Page 5

Volume 124 Special Section 102 D GOVERNMENT GAZETTE 23 August 2550

Notification of the Ministry of Information and Communications Technology

Regulations on Keeping Computer Traffic Data by Service Provider

B.E 2550 (2007)

-------------------

Communication using either computer system or electronic system has

increasingly become more and more important by coming into play in the economy
system and quality of life of people. At the same time, computer crime has also been
likely to widely spread and increasingly become more intense. Computer traffic data
is, therefore, considered as crucial evidence which can prove to be useful to the case
investigation in order to condemn the person who has committed a computer-related
offence. For this reason, responsibilities of service provider regarding keeping
computer traffic data should then be defined.
Within the power of Section 26 paragraph 3 of “Computer Crime Act B.E
2550 (2007)”, the Minister of Information and Communications Technology has
issued the following regulations:
Section 1 This notification shall be called “Regulations on Keeping Computer
Traffic Data by Service Provider B.E 2550 (2007)”
Section 2 This notification shall be enforceable the day after its publication in
the Government Gazette.
Section 3 The Minister of Information and Communications Technology shall
have responsibility and control for the execution of this notification.
Section 4 In this notification,
“Service Provider” shall mean:
(1) A person who provides service to the public with respect to access to the
Internet or other mutual communication via a computer system, whether on their own
behalf, or in the name of, or for the behalf of, another person
(2) A person who provides services with respect to the storage of computer
data for the benefit of the other person
 Page 6
Volume 124 Special Section 102 D GOVERNMENT GAZETTE 23 August 2550

“Computer Traffic Data” means data related to computer system-based

communications showing sources of origin, starting points, destinations, routes, times,
dates, volumes, time periods, type of services or other related to that computer.
“Computer System” means a piece of equipment or sets of equipment units,
whose function is integrated together, for which sets of instructions and working
principles enable it or them to perform the duty of processing data automatically.
“Service User” means a person who uses the services provided by a service
provider, with or without fee
Section 5 Within the power of Section 26 of “Computer Crime Act B.E 2550
(2007)”, service provider obligated to keep computer traffic data can be categorized
as follows:
(1) “Service Provider” who provides service to the public with respect to
access to the Internet or other mutual communication via a computer system, whether
on their own behalf, or in the name of, or for the behalf of, another person can be
divided into the following 4 categories:
A. Telecommunication and Broadcast Carrier: consists of service
providers listed in Appendix A
B. Access Service Provider: consists of service providers listed in
Appendix A
C. Host Service Provider: consists of service provides listed in
Appendix A
D. Internet Café: as shown in Appendix A of this document.
(2) “Service Provider” who provides services with respect to the storage of
computer data for the benefit of the other person defined in (1), which can be called
“Content Service Provider”, such as “Application Service Provider”, consisting of
service providers listed in Appendix A of this document.
Section 6 Computer traffic data that service provider is obligated to keep is
listed in Appendix B
Section 7 Service provider is obligated to keep computer traffic data as
follows:
(1) Service provider falling into category 5(1) A. is obligated to keep
computer traffic data as listed in Appendix B.1
 Page 7
Volume 124 Special Section 102 D GOVERNMENT GAZETTE 23 August 2550

(2) Service provider falling into category 5(1) B. is obligated to keep

computer traffic data as listed in Appendix B.2 according to category, type, and
responsibility regarding service provided
(3) Service provider falling into category 5(1) C. is obligated to keep
computer traffic data as listed in Appendix B.2, according to category, kind, and
responsibility regarding service
(4) Service provider falling into category 5(1) D. is obligated to keep
computer traffic data as listed in Appendix B.3
(5) Service provider falling into category 5(2) is obligated to keep computer
traffic data as listed in Appendix B.4
However, in terms of keeping computer traffic data according to
aforementioned appendices, service provider is obligated to keep computer traffic
data only for the ones resulting from services they provided.
Section 8 In order to keep computer traffic data, service provider must use
secure methods as follows:
(1) Ensure that data is kept in the media that data integrity can be maintained
and identification of those who have access to the media can be achieved.
(2) Ensure confidentiality of data kept and having classification assigned to
data kept in order to maintain reliability of data. Additionally, ensure that system
administrator is not able to make any modifications to data kept by, for example,
keeping data in centralized log server, performing data archiving, and using data
hashing technique. Meanwhile, relevant personnel who have been assigned by owner
or management, such as IT Auditor or other assigned persons, including competent
officials under this notification, can be given access to such data.
(3) Assign coordinator to deliver to a relevant competent official appointed
under “Computer Crime Act B.E 2550 (2007)” related data in order to facilitate such
delivery.
(4) For computer traffic data to be kept, identification and authentication of
individually service user must be achieved for any circumstances, such as use of
Proxy Server, Network Address Translation (NAT), Proxy Cache, Cache Engine, Free
Internet service, 1222 Service, and Wi-Fi Hotspot.
(5) In case that service provider falling into one of the aforementioned four
categories of service provider provides service on their own behalf but in fact such
service provided uses system owned by third-party service provider, resulting in the
 Page 8
Volume 124 Special Section 102 D GOVERNMENT GAZETTE 23 August 2550

service provider falling into one of the aforementioned four categories of service
provider not being able to identify service user, such service provider then needs to
ensure that methods for identification and authentication of service user are in place.
Section 9 To ensure that computer traffic data is accurate and can actually be
brought into use, service provider is to set the time of every equipment used for
providing service in accordance with Stratum 0, with variation no more than 10
milliseconds.
Section 10 Service provider that is obligated to keep computer traffic data,
according to 7, starts keeping such data in the following order:
(1) Service provider falling into category 5 (1) A. starts keeping computer
traffic data 30 days following the date of its publication in the Government Gazette.
(2) Service provider falling into category 5 (1) B., only for those who are
either Public Network Service Provider or Internet Service Provider, starts keeping
computer traffic data 180 days following the date of its publication in the Government
Gazette.
For service provider, other than those in 10 (1) and 10 (2), starts keeping
computer traffic data 1 year following the data of its publication in the Government
Gazette.
Publicized 21 August 2550
Sittichai Pokaiyaudom
Minister of Information and Communications Technology
 Page 9
Volume 124 Special Section 102 D GOVERNMENT GAZETTE 23 August 2550

Appendix A
Amendment to Notification of the Ministry of Information and Communications Technology
Regulations on Keeping Computer Traffic Data by Service Provider
B.E 2550 (2007)

1. Service provider who provides service to the public with respect to access to the
Internet or other mutual communication via a computer system, whether on their own
behalf, or in the name of, or for the behalf of, another person, according to 5 (1) of
this notification, can be divided into the following 4 categories:
Category Samples of “Service Provider”
A. Telecommunication and Broadcast 1) Fixed Line Service Provider
Carrier 2) Mobile Service Provider
3) Leased Circuit Service Provider – e.g.
Leased Line Service Provider, Fiber
Optic Service Provider, ADSL
(Asymmetric Digital Subscriber Line)
Service Provider, Frame Relay Service
Provider, ATM (Asynchronous Transfer
Mode) Service Provider, MPLS (Multi
Protocol Label Switching) Service
Provider – except that such service
provider only provides physical media or
cabling (e.g. Dark Fiber Service Provider,
Fiber Optic Service Provider without
Internet signal or IP Traffic).
4) Satellite Service Provider
B. Access Service Provider 1) Internet Service Provider – both wire
and wireless
2) Service provider who provides
services enabling access to network
system for computer resided in residence,
rental room, hotel, restaurant and
beverage shop (one of these)
3) Service provider who provides
 Page 10
Volume 124 Special Section 102 D GOVERNMENT GAZETTE 23 August 2550

services enabling access to network

computer system for the organization
such as government unit, company or
educational institute
C. Hosting Service Provider 1) “Web Hosting” Provider, “Web
Server For Rent” Provider
2) File Server” Provider or “File
Sharing” Provider
3) “Mail Server” Service Provider
4) “Internet Data Center”
D. Internet Café 1) Internet Café
2) Game Online Shop

2. Service provider who provides services with respect to the storage of computer
data for the benefit of the other person, according to 5 (2) of this notification,
consisting of service providers listed in Appendix A of this document.
Category Samples of “Service Provider”
Content and Application Service Provider 1) “Web board” Provider or “Blog”
Provider
2) “Internet Banking” Provider and
“Electronic Payment Service” Provider
3) “Web Services” Provider
4) “e-Commerce” Provider or “e-
Transactions” Provider
 Page 11
Volume 124 Special Section 102 D GOVERNMENT GAZETTE 23 August 2550

Appendix B
Amendment to Notification of the Ministry of Information and Communications Technology
Regulations on Keeping Computer Traffic Data by Service Provider
B.E 2550 (2007)

1. Computer traffic data that service provider, falling into category 5(1) A. is
obligated to keep consists of the following:
Category
A. Information that enables identifying
and tracing “origin”, “source”,
“destination”, and “route” of “computer
system” communication
B. Information that enables identifying
“date”, “time”, and “duration” of
“computer system” communication
C. Information that enables identifying
“position” when using “Cell phone” or
“Mobile Communication Equipment”
Items
- Fixed Network Telephony and Mobile
Telephony
- “Phone number” or “Circuit ID”
including other value-added services such
as call divert service which involves “the
initially intended number” and
“redirected number”
- Name and Address of Subscriber or
Registered User
- Date and Time of the Initial Activation
of the Service and the Location Label
(Cell ID)
Fixed Network Telephony and Mobile
Telephone: the Date and Time of the
Start and End of the Communication
1) Cell ID at which the communication
initiates
2) Information that identifies physical
location of cell phone which can be
associated with location of Cell ID during
the time the communication takes place
3) Establish system that provides service
regarding user verification
 Page 12
Volume 124 Special Section 102 D GOVERNMENT GAZETTE
2. Computer traffic data that service provider, falling into category 5(1) B. or C. is
obligated to keep consists of the following:
Category
A. Internet information resulting from
access to network system
B. Internet information retained on e-
mail servers
23 August 2550
Items
1) Access Logs Specific to
Authentication and Authorization Servers
such as “TACACS” (Terminal Access
Controller Access-Control System) or
“RADIUS” (Remote Authentication Dial-
in User Service) or “DIAMETER” (Used
to Control Access to IP Routers or
Network Access Servers)
2) Date and Time of Connection of
Client to Server
3) User ID
4) Assigned IP Address
5) Calling Line Identification
1) Log recorded when accessing to e-
mail server (Simple Mail Transfer
Protocol: SMTP Log) which includes:
- Message ID
- Sender’s E-mail Address
- Receiver’s E-mail Address
- Status Indicator such as “successfully
sent e-mail”, “undelivered e-mail”, and
“delayed delivery e-mail”
2) IP Address of Client Connected to
Server
3) Date and time of connection of Client
connected to server
4) IP Address of Sending Computer
5) User ID, if any
6) Information recording access to e-mail
via e-mail client installed at user’s client
 Page 13
Volume 124 Special Section 102 D GOVERNMENT GAZETTE
Category
C. Internet information resulting from
transferring data retained on file transfer
server
D. Internet information retained on Web
Server
E. Type of data retained on large-scaled
network (“Usenet”)
F. Information resulting from interaction
23 August 2550
Items
or access to retrieve e-mail to user’s
client with the e-mail still being
maintained at e-mail server (“POP3”
(Post Office Protocol version 3) or
“IMAP4” (Internet Message Access
Protocol Version 4) Log)
1) Log recorded when accessing to file
transfer server
2) Date and Time of Connection of
Client to Server
3) IP Source Address
4) User ID, if any
5) Path and File name of Data Object
Uploaded or Downloaded
1) Log recorded when accessing to web
server
2) Date and Time of Connection of
Client to Server
3) IP Address of Client Connected to
Server
4) Commands used
5) URI: Uniform Resource Identifier
1) Log recorded when accessing network
(“NNTP” (Network News Transfer
Protocol) Log)
2) Date and Time of Connection of
Client to Server
3) Port number used (Protocol Process
ID)
4) Host Name
5) Posted Messaged ID
Log – e.g.
 Page 14
Volume 124 Special Section 102 D GOVERNMENT GAZETTE 23 August 2550

Category Items
between people on the Internet such as - Date and Time of Connection of Client
“Internet Relay Chat (IRC)” and to Server
“Instance Messaging (IM)” - Host name and IP Address

3. Computer traffic data that service provider, falling into category 5(1) D. is
obligated to keep consists of the following:
Category Items
A. Internet Café 1) Information that can be used for
identification
2) Start Time and End Time of use of
service
3) IP Address

4. Computer traffic data that service provider, falling into category 5(2) is obligated
to keep consists of the following:
Category
A. Internet information retained on
Content Service Provider Server
Items
1) User Code, or
Information that can be used for
identifying those who use service, or
Product/Service Provider’s User ID, or
User ID, and
User’s e-mail address
2) Information on use of service
3) For providers who provide “Web
board” service or “Blog” service,
information regarding the one who posts
the data is to be kept