PKI in Thailand: Banks are first movers

The forces that be which govern Thailand acknowledge the importance of Information Technology and how it can be utilized for social and economic benefits.

The forces that be which govern Thailand acknowledge the importance of Information Technology and how it can be utilized for social and economic benefits.

Complementary to this vision of an 'e-enabled' nation is the necessity of building up a strong security and legal infrastructure.

To this end, the Public Key Infrastructure Task Force (PKITF) was set up under the auspices of the National Electronics and Computer Technology Center (NECTEC). The purpose of the organization was to explore the use of Public-key technology to provide IT security services to Thai government agencies. PKITF pays special attention to both technical and policy aspects of Public-Key technology deployment.

In particular, the PKITF emphasized the following objectives:

  • Research and develop technologies related to PKI implementation such as cryptograpy, time stamping, key exchange.
  • Research on policy issues crucial to PKI deployments such as key recovery, trust model, certificate policy.
  • Create public awareness on information security.

Legal Framework
Thailand embarked on the formation of IT legal infrastructure by legislating six new laws through the IT Law Development Project, which was approved by the Cabinet in December 1988. The aim of this set of laws was to promote confidence amongst foreign investors looking for business opportunities in Thailand.

The conceptual framework of the six IT laws is briefly described as follows:

  1. Electronic Transactions Law - recognizes the legal effect of electronic data messages by treating them as being the equivalent to writing or evidence in writing.
  2. Electronic Signatures Law - defines the electronic equivalence of digital signatures.
  3. Universal Access Law (Bylaw of Section 78 of the Constitution) - creates an equitable information society by providing information infrastructure thoroughly and equally throughout the country.
  4. Computer Crime Law - addresses criminal law on types of offences against computer systems, networks, data and other types of similar misuses.
  5. Data Protection Law - protects rights of privacy in the information society.
  6. Electronic Funds Transfer Law - facilitates electronic funds transfer among financial and related institutions as well as on the customer level.

There are three other IT laws currently in the drafting process, and are expected to be completed by the year 2001.

Certification Authorities (CA)
Early PKI implementation in Thailand started with pilot projects to introduce secured electronic mail (using digital identities). A pilot CA was set up to support the use of digital signature. In addition to secured e-mail in government offices, it was employed in another two projects: the electronic notification of cabinet resolutions in format via network; and the paperless cabinet meeting currently in use.

Thailand’s PKI-related initiatives started over two years ago with its bid to be an e-government, through the establishment of the Government Information Technology Services (GITS) program. A team of researchers, engineers and technical staff formed the PKI Information Security Department under GITS to begin the investigation of PKI and other security technologies. One of this department’s main services is running CA operations.

GITS is expected to have a CA service for all government agencies in full operation around mid-2001. More anticipated applications to be integrated with PKI/CA are those for use in e-government, for example, the secured government data infrastructure, official document registration system, on-line e-procurement, payment gateway, on-line services such as tax filing and payment, vehicle and land registration.

Besides the government initiatives, private agencies have been established as well. The Thai Digital ID Co., Ltd (TDID) was established by the collaboration between Processing Center Company Limited (PCC) and the Telephone Organization of Thailand (TOT), focusing on CA hosting.

The first CA service introduced by TDID was the PCC Digital ID, which aims to allow users to make online inter-bank fund transfers through an e-payment system.

Local PKI Applications
Within the government, the GITS program employs the most prominent use of PKI. The main GITS network service is a nation-wide high-capacity network called the Government Information Network (or GINet). GINet is the network that links the government headquarters (in Bangkok) and their branches in Bangkok as well as provincial offices.

Virtual private networks (VPNs) are implemented to provide value-added services for all users. Parallel to such services is the implementation of PKI to provide proper protocols for safe data transfer and access. In order to make official transactions possible on GINet with security and full audit trails, users of GINet are provided with the relevant public key infrastructure, electronic authentication and digital authorization.

Read more about PKI in Asia.