Thailand Ramps Up Cyber Surveillance

Thailand, which already has one of the most draconian computer crimes acts in the world, is putting together a legislative package of eight measures that would restrict even more the use of the Internet on the part of Thai citizens, enable wider surveillance, and raise the penalties against offenders.

While the new laws are ostensibly designed to integrate the Internet into governance and state business, modernizing the country’s information technology systems to make it more competitive on a global scale, the laws also carry sections that deepen the government’s cyber surveillance and potential to monitor dissidents.

That occurs against a backdrop of concern that the government headed by the National Council for Peace and Order – the junta – may have gone too far in seeking to make sure that the rural Red shirts and backers of the Shinawatra dynasty never hold power again. Hunter Marston, writing in the East Asia Forum and reprinted here, said that Prayuth Chan-ocha, the former Army chief and leader of the coup, “may be ushering in his own downfall, or worse, triggering violent unrest in the streets and potentially massive bloodletting.”

Civil rights organizations have complained that the current law, the Computer Crimes Act of 2007, is vague enough to be used against freedom of speech activists and opponents of the government virtually at official whim. Penalties can range as high as 15 years. From 2007 to 2010 the law was used to put more than 110,000 websites out of business.

By 2014, that number had risen by another 22,500. The vast majority – 77 percent – were blocked ostensibly because they were deemed to have contained content that “defames, insults, threatens or is unflattering” to King Bhumibol Adulyadej or the royal family or affects national security. Another 22 percent contained pornographic content and 2 percent pertained to information about abortion or gambling.

With the 89-year-old king in failing health, the scramble to succeed him has grown increasingly bitter, with any number of scenarios taking place behind the scenes. There is scant support among the royalty for Prince Maha Vajiralongkorn, the 62-year-old prince. However, since November the evidence has grown that he has made common cause with the army, now out front as the country’s most powerful institution, meaning he would probably be confirmed on the King’s death.

The May 22, 2014 military coup that brought the junta headed by Prayuth to power has resulted in a tame legislature made up of a majority of military officers with a few businessmen. That legislature is now writing a new constitution that is designed to ensure that no Thaksin allies or the millions of his supporters in the northern and eastern parts of the country ever get close to power again. However, even the Bangkok elites and royalists who generated months of political unrest in an effort to drive the Pheu Thai government headed by Yingluck Shinawatra from power have largely been excluded from the political process as the military has tightened the screws.

The package of bills put together on information technology include the capstone Computer-Related Crime Bill, a second governing cybersecurity, a third governing e-commerce and a fourth on personal data protection. The cybersecurity act, for instance, is designed to “protect, tackle, prevent and reduce risks arising from circumstances of cyber threats which affect both internal and external national security covering economic stability, domestic peace and order, and which may affect military security or significantly affects the country’s overall cyber security, in a uniform manner.”

While the package of bills does provide necessary protections of data and guards against a variety of cyber crimes, it is the computer crimes bill that worries civil libertarians. The bill’s provisions – translated and made public by the Thailand Netizens Network – include 14 sections with wording so vague as to make it seemingly possible to arrest almost anyone for anything. It is necessary, according to the wording of the act, because computer crime is becoming increasingly complex, carrying the threat of cybercrime and because the Internet is “one of the channels in terms of the dissemination of illegal computer data that may cause more severe social problems.”

Accordingly the law is being amended to “lessen the problems and limitations of authorities’ powers resulting in the integration of preventing and suppressing of computer-related crime.” In other words, it makes it even easier for authorities to crack down on alleged offenders.

The new law clarifies that service providers are subject to prosecution as well as well as those posting the offensive material. If a webmaster doesn’t remove content deemed offensive, he or she can be charged despite not having written the content. That clears up an ambiguity that came up when Chiranuch Premchaiporn, the operator of the respected Prachatai website, was arrested and accused of not deleting comments deemed offensive quickly enough. After three years of court action, Chiranuch was eventually sentenced to eight months in jail and a fine of Bt20,000. The jail term was suspended for a year.

One section prescribes a three-year sentence and a fine of Bt60,000 for delivering false computer data “in a manner that is likely to damage the country's security or cause a public panic.” Another prescribes a five-year sentence and/or a fine of Bt100,000 for importing data “related with an offense against the kingdom’s security under the criminal code.”

Service providers must store computer traffic data for at least 90 days from the date on which the data is input into a computer system although if officials wish, providers may be forced to store traffic up to two years “to be able to identify the service user from the beginning of the service provisions, and such information must be kept for a further period not exceeding 90 days after the service agreement has been terminated” or face a fine up to Bt500,000. That ostensibly is designed to nail anybody who posts a comment online, then loses nerve and deletes it, thus allowing authorities to troll through old comments to look for offenders.

It creates a National Cyber Security Committee to “control, monitor and assess operational performance of the competent official under this Act” and provides support for the Ministry of Finance to pay for support for any operations of the relevant competent official in the performance of duties acquired under this Act.”