Since the beginning of the year, the military-led government of Thailand has been focusing on increasing their surveillance capabilities, both from a legal and technical standpoint.
This statement was originally published on privacyinternational.org on 29 January 2015.
Since the beginning of the year, the military-led government of Thailand has been focusing on increasing their surveillance capabilities, both from a legal and technical standpoint.
The succession of attacks against the right to privacy has been alarming. Two bills were approved – one creating a new State agency with unchecked surveillance powers and one extending the police’s capabilities to conduct interception. The bills will now be sent to the Office of the Council of State and back to the Cabinets. Criticism from civil society organisations seems to have been heard, as the ministry of ICT apologised on Saturday for the “rushed” legislation.
The government has additionally called for greater regulatory power over the telecommunications sector. And just this past week, leaks revealed that the military-led government is trying to intercept encrypted internet traffic.
The new laws and powers being brought into force by the junta are deeply concerning, and could expose the Thai population to a surveillance by default. This series of announcements appears even more alarming in the current Thai political context, where oppressive measures have multiplied since the coup in May 2014 and under the interim constitution.
Access to all communications in Thailand
Under the guise of creating a “digital economy” development package, the military-led government of Thailand approved on January 7th a Cyber Security Bill that creates under section 35 a new State agency to access all communications of Thai citizens, allegedly to address the issue of “cyber threats.”
According to Privacy International’s partner, Thai Netizen Network (TNN), the National Committee for Cyber Security has the mission to oversee threats to national cyber security, which is described as online threats related to national security, military security, stability, economic security, and interference on internet, satellite, and telecommunications networks.
To address these threats, the committee, would be “authorized to access all communication traffic via all communication devices, such as post, telephone, mobile phone, internet, and other electronic devices,” according to independent media outlet Prachatai and based on TNN’s analysis.
While only a few details are available regarding the bill, allowing an institution to conduct systematic surveillance of communications for no legitimate aim without a test of proportionality constitutes a gross breach of the right to privacy. It trivialises the interception of communications, a most intrusive act that should be reserved for strictly limited and well defined cases.
Pressure from civil society organisations has however proved to be successful. TNN launched a petition that gathered almost 20 000 signatures, within just a few days. On Saturday, Surangkana Wayuparb, chief executive of the Electronic Transactions Development Agency admitted the bill had been “rushed”: “We admit our mistakes, particularly Section 35 of the Cybersecurity Bill, as our working team had to rush to draft all 10 bills so we could enforce them before the next general election.”
While officials have said the bill will be reworked to include more safeguards, it remains unclear in what manner the bill will be improved to meet international standards.
From a military-led government to a police state?
The same week, the junta approved the Cyber Security Bill they also gave a green-light to a new bill allowing all divisions of the police to intercept communications. While police should be, under law, permitted to conduct interceptions of communications in specific and clearly-defined cases, the new bill raises some objects of concern.
First and foremost, a special unit of the Thai police is already entitled to obtain a court order to conduct interception of telecommunications for special cases. The bill aims to generalisee the use of interceptions for police investigations.
The bill therefore implies that spying on communications is a legitimate practice regardless of the offence and that any police investigation – however minor the felony is – could demand a warrant to intercept communications. We may ask if with that bill, the junta wants to head toward a world where police in Thailand could listen to your phone conversations if you exceed speed limits on the road.
According to Kanathip Thongraweewong, a privacy law academic and Associate Professor at St. John’s University in Bangkok, the absence of public oversight to keep the judicial oversight in check is also of concern.
No escape: state-controlled telecommunication providers and broken encryption
Beyond the bills aimed at giving more surveillance powers to law enforcement agencies and a new government agency, measures have also been taken to guarantee technical access to people’s communications.
Leaked documents published by Thai Netizen Network reveal that the government has developed a system to intercept the content of “https browsing”. Internet traffic using the protocol SSL is normally encrypted, which in everyday life provides us with the security to do many things with confidence, like email or online shopping and banking. The government appears to have developed a system that interferes with encryption and security protocols to allow authorities to snoop on the content of internet traffic. According to Prachatai the system is already being tested but it remains unclear if it has been deployed.
As if that were not enough, the junta is also taking additional steps to bring the telecommunications sector under greater control. The government last year ordered the delay of an auction to grant portions of the telecommunications spectrum to private companies. The auctions are normally organised by the independent National Broadcasting and Telecommunications Commission but the ministry suggested at the end of last month that it should become instead the responsibility of the National Digital Economy Committee, a committee under the authority of the ministry.
This demand suggests not only a move toward more control of private telecommunications providers but also a way to give a greater role to state-owned telecommunications providers. Indeed, according to the Bangkok Post, the Minister Pornchai Rujiprapa also said that “a portion of the spectrum should be reserved for the country’s state-owned operators to serve public interest and ensure national security.”
All these measures are all the more concerning in the current political context. Ever since the junta came to power in May 2014, the number of arrests for crime of lèse-majesté – or speaking ill of the monarchy – has skyrocketed. The government has been using Facebook as a way to track potential lèse-majesté offences and threatened to install sniffers to monitor internet traffic for that very same goal.
Privacy International welcomes the declaration from the ministry of ICT regarding the revision of the Cyber Security Bill and calls the Office of the Council of State to take into account the criticism coming from Thai civil society organisations when reviewing the bill. Any laws granting the State surveillance powers must be necessary and proportionate, be legitimate in aim, not undermine the security of our communications, and require authorisation from an independent judiciary. While the debate goes on in Thailand about what powers will be granted, any bills that fall short of international standards poses a serious threat to human rights.
The junta has been promising upcoming elections in Thailand, it is time for them to realise that real democracy cannot come without the right to privacy.
