Sri Lanka’s Computer Crimes Act, No. 24 of 2007

The Computer Crimes Act, No. 24 of 2007, enacted by the Parliament of the Democratic Socialist Republic of Sri Lanka, serves as a legal framework for addressing cybercrimes. Its primary aim is to identify and define computer crimes, establish procedures for investigating and preventing such offences, and handle related matters. As technological advancements permeate every facet of society, this Act recognises the need for stringent measures to combat misuse of computer systems and data. By ensuring the integrity and security of digital interactions, the Act upholds public trust in digital infrastructure and supports national security, public order, and economic stability. Furthermore, the Act transcends national boundaries by addressing offences committed abroad if they impact Sri Lankan entities, emphasising the global nature of cyber threats.

Overview

The Act is divided into several parts, each addressing a specific aspect of computer-related offences and their regulation.

Part I: Computer crime

This part delineates various forms of computer-related offences, including:

• Unauthorised access to computers or information: Criminalising actions to gain unauthorised entry into computer systems or data.
• Access with intent to commit offences: Penalising access intended to facilitate further illegal activities.
• Unauthorised modifications: Addressing alterations, deletions, or corruption of data without lawful authority.
• Threats to national security: Criminalising computer activities that endanger national security, public order, or the economy.
• Dealing with unlawfully obtained data: Penalising the possession, use, or dissemination of illegally acquired computer data.
• Illegal interception: Criminalising the interception of communications or electromagnetic emissions from computers.
• Use of illegal devices: Prohibiting the sale or use of devices or software designed to commit cybercrimes.
• Disclosure of sensitive information: Penalising unauthorised sharing of access credentials or other protected data.
• Attempts, abetments, and conspiracies: Addressing preparatory and collaborative acts leading to cybercrimes.

Part II: Investigations

This part outlines:

• Investigation procedures: Stipulating that offenses under the Act must be investigated per the Code of Criminal Procedure.
• Role of experts: Allowing for the appointment of qualified individuals to assist in cybercrime investigations.
• Search and seizure provisions: Defining the powers of authorities to access and preserve digital evidence, including provisions for warrantless actions in emergencies.
• Data preservation: Mandating temporary preservation of critical data during investigations.
• Confidentiality: Requiring investigators and service providers to maintain the confidentiality of information accessed during inquiries.

Part III: Miscellaneous

Key provisions include:

• Jurisdiction: Assigning exclusive jurisdiction to the High Court for offences under this Act.
• Extradition: Amending the Extradition Law to incorporate cybercrime offences, ensuring international cooperation.
• Immunity: Providing legal immunity for experts and officers acting in good faith under the Act.
• Interpretations: Clarifying key terms, such as ‘computer,’ ‘data,’ and ‘service provider,’ to eliminate ambiguity.
• Regulations: Empowering the Minister to enact additional regulations to implement the Act effectively.