Vagueness and Obscurity in the policies could pave the way to the abuse of civil rights.
According to the speakers, there are sections in the Computer Crimes Act where terms are not defined. For example, “ISP liability” does not define the different types of service providers, but rather has blanket and strict liabilities defined.
In Section 20 of the Computer Crimes Act which that tackles website blocking, the guidelines for what kind of content will be blocked is unclear. Ideally, according to one of the speakers, there is a process that needs to take place before a website can be blocked — the public complains about content that is against “public morality”, the ICT Ministry reviews the complaints and decides if a website should be blocked, and then the case goes to court, which will then have the final say in censoring a website. In the current approved draft of the Computer Crimes Act, censorship of websites is now under the sole discretion of the ministry — with no course for appeal.
National Security posing as Cyber Security.
The Cyber Security Act, according to one speaker, conflates ‘cyber security’ — the protection of the data system which allows for secure transactions and communications — with ‘national security’, which is the protection of the state.
Furthermore, the act doesn’t properly define what “critical infrastructure” means. In cyber security, “critical infrastructure” means the services necessary to run networks and to transmit data. This refers to “access providers”, “hosting providers” , and “cache providers” as defined by European Union policies on cyber security.
In Thailand, the lack of definition, or the broadness in defining what “critical infrastructure” means results in the Cyber Security Act’s scope extending beyond internet communications and networks, to include all communication channels in its purview.
More alarmingly, the Cyber Security Act requires the creation of a National Cyber Security Committee that monitors such communication channels with the primary goal of national security, rather than for the purposes of securing the data networks and systems to allow for business transactions to thrive.
The pending laws don’t encourage a vibrant digital economy in Thailand.
The heavy obligations create a “self-censorship” environment for Thailand-based inernet providers. This results in Thai internet users opting for non-Thai providers, which in turn, impacts the digital economy in Thailand.
The pending laws endanger civil rights in Thailand.
These laws are vague and broad with heavy penalties for all providers and citizens, and their implementation rests of the sole discretion of the ministry and its committees. Committees that don’t represent the Thai citizenry, according one of the speakers.
That will mean giving the state too much power over what citizens can publish online.