Online Service Providers Face Fines, Imprisonment Under Computer Crime Act
07 September 2012
Online service providers in Thailand can face fines or imprisonment for violations of the country’s Computer Crime Act BE 2550 which occur on their networks, says Dan Greif, a partner at Siam Premier International in Bangkok. Greif says the law makes it a criminal offence under Section 14 where a person (1) inputs into a computer system any obscene data which is accessible to the public; (2) inputs into a computer system any data in violation of national security according to the Thai Criminal Code; or (3) inputs into a computer system false data in a manner likely to cause injury to national security, another person or the public. Such offences shall be punished with imprisonment not exceeding five years and a fine not exceeding B100,000 (US$3,200), or both.
In addition, he says, Section 15 of the Act provides that any service provider giving others access to its computer system who intentionally supports or consents to a user committing any of the stated offences in the computer system under its control shall receive the same punishment as prescribed for the offender under Section 14. To consent means (1) to explicitly consent or (2) to implicitly consent. Moreover, according to the ministerial notification BE 2550, a service provider is duty-bound to keep all traffic data as potential evidence for criminal cases and investigations that may be necessary to trace potential offenders.
Greif offers two main observations about Section 15 of the Act:
Observation 1. Intentional support or explicit consent can establish a criminal offense. However, it is worth considering whether it is fair to impose punishment on a service provider when consent is implied. Implied consent can include (1) letting the public freely give comments on any given topic posted by the service provider, or (2) allowing the public to communicate to one another in the service provider’s web board(s). Should there be any kind of illicit data which exists and is not removed within a reasonable period of time, the service provider is deemed to give implied consent to such a criminal act.
In one case, a director of an online newspaper (service provider) was punished with eight-months imprisonment and a B20,000 (US$640) fine. However, the court provided a one-year suspension of imprisonment because the offender had never before been imprisoned and it was righteous to give the offender an opportunity to reform her behavior. The court found the service provider implicitly consented to posting of the offending data on her website for 20 days, which exceeded the legitimate time limit to remove such materials as described by the court.
Even though the court admitted freedom of speech exist as a fundamental right of the people under the Constitution of the Kingdom of Thailand, the court reasoned that the offender (service provider) gave access to others to violate national security and to infringe on the rights of others.
Observation 2. It is the responsibility of a service provider actively to supervise heavily visited sites (up to
10,000 visitors/hour). However, it is worth considering whether it is possible for the service provider to inspect all of its website activity and whether it is fair to impose such a potential criminal burden upon them.
Many international organizations have commented on the recent court decision and the Thai Computer Crimes Act and expressed concerns the Act’s provisions will generate a “cloud of fear” in Thai society and place people’s liberty in jeopardy.
