Understanding Thailand’s revised Computer Crime Act

LOCAL media, rights advocates and the general public in Thailand are railing over amendments to the Computer Crime Act (CCA) 2007, claiming the changes are sweeping in scope, overly-ambiguous, and open for abuses by the military junta government to curtail political dissent.

Thailand is already known for its strict lese-majeste laws – described as the world’s toughest – which are used to protect the exalted royal family from insult or threat. The military government is also seen as sensitive to criticism, particularly of its seizure of power in 2014. The fear is that the rebottled CCA will be wielded as a tool to punish such criticism and that with it goes the last vestiges of Internet freedom in the kingdom.

According to Amnesty International:

“The proposed amendments still allow for the prosecution and imprisonment of computer users who peacefully express their opinions online as well as internet service providers hosting sites where such opinions are posted.

 

The proposed amendments would also preserve the authorities’ power to conduct invasive surveillance of internet traffic – in some cases without prior judicial authorization – and to suppress electronic content deemed to threaten a variety of vaguely defined state interests.”

Bangkok Post, a popular English language news portal, warned in an editorial Friday that the Bill in its current form would “betray its purpose of ensuring cyber security, freedom and privacy for people in the country, the government included.”

In its argument against the amendments, the portal highlighted what it said were troubling provisions in the Bill that would afford “too much power” to state authorities to decide what constitutes a violation under the law.

On Thursday, a petition with over 360,000 signatures objecting to the Bill was submitted to the National Legislative Assembly (NLA), which was then due to see the law through its third and final reading.

In the petition, five key concerns were raised against the Bill: Criminalisation of speech and computer data; intermediary liability – burden of proof; unpredictability of law; expanded investigative power; expanded information control; and surveillance of encrypted information.

In response to the objections, the head of the Thai junta government, Prime Minister Prayuth Chan-ocha, tried to hose down the issue by insisting that computer controls were not rights violations.

SEE ALSO: Thailand approves controversial cyber crime Bill despite protests

“This law is for when anyone posts something that is poisonous to society so that we know where it comes from.

“Don’t think this is a rights violation. This isn’t what we call a rights violation… this is what we call a law to be used against those who violate the law,” he said, according to Reuters.

But clearly, those petitioning against the law felt differently.

In a nutshell, their arguments, summarised from views expressed across numerous publications, say this: The Bill allows the authorities to decide what is or isn’t online criminal activity, and grants them arbitrary powers to arrest and punish anyone behind a computer.

Unfortunately for the petitioners, however, in a country of over 68 million people, their 360,000 signatures were not enough to stop the Bill’s passage through Parliament.

Despite their protests, the amendments were unanimously approved on Friday, with 167-0 votes in favour and five abstentions. It will go to the King for royal endorsement in 20 days and upon publication in the Gazette, will enter into force in 180 days.

For the benefit of our readers, we’ve listed down the few particularly contentious provisions that sparked the expression of outrage from the Thai public.

Source: aksim Kabakou/Shutterstock

More offences, more ambiguity

Section 14: A maximum five-year jail term and a maximum THB100,000 (US$2,700) fine or both awaits the person who enters false data into a computer system that could cause damage to the public, create panic, or cause harm to public infrastructure, national security, public security or economic security.

Those who input any kind of computer data that is deemed as obscene, offensive to the kingdom, or that is terrorism-related will also be tried under the section.

Any person who decides to forward the data described above despite knowing of its potential damage will be subject to the same penalties.

What it means: Ambiguity of the section opens up the law to abuse. Authorities sanctioned by the government can decide what kind of content is considered damaging as well as determine the intentions of the person who posted such content and the person who shared it with others.

Service providers will be punished too

Section 15: Any service provider who “cooperates, consents or acquiesces” to a computer crime shall face the same penalty as the offender

What it means: The section allows the ISP that complies with a minister’s request (via procedural rule) to remove offensive data to be exempted from penalty. However, the existence of such curbs indicates the burden of proof ultimately lies with the ISP under probe. Ultimately this could lead to self-censorship (ie. arbitrary blocking of content and sites) to avoid run-ins with the authorities.

Expanding the scope of the law to include all other offences

Section 18: Offences committed under other laws that were done with the aid of a computer, computer data or computer storage device can also be punishable under this law. The authorities are then allowed to, for the purpose of evidence acquisition, be allowed to seize and hack into systems in order to gain access to the data in question.

What it means: Privacy violations. Investigators can access “traffic data”, which may contain personal data, without a court order in respect of the section. The section also allows the authority to access encrypted computer systems or encrypted data in the system.

Arbitrary powers for government-appointed cyber snoops

Section 20: The “Computer Data Screening Committee”, a powerful five-member government-appointed panel, can recommend an authority to apply for a court order to block or delete content that does not violate any law but that is deemed to be a breach of public order and morals.

What it means: Arbitrary powers to block content deemed sensitive, even if they are not in violation of any existing law. The authorities can act as moral crusaders by policing online content and determining what they feel are breaches.

***

“Thailand’s cybercrime law was already a grave threat to journalists who work online. These vague and overbroad amendments will only accentuate the danger,” said Shawn Crispin, the Committee to Protect Journalist’s senior Southeast Asia representative, said in a statement Friday.

“Thailand’s military government consistently conflates commentary with criminal activity, and these amendments will give officials even wider powers to crush dissent.

“These amendments should be scrapped, and any future changes to the law should prioritise explicit guarantees of press freedom and freedom of expression.”

So what do you think of the CCA revisions? Will they further infringe on free speech and expression, and invade on data privacy in Thailand?

If you need a closer look at the Bill, advocacy group Thai Netizen has this bilingual translation of the amendments.

The Nation, another popular English-language news portal in Thailand, has also put together a simple video to help readers understand the implications of the law. Here it is below:

[Source:-Asia Correspondent]