Wednesday Dec 11, 2024
Tuesday, 26 April 2016 00:03 - - {{hitsCtrl.values.hits}}
ICTA Program Director and Legal Advisor Jayantha Fernando (left) and Europe Council Cybercrime Program Project Manager George Jokhadze - Pix by Upul Abayasekara
By Himal Kotelawala
Sri Lanka has formally been invited to join the Budapest Cybercrime Convention, becoming the first country in South Asia to be a part of the only international treaty seeking to address Internet and computer crime. On the sidelines of a workshop held yesterday titled ‘Global Action on Cybercrime,’ Program Director/Legal Advisor of the Information and Communication Technology Agency (ICTA) Jayantha Fernando exclusively revealed to Daily FT that, as of 1 September 2015, Sri Lanka is formally a state party to the Convention, allowing Sri Lankan law enforcement agencies to collaborate with their international counterparts in the investigation and prosecution of cyber criminal activity and their perpetrators.
Sri Lanka is the first the first country in South Asia and the second in Asia after Japan to be invited to join the Budapest Cybercrime Convention. According to a statement to the media, this was communicated in a letter sent to the Secretary Foreign Affairs by the Secretary General of the Council of Europe “as a sequel to a decision of the Committee of Ministers of the Council of Europe.”
Chief among the objectives of the Budapest Convention, also known as the Council of Europe Convention on Cybercrime is to address computer and internet crimes by harmonising national laws, improving investigative techniques and increasing cooperation among nations.
Head of Cybercrime Division of the Council of Europe Alexander Seger said in a media release that “the Budapest Cybercrime Convention is an international Convention open for any country to accede that is prepared to implement it. Not only European countries but also states such as the USA, Australia, Japan, Dominican Republic or Mauritius are already parties. Others such as Argentina, Costa Rica, Mexico, Morocco, Senegal, South Africa and the Philippines have signed it or been invited to accede. Sri Lanka is now one of them. We hope that other countries of South Asia will follow Sri Lanka’s example and fully engage in international cooperation against cybercrime.”
Speaking to Daily FT, Fernando said the invitation extended by the EU and Council of Europe to Sri Lanka was the result of a lengthy process that began with the Sri Lankan Computer Crimes Act No. 24 of 2007, founded on the principles contained in the Budapest Convention on Cyber Crime.
“To join the Convention, merely signing the document is not enough. You have to have legislation and other measures in place within the country in order to formally adopt the convention. Only then does it become part of national law. In Sri Lanka, we took a different approach. Our Computer Crimes Act was drafted based on the principles of the Budapest Convention. When we drafted our law, we modelled it on the Convention hoping to one day qualify to join,” said Fernando.
Since then, with the assistance of its cyber threat handling arm the Sri Lanka Computer Emergency Readiness Team (CERT), ICTA, together with the relevant ministries held a series of dialogues with the EU, the Council of Europe and other international agencies like the US Department of Justice, said Fernando, to “improve the standards in our country on the enforcement side.”
Underlining the benefits of joining the Budapest Convention, Fernando said that the accession to the Convention will significantly help in the successful investigation of Cybercrime offences.
“It will also help in law enforcement and judicial cooperation at international level, while ensuring human rights safeguards in the investigation process,” he said.
“Cybercrime offences are transnational and multi-jurisdictional in nature. Therefore, the effective fight against cybercrime requires us to obtain evidence stored on computer systems and networks in other countries. The Budapest Convention facilitates cooperation to this effect. The Convention will greatly enhance the gathering of electronic evidence, the investigation of cyber laundering and other serious crimes,” explained Fernando.
Forensic programs for cyber crime investigators
Yesterday’s workshop, attended by representatives of the CID, the TID, the High-tech Crime Unit as well as the FCID, was part of a series of events organised by ICTA in collaboration with Sri Lanka CERT, Council of Europe and the European Union aimed at adequately equipping the various branches involved in the fight against cyber crime.
“We have a series of strategies with the law enforcement in Sri Lanka supported by the EU and the Council of Europe under the Budapest Convention, where, for example, we introduced a cyber crime module in the curricula of the police training school,” he said.
According to Fernando, there had been a live forensic program for cyber crime investigators held in February, followed by an initiative to train the judiciary in skills relating to introducing electronic evidence in cyber crime related matters in the courts of law. Earlier this month, the Attorney General’s Department’s senior staff followed an intensive program on cyber crime prosecution related matters.
“We’re dealing with the law enforcement, police, cyber forensic teams, prosecution and the judiciary. Those are the broad areas of activity where, with the EU and the Council of Europe’s support, ICTA is leading on the policy side to develop capacity to better deal with cyber crime offences in a practical, sensible manner under the parameters of the Budapest cybercrime convention,” he explained.
What sort of cybercrimes are commonplace in Sri Lanka, anyhow?
“Types of offences are very complex – ranging from Facebook abuses, phishing attacks, identity theft and even using devices for the commission of forgery and other financial crimes,” said Fernando.
Recounting a recent incident, Fernando spoke of multi-jurisdictional case involving the Bangladeshi foreign reserve account in the Federal Reserve of the US – of which close to USD 200 million had been taken out, of which 80 million had ended up in the Philippines and another USD 20 million about to find its way to Sri Lanka.
“But Sri Lanka alerted the various authorities and set off an alarm. Some hackers had entered into the Bangladesh foreign reserve account in the US Federal Reserve and transferred money. The offence had actually happened in the US, but the affected party is in Bangladesh and the criminals - maybe – some of them in Sri Lanka and a large number of them in the Philippines,” he said.
Using this example to illustrate the multi-jurisdictional nature of cybercrimes, Fernando said that wherever an offence is carried out, there is a commission of offence in all countries involved.
“They all have to get involved in the investigation. So Sri Lanka has to collaborate with the US Department of Justice to get into the various servers and log files to obtain information about who entered that system unlawfully. The same applies to the Philippines and Bangladesh. In that context, this convention becomes the main tool for cooperation,” he said.