140 likes | 299 Views
Thailand Computer-Related Crime Act 2007 Sakul Tunboonek – IT Pattana Co.,Ltd. Examples of Offences committed related to Computer/Internet. Type 1 : Offences by Crimes USING Computers
E N D
Thailand Computer-Related Crime Act 2007Sakul Tunboonek – IT Pattana Co.,Ltd
Examples of Offences committed related to Computer/Internet • Type 1: Offences by Crimes USING Computers • Employees use company’s computer (LAN) to - Send emails with false information to impair the reputation of others • - Access to public web board, and disseminate false information to impair the reputation of others or cause damage to others • - Send mass unsolicited emails or email chain • Send or forward pornographic emails • Type 2: Offences TO Computers • Illegally access to a computer system that has specific security measures which are not intended for his use • - Detect others’ password, or traffic data • Send virus, worm, or malicious codes to attack computer system • Send Dos (denial of service) to attack computer system
Purpose of the Act • Type-1 offence can be (and still are) handled by the existing Thai criminal law • However, prior to this Computer-Related Crime Act, the difficulty was that the computer evidence was not able to use to present to the Thai court • With this Act, now the (trusted) computer traffic or computer logs can be presented as evident • Type-2 offence can be handled by this Thailand Computer-Related Crime Act 2007 • Purpose of the Act • Definition: What are computer system, computer traffic, computer log. Who are service providers • Type-1 offence • Type-2 offence • Responsibilities of the service providers • Responsibilities of the government law enforcements
The Act Body Section 3: Definition Computer Related Offences Competent Officials Computer System Computer Data Traffic Data Service Provider User Competent Officer Minister Offence to the Computer Offence using the Computer Officer Service Provider Sec 26: Keep traffic data not less than 90 days (Up to 1 year upon request) Officer power (sec 18): (1) Request for corporation (2) Request for traffic data (3) Request to submit data (4) Make copy (5) Request to submit possessed data or computer (6) Accessing data (7) Decrypt data (8) Seize computer system Sec 5: Access to Computer Sec 6: Obtain the security measure Sec 7: Illegally access to data Sec 8: Data Interception Sec 9: Damage the data Sec 10: Damage the system Sec 13: Distribute the offensive program code Sec 11: Spam mail Sec 14: Fake, false, offensive data Sec 15: Service Provider Responsibility Sec 16: Alter data to defame others Sec 27: Penalty if fails to comply Court permission (sec 19):Officers request to the court to exercise the power in Sec 18 (4), (5), (6), (7) and (8) Block or Suspend the computer system (sec 20) Officer Responsibility and Penalty: (Sec 22, 23, 24) Obtaining evidence per Criminal Procedure code (sec 25) Officer Appointment (sec 28-29)
The Act was enacted on July 19th, 2007 • Private organization (as a service provider) are to keep necessary logs starting August 25th, 2008
What to prepare – For the Computer System Users - Responsibilities of Computer System Users ie: employees, contractors, suppliers, and anyone who accesss to the company computer systems • Acknowledge that computer data, traffic data and logs can be presented as an evident Penalty: None 2. Acknowledge section 14 Item 14= Input or forward fake or false data which can cause damage to others, undermine national security or terrorism. Input or disseminate pornographies that is accessible to the public Penalty: Up to 5 year imprison, or up to 100,000 THB fine or both
What to prepare – For the Computer System Users - Section 14 Whoever commits the following acts shall be liable to imprisonment for a term ofnot exceeding 5 years or to a fine not exceeding 100,000 Baht or Both; • Input into a computer system wholly or partially fake or false computer data that is likely to cause damage to another person or the public; • Input into a computer system false computer data in a manner that is likely to undermine national security or to cause public panic; • Input into a computer system computer data that is an offence against national security or terrorism according to the Criminal Code • Input into a computer system pornographic computer date that is accessible to the public; • Publish or forward any computer data with the full knowledge that such computer data is under paragraph (1), (2), (3), or (4)
What to prepare – For the Company - Responsibilities of a private company providing computer service to its employees, contractors, suppliers, and anyone who accesses to the company computer systems 1. Keep necessary system logs which can be used to identify the accessing users. The logs are to retain at least 90 days. --- Explanation: Accessing logs include who log on to the network, from what computer, access to where (what web sites), or send emails to who, at when ---- Penalty: Service Provider who fails to provide the necessary logs can be fined not exceeding 500,000 THB 2. If the service provider intentionally supports or give consents to the commission of the offences under section 14, the provider shall be also liable to the same penalty -- Explanation: Company should provide user awareness, or stated the message (log in Banner) when the users accessing the computer system resources -- Penalty: Up to 5 year imprisonment, or up to 100,000 THB fine or both
What questions do you have? Disclaimer: Whilst effort has been made to ensure the accuracy of theinformation supplied in this document, IT Pattana cannot be held responsible for any errors or omissions. We appreciate any suggestions or corrections in order to improve the quality and the accuracy of this documents.
Appendix: Computer Crime Act in other Asia Countries • The Philippines: Electronic Commerce Act 2000 • Malaysia: Computer Crimes Act 1997 • Singapore: Computer Misuse Act • Japan: Unauthorized Computer Access Law 2000 • India: The Information Technology Act 2000