The Thai government has come under renewed scrutiny this week after it passed a cybersecurity bill that has been characterised by critics as ‘vague’ and problematic for its potential to enable sweeping access to internet user data.
The bill passed without any government rejections, although 16 legislators were absent, and could allow the government to search and seize data and equipment if they classify the situation as a national emergency. This could enable internet traffic monitoring and access to private data, including communications, without a court order.
The government has defended the legislation, stating that the legislation intended to protect networks from cyberattacks and would not enable state surveillance or violate rights. The permanent-secretary of the Ministry of Digital Economy and Society told reporters that the law will not be used to regulate social media, or computers or devices belonging to the people.
However, opponents of the bill are worried it could be used to silence anyone that criticises the government online.
In Thailand, it is already illegal to criticise the monarchy and doing so on social media or other online forums is punishable with a prison sentence. Back in 2017, a Bangkok court sentenced a man to 35 years in prison for a series of Facebook posts that were deemed insulting to the Thai Royal Family.
Aside from concerns around censorship, activists are also worried the legislation would ultimately compromise privacy and the rule of law, driving foreign businesses out of Thailand due to the burden on them to comply.
Controversial legislation throughout ASEAN
However, Thailand is not the only Southeast Asian country to pass controversial cybersecurity laws. On the 1 January this year, Vietnam introduced new regulations that had free-speech advocates worried.
The law prohibits Vietnam’s 53 million internet users from organising with or training others for anti-state purposes; including spreading false information and challenging the country’s achievements or solidarity. It also requires social media companies and technology giants such as Facebook and Google to hand over data and personal information about users and remove any “toxic content” that is deemed to be in violation of the law.
The regulation also requires foreign internet companies to operate a local office and store user information on Vietnamese soil, a directive very few non-native companies have thus-far complied with. Vietnam was reportedly the target of around 6,500 cyberattacks between January and September 2018 and critics of the law are worried that storing vast amounts of data locally will make them a continued target for cybercriminals.