US Embassy Hosts Cybercrime Panel

May 22, 2007

The U.S. Embassy, Bangkok was host to a conference discussing the (then) draft Computer-Related Crimes bill on April 24, 2007. No members of the public, including FACT representatives, or the press were permitted to attend this meeting. The meeting was moderated by William Flens, Public Diplomacy Officer with the U.S. Department of State. Panellists for the meeting included two U.S. government liason officers in Bangkok, Chris Sondersby of the U.S. Department of Justice and a former Federal prosecutor, and Bill Matthews of the FBI, both of whom have extensive experience in the area of computer crimes but who were presenting their personal opinions based on their expertise not the views of the U.S. government.Participants in the meeting also included several members of the NLA subcommittee considering the legislation, Dr. Sujate Jantarang, Advisor to the ICT Minister and president of Mahanakorn University, Internet lawyer Paiboon Amonpinyokeat and Police Colonel Yanaphon Youngyuen of the Royal Thai Police Department of Special Investigations.

Also attending were MICT’s Saran Thongkam of the CyberInspector unit, Kittichote Rochanakul; Rawiwan Pongpanich of MICT’s legal department; Police Colonel Suchart Kangwarnjit, Deputy Commander of the Office of ICT High-Tech Crime Cedtre; Police Lieutenant Colonel Daran Jadcharoen; DSI special case inquiry official Police Lieutenant Colonel Patana Sugarasut. Attending from NECTEC were Surankana Wayuparb, Director of the secretarial office for the Electronics Transmission Committee; Patarawan Jarumilin; Komain Phiboonroj; Krung Luaengmanotham; Dr. Chaichana Mitrphand; Dr. Duangthip Surintrathip, Advisor on Foreign Affairs; and Suchin of Communications Authority of Thailand. Dr. Rom Hiranpruk represented the National Science and Technology Development Agency and is an early FACT petition signer.

Although members of the public were not permitted to attend, excluding FACT, curiously invited were Thai Webmasters Association’s Poomjit Sirawongprasert; Chakarin Permsin of the Thai E-Commerce Association; advisors to the subcommittee Wanchat Padungratana of; Khemchai Chutiwong of the Royal Council Office; Morakot Kulathamyotin, Chair of the Thai Internet Association; Sarawut Benjakul; Vipon Kititasnasorchai of the Attorney General’s office; Chuchin Pengworach; Chavalit Atasart; Akarawat Thephasadin from the Council of State; and a representative of Krung Thai Bank.

Of course, with these participants, the meeting focussed on prosecution. The very fact that this meeting was held in secret is very disturbing to FACT. The U.S. panellists spoke of their effectiveness and success in terms of arresting and jailing people for crimes involving hacking, hijacking, unauthorised intrusion, copyright violation, theft and fraud.

Justice’s Chris Sonderby spoke of the “48-country” Council of Europe Convention on Cybercrime.   Actually, the number of countries sdigning the Convention was 44 but, in reality, only 19 countries actually ratified the Convention into law, all within the European Union except for the United States.  A telling feature to which we can easily relate in Thailand, is that all meetings regarding the Convention were held IN SECRET!

Illegal computer data was compared to illegal drugs by the FBI’s Bill Matthews. While the U.S. has no general law provision requiring ISP hosts to retain data due to personal privacy considerations, police officials are empowered to order a “data snapshot” of an individual’s computer activity for 90-day extensible periods on a case-by-case basis; this requires further legal oversight by necessity of obtaining a court order.  In contrast, data retention is a key enforcement provision of the new Thai law. U.S. law requires financial compensation to any private entity such as an ISP for any extraordinary measures search and seizure law requires them to take. Thai ISPs are being offered no such reward for compliance.

Paraphrasing Chris Sonderby: What is the intention of the law? Is it to bring Thailand to international standards , to modernise the criminal code, to update the law to permit better law enforcement, to facilitate sharing with other police agencies? What is the scope of the law regarding search and seizure? Is search and seizure only to be effected for core computer crimes? “I think these provisions could be applied to any crime which involved the use of a computer, not just core computer crimes.” The draft law gives very stringent rules of evidence gathering which prosecutors may be reluctant to employ.

One of the primary purposes of the Act is to name a “competent authority” or cybercop. This creates great power in a single government agency and opens new opportunities for abuse of office. The U.S. representatives felt that the new law gives far too much power to defendants in computer cases by restricting evidence gathering which is not given elsewhere in Thai law. The law focuses on illegal access, and those who illegally divulge or disclose computer data by referencing existing Thai law.

By the time this conference was held, the cybercrime committee had already met 23 times beginning November 15, 2006. The last and 24th meeting occurred the day after this meeting on April 25, following which the NLA passed the bill into law 119-1.  (FACT thinks the one mat have been asleep!)

While the U.S. State Department is to be commended for encouraging discussion of an issue that is truly international in scope, the law concerns all of us. There must be no government secrets withheld from the public. As the U.S. representatives have pointed out, every crime today involves the use of a computer in some way.

The new law raises great concerns for personal privacy; of particular concern is Section 11 which relates to national security, public safety, economic stability and public utilities. The Computer-Related Crimes Act does not serve to clarify cybercrime but only serves to make criminals of both ISPs and computer users in Thailand.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: