Computer Crimes Act too ambiguous

Sawatree Suksri, a lecturer of the Faculty of Law, Thammasat University, who has studied computer-related law in Germany, talked to Prachatai about the 2007 Computer Crimes Act which she finds too ambiguous in many points, including, for example, national security, which has been subject to arbitrary interpretations by the authorities.

With regard to the recent arrests of four persons accused of spreading rumours that rocked the Thai stock market in mid-October, Sawatree said that the charges did not seem to be based on facts as the authorities should have established that the posts were made before the stock plunge. The law which should have been used first for alleged manipulation of stock prices is the 1992 Securities and Exchange Act, not the computer law.  So it seems to her that stock market manipulation is not really the point of the arrests.

Sawatree also wondered why the authorities targeted only internet users and certain websites, instead of the news agency which provided the source article and other news outlets which published the news report.  Perhaps the authorities intend to use Section 15 in which Internet Service Providers are held responsible, and then Section 20 to shut down websites, she said.

Section 14. If any person commits any offence of the following acts shall be subject to imprisonment for not more than five years or a fine of not more than one hundred thousand baht or both:

(1) that involves import to a computer system of forged computer data, either in whole or in part, or false computer data, in a manner that is likely to cause damage to a third party or the public;

(2) that involves import to a computer system of false computer data in a manner that is likely to damage national security or cause public panic;

(3) that involves import to a computer system of any computer data related to an offence against the Kingdom's security under the Criminal Code;

(4) that involves import to a computer system of any computer data of a pornographic nature that is publicly accessible;

(5) that involves the dissemination or forwarding of computer data already known to be computer data under (1) (2) (3) or (4); 

Unofficial translation of the 2007 Computer Crimes Act by the Campaign for Popular Media Reform (CPMR)

The 2007 Computer Crimes Act is riddled with ambiguous legal terms.  The ambiguous terms ‘national security’ and ‘public panic’ in Section 14 (2) are arbitrarily interpreted and easily manipulated to make charges.

The Kingdom's security in Paragraph 3 is clear as it is spelled out in Sections 107-135 of the Criminal Code, which clearly state what actions constitute an offence.  Sawatree questioned whether the intent to include security in a separate paragraph was to allow leeway for the authorities.

And what is public panic?  The term was too vague.  A major principle in writing criminal law is ‘no law, no offence’; there has to be a law which states that a particular act constitutes an offence as well as its penalty.  And a criminal law must contain clear-cut clauses, because the people have to know what exactly is prohibited by law, while the state can only do what is allowed by law, she said.

According to Sawatree, the drafters of the law claimed to base the law on the Council of Europe’s Convention on Cybercrime.  And it is, in fact, a mix of Italian, Austrian, and South East Asian laws, she said.

In her view, Sections 5-13 are concerned with, in her own term, ‘classic’ or old types of computer crime, such as unauthorized access to information, spying, data interception, sabotage, the spreading of viruses or worms, etc.

Sections 14-17 are about cyber crimes committed through the internet or intranets, which involve more victims and wider damage.

The 2007 Computer Crimes Act focuses on the offence of disseminating information, while excluding other cyber crimes such as unauthorized online gambling and intellectual property piracy such as file sharing, bit torrent, etc.

The offence of spreading false information is already stipulated in Criminal Code Section 384, which is however a petty crime with a penalty of imprisonment up to one month or a fine up to 1,000 baht, while the Computer Crimes Act punishes offenders of the same crime with imprisonment up to 5 years or a fine up to 100,000 baht.  Why such a discrepancy, she wondered.

‘This Section 14 (2) should be scrapped, as its ambiguity goes against the principle of the criminal code, and the penalty is far too harsh.’

This section is just one of many problematic clauses in this law.

Section 20. If an offence under this Act is to disseminate computer data that might have an impact on the Kingdom's security as stipulated in Division 2 type 1 or type 1/1 of the Criminal Code, or that might be contradictory to the peace and concord or good morals of the people, the competent official appointed by the Minister may file a petition together with the evidence to a court with jurisdiction to restrain the dissemination of such computer data.

If the court gives an instruction to restrain the dissemination of computer data according to paragraph one, the relevant competent official shall conduct the restraint either by himself or instruct the Service Provider to restrain the dissemination of such computer data.

What is ‘contradictory to the peace and concord or good morals of the people’?  What is prohibited should be specified, she said.

In response to Prachatai’s question as to whether the Computer Crimes Act acts as an extension to the lèse majesté law (Section 112 of the Criminal Code), Sawatree referred to a document from a special committee whose members obviously said so.

Section 20 was added during the period of rule under the 2006 coup junta.

Previously, many websites were closed without public knowledge.  And the authorities were just vague about what power authorized them to do this, until Announcement 5 of the 2006 coup perpetrators and subsequently Section 20 provided official authority.

Sawatree agreed on having a section to close down websites, but the purpose should be to leave them open, until they fall into certain limited exceptions.  However, it turns out that the first step is closure.

In Germany in 2001-2005, there was a case where a few websites involved with Nazi propaganda were closed down.  There was a serious debate as to whether the websites should be closed.  Now it has been concluded that closure should be the final measure, after others, such as warnings, have been exhausted.  But Thai law makers argued about who should have the power to close them, or whether to close websites partly or completely.

Under Section 20, the authorities have to ask for the approval of the ICT Minister, and then seek court orders.  Sawatree suggested this should be instead in the power of a committee which many parties are represented, including, for example, ISPs, the Human Rights Commission, and internet users.

Section 15. Any service provider intentionally supporting or consenting to an offence under Section 14 within a computer system under their control shall be subject to the same penalty as that imposed upon a person committing an offence under Section 14.

This section amounts to self-censorship. It does not distinguish the types of service providers, which include content providers, host providers, or access providers, and inflicts too harsh a punishment.

All kinds of provider are scared of this sweeping punishment and the ambiguity tied to Section 14, resulting in self-censorship.

Sawatree asked whether service providers should be held responsible and penalized as much as those who commit the offences.  There is no reason supporting this clause, she argued.

She felt disappointed with this law, after she had waited 9 years for it, she said.

Comments

To repeat, talk needs to stop

To repeat, talk needs to stop and suing needs to begin. A strong litigation and PR front is needed to go on the attack. Why Thais are not already doing this is a mystery.

Be realistic. Though it's

Be realistic.

Though it's theoretically possible for her to start a lobbying campaign and push for the amendments but in practice it won't happen. That's democracy for you - MPs don't care what she thinks, she is not paying their salaries, and they don't care about Computer law either.

You can't even have a meaningful referendum on it - vast majority of Thais do not have computers, and vast majority of those who do don't have problems with the right to spread false information or offend the monarchy.

The laws are not written by university professors, and when activists like Sawatree are invited to participate they are faced with the juggling act of trying to satisfy all stakeholders. They aren't that many vested interests in the computer field yet, but imagine what Supinya must be going through with all the money involved in broadcasting.

In fact the best chance of improving this law lies with Democrat administration, like them or not.

StanG "thats democracy for

StanG "thats democracy for you",...what exactly do you mean?? military coup style democracy??....ha ha!

No, I mean that the vast

No, I mean that the vast majority of people don't care about Computer Act shortcomings and won't support a campaign to amend it. That's democracy, as in that popular saying - a billion Chinese not only "cannot be wrong", but whatever they think automatically becomes right.

The other day I saw very interesting comment somewhere: "Personally I think it should be so and so, but then I never won any elections".

StanG: Lets hope you and your

StanG: Lets hope you and your yellow, green & blue mates think the same next time the reds win an election again, instead of doing all they can to manipulate them out of power - again!

Wouldn't want to be a hypocrite:)

I think Sawatree made it

I think Sawatree made it perfectly clear that some things are right and others are wrong, and it didn't even occurred to her to check what the majority thinks about it.

And it's not like reds are not trying undemocratic means to get back to power, in fact they are a lot worse when it comes to hypocrisy.

I just wrote a post on Dubai Declaration, and even I think it's mostly nonsense I'm sure reds would try to fulfill it if they were given even a slightest chance.

In fact the best chance of

In fact the best chance of improving this law lies with Democrat administration, like them or not.

StanG: Are you serious? Remember what happen when Prachatai was raided. What was Abhisit's response to the incident, what's his comment back then. And what happens months later? Up to now, there's NONE happened apart from his empty words. It takes more than ignorance to agree with the above line of yours.