A new draft of the contentious Computer Crime law will be submitted to the National Legislative Assembly (NLA) this month.
The controversial draft bill was widely criticized earlier for the amount of control it gave to authorities. However, Article 16 has now been amended so that officials need to seek authorization from the court before dealing with suspected illegal activity, according to Dr Thaweesak Koanantakool, an expert member of the NLA review committee.
Another amendment will require officials dealing with computer crimes and hackers to have certain technical knowledge and background. Their qualifications will be announced by the ICT minister, who will oversee the soon-to-be established Office of Electronic Transactions.
The agenda of the Office will also be submitted to the Cabinet soon, as part of the Electronic Transactions Bill. Functions of the Office will cover policy development, security issues, legislation and standards, and it will be a root Certification Authority (CA).
However, issues still remain for the proposed e-laws. At a recent public hearing, one of the problems highlighted was the definition of a service provider.
Pavut Pongvitayapanu, president of the Thai E-commerce Association, noted that there were three main types of service providers: those that maintain Web sites, data storage providers that provide hosting services, and infrastructure providers such as ISPs (Internet service providers) and IDCs (Internet data centers) that are responsible for Web traffic.
While most offences are made in relation to Web sites, online traffic runs through these three service providers.
High-Tech Crime Center deputy superintendent Pol Lt Col Niwate Arpawasin also noted that the definition of "service provider" covered a broad range of players, and suggested that categories could be added to the Computer Crime Bill after it has been endorsed.
For example, Internet cafes should also be included as service providers because many cyber crimes originate from such places, he said, adding that Net cafes should be required to keep some record of their customers.
"So far the service providers usually have not provided such information, saying that it is because of privacy rights of the user," Niwate pointed out.
The High-Tech Crime Center has been operational for one year, and in that time, it covered around 150 cases that could not be resolved due to a lack of proper laws. The center is staffed by 10 officials trained in Internet investigations.
"The criminals use the Net cafes and Wi-Fi services to access the Internet and attack people or organisations," Niwate said, noting that another challenge is in the area of controlling criminal activity was prepaid mobile phones. "I would like to terminate the prepaid service here," he said.
He suggested that the Computer Crime Bill would be a good starting point in dealing with cyber crimes by forcing service providers to identify their users.
Telecommunications Association of Thailand (TCT) president Anant Voratitipong noted that the National Telecommunication Commission already has measures to protect the rights and privacy of users. Service providers must keep records of the users for no less than three months and no longer than two years.
"I disagree with the idea to have service providers keep traffic data for one year--three months is enough," Anant said, noting that a retention period of more than three months should only be instilled for special cases, such as those that affect national security.
Yanaphon Youngyuen, Commander of the Bureau of Technology and CyberCrime, under the Department of Special Investigation, said storing traffic data is regarded as a cost to the service providers, so there should be consideration of tax incentives as a trade-off.
Play video
There are currently no comments for this post.