Electronic evidence and cyber crime issues:

Thinking out of the box vital - CJ

The fight against cybercrimes and presentation of electronic evidence calls for thinking out of the box, said Chief Justice Mohan Peiris at the Capacity Building Workshop on cyber crime for law-enforcement officers, prosecutors and judges, in Colombo recently.

Chief Justice Mohan Peiris delivers the keynote address at the workshop.

The event was hosted by the Council of Europe and the Information and Communication Technology Agency of Sri Lanka (ICTA).

The workshop also coincided with was a part of the Cyber Security Week (CSW) hosted by ICTA with the Sri Lanka Computer Emergency Readiness Team Coordination Centre (SLCERT-CC), a subsidiary of ICTA.

"Two publications produced by Council of Europe, the 'Electronic Evidence Guide' and 'Judicial Training Manual', are not only fascinating literary pieces but also valuable academic works," he said.

"All legal proceedings rely on the presentation of evidence in the course of legal proceedings. This is a simple thing. But evidence that originates from electronic devices such as computer networks, mobile telephones, digital cameras, data storage devices and the internet are forms of electronic evidence. Evidence which is electronic in nature, is not so different from the usual evidence that is led in legal proceedings," the Chief Justice said.

"Do not to treat this as something that has sprung up from nowhere. Let us see what kind of accommodation we can give to this new phenomenon as buttressed by new legislation. That's the harmony that we have to strike," he said.

The CJ paid tribute to ICTA for its contribution towards IT related legislation, particularly, the Electronic Transactions Act No. 19 of 2006 and the Computer Crimes Act No. 24 of 2007. While the Electronic Transactions Act provides the framework legalising e-commerce, e-business and e-governance with a unique evidence regime for the admissibility of electronic documents in courts, the Computer Crimes Act provides safeguards against cybercrime.

This legislation and consequential policy changes make Sri Lanka e-ready to march towards e-governance.

"Given the ubiquitous nature of the internet to swiftly and effectively transcend national borders and sovereign territories, we live and transact business in a borderless world today," he said.

"It was axiomatic that criminal activity using computers had come to stay. As such this was an area where global co-operation and mutual assistance must be fostered and promoted," the Chief Justice said.

He said a powerful tool in English Courts, which has now come to be known as Norwich Pharmacal orders, by which Facebook was compelled to lift the veil of anonymity and disclose the registration information used for creating false profiles.

The Norwich Pharmacal orders have become powerful weapons even in the case of money laundering offences, which too are committed using the internet. Despite the secrecy obligation of a banker towards his customer, the bank can be compelled by this order to disclose the identity of a money laundering customer, the Chief Justice said.

"In the Sri Lankan context, under Section 18 of the Computer Crimes Act No. 24 of 2007, by which an expert or a police officer investigating cybercrimes in Sri Lanka can compel a service provider to reveal subscriber information and traffic data by virtue of a warrant obtained from a magistrate. This provision is consistent with Article 16 of the Budapest Convention of Cybercrime," he said.

The Convention provides new detection procedures for fraud and child pornography and gives greater powers to law enforcement agencies to patrol the internet. This is partly enabled by the involvement of internet service providers (ISPs), upon whom some burdensome data preservation requirements are applied, the Chief Justice said.

Law enforcement agencies could place 90-day preservation orders on ISPs to retain data for inspection during criminal proceedings. Confidentiality clauses will prevent the ISP from disclosing the existence of a preservation order as it might impede a criminal investigation.

The Budapest Convention on Cybercrime exhorts countries to harmonise national legislation and facilitate investigations and co-operation between law enforcement operations globally.

The Chief Justice said, "Harmonisation of cybercrime law, just like harmonisation of business law, was indispensable in eliminating computer crimes."

Article 19 of the Convention provides for international co-operation by including criminal offences covered by the convention shall be deemed to be included as extraditable offences in any extradition treaty between the parties. The Sri Lankan Computer Crimes Act mirrors this Article in Section 27 which sets out computer crimes as extraditable offences, he said.

Article 22 of the Convention states that parties shall provide mutual assistance to one another in the investigations or proceedings concerning criminal offences.

Section 35 of the Sri Lankan Act unequivocally declares that the Mutual Assistance in Criminal Matters Act No. 25 of 2002 shall be activated wherever it is necessary for the investigation and prosecution of an offence, when providing mutual legal assistance. These are a handful of provisions among many of the salient Articles of the Convention vis-a-vis the Sri Lankan Act, the Chief Justice said.

The Sri Lankan legislation fully complies with the letter and spirit of the Budapest Cybercrime Convention, he said.