From ISP to cyber-cop-Bangkok Post

11-06-08

[FACT comments: Morragot draws the right conclusion except that we would put it somewhat differently--if a site weren't blocked, would anyone visit to see what all the fuss is about? Morragot says the ICT Ministry's blocklist has been discontinued but MICT has just been compelled to divulge that it blocks 1,893 websites under appeal by FACT under Thailand's FOI laws, in addition to those tens of thousands blocked by the Royal Thai Police. Morragot also reveals one tantalising fact previously unknown to the public--35 officials are employed full-time to block Thailand's Internet! Aren't there better uses for our tax money? If all 109 Thai ISPs simply refused to comply with these Draconian strictures, they would simply go away. FACT supplies emphasis below.]

How ISPs view the cyber law
DON SAMBANDARAKSA
Bangkok Post Database: June 11, 2008

http://www.bangkokpost.com/Database/11Jun2008_data004.php

A lot has changed since the Thai cybercrime law came into being and it is time for users, operators and enforcement agencies to grow up, and look past all the paranoia in the industry, according to the head of the Thai ISP association.

Executive vice-president of the Thai ISP association and vice-president and chief operating officer of Internet Thailand Morragot Kulatumyotin gave as an example the ICT Ministry “blocklist”, which has been discontinued since the cybercrime law has come into effect.

Now officials had go through the ICT Minister, who in turn needed to apply for a court order under Article 20 of the law, if there was a site to be blocked, she said.

She also said that attitudes in state-owned CAT Telecom had also changed and CAT was now operating in a much more hands-off approach to Internet control. However, the method of blocking differed from ISP to ISP. Some blocked entire domains (addresses), others used caches and transparent proxies. Some used a method called “session hijacking” where the man in the middle controls what was accessible. A lot of problems arose when the capacity of the cache has been reached and ISPs needed to invest in the hardware needed to comply with the law, she said.

Morragot said that today the role of the Internet service provider went far beyond just the traditional definition of cyberspace. The responsibilities of ISPs are mentioned in the latest draft patent law currently with the Council of State, and in the past there have been cases where copyright law has been used to seize servers as evidence and effectively shut down hosting services without having to use the cybercrime law. Tarad.com had its servers sized when a user was found to be selling counterfeit goods. Many other sites have had their servers seized for hosting pirated music.

The cybercrime law put a limit of one month for impounding servers, but if seized under other laws, the servers could remain with the police for years until the case is over, she warned.

So what happens when the industry moves to virtual servers in a cloud computing environment? Moraggot laughed and looked to the skies for divine guidance. “You have to educate. Computer forensics is not something you can learn on a 10-day course. And you need more than (the current) 35 officers,” she said.

The rule of thumb today is that if the host cooperates with the police, it will not be charged. She said that the association had a lot of education to do for its members and the public. For instance, policies needed to be clearly spelt out and contact information needed to be clearly defined.

Users also need to be educated. The Thai cybercrime law provides protection to any computer with protection, that means a password or PIN or, for access points, some encryption key.

Without a password, users cannot complain if their data is stolen. However, for home access points, the issue is about preventing a criminal lawsuit if someone used that access point to commit a crime and being able to prove one’s innocence.

In the past, Moraggot said that ISPs such as hers would be asked for user information, and they would say it led to a university network. However, a university without logs could not pinpoint the user, and these public access areas were a free-for-all “Wild West.” Implementing logging only made sense in a civil society, she said.

Moving forward, she wants to see more self-regulation – depending on the cybercrime law and going through the courts could take months or years, but if all the ISPs cooperated they could remove illegal material before it became a problem.

Such a model could be styled after inhope.org, which has a network of ISPs and hotlines for reporting abuse, threats, terrorism or pornographic images. Twenty countries are now using this model, each with different areas of concern catering to local social and cultural norms.

Thailand has around 30 to 40 million mobile phone users, and with data usage rising exponentially, some operators now say that it’s cheaper to pay the 500,000 baht fine each time an official visits than it is to invest in the storage and systems needed to keep the logs for 90 days.

Moraggot said that today society and media should not focus on the bad side of the Internet as this was counter-productive.

She said that when the government turned its focus on the Fah Diew Kan (Same Sky) publication for its controversial comments on the monarchy, the traffic on the site more than quadrupled, and they had to upgrade their server.

“If you didn’t write about it, who would go to these sites?” she asked.

Posted by facthai
Filed in Blogosphere, Circumvention, Civil liberties, Constitution, Copyright ลิขสิทธิ์, Cybercrime law, Democracy, English, Google nation, Human Rights, Information Society, Internet Issues, Internet censorship, Internet freedom online, News, Police Powers, Politics การเมือง, Privacy, Self-censorship, Surveillance
Leave a Comment »

Leave a Reply