Development and Concerns over "Digital Economy" Bills in Thailand
1. DEVELOPMENT AND CONCERNS
OVER “DIGITAL ECONOMY” BILLS
INTHAILAND
@bact Arthit Suriyawongkul
@thainetizen Thai Netizen Network
#RightsCon 25 March 2015
1
2. CONTEXT
• Post-coup
• “Digital Economy” as government agenda
• A set of laws in different areas
(Originally 12 from Ministry of ICT + several more from
other agencies, like Incitement Bill)
• 8 Bills got approved by the Cabinet within a day without
knowledge of related government agencies
2
3. STRUCTURE + RESOURCES
• Ministry of Digital for Economy and Society Bill [renaming MICT]
• Digital Development for Economy and Society Bill
• National Digital Committee for Economy and Society + Digital
Economy Promotion Office + Digital Development for Economy and
Society Fund
• ElectronicTransaction Development Agency Bill (amendment)
• ElectronicTransaction Bill (amendment)
• Broadcasting andTelecommunication Regulator Bill (amendment)
3
4. CRIME + PROTECTION
• Computer-related Crime Bill (amendment)
• Personal Data Protection Bill
• Cybersecurity Bill
• Incitement Act
• Criminal Procedure Code (amendment) [Lawful interception]
• Criminal Code Amendment [Child pornography]
4
5. CAMPAIGN
• 20,000 signatures within two weeks on Change.org.
Letter submitted to National Legislative Assembly,
National Reform Council, and Constitution Drafting
Committee.
• After that, ElectronicTransaction Development Agency
(the law drafting team), NLA, NRC, Council of State, and
Law Reform Committee all held consultation meetings/
public hearings
5
8. CHILD PORNO EVERYWHERE
• Section 16/1 in Computer-related Crime Bill
• Incitement Bill
• Criminal Code Amendment
9. INTERMEDIARY LIABILITY
• Section 15 of Computer-related Crime Bill will
fixed it
• Section 22 of Incitement Bill will reintroduce it
10. CYBERSECURITY BILL
• Power of National Cybersecurity Agency over
private sector, and individuals (Section 33, 34)
• Access to communication data (Section 35)
• Mixing up cybercrime, cybersecurity, cyberwarfare,
cyberterrorism, …
10
11. CYBERSECURITY BILL S.34
• Section 34 In case where it is necessary, for the
purpose of maintaining Cybersecurity, which may
affect financial and commercial stability or national
security, the NCSC may order a private sector
to act or not to act in any way and to report
the outcome of the order to the NCSC as
required by the Notification of the NCSC.
11
12. THE USE OF SECTION 34
• 15 Dec 2015, MICT set up
a working group to break
SSL. So they can monitor
social media.
• Section 34 can be used to
ask ISP to deploy fake SSL
certificate?
12
13. DATA PROTECTION DEBATES
• Should National Cybersecurity Agency a secretariat
office of Data Protection Committee?
• Consent at Collection — which way to go?
• Yes — EU Data Protection Directive
• No — APEC Privacy Framework
• Vague exceptions for journalists, research, etc.
13