Cyber security laws - in flux, but set to flex
Agency chief says bills are open to revision as government balances issues of safety with civil liberties
Eight new cyber stability and security bills continue to go through various stages of deliberation. Of particular note to the Thai public are the Cyber Stability and Computer Crimes act, both of which have raised concerns among many activists and watchdog groups who continue to speak out against many specific sections in both bills, which they interpret will potentially allow the government to control civil and privacy rights, and which Life reported on last month.
Currently, both bills are undergoing consideration and revisions by the Electronic Transactions Development Agency (ETDA), a public organisation responsible for the improvement of Thailand's internet infrastructure. To get an update on the drafting process as well as some insights into the rationale behind these bills, Life recently spoke to Surangkana Wayuparb, chief executive of ETDA, who assured the public that many of the seemingly draconian sections often referenced by concerned groups tend to be based on older drafts.
"Any conversation about the new cyber-related bills should be based on the latest draft," said Surangkana.
She adds that the contentious Section 20(4) of the Cyber Crimes act, which granted government officials the authority to shut down websites even if they aren't hosting any illegal content, has been removed from the latest draft.
"We don't want everyone to think that everything is set in stone yet. As long as the laws don't have the approval of the National Legislative Assembly [NLA], they're still up for revision."
Surangkana also said the ETDA and NLA place great importance on public feedback and participation. In fact, the ETDA will soon be holding a public hearing about the current draft of the Computer Crimes Act on Aug 17 in order to garner more of the public's opinions as the bill is being considered by the NLA.
"We are aware that it is possible that we may have neglected to consider certain facets of the issue of cyber security, which other groups may have," said Surangkana.
"But there must also be a balance, as government officials will also need the proper authority in order to do what they must do. We are aware that balancing that authority with public liberty can be a sensitive issue, which is why constructive criticism is always welcome."
Followers of Thai media will most likely be familiar with Section 14(1) of the Computer Crimes Act, particularly in cases of defamation (a lot of which seem to be happening over the past couple of years), as this law prohibits the spreading of falsified documents and "false information online that would cause damage to others". Surangkana says that this latter part is why everyone is now using a seemingly unrelated law with a relatively severe criminal penalty (five years jail, up to 100,000 baht fine) to what should sometimes have been a civil offence.
"We've removed the latter part from the law in the newest draft. It will have to be up to the NLA whether it will remain that way, but this is certainly the direction we want to take in drafting the cyber laws."
Another aspect of the new laws that is commonly criticised is the fact that many sections seem to give government agencies the ability to circumvent the court, such as the oft-referred Section 35 of the Cyber Stability Act, which was singled out for giving government officials the ability to collect any kind of electronic communicative media for the benefit of Thailand's digital stability, all without a court order.
"We would like to assure that in the latest drafts, nowhere does it say that government officials have the authority to take action without a court order," said Surangkana, who explained that some of the laws which seemed to grant government employees unusual levels of authority were intended to solve some of the limitations government officials face today in doing their work. According to Surangkana, under the currently-used laws, government agents are prohibited from sharing any information they obtain that is not relevant to the specific case they are responsible for, even if it is another possible offence. For example, if government officials investigating cyber crimes uncovers evidence of other offences unrelated to cyber crimes, they can't file that information as evidence, and can't be asked to share that information with officials working on an unrelated case.
"It's an issue of practice that we were trying to find a solution for, as computer-based crimes don't always have to do with hacking. It could also be online drug trading as well."
Surangkana also said that the ability to take immediate action could be beneficial in extreme cases, as today, terrorists can very conceivably cripple a country with a few clicks through hacking.
While the seemingly unfettered authority given to the government included in the old drafts was enough to cause alarm, another part of these laws that is often criticised is the fact that many seem to be judged on arbitrary concepts like "national security" and "the people's good values and beliefs". As there is no specific definition of any of these concepts anywhere in the new drafts, critics of the bills have expressed concern that the law could be abused through misinterpretation, much like Section 14(1) of the Computer Crimes Act.
"Abstract concepts that can't be tangibly defined, such as these, should be left to the court's discretion, taking into account other contextual information as well, much of which can't be accurately anticipated. However, the reason the wording of the laws has to remain open-ended is because there are many circumstances that could viably fit in either of those two categories, which cannot be predicted.
"That said, it is actually not difficult to raise examples or cases in which the term 'security' applies, which is why many laws are able to include very precise circumstances/definitions that qualify as a threat to stability. However, it is very difficult to completely define a concept like 'the people's good values'. We may need to rely on public feedback in order to find a commonly accepted standard or definition to the concept.
"We believe that holding forums to allow different groups to discuss a middle ground between civil liberty and regulative measures, and establish an agreed-upon point of balance, will ultimately be good for everyone."