Monday, 30 May 2016

5/30/2016 04:29:00 pm
Thai military junta aims to secretly intercept all Internet traffic including your passwords

The military regime continues to create deeper digital confusion. It refuses to jettison its campaign for a single internet gateway that would out-firewall the "great firewall of China". Now it seeks official authorisation to legally and secretly intercept all internet traffic. This amendment to the military's poorly conceived Computer Crime Act (CCA) is sailing through the appointed National Legislative Assembly (NLA).


The revelation about this bill is a huge disappointment, and not just to those who are intensely focused on civil rights. The proposed changes to the CCA are important on several levels: they will authorise any state security agency to gather details like the login and password of every citizen who does online banking. It will allow them to intercept the business dealings of every company with an online presence, even their in-house emails.

The planned amendments, slated to become law next month, do not stop there. They specifically require ISPs to allow the state security apparatus full access to the internet traffic of their clients. Further, the ISPs will be gagged, with heavy penalties for any who blow the whistle on the state's prying. Even if an ISP knows that state officials are intercepting highly personal details, such as online ATM transactions or business secrets, they are forbidden from revealing this rights abuse.


All of this -- and much more -- was dug up and publicised last week by the Thai Netizen Network. This NGO was also instrumental in exposing plans to reduce international internet traffic to a single gateway, for easier state monitoring. The network explained this major security change was part of a plan contained within the CCA amendments to authorise "man in the middle" attacks. This would completely break the internet's encrypted web traffic, noted within browsers by the prefix "https". This is the only step that makes online banking secure.

In its secret documents unearthed by the network, it is clear the military government wants to break "https" encryption to get inside anti-monarchy websites. Even by itself, this is a highly questionable misuse of authority. But the much greater danger is that the state, and corrupt state agencies, will misuse and abuse their authority for wider and far more sinister purposes beyond even outright theft and blackmail.

The reality of this potential threat is horrendous. It continues the debasement of the desired and so-far actual image of Thailand. The government is boosting its so-called "Thailand 4.0" policy of support for digital development. Good and expanding internet access is a key. But so is confidence. If the NLA passes these Computer Security Act amendments into law next month, the country's reputation will have only one way to go.



Image displayed by MICT when accessing prohibited content, such as The Daily Mail or Asia Sentinel, from Thailand from 2014—2016.

As with the single-gateway policy, currently tabled and lurking ominously in the background, Thailand will take a massive hit from these proposed "wiretap" provisions. Businesses will have no confidence that their online transactions -- even email -- are confidential. Every person who does online banking -- a rapidly growing number -- will labour under the suspicion that their accounts are not only insecure, but may even be tampered with.

The NLA may be military-appointed, but it is sworn to work in the national interest. Its members must knock back these computer-security bills. It is time for the public to be informed of just what is in and behind these laws. The military's original Computer Crime Act of 2007 was a mess, but with proper work under the public spotlight, the NLA can repair the damage and promote real computer security.

Source: BKK Post

0 reacties:

Post a Comment