With reference to the big differences between electronic transactions and legitimate transactions nowadays, it is necessary for Thailand to uphold the legal status of electronic data in order to be on par with those transactions made in writing or evidenced in writing. This includes upholding means for sending and receiving electronic data, electronic signatures usage and hearing of evidence from electronic evidence. In order to promote the credibility and legal effect of electronic transactions to be equal to conventional transactions, Thailand has; therefore, enacted the Electronic Transactions Act.
This law primarily applies to civil and commercial transactions using electronic data. Furthermore, this law also applies to electronic transactions of the government sector with an interesting essence as follows:
Since this law upholds the binding and enforcement of any messages in the form of electronic data, various procedures or transaction forms can be performed by using electronic data which can be considered separately as follows:
(1) In the case where the law requires that any act must be made in writing, evidenced in writing, or have documents to show if a message has been made as electronic data which can be accessed and re-used with no change in its meaning, it must be deemed that such message has been made in writing in, evidenced in writing or have documents to show as required by the law.
In the event that a person enter a signature in writing, if such person uses the method that is capable of identifying the signatory and indicating that the signatory has approved the message contained in such electronic data as being his or her own, it must be deemed that such electronic data bears the signature.
(2) In the case where the law requires any messages be presented or retained in its original form as an original document, if such message is presented or retained in the form of electronic data in a reliable method to assure the accuracy of the message, its completeness and non-alteration of the message, apart from the addition of any endorsement, record or any change, and can demonstrate such message later, it must be deemed that such message is presented or retained as the original document under the law.
(3) Ensure that electronic data is heard as an evidence in the legal proceedings. In determining the method used for assuring the reliability of such data, the nature or method used to generate, retain or communicate electronic data, the nature or method of maintaining the completeness and non-alteration of a message, the nature or method used to identify or identify a data sender, including all relevant circumstances must be taken into consideration.
(4) Ensure that an offer or acceptance in entering into a contract is expressed by intent or notice of electronic data. Any person who sends such data by whatever means must be deemed that such data is that of such person with the following criteria:
Between a sender and a receiver of the data, if such electronic data is sent by an authorized person to act on behalf of the sender in respect of that data or a data system that programmed to operate automatically in advance by the sender or the authorized person. Such electronic data must be deemed to be that of the sender.
If the receiver verifies that the electronic data is that of the sender, the receiver is entitled to regard such data as being of the sender and is entitled to act pursuant to such data. Unless at that time the sender notifies the receiver that the electronic data received is not that of the sender and, at the same time, the receiver has sufficient time to verify the facts notified; it cannot be deemed that such data is not that of the sender.
In the case where the electronic data received by the receiver results from an act of a person who uses a method used by the sender to identify the electronic data as his/her own and to which that person gains access through the relationship with the sender or the person authorized to act on behalf of the sender, the receiver is entitled to regard such data as being of the sender and is entitled to act pursuant to such data. Unless the recipient knows or should have known that the data is not that of the sender, if the receiver exercises reasonable care or uses any agreed procedure, the receiver cannot deem that such data is that of the sender.
(5) In the event that an acknowledgement of receipt of electronic data is required whether at the request of the sender or as agreed with the receiver or at the time of sending or as appeared, the following criteria must apply:
In the event where the sender does not agree to acknowledge the receipt of electronic data in any particular form or method, such acknowledgment may be given by any communication by the receiver.
In the event where the sender states a condition that the electronic transmission is deemed to be sent only upon receipt of an acknowledgement by the receiver, it is deemed that the electronic data has never been sent, until the sender receives the acknowledgment.
In the event where the sender does not designate conditions and the sender does not receive the acknowledge within the designated time or agreed or within a reasonable time, the sender may send a notice to the receiver stating that he/she has received no acknowledgement and designate a reasonable time by which the acknowledgement must be made by the receiver. If the sender does not receive the acknowledgment within such reasonable time, the sender may treat the electronic data as though it has never been sent or exercise any other rights it may have.
(6) Ensure that electronic data is sent which must be deemed that such electronic data enters an information system beyond the sender's control, and also ensure the receipt of electronic data. It is deemed that the receipt of electronic data enters an information system of the receiver. If the receiver designates a specific information system for the purpose of receiving electronic data, it must be deemed that the receipt of the electronic data occurs at the time when the electronic data enters the designated information system.
An electronic signature is a letter, number, sound or other symbols created in electronic format. This is used with electronic data to show the relationship between persons and electronic data for the purpose of identifying the person who owns the electronic signature in connection with such electronic data and to show that the person accepts the message contained in such electronic data.
In the event where signature creation data is used to create an electronic signature that has legal effect, the signatory must exercise reasonable care to avoid unauthorized use of its electronic signature creation data.
If the signatory knows or should have known that the electronic signature creation data is lost, destroyed, modified, and unlawfully disclosed or known in the manner inconsistent with its purposes. This includes cases where the signatory knows from the circumstances occurred that there is a substantial risk that the electronic signature creation data may be used as mentioned earlier, the signatory must, without any delay, notify any person who is reasonably be expected by the signatory to do any action based on the electronic signature or to provide electronic signature services.
However, if the parties involved are to take reasonable steps to verify the authenticity of the electronic signature. In addition, to assure the reliability of this electronic signature, this law also requires “Digital Certificate” as well.
A digital certificate is electronic data that is used to identify the true identity of users of the certificate which is issued by the Certificate Authority (CA), enabling various transactions operators over the internet to be confident that the persons or network devices, such as the Web Server which they contact with are real by relying on the technology called “Public Key-Infrastructure (PKI)”. This technology can be used for digital signature or encryption.
With regard to electronic signature, the thing that can confirm our identity is Private Key. However, since the electronic signature of any person is not the same each time it is signed depending on the document, but what does not change at all is the digital certificate.
Type of Digital Certificate
Personal Certificate is a digital certificate issued to an ordinary person or juristic person. This can assure the transaction operators that the person they contact is real. This certificate is used for receiving-sending Secure Email which contains electronic signature, and / or encryption which must be used via Email Client of Outlook Express or Microsoft Outlook.
Web Server Certificate (WSC) or digital certificate for a web server is a digital certificate issued to a computer which acts as a web server. This can be done by installing the digital certificate in order to enable a secure connection also known as SSL (Secure Socket Layer), including the authentication of the Domain Name and an owner of such Domain Name as well. This results in the credibility of transactions through such website.
However, if the electronic signature has a certificate, the parties still have to verify the validity, suspension or revocation of the certificate, and comply with any restrictions on the certificate. Such certificate or digital signature is deemed to have legal effect. Regarding certificates issued in a foreign country, if the level of reliability used for issuing is as reliable as the system under this law, such certificates are deemed to have the same legal effect in Thailand as those issued in the country.