Thailand’s new cybersecurity law lets authorities violate privacy

Photo Credit: Pexels

Last week Thailand’s national assembly passed a new Cybersecurity Law law that grants the government broad powers to access internet users’ data. Critics say the law’s vague language could be used to violate rights to freedom of speech and expression.

By Skylar Lindsay

Last Thursday, Thailand’s National Legislative Assembly (NLA) approved a new Cybersecurity Law that grants the government broad new powers to collect data on internet users in the country and monitor their behavior.

The law grants the government powers to access citizens’ online data if it’s deemed necessary to ensure cybersecurity. Government officials are permitted to seize computers, search networks, and access and copy any data they require.

Officials will still need approval from a court in order to access users’ data, except in the case of “critical” cyber threats. In case of a critical threat, the government will also have the power to conduct real-time surveillance of all internet users.

Vague definitions of cyber threats and broad powers to access data hint at “martial” cybersecurity law

But the law’s definition of a “cyber threat” is broad, and lacks clarity. It encompasses any online threat to the public order or the security of the state. Critics suggest that the government may interpret this definition to include content that authorities deem politically threatening. In another section of the law however, it defines cyber threats only as threats to computer systems themselves.

“The definition is not clear enough yet. It is still open for future opportunities to interpret it to cover issues of online content,” said Yingcheep Atchanont, program manager at the Internet Law Reform Dialogue (iLaw), a Thai nonprofit.

The broad definitions in the law could be used to target those who post a wide range of content. The Thai government has long used the Computer Crimes Act, which bans any content that undermines national security, to punish people for the content they post online. The new Cybersecurity Law extends government powers and allows data seizures, as well as online surveillance operations.

“The law will not be used to regulate social media, or computers or devices belonging to the people,” said Ajarin Pattanapanchai, permanent-secretary of the Ministry of Digital Economy and Society.



Ms. Ajarin Pattanapanchai, Permanent Secretary of Ministry of Digital Economy and Society of Thailand shakes hands with Mr. Houlin Zhao, ITU Secretary-General.
Photo Credit: ITU/Flickr

To assess the seriousness of a cyber threat and determine whether officials need judicial approval, the Secretary-General of the National Cybersecurity Committee (NCSC) has the power to request access to any information or documents they consider necessary, as well as to real estate or workplaces related to the cyber threat. This again may be interpreted as granting officials sweeping permission to violate privacy rights.

“For the past 5 years, we have seen loads of arbitrary abuse of power and corruption. We cannot trust that all our personal data, from comments on Facebook to online banking activities, will be safe with those who have unlimited power in their hands,” said Prapapoom Eiamsom, a journalist with Thailand’s Voice TV, a news outlet that supports critical dialogue.

Legislators pushed the Cybersecurity Law through quickly and ignored public opposition

Critics also say the new law was passed too quickly and in spite of public opposition, continuing the NLA’s recent streak of hastily-approved legislation. The Cybersecurity Law had been proposed multiple times since 2015 and met with strong public opposition, prompting the NLA to withdraw prior versions of the bill. Last week, the NLA passed it in just 3 hours with 133 votes in support, zero against, and 16 abstentions.

“It would be impossible in a democratic society for this controversial law to be passed with no debate,” Eiamsom told ASEAN Today.

The law was passed amid a flurry of new legislation as the military-appointed NLA hurries to finish its agenda before it closes on March 15, ahead of the upcoming national elections. Since the elections were announced in mid-January, the NLA has passed around 70 new laws. Before January, the NLA had passed about 100 new laws per year according to iLaw.

The People Go Network, a Thai civil society group, delivered a petition to the NLA earlier last week calling for them to stop the legislative blitz, as many of the laws have been met with fierce public opposition. The NLA’s aggressive legislative pace would be near impossible under a fully democratic government. However, as a military-appointed legislature, the NLA doesn’t represent Thailand’s citizens. At present, 58% of NLA members are military officers.

The NLA received recommendations to revise the Cybersecurity Law from foreign tech corporations including a US trade group founded by Microsoft called the Business Software Alliance (BSA). The group says the measure represents a crucial step that brings Thailand into step with international cybersecurity standards. According to Jared Ragland, BSA’s Senior Director of Policy, the new measures will protect Thailand and its citizens as they start to take advantage of new technologies like the artificial intelligence and the Internet of Things.

But the BSA did suggest that the NLA should refine the definition of what situations constitute emergency cyber threats and how this designation will be determined, to avoid abuse of power. Ragland wrote to Secretary Pattanapanchai last November suggesting that the law be revised so that “Any exception to obtaining a court order should be precisely-worded.”

The new cybersecurity law will loom in the backdrop of discussions ahead of the national elections scheduled for March 24.

“The people are supposed to be free from fear and be able to criticise all parties’ policies and campaigns. With this law, some might be afraid to criticise military-backed parties,“ Eiamsom told ASEAN Today.

The upcoming elections have already been plagued by legal troubles for opposition parties. Much of this stems from new election laws, which critics suggest were designed to ensure current Prime Minister General Prayut Chan-o-cha is elected and stays in office. Critics of the new Cybersecurity Law suggest that it will likely be used in the same way – to allow the current military government to preserve the political status quo and remain in power.