The Thai government’s ongoing battle over control of the information technology has made headlines yet again in the last few days over the attempts to block access to the whistleblower site WikiLeaks that have spectacularly backfired on Thursday with the people behind the site setting up a dedicated page displaying all Thailand related documents and adding more fuel to the fire by publishing a deliberately provocative open letter to the Thai government.
This considerable brouhaha over WikiLeaks has partly overshadowed another story also involving communication technology and in this case the consideration of control over its contents.
Col. Nathee Suklarath of the National Telecommunications Commission (NTC) has revealed that today’s meeting (Aug 18) has raised the issue whether the usage of the BlackBerry telephone devices (BB) comply with Computer Crime Act of 2007, which states that data files have to be stored for 90 days in order to allow authorities to scrutinize. But BB devices are storing their data abroad, which makes Thailand not able to look into it. This has led into an inquiry to Juti Krai-rirk, Minister of Information and Communication Technology (MICT) to determine whether it complies with the Computer Crime Act or not. […]
“บอร์ด กทช.จุดประเด็นการใช้งาน “บีบี” หวั่นเข้าข่ายผิด กม.กระทำความผิดทางคอมพิวเตอร์“, MCOT, August 18, 2010 (translation by me)
This move comes after the manufactures of the popular BlackBerry devices, Canadian Research in Motion (RIM), has come under increasing pressure by various countries to either let authorities have access to the data (some stating security reasons for the demand) or face a suspension of it’s email and web browsing services. The data on BlackBerry devices are being encrypted and routed over RIM’s serves in Canada. RIM has eventually complied in some cases and agree to install local servers such as in Saudi Arabia.
The NTC has cited the Computer Crime Act of 2007 and it indeed states that:
Section 26. A service provider must store computer traffic data for at least ninety days from the date on which the data is input into a computer system. However, if necessary, a relevant competent official may instruct a service provider to store data for a period of longer than ninety days but not exceeding one year on a special case by case basis or on a temporary basis.
The service provider must keep the necessary information of the service user in order to be able to identify the service user from the beginning of the service provision, and such information must be kept for a further period not exceeding ninety days after the service agreement has been terminated.
The types of service provider to whom the provisions under paragraph one shall apply and the timing of this application shall be established by a Minister and published in the Government Gazette.
A service provider who fails to comply with this Section must be subject to a fine of not more than five hundred thousand baht.
“An unofficial translation of the Computer Crime Act“, Prachatai, July 24, 2007
One can say that the NTC has now at least considered to jump on the worldwide bandwagon to pressure RIM. This can be interpreted as a further sign of the government’s attempt to control the flow of information under the excuse of national security, which many other countries have cited. On the other hand it is yet another country RIM has now to either appease or could it be the first country the company might afford to lose. Given their most recent statements on its growth potential in the region it is very unlikely though.
On Friday morning Thairath reports under the title “BlackBerry users can be relieved, [usage] does not contradict of Computer Crime Act, [says] MICT“, but…
However, offenders can still be tracked. But in cases that require to look into the data that has been communicated through BB that is potentially illegal or not, [the authorities] would then have to ask the firm Research in Motion in Canada for assistance. [Also] the security authorities have to determine whether the security rulings [?] do sufficiently cover or not even though the Computer Crime Act of 2007 cannot enforce services that are based abroad as seen in the case of material offending to the Monarchy being uploaded to YouTube. [click here for background]
So, even though the MICT has given some clarity in this case, does it mean it will still nonetheless try to force ask RIM for assistance the next time there’s a potential case of illegal activity?