Being a victim, spectator, or perpetrator of online incidents is becoming increasingly commonplace in Sri Lanka. Even cricket legends are at the centre of accusations and scandal. There are statutory divisions in place to investigate cybercrime, but it would appear that assessability, legality, and resources are barriers to effective online protection. Roar looks at the consequences of online incidents and asks whether cyber crimes are legally recognised as real “crimes” at all.
The Internet And Cybercrime
The global conversation about cybercrime is a minefield as new research and policy is quickly usurped by the latest new tech release or media tool. Think how drones have changed an individual’s ability to spy, record, and access areas previously impossible. As a result, cybercrime is a conversation every society needs to keep revisiting.
Even defining cybercrime can be tricky. Some researchers say it is illegal activity that happens in the virtual world. Others insist on broader definitions, suggesting any crime “facilitated or committed using a computer, network or hardware device”. Whilst the former roots cyber crime firmly online, the latter allows it to bleed into the real world under the notion that technology presents new ways of committing traditional street crimes.
According to official Sri Lankan police records, traditional street crime is decreasing but cyber crimes have been steadily rising over recent years. This makes sense, given the ubiquity of the internet today and the amount of time most individuals spend online. The most prevalent cyber crimes that individuals suffer range from personal attacks such as abuse, bullying, hacking, identity theft and revenge porn, to more general online criminality, child pornography, e-banking fraud, malware, and phishing.
What Is A Cybercrime In Sri Lanka?
Research indicates that there are massive gaps in law and provision over the above-listed cyber crimes. In some respects, it is understandable given their (relative) novelty to the country, but that is not a caveat to not pursue progressive new legislation. In broad terms, there are currently four Acts that deal specifically with cyber crime in Sri Lanka:
1) Hacking and securing unauthorised access to a computer or network
2) Intercepting private data without authorisation (which effectively speaks to hacking as per the above)
3) Provision of Intellectual Property
4) Offenses relating to the sexual abuse of children
As vital as these Acts are they do not appear to cover the burgeoning scope of cybercrime today. Certainly, abuse, bullying, hate speech, and revenge porn could not be investigated under these laws. In many countries, these offenses fall under the principles of defamation laws; in the UK, for example, defamation law is the bedrock of civic decency and has been in place since Edwardian times. But, as Roar has previously covered, Sri Lanka has a complex and hotly contested relationship with defamation law. So where does that leave an unpleasant case of revenge porn in Sri Lanka?
Fortunately, there is a long-running law: The Obscene Publication Act. This infers that an individual posting obscene content online can be prosecuted. It is interesting that a revenge porn case can theoretically make a criminal out of the perpetrator, but fails to recognise a victim because of the ambiguity around defamation.
A 2015 academic study highlighted the need for a cybercrime review in Sri Lanka and called for the implementation of six legislative initiatives to help overcome the new challenges the internet is presenting:
1) Introduction of a personal data protection act
2) Reformation of defamation laws and introduction of specific cyber defamation laws
3) Raising awareness about new media literacy (in the three national languages)
4) Safeguarding methods to be taught to parents
5) Increasing awareness on cybercrime and how to report them to the authorities
6) Introduction of a political internet code of ethics
It is unclear whether these policy suggestions are being perused in government.
Can The Police Keep Us Safe?
The answer is Yes and No.
A specialist police department, the Hi-tech Crime Investigation Unit (HCIU), works to protect the public from the dangers of cybercrime. In 2015, it was reported that they received approximately 10-12 complaints a day, amounting to 300 cases a month. Around 30% of the complaints were from businesses reporting hacking, phishing, and fraudulent activity, while a massive 70% was related to young people and acts of abuse on social media. Given the internet’s ubiquity, it is safe to assume these figures have grown, too. Furthermore, as the HCIU employs the broader cyber crime definition of a “crime facilitated or committed using a computer”, they are regularly supporting the persecution of more traditional street crimes. In short, they are busy.
Elsewhere, there is the government agency CERT I CC (Computer Emergency Readiness Team I Coordination Center) which supports the HCIU by promoting awareness of online risks and providing technical assistance. It seems this department has a more pronounced social media presence and is more accessible on a day-to-day level—helping people seek advice, report crimes, and have inappropriate content removed from websites.
But the reality is that these important institutions cannot provide support fast enough. The power of the internet and social media lies in instant publishing and content—including harmful content—going viral in minutes. This means that once an individual is victim to a cybercrime (or a spectator to it), the damage is done. Even if the content is removed the next day, a person’s reputation could be severely damaged by then.
What Can You Do?
This is what Roar asked Roshan Chandraguptha, Principal Information Security Engineer at CERT.
“We all need to take more responsibility of what we post and share online. We need to treat people how we would expect to be treated and consider if something might be damaging to someone else. We need to report inappropriate content and look to use the internet for creative, productive ends,” Chandraguptha said.
It is clear that due to the speed of the internet’s sharing capacity and the pace at which technology is developing, people in Sri Lanka cannot only rely on law and legislation to protect themselves from cybercrime. Lobbying for better policy and systems is essential, especially considering how there is no legal provision to protect people from abuse, bullying, hate speech and revenge porn. The discussion of cyber security in Sri Lanka needs to remain firmly on the table.
But alongside this, online activity should require a certain amount of self-regulation and “cyber citizenship”. A web-user should draw on their own real-world principles to assess whether the material they are posting or viewing is harmful to someone else. And should one see something that is clearly damaging, libel, or inappropriate, the individual should flag and report the material as such. That way, users can make web browsers a safer place for others and themselves.
Featured image credit: Flickr/Louish Pixel