On 22 May 2014, General Prayuth Chan-ocha, Commander of the Royal Thai Army, launched a coup d’état, replacing the Kingdom’s beleaguered civilian political institutions with a military-led National Council for Peace and Order (NCPO). The move came after months of street protests, the most recent in Thailand’s ongoing political unrest. While Thailand is no stranger to military coups, this time the military junta is focusing unprecedented efforts towards restricting online speech and the digital rights of users in Thailand.
The Thai junta has already shut down as many as 219 websites for threatening “national security,” and has detained several journalists. Norway-based telecom operator Telenor – the majority shareholder of DTAC, the second largest mobile communications provider in Thailand – recently confirmed to Access that the Facebook shutdown on May 27 came at the request of the National Broadcasting and Telecommunications Commission of Thailand (NBTC). This was followed by the junta’s formal request of internet service providers (ISPs) to monitor and report online content that might “lead to unrest,” while social media companies were asked to prevent the spread of “provocative messages.”
Junta authorities are restricting free speech both on the streets and online. Authorities continue to use the Kingdom’s draconian lèse majesté law (Article 112) and Article 14 of the Computer Crime Act to prosecute individuals and deter free speech online.
In a new development, Royal Thai Police Major General Pisit Paoin, head of the junta-appointed working group responsible for censoring the internet, shared plans to infiltrate chat groups and monitor the popular chat application LINE in order to identify and arrest people who spread “illegal” content. “We’ll send you a friend request. If you accept the friend request, we’ll see if anyone disseminates information which violates the National Council for Peace and Order (NCPO) orders,” Major General Pisit Paoin said, ominously adding “Be careful, we’ll soon be your friend.”
In a disturbing escalation, the Deputy Commander of Bangkok’s Metropolitan Police, Police Major General Amnuay Nimmano, warned internet users that “liking,” distributing, expressing approval or encouragement of anti-junta activities online or on social networks will be treated as a crime, regardless if that individual created the original message in question. This warning came weeks after Thailand’s Ministry of Information and Communication Technology (MICT) announced plans to create a national internet gateway to increase surveillance and censorship capabilities.
Internet users in Thailand must be able to access information freely and be able to communicate with others online without fear. Access is concerned about these and future restrictions on the open internet in Thailand. We believe that unrestricted access to the internet is critical to the free exercise of human rights.
Avoiding censorship & staying safe online
While many different security solutions are available, none provide 100% security or privacy. Users should note that tools and software are just one component of being secure online. Online behavior and practices are just as important as the security tools used. Key practices include updating your software to protect devices from latest vulnerabilities and choosing strong passphrases for your accounts.
To help users familiarize themselves with the different available software needed to forge their own paths online and exercise fundamental freedoms in a safe and secure manner, Access complied the following list of readily available digital security tools.
1. Accessing blocked sites
Access recommends using the Tor Browser Bundle to surf in a private and unrestricted manner. In addition to providing access to blocked websites, Tor obscures your online communications to prevent others from tracking you online or watching what sites you visit. Tor also prevents websites from collecting data on you – most importantly your IP Address, easily associated with your physical location.
The Tor Browser Bundle is also available on Windows, Mac OS X, and Linux. It can run off a self-contained USB flash drive and comes with a pre-configured web browser to protect your anonymity online.
2. Secure search
Search data generated by using Google, Yahoo, or Bing search engines are stored and can be accessed upon request by state authorities. Alternative secure search engines include StartPage (also available as a mobile app for Android, iPhone, and iPad) and DuckDuckGo (mobile app for Android, iPhone, and iPad), both of which can be used in combination with Tor.
Unlike traditional search engines, StartPage and DuckDuckGo do not collect personal information on users, do not keep a history of your searches, or store IP addresses. This means that even if authorities were able to access their servers, they would find little personal data.
3. Secure email
The most popular way to secure email communications is using Pretty Good Privacy (PGP), popularly available through its open source implementation, Gnu Privacy Guard (GPG). While PGP leaves metadata traces unencrypted (such as the email subject line and the sender’s and recipient’s email addresses), it encrypts the content and attachments of your email to ensure that only the intended recipients can read the message (all recipients must have GPG for this to work). For help installing GPG, follow Security in a Box’s walkthrough, which covers Windows, Mac OSX, and Linux operating systems. GPG is also available for Android devices with K-9 Mail and APG.
Even with secure email, don’t forget basic email security hygiene: don’t open attachments from people you don’t trust, and be cautious with emailed web links.
4. Secure chat and instant messaging
Traditional mobile texting is unencrypted and can be easily read by your mobile phone provider and government. Services such as Facebook, Skype, and Google Chat provide access to user data and chat content to governments and others on an ongoing basis. To protect the content of messages, use programs that implement Off-The-Record (OTR) messaging (not to be confused with the Google Chat setting, which does not implement it). OTR encrypts online chats in real-time, and only works if both users have it – so make sure to get friends and colleagues using it as well!
Available for Microsoft Windows, Mac OSX, and Linux, Jitsi implements OTR to provide additional encryption for text chats, voice, and video sessions, and can similarly to used with a number of popular messenger services.
For Android users, TextSecure encrypts text messages between two TextSecure users. ChatSecure provides OTR secure chat functionality for Android, iPhone, and iPad devices. It supports many of the most popular instant messenger services, including Facebook, Google Talk, AIM, ICQ, MSN, and Yahoo! Messenger.
The web-based browser plugin Cryptocat uses OTR to allow encrypted chats with others using the same service, and also has an iPhone & iPad app that allows encrypted chat with your friends on other Apple devices or using the Cryptocat web browser add-on.
Even with secure chat, don’t forget basic chat hygiene: don’t open links directly, especially shortened URLs, but instead copy & paste them into your browser.Users can scan non-confidential links for malware by submitting them to VirusTotal.
5. Secure audio and video chat
Users can’t rely on regular mobile or landline phone services to transmit sensitive information securely as they can be easily intercepted by the service operator or by third parties.
The previously-mentioned Jitsi provides encrypted voice and video chat, and available for Mac, Windows, and Linux. You can use it in conjunction with a SIP account from the Ostel project, which provides secure voice-over-IP (VoIP) functionality to both computers and cellphones – this means you can enjoy encrypted phone calls anywhere you have an internet connection. For a list of compatible apps on Android, iPhone & iPad, please see the list on the Ostel website.
For web-based secure video chat, Jitsi Meet is a free and open-source solution available for the latest versions of Mozilla Firefox, Google Chrome, and Chromium web browsers.
For Android users, Red Phone secures calls between Red Phone users from eavesdropping.
If you run into difficulties installing these security tools, or would like more information to address a particular need, please contact Access at firstname.lastname@example.org.