Sri Lanka Chapter Tackles Internet Restrictions and Cybersecurity Threats

Since its establishment nine years ago, the Internet Society Sri Lanka Chapter has been a key stakeholder in ensuring a free, open, and safe Internet in Sri Lanka.

During the 2018 religious riots and the 2019 Easter bombings in Sri Lanka, when access to social media networks and messaging services was blocked, the Sri Lanka Chapter worked closely with government, media, academia, the private sector, and the general public to inform them about the impact of such restrictions on the Internet. In the aftermath of the 2018 religious riots, the Sri Lanka Chapter issued an appeal letter to the Presidential Secretariat on behalf of Internet Society members in Sri Lanka to lift the social media ban. Earlier this year, after the Easter bombings, the Sri Lanka Chapter organized an online meeting to engage in dialogue with different groups, including government and media agencies, informing them about the wide-ranging economic and social consequences of Internet restrictions, and raising the awareness that preventing online access is rarely an effective solution to conflicts and unrest.

In the attempt to control the spread of misinformation and hate speech, and cut off communications between organizers of attacks, the Internet restrictions also prevented people from connecting with their families and friends, and from accessing emergency aid in the aftermath of violence. Facebook-based volunteer groups and civil society organizations were not able to reach those in need of assistance and disseminate validated content. Businesses that relied on connectivity for sales and marketing were also negatively affected and suffered huge losses. The estimated economic cost of the partial Internet shutdown in Sri Lanka during 7-15 March 2018 was USD30 million.

Technical measures to restrict Internet access are rarely appropriate tools to fix social and political issues. Instead, dialogue, transparency, due judicial process, and openness should be the first steps to find solutions to complex issues, in a way that is inclusive of all stakeholders.

In May this year, the Ministry of Digital Infrastructure and Information Technology and the Computer Emergency Readiness Team and Co-ordination Centre (CERT|CC) invited the public to comment on a proposed Cybersecurity Bill – the first-ever draft bill released for public comment in Sri Lanka.

The objectives of the proposed Cybersecurity Bill are to:

  • Ensure the effective implementation of the National Cybersecurity Strategy in Sri Lanka
  • Prevent, mitigate, and respond to cybersecurity threats and incidents effectively and efficiently
  • Establish the Cybersecurity Agency of Sri Lanka to strengthen the institutional framework for cybersecurity
  • Protect the critical information infrastructure

The Sri Lanka Chapter was invited by the Minister of Digital Infrastructure and Information Technology to review the draft Bill together with other stakeholders, including the Information and Communication Technology Agency and the Computer Society of Sri Lanka.

At the onset of the draft Bill’s release, the Sri Lanka Chapter requested: (1) an extension on the deadline for submission of comments to allow a thorough consultation process with different stakeholders; (2) translation of the draft Bill into local languages; and (3) creation of a multistakeholder community to review the draft Bill.

The Sri Lanka Chapter worked closely with the Ministry and CERT|CC to raise public awareness about the Cybersecurity Bill, and coordinate and collate public comments from individuals, organizations, policymakers, and political parties through a number of online and face-to-face meetings. During this process of consultation and discussion, we recognized a lack of technical policy experts available.

Nevertheless, the comments submitted by the Sri Lanka Chapter were taken positively. The main comments were related to the need to clearly define what constitutes “critical information infrastructure,” and the need to reconsider the establishment of multiple agencies responsible for cybersecurity to avoid function overlaps and inefficiencies in responding to cyberthreats. Minimizing the number of agencies was recommended. A review procedure for the role of the Cybersecurity Agency and civil organization representation in the Cybersecurity Agency were also recommended. 

On behalf of the Sri Lanka Chapter, I would like to express my gratitude to Internet Society members in Sri Lanka and globally for supporting us in these activities. We would also like to thank the Ministry of Digital Infrastructure and Information Technology and the Honourable Minister for making the proposed Cybersecurity Bill available for public comment. We would like to take this opportunity to reiterate our commitment to continue safeguarding the free, open, and inclusive Internet for all.

Read the Internet Society’s policy brief on Internet Shutdowns.
The post Sri Lanka Chapter Tackles Internet Restrictions and Cybersecurity Threats appeared first on Internet Society.