BlogsRSS

A cashless big brother society by end 2016?

Thailand’s new economic dream team is in a mad rush to make its cashless society a reality by this October. But is the technical competence there and do the people really want an all-seeing big-brother in their wallet?

Over the past month there have been a number of major data leaks by a variety of Thai government agencies. One was the leak of immigration data in the south of Thailand. A developer hired by immigration had used live immigration data in a web application that would show exactly where every foreign resident in the south of Thailand was living, complete with details such as passport number, job and address on an interactive map. Somehow that story went quiet after the developer issued an apology.

More recently, the Bangkok Metropolitan Administration put up files containing the name, date of birth, ID number, address and bank details of every pensioner in one of the districts of Bangkok. ID numbers are assigned at birth and cannot be changed.

Those were just the incompetent data leaks.

Anonymous has been having a field day too, leaking various logins and passwords every now and then.

Last year they leaked CAT Telecom’s user data, first redacted, then when confronted with denial, released it again without the redactions.

But that is not the scary part. The scary part is the way the authorities have dealt with the lapses in security and attacks by using the tried and tested ostrich head-in-the-sand methodology combined with a let’s-shoot-the-messenger mentality threatening any activist pointing this out with prosecution under Thailand’s draconian computer crime act.

Now this probably would not be much of a problem for a society and bureaucracy that is still very much based on paper. But despite not having a clue on how to deal with hackers the country is rushing headlong into the darkness in a mad rush to implement a mobile-phone number based national e-Payments system by this October.

The system revolves around using a phone number or ID number as the AnyID to make and receive payments. The payment system was unveiled by the Bank of Thailand called PromptPay. This payment backbone is scheduled to go live on 15 July.

Small value transactions under $141 (5000 baht) are free, rising gradually to a maximum of $0.28 (10 baht) for payments over $2833 (100,000 baht).

Totally oblivious to any privacy concerns, at the launch, the Bank of Thailand actually said that the new system would allow for all transactions to be recorded and later verified.

Yes. That is something that everyone wants to replace their cash.

Last week in the United States, Black Lives Matter activist Deray Mckesson had his Twitter account hacked by someone pretending to be him, calling up his telco (Verizon) and asked them to forward all calls and SMSes to another number. Then they used the SMS to reset Mckesson’s twitter password.

If that can happen in the US, just think of how much mayhem Thailand would face when the only safeguard against the telecoms regulator’s preferred paperless number portability request is a minimum-wage immigrant convenience store worker glancing at an ID card, ID cards that are regularly left at reception in every office building or compound in the country. Not to mention that the ID card system itself does not have any signature component or PIN protection despite being smart cards for the last 12 years.

The system goes live on October 31, a date that is no doubt in the diary of cyber criminals all over the region.