Template:Act on Computer-Related Offences, BE 2550 (2007)/Provisions
Act
on Computer-Related Offences,
BE 2550 (2007)
_______________
Bhumibol Adulyadej, Rex.
Given under my Hand this 10th Day of June, BE 2550 (2007);
Being the 62nd Year of my Reign.
H is Majesty King Bhumibol Adulyadej is graciously pleased to proclaim that:
Whereas it is desirable to bring into existence a law on computer-related offences;
Be it enacted by the King’s most Excellent Majesty, by and with the advice and consent of the National Legislative Assembly, as follows:
§ 1
This Act shall be cited as the “Act on Computer-Related Offences, BE 2550 (2007)”.
§ 2
This Act shall come into force upon the elapse of thirty days from the date of its publication in the Government Gazette.[1]
§ 3
In this Act:
“Computer system” means any device or a group of interconnected or related devices of a computer, one or more of which, by cause of an application of any code, programme or other thing and an operative direction, performs automatic processing of data;
“Computer data” means the data, text, direction, programme or any other thing existing in a computer system in a form suitable for processing in a computer system, including the electronic data under the law on electronic transactions;
“Traffic data” means any data relating to a communication by means of a computer system, indicating the communication’s origin, source, destination, route, time, date, size, duration, type of underlying service or other information in connection with the communication of such computer sytem;
“Service provider” means
(1) A person who provides the users of his service the internet access or the ability to communicate by means of a computer system, whether providing in his own name or in the name or for the sake of another;
(2) A person who stores computer data in the interest of another;
“Service user” means a person who takes the service procured by a service provider, whether with payment of service charges or not;
“Competent authority” means a person appointed by the Minister to enforce this Act;
“Minister” means the Minister in charge of this Act.
§ 4
The Minister of Information and Communication Technology shall be in charge of this Act and invested with the power to issue the ministerial regulations for the purpose of enforcing this Act.
Such ministerial regulations shall take effect upon their publication in the Government Gazette.
Chapter 1
Computer-Related Offences
_______________
§ 5
Any person who unlawfully gains access to a computer system subject to a specific counter-access measure which is not created for the his sake shall be liable to imprisonment for not more than six months, or a fine not exceeding ten thousand baht or both.
§ 6
Any person who knows of a counter-access measure specifically imposed by another on any computer system and discloses such measure in a manner likely to expose the latter person to injury shall be liable to imprisonment for not more than one year, or a fine not exceeding twenty thousand baht or both.
§ 7
Any person who unlawfully gains access to any computer data subject to a specific counter-access measure which is not created for his sake shall be liable to imprisonment for not more than two years, or a fine not exceeding forty thousand baht or both.
§ 8
Any person who, by any unlawful electronic means, intercepts any computer data which belongs to another whilst the computer data are being communicated through a computer system shall, when such computer data are not intended to serve the public interest or public utility, be liable to imprisonment for not more than three years, or a fine not exceeding sixty thousand baht or both.
§ 9
Any person who unlawfully damages, destroys, modifies, alters or inputs the whole or part of any computer data belonging to another shall be liable to imprisonment for not more than five years, or a fine not exceeding one hundred thousand baht or both.
§ 10
Any person who by whatever means and unlawfully interferes with a computer system belonging to another and thereby suppresses, delays, obstructs or disturbs it to the extent that its usual operation is impair shall be liable imprisonment for not more than five years, or a fine not exceeding one hundred thousand baht or both.
§ 11
Any person who sends to another any computer data or electronic mail the origin of which is concealed or counterfeit and thereby disturbs the peaceful use of a computer system of the victim shall be liable to a fine not more than one hundred thousand baht.
§ 12
If the criminal act under section 9 or 10:
(1) Places the public in danger of injury, whether the public suffers such injury immediately or subsequently and whether the said injury occurs at the same time as the commission of the criminal act or not, the offender shall incur imprisonment for not more than ten years and a fine not exceeding two hundred thousand baht;
(2) Is likely to expose to danger of injury any computer data or computer system with respect to the maintenance of national security or safety, public safety or national economic security or to the public service, or is committed on any computer data or computer system preserved in the interest of the public, the offender shall undergo imprisonment from three years to fifteen years and a fine sixty thousand baht to three hundred thousand baht.
Had the criminal act under (2) caused death to another, the offender shall experience imprisonment from ten years to twenty years.
§ 13
Any person who disposes of or distributes a programme especially designed as an instrument for the commission of any of the offences proscribed by section 5, 6, 7, 8, 9, 10 or 11 shall be liable to imprisonment for not more than one year, or a fine not exceeding twenty thousand baht or both.
§ 14
Any person who commits any of the following offences shall be liable to imprisonment for not more than five years, or a fine not exceeding one hundred thousand baht or both:
(1) Inputting any computer data the whole or part of which is counterfeit or any false computer data, in the manner likely to place another or the public in danger of injury;
(2) Inputting any false computer data, in the manner likely to impair the national security or expose the public to a state of terror;
(3) Inputting any computer data contributable to an offence against national security or offence related to terrorism under the Criminal Code;
(4) Inputting any indecent computer data to which the public is capable of gaining access;
(5) Knowingly distributing or forwarding any computer data under (1), (2), (3) or (4).
§ 15
Any service provider who intentionally assists in or connives at the commission of an offence pursuant to section 14 on a computer under his own control shall be dealt with as if the offender under section 14.
§ 16
Any person who inputs any computer data containing an image of another produced, edited, added or modified by electronic means or by any other means and to which the general public is capable of gaining access, and thereby causes the reputation of another to be impair or brings another into contempt, hatred or embarrassment, shall be liable to imprisonment for not more than three years, or a fine not exceeding sixty thousand baht or both.
Should the criminal act under paragraph 1 be a fair input of computer data, the person committing shall not be held guilty.
The offence under paragraph 1 is compoundable.
Should the victim of the offence under paragraph 1 dies prior to lodging a complaint, his parent, spouse or child shall be entitled to lodge a complaint on his behalf and shall be deemed to be a victim.
§ 17
Where any person commits any of the offences proscribed by this Act outside the Kingdom and:
(1) He is of Thai nationality and the government of the state in which the offence is committed or the victim requests for his prosecution; or
(2) He is not a Thai national and the Thai Government or Thai national who is victimised requests for his prosecution;
The person shall then undergo the penalties inside the Kingdom.
Chapter 2
Competent Authorities
_______________
§ 18
Subject to section 19, where arises a reasonable belief that an offence under this Act is committed, a competent authority shall, for the purpose of investigation and inquiry, be invested with any of the following power to the extent necessary to obtain both the evidence of the commission and the offender:
(1) In writing interrogating any person involving with the commission of an offence under this Act or summonsing him to give an oral or written statement or to furnish the documents, information or any other evidence which are comprehensible;
(2) Requiring a provider of computer system communication service or other person concerned to furnish any traffic data;
(3) Directing a service provider to surrender to the competent authority the information of service users which is required to be stored by section 26 or which is under his possession or control;
(4) Excerpting any computer data or traffic data from a computer system reasonably believed to be contributable to the commission of an offence under this Act, in cases the computer system does not come under the possession of the competent authority;
(5) Directing a person possessing or controlling any computer data or application for storage of computer data to surrender such computer data or application to the competent authority;
(6) Inspecting or gaining access to any computer system, computer data, traffic data or application for storage of computer data which belong to any person, and bear or may bear evidence as to the commission of an offence or may give rises to the obtainment of the offender, and requiring the person concerned to surrender to the competent authority any computer data or traffic data to the extent necessary;
(7) Decoding any computer data of any person, or directing a person in connection with the encodement of any computer data to decode them or to assist the competent authority in decoding the said computer data;
(8) Attaching or seizing a computer system to the extent necessary for the purpose of ascertaining the particulars of the offence and the offender under this Act.
§ 19
In order to exercise the power under section 18 (4), (5), (6), (7) and 98), a competent authority shall submit to a jurisdictional court a motion for a ruling of grant The reasonable belief that any person commits or is about to commit any act constituting an offence under this Act, the grounds for the exercise of such power, the nature of the criminal act, the particulars of the article used in the commission of such offence and the offence must all be indicated in the said motion to the extent possible. The court shall consider the motion without delay.
When a ruling of grant is rendered by the court, the competent authority shall, before enforcing the ruling, shall deliver a copied record of the reasonable grounds for which the power under section 18 (4), (5), (6), (7) and (8) may be exercised to an owner or possessor of the computer system in question. Where no such owner or possessor is present, the copied record shall be delivered to the owner or possessor as soon as possible.
The competent authority leading the enforcement of section 18 (4), (5), (6), (7) and (8) shall submit the detailed record of the enforcement and the reasons therefor to a jurisdictional court with forty eight hours from the opening of the enforcement.
The excerption of any computer data pursuant to section 18 (4) may only be made on the basis of the reasonable belief that an offence under this Act is committed and to the extent not immoderately obstructing the business of the owner or possessor of the computer data.
As regards the attachment or seizure under section 18 (8), the competent authority shall deliver a copied instrument of attachment or seizure to the owner or possessor of the computer system in question, and may not enforce the attachment or seizure for more than thirty days. In case of necessity to enforce the attachment or seizure for a longer period, the competent authority shall submit to a jurisdictional court a motion for extension of the period of attachment or seizure. The court may, however, not grant an extension for one period or more not exceeding sixty days in total. When the necessity to enforce the attachment or seizure ceases to exist, or when the said period terminates, the competent authority must return the computer system attached or must lift the seizure without delay.
An instrument of attachment or seizure mentioned in paragraph 5 shall be governed by a ministerial regulation.
§ 20
In the event that a criminal act under this Act causes to be circulated any computer data likely to impair the national security pursuant to Division 2, Title 1 or 1/1 of the Criminal Code or likely to be contrary to the public policy, a competent authority, with the approval of the Minister, may submit to a jurisdictional court a motion, together with evidence, for a ruling suppressing the circulation of such computer data.
In the case that a ruling suppressing the circulation of the computer data in question pursuant to paragraph 1 is rendered by the court, the competent authority may enforce the suppression in person or may direct a service provider to carry out the suppression instead.
§ 21
Where a competent authority finds that any computer data contains an unfavourable programme, he may submit to a jurisdictional court a motion for a ruling suppressing the disposal or distribution thereof, directing the owner or possessor of the computer data to refrain from using, destroy or modify such computer data or stipulating any conditions governing the use, possession or distribution of the said unfavourable programme.
An unfavourable programme set forth in paragraph 1 means a programme which may causes any computer data or computer system or another programe to be injured, destroyed, altered, modified or obstructed, to fail to comply with a direction given or to otherwise undergo any situation mentioned in a ministerial regulation. This does, however, not include a programme designed with the purpose of preventing or mending the said programme, according to an announcement issued by the Minister and published in the Government Gazette.
§ 22
No competent authority may disclose or deliver to another any computer data, traffic data or service user information obtained under section 18.
The provision of paragraph 1 shall not apply to a conduct for the purpose of prosecuting an offender under this Act or for prosecuting a competent authority on the basis of abuse of public office, or conduct in compliance with a judicial ruling or approved by a court.
Any competent authority who contravenes paragraph 1 shall incur imprisonment for not more than three years, or a fine not exceeding sixty thousand baht or both.
§ 23
Any competent authority who negligently allows another to come to the knowledge about any computer data, traffic data or service user information obtained under section 18 shall be liable to imprisonment for not more than one year, or a fine not exceeding twenty thousand baht or both.
§ 24
Any person who gains the knowledge about any computer data, traffic data or service user information obtained under section 18 and discloses such data or information to any specific person shall undergo imprisonment for not more than two years, or a fine not exceeding forty thousand baht or both.
§ 25
Any person who gains the knowledge about any computer data, traffic data or service user information obtained under section 18 and discloses such data or information to any specific person shall undergo imprisonment for not more than two years, or a fine not exceeding forty thousand baht or both.
§ 26
A service provider must store traffic data for a period of not less than ninety from the entry thereof in the computer system. Where necessary on the basis of an exceptional event, a competent authority may require a specific service provider to store any traffic data for a provisional period of more than ninety days but not exceeding one year.
A service provider must, to the extent necessary for the purpose of identifying a service user, store service user information from the point of time the service user applies for service. He must store such information for a period of not less than ninety days from the receipt of such service comes to an end.
The application of the provisions of paragraph 1 to any type of service provider, as well as the manner and the time thereof, shall be announced by the Minister and published in the Government Gazette.
Any service provider who fails to comply with this section shall be liable to a fine not exceeding five hundred thousand baht.
§ 27
Any person who fails to comply with a judicial ruling or order of a competent authority pursuant to section 18 or 20, or with a judicial ruling according to section 21, shall be liable to a fine not more than two hundred thousand baht and to a daily fine of not more than five thousand baht until his compliance takes place.
§ 28
The Minister shall appoint the competent authorities under this Act from whom possessing knowledge and proficiency as to computer system and being furnished with the qualifications determined by the Minister.
§ 29
In performing his public duty under this Act, a competent authority shall become a superior administrative or police officer under the Code of Criminal Procedure in whom the power to, only in respect of the offences proscribed by this Act, accept complaints and denunciations as well as to hold enquiries shall vest.
For the purpose of making an arrest of, holding in custody, searching, making an inquiry file with respect to and prosecuting an offender under this Act which is the power of a superior administrative or police officer or of a judicial police officer pursuant to the Code of Criminal Procedure, a competent authority shall inform a responsible judicial police officer to exercise such power.
The Prime Minister, as supervisor of the Office of the National Police, and the Minister shall jointly be empowered to lay down the rules in order to provide guidance and procedure for the observance of paragraph 2.
§ 30
In discharging his public duty, a competent authority must produce his identification card to the relevant persons.
A form of the identification cards of the competent authorities shall be published in the Government Gazette by the Minister.
- Countersigned by:
- General Surayut Chulanon,
- Prime Minister.
Statement of Grounds
The grounds for promulgation of this Act are as follows: Since computer systems are now material to the activities and livelihood of human beings, whatever act to debar any computer system from complying with a direction given or to lead it astray, or whatever means to unlawfully obtain the knowledge about, modify or destroy another’s data in a computer system or to, through a computer system, circulate any false or indecent computer data, would place the economics, social and national security in danger of injury and would negatively affect the public policy. It is expedient to determine the preventive measures against the mentioned conduct. It is, therefore, necessary to enact this Act.
- ↑ Published in the Government Gazette: volume 124/page 24 A/page 4/June 18, 2007.