The Thai Parliament had on 28 Feb 2019 passed an act titled 'The Cybersecurity Act'.
This act apparently allows the government of Thailand to assert control over the usage and application of the Internet in Thailand.
Few interesting observations were noted based on the reports commenting on the passing of this Act:-
The Act encompasses all procedures from everyday encounters of slow internet connection to nationwide attacks on critical infrastructure
If a cybersecurity situation reached a critical level it allows the National Security Council (NSC) to override all procedures within its own laws
There is a National Cybersecurity Committee (NCSC) who under the Act can summon individuals for questioning and enter private property without a court order in case of actual or anticipated serious cyber threats
There is a Cybersecurity Regulating Committee (CSRC) who have powers to access computers data and networks, make copies of information and seize computers or any devices. The CSRC does not need a court order in cases if it is an emergency and a penalty will be imposed for non compliance to the actions/instructions by the CSRC
A Personal Data Protection Act (PDPA) was also approved. The PDPA apparently was modelled after the GDPR in EU
Back in February 2019, we wrote an article titled 'Cybersecurity Law - what do we understand’ in 2 parts.
The above interpretation (as in understanding the English language version of news report) of the Cybersecurity Act in Thailand is a clear example of what we said in our 2 articles posted.
The law and policy makers’ understanding of cybersecurity and its interpretation and implementation is very much different from the understanding of cybersecurity professionals.
In another write up posted on 20 Feb 2019, we asked and wondered whether Thailand who will be holding their General Elections at the end of March 2019 would be at risks from a cyber attack prior and running up to the elections. Our question has now been answered with the passing of this Act prior to the elections.
In understanding the English language version of the news reporting on the Act, it is clear that the Act has a lot of 'grey' areas which could be subject to various and open interpretations, a situation which could lead to potential abuses if it is not administered in the interests of the country.