วันศุกร์, กันยายน 23, 2559

Thailand’s Draconian Cyberlaws Tipping Toward Totalitarian (“There’s a reason you separate military and the police. When the military becomes both, the enemies of the state tend to become the people.”)

A display panel at the Royal Thai Army's cyber unit taken Sept. 9, 2015. Photo: WeLoveRTA.org


By Don Sambandaraksa, Special Correspondent

September 14, 2016
Khaosod English

Amendments to the criminal code removing judicial oversight of wiretapping combined with new laws on cybercrime, cyber security and even the digital economy all suggest the Good People running the country can no longer distinguish between internal security and external threats.

These laws, as written, may well criminalize satire such as internet memes and have other far-ranging repercussions for free speech and privacy. Proponents argue these new powers would only be used against enemies of the state and are necessary given how much of our lives are now online. Many others shudder at the thought, as the line between the state and those running it increasingly blur.

A government overhaul of the criminal code would allow police to intercept phone calls and computer communication without a court order. The interim cabinet secretly approved these amendments on Aug. 9, according to the Thai Netizen Network.

The reason, ostensibly, is that with more and more of society’s business conducted online, the old framework of communication intercepts led by the Ministry of Justice’s Department of Special Investigations, or DSI, is no longer workable. Computer crime is no longer novel or special. DSI investigators have their hands full – the logic goes – and police are powerless when it comes to intercepting digital communications and gathering evidence.

Because the courts take time to approve these intercept warrants, digital data must be gathered quickly before it is deleted; therefore, the new law eliminates judicial oversight, leaving us with a police force that can intercept our communications at the discretion of its officers – all in the name of efficient justice.

This is the alarming state of things as laid out by Thai Netizen Network’s Arthit Suriyawongkul on the sidelines of a Sept. 8 NBTC public forum oddly described as “stealing money via the mobile.”

Wrong Solutions to the Right Problems?

The forum itself was largely a non-event. It stemmed from a high-profile case last month in which someone lost his life savings of 1 million baht after a cyber-criminal used a bogus ID to get a replacement of the victim’s SIM card issued, which he then used to reset his e-banking passwords and clean out his account.

Thailand has suddenly discovered that phishing happens and real money is lost. Welcome, however belatedly, to the 21st century. In the end, Kasikorn bank refunded the million baht and TrueMove gave the victim a free iPhone 6+ with a year’s free service thrown in.

NBTC commissioner Prawit Leesathornwongsa cynically suggested KBank and True quickly settled the case because the government could not afford bad publicity while rolling out PromptPay, its new national e-payment system. But the PromptPay omnishambles is a story for another time.

It was on the sidelines of the NBTC event that Arthit, a champion for online rights, shared his concerns about the government’s new cyber security laws.

Topping his anxieties is the current revision of the Computer Crime Act, namely its revised Section 16. It would criminalize mere possession of images that are defamatory without even dissemination or, as the law likes to phrase it, “entering into a computer system.”
Section 16. Any person who imports into a publicly accessible computer system of computer data including images of other persons whether or not the images have been created doctored, amended or adapted by electronics means or whatsoever means and by doing so is likely to impair the reputation of such other person or to expose such other person to hatred or contempt shall be subject to imprisonment not exceeding three years and a fine not exceeding 200,000 baht or both.

Section 16/2. Any person who is aware that electronic data in one’s possession is the data ordered for seizure and destruction as to section 16/1, the person is obliged to destroy such data. Any violation shall result in the person having to serve half of the penalty as provided for by the law in Section 16.

Source: Unofficial translation of draft amendment

Yes, when this law is promulgated, merely possessing an image that is defamatory could land you in jail for 18 months.

Arthit said he had asked the MICT subcommittee about this and the reply was chilling: If you do not have any bad intentions, that’s fine. You will have your day in court and you will be cleared.

Since when did Thailand adopt the guilty-until-proven-innocent school of jurisprudence?

Being overseas or even being a foreigner overseas does not help either, as the new 17(2) says computer “misuse” crimes are an extraditable offense. One can imagine many a foreign judge laughing when the extradition requests start flying.

Worse still, the National Legislative Assembly is trying to extend Section 16(2) to cover Section 14. Section 16 is for images, while 14 applies to any information deemed untrue or defamatory. The punishment is incarceration for up to five years.

“So if I grab your phone and write 1+1=3 on it, you can be charged under the new, extended [Computer Crime Act] Section 16(2) if it goes through, couldn’t you?” I asked Arthit.

He laughed and called me silly. Then he paused to consider what he’d just said about presumption of guilt.

Officer SpyWare

The other issue is the ongoing secret amendment of the criminal code to allow police to order so-called lawful intercepts without court oversight.

Arthit said that the cabinet approved the new criminal code on Aug. 9, but that it was kept out of any public documents and did not appear in the official cabinet meeting reports.

“How can we even talk about or oppose a law when it’s kept secret?” he asked.

Arthit explained that the current DSI act requiring a judge’s approval strikes the right balance between investigatory needs and a reasonable desire that other methods have been exhausted first. None of this, he alleges, is present in the new criminal code for police interception.

Arthit said that in light of cybercrime developments, he’s not entirely opposed to expanding police powers, “but there needs to be checks and balances.”

He shared his fear that internal cyber security is increasingly being mixed up with external cyber defense. Granted, in a connected world the lines are blurring. But the lines must remain for good reason.

Bill Adama
As Commander William Adama said in the cult sci-fi series Battlestar Galactica:

“There’s a reason you separate military and the police. One fights the enemies of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.”

The Good People running the country seem to be conflating national security and internal security with these legal amendments, perhaps without malice. Maybe that’s just how they were brought up.

Applying a totalitarian military mindset to internal security may indeed be efficient, but is it the path Thailand truly aspires to take? Are we really so happy with the absence of conflict that we are willing to turn a blind eye while the seeds of guilty-until-proven-innocent totalitarianism take root? Sadly it seems we are.