Thailand Decides To Make Its Terrible Cybersecurity Law Even Worse

More censorship and encryption-breaking is on the way, thanks to the Thai government's broad interpretation of the term "cybersecurity." The government has been leaning heavily on American social media companies to disappear content critical of" you guessed it, the government. To keep the king from being insulted too often (or for too long), the government is also exploring undermining website encryption and holding service providers directly (and criminally) responsible for the words and deeds of their users.

Another round of amendments has made Thailand's cybersecurity law worse. It seems almost impossible, given its history. And yet here we are, watching as the government gives itself everything it wants, leaving citizens with the dubious privilege of generating tons of data the government can access at will.

The bill (available in Thai) was amended late last year following criticism over potential data access, but it passed the country's parliament with 133 positives votes and no rejections, although there were 16 absentees.

There are concerns around a number of clauses, chiefly the potential for the government - which came to power via a military coup in 2014 - to search and seize data and equipment in cases that are deemed issues of national emergency. That could enable internet traffic monitoring and access to private data, including communications, without a court order.

Naturally, everyone but the government is concerned about these amendments. The Asia Internet Coalition has issued a statement expressing these concerns. All of its concerns are valid. And, considering the history of this law and this government, all are likely to be ignored.

The bugs listed in the AIC's statement are considered features by a government that has a long history of silencing dissent and jailing critics.

Protecting online security is a top priority; however, the Law's ambiguously defined scope, vague language and lack of safeguards raises serious privacy concerns for both individuals and businesses, especially provisions that allow overreaching authority to search and seize data and electronic equipment without proper legal oversight. This would give the regime sweeping powers to monitor online traffic in the name of an emergency or as a preventive measure, potentially compromising private and corporate data.

Vague language and a lack of safeguards. Overreaching authority and lack of oversight. That's exactly what the Thai government wants. This is deliberate. This is what's wanted by governments all over the world. The US government wants this. So does the Australian government. The UK government has spent most of the past decade refining its overreach and scaling back its oversight.

This isn't just a Thai problem. It's a government problem. But the Thai problem is made worse by its disturbing (and ancient) lese majeste laws, which add some old school twists to its cyber pretensions. But the script is otherwise identical: the same ideas pushed by other governments, using the same "security" pitch to strip citizens of their protections and privacy.