Snooping to repress

28 01 2017

Khaosod had a long report the other day that deserves close attention. It is based on Who’s that Knocking at My Door [clicking downloads a 27-page document] by Privacy International.who-copy

The Khaosod report observes that: “When they can intercept communications without having a legal framework that allows companies to refuse this, it means they have open-door access to people’s information…”.

The author, Eva Blum-Dumontet, is clear. This is “a clear violation of people’s rights to privacy and [the government’s] international agreements.”

The most alarming but totally expected aspect of the report is that there “are indications the government has systematically sought to defeat the encryption used to keep web traffic private – what to most is the difference between an http or https in a URL.”

The infamous shutdown of Facebook – the ICT bosses said Facebook had been shut down until the regime could win its “cooperation” in censoring critics – appears to have been the junta getting all of Thailand’s service providers to have “Facebook traffic … rerouted over http instead of its encrypted https connection.”

That might have failed, but it tells something of the junta’s aims and its initial misunderstanding of the internet. It also reveals cooperation between the junta and ISPs. The report says the relationship is “incestuous.”

One of the most important junta fixes has been having the head of the National Security Council General Thawip Netrniyom made board chairman of CAT Telecom. This is an important building block in a China-like Great Firewall.

An important aspect of the report is the light it focuses on Microsoft.

The Thai government also has its own root certificate and the report states that “[n]either Apple, Firefox-maker Mozilla, nor Java automatically trusts it…”. It is “only widely used platform … Microsoft Windows” that accepts it. This means “a spoofed website signed with the government certificate would return an error for someone on a Mac while Windows users wouldn’t notice a thing.” That’s dangerous for users.

Privacy International analysis of the “conversation that happens between an email client such as Microsoft Outlook, and a mail server in late 2014 found “the military government was conducting downgrade attacks” to force them to connect via an unencrypted channel.” That’s dangerous. The advice is: “Just use webmail.”

There’s a lot more in the report about the junta’s attempts to snoop in order to repress and jail opponents.



%d bloggers like this: