Computer Crime Act B.E. 2550 (2007)& Ministry of ICT Notification, A Presentation to the AMCHAM ICT Committee & Internet Service Providers, Tim Bass CISSP, (ISC)2 Executive Vice PresidentACIS Professional Center Co., Ltd.

1. Computer Crime Act B.E. 2550 (2007) & Ministry of ICT Notification A Presentation to the AMCHAM ICT Committee & Internet Service Providers Tim Bass CISSP, (ISC)2 Executive Vice President ACIS Professional Center Co . , Ltd . Email : [email_address] Mobile: +6683-297-5101

3. Disclaimer The information contained in this presentation is based on two UNOFFICAL English translations of the Thai language Computer Crime Act B.E. 2550 (2007) and one UNOFFICIAL English translation of the Thai language Annex Notification of the Ministry of Information and Communication Technology Re: Criteria concerning Archiving of Computer Traffic Data of Service Provider B.E. 2550. ACIS Professional Center Co. Ltd. advises all concerned to refer to the OFFICIAL Thai language version of these documents. ACIS Professional Center Co. Ltd. nor their employees are responsible for errors or omissions in the UNOFFICIAL English translations of these Thai language documents.

23. Annex A Annex Notification of the Ministry of Information and Communication Technology Re: Criteria concerning Archiving of Computer Traffic Data of Service Provider B.E. 2550 1. Fixed line Service provider 2. Mobile Service Provider 3. Leased Circuit Service Provider included Fiber optic, ADSL (Asymmetric Digital Subscriber Line), Frame Relay Provider, ATM (Asynchronous Transfer Mode) excluded Physical media provider or Cable (Dark Fiber provider that does not contain Internet or IP traffic) 4. Satellite Services Provider. a. Telecommunication and Broadcast Carrier Example of Type Type

24. Annex A Annex Notification of the Ministry of Information and Communication Technology Re: Criteria concerning Archiving of Computer Traffic Data of Service Provider B.E. 2550 1. Internet Service Provider both wire or wireless 2. Operators who provide Internet access in office/room, rental room, hotel or restaurant 3. Computer network access Service Provider for organizations such as governmental department, company or academic institution. b. Access Service Provider

25. Annex A Annex Notification of the Ministry of Information and Communication Technology Re: Criteria concerning Archiving of Computer Traffic Data of Service Provider B.E. 2550 1. Web hosting or rental web hosting 2. File Server or file share 3. Mail Server service provider. 4. Internet Data Center. c. Hosting Service Provider

26. Annex A Annex Notification of the Ministry of Information and Communication Technology Re: Criteria concerning Archiving of Computer Traffic Data of Service Provider B.E. 2550 1. Internet Café. 2. Game online. d. Internet Café

28. Annex B 5(1) Archival Requirements Date and time of the initial activation of the service and the location label (Cell ID) Name, Address of subscriber or registered User - Telephone number or circuit ID including optional services such as line transfer services and the transferred number including telephone number which is called from the transferred line. - Fixed Network Telephony and Mobile Telephony. A. Data that could be identifiable and traceable to the source of origin, source address, destination address and route traversal of computer system communication. List of Data Traffic Type

29. Annex B 5(1) Archival Requirements 2. Mobile phone physical location that connect to Cell ID during communication. C. Data which can be specified the location of the use of mobile phone or mobile communication equipment. 3. To provide caller tracking system 1. Original Cell ID of the communication. Fixed Network Telephony and Mobile Telephony, the Date and time of the start and end of the communication) B. Data that can be specified date, time and usage time of computer system communication.

30. Annex B 5(1)(B & C) Logging Requirements 2) Date and Time of the connection of client to Server 1) Access logs specific to Authentication and Authorization servers such as: TACACS (Terminal Access controller Access Control System) or RADIUS (Remote Authentication Dial-in User Service) or DIAMETER ( Used to Control to Access to IP Router or Network Access Servers) A. Internet logging List of Data Traffic Type

31. Annex B 5(1)(B & C) Logging Requirements 2) IP Address of Client Connected to Server B. E-mail 1) Simple Mail Transfer Protocol : SMTP log - Messages ID - Sender E-mail Address - Receiver E-mail Address - Status Indicator. 5) Calling Line Identification. 4) Assigned IP Address 3) User ID

32. Annex B 5(1)(B & C) Logging Requirements 6) POP3 (Post Office Protocol version 3) log or IMAP4 ( Internet Messages Access Protocol version 4) log 5) User ID 4) IP Address of Sending Computer 3) Date and Time of Connection of the Client Connected to Server. B. E-mail (continued)

33. Annex B 5(1)(B & C) Logging Requirements 5) Path and Filename of Data Object Uploaded or Downloaded. 4) User ID 3) IP source Address 2) Date and Time of Connection of Client 1) Access log C. FTP log

34. Annex B 5(1)(B & C) Logging Requirements 5) URI ( Uniform Resource Identifier ) 4) Instruction. 3) Source IP Address 2) Date and time of connection of client 1) Access log D. Web Traffic log

35. Annex B 5(1)(B & C) Logging Requirements F. Internet Relay Chat (IRC) or Instance Messaging (IM) Date and Time of Connection of Client to Server and Hostname and IP address. 5) Posted Message ID 4) Host Name 3) Protocol Process ID 2) Date and time of Connection of Clients to Server 1) NNTP Network News Transfer Protocol log E. Usenet

40. Computer Crime Act B.E. 2550 (2007) & Ministry of ICT Notification A Presentation to the AMCHAM ICT Committee & Internet Service Providers Revision 1.1 Tim Bass CISSP, (ISC)2 Executive Vice President ACIS Professional Center Co . , Ltd . Email : [email_address] Mobile: +6683-297-5101