On 3 April 2013, the Electronic Transactions Development Agency (Public Organization) (ETDA) organized an event to launch a newly drafted Computer Crime Act (CCA) and solicited input on the draft via its website until 15 April.
According to ETDA, the amendment of CCA can be attributed to that the current version of 2007 CCA fails to cover various offensive actions including spam mail, and misuse of CCA, for example, by invoking it in a defamation suit.
Based on the ETDA’s Draft CCA as of 2013 (released on 3 April), major amendments made can be summarized as follows;
1. Offence related to file copying
The draft law treats “copying” of computer data as an offence. The draft Article intends to protect computer data not covered by Intellectual Property law. One concern is the draft Article can be used redundancies with existing copy rights law.
2. Offence concerning having in possession of child pornography
The draft Article could be treated as a new invention in “pornography” in the Thai jurisprudence since it makes having in possession of child pornographic materials in computer system an actionable case, even having just one porn material.
3. Offence against national security
The offence can be found in Article 14 of the existing CCA. In the draft law, Article 14 (1) which has been misused to hold a person liable for defamation in the past five or six years has been revised and the rewording is made to deal with phishing. Meanwhile, Articles 14 (2) and (3) which previously deal with national security still remain in the new draft, though the penalty rate could be modified to impose a minimum sentence instead of maximum sentence.
4. Liability of service provider
A conundrum of the 2007 CCA is the liability imposed on service provider who “intentionally supports or consents to” the commission of an offence whereby the service provider shall be liable for the same penalty as the offender. In this draft law, the phrase “intentionally supports or consents to” has been that a service provider who “is or should be aware of”, particularly an offence against national security. Nevertheless, the law fails to specify clear procedure or criteria to be used to gauge the intent of service provider. Therefore, the law simply automatically imposes “liability” to service provider.
5. Log file
According to the current regulations, a service provider is supposed to keep log files for up to 90 days. The period can be extended by a special request, but in total not more than one year. In the new draft, it is modified that a competent officer may request the service provider to keep log files up to two years and the Minister may issue a notification to require the maintenance of the log files longer than the period specified in the law.
6. More grounds for website blockade
The provision that provides for website blockade has been changed from allowing a block of websites deemed to infringe on CCA (i.e. pornographic content, national security, false information) to cover offences against any other laws with the use of computer.
7. Expand liabilities in particular on national security
In this draft law, the clause that allows an increase of penalty has been made more flexible. From requiring that the offence has to be carried out against either computer data or computer system related to national security, which still made it most relevant to preventing “computer-related” crime, in the new draft, by invoking just a cause related to national security, an increase of penalty can be done.
8. Police officers are equally empowered just as competent officers of CCA
The ETDA’s draft law adds one more Article that empowers any law enforcement officers who may not be competent officers as per CCA to contact service provider and request for the log files. They can do even more including copying the information, withholding or seizing computer, inspecting computer data, or hack into the system by requesting for help from competent officer as per CCA to in compiling evidence.
9. Access to computer system/data
The ETDA’s draft law provides that access to computer system/data belonging to other person, regardless of the system/data has any protection or not, is an offence.
10. Spam mail
Though the current version of CCA criminalizes spam mail sending, still it is far from resolving the problem since it requires that the identify of the spam mail has to be found, then liability shall incur. The wording does not help to deal with spam mail problem. Thus, in the new draft, it is rewritten that sending an email which provides no options for the receiver to decline the receipt or to unsubscribe from the mail list is an offence.
11. Territorial jurisdiction
The draft law expand jurisdiction of CCA over an offence which is partly committed in Thailand and outside the country as well as in case that the implication of the offence takes place in Thailand, or is foreseen to take place in Thailand, then the offender can be brought to justice within Thailand’s jurisprudence. If the offence is related to national security, the draft law provides that the offender shall be brought to justice within Thailand’s jurisprudence, regardless if there is any request from the damaged party, or if the offence is committed or its implication can be felt partly in Thailand or not.
