BANGKOK: A proposed cybersecurity law in Thailand would give a new government agency sweeping powers to spy on internet traffic, order the removal of content, or even seize computers without judicial oversight, alarming businesses and activists.
Civil liberties advocates, internet companies and business groups are protesting the planned legislation, saying it sacrifices privacy and the rule of law, according to interviews and documents reviewed by Reuters.
The legislation, likely to gain approval by year-end, is the latest in a wave of new laws in major Asian countries that aim to assert government control over the internet, further undermining the Western ideal of a global network that transcends national borders.
It would grant a newly created National Cybersecurity Committee (NCSC) the authority to access the computers of individuals or private companies, make copies of information, and enter private property without court orders.
Criminal penalties would be imposed for those who do not comply.
The NCSC could also summon businesses or individuals for interrogation and force them to hand over information belonging to other parties.
“Cybersecurity policy should be respective of privacy and rule of law,” the US-Asean Business Council said in letter to the Thai government that was not released publicly but was obtained by Reuters.
“Enforcing cyberspace cannot come at the cost of sacrificing privacy, civil liberties, and rule of law.”
The letter also warned requirements such as forcing companies to alert the agency of cyber threats or even anticipated ones would impose “a very heavy burden” on businesses and should be removed.
Tech giants Google, Apple, Facebook and Amazon are all members of the council.
The Singapore-based industry group Asia Internet Coalition (AIC), which represents the four US giants and seven other major internet companies, also warned the law might drive businesses out of Thailand. The AIC, in a public statement, cited concerns about government surveillance and criminal liability for defying NCSC orders, among other issues.
Somsak Khaosuwan, Deputy Permanent Secretary of the Ministry of Digital Economy, which is in charge of the law, told Reuters the government is now discussing revisions of the draft and would take the concerns into account.
“The law will conform to international standards… The team working on the law will certainly listen to the issues that have been raised,” Somsak said.
“There is nothing scary about it,” he added, declining to elaborate on possible revisions.
The draft law does not contain specific provisions on hot-button issues such as ‘fake news’ or requirements that international tech and social media firms store data locally.
Internet companies are currently battling governments over such issues in countries including India, Vietnam and Indonesia.
But the Thai law would grant the new NCSC “sweeping powers, holding a monopoly on all things cyber in the country…without being subject to check and balance, control, or regulation,” said Sutee Tuvirat, a cybersecurity expert with Thailand’s Information Security Association.
“If anyone is more powerful than the Prime Minister, this is it.” Civil rights advocates worry Thailand’s military junta, which actively censors the internet and often casts criticism of the government as a threat to national security, will use the new law to further codify its censorship regime.
The NCSC would be empowered to order removal of “cyber threats” and override other laws when they are in conflict.
The latest draft of Thailand’s new Data Protection Law, also expected to be approved this year, correspondingly says it does not apply to “national security agencies,” including the NCSC. — Reuters