Cybersecurity Bill Would Grant PM Absolute Online Power

Gen. Prayuth Chan-ocha addressing the National Reform Council and National Legislative Assembly on 4 June 2015.

BANGKOK — The chief author of new, comprehensive cybersecurity legislation said Tuesday that giving the government access to private sector computer systems is necessary to protect the nation from cyber attacks.

Major changes were made to the draft of the bill approved Monday by the the junta-appointed reform steering assembly from the version that was previously endorsed by the cabinet. It includes effectively granting the prime minister absolute online power by putting him at the head of a new cybersecurity agency with full authority to access private computer systems without any judicial oversight in cases deemed emergencies.

The president of the steering assembly’s media reform committee today explain the rationale behind the regulation is fairness under the law.

“It’s because cyber attacks happen without regard to whether a system belongs to the government or the private sector,” said retired Air Chief Marshal Kanit Suwannet. “It is just like a water stream. It floods all, without considering whether the house belong to the rich or the poor.”

Kanit assured the law in its present form would not be used to infringe on the rights and privacy of the public.

The draft has already become notorious for its vague definition of what makes a crime “cyber.” The cabinet-approved version said authorized officials can access information via mail, telegram, telephone, fax, computer or any other equipment for the benefit of protecting cybersecurity.

In response to concerns raised the draft’s provisions were too broad, the committee Monday added that officials must obtain court orders yet still left a room for emergency use without any oversight.

“We changed it so those actions must be done under a court order,” said Maj. Gen. Pisit Pao-in. “Except in emergency cases in which delay could cause serious harm, then the officials can access information under approval of the NCSC and immediately report to the court.”

The NCSC is the National Cybersecurity Committee, which would be established by the law with the prime minister, currently Gen. Prayuth Chan-ocha, at its helm.

The law, which has been under in the works for two years, gained heightened significance this week after a worldwide ransomware assault crippled critical computer systems in at least 150 countries, Thailand included.

The proposed bill fits a pattern of legislation introduced in the past year that seem written to grant more intrusive powers to the state than their stated intent, such as the revised Computer Crime Act and pending media “reform” bill.

The changes did not allay concerns about the proposed law’s potential for abuse.

The former technology minister under Prime Minister Yingluck Shinawatra today raised the question of whether its reach might violate rights guaranteed by the constitution.

“This draft seems to be against the supreme law of the country,” said Anudith Nakornthap, head of the ministry then known as Information and Communication Technology. “This law should be issued to protect people, not control people.”

Monday’s amended version placed the NCSC under the control of the prime minister instead of the new tech ministry, the Ministry of Digital Economy and Society. The IT minister and defense minister would serve jointly beneath the prime minister or a deputy prime minister, were one appointed to the post.

The media reform committee, which also oversees telecommunications and drafted a bill to allow government regulation of the news media, also proposed that Gen. Prayuth use his absolute power to establish the NCSC before the law becomes effective.

The idea for the extra-legal establishment of such an agency before it can be legally approved was first proposed late last year.

The revised draft approved Monday will next to go to the junta-appointed legislature for adoption.

 

Related stories:

Junta Weighs Emergency Cyber Committee With Censorship Powers