Countries across the globe are waking up to the serious threat of cybersecurity. However, not all new legislation surrounding cybersecurity is without controversy.
Thailand has just enacted a new cybersecurity law by passing a bill in the National Assembly unanimously with 133 votes. Multiple clauses within the bill give rise to concern as the legislation prioritizes national security and government surveillance over protection from privacy risks for its population.
The ambiguous wording may allow the bill to be misused in the name of national emergency, raising serious privacy concerns for civilians.
Activists Fear Misuse of the Law
One offending clause in the new cybersecurity bill [PDF] relates to the search and seizure of internet data and devices. Government employees will be able to enforce this clause in cases of national emergency with no independent oversight.
The convention in most countries sees that investigative agencies first receive a complaint before beginning their investigations. Once a suspect is identified, they then need to receive a search warrant before they can enter private premises.
In contrast, the new Thai cybersecurity bill gives government agencies the freedom to enter someone’s property with no warrant and confiscate any devices or equipment if they deem the situation a national emergency. Such liberty is being seen as an inappropriate tool in the hands of the current military-led government and has the potential to be misused. Political activists are usually the first to be targeted in such cases, making the new bill particularly concerning to opposition of the current regime.
Furthermore, the National Cybersecurity Committee, which will carry the weight of the power in overseeing the law, is headed by the current prime minister and contains no industry or civic representation. The potential for such lack of representation to result in the law being weaponized by the government is significant given the fact that citizens have been jailed for comments on social media regarding the Thai royal family.
Privacy rights activists are openly critical of the legislation. The Asia Internet Coalition, an international alliance of tech companies, also opposes the law, arguing that it puts a “loosely-defined” national security agenda over protecting citizens of cybersecurity risks.
Elections Just Weeks Away
Another other key objection held by opposition of the legislation is the proximity of such a decision to the upcoming general elections on March 24. It is usually standard practice in a democracy for major policy decisions to be avoided during such periods.
Activists have unsuccessfully urged the government to halt the progress of this cybersecurity bill until the elections are over. Critics claim that the government took advantage of the current political atmosphere and preoccupation with the upcoming elections in order to push through the bill with minimal opposition.
More Legislation to Protect Personal Information
Interestingly, the very same National Assembly that voted on the controversial bill also passed another piece of legislation that offers protection for personal data collected from members of the public by third parties. After the European Union brought in its strict GDPR (General Data Protection Regulation) laws in 2018, many countries including the United States have realized the importance of data security and want to have their own legislation in place.
The Personal Data Protection Act is the first of its kind in Thailand and will help Thailand to keep up with the privacy trends set by other countries. However, it remains to be seen whether this act will do anything to restrict the government surveillance that the cybersecurity bill could allow. The bill will become law once approved by the King and published by the Royal Gazette.