New Cyber Security Bill this week
By Santhush Fernando
The draft Cyber Security Bill, which will vastly change the digital landscape of Sri Lanka will be taken up by the Cabinet this week, The Sunday Morning learnt.
“The Bill has already been presented to the Cabinet and would be taken up this week. Thereafter, the draft will be subject to expert review and the parliamentary process thereafter. In addition, we are holding a public consultation on the Bill on 6 June at the CIMA Auditorium in order to obtain public opinion on the Bill,” Non-Cabinet Minister of Digital Infrastructure and Information Technology Ajith P. Perera told The Sunday Morning.
It is learnt that several groups concerned with the move to conduct surveillance on content are scheduled to meet the ministry officials tomorrow.
However, speaking to The Sunday Morning, Perera dismissed allegations of attempting to implement surveillance on content.
“This is simply a law to ensure the security of systems and has nothing to do with content. However, there’s a separate deliberation and separate law (with regards to content), of which I am not a part. However, it is not this,” added Minister Perera.
“This has all to do with system security wherever digital technology applies. We have followed international standards and best practices of other countries when drafting this Bill. I would like to reassert that this is not a law to control media freedoms etc. but only to regulate technical aspects of cybersecurity,” he reiterated.
The Bill envisions to provide for the implementation of the National Cyber Security Strategy (2019-23) of Sri Lanka and to set up the proposed Cyber Security Agency of Sri Lanka. The law also envisages to provide for the empowerment of the existing Sri Lanka CERT (Computer Emergency Readiness Team) and the country’s National Cyber Security Operations Centre (SOC), and to protect critical information infrastructure within Sri Lanka.
Sri Lankan Translation Community President Yasiru Kuruwitage told The Sunday Morning that the proposed Bill was a move to control social media in the guise of cybersecurity and that there were serious concerns about the transparency of its enactment process.
“It is unfortunate that the Sinhala and Tamil versions of the Bill are not available yet and therefore it is inaccessible to the majority of the public, presently. Furthermore, the purpose behind the Bill and as to how it will deal with data are not clear. Furthermore, the scope of the Bill in regulating web and/or social media is not clear. As Sri Lanka is currently lacking privacy and data protection laws, this Bill may lead to filtering, tracking, or monitoring of content,” Kuruwitage said.
Currently, only Computer Crimes Act No. 24 of 2007, Electronic Transaction Act No. 19 of 2006, and Payment Devices Frauds Act No. 30 of 2006 are available to govern the digital landscape of the country and are said to be highly inadequate to suit the growing technological needs of society.