Cybersecurity Law in Thailand Criminalizes Noncompliance with Archiving Requirements Post: 302223376

Sponsored Content

Special Forums Cybersecurity IT Security RSS Cybersecurity Law in Thailand Criminalizes Noncompliance with Archiving Requirements Post 302223376 by Linux Bot on Saturday 9th of August 2008 03:40:05 PM

08-09-2008

Registered User

Cybersecurity Law in Thailand Criminalizes Noncompliance with Archiving Requirements

On 18 July 2007 a new law became effective in Thailand known as the Computer-Related Crime Act B.E. 2550 (A.D. 2007). The law, specifying criminal penalties for computer misuse, is similar to computer crime act (�CCA�) legislation in other countries. However, the CCA in Thailand goes substantively further, specifying all businesses that provide Internet access or Internet-related content to their employees or customers must maintain evidence that authenticates online activity to an individual. In addition, businesses must retain and maintain those records for not less than 90 days. There are criminal penalties, including prison and fines, for noncompliance.

On 21 August 2007, as authorized by the Thai CCA, the Ministry of ICT (MICT) issued a Notification on Criteria Concerning Archiving of Computer Traffic Data of Service Providers B.E. 2550 (�Archiving Notification�) that provided addition technical clarifications to the Thai CCA including specifying various classes of Internet service and content providers and giving examples of the archiving required based on classification.

The MICT Archiving Notification was published in the Official Thai Government Gazette on 23 August 2007 with effective dates of::

22 September 2007 for Service Providers under Archiving Notification Clause 5(1)(A)
19 February 2008 for Public Network Service Providers or ISP under Clause 5(1) (B)
23 August 2008 for other Service Providers

Similar to �cyber laws� in other countries, the Thai law prohibits and provides criminal penalties for the unauthorized access, interception and �spoofing� of computer systems and their emails and other data. Section 26 of the Thai law goes a step further in requiring a broad range of parties denominated as �service providers� which is further defined by the Archiving Notification to include any person who provides Internet access to another, to record and maintain �traffic data� (defined to include �any data relating to communication by means of a computer system, indicating the communication's origin, destination, route, time, date, size, duration, type of underlying service, or other information relating to communication of such a computer system, based on MICT classification of the service provider) and maintain that record for 90 days (longer, if competent officials request). The intent is to provide law enforcement officials with forensic evidence to protect the public from computer related crimes.

The CCA in Thailand is quite interesting because the law criminalizes non-compliance with routine computer and network system administration functions, something I am not aware of in any other country. Please post a comment, or contact me directly, if you know of a similar law in another country.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LEARN ABOUT NETBSD

isdntel

ISDNTEL(4)						   BSD Kernel Interfaces Manual 						ISDNTEL(4)

NAME

     isdntel -- ISDN B-channel telephony interface driver

SYNOPSIS

     pseudo-device isdntel count

DESCRIPTION

     The isdntel driver provides an interface to the B-channel for telephony applications and is currently used by the isdnd(8) for answering
     machine support. The driver is part of the isdn4bsd package.

     The lower six bits of the driver's minor number are used to specify a unit number, whereas the upper two bits specify a functionality.

     Functionality zero is the usual telephony data stream i/o driver.

     Functionality one is used to enable commands to dial out and hang up and receive responses about the state of the dial out progress and sta-
     tus.  This commands may change in the future, for details see the file /usr/include/netisdn/i4b_tel_ioctl.h and the isdntel(8) utility.

     The telephony data stream comes out of the line in a bit-reversed format, so the isdntel driver does the bit-reversion process in any case.

     Additionally, the user can specify to do A-law to mu-law, mu-law to A-law or no conversion at all in the isdntel driver by using the
     isdntelctl(8) utility.

     The driver is able to process several ioctl's:

	   I4B_TEL_GETAUDIOFMT
		   get currently used audio format conversion.
	   I4B_TEL_SETAUDIOFMT
		   set currently used audio format conversion.
	   I4B_TEL_EMPTYINPUTQUEUE
		   clear the input queue.

     For the I4B_TEL_GETAUDIOFMT and I4B_TEL_SETAUDIOFMT, the following parameters are available:

	   CVT_NONE
		   do no A-law/mu-law audio format conversion. The conversion path looks like this:

		   USER <--> bitreversing <--> ISDN-line

	   CVT_ALAW2ULAW
		   set audio format conversion to do an audio conversion from A-law (on the ISDN line) to mu-law (in the userland).  The read(2)
		   conversion path looks like this:

		   USER <-- mu-law/A-law <-- bitreversing <-- ISDN-line

		   and the write(2) conversion path looks like this:

		   USER --> mu-law/A-law --> bitreversing --> ISDN-line

	   CVT_ULAW2ALAW
		   set audio format conversion to do an audio conversion from mu-law (on the ISDN line) to A-law (in the userland).  The read(2)
		   conversion path looks like this:

		   USER <-- A-law/mu-law <-- bitreversing <-- ISDN-line

		   and the write(2) conversion path looks like this:

		   USER --> A-law/mu-law --> bitreversing --> ISDN-line

SEE ALSO

     isdnd.rc(5), isdnd(8), isdntel(8), isdntelctl(8)

STANDARDS

     A-law and mu-law are specified in ITU Recommendation G.711.

AUTHORS

     The isdntel device driver and this man page were written by Hellmuth Michaelis <hm@kts.org>.

BSD
								  April 21, 1999							       BSD