Page 1 of 7 1 2 3 Next » 170 replies to this topic

[sriracha john]

Internet data law goes into force Aug 23

From Aug 23, private firms, organisations and government agencies will be required to store all internet traffic data for 90 days so it is available as digital evidence for police. Pol Col Yannapol Youngyuen, Commander of the Bureau of Technology and Cyber Crime at the Department of Special Investigation, said the IT Ministry order has no exceptions and will include banks, hotels, schools, and internet cafes. He said internet cafes will also be required to collect information to identify computer users, such as ID cards *passports?*, time of logging in, and sites visited. Shops that fail to heed the rules will face fines up to 500,000 baht, he said.

Continued here:

[kmart]

Sounds fairly authoritarian... If anyone in the "IT Ministry" could really be arsed to bother checking any of it..

(post the rest of the link please, john).

[simon43]

Jeez!! I run a hotel with wifi and adsl access.  any suggestions as to a suitable software application that can meet this demand?  Do they just need storage of the website urls versus date/time?  (In any case, since any of customers can use the computer, how can they identify who visited which website?)

Simon

[cmsally]

I don't use public computers very often, but on the occasions I do, I always clear cache of history/passwords etc. This is pretty standard practice as you don't really want other people finding your user names and anything else that could have been saved (sometimes done without thinking). Does this mean I could cost someone 500k  
Or are they going to have something that blocks clearing cache. In which case don't really want to use.

[think_too_mut]

sriracha john, on 2008-08-13 13:30:05, said:

Internet data law goes into force Aug 23

From Aug 23, private firms, organisations and government agencies will be required to store all internet traffic data for 90 days so it is available as digital evidence for police. Pol Col Yannapol Youngyuen, Commander of the Bureau of Technology and Cyber Crime at the Department of Special Investigation, said the IT Ministry order has no exceptions and will include banks, hotels, schools, and internet cafes. He said internet cafes will also be required to collect information to identify computer users, such as ID cards *passports?*, time of logging in, and sites visited. Shops that fail to heed the rules will face fines up to 500,000 baht, he said.

Continued here:

Cointinued where? Looks more like a windup.

I can't believe this is true and what they can do with it. Where do people keep the data? Who will pay for extra storage hardware?

More dangerous is if somebody, from a public phone booth, calls a mobile phone that detonates a bomb. Who is checking their IDs and passports?

[sriracha john]

Apologies all around for not getting the link in earlier. I was about to finish the post when the Gestapo entered the internet cafe I was at which made me quickly abort the posting process. I've sneaked over to a different cafe in order to complete the OP.

http://www.bangkokpo...2008_news11.php






p.s. I'm spoofing, of course, but when this thing goes into effect, the above scenario is altogether too real.

[ovenman]

I especially liked the bit in the article about assessing fines of up to 500,000 baht for non-compliance.  This in a country where you could probably get caught dumping barrels of mercury in a river and get slapped on the wrist with a 2,000 baht fine.  

[sriracha john]

simon43, on 2008-08-13 12:16:46, said:

Jeez!! I run a hotel with wifi and adsl access.  any suggestions as to a suitable software application that can meet this demand?  Do they just need storage of the website urls versus date/time?  (In any case, since any of customers can use the computer, how can they identify who visited which website?)

Some of what's available:

Web Site Trackers
http://www.cryer.co....itetracking.htm

A discussion on Thailand Outlook indicated that what will be required are individual logs of each computer in the cafe and the user who is on it when he starts and stops and the sites visited during his time on that individual computer. This would provide the police with the definitive and specific information they want to track.

[Samuian]

Unreal!

Will we soon have to body search our customers if they maybe hide their PDA, Blueberry, iPhone or notebook and log in "illegally" into our free WI-Fi System?


whoooohahahahahaha!

And who is going to control all of it?

Right they need a new agency have some german ancestors... they still know about how the GESTAPO worked!
And many of the recent re-united germans have some great knowledge of the STASI and how they controlled the states citizen!

[sriracha john]

sriracha john, on 2008-08-13 13:29:03, said:

simon43, on 2008-08-13 12:16:46, said:

Jeez!! I run a hotel with wifi and adsl access.  any suggestions as to a suitable software application that can meet this demand?  Do they just need storage of the website urls versus date/time?  (In any case, since any of customers can use the computer, how can they identify who visited which website?)

Some of what's available:

Web Site Trackers
http://www.cryer.co....itetracking.htm

A discussion on Thailand Outlook indicated that what will be required are individual logs of each computer in the cafe and the user who is on it when he starts and stops and the sites visited during his time on that individual computer. This would provide the police with the definitive and specific information they want to track.

Sorry Simon, but I gave you a bum lead. I was informed the link I provided doesn't do what the ICT and police want as they are for tracking web hits and monitoring google ads and such...

[sriracha john]

cmsally, on 2008-08-13 12:29:14, said:

I don't use public computers very often, but on the occasions I do, I always clear cache of history/passwords etc. This is pretty standard practice as you don't really want other people finding your user names and anything else that could have been saved (sometimes done without thinking). Does this mean I could cost someone 500k  
Or are they going to have something that blocks clearing cache. In which case don't really want to use.

My understanding is that it wouldn't matter if at the end of your session you clear cache, etc. as the sites visited would have already been recorded on an undeletable file... in the order you visited them and the amount of time spent on each.... along with your passport number, name, and whatever info they require.

[cmsally]

sriracha john, on 2008-08-13 14:14:21, said:

cmsally, on 2008-08-13 12:29:14, said:

I don't use public computers very often, but on the occasions I do, I always clear cache of history/passwords etc. This is pretty standard practice as you don't really want other people finding your user names and anything else that could have been saved (sometimes done without thinking). Does this mean I could cost someone 500k  
Or are they going to have something that blocks clearing cache. In which case don't really want to use.

My understanding is that it wouldn't matter if at the end of your session you clear cache, etc. as the sites visited would have already been recorded on an undeletable file... in the order you visited them and the amount of time spent on each.... along with your passport number, name, and whatever info they require.

An interesting prospect for anyone that thinks its safe to do internet banking on public computers.  

[mizzi39]

Big brother has arrived!     

[12DrinkMore]

Unworkable. These guys are clueless about the technology.

The website tracker mentioned by another poster resides on the webserver and tracks page requests for THAT website. This is easy to implement with standard tools. It will log page requests down to the ip-address of the client, but a lot, probably the majority, of ip-addresses from clients are allocated dynamically. Also 99.999999999% of these websites are outside Thailand where the BIBs have no jurisdiction to look at log files.

Logging user requests from EVERY computer inside of Thailand, associating them with a user/time frame and being able to trace that user? Impossible. A few examples

1. Buy a GPRS modem, no way to trace that.

2. Use any of the non-secured Wireless LAN Access Points, there must be thousands and thousands of these.

3. Go through a proxy server to access the websites even the "Thought Police" have blocked from Thailand.

It does, however, provide an possible source of extra income for the BIBs.

"Hey Somchai, let's have a look at you log files then, Khrap"

"Duh?"

"That'll be 500 Baht / month online service fee then"

Internet banking will be a secure as before. The data is encrypted/decrypted inside the browser and the data that goes out on the network would take a massive amount of computing power and resources to make use of.

One big problem of using internet cafes is they may have installed a key logger, which logs all your keyboard clicks, including passwords and usernames. So be careful in these places.

It's another well thought out law from the combined cranial capacity of the BIBs, similar to the one forbidding alcohol sales between 14:00 and 17:00.

[kmart]

Sounds like some sort of style-over-substance edict by the MIT to justify their existence, rather than any sort of cohesive, all-encompassing law.

The BiB will no doubt use it to try and extort money from private companies / people who work for a living.  As they do...

[sriracha john]

12DrinkMore, on 2008-08-13 15:19:12, said:

Logging user requests from EVERY computer inside of Thailand, associating them with a user/time frame and being able to trace that user? Impossible. A few examples

please re-read... it's not for every computer in Thailand.

Quote

"Hey Somchai, let's have a look at you log files then, Khrap"

"Duh?"

"That'll be 500 Baht / month online service fee then"

It's a 500,000 baht fine if they don't maintain logs.

Edited by sriracha john, 2008-08-13 15:34:07.

[12DrinkMore]

sriracha john, on 2008-08-13 15:29:39, said:

please re-read... it's not for every computer in Thailand.

Yes it is, well except for those not attached to the internet, before somebody takes me up on that,

You have an internet conection which presumably uses TOT or AIS or which ever provider.

By law all private firms, organisations and government agencies are now required to store all internet traffic.

This law encompasses all internet providers in Thailand. Which in turn means all computers connected to the internet through them, including mine and yours.     

Otherwise it would not just be a stupid law, but an REALLY stupid law.

[sriracha john]

I agree it's a stupid law, but it doesn't apply to home usage as I understand it from the television news that discussed it at length. I'll see if I can find an additional article that clarifies that it is for businesses.

[OlRedEyes]

Your ISP will fall under the law.

[britmaveric]

Well Thai(s) hate paperwork, so dare say this one will be ignored.

[sriracha john]

Perhaps not... not when 1/2 million baht is at stake, that and the ability to maintain it all on digital files and not some big hand-written ledger.

Edited by sriracha john, 2008-08-13 20:19:19.

[webfact]

Regarding the ISP’s they don’t even have proper hardware, software and tech support to provide reliable service… “sir your phone line is no good, Internet is working” and now they additionally must log a gigantic amount of data every month? Maybe store all the illegally sent pornographic pictures as evidence for the sake of national security?
I bet we will have a lot of “fun” soon to come.

[niller74]

I have to agree that this law is absolutely some of the most stupid I have heard in a long time.

I am fairly sure what they request are connection logs, which every decent router can provide easily. It is not a big deal to store these. If they however want the data stored it is a whole other situation. I doubt however that they are THAT stupid.

But once they got the internal log from a company where all the clients are assigned IPs from the DHCP server what are they going to do? The leaches will most likely have expired or been overwritten, so all they can conclude is that some ip xxx.xxx.xxx.xxx established this connection at a specific date/time, but that is all.

[Spee]

niller74, on 2008-08-13 20:34:29, said:

I have to agree that this law is absolutely some of the most stupid I have heard in a long time.

I am fairly sure what they request are connection logs, which every decent router can provide easily. It is not a big deal to store these. If they however want the data stored it is a whole other situation. I doubt however that they are THAT stupid.

But once they got the internal log from a company where all the clients are assigned IPs from the DHCP server what are they going to do? The leaches will most likely have expired or been overwritten, so all they can conclude is that some ip xxx.xxx.xxx.xxx established this connection at a specific date/time, but that is all.

I also agree that this is pretty silly. Network Admin 101 says it's not worth implementing a policy that isn't analyzed and checked periodically. As others have said, the level of effort required for the government to fairly and regularly audit companies for this information is immense.

On the political and economic side, it is also silly and short-sighted and at the same time scary. The scary part is the likely random and biased manner in which the regulations could be enforced. It appears to be another vehicle for an already corrupt police and political structure to become more so. There are so many ways to imagine how easily this could get out of hand and just become another quasi-legal shakedown.

Economically, it is stupid and short-sighted. To implement these policies is to require companies to expend labor and capital resources, i.e., people to actually set up and do the work, and hardware and software to gather and store the data. When governments start telling companies how to run their businesses and forcing new regulations upon them, these actions inevitably lead to higher costs, those costs being passed on to the customer, and increasing customer dissatisfaction with the company.

[Seizhin]

Didnt like this law.
It benefits big corporations but only give loss and loss to the smaller groups or even consumers.

A government official telling a businessman of how to do business is simply a sign of idiocy.