Thailand Country Report on Cybercrime and Information Security Surangkana Kaewjumnong Chief of Information Technology Development Project National Information Technology Secretariat National Electronic Computer Technology Center National Science Technology Development Agency


Feb 16, 2014 (7 years and 8 months ago)


Thailand Country Report on Cybercrime

and Information Security



Chief of Information Technology Development Project

National Information Technology Secretariat

National Electronic Computer Technology Center

National Science Technology

Development Agency

1. Overview of ICT

Development in Thailand

In recent decades, Thailand's development strategy has had a
strong focus on education and knowledge through human
development. ICT

plays a great role in this strategy. ICT

recognised a
s the major infrastructure for improving the quality of
life and strengthening competitiveness for Thailand. This is the
reason why the government started the initiative in 1992 to set up
the National Information Technology Committee (NITC), which is
a hig
h level policy body chaired by the Prime Minister, Its
members comprise of executives from relevant public and private

The mandates of NITC

are to develop policies and plans to
promote ICT

development and utilization in the country. National
ctronics and Computer technology Center (NECTEC) has been
assigned to host the secretatiat

office and to conduct supporting
work for the Committee.

In mid of 2002, National ICT

Master Plan for the period
2010 (IT 2010) has been launched. It has set
the key
development objective to exploit the benefits of ICT

to move
Thailand to the "Knowledge
Based Society and Economy". To
achieve the goals, IT 2010 identified five main flagships that have
to be developed : e
Society; e
Education; e
Goverment; e
merce; and e

2. Internet use in Thailand

With respect to the internet use in Thailand, the number of
user is about 3.5 millions in 2001. It increased nearly 100% when
compared with previous year. (Source: For the
de top level domain name of Thailand, namely, ".th",
there were 10,504 domain names registered under ".th" as of
September 2002. The numers

of domain names register in each of
the subcategories under ".th" are shown below;

.th Domain Names, Septem
ber 2002

Sub Domain











Source : THNIC

The popularity of ".com" among Thai
individuals and business owners is undeniable. It is believed that
quite a large number of thai
owned web sites are registered under.
".com". Unfortunately, the exact number is unknown.

3. Cybercrime

and Information Security
at National Level

3.1 Computer Crime Statistics

Actually, there is no exactly computer cr
ime statistics
gathering in Thailand. However, after the Royal Thai Police
Agency has set up Internet Hotline, there are many incidents have

since April 2002 to November 2002 as shown here below.




Pornography Website (Thai




Pornography Website

(Foreign Language)



Child Pornography



Pornography Products Website

(Thai Language)



Pornography Products Website

(Foreign Language)



Intellectual Piracy Website



r Illegal Material






Gambling (Thai Language)



Gambling (Foreign Language)



National Security





Source: Royal Thai Police Agency

In add
ition, the Nation newspaper, published on October 10,
2002, announced that 71% or almost three
quarters of young Thai
people have visited pornographic websites

and 45% of them have
become the sites's regulars, according to and internet survey
conducted by

Thailand, and international non
governmental organisation

for children.


Law Development

In December 1998, the Thai Cabinet has approved the
Information Technology Laws Development Project, as proposed
by the Ministry of Science Technology
and Environment

bureaucractic reform in November 2002, the name of this Ministry
has been changed t

Ministry of Science and Technology. The
project has a mandate to research and develop 6 IT laws which will
serve as an infrastructure for electron
ic commerce and to enhance
confidence among the members of the electronic transactions
playground by providing rules and regulations.

The conceptual framework of the above
mentioned IT laws
are as follows:

a) Electronic Transactions Law: To recognize t
he legal effect
of data message b

treating them as the functional equivalent of a
writing or evidence in writing with a view to promote electronic
transactions to achieve reliability;

b) Electronic Signatures Law: To enable reliability of the use
of ele
ctronic signatures;

c) Electronic Fund Tranfers Law: To facilitate the electronic
fund transfer;

d) Computer Crime Law: To criminalize the new type of the
offences in the borderless virtual world;

e) Data Protection Law: To protect rights of privacy

in the
information society by laying down the general the general to
protect personal data of individuals;

f) National Information Infrastructure Law (By the
Constitution Law Section 78): To provide equitable and thorough
information infrastructure and
enable universal access by
promoting more equitable and affordable rights and opportunities
to access information and communication services. The purpose of
NII Law focuses on reducing Thailand’s digital divide.

Presently, the first two laws, Electronic
Transactions Law
and Electronic Signatures Law, were combined into one called
“Electronic Transactions Act B.E.2544 (A.D.2001) ” The Act was
drafted as guided by the Model Law on Electronic Commerce 1996
and Model Law on Electronic Signatures 2001 of the

Nations Commission in International Trade Law (UNCITRAL). It
came into enforcement on April 2002.

The Draft of Personal Data Law and the Draft of Computer
Crime Law were recently approved in principle by NITC and will
be submitted for approval of

the Cabinet soon. The Draft of NII
Law was recently approved by the Council of State and will also
be under consideration of the Cabinet. For the Electronic Fund
Transfer Law is currently consideration of the drafting Sub


Draft of Comp
uter Crime Law

The Draft of Computer Crime Law is one of a number of IT
related laws initiated by NECTEC. The Bill was drafted as guided
by the framework of Cybercrime Convention of Council of Europe
since a common purpose of the Convention aims princi
pally at
harmonizing the national laws.

With respect to the scope of the Draft, it contains three

Chapter one covers the criminalisation provisions: illegal
access; illegal interception; data interference; system interference;
and misuse of d

Chapter two is to criminalise the computer
related offences;
related forgery; computer
related fraud and offences
related to child pornography.

Chapter three is intended to set up the criminal procedural
law powers in order to enable a

fast and effective investigation and
prosecution. It then covers expedited preservation of stored data;
disclosure of traffic data; search and seizure of computer data.


Monitoring, Detection and Investigation


Legal Proceeding

Apart from the Crimin
al Procedural Code which provide

power and duty of administrative of police officers to collect or
obtain evidence in criminal case, in investigating cases relating
computer crime or information security, under the Draft of
Computer Crime also stipulate so
me powers as following:

Search and seizure without warrant

Where there is a reasonable ground to believe that an

offence prescribed under the Bill has been committed and if left
delayed until a warrant of search is issued, the article whether
being tangib
le or not or the evidence related to such offence may
be removed, hidden, destroyed or altered from its original state, the
competent authority shall have the power to enter at any time into a
dwelling place or a place where there is a reasonable ground to

suspect that property or the evidence connected with commission
of an offence is hidden or kept therein, for the purpose of accessing
and investigating a computer system or any other article with
reasonable grounds to believe that it is involved in the co
of and offence. Seizing attaching, making a copy of or performing
any other act on the said computer system or computer data, to use
as evidence in connection with the commission of such offence.

Powers to demand traffic data and others

For the p
urpose of the seeking of facts and collection of

evidence, the competent authority shall have the powers to demand
computer traffic data from a service provider involved the
communications on a computer system or other involved persons
and in case the comp
uter data has been encrypted, order a person
concerned with such computer data to decrypt it.

b) Focal Points Institutions

In combing Cybercrime, at present, there is no agency

responsible directly and also under the Draft on Computer Crime
Law stated t
hat the competent authority under the Draft means a
person who is appointed by the Prime Minister.

Nevertheless, in April 2001, NECTEC established Thai
Computer Emergency Response Team (ThaiCERT) as an
electronic discussion forum on cyber security and en
courage the
people to be aware of security problem. Its member includes
governmental agencies as well as companies in the private sectors
which are more conscious about cyber security. NECTEC laid
down a 5 year plan for developing ThaiCERT into a pool of
experts on cyber security and stated online services of the
computer emergency response team with up
date bulletin
announcements on outbreaks of virus, new security threats, cyber
security laboratory and training courses. ThaiCERT is now a well
ed body in Thailand.

However, after racing the bureaucratic reform,

Thailand’s new bureaucratic structure, as of November 2002, is
made up of 20 ministries and 162 departments. Agencies with
related or similar responsibilities have been grouped together
greater efficiency. Thus, there will be at least 3 agencies relating to
combating computer crime and information security such as the
Royal Thai Police under the Prime Minister, Depart of Special
Investigation under Minitry of Justice, ThaiCERT and the

Law Development Project under NITS of NECTEC.

C) Cooperation from Internet Service Providers and
Government Agencies

On 20 July 2001, NITC chaired by the Prime Minister,
announced 3 sets of policy aimed at enhancing information
security. These p
olicies involve:

The Communication Authority of Thailand (CAT) to

establish a formal agreement with its licensee ISPs to

(i) synchronize their system clocks;

(ii) maintain customer access log (with caller ID data) for

at least 3 months;

(iii) cooperate f
ully with the police in case of incidents,


(iv) add a clause in their service contract identifying

customer’s responsibility regarding inappropriate use.

The Telephone Organization of Thailand (TOT) to

Maintain caller ID records for Internet inve

The Royal Thai Police to set up an Internet “hotline”
for incident report and to investigate whether it is
necessary and appropriate regulate Internet Cafes.

d) Training for the trainers

To achieve the goal of Cyber security, the train
ing for the

Trainers form technical side and legistive officers will be launched
by NECTEC in the coming January.


Cyber crime is becoming increasingly recognized as a critical
problem. Any country cannot solve this problem alone. Thus, the
need for cooperation to effectively confront with the challenges of
Cybercrime shall be seriously recognized.

Key national actors, strengths, and area of need

1. Government Authorities:

a) National Information Technology Committee Secretariat:

To ove
rsee the policy aspects of information technology
development and deployment in Thailand:

b) Department of Special Investigation: To investigate special
crime such as intellectual property, ta
x, information technology or
transnational crime cases:

c) Office of the National Security Council: To advise the Cabinet
on foreign policy, military and economic security policies, and on

matters concerning national security affairs with a view to
achieving a coordinated action of the ministries and concerned
government agencies in implementing the policy decision; and to
deliberate and make recommendations on national security matters
requested by the cabinet and any government agencies:

2) Research Institutions:

a) National Electronics and Computer Technology Center: a
dynamic organization responsible for the development o
Information Technology in Thailand. Its mission is to ensure
Thailand’s competitiveness in Electronics and Computer and the
use of IT to stimulate economic and social impact through own
R&D program as well as R&D funding services to universities:

b) Thai Computer Emergency Response Team:

3. Law enforcement focal points:

a) Office of the Judiciary or t
he Courts of Justice:

b) The Royal Thai Police Agency: the national law enforcement
agency of Thailand, responsible for crime prevention and
suppression for the whole kingdom of Thai

c) Office of the Attorney General:

4. Legislative focal points:

1. Office of the State Counci
l: a legal institution performing both
consultative and adjudicatory functions, with the OSC serving as
its Secretariat:

2. Information Technology Law Development Project: a project o
NITS under NECTEC, NSTDA, responsible for research and
drafting the ICT Laws including giving the advice on ICT laws and
relevant matters to other organization, and will be assigned to work
as one of secretary team of Electronic Transactions Commission
hich will be set up under Electronic Transactions Act B.E.2544
(A.D.2001) :


1.Chadamas Thuvasethakul and Thaweesak Koanantakul, National
ICT Policy in Thailand, pr
esented at Africa
Asia Workshop
“Promoting Cooperation in Information and Communications
Technologies Development”, 25
29 March 2002, Kuala Lumpur
and Penang, Malaysia.

2.National Electronics and Computer Technology Center, Internet
Statistics, available


and Computer Crime Statistics, available at

3.ICT Law Development, available at

4) Ecpact Thailand Survey on Pornography published in the
Nations Newspaper in October 10, 2002.