Experience has shown that each step in passing a cyber law takes longer than anticipated, while existing laws need amendments
DON SAMBANDARAKSA
 |
| Nectec deputy director Dr Chadamas |
Work began on updating Thailand's laws for the digital age in 1992, when the National IT Committee (NITC) started work on modernising Thailand's public sector bodies. In 1995, the NITC set up a sub-committee to study the drafting of IT laws. Back then, the NITC secretariat was Nectec, and it was Nectec deputy director Dr Chadamas Thuvasethakul who has worked on these cyber laws for the past 12 years.
In 1998, the NITC sub-committee had identified six urgent cyber laws, which were put to the Cabinet of Ministers for approval. These are laws on electronic transactions, electronic signatures, data privacy, electronic funds transfer, national information infrastructure and computer crime.
Chadamas explained that the intention was to enact a balance of laws to help promote the use if ICT and e-commerce, and at the same time enact laws to prevent people from abusing technology.
The Cabinet gave the green light in 1998 and a law drafting sub-committee was set up under the lead of Sethaporn Cusripituck, who is today one of the NTC commissioners. He decided that the most urgent law was the electronic transaction law.
A draft quickly followed based on model laws by the United Nations Commission on International Trade Law (UNCITRAL) and this law was passed in December 2001.
However, things slowed down in 2002 when the government started to get stuck into the business of civil service reform. This had a direct effect on the laws, as many required an office or secretariat, and there was much debate on which Ministry each needed to be under.
The other delay was that the reform led to the establishment of the Ministry of Information and Communication Technology. All the relevant work under the Ministry of Science and Technology had to be passed to the new, understaffed, Ministry. This included the secretariat of the NITC, which was shifted from Nectec to the MICT's Office of the Permanent Secretary.
Chadamas explained that one of the biggest delays came when the Office of the Official Information Commission felt that the the data privacy law should be under its jurisdiction rather than the MICT. They disagreed so much that they put forward their own draft law to the Cabinet to compete with the Nectec-drafted version.
In the end, the ICT Minister of that time, Suvit Khunkitti, managed to negotiate a compromise whereby most of the MICT's points were included in the OIC's version, but they could not agree on control of the Data Privacy Office would be via the OIC, as an autonomous agency under the Prime Minister's Office, or the MICT.
"The laws merged quite well, but what they can't agree on are the policy decisions, that's why the law is still pending today," she said.
Other changes that happened were the merging of the Electronic Funds Transfer Law into the Electronic Commerce law, and the recent passage of the Computer Misuse Act by the current National Legislative Assembly.
Chadamas said that it was just a coincidence that the first law the NLA debated was the Computer Misuse Act, as it was next in the queue before the September 19 Coup. Also, it was renamed Computer Misuse rather than Computer Crime as its scope was only recently extended to cover new acts such as spam and phishing, which is a misuse rather than a crime in the traditional sense.
However, Chadamas said she is worried about the infrastructure law, which seems to have disappeared off the radar. This law would set up an office with a substantial budget to help provide access for communities. A rural village could have applied to this office for a grant to set up a community telecentre.
The Electronic Transaction Act gave rise to a powerful Electronic Transaction Committee, which has recently decided that two areas need to be regulated as a matter of urgency - Certificate Authorities for signing and e-payment service providers. Royal Decrees are now being drafted.
Chadamas said that her team learned a lot in passing the first e-Transaction law in 2002. Most of all was that each step took much longer than anyone had anticipated, as Nectec had to go around demonstrating and teaching technology to everyone involved, from the legal experts to the parliamentarians and senators who were to vote on it.
"We even had to go to the Cabinet and show them how an electronic signature could not just certify identity, but also ensure that documents could not be changed at a later date," she said.
Today, the e-Transaction committee is already planning two amendments to the e-Transaction Act. First is the establishment of a formal office, as the scope of work is clearly too much for a committee to handle. The second is to truly enable e-Transctions in government.
Today, there are many other laws which refer to documents and make a paperless government impossible. By amending the Electronic Transaction Act with a clause that says proper electronic documents are as good as documents, it is hoped that a paperless government will be nearer to reality.
There is still a lot of work to be done. The acts that have been passed still need decrees or child laws on a practical level. There is also the need to train government officials from police, prosecutors, lawyers and even the judges as to how the Computer Misuse Act works. "There is no point in a law if your local policeman won't take a complaint," she said. This is something that Nectec is considering doing now that the official responsibility lies with the MICT.
Nectec is also calling for the regulation of time-stamping services, as they are an integral part of an e-commerce ecosystem.
However, she pointed out that even without these cyber laws, Thailand can move forward. "There is a difference between something that cannot be done because it is illegal under the current system and contradicts with another law, and something that simply is not regulated. For instance, the data privacy law may not be passed yet, but there is nothing to stop those in the BPO industry putting down their data privacy requirements in a legally binding contract."
The same is true for Certificate Authorities. Thai laws are compatible with the functioning of CAs, but without the CA regulation laws in place, what happened was that people lacked faith in the certificates issued. "It's partially our fault that we didn't reassure the people on this point," she admitted.
Nectec today has shifted its focus and looking at intellectual property management, as it is part of its mandate to promote innovation and technology transfer, preparing Thailand's evolution into a knowledge-based society.
Chadamas refused to get drawn into any controversy as to whether the system had failed. She only said that nine years in the pipeline is a long time, and much longer than many would have liked.
Prev
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Next
