Security and rights

The Government is proposing several new measures including fresh regulations with tougher punishments for fake news, a new cyber security bill, and plans to set up a comprehensive data base with extensive details of citizens. They have also said that new data protection legislation will also be rolled out in the next two months, which means greater engagement will be needed on these issues in the coming weeks.

It is understandable that the public want stronger security after the terrible Easter Sunday attacks. But the fear of new laws and a centralised population information system is that its data can invade people’s privacy, infringe on their rights, and be abused in multiple ways unless the laws that are being proposed are airtight.  

Prime Minister Ranil Wickremesinghe last month proposed to implement the Centralised and Integrated Population Information System (CIPIS) in Parliament. Addressing the House, he had argued on the need for a sophisticated system to track citizens, insisting that it would be an effective tool to counter terrorism and money laundering, as well as transnational and financial crimes.

Wickremesinghe has already had meetings with the Minister of Internal Affairs, Minister of Telecommunication and Digital infrastructure, officers of the Department of Immigration and Emigration, and officers of the Department of Registration of Persons, to discuss a single window system for CIPIS. The Ministry of Internal Affairs, Provincial Councils and Local Governments has been told to prepare an action plan for this system in two weeks to obtain Cabinet approval.To fight terrorism, and more broadly in the name of security, many laws that attack freedom of expression and the right to a private life have been adopted, and given extraordinary surveillance rights to the State. The Government has already started this process by introducing electronic ID cards that were rolled out in 2017. The aim of this latest “big brother” surveillance program is to bring together different biometric programs already under the Government onto one platform.The problem with these platforms are threefold. For starters, they can be costly, and the Government has already spent considerable resources to roll out the e-ID system, and this latest platform could also take up a chunk of public funds. Secondly, their effectiveness is debatable, and while engaging with other agencies and countries on security measures is important, what has emerged following the attacks is that a small number of people, perhaps as little as 140 people, are responsible for the attacks. Therefore increasing surveillance on 20 million people and infringing on their rights may be an overreaction.      

Sri Lanka has no privacy/data protection laws, but hitherto privacy has been protected by the fact that most data is held in either manual form, or on isolated computer systems. Information was never shared, and if needed for investigative or other purposes, would have been provided only with a court order.  Many experts have also pointed out Sri Lanka already has legislation to punish hate speech and fake news, the problem lies more in implementation than legislation.

There is no question that people want to feel safe, but the security forces and intelligence agencies in Sri Lanka need support to conduct wide-ranging, systematic, and sustained intelligence gathering. Their efforts also need to be supported by a wide range of efficient legal framing, so that only the people who have committed a crime are caught. These efforts deserve public funds more than digital platforms that have questionable outcomes, and reduce the rights of law-abiding citizens.