Towards the end of June this year, the Commonwealth Secretariat organised a workshop on Laws and technology for the Asia region. While a number of countries participated in the event and offered their depositions about the legal status of online transactions and combating computer related offences, there were five model laws provided by an international expert from the subject. The five model laws pertained to Electronic Evidence, Electronic Transactions, Freedom of Information, Privacy and Computer related crimes. The best part of these laws were that they captured the essence and best points from some of the existing laws on the topics as implemented in other countries. These laws sponsored by the Commonwealth Secretariat reminded of the United Nations Commission on International Trade Law (UNCITRAL) which was used as a role model for many countries enacting their Information Technology (IT) Act.
In the workshop, the Sri Lankan presentations pertained to the status of the ICT Laws in the country and a brief reference to the draft prevention of Computer Crime Bill that is still awaiting Parliament’s passage. These presentations highlighted the focus with which Sri Lanka was moving forward towards the global ICT regime and how the government and the industry was alive to the need for legislation to facilitate more online activities in the country. However there needs a lot of areas where special focus of the government is needed like the IT related infrastructure across the country, the need for more internet penetration and popularity of the medium among citizens. The e-Sri Lanka programme laid down the focus areas and the appointed ICTA took up these issues, but there still remains a lot to be done.
One of the first activities of the ICTA has been the focus on the ‘e-Laws programme’. Under this programme, some of the law reforms undertaken are – review and preparation of e-Transaction legislation, finalisation of reference for the Data protection principles and finalisation of draft regulatory measures relating to privacy, spamming and electronic security. The draft e-Transactions law will facilitate and give legal recognition to e-commerce in the country presently being impeded by some old acts like the Prevention of Frauds Ordinance of 1840 which required contracts signed in paper only. Data protection laws are also important in the context of the growing importance attached to getting global outsourced BPO business into the country. The European Union’s directives and the requirements by many global behemoths to see data protection standards in place have been well regarded in Sri Lanka. The ICTA is already on the job and is laying the data protection principles on the lines of the Private Sector Model Data Protection Code adopted in Singapore in 2002. Likewise the Code of Intellectual Property made effective last year has made Sri Lanka compliant with Article 10(1) of the TRIPS Agreement which required countries to provide adequate and meaningful protection to intellectual property rights in computer software.
However the best shot in the arm is the draft bill on computer crimes. This draft is presently awaiting Cabinet approval and is quite comprehensive in covering most of the areas of cyber crimes. The prevention of Computer Crime Bill of Sri Lanka will have four jurisdictional links – (a) offender present in the country, (b) computer, programme etc affected in Sri Lanka, (c) loss and damage caused in the country and (d) facility and service used for the offence in the country. However, adequate coverage has not been given to the crimes that could be perpetrated from outside on networks within the country.
The extent of culpability has been clearly covered; it looks into unlawful access, misuse of computers and networks and unauthorized disclosure of confidential information. Besides offences against national security, economy and public safety are covered. The punishments stated are also quite adequate and reflect the situations under which the offender commits the crime. On the investigations front, police and computer experts in well-laid plan of action will do the job. While the police will be adequately trained to handle cyber investigations, the panel of experts will be appointed by the government with the idea that when the police gain the requisite expertise, the services of experts will be dispensed with. The policy of search, seizure and arrest will proceed in all criminal investigations and warrants will be required for all interception for wires and networks. On the evidence front, special provisions have been incorporated for acceptance of computer generated evidence. Another salient feature is the Mutual Assistance in Criminal Matters Act which in consonance with the proposed bill will facilitate the cooperation with foreign entities for criminal matters and offences under the act will have provisions for extradition.
So the regime for cyber laws in Sri Lanka is just setting in. The setting up of the ICTA has been a revolutionary step, legal recognition to all online activities further strengthen the position. The government has to build in more IT related infrastructure as also involve the private sector to partner it in such programmes. Now it is for the industry and the citizens to do more online business to actually see how it functions.