August 26, 2011

Clouds Looming Over New Computer Crimes Act

Bangkok Post, Corporate Counsellor Column

The proposed new Computer Crimes Act, which will supersede the 2007 Computer Crimes Act, has been introduced in an attempt to fill loopholes in the current legislation.

The new draft is aimed at those who perpetrate offenses and who have previously evaded liability. But there are concerns over whether the new law would be overly zealous in handing out harsh punishment to all offending parties, regardless of the severity of the crime involved.

Although the draft Act has similarities to the current Computer Crimes Act, there are new key sections that have been introduced, including definitions for “system administrator” and “Board” under Section 4. There have also been important additions to Sections 16 and 25 of the law, which detail offenses relating to any person who is found to be copying another person’s computer data and the penalties for possessing child pornography.

Section 16 of the draft has caused particular concern among the media, service providers, webmasters, companies, and even students, university professors, and other users because it stipulates that “copying” another person’s computer data will now be deemed a criminal offense.

This article analyzes Section 16 and highlights the possible repercussions of the proposed additions.

Section 16 of the draft provides that “any person who copies another person’s computer data illegally, in a manner that is likely to cause damage to such other person, shall be punished with imprisonment of not more than three years, or a fine not more than 50,000 baht, or both”.

The definition of “computer data” refers to data, statements, or sets of instructions (including electronic data) that are contained in a computer system, the output of which may be processed by a computer system, according to the Law of Electronic Transactions.

But the draft does not provide a definition for “copying”. As a result, “copying” could be interpreted to mean copying data, materials, or downloading a file from the internet, regardless of whether such material is copyrighted. Even accessing the internet and having temporary storage caches in a computer without consent could be deemed an offense. Such copying offenses will carry a maximum penalty of three years’ imprisonment.

The provision of Section 16 in regard to “illegally copying another person’s computer data, in a manner that is likely to cause damage to another person” is relatively broad in terms of its interpretation of the scope of an act that is “likely to cause damage”.

Copying or downloading text materials or images from the internet would seem to be a common everyday occurrence. Under the Thai Copyright Act, if materials or images are copyrighted, any copying or downloading of such materials or images from the internet will be regarded as reproduction, which requires permission from the copyright owner. Otherwise, it will be regarded as an infringement of the exclusive rights of the copyright owner.

But the Thai Copyright Act acknowledges certain exceptions, including the fair use exception for infringements such as “research or study of the work, which is not for profit” or “reproduction, adaption, exhibition, or making available such materials by a teacher for teaching purposes, when not done for profit”. The fair use exception can be applied provided that:

  1. Such use of the copyrighted work does not conflict with normal exploitation of such work by the copyright holder; and
  2. 2. It does not unreasonably prejudice the legitimate interests of the copyright holder.

The definition of a “system administrator” in the draft Act refers to a person “who has the right to access computer systems which provide services to permit others to access the internet, or to enable parties to connect by means of a computer system, regardless of whether this administration is for his or her own benefit or for the benefit of other persons.”

Internet service providers usually set up their automatic backup proxy servers when providing internet services to users. When accessing web browsers, the servers or computers will temporarily store information to allow quicker access to the internet. By having the information stored temporarily in such caches, the system administrator can unknowingly cause damage to other persons, and thus could face liability under Section 16, even without intending to use or knowing that the information is stored in the caches. The system administrator that is responsible for the computer system would face half the penalty under Section 16, which is an imprisonment term of 18 months, a fine of 25,000 baht, or both.

Under the provisions of Section 16 and the definition of “system administrator”, any user, internet service provider, or system administrator who has previously enjoyed copyright exemption could now be held liable under the new proposed draft.

It is likely that Section 16 will require further clarification before its promulgation, particularly the definition of the term “copying“ and the scope of actions that will be specifically deemed an offense under the new Computer Crimes Act.

AUTHORS

RELATED INSIGHTS​