In light of recent concerns of online security, and after talks with an IT security specialist, it appears that Thai netizens should be more concerned with personal data breaches of their own cause, rather than security breaches of the social media platforms they use.
Yingcheep Atchanont, programme manager of ILaw, told Prachatai that many Thai netizens are concerned and afraid because of many online grey areas, such as what is or is not legal, what are their rights, and how much work has been done between the government and online social media or messenger platforms. This is not surprising given recent events.
According to the Thailand 2015 Human Rights Report, compiled by the US Department of State, “authorities acknowledged development of a government-administered and controlled single internet gateway system for the country. As of November the Ministry of Information and Communication continued to explore the feasibility of such a system. Human rights groups voiced concerns that a single internet gateway would threaten freedom of expression.”
In early April, LINE, an online messenger app with over 33 million users in Thailand, released a set of stickers (like emojis) that mocked the Royal Family. They were removed from LINE on 7 April 2016, which was followed by a public apology from the company, acknowledging its lack of “cultural sensitivity.” An investigation was also started to find the creator of the sticker set.
A LINE user, who refused to be identified for personal security, told Prachatai that they are concerned about being tracked down and accused of royal defamation for downloading and sending these stickers.
“I am concerned because I purchased and used the stickers on LINE, but when I heard about the government saying the stickers defamed the monarchy, I immediately deleted my account because I don’t want to get in trouble for using them,” the source told Prachatai.
Wason Lewlompaisan, an IT security expert from Blognone.com, told Prachatai that LINE has secure and encrypted messaging, but the potential for being tracked could be possible because purchasing and using the stickers connects the user, with an account linked to their phone number, to the servers of LINE. He has no knowledge of the government’s actions towards the injunction of the creator, or about the potential for an injunction of sticker users.
LINE is not the only online communication platform with raised user concerns because of the Thai government’s intervention. On 27 April 2016, Nattatika Worathaiwit and Harit Mahaton, Facebook users and online anti-junta activists, were two of eight abducted and later charged with sedition for their involvement with anti-junta Facebook pages.
The eight were released on bail for anti-junta Facebook work on Tuesday, 10 May 2016, but Nattatika and Harit were immediately re-detained for the defamation of the monarchy under Article 112 of the Criminal code because of discussions found in a private Facebook chats.
In a related development, on 11 May 2016 Khaosod English reported that the Lawyer for the two Facebookers still held in prison said that the evidence against them was illegally obtained.
The arrest of Patnaree Charnkij, mother of Resistant Citizen activist Sirawit Serithiwat, on 6 May 2016 for the defamation of the monarchy is another case that has concerned Thai netizens. The police followed through with the charge based on her vague response of “Ja”(‘hmm’ in English) to a message that defamed the monarchy, again, in a private Facebook chat. She has since been released with a 500,000 baht bail with conditions of no international travel and no political involvement.
Wason said there is no indication that the government could access data directly from facebook and that he speculates the police could likely log into the suspects’ accounts from one of the seized computers.
Regardless, with cases like these, many social media and online messenger users in Thailand are concerned with the security of their discussions. Multiple academics and activists are considering and urging others to switch to different platforms, such as Minds.com, claiming that there are better security policies than those found on Facebook.
Wason explained that the reason why Minds.com may be deemed more secure is because it has end-to-end encrypted chat, not better security policies. Furthermore, Minds.com does not let users limit the audiences of their posts, so everything must be public, whereas Facebook has various audience limiting settings for public sharing.
He is further skeptical about these increased security claims because Minds.com is still fairly new. With significantly less traffic, it has faced nowhere near the challenges of hacking and government subpoenas that Facebook has.
Facebook has assured that “We have not provided the account information or content of any Facebook user to the Government of Thailand, nor have Facebook’s security systems been compromised,” according to Human Rights Watch Thailand, following an inquiry of the concerns.
To further this point, in 2015, no information was provided by Facebook to the Thai government even though some requests had been made, according to Facebook’s government request report.
If users are looking for alternatives, Wason recommends Bleep, which claims your messages never pass through their servers and requires no phone number, Signal (here for android), which actually licences their engine to Whatsapp for improved security, and Surespot, which also does not require a phone number attached to the account.
If netizens are using any of the communication platforms mentioned in this article, they should feel safe in knowing their data is secure. Thus, breaches of user data appears to lie within their own personal security practices.
Yingcheep agreed with these sentiments that users need to be more concerned with increasing their personal security, stating that there may be ways, through using malware and spyware, for example, that police could collect information or gain access to hacking accounts.
When asked about ways for netizens to keep themselves protected, Wason said “Government or not, all netizens are supposed to learn basic security and protect themselves.”
He recommended simple actions such as avoiding the use of logging into shared computers, like those found at school or work, keeping your computer up to date, password protecting devices, and avoiding letting other use your devices. If you let someone use your device, do not lose sight of it.
Further actions can be taken to correctly wipe or erase data off your phone, or to encrypt your devices. More information for android data wiping can be found here, iOS here. For more on encryption, iOS here, and android here
Since the 22 May 2014 coup, iLaw has compiled statistics about the lѐse majesté law, which showed a total of 62 people have been charged, many of which have been because of online activity. .
Featured image from the International New York Times