet users’ behavior (Hou, 2010; Jin-Cheon et al., 2009; Wong, 2012)3. Working on social norms would yield greatest impact – How is this done: “Education is, in part at least, a process through which we indoctrinate [users] into certain norms of behavior” (Lessig, 2006, p. 129) – Moreover, cybercrime trends (local and globally) suggest that education would be appropriate to reduce victimization and perpetration of cybercrime: • Misguided Rationalizations • Lack of astuteness • High Involvement of Youths
Education Landscape in Singapore1. Preventing Victimization messages are most prevalent globally – Livingstone & Haddon, 2009; Media Development Authority of Singapore, 2007, 2010; National Crime Prevention Council, 2012 – Yet, many youths feel they are not getting enough (Symantec Corporation, 2011)2. Avoiding Perpetration messages are lacking globally3. Cyberwellness Education in Singapore – Developed by Media Development Authority of Singapore – Incorporated into national curriculum – Promotes 4 core values: • Balanced Lifestyle • Embracing the Net and Inspiring Others • Astuteness • Respect & Responsibility – Preventing victimization and avoiding perpetration
Conclusion & Future ChallengesLimitations:No prior attempt has been made to review Singapore’s regulation ofInternet behaviors using the four modalities of constraint. Without actual(versus reported) data on the cybercrime prevalence rate, which ischallenging to come by, the effectiveness of each constraint is hard toassess well. Future studies would do well with such data available.Conclusion:The use of laws, architecture and market forces, as a constraint areineffective, unstable and limited respectively. Yet, Singapore has usedthese constraints well. Recognizing the power of social norms, and thestrategically relevant (to cybercrime trends) process of manipulating it,Singapore has done well to actively promote Cyberwellness education.Future Challenges:While Singapore develops a code of conduct for social media use, it has toconsider the challenges that each modality presents. This paperrecommends that this exercise be pursued holistically, with education as itsprimary means of regulating social media behaviors.
Thank you!• Electronic Transactions Act, Singapore Statues Online (2010, 19 May).• Brenner, S. W., & Koops, B.-J. (2004). Approaches to Cybercrime Jurisdiction. Journal of High Tech Law, 4(1).• Chen, T. (2010, 26 Aug). Arrested for inciting violence on Facebook, The Straits Times.• Chew, M. (2012, 6 Apr). Rules in real life must apply online: Yaacob, The Straits Times.• Fight for the Future. (n.d.). SOPA Timeline Retrieved 21 May, 2012, from http://sopastrike.com/timeline• Grabosky, P., Smith, R. G., & Dempsey, G. (2001). Theft and Cyberspace Electronic Theft: Unlawful Acquisition in Cyberspace (pp. 1-14). Cambridge: University Press.• Gwee, S. (2008, 11 Mar). Caught in Web of Menace, The Straits Times.• Hou, C. H. (2010, 13 Feb). Racist Facebook postings: Three youths wont be charged, The Straits Times.• IDA. (2008). New S$70m Masterplan To Boost Singapores Infocomm Security Competency And Resilience. Retrieved 16 May, 2012, from http://www.ida.gov.sg/News and Events/20080417090044.aspx?getPagetype=20• IDA. (2010). Securing Our Cyberspace, A Shared Responsibility Retrieved 16 May, 2012, from http://www.ida.gov.sg/News and Events/20060530102030.aspx?getPagetype=21• IDA. (2012). Statistics on Telecom Services for 2012 (Jan - Jun) Retrieved 10 Oct, 2012, from http://www.ida.gov.sg/Publications/20110209152802.aspx• Jewkes, Y. (2003). Policing the Net: crime, regulation and surveillance in cyberspace. In Y. Jewkes (Ed.), Dot.cons: Crime, Deviance and Identity on the Internet (pp. 15-35). Cullompton: Willan Publishing.• Jin-Cheon, N., Hao, W., Yong, J., Hao, T. M., & Kandan, R. M. (2009). Analysis of Computer Crime in Singapore using Local English Newspapers. Singapore Journal of Library & Information Management, 38, 77-102.• Keyser, M. (2003). The Council of Europe Convention on Cybercrime. J. Transnational Law & Policy, 12, 287- 326.• Kirwan, G., & Power, A. (2012). The Psychology of Cyber Crime: Concepts and Principles. Hershey, PA: Information Science Reference.• KPMG. (2011). KPMG Singapore Fraud Survey Report 2011. In KPMG (Ed.). Singapore.• Lenhart, A. (2009). Teens and sexting. Pew Internet & American Life Project. Retrieved from http://pewresearch.org/assets/pdf/teens-and-sexting.pdf• Leong, C., & Wai, C. K. (2005). Cyber-Security: Country Report on Singapore, 2003. In R. Broadhurst & P. Grabosky (Eds.), Cyber-crime : the challenge in Asia (pp. 125- 140). Hong Kong: Hong Kong University Press.• Lessig, L. (2006). Code 2.0 (2nd ed.). New York: BasicBooks.• Lim, L. (2012, 11 Oct). Amy Cheong could face charges for online rant, The Straits Times.• Livingstone, S., & Haddon, L. (2009). EU Kids Online: Final report LSE, London: EU Kids Online. (EC Safer Internet Plus Programme Deliverable D6.5).• MDA. (2007). MDA accepts NIAC’s recommendations (Annex A). Singapore: Retrieved from http://www.mda.gov.sg/Documents/mobj.1026.annex-a.pdf.• MDA. (2010). Cyber Wellness Retrieved 4 Oct, 2010, from http://www.mda.gov.sg/Public/Pages/CyberWellness.aspx• Parker, D. B. (1998). Fighting Computer Crime: A New Framework for Protecting Information. New York: John Wiley & Sons.• Phair, N. (2007). Cybercrime: The reality of the threat. Canberra, Australia: E-Security.• Power, R. (2000). Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace. Indianapolis: Que Corporation.• Putnam, T., & Elliott, D. (2001). International Responses to Cyber Crime. In A. Sofaer & S. Goodman (Eds.), Transnational Dimension of Cyber Crime and Terrorism (pp. 35- 66). Stanford, California: Hoover Institution Press.• Singapore Customs. (n.d.). Partnership in global security. inSync - a Singapore Customs e-newsletter Retrieved 29 May, 2012, from http://www.customs.gov.sg/insync/issue03/updates/security.html• Symantec Corporation. (2011). Norton Cybercrime Report 2011 Retrieved 18 Apr, 2012, from http://www.symantec.com/content/en/us/home_homeoffice/html/cybercrimereport/• Tham, I. (2012, 16 May). One in two uses pirated software here: Survey, The Straits Times.• Tham, I., & Toh, K. (2012, 28 Mar). Racist posts: Culprits tend to be young, The Straits Times.• Urbas, G. (2008). An Overview of Cybercrime Legislation and Cases in Singapore (Vol. Working Paper Series No. 001): Asian Law Institute (ALSI).• WIPO. (n.d.). The World Intellectual Property Organization Retrieved 4 May, 2012, from http://www.wipo.int/portal/index.html.en• Wong, T. (2012, 21 Apr). NET VIGILANTES: Are they going too far with online witch-hunts?, The Straits Times.• Yar, M. (2006). Cybercrime And Society. London: Sage.