Thailand’s new computer crime bill is almost ready… and it is a mess.
Thailand’s new computer crime bill, or more formally known as the computer misuse act, has passed its 2nd reading in the legislature and things are looking pretty grim unless you are the ones implementing this Orwellian nightmare.
Today’s computer crime act is already abused to persecute and quash any dissent. Recently former house speaker and rector of Rangsit University Dr Arthit Urairat expressed his rather colourful but widely held views on the police reshuffle which was not particularly flattering on the police. This was immediately met with the police chief saying that he would prosecute him under the CCA article 14 - entering misinformation into a computer system. The police bigwig in question said that he would also be setting up a committee to see if Dr Arthit’s comments constituted slander.
Article 14 carries a maximum sentence of five years in jail and has a very low bar - Any untrue information entered into a computer system that may damage a third party or the public.
Too often, this means posting a comment that cannot be proven one way or the other on Facebook. Never mind the tiny detail that A14 was intended to prevent phishing and real cyber crimes, those in power have twisted it to facilitate their need to rule by law rather than uphold the rule of law.
Rather than use it against cyber criminals or to actually protect the netizen, A14 has become a catch-all used by the junta to silence and persecute any dissenters.
The sad thing is that the new CCA does nothing at all to fix that and introduces many more clauses that Draco himself would smile at.
Article 20 paragraph 4 allows for the blocking of information that is not illegal but may affect peace or morality. The final say for A20(4) comes under a committee appointed by the minister in charge of overseeing the law.
In other words, this gives a committee appointed by a politician absolute power to censor the internet at will with no judicial recourse or oversight.
Article 15 will tell the minister in charge to issue a set of rules and warnings to force webmasters to take down information so that they will not themselves be prosecuted. This was put in to fix the problems of webmasters ending up in jail for comments put on their website (yes, that actually does happen in Thailand).
However there are two problems. Firstly, the rules are fully up to the discretion of the minister and secondly, there is no formal linkage between A15 and A20. Meaning that even someone complying with A15 can still be prosecuted under A20 under catch-all peace and morality grounds.
Furthermore article 15 would, if a leaked internal MICT slide deck can be trusted, would mean that one of the rules to comply would be to give a backdoor to authorities if encryption such as SSL is used on the website. The ramifications for anyone running anything secure in Thailand be it the e-Commerce startup or a big national bank are impossible to understate given the track record of Thai government agencies in keeping its own systems secure, let alone garding the backdoor keys to all SSL servers in the country.
Then there is the issue of article 16 paragraph 2 which quite frankly makes the rest of the CCA seem quite pleasant.
A16 is better known as the photoshop clause, making it a crime to disseminate forged or modified pictures (the literal translation would be cut and pasted pictures, which is very broad). 16(2) expands 16 to punish anyone merely possessing pictures that fall under 16.
Even worse, the legislature has recommended that 16(2) be expanded to cover not just 16 but 14. In other words, not just possessing cut and pasted pictures but also possessing any false information in your computer before it is even input into another computer.
Let that sink in for a minute.
Not only would 16(2) make it a criminal offence to merely possess modified, cut and pasted pictures but also possession of any untrue information that may damage a third party or the general public.
This would probably make life impossible for whistleblowers or journalists. Arguably any network admin could also fall foul of 16(2). Even people receiving a message that criticizes someone else would be open to prosecution.
In the past saying 1+1=3 was enough to get you persecuted by the state in Thailand. When this new law is finally enacted, just writing 1+1=3 in the privacy of your own home would make you liable for prosecution.
As we see from how article 14 is enforced today, only dissidents and thinkers need worry about the CCA as it is rarely used (even to help) normal people.
Think good thoughts, dear reader, and may you forever be safe from inadvertently committing Thoughtcrime whilst in the glorious and happy Kingdom of Thailand.
CORRECTION: An earlier version of this report incorrectly stated that Article 14 carries a maximum sentence of 10 years in jail. It is in fact five years.