Thai cybersecurity bill to give junta license to snoop

[Disco Bob]

BANGKOK -- Thailand's unelected parliament is rushing through a cybersecurity bill that would give the military regime sweeping powers to monitor political traffic online.

Digital media analysts say the new legislation contains vague language that would empower a soon-to-be-created National Cybersecurity Committee to target the computers and servers of political opponents under the guise of "an emergency" or as a "preventive measure." Business groups, meanwhile, fear corporate data could be compromised.

The committee is to be headed by the prime minister and include heavyweights from the defense, police, foreign affairs, digital economy and judicial arms of the state. Consequently, experts place little stock in promised safeguards, such as a stipulation that the committee would need a court order before impounding computers and digital data.

 

The legislation in question is one of six digital bills, out of 100 draft laws, the junta's hand-picked lawmakers are hurrying to pass before their term ends ahead of the election, scheduled for March. It was sent to the National Legislative Assembly in December and only included clauses for judicial oversight after howls of protest from a range of critics -- freedom of expression advocates, digital media academics and local and foreign business groups. They had railed against the weakness of judicial checks in early drafts in 2018.

In late November, a ranking Appeals Court judge spoke out against the bill, championed by the Ministry of Digital Economy and Society. The bill lays the foundation for a "police state," said Sriamporn Saligupta, troubled by the way the legislation could help authorities suppress opponents.

 

Kanathip Thongraweewong, director of the Institute of Digital Media Law at Bangkok's Kasem Bundit University, said the cybersecurity bill would enable the powerful committee to "pursue a preventive approach." This way, the state would be able to survey the digital spectrum for political opposition, not just for malware and other cyber risks -- the broad aim of the bill.

"Under Section 67 of the law, if the committee considers there is a threat and an emergency, the committee can act without a court order and do anything with the seized computers and servers," he told the Nikkei Asian Review. "The line between a cyber threat like malware and a government threat is blurred, so the government can look at all internet communication as a potential threat."

Likewise, freedom of expression activists are alarmed at the prospect of the police raiding homes, citing the way the junta has already trod on previous laws with judicial safeguards meant to prevent abuse. "If the bill takes effect, it will give the state authorities enormous power to obtain information freely on any individual, including accessing, making copies and collecting individual information or even entering the house of a person without a court warrant," said Nutchapkorn Nummueng of the Internet Dialogue of Law Reform, a Bangkok-based freedom of expression advocacy group.

The junta has already shown a penchant for using computer laws to hound its critics. The generals who took power in the May 2014 coup gave more teeth to the country's Computer Crime Act in order to target opponents. Scores have been hauled before courts for being "national security threats." And this month, restrictive new rules were imposed to limit what political parties campaigning for the March election can say on social media.

 

The criticism of the legislative push is unlikely to impede the junta's ambitions. The government is expected to get its way after the rubber-stamp parliament passed the first reading of the cybersecurity bill in late December, with 173 votes in favor and one abstention. It was a lopsided endorsement mirrored by a 172-0 vote in favor of the first reading of a personal data protection bill, another of the six digital bills.

Thailand does have a real cybersecurity problem on its hands. The country's decline in global surveys monitoring online threats has underscored the need to strengthen its defenses. One study found that online safety had dropped since 2016, as a result of ransomware attacks, malware infections and spam emails.

The regime is also trying to match Southeast Asian neighbors like Singapore and Vietnam, which have already enacted laws to protect their internet infrastructure. Thai drafters of the bill reportedly drew extensively from Singapore's version.

 

The junta is playing up the significance of the bills, portraying them as pivotal for its "Thailand 4.0" vision of building the digital economy. Other key legislation includes an electronic transaction bill and a digital ID bill.

Digital Economy and Society Minister Pichet Durongkaveroj has cheered the progress of the six bills. He announced this month that they were "New Year's gifts to the Thai people."

But while the government aims to attract foreign investment in the digital sector, the bills are making international business groups nervous. "The operational language is vague and the bill gives the state too much authority to interfere with private business," a representative of one foreign business chamber told Nikkei.

 

Others are also wary of the potential for abuse of corporate data, trade secrets and intellectual property when the cybersecurity committee swoops down after a malware attack. "Company data," one foreign businessman warned, "is at risk of being leaked to a third party.

 

https://asia.nikkei.com/Politics/Turbulent-Thailand/Thai-cybersecurity-bill-to-give-junta-license-to-snoop