A Question Regarding Thai Law & Proxies.

[Veazer]

I'm writing a short report for a company regarding the Computer Crimes Act of 2007. I have a few questions regarding thai law as it applies to proxies. As most users of this forum are aware:

1) the usage of proxies to circumvent government blocks is illegal

2) the dissemination of instructional information regarding the usage is illegal (ie "how to" guides)

Are these actions illegal because of the computer crimes act or were they covered by previous laws? If they are due to the computer crimes act, then i assume point #1 is covered by section 7 of the act which states (non-official translation):

Section 7. If any person illegally accesses computer data, for which there is a specific access prevention measure not intended for their own use available, then he or she shall be subject to imprisonment for no longer than two years or a fine of not more than forty thousand baht or both.

And I assume point #2 is covered by Section 13:

Section 13. Any person who sells or disseminates sets of instructions developed as a tool used in committing an offence under Section 5, Section 6, Section 7, Section 8, Section 9, Section 10 and Section 11 shall be subject to imprisonment for not more than one year or a fine of not more than twenty thousand baht, or both.

If anyone with legal knowledge about this can comment I would appreciate it.

[TopDogger]

Looks like it could be applied to the use of proxies, for me it seems more geared towards people breaching secure systems to view/alter protected data however.

[Crushdepth]

These bits of legislation look more geared towards deliberate break and enters and development of hacking tools than use of proxies to me.

The use of proxies isn't illegal per se and the government has acknowledged this on several occasions. It's only the use of proxies to circumvent 'officially censored' sites that is supposedly illegal.

Section 7. If any person illegally accesses computer data, for which there is a specific access prevention measure not intended for their own use available, then he or she shall be subject to imprisonment for no longer than two years or a fine of not more than forty thousand baht or both.

The above would only hold water if there is another clause that defines accessing 'officially government censored' sites as illegal. The Thai government frequently exceeds its authority with regards to censorship, so its a bit murky. If they don't have a process for officially designating something as censored, then it would be hard to prosecute someone for using a proxy to access what is otherwise a public website/resource (unless it violated some other piece of legislation).

Telling people how to use proxies to access 'officially censored' sites is definitely frowned upon but I'd be suprised if anyone has (or even could) be prosecuted for it. Most people website operators *treat* it as illegal because practically speaking they do face real sanctions (ie. being blocked) with little recourse.

Edited June 22, 2008 by Crushdepth

[Veazer]

These bits of legislation look more geared towards deliberate break and enters and development of hacking tools than use of proxies to me.

The use of proxies isn't illegal per se and the government has acknowledged this on several occasions. It's only the use of proxies to circumvent 'officially censored' sites that is supposedly illegal.

Section 7. If any person illegally accesses computer data, for which there is a specific access prevention measure not intended for their own use available, then he or she shall be subject to imprisonment for no longer than two years or a fine of not more than forty thousand baht or both.

The above would only hold water if there is another clause that defines accessing 'officially government censored' sites as illegal. The Thai government frequently exceeds its authority with regards to censorship, so its a bit murky. If they don't have a process for officially designating something as censored, then it would be hard to prosecute someone for using a proxy to access what is otherwise a public website/resource (unless it violated some other piece of legislation).

Telling people how to use proxies to access 'officially censored' sites is definitely frowned upon but I'd be suprised if anyone has (or even could) be prosecuted for it. Most people website operators *treat* it as illegal because practically speaking they do face real sanctions (ie. being blocked) with little recourse.

The odd wording on section 7 doesn't exactly help to make things clearer, but i interpret it to mean that bypassing an "access prevention measure" is illegally accessing data. Yikes, can it get any more vague? I guess that means pressing 'Cancel' on the Windows 98 user/password dialog box is illegal, since that allowed you to boot into the system.

I know that proxies themselves are not illegal, just their usage to access restricted sites. The main reason i need to know if it's criminalized by section 7 or an older law is the wording on section 13. Section 13 indicates that distributing a set of instructions that shows how to commit an offence covered by section 7 is illegal. Therefore, if accessing blocked sites using proxies was made illegal by section 7, then telling people how to use proxies would be more than frowned upon but also an illegal act in itself.

[Guest Reimar]

I think that it's already a bit problematic to translate an Thai juristic text to english. And than to get the real meaning is an other point.

I would contact an Thai Lawyer for to explain from the real (thai) text of that documents. Others I want trust.

Cheers.

[TopDogger]

Proxy or no proxy the police can come and take your computer within some other new legislation regardless...

[Veazer]

I think that it's already a bit problematic to translate an Thai juristic text to english. And than to get the real meaning is an other point.

I would contact an Thai Lawyer for to explain from the real (thai) text of that documents. Others I want trust.

Cheers.

Very true, it's something I've given careful consideration to. I've seen two different translations of section 14 and they were similar but far from identical. It's important to know exactly what the law is, and unfortunately to my knowledge the Thai authorities have not provided an official translation.

There is an organization offering consultation services to make sure companies are in full compliance with the act. I think it makes more sense to have the company i am assisting use their services rather than my interpretation of questionable translations.

Proxy or no proxy the police can come and take your computer within some other new legislation regardless...

Sure, but IMHO this is not likely to happen without reason. This is covered in Sections 18 & 19 of the CCA.

Chapter 2

Section 18. Within the power of Section 19 and for the benefit of an investigation, if there is reasonable cause to believe that there is the perpetration of an offence under this Act, then a relevant competent official shall have any of the following authorities only as necessary to identify a person who has committed an offence in order to:

(1) issue an inquiry letter to any person related to the commission of an offence under this Act or summon them to give statements, forward written explanations or any other documents, data or evidence in an understandable form.

(2) call for computer traffic data related to communications from a service user via a computer system or from other relevant persons.

(3) instruct a service provider to deliver to a relevant competent official service users-related data that must be stored under Section 26 or that is in the possession or under the control of a service provider;

(4) copy computer data, computer traffic data from a computer system, in which there is a reasonable cause to believe that offences under this Act have been committed if that computer is not yet in the possession of the competent official;

(5) instruct a person who possesses or controls computer data or computer data storage equipment to deliver to the relevant competent official the computer data or the equipment pieces;

(6) inspect or access a computer system, computer data, computer traffic data or computer data storage equipment belonging to any person that is evidence of, or may be used as evidence related to, the commission of an offence or used in identifying a person who has committed an offence, and instruct that person to send the relevant computer data to all necessary extent as well;

(7) decode any person's computer data or instruct any person related to the encryption of computer data to decode the computer data or cooperate with a relevant competent official in such decoding;

(8) seize or attach the suspect computer system for the purpose of obtaining details of an offence and the person who has committed an offence under this Act;

Section 19. The power of authority of the relevant competent official under Section 18 (4), (5), (6), (7) and (8), is given when that competent official files a petition to a court with jurisdiction for an instruction to allow the relevant competent official to take action. However, the petition must identify a reasonable ground to believe that the offender is committing or going to commit an offence under the Act as well as the reason of requesting the authority, including the characteristics of the alleged offense, a description of the equipment used to commit the alleged offensive action and details of the offender, as much as this can be identified. The court should adjudicate urgently such aforementioned petition.

When the court approves permission, and before taking any action according to the court's instruction, the relevant competent official shall submit a copy of the reasonable ground memorandum to show that an authorization under Section 18 (4), (5), (6), (7) and (8), must be employed against the owner or possessor of the computer system, as evidence thereof. If there is no owner of such computer thereby, the relevant competent official should submit a copy of said memorandum as soon as possible.

In order to take action under Section 18 (4), (5), (6), (7) and (8), the senior officer of the relevant competent official shall submit a copy of the memorandum about the description and rationale of the operation to a court with jurisdiction within forty eight (48) hours after the action has been taken as evidence thereof.

When copying computer data under Section 18 (4), and given that it may be done only when there is a reasonable ground to believe that there is an offence against the Act, such action must not excessively interfere or obstruct the business operation of the computer data's owner or possessor.

Regarding seizure or attachment under Section 18 (8), a relevant competent official must issue a letter of seizure or attachment to the person who owns or possesses that computer system as evidence. This is provided, however, that the seizure or attachment shall not last longer than thirty days. If seizure or attachment requires a longer time period, a petition shall be filed at a court with jurisdiction for the extension of the seizure or attachment time period. The court may allow only one or several time extensions, however altogether for no longer than sixty days. When that seizure or attachment is no longer necessary, or upon its expiry date, the competent official must immediately return the computer system that was seized or withdraw the attachment.

Competent Officials

[Crushdepth]

(7) decode any person's computer data or instruct any person related to the encryption of computer data to decode the computer data or cooperate with a relevant competent official in such decoding;

Interesting.

[Veazer]

(7) decode any person's computer data or instruct any person related to the encryption of computer data to decode the computer data or cooperate with a relevant competent official in such decoding;

Interesting.

Indeed. It essentially just says that officials have right to tell suspects to cooperate, but completely fails to specify what punishment would occur if the party did not cooperate.

Section 17 is my personal favorite, where they seem to imply imply that the law can be enforced internationally:

Section 17. Any person committing an offence against this Act

outside the Kingdom

and;

(1) the offender is Thai and the government of the country where the offence has occurred or the injured party is required to be punished or;

(2)

the offender is a non-citizen

and the Thai government or Thai person who is an injured party or the injured party is required to be punished;

shall be penalized within the Kingdom

.

"Sorry Mr. Johnson, you're being extradited to Thailand because you used a fake name when you sent hotmail to that bar girl in Pattaya."