March 8, 2007

Recommendations for Thailand’s ‘Cybercrime’ Bill:

Freedom Against Censorship Thailand (FACT) believes Thailand should not be quick to adopt a law aimed at computer-related crimes. This bill was first put before legislators during the Thaksin administration in somewhat different form as a catch-all for anything bad a user could do in front of a computer. However, all these crimes may, in fact, be covered by existing Thai law.

We should avoid over-regulation, however, we must write precise laws. The bill as tabled before the National Legislative Assembly by ICT Minister Dr. Sitthichai Pokaiyaudom on November 15, 2006 is vague, ambiguous and imprecise, even after considering the recommendations of the Council of State.

The bill passed its first reading and a 25-member committee was set up to consider the bill and report back in SEVEN days! Fortunately, some members of the committee felt the law deserved serious consideration rather than a cursory approval and rubber-stamp. The bill is still in committee as of March 2007.

Surely, in 2550, one doesn’t need to be a bleeding heart or a rocket scientist to see that huge penalties don’t seem to affect the crime rate. The death penalty is no less than state-sponsored murder, something of which we have far too much in Thailand already.

FACT hopes the NLA will consider the application of existing law to the crimes addressed by the proposed bill before passing the bill blindly to appear to be doing something. If it chooses to adopt this bill in any form, the courts must not be bound by huge mandatory minimum sentences set in law. Judges have a wealth of long experience with which to consider each legal case on its individual circumstances.


FACT comments on the Council of State recommendations:

(9) The cybercrime bill stipulates in the drafted Section 15/32 that a “competent official shall file an ex parte application with a criminal court or a provincial court for an order that a relevant competent official access a computer system.

The Council of State recommends a requirement that a relevant competent official has the authority to seize or attach the computer system under Section 16 (7) has been imposed.

There must be accountability and transparency in government for computer search and seizure. There should be one single government posting who takes responsibility.

15 (d) “a law that expressly applies to any action with impact on an individual’s private data is required (the drafted Section 16(4)).”…THEREFORE, see (e)(f) next

(e)(f) FACT suggests that IP logs be considered the personal property of the computer user on the basis that the user pays a service fee to the ISP.

FACT proposes that users’ IP logs never be retained by ISPs for more than twelve hours to preserve personal privacy as in a recent German Supreme Court ruling. If such records are considered to be personal property, seizure and examination can take place through court-ordered search warrant.

FACT also suggests that Internet traffic effected by telephone modem, ADSL, DSL, Cable, Electric carrier, Wi-Fi, Wimax, Bluetooth and any other system not examined or put into future use to enable the user to connect to the Internet, be considered to be telephone communication and therefore protected from eavesdropping, monitoring, logging or record-keeping, as per Section 37 of the 1997 Constitution–Freedom of Communication.

(f) (the drafted Section 16 (6)) in which data is required to be collected by ISPs in law MUST BE DELETED to protect personal and corporate privacy.

(18) “adding a principle under which a relevant competent official shall have authority to prohibit sale or dissemination of, or to order a person who owns or possesses, data containing undesired sets of instructions, to suspend the use of, destroy or correct, such computer data or to impose a condition with respect to the use, possession or dissemination of undesired sets of instructions (the drafted Section 19) (๑๘)”

FACT considers this section easily subject to abuse. While intended to apply to malicious code, this could easily mean any kind of information government or any official would like to suppress. For example, information regarding anonymous proxies or circumvention software applications which work around government censorship could be considered to violate this section.

(19)(a)-(d) Disclosure–needs clarification

(20) DELETE all requirements for an ISP to retain computer traffic data. Use this section to make it ILLEGAL for an ISP to retain such data.

(23) Too many people. Final decision to “have the authority to arrest, control, search, investigate, and file a lawsuit against a wrongdoer” must be one single government posting who takes responsibility to ensure accountability and transparency in government for computer search and seizure as in Section (9) above.

(24) DON’T change the Constitution! If this is allowed to happen, every proponent legislator will want to bend the Constitution to serve their own purposes.

Constitution ref Sections 31, 37, 39, 48, 50



“illegally know of” must have precise definition

“correct” must be DELETED; far too vague

“false”…”data” needs precise definition

“pornographic” should be DELETED; there are adequate statutes regarding this offence in existing law

“Section 3” “Service Provider” must be defined more precisely. We suggest, “A person who KNOWINGLY provides service” so as to avoid a catch-all for innocent providers of Wi-Fi, Wimax, Bluetooth who may not even be aware their connection is being used.

Chapter 1

“Section 5” must precisely define “compoundable”: by time, by accesses, etc.

“Section 6” penalty is far too severe; one month/1000 baht is adequate

“Section 7” penalty is far too severe; one month/1000 baht is adequate

“Section 8” EXCELLENT!

“Sections 9 & 10” must include spam.

“Section 11 (2)” is on very dangerous ground. The first paragraph could easily be interpreted as any criticism of government. It must be made more specific to curb abuse of power. The second paragraph is also far too imprecise, especially considering the penalties suggested.

“Section 12” “sets of instructions” not defined and far too broad. See (18) above. The penalties are ridiculously punitive; one month/1000 baht is adequate.

“Section 13 (1)-(5)” is both too vague and too broad. This section constitutes a broad mandate to suppress all political dissent, especially considering the high penalties.

For example, the term “computer data” is defined as “data, statements or sets of instructions contained in a computer system, the output of which may be processed by a computer system”. Does this mean data stored on a local hard disk drive as opposed to the data accessible on the Internet for which, of course, the user is not responsible? Even scanned documents could be defined as such which must not be this law’s intention.

It is FACT’s recommendation that Section 13 be deleted in its entirety. Once again, the issue of pornography is sufficiently controlled by existing Thai law.

“Section 13 (2)” does not specify what constitutes “false computer data”.

“Section 14” puts the onus for enforcing Section 13 on Thai ISPs. This is an onerous requirement for business and violates fair trade business practice. This is a job for the government position specified in (9) above, not private business.

“Section 15” FACT calls this “The Muslim Cartoon Section”! Must we go to such lengths to outlaw Adobe Photoshop?! Patently ridiculous: this section MUST BE DELETED. This section perpetuates the defamation statutes which have been so abused for political ends in Thailand.

Chapter 2 Competent Officials

“Section 16” (1)-(4) Again, there must be a single government position to take responsibility.

(5)-(6) “Computer traffic data” shall be considered to be personal property and subject to court warrants for search and seizure.

(7)-(8) See (1)-(4)

“Section 17” Good law. However, INSERT “must immediately return the computer system” IN ITS ORIGINAL CONDITION “that was seized…”

“Section 19” Although this section specifies definitions for “undesirable sets of instructions”, the definitions could still be construed to implicate dissent. Such sweeping powers MUST NEVER be entrusted to any Government or official.

“Section 24” NO RETENTION of computer traffic data by ISPs. This data is the computer user’s personal property.

“Section 26” would be far better served if a commission were established to select a single “competent official”. This appointment could easily be subject to nepotism and corruption were it entrusted to a single Minister.

ONE LAST THOUGHT: There must be a better solution than more lawyers, more judges, more criminals, more prisons. We must always defer to the wide experience of the judiciary and note that the penalties in this law are suggested, not required, of the courts, leaving room for extenuating circumstances.

Freedom Against Censorship Thailand (FACT) thinks Thai society is ill-served by imposing such draconian penalties as capital punishment or life imprisonment for computer crimes.

Follows up: FACT’s Formal Recommendations for ‘Cybercrime’ Bill

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: