Thailand’s cyber-police draft new Computer Crimes Act
Originally published at Siam Voices on May 2, 2011 Thailand's authorities have been patrolling the internet more and more vigorously, mostly to clamp down on content that is allegedly lèse majesté and to silence political opponents. In recently published research by Freedom House, the US-based think-tank has labeled the kingdom's internet as 'not free', putting it below countries such as Zimbabwe, Turkey, Venezuela, Pakistan, Rwanda and among countries the likes of China, Saudi Arabia, Iran and Cuba. More details at fellow Asian Correspondent blogger Jon Russell.
That is partly thanks to the Computer Crimes Act of 2007, hastily set up by the interim military government of Surayud Chulanont after videos mocking the King of Thailand appeared on YouTube and the service refusing to delete them despite the request of the Thai government (and subsequently blocking the whole site for a brief time). The law was drafted initially to lay down a legal groundwork against hacking and internet scams, but also sections such as these:
Section 12. The perpetration of an offense under Section 9 or Section 10 that:
(1) causes damage, whether it be immediate or subsequent and whether it be synchronous to the public shall be subject to imprisonment for no longer than ten years or a fine of not more than two hundred thousand baht.
(2) is an act that is likely to damage computer data or a computer system related to the country's security, public security and economic security or public services or is an act against computer data or a computer system available for public use shall be subject to imprisonment from three years up to fifteen years and a fine of sixty thousand baht up to three hundred thousand baht. The commission of an offense under (2) that causes death to another person shall be subject to imprisonment from ten years up to twenty years. ... Section 14. If any person commits any offence of the following acts shall be subject to imprisonment for not more than five years or a fine of not more than one hundred thousand baht or both: ... (2) that involves import to a computer system of false computer data in a manner that is likely to damage the country's security or cause a public panic;
(3) that involves import to a computer system of any computer data related with an offense against the Kingdom's security under the Criminal Code;
The Thai Ministry of Information and Communication Technology (MICT) is currently drafting a new cyber law, but instead of clarifying some vague passages, it rewrites or adds new ones which are even broader in definition than the previous parts and thus creating more leeway for abusing it. The manager of the Thai internet advocacy group iLaw, Orapin Yingyongphatthana, said in an article by Prachatai the draft "contains all the same problems and is even more regressive."
In a post on their own website, iLaw has dissected and commented on some of the passages of the draft (which can be seen here in Thai, including the full draft), including*:
*Section 4 adds the definition of "administrator" which means "a person with the computer rights to provide others with services accessible on the internet or by other means through a computer system, no matter if it's in their own interest or on behalf of others."
[Comment] (...) In the new draft (...) "administrator" (...) could include webmasters, website owners, network administrators, data base administrator, forum moderator, web editors, blog owners and (...) even the internet service providers.
Under this act, the 'middle man' should be as equally punished as the violator, e.g. who writes content that does not match with the truth [and] threatens national security. (...)
With the word "administrator" pretty much left as it is in the law, it could mean that either content manager but (more importantly) content creators such as bloggers and editors can be targeted under this section. Although, as seen in the case of Prachatai webmaster Chiranuch Premchaiporn, it can also mean that content managers (such as a webmaster) can be charged for hosting data or information created by a third party.
With that in mind, the next passage requires even more observation:
*Section 24 ["If any person commits any offense of the following acts shall be subject to imprisonment for not more than five years or a fine of not more than one hundred thousand baht or both:] (1) that involves import to a computer system of forged computer data, either in whole or in part, or false computer data, that causes damage to the national security or causes public panic"
[Comment] The above excerpt includes passages from Section 14 (1) and (2) of the current law to underline the original intention [to act against phishing and other online scams] (...) thus leading to the phrasing that creating incorrect [or wrong] data [or information] can be a misconduct.
iLaw further commented that the very vague wording of "false computer information" is problematic (and not only problematic to translate). What exactly is "false computer information"? With the necessary legal acrobatic you could for instance interpret this making "false statements" or just flat-out simply "spreading lies". So who decides then what is true or not? In this political climate and given the numerous legal cases, it looks like this passage alone will increase the possibility to file charges against opinions differing from a main narrative that is being claimed by the government.
*"Section 26: Whoever (...) provides computer data that depicts [about] another individual (...) that in whichever way would damage, bring disrepute, defame, incite hatred or that would embarrass or lead to others believing this information to be true shall be punished with not more than three years of prison or a fine not exceeding 100,000 Baht or both."
[Comment] In the past, there have been lots of efforts to bring defamation lawsuits by using the Computer Crimes Act, but the current law does not have a suitable section yet except for Section 14 (1) as mentioned above and Section 16, which states ["any person, who imports to a computer system (...), computer data where a third party's picture appears either created, edited, added or adapted by electronic means or otherwise in a manner that is likely to impair that third party's reputation or cause that third party to be isolated, disgusted or embarrassed..."]. The new law creates a convenience for the authorities to charge defamation lawsuits more easily.
Again, uncertain wording makes it hard to determine what is punishable and what not.
The draft further proposes the set-up of a so called "Committee to Prevent and Suppress Computer Crimes", which has the ability to appoint officials and request copies of data. The concern shared by many is that the group could be a powerful enforcer of the even more regressive and even more ambiguous law.
But the draft has hit a bump as prime minister Abhisit surprisingly put it on hold before it could reach the cabinet:
The government's acting spokesman Panitan Wattanayagorn (...) said the Information and Communications Technology Ministry still needed to seek opinions from relevant state agencies about the draft. (...)
ICT Minister Chuti Krairiksh (...) said the [newer] current draft is the version that has gone through the process of public hearings and has already been revised by the ministry's committee assigned to draft the law. He said the version being opposed by the three groups was the one that had been written before the public hearings.
"PM stalls computer crime act", The Nation, April 20, 2011
The problem here though is, that apparently there has been no public hearing on the draft whatsoever, as pointed out in a Bangkok Post column.
That leaves us with the question why the MICT is in a rush to write a new law that is even more ambiguous than the current one? Granted, this is a draft that will see numerous revisions before it will be solidified but if the disputed passages are anything to go by, it tells much about the understand (or the lack thereof) of the MICT on this delicate subject. There always has been an urge to have the capability to 'control' the flow of information, especially with the emergence of social media. Back in 2009, a Bangkok senator has openly asked how to do exactly that.
We have plenty examples of the actions of the authorities to curb online freedom, be it by recruiting 'cyber-scouts' or openly threatening users abroad, all with the aim to fight a perceived, invisible threat. What the authorities repeatedly fail to realize though is that it is an uphill battle to marginalize a diversity of opinions and views of the soon 20 million Thai online users: it doesn't really work. They even have admitted it!
*all passages have been translated from Thai by me