Home
|
About Us
|
Cyber Knowledge Centre
|
Cyber Legal Consultancy
|
Cyber Forensics
|
Contact Us
TEAM EXPERTISE
CHAIRPERSON'S PROFILE
CONSULTING SERVICES
CLIENT LIST
CYBER SEMINARS
MEDIA INTERVIEWS
PRESENTATIONS
ARTICLES

Cyber Dictionary

Countrywise Legislations

International Organizations

Internet Law Cases

Cyber Law Presentations

Cyber Law Articles

Cyber Tutorials

Conferences
Trail of the Trolls: Bullying and abuse on the Internet is on the rise, Smitha Verma,The Telegraph
Online censorship is sycophantic, stupid, & unconstitutional, The Sunday Guardian, Dec 11, 2011
Capital cry against Web gag, The Telegraph , Dec 8,2011
Google Sued for Showing Defamatory Results, Rob D Young , Hindustan Times June 23, 2011
Electronic Transactions Act 1998

Electronic Transactions Act 1998- SINGAPORE

1. Short title and commencement

  1. This Act may be cited as the Electronic Transactions Act 1998 and shall come into operation on such date as the Minister may, by notification in the Gazette, appoint.
  2. The Minister may appoint different dates for the coming into operation of the different provisions of this Act.

2. Interpretation

In this Act, unless the context otherwise requires

* “asymmetric cryptosystem” means a system capable of generating a secure key pair, consisting of a private key for creating a digital signature, and a public key to verify the digital signature;

* “authorised officer” means a person authorised by the Controller under section 50;

* “certificate” means a record issued for the purpose of supporting digital signatures which purports to confirm the identity or other significant characteristics of the person who holds a particular key pair;

* “certification authority” means a person who or an organisation that issues a certificate;

* “certification practice statement” means a statement issued by a certification authority to specify the practices that the certification authority employs in issuing certificates;

* “Controller” means the Controller of Certification Authorities appointed under section 41(1) and includes a Deputy or an Assistant Controller of Certification Authorities appointed under section 41(2);

* “correspond” , in relation to a private key or public key, means to belong to the same key pair;

* “digital signature” means an electronic signature consisting of a transformation of an electronic record using an asymmetric cryptosystem and a hash function such that a person having the initial untransformed electronic record and the signer’s public key can accurately determine -

1. whether the transformation was created using the private key that corresponds to the signer’s public key; and

2. whether the initial electronic record has been altered since the transformation was made;

* “electronic record” means a record generated, communicated, received or stored by electronic, magnetic, optical or other means in an information system or for transmission from one information system to another;

* “electronic signature” means any letters, characters, numbers or other symbols in digital form attached to or logically associated with an electronic record, and executed or adopted with the intention of authenticating or approving the electronic record;

* “hash function” means an algorithm mapping or translating one sequence of bits into another, generally smaller, set (the hash result) such that -

1. a record yields the same hash result every time the algorithm is executed using the same record as input;

2. it is computationally infeasible that a record can be derived or reconstituted from the hash result produced by the algorithm; and

3.  it is computationally infeasible that 2 records can be found that produce the same hash result using the algorithm;

* “information” includes data, text, images, sound, codes, computer programs, software and databases;

* “key pair” , in an asymmetric cryptosystem, means a private key and its mathematically related public key, having the property that the public key can verify a digital signature that the private key creates;

* “licensed certification authority” means a certification authority licensed by the Controller pursuant to any regulation made under section 42;

* “operational period of a certificate” begins on the date and time the certificate is issued by a certification authority (or on a later date and time if stated in the certificate), and ends on the date and time it expires as stated in the certificate or is earlier revoked or suspended;

* “private key” means the key of a key pair used to create a digital signature;

* “public key” means the key of a key pair used to verify a digital signature;

* “record” means information that is inscribed, stored or otherwise fixed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form;

* “repository” means a system for storing and retrieving certificates or other information relevant to certificates;

* “revoke a certificate” means to permanently end the operational period of a certificate from a specified time;

* “rule of law” includes written law;

* “security procedure” means a procedure for the purpose of -

1. verifying that an electronic record is that of a specific person; or

2.detecting error or alteration in the communication, content or storage of an electronic record since a specific point in time, which may require the use of algorithms or codes, identifying words or numbers, encryption, answerback or acknowledgment procedures, or similar security devices;

* “signed” or “signature”and its grammatical variations includes any symbol executed or adopted, or any methodology or procedure employed or adopted, by a person with the intention of authenticating a record, including electronic or digital methods;

* “subscriber” means a person who is the subject named or identified in a certificate issued to him and who holds a private key that corresponds to a public key listed in that certificate;

* “suspend a certificate” means to temporarily suspend the operational period of a certificate from a specified time;

* “trustworthy system” means computer hardware, software, and procedures that -

1. are reasonably secure from intrusion and misuse;

2. provide a reasonable level of availability, reliability and correct operation;

3. are reasonably suited to performing their intended functions; and

4. adhere to generally accepted security procedures;

* “valid certificate” means a certificate that a certification authority has issued and which the subscriber listed in it has accepted;

* “verify a digital signature” , in relation to a given digital signature, record and public key, means to determine accurately that -

1. the digital signature was created using the private key corresponding to the public key listed in the certificate; and

2. the record has not been altered since its digital signature was created.

3. Purposes and construction

This Act shall be construed consistently with what is commercially reasonable under the circumstances and to give effect to the following purposes:

  1. to facilitate electronic communications by means of reliable electronic records;
  2. to facilitate electronic commerce, eliminate barriers to electronic commerce resulting from uncertainties over writing and signature requirements, and to promote the development of the legal and business infrastructure necessary to implement secure electronic commerce;
  3. to facilitate electronic filing of documents with government agencies and statutory corporations, and to promote efficient delivery of government services by means of reliable electronic records;
  4. to minimise the incidence of forged electronic records, intentional and unintentional alteration of records, and fraud in electronic commerce and other electronic transactions;
  5. to help to establish uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records; and
  6. to promote public confidence in the integrity and reliability of electronic records and electronic commerce, and to foster the development of electronic commerce through the use of electronic signatures to lend authenticity and integrity to correspondence in any electronic medium.

4. Application

  1. Parts II and IV shall not apply to any rule of law requiring writing or signatures in any of the following matters:
    1. the creation or execution of a will;
    2. negotiable instruments;
    3. the creation, performance or enforcement of an indenture, declaration of trust or power of attorney with the exception of constructive and resulting trusts;
    4. any contract for the sale or other disposition of immovable property, or any interest in such property;
    5. the conveyance of immovable property or the transfer of any interest in immovable property;
    6. documents of title.
  2. The Minister may by order modify the provisions of subsection (1) by adding, deleting or amending any class of transactions or matters.

5. Variation by agreement

As between parties involved in generating, sending, receiving, storing or otherwise processing electronic records, any provision of Part II or IV may be varied by agreement.

6. Legal recognition of electronic records

For the avoidance of doubt, it is declared that information shall not be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic record.

7. Requirement for writing

Where a rule of law requires information to be written, in writing, to be presented in writing or provides for certain consequences if it is not, an electronic record satisfies that rule of law if the information contained therein is accessible so as to be usable for subsequent reference.

8. Electronic signatures

  1. Where a rule of law requires a signature, or provides for certain consequences if a document is not signed, an electronic signature satisfies that rule of law.
  2. An electronic signature may be proved in any manner, including by showing that a procedure existed by which it is necessary for a party, in order to proceed further with a transaction, to have executed a symbol or security procedure for the purpose of verifying that an electronic record is that of such party.

9. Retention of electronic records

  1. Where a rule of law requires that certain documents, records or information be retained, that requirement is satisfied by retaining them in the form of electronic records if the following conditions are satisfied:
    1. the information contained therein remains accessible so as to be usable for subsequent reference;
    2. the electronic record is retained in the format in which it was originally generated, sent or received, or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;
    3. such information, if any, as enables the identification of the origin and destination of an electronic record and the date and time when it was sent or received, is retained; and
    4. the consent of the department or ministry of the Government, organ of State or the statutory corporation which has supervision over the requirement for the retention of such records has been obtained.
  2. An obligation to retain documents, records or information in accordance with subsection (1)(c) shall not extend to any information necessarily and automatically generated solely for the purpose of enabling a record to be sent or received.
  3. A person may satisfy the requirement referred to in subsection (1) by using the services of any other person, if the conditions in paragraphs (a) to (d) of that subsection are complied with.
  4. Nothing in this section shall -
    1. apply to any rule of law which expressly provides for the retention of documents, records or information in the form of electronic records;
    2. preclude any department or ministry of the Government, organ of State or a statutory corporation from specifying additional requirements for the retention of electronic records that are subject to the jurisdiction of such department or ministry of the Government, organ of State or statutory corporation.

10. Liability of network service providers

  1. A network service provider shall not be subject to any civil or criminal liability under any rule of law in respect of third-party material in the form of electronic records to which he merely provides access if such liability is founded on -
    1. the making, publication, dissemination or distribution of such materials or any statement made in such material; or
    2. the infringement of any rights subsisting in or in relation to such material.
  2. Nothing in this section shall affect -
    1. any obligation founded on contract;
    2. the obligation of a network service provider as such under a licensing or other regulatory regime established under any written law; or
    3. any obligation imposed under any written law or by a court to remove, block or deny access to any material.
  3. For the purposes of this section -
    “provides access” , in relation to third-party material, means the provision of the necessary technical means by which third-party material may be accessed and includes the automatic and temporary storage of the third-party material for the purpose of providing access; “third-party” , in relation to a network service provider, means a person over whom the provider has no effective control.

11. Formation and validity

  1. For the avoidance of doubt, it is declared that in the context of the formation of contracts, unless otherwise agreed by the parties, an offer and the acceptance of an offer may be expressed by means of electronic records.
  2. Where an electronic record is used in the formation of a contract, that contract shall not be denied validity or enforceability on the sole ground that an electronic record was used for that purpose.

12. Effectiveness between parties

As between the originator and the addressee of an electronic record, a declaration of intent or other statement shall not be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic record.

13. Attribution

  1. An electronic record is that of the originator if it was sent by the originator himself.
  2. As between the originator and the addressee, an electronic record is deemed to be that of the originator if it was sent -
    1. by a person who had the authority to act on behalf of the originator in respect of that electronic record; or
    2. by an information system programmed by or on behalf of the originator to operate automatically.
  3. As between the originator and the addressee, an addressee is entitled to regard an electronic record as being that of the originator and to act on that assumption if -
    1. in order to ascertain whether the electronic record was that of the originator, the addressee properly applied a procedure previously agreed to by the originator for that purpose; or
    2. the data message as received by the addressee resulted from the actions of a person whose relationship with the originator or with any agent of the originator enabled that person to gain access to a method used by the originator to identify electronic records as its own.
  4. Subsection (3) shall not apply -
    1. from the time when the addressee has both received notice from the originator that the electronic record is not that of the originator, and had reasonable time to act accordingly;
    2. in a case within subsection (3)(b), at any time when the addressee knew or ought to have known, had it exercised reasonable care or used any agreed procedure, that the electronic record was not that of the originator; or
    3. if, in all the circumstances of the case, it is unconscionable for the addressee to regard the electronic record as that of the originator or to act on that assumption.
  5. Where an electronic record is that of the originator or is deemed to be that of the originator, or the addressee is entitled to act on that assumption, then, as between the originator and the addressee, the addressee is entitled to regard the electronic record received as being what the originator intended to send, and to act on that assumption.
  6. The addressee is not so entitled when the addressee knew or should have known, had the addressee exercised reasonable care or used any agreed procedure, that the transmission resulted in any error in the electronic record as received.
  7. The addressee is entitled to regard each electronic record received as a separate electronic record and to act on that assumption, except to the extent that the addressee duplicates another electronic record and the addressee knew or should have known, had the addressee exercised reasonable care or used any agreed procedure, that the electronic record was a duplicate.
  8. Nothing in this section shall affect the law of agency or the law on the formation of contracts.

14. Acknowledgment of receipt

  1. Subsections (2), (3) and (4) shall apply where, on or before sending an electronic record, or by means of that electronic record, the originator has requested or has agreed with the addressee that receipt of the electronic record be acknowledged.
  2. Where the originator has not agreed with the addressee that the acknowledgment be given in a particular form or by a particular method, an acknowledgment may be given by -
    1. any communication by the addressee, automated or otherwise; or
    2. any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received.
  3. Where the originator has stated that the electronic record is conditional on receipt of the acknowledgment, the electronic record is treated as though it had never been sent, until the acknowledgment is received.
  4. Where the originator has not stated that the electronic record is conditional on receipt of the acknowledgment, and the acknowledgment has not been received by the originator within the time specified or agreed or, if no time has been specified or agreed within a reasonable time, the originator -
    1. may give notice to the addressee stating that no acknowledgment has been received and specifying a reasonable time by which the acknowledgment must be received; and
    2. if the acknowledgment is not received within the time specified in paragraph (a), may, upon notice to the addressee, treat the electronic record as though it has never been sent or exercise any other rights it may have.
  5. Where the originator receives the addressee’s acknowledgment of receipt, it is presumed, unless evidence to the contrary is adduced, that the related electronic record was received by the addressee, but that presumption does not imply that the content of the electronic record corresponds to the content of the record received.
  6. Where the received acknowledgment states that the related electronic record met technical requirements, either agreed upon or set forth in applicable standards, it is presumed, unless evidence to the contrary is adduced, that those requirements have been met.
  7. Except in so far as it relates to the sending or receipt of the electronic record, this Part is not intended to deal with the legal consequences that may flow either from that electronic record or from the acknowledgment of its receipt.

15. Time and place of despatch and receipt

  1. Unless otherwise agreed to between the originator and the addressee, the despatch of an electronic record occurs when it enters an information system outside the control of the originator or the person who sent the electronic record on behalf of the originator.
  2. Unless otherwise agreed between the originator and the addressee, the time of receipt of an electronic record is determined as follows:
    1. if the addressee has designated an information system for the purpose of receiving electronic records, receipt occurs -
      1. at the time when the electronic record enters the designated information system; or
      2. if the electronic record is sent to an information system of the addressee that is not the designated information system, at the time when the electronic record is retrieved by the addressee; or
    2. if the addressee has not designated an information system, receipt occurs when the electronic record enters an information system of the addressee.
  3. Subsection (2) shall apply notwithstanding that the place where the information system is located may be different from the place where the electronic record is deemed to be received under subsection (4).
  4. Unless otherwise agreed between the originator and the addressee, an electronic record is deemed to be despatched at the place where the originator has its place of business, and is deemed to be received at the place where the addressee has its place of business.
  5. For the purposes of this section -
    1. if the originator or the addressee has more than one place of business, the place of business is that which has the closest relationship to the underlying transaction or, where there is no underlying transaction, the principal place of business;
    2. if the originator or the addressee does not have a place of business, reference is to be made to the usual place of residence; and
    3. “usual place of residence”, in relation to a body corporate, means the place where it is incorporated or otherwise legally constituted.
  6. This section shall not apply to such circumstances as the Minister may by regulations prescribe.

16. Secure electronic record

  1. If a prescribed security procedure or a commercially reasonable security procedure agreed to by the parties involved has been properly applied to an electronic record to verify that the electronic record has not been altered since a specified point in time, such record shall be treated as a secure electronic record from such specified point in time to the time of verification.
  2. For the purposes of this section and section 17, whether a security procedure is commercially reasonable shall be determined having regard to the purposes of the procedure and the commercial circumstances at the time the procedure was used, including -
    1. the nature of the transaction;
    2. the sophistication of the parties;
    3. the volume of similar transactions engaged in by either or all parties;
    4. the availability of alternatives offered to but rejected by any party;
    5. the cost of alternative procedures; and
    6. the procedures in general use for similar types of transactions.

17. Secure electronic signature

If, through the application of a prescribed security procedure or a commercially reasonable security procedure agreed to by the parties involved, it can be verified that an electronic signature was, at the time it was made -

  1. unique to the person using it;
  2. capable of identifying such person;
  3. created in a manner or using a means under the sole control of the person using it; and
  4. linked to the electronic record to which it relates in a manner such that if the record was changed the electronic signature would be invalidated, such signature shall be treated as a secure electronic signature.

18. Presumptions relating to secure electronic records and signatures

  1. In any proceedings involving a secure electronic record, it shall be presumed, unless evidence to the contrary is adduced, that the secure electronic record has not been altered since the specific point in time to which the secure status relates.
  2. In any proceedings involving a secure electronic signature, it shall be presumed, unless evidence to the contrary is adduced, that -
    1. the secure electronic signature is the signature of the person to whom it correlates; and
    2. the secure electronic signature was affixed by that person with the intention of signing or approving the electronic record.
  3. In the absence of a secure electronic record or a secure electronic signature, nothing in this Part shall create any presumption relating to the authenticity and integrity of the electronic record or an electronic signature.
  4. For the purposes of this section -
    • “secure electronic record” means an electronic record treated as a secure electronic record by virtue of section 16 or 19;
    • “secure electronic signature” means an electronic signature treated as a secure electronic signature by virtue of section 17 or 20.

19. Secure electronic record with digital signature

The portion of an electronic record that is signed with a digital signature shall be treated as a secure electronic record if the digital signature is a secure electronic signature by virtue of section 20.

20. Secure digital signature

When any portion of an electronic record is signed with a digital signature, the digital signature shall be treated as a secure electronic signature with respect to such portion of the record, if -

  1. the digital signature was created during the operational period of a valid certificate and is verified by reference to the public key listed in such certificate; and
  2. the certificate is considered trustworthy, in that it is an accurate binding of a public key to a person’s identity because -
    1. the certificate was issued by a licensed certification authority operating in compliance with the regulations made under section 42 ;
    2. the certificate was issued by a certification authority outside Singapore recognised for this purpose by the Controller pursuant to regulations made under section 43;
    3. the certificate was issued by a department or ministry of the Government, an organ of State or a statutory corporation approved by the Minister to act as a certification authority on such conditions as he may by regulations impose or specify; or
    4. the parties have expressly agreed between themselves (sender and recipient) to use digital signatures as a security procedure, and the digital signature was properly verified by reference to the sender’s public key.
Click Here to Download Complete Document in pdf.
Disclaimer
|
Sitemap
|
Contact Us
Copyright @2008 CCC