Cybercrime is the term used to describe a broad spectrum of illegal activities that involve the use of digital devices and/or networks. Technology is used in these crimes to perpetrate fraud, identity theft, data breaches, computer viruses, scams, and other malevolent acts. Cybercriminals utilize the vulnerabilities of weaknesses in computer systems and networks to obtain unauthorized access, steal confidential data, and interfere with services, and harm people, businesses and governments financially or in terms of their reputation.
Cybercrimes are classified into five categories by the tenth United Nations Congress on the Prevention of Crime and the Treatment of Offenders in 2000: computer espionage, unauthorised access, damage to computer data or programmes, destruction to prevent a computer system or network from operating as intended, and unauthorised interception of data within a system or network.
Financial crimes, scams, cybersex trafficking, computer fraud, and ad fraud are all included in the broad category of computer crime, The act of using a computer to steal, alter, or obtain unauthorized access to a computer or system is known as computer fraud, The use of computers or cyberspace for terrorist purposes is referred to as cyberterrorism, Cyberextortion is the practice of malevolent hackers threatening or actually attacking a website, email server, or computer system, usually by means of denial-of-service attacks. Over 188 million ransomware incidents have been reported globally as of 2022. Furthermore, there have been reports of over 255 phishing crimes. Currently, nearly 30,000 websites have been attacked by hackers.
Cybercrime Convention Committee
The State Parties to the Budapest Convention on Cybercrime are represented by the Cybercrime Convention Committee (T-CY). The Convention’s Article 46 serves as its foundation. Budapest Convention on Cybercrime divided into computer crimes in three parts. They are,
Computer crime offences.
Committing errors when utilizing a computer.
Computer integration errors.
Entering a programme into the computer and training the computer to carry out a crime by itself. For example by illegally entering a program into the bank’s computer system and committing money fraud without the bank’s knowledge.
Errors related to content.
Spreading offensive pictures of a person.
The Convention’s objectives are to: Prioritise the pursuit of a common criminal code designed to safeguard society from cybercrime; bolster nations’ ability to fight cybercrime; and serve as a conduit for information exchange between parties in order to improve law enforcement. The Convention’s Preamble highlights the significance of upholding a proper balance between the interests of law enforcement and respect for fundamental human rights, particularly the freedom of expression, the right to hold opinions without hindrance, and the rights pertaining to privacy protection.
In May 2015, Sri Lanka became the first nation in South Asia and the second nation in Asia (after Japan) to ratify the convention. The “e-Sri Lanka Development Initiative” oversaw the several years of preparation needed to ratify the Convention. This included developing capacity and implementing regulatory reforms through the enactment of pertinent legislation. In cooperation with ICTA Sri Lanka, the Sri Lanka Computer Emergency Readiness Team Coordination Center (Sri Lanka CERT) was founded in June 2006. It serves as Sri Lanka’s main hub for cybersecurity.
Legislative procedure
The Sri Lankan Computer Emergency Readiness Team and the Cyber-Crime Unit of the Sri Lankan Police have received numerous reports of cybercrime in Sri Lanka.
Records from the Sri Lankan Police indicate that the average crime rate has dropped. However, the number of these crimes grew over time. The Sri Lankan Computer Emergency Readiness Team has received reports on cases of phishing, invasions of privacy, malware, e-mail harassment, phony Facebook accounts, and intellectual property theft. Moreover, there has been a rise in crimes against women on social media. In addition, the Cyber-Crime Unit of the Sri Lankan Police has received reports of cases involving child pornography, e-banking, website hacking, and email harassment. The majority of the cases involved fictitious Facebook profiles. However, defamation is treated as a civil matter rather than a criminal offense under Sri Lankan law.
The Computer Crime Act of 2007 N0 24 brought computer crime law to Sri Lanka. This is based on England’s Computer Misuse Act of 1990. This Act aims to establish computer crimes establish inspection procedures, and reduce computer crimes in Sri Lanka. Section 3 of this Act states that anyone who knowingly commits an act to gain access to any computer or its contents for themselves or another person, knowing or having reason to believe that they do not have the legal authority to do so, is guilty of an offence and faces up to a one hundred thousand rupee fine, up to five years in jail, or both. Section 4 provides an illustration of what happens when someone deliberately commits an act with the intent to commit an offence under this Act or any other law currently in effect. This person is guilty of an offence and faces a maximum fine of two hundred thousand rupees, up to five years’ imprisonment in either type of jail, or both. This includes actions taken to secure access to computers or the information they contain, knowing or having reason to believe that they do not have the legal authority to do so. According to Section 5, anyone who willfully and without authorization causes a computer to perform any function knowing or having reasonable suspicion that such a function will result in unauthorised modification or damage or potential damage to any computer, computer system, or computer programme is guilty of an offence. Upon conviction, the offender faces a fine of up to three hundred thousand rupees, up to five years’ imprisonment in either category, or both.
Sri Lanka’s National Center for Cyber Security (CERT) regulates computer related issues in Sri Lanka. The Computer Crime Investigation Division conducts criminal investigations pertaining to computers. According to a Cert survey, there were 15,895 social media-related complaints filed in Sri Lanka in 2020 and 15,509 complaints in 2022.
On September 18, 2023, the Online Safety Bill was introduced in Sri Lanka. It creates a five-person commission to address “false statements” made on the internet. The Bill gives authority to a commission to ensure online safety and prohibits the distribution of such statements, which are deemed to be false or inaccurate. The law gives a designated commission the authority to forbid the online distribution of information that can be proven to be false. In addition, the commission has the authority to file lawsuits and punish those who are discovered to have broken these rules.
The Online Safety Act lists many different offenses and their associated penalties, which can include fines and/or incarceration. False statements that endanger public health, national security, or order, or that “promote feelings of ill will and hostility” are prohibited. Prohibits spreading false information online that is intended to start a riot or even that causes “disturbance” to religious ceremonies. Propaganda that offends the religious sentiments of any group of people is illegal. Stops the spread of false information that could incite a mutiny among sailors, the armed forces, or the general public or undermine “public tranquility.”
Lehansa Thrikawala