Chapter 8: Laws, Ethics, and Safeties

in Information Technology Usage

Contents

Information Technology Laws

Ethics in IT Usage

Computer Crimes

Safety Protections in IT Usage

Future Trends in Safety Protections

Act on Computer Crime B.E.2550

4 sections (Generalization and Definitions)

The act consists of 30 sections and divided into 3 major parts

Part 1 Crime involved with Computers (13 sections)

Part 2 Competent Official (13 sections)

Generalization and Definitions

Section 1 This act is called the “Act on Computer Crime B.E.2550”

Section 2 Enforcement: within thirty days from publication in the Government GazetteSection 3 Definitions: “Computer system”, “Computer data”, “Traffic data”, “Service provider”, “User”, “Competent official”, and “Minister”

Section 4 The execution of the act by the Ministry of Information and Communication Technology

Part 1 Crime involved with

computersIllegally access computer system/

computer data

Illegally disclose another person data

Illegally intercept and transmit in computer system

Damages, destroys, alters, modifies, or adds to whole or part of computer data of another person with authorization

Part 1 Crime involved with computers

(cont.)

The action without authorization causes suspension, deceleration, obstruction, or interference with computer system of another person

Forging or altering its sources, sends computer data or electronic mail to interfere normal usage

Disposes or disseminate specific designed program for the commission of the offence

Part 1 Crime involved with computers

(cont.)

Input, into computer system, forged computer data cause injury to another person or the public/ nation security or public panic/ terrorism

Any service provider intentionally supports or consents to commit the offence under his control

Part 1 Crime involved with computers

(cont.)

Inputs to which the public can access photograph of another person in a manner likely to impair reputation, to expose, or to shame of other person

Covering the committing an offence outside the Kingdom by Thai people, or an alien

Part 2 Competent Official

Authority of an official

Investigate the authorization

Exercising an official power

Responsibility of service provider

Performance of the duties under the Act

Electronic Transactions Act B.E.2544

The Act shall apply to all civil and commercial transactions performed by using data message, except the transactions prescribed by a Royal Decree to be excluded from this Act wholly or partly.

Electronic Transactions Act B.E.2544

Definitions “transaction” “electronics” “electronics transaction” “information” “data message” “electronic signature” “information system” “electronic data interchange” “originator”

“addressee” “intermediary” “information” “certificate” “signatory” “relying party” “State agency” “Commission” “Minister”

Electronic Transactions Act B.E.2544

Chapter 1 Electronic Transactions

Chapter 2 Electronic Signature

Chapter 3 Service Business Relating to Electronic Transactions

Chapter 4 Electronic Transactions in the Public Sector

Chapter 5 Electronic Transactions Commission

Chapter 6 Penalties

Intellectual Property

Intellectual Property (IP) refers to creations of the mind which includes literary, artistic and scientific works performances of performing artists,

phonograms and broadcasts inventions in all fields of human endeavor scientific discoveries industrial designs trademarks, service marks, commercial

names and designation

Intellectual Property

Intellectual Property Law in Thailand Thai law provides protection for various

types of intellectual property. The protection against unfair

competition and all other rights resulting from intellectual activity in the industrial, scientific, literary or artistic fields.

IP: Patents, Trade marks, Designs, Copyright

COPYRIGHT ACT B.E. 2537

Definitions “author” “copyright” “literary work” “computer program” “dramatic work” “artistic work” “musical work” “audiovisual work” “cinematographic work”

“sound recording” “performer” “broadcasting

work” “reproduction” “adaptation” “communication to

public” “publication”

COPYRIGHT ACT B.E. 2537

The Copyright work by virtue of this Act means a work of authorship in the form of literary, dramatic, artistic, musical, audiovisual, cinematographic, sound recording, sound and video broadcasting work or any other work in the literary, scientific or artistic domain whatever may be the mode or form of its expression. Copyright protection shall not extend to ideas or procedures, processes or systems or methods of use or operation or concept, principles, discoveries or scientific or mathematical theories.

Fair Use

reproduction for use in the library or another library

reasonable reproduction in part of a work for another person for the benefit of research or study

research or study of the computer program use for the benefit of the owner of the copy of the computer program

comment, criticism or introduction of the work with an acknowledgement of the ownership of the copyright in the computer program

Fair Use

reporting of the news through mass media with an acknowledgement of the ownership of copyright in the computer program

making copies of a computer program for a reasonable quantity by a person who has legitimately bought or obtained the program from another person so as to keep them for maintenance or prevention of loss

use of the computer program as part of questions and answer in an examination

Fair Use

reproduction, adaptation, exhibition or display for the benefit of judicial proceedings or administrative proceedings by authorized officials or for reporting the result of such proceedings

adapting the computer program as necessary for use

making copies of the computer program so as to keep them for the reference or research for public interest

Ethics in IT Usage

Information Privacy

Information Accuracy

Information Property

Data Accessibility

Computer Crimes

Illegally access computer system/computer data

Spyware

Sniffer

Phishing/

Spoofing

Spyware is an application that follows or tracks the user’s data.

Advertising pop up window without the user’s request

Track or hack password to simulate the user’s account/login account

Block the user’s account

Spyware

Sniffer is a computer software or hardware that can intercept and log traffic passing over a digital network and stole/hack username/password for access to the system or data.

Sniffer

Phishing/Spoofing

Phishing is the attempt to acquire security information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public.

Phishing emails may contain links to websites (malware). 

Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Phishing/Spoofing

Destroy/Obstruct the computer system/computer data

Malicious code: Virus computer, Worm, Trojan, Exploit, Hoax

Denial of Service (DoS) Virus spreading to interrupt the network

traffic Flooding packet switching/Fault torrent Destroy by delete user account or user

data Shutdown server Brake on the defect of system software

Spam mailHacking toolMalign data postingMalicious editing data/photo

to injure another person or disseminate without permission

Computer Crimes (cont.)

Safety Protections in IT Usage

1 )Spyware protection

Do not click hyperlink or advertising pop up

Beware to download unknown software Unsubscribed the untrusted e-mail

2 )Sniffer protection

Safety Protections in IT Usage

Secure Socket Layer (SSL) Secure Shell (SSH) Virtual Private Network (VPN) Pretty Good Privacy (PGP)

3 )Phishing protection

Safety Protections in IT Usage

Check/Confirm information with the bank when received banking e-mail

Do not open the untrusted e-mail

4 )Virus computer protection

Install scan virus software into computer system

Check and repair the missing of the operating system

Carefully check and open only reliable e-mail

Safety Protections in IT Usage

5 )Denial of Service (DoS) protectionUse filtering packet on router to filter

dataInstall TCP SYN Flooding software for

hacking protectionDo not open unused port, such as FTPUsing Tripwire programInstall Hot spares server Install backup network system

Safety Protections in IT Usage

6 )Spam e-mail or Bomb e-mail protectionDo not subscribe untrusted

newsletter/website Determine the number of maximum

sending e-mails per timeDetermine the maximum size of e-mail

for sending and receivingDetermine keyword for blocking

unwanted e-mail by specify keywords/subjects

Check the existing of an e-mail before sending

Safety Protections in IT Usage

7 )Illegally access protectionUsing firewall Check authorization for login the

systemCheck the permission card Record check in and check out Keep tracking the using behavior in the

systemDetermine the different authorization

level for each user

Safety Protections in IT Usage

Regulate the encryption of notebook computer in the organization

Encryption the data in smartphone as same as doing in notebook computer

Law reform for personal data protection

Protect the exploit program or worms to enter the gap of the smartphone system

Future Trends in Safety Protections

The increasing of the attack to Voice of IP (VoIP)

The dangerous gap of Zero-Day in operating system or software

Increase the importance of Network Access Control (NAC) in the organization

Future Trends in Safety Protections