BlogsRSS

Reading between the lines of Thailand's SIM tracking debacle

The recent spate of bombings in Thailand coincided with a debate about whether or not to introduce special tracking SIM cards for foreigners in the country in the name of national security, not that the argument made much sense to begin with.

The idea was first floated by NBTC secretary-general Takorn Tantasit, who stressed the policy didn’t come from the military government but came from a meeting of telecommunication regulators of 10 ASEAN countries in Phuket on August 2. Special tracking SIMs would be issued for foreigners. After the inevitable backlash came, the message changed so that it would be only for foreign tourists and not expats.

Besides, Takorn said, he already had network based information on where every Thai person was. He hastily added that such information would only be released by court order.

Here the story starts to break down. Takorn said something about how a 15-day period before the numbers were recycled would be good for telcos.

So something that started off as a super-surveillance program aimed at tracking every single alien in the country in the name of national security turned into a number reuse efficiency measure for the telcos.

Reading between the lines, I would like to bring attention to the fact that he wants special SIMs issued and that it is not a privacy violation as he already has all the information anyway.

Of course, if he had all the information anyway, why would special SIMs be needed? And the Thai/foreigner narrative makes no sense. It is not like Thais need to register for SIM cards but foreigners do not.

Then the bombs went off, innocent people died and everyone forgot about it. Plus everyone was more interested in his comments about Pokemon Go rather than the privacy rights of a handful of foreign tourists in the country.

The official story regarding the bomb detonation did not help. Initial stories said there was no SIM leading to jokes about how the bombers trolled the authorities by using a phone’s alarm clock to set off the bomb or how the NBTC might ban watches next; then they said the SIM was destroyed and only this week the story changed again and we are now told there was a Malaysian SIM that was used to detonate the bomb.

Thailand’s great SIM registration drive failed to come up with a name or to stop the bombs and, in this use case scenario, unless they actually ban roaming, even those special tracking SIMs for foreigners would not have helped.

On a technical level, I was recently asked to speculate what Takorn was on about. In March last year, AIS launched a SIM-based tracking system partnering with a company called W-Locate. The system works on any phone, even a dumb 2G phone without GPS or data services. A SIM-based applet queries the phone for cellsite data and signal strength and then sends that data back to a server via simple SMS or USSD. The triangulation is made in the cloud, not on the phone, and at a fraction of the power requirements of GPS tracking.

Could it be that Takorn was talking about a W-Locate type solution for his special SIMs for foreigners? Perhaps.

If we dissect his other comment - that it is not an invasion of privacy for Thais as he already had that data; and that such data was protected and needed a court order, this scenario makes even more sense.

By coercing the telcos to issue special SIMs such as the W-Locate type SIMs privacy then depends on who runs the location server rather than the telco. If the NBTC, or perhaps one of the country’s security agencies, were to run the W-Locate server, that way, location information is no longer just in the telco but in an agency which might well be more cooperative in releasing that information without judicial oversight.

This is conjecture, but it does fit the comments that Takorn made and with personal experience in the past with sources who either refuse to use AIS or Dtac because they say they know the other side is bugging them illegally.

But why stop with foreigners? Or were foreigners really the target to begin with as everyone, foreigner or local, needs to have their SIM cards registered in theory (dealers are still happy to bulk register SIMs to meet sales targets)? Perhaps it is all about getting the infrastructure in place ostensibly for foreigners with no right to privacy, then covertly issue these tracking SIMs to dissidents or political opponents and have their whereabouts monitored on some secret state sever. The Northern Ireland model comes to mind. The Irish Republican Army liked to hold secret meetings in new cars fresh from the dealerships as they were confident they were not bugged. The British ended up bugging entire batches of new cars in response to get at their intelligence.

Maybe I am wrong. I hope I am wrong. But everything that has happened in recent years - the new frequency act and other digital economy laws, the new computer crime act, the Single Gateway initiative (now relaunched as the Big Gateway) not to mention throwing piles of cash at state telcos CAT and TOT for dubious projects (a three-page TOR for billions for a firewall for villages comes to mind) point towards a totalitarian, controlling mentality.

Someone needs to remind the people running Thailand that Nineteen Eighty-Four was meant to be a warning, not a to-do list.