Picture from Instant SSL Blog
Thailand Government Wants To Undermine Website Encryption, Hold ISPs Responsible For Third-Party Content
from the and-that's-in-addition-to-the-country's-native-toilet-snakes dept
Thailand's government has never been considered a friend of internet services or users, thanks to its interest in suppressing dissent/ensuring its king remain unoffended. It has often claimed it has no interest in censoring the internet -- sometimes in statements delivered while shutting down livestreams of discussions with ISPs on how to better censor the internet.
Unsurprisingly, it's not a fan of encryption. The Thai government is currently amending its Computer Crimes Act in hopes of updating its censorship abilities. In addition to codifying ISP compliance with government demands, it's also looking to destroy anything standing between it and full control of internet activity.
On Thursday, 26 May 2016, the Thai Netizen Network (TNN) leaked a report, ‘Ministry of Information and Communication Technology,’ which proposes an amendment to Article 20 of the Computer Crime Act. The amendment will provide the Ministry of Information and Communication Technology (MICT) with the authority to access, block or delete encrypted content on websites.
“The Minister may issue a regulation for Internet Service Providers to delete or restrain the dissemination of computer data, in accordance with evolving technology,” says the seventh page of the document, leaked by TNN. The document specifically names the Secure Sockets Layer (SSL) protocol, one of the most common encryption technologies, saying that to delete or stop the dissemination of data under this protocol, the Ministry requires special methods and mechanisms.
The justification for attacking website encryption is the usual: to access evidence of criminal activity or, more vaguely, content that could result in "public disturbance." The latter is nothing more than the government granting itself the power to shut down anything it doesn't like by blocking or deleting the content. SSL makes blocking websites difficult, so naturally it has to go.
And that's not the last of the government's terrible ideas. It's also looking to hold ISPs responsible for content posted by third parties.
“Any provider who either cooperates or conspires in, or permits a violation of Article 14 within their service provision, shall be punishable in the same way as a violator of Article 14,” reads Article 15 of the MICT’s draft amendment.
Here's Section 14 as it reads now:
Section 14. If any person commits any offence of the following acts shall be subject to imprisonment for not more than five years or a fine of not more than one hundred thousand baht or both:
- that involves import to a computer system of forged computer data, either in whole or in part, or false computer data, in a manner that is likely to cause damage to that third party or the public;
- that involves import to a computer system of false computer data in a manner that is likely to damage the country's security or cause a public panic;
- that involves import to a computer system of any computer data related with an offence against the Kingdom's security under the Criminal Code;
- that involves import to a computer system of any computer data of a pornographic nature that is publicly accessible;
- that involves the dissemination or forwarding of computer data already known to be computer data under (1) (2) (3) or (4).
Section 230 inverted, basically. Whatever is done by the least of ISPs users is done by the ISP (for all intents, purposes, and punishments).
But, hey, on the bright side, the government is looking to torture/kill/disappear fewer dissidents and activists at some undertermined point in the future. (h/t The Grugq)
The human rights community today signaled cautious optimism about the interim cabinet’s move to criminalize torture and enforced disappearance by public officials in Thailand.
Endorsing the bill nine years after its adoption was first urged, the cabinet’s resolution said the law would “enhance the effectiveness” of existing laws and serve “to raise human rights protection in Thailand to the same par with the international standard,” according to an unofficial translation.
Considering the UN and the European Court of Human Rights both consider internet access to be a basic human right, it appears Thailand is still several years away from reaching the lower rungs of international humans rights standards. And by granting itself increased control of the internet, the government is guaranteeing it will soon be encroaching on the limited amount of human rights turf it has ceded.