Singapore issues Internet privacy guidelines

RELATED: Singapore Internet scan raises cyber-policing fears

SINGAPORE today issued guidelines for Internet service providers on remote scanning of their clients' computers following a recent privacy scare.

Singapore's computer authority said the need for guidelines had been highlighted last May when one provider, SingNet, scanned personal computers for viruses without first telling subscribers.

The scan only came to light after a customer of SingNet, the Internet arm of largely state-owned telecommunications giant SingTel, detected the scan and reported it to police.

SingNet had asked the home ministry's IT Security Unit to help check the computers of its subscribers in the wake of damage caused by a computer virus.

Its actions riled subscribers who felt their privacy had been violated. SingNet later apologised.

"The need for such guidelines was heightened following an incident in May '99 when SingNet scanned 200,000 subscribers' computers without informing them," the Info-communications Development Authority of Singapore said.

"The government had stressed that such computer scanning without permission is wrong, and that more clarity is required in the approach to such scans," the statement said.

The guidelines call for providers to obtain explicit consent before scanning and to allow subscribers not to take part.

"The subscribers should be given sufficient notice on an impending scanning activity for them to undertake any necessary precautions. A non-response should be deemed as no consent," the statement said.

The guidelines also say scanning should obtain only minimum information from subscribers' computers and should not allow the provider to capture, store or record information on sites or data that users were accessing or had accessed in the past.