Cyber Bullying in Modern Sri Lanka

By Faizer Shaheid

The contemporary world has seen innumerable advancements in the field of technology. Almost all of our daily errands have become increasingly computerized. From delivery of groceries, to communicating to an unknown person on the other side of the planet, everything has become possible with the advent of the internet. It has quickened the pace of our activities and transformed the way we think and operate. However, as much as it benefits us, there are also untold risks when one uses the internet.

To keep up with the pace of progress and to deal with the contemporary risks of internet use, it is imperative for a country to update its laws so as to prevent abuse. Sri Lanka is no different. It is the law that helps people feel safe and confident to conduct their daily operations. It is, therefore, imperative that Sri Lanka ensures that laws are enacted and enforcement mechanisms are put into place, so that whoever breaks the law can be swiftly brought to justice.

Cyber Bullying

There is a stark difference between using the internet in order to simplify day to day tasks and using the internet solely for the purpose of cyber bullying. Cyber bullying can be described as any type of bullying that occurs with the use of electronic technology.

This can include harsh threats through text messages or Facebook and can extend to extortion cases and hacking. More often, it involves both.

Cyber bullying can happen at any time of the day, and it really does not matter whether a person is on the internet or away, as a cyber bully would always have control of material or seek to lead an attack that could potentially unleash immense mental trauma on the victim. More recently, there has been a surge in the amount of internet related crimes.

More often than not, the identity of the person remains undisclosed, but at other times the person is known to the victim. There have been many reports of private social media accounts and email addresses, and sometimes even the personal devices of people being hacked into, which means that all intimate moments, or any information that a person may not wish to reveal to the world, may be stolen from his/her device by an outsider. This can involve the intimate moments that a victim may have recorded on his/her phone, or text messages, or any other information that the victim may have surreptitiously hidden away on his/her phone.

The hackers then threaten to expose the secrets to the world if their demands are not met. For example, the extremely popular television series, Game of Thrones was very recently hacked along with other television material on HBO, and hackers demanded eight million Bitcoins (crypto currency) in ransom. However, all hackers are not capable of infiltrating the strong firewalls and privacy settings of major companies. Major companies invest millions of dollars in order to keep their devices safe.

More often than not, the hacker is a small-timer who would hack into devices of individuals and hold their data for ransom. If the victim is a female and the perpetrator is a male, the female victim is very often compelled to strip in front of the camera, and this again is used to threaten the victim further. In most cases, children who are afraid to confess to their parents fall prey to paedophiles.

In the end, they are used and abused.

However, on many occasions, information has been found to be stolen by those who have access to the devices of others. For example, scant privacy settings on each device or leaving a computer unlocked may leave the devices exposed. Likewise, on many occasions, those in relationships have consented to the videoing of their private moments, but are left dumbstruck when such videos suddenly surface on the internet. Sometimes, the devices are hacked or stolen, but there are instances when estranged partners leak videos in order to take revenge.

The Cyber Police

Although Sri Lanka employs a number of mechanisms to deal with cyber crime, criminals will always be one step ahead. The problem lies in the freedom afforded to every citizen. For example, if Facebook was banned, no crime can be committed on Facebook, yet Facebook remains free for everybody to use and therefore, Facebook may be used to commit a crime. The enforcement mechanisms that seek to minimize/eliminate crime are always one step behind. The enforcement mechanisms should learn, identify, and seek to remedy the situation without having an overarching impact on the right of every person. There are always limitations, as the good guys must follow a moral code and ensure that they are always within the confines of the law.

The Sri Lanka Police has a Cyber Crime Unit established within the Criminal Investigation Department (CID) to investigate and apprehend perpetrators of cyber attacks. The Payment Devices Act 2006 and the Computer Crimes Act 2007 grant the Police extensive and expansive powers.

The Computer Emergency Readiness Team: Co-ordination Centre (CERT-CC) stands in the horizon, observing renewing threats of cyber crime around the world and in Sri Lanka and takes measures to prevent its impact. CERT-CC or CERT, as it is more popularly known, is the only agency entrusted with the role of advising the government and people about the latest threats and vulnerabilities of electronic devices and computer systems. Their contributions have assisted in resolving many complaints pertaining to cyber crimes.

Together, the Sri Lanka Police and CERT investigate and neutralize an average of over 2,000 complaints each year. However, both teams are subject to legal and practical limitations. Their service only extends as far as their mandate permits. The law will have to be updated if cyber crime is to be further curtailed.

Cyber Laws

On most accounts, Sri Lanka has sufficiently dealt with cyber related laws. The Telecommunications Act (No. 25 of 1991) deals with telecommunications and regulation of service providers. The Electronic Transactions Act (No. 19 of 2006) deals with E-commerce and transactions. The Payment and Settlement Systems Act (No. 28 of 2005) deals with electronic banking and mobile payments. The Computer Crimes Act (No. 24 of 2007) deals with cyber security and unethical hacking. The Telecommunication Levy Act (No. 21 of 2011) among other laws deals with taxation of IT services.

The Intellectual Property Act (No. 36 of 2003), deals comprehensively with Copyright Law. Sri Lanka also conforms to certain international standards relating to Cyber Law and protection, such as the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS) of the World Trade Organization (WTO). Sri Lanka follows the UNCITRAL Model Law on E-commerce and was also one of the first three Asian countries to sign the United Nations (UN) Electronic Communications Convention in 2015. Sri Lanka also acceded to the Budapest Cybercrime Convention in 2015.

While most laws pertaining to the cyber universe appear to address the issues of information security and intellectual property, which are mostly problems faced by large-scale companies, not many laws address the issues faced by individuals. In other words, there are only a few laws that address crimes related to cyber bullying. However, it is generally opined that ordinary crimes in the Penal Code are applicable in the context of computer related crimes too.

Therefore, if a person made threats via Facebook Messenger or WhatsApp, the crime is actionable through Section 483 of the Penal Code on criminal intimidation. If the perpetrator hacks another device, he or she will be prosecuted in accordance with the Computer Crimes Act. If the perpetrator accessed the information from the victim's device directly, he/she could be prosecuted in accordance with the laws of theft and trespassing.

Insufficiency of Pornography Laws

While laws in the Penal Code can be interpreted to cover crimes committed using the internet, it is inadequate to deal with mounting threats. Only an outdated Obscene Publications Act deals with the crime of distributing pornographic material in Sri Lanka, and even then the punishment is a mere imprisonment of less than six months and a fine of less than Rs 2,500. Many other issues have arisen since the act was enacted in 1927.

In the current context, viewing and distributing pornography is not classified as a crime by most people, although some still deem it immoral. In fact, it is freely available on the internet, and not many object to it. However, not all types of pornography are condoned.

In most instances where the intimate moments are consensual and uploaded to the internet with consent, it is perfectly fine in my opinion. However, it is not always consensual. The recording is consensual, but neither party uploaded the video to the internet. In such instances, the victims undergo extreme emotional trauma and it brings great disrepute to the victims' family. Sometimes, although the videoing was done with both parties' consent, one party may object when it comes to uploading the video to the internet.

This constitutes a crime, but it often goes unnoticed. Consent in this respect must be obtained. Many people who have been in casual relationships have engaged in actions of this nature after breaking up as a form of revenge. However, this is unethical, immoral, and should be illegal. Such an action ought to earn him/her a minimum of 5 years in prison.

There is also the case of rape pornography, which came to light in the infamous 2015 Jaffna rape and murder trial. In this case, the act of videoing was non-consensual and the act of publishing on the internet was non-consensual. Rape and murder are serious crimes in their own right, but the very acts of videoing and uploading should also be classed as crimes.

Insufficiency of Cyber Bullying Laws

The law also fails to deal with other crimes, such as extortion and piracy. It is fairly easy to utilize IT skills to gain money by stealing other people's hard work. Of course, there are general crimes in the Penal Code which also extend to internet related crimes, but a faster and more effective method is required to deal with such actions

The cyber world is getting increasingly sophisticated and complicated, and each of the crimes committed through computers may not necessarily fit the criteria presented in the Penal Code. This creates an even bigger challenge for people, as the perpetrator of crimes is not really a criminal according to the law. The idea of proving that a crime fits the criteria set out in the law is an arduous task, and most often the cyber criminals escape the law.


There is a serious shortage of cyber laws in Sri Lanka and an urgent need to address the issue without further ado. Although enforcement mechanisms appear to be in place to apprehend criminals, the authorities have not been empowered to bring criminals to book. There is an urgent requirement for legislation on this matter, and regardless of whether legislation is sufficient, the matter must be first dealt with by the law, and thereafter enforcement mechanisms can be further strengthened.

(The writer is a law tutor and an independent researcher of laws. He holds a postgraduate degree in the field of Human Rights and Democratization from the University of Colombo and an undergraduate degree in Law from the University of Northumbria, United Kingdom)


No comments:

Powered by Blogger.