The Computer Crime Act has been in place for more than five years, but there have been incidents and concerns over its practical enforcement due to the rapid changes in information technology. Agencies are now attempting to propose amendments to the law to make it correspond more accurately to modern Thai society and global standards.
The Computer Crime Act involves several social and financial issues, from e-transactions to the thorny topic of lese majeste offences allegedly committed online, which have become one of the most debated social and legal concerns.
The Electronic Transactions Development Agency (ETDA) has been assigned by Information, Communication and Technology Minister Gp Capt Anudith Nakornthap to study and analyse the problems and consider possible amendments to the present law. Using research, focus groups and working groups to gather ideas, the ETDA expects to submit a draft amendment to the Council of State by the end of this year before progressing to cabinet by the end of next year. It's expected that any changes to the law will become effective over the next three years.
The existing law has greatly impacted internet users and service providers, and some sections of the law have become linked with continuing political and social conflicts. Most observers believe that the mechanism of the law is not flexible enough or sufficiently well-defined. The proposed amendments will try to reset the methodology in order to improve the law's ability to deal with critical issues.
Besides studying regulations of the related laws of Thailand and foreign countries and the concerns over the current law, there is also a working group comprising experts and representatives of the organisations involved. Several alterations will be proposed, and the draft will add points to cover areas including spam mail, identity theft, security offences and child pornography.
According to Pol Col Siripong Timula, deputy commander of the Technology Crime Suppression Division, 90% of internet servers used in Thailand are hosted abroad, including those of YouTube and Facebook. Naturally, the jurisdiction of Thai law doesn't extend outside the country.
Many countries, such as the US, have no equivalent offence to lese majeste, although the Criminal Mutual Cooperation Act can be applied.
"What we can do today is just block the site within Thailand's territory, however it has been widely criticised that this means the limitation of freedom of users," said Siripong, who added that most of the cases currently dealt with under the Computer Crime Act are about lese majeste, defamation and computer fraud.
Mark Charoenwong, a public prosecutor attached to the Office of the Attorney-General, noted that the Section 26 of the law states that service providers must keep log files for at least 90 days and must be able to authenticate them in order to define users. He said problems ensue from this. He believes that the section should be adjusted to state exactly what kind of information should be kept in the log file, how long it should be kept, and who is responsible for it.
Most importantly, the law must try to balance national security with a guarantee of freedom of speech for individuals.
Google Thailand public policy and government affairs manager Phichet Rerkpreecha suggested the draft should include a "notice and takedown" measure. This is more or less a flagging system _ a process operated by online hosts in response to court orders or allegations that content is illegal. Potentially illegal content can be removed by the host after receiving an official notice.
"Under the present law, the regulator solely enforces the rule. But a 'notice and takedown' is a collaboration between the private sector and the government. It comprises three parties: government, platform service providers and users," says Phichet, adding that abroad, such notices are widely used in cases of copyright infringement, as well as for libellous content.
It is a significant mechanism that has been adopted by, among others, the US, UK, countries in Europe, and, in Southeast Asia, Singapore, Malaysia, the Philippines and Indonesia.
ETDA director Surangkana Wayuparb noted that Thai people lack security awareness, an issue many governments consider critically important.
The agency has established focus groups to specifically cover the areas of freedom of speech, law enforcement, consumers and victims, and information security.
"We are also working on a report about the threat status of Thailand and other countries which is expected to stimulate public awareness on cyber security and the law adjustment, especially the issue of hacking," said Surangkana.
The newly set up National Cyber Security Committee, chaired by Prime Minister Yingluck Shinawatra, will also enhance the strength of information security against such threats as hacking.
According to the Thai Computer Emergency Response Team (ThaiCERT), the primary cyber threats in Thailand last year were fraud (69.3%), intrusion attempts (10.3%), information gathering (7.9%) and malicious code (7.4%).