1.

Introduction

With the advancement of computers and information technology, people have found ways
to abuse the new found tools for their own benefits leading to the detriment of rest of the
world. As a result, new branches of law have emerged to prevent these malpractices.
Information Technology law and internet law are prominent among them.
The internet law deals with exactly the same legal issues as normal law and applied to the
different features in online world. Whenever you purchase, write or download anything
on the internet, you are subject to exactly the same consumer, defamation and copyright
laws as in the non-virtual world.
A common misconception about the internet is that all material on it is freely available to
the public. Like the rest of the world, all images, audio - video clips and data that are not
in public domain belongs to someone, and if you use it without permission you are
breaking the law. For instance, distributing a novel online is as much illegal as
duplicating the real book.
Anyone with the necessary technical knowledge and investment can set up their own
website, but most of them have a little legal knowledge. Amateur web sites create a
majority of websites on the internet, and material on them can be untrue or even illegal.
Having a site on the net doesn't mean that it is legal, and in some instances, such as child
pornography, it can be illegal to view or even possess certain images even you have no
prior knowledge that you have these materials. Also remember, just because something
may be legal in the country where the website is hosted does not mean it's legal to view
where you live.
There are many computer related offences such as using computers as tools for criminal
activity, hacking into other computers, distribution of illegal data (copyright infringement,
pornography) , unauthorized access in order to commit an offence, causing a computer to
perform functions without lawful authority, Illegal interception of data and use of an
illegal device, unauthorized disclosure of information .etc. IT law and internet law is
meant to control these activities through regulations.

1
Some of the main challenges against maintaining IT law are given below.
Conformity with IP Laws and educating people on new laws
Controls needed to prevent misuse the technology - Computer Crimes.etc
Ensuring secure transactions and safeguards to retention of information
Legal systems are based on human interface and manual processes making
it challenging to transit to IT based processes

2. Sri Lankan Context of IT Legislation

Provisions of IT related Legislation in Sri Lanka

The local context of IT legislation comprises of several acts that have been enacted by the
parliament to control the misuse of IT systems and ensuring secure transaction and
retention of information. These IT related legislations are compliant to the internationally
accepted ethics on Computer system usage.

Computer Crimes act No 24 of 2007 covers basically about two broad ranges of offences
as computer related crimes and Hacking that affects Integrity, Availability and
confidentiality. Some of the provisions of this act can be listed as follows.
Criminal Liability which prevents unauthorized access to computer information.
(section 3 & 4)
This act also prevents of an unauthorized damage to a computer system or related
computer programs. The main focus is on the intentional unlawful damages to a
computer system.
The section 8, 9 & 10 consists of the provisions regarding Illegal interception of
data, use of illegal devices and unauthorized disclosure of information
respectively.

The Intellectual property act, No 36 of 2003 controls the misuse of intellectual property.
This act provides Provisions for,
Protecting copyright for software,
Providing exclusive rights ownership,
Providing scope of copying for the defined fair use,

2
 Safeguarding Information,
Ensuring compliance with licensed obligations,
Respecting ownership rights.

These are some basic provisions that have been provided with the Intellectual Property
act which are of so much importance. Apart from these two acts the Electronic
Transactions, no 19 of 2006 guide upon the electronic business on secure transaction and
storage. This act has no clear definition for the term Electronic transactions and covers
all the transactions that covered out via electronic form. This act basically covers,
Facilitating domestic and international electronic commerce by eliminating legal
barriers.
Ensuring the reliability factor for all forms of electronic commerce.
Providing by means of a better electronic communication
Promoting public confidence in the authenticity, integrity and reliability of data
messages and electronic communication.
There had been developments to the Electronic transactions act where all sections except
section 18 and 20 (1) brought into operation with a gazette dated 27th September 2007.
Also the UN convention on the use of Electronic communication and International
Contacts has also influenced the Electronic Transactions act and Sri Lanka has become
the first South Asian country to sign it with China & Singapore.
Apart from these basic acts there are some other acts operating with the Information
technology related issues. Data Protection act of 1998 has been constructed based on the
British Data Protection act of 1998, and computer crimes bill. This covers the Information
kept in both electronically and manually. Payment and Settlement Systems act No 28 of
2005 and Information and communication Technology act No 27 of 2003 are some of the
other important legislations enacted by the parliament.

Comparison of Sri Lankan IT legislation with International IT Law

Information plays a major part in protecting the privacy of an individual. Security and
privacy concerns have always been considered as an impediment to the use of ICT for
online services such as e-government and e-commerce. Development of sophistication in
information technology, and expansion of usage of information technology, has also given
rise to a new set of crimes and criminal behavior. In order to combat such crimes,

3
including criminal behavior, a number of countries across the globe, have reviewed and
upgraded their existing criminal laws, and have also framed new set of laws to deal with
such crimes, and criminal behavior.
Example for one of the earliest such legislations is the Computer Misuse Act 1990,
enacted by Great Britain on 29 June 1990 which came into force on 29 August 1990. The
main purpose of this act was to protect "provision for securing computer material against
unauthorized access or modification." This act relates to unauthorized access and
modification of computer materials. Information Technology law of India also enacted in
2000. This act applies for any offence or violation committed even outside the territory of
India.

Below listed are some of the other Electronic Signature Laws,

U.S. - The Uniform Commercial Code (UCC)

UK - s.7 Electronic Communications Act 2000
European Union - Electronic Signature Directive (1999/93/EC)
Mexico - E-Commerce Act [2000]
Costa Rica - Digital Signature Law 8454 (2005)
Australia - Electronic Transactions Act 1999 (there is State and
Territory mirror legislation)

When compared to these laws in the other countries the Information Technology act in Sri
Lanka is relatively new. 1978 constitution does not explicitly recognize the personal
privacy which is one area which could get affected as a result of breeching this
Information Technology law. Some of the related laws that come with this act are
Intellectual Property act, Copyright Law, Patents etc. An important aspect of legal
reform which has been successfully implemented in Sri Lanka is the Intellectual Property
measures to ensure adequate and meaningful protection for Computer Software. Inhere
the weight which is given to Software is very high since Software is heavily involved in
the field of Information Technology. Intellectual Property Rights in Information
Technology based products have grown rapidly in importance even in Sri Lanka.
Although the Code of Intellectual Property Act of 1979 (based on the WIPO model) did
not expressly contain provisions to protect Computer Software, Section 7 of the 1979
Code protected original literary, artistic and scientific works.
Digitization has made it much easier to manipulate, reproduce, and distribute protected
work. Digital content can be combined, altered, mixed, and manipulated easily.

4
Furthermore, digital material can be copied repeatedly with no loss of quality. Digital
compression allows extremely large volumes of information to be stored on a single
device and to be transmitted online. Posting on the Internet is sometimes compared to
broadcasting, because one single act of posting can communicate information to an
indefinite number of people worldwide. However, broadcasting is traditionally based on
point-to-multipoint transmission, with an active communicator and passive recipients.
The Internet, by contrast, supports both point-to-multipoint and point-to-point
service. Much content is distributed only on demand of a recipient, giving her much
greater control over the content and the circumstances under which it is accessed. Hence
the internet communication can be easily misused in doing certain things.

3. Case Law Related to IT Law and Internet Law

Case Law is a set of reported judicial decisions of selected appellate courts and other
courts of first instance which make new interpretations of the law. These interpretations
are distinguished from statutory law which are the statutes and codes enacted by
legislative bodies.

3.1 Case Law related to Internet Law

Since we are using internet more and more with the technical advancements and
information era, we should be careful regarding the internet law connected to common
law in day today applications. In comparison to traditional print-based media, the
accessibility and relative anonymity of cyber space has torn down traditional barriers
between an individual and his or her ability to publish. Any person with an internet
connection has the potential to reach an audience of millions with little-to-no distribution
costs. Yet this new form of highly accessible authorship in cyber space raises questions
and perhaps magnifies legal complexities relating to the freedom and regulation of speech
in cyberspace.
If there are laws that could govern the Internet, then it appears that such laws would be
fundamentally different from laws that geographic nations use today. The unique structure
of the Internet has raised several judicial concerns. There is a substantial literature and
commentary that the Internet is not only "regulable," but is already subject to substantial
law regulations, both public and private, by many parties and at many different levels.
Since the Internet defies geographical boundaries, national laws can not apply globally

5
and it has been suggested instead that the Internet can be self-regulated as being its own
trans-national "nation". At the same time In many countries, speech through cyberspace
has proven to be another means of communication which has been regulated by the
government. Therefore there should be a good control over the many underlying
questions concerning the freedom of speech. For example, does the government have a
legitimate role in limiting access to information? And if so, what forms of regulation are
acceptable? Internet law has to play a vital role in common scenarios, thus its essential to
learn about case laws related to the internet law, since the usage of internet is going high
day by day.

There are several categories/acts in creation of privacy in internet laws. Those categories
are,
Privacy act of 1974
Foreign Intelligence Surveillance Act of 1978
(1986) Electronic communication privacy act
(1999) Gramm-Leach-Bliley Act
(2002) Homeland Security act
Intelligence Reform and Terrorism Prevention act

(1999) Gramm-Leach-Bliley Act

This act authorizes widespread sharing of personal information by financial institutions
such as banks, insurers, and investment companies. The GLBA permits sharing of
personal information between companies joined together or affiliated as well as those
companies unaffiliated. To protect privacy, the act requires a variety of agencies such as
the SEC, FTC, etc. to establish "appropriate standards for the financial institutions subject
to their jurisdiction" to "insure security and confidentiality of customer records and
information" and "protect against unauthorized access" to this information.

Intelligence Reform and Terrorism Prevention act

The Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) is enacted on
December 17, 2004 and broadly affects United States federal terrorism laws. This Act
mandates that intelligence be "provided in its most shareable form" that the heads of
intelligence agencies and federal departments "promote a culture of information sharing."

6
The IRTPA also sought to establish protection of privacy and civil liberties by setting up a
five-member Privacy and Civil Liberties Oversight Board. This Board offers advice to
both the President of the United States and the entire executive branch of the Federal
Government concerning its actions to ensure that the branch's information sharing
policies are adequately protecting privacy and civil liberties.
The IRTPA requires the Department of Homeland Security to take over the conducting of
pre-flight comparisons of airline passenger information to Federal Government watch
lists for international and domestic flights. The Transportation Security Administration is
currently developing the Secure Flight program and issuing this rule making to implement
this congressional mandate. Airline personnel will have the right to demand government-
issued ID be shown if ordered by the TSA to do so, but those orders are to remain
confidential so there is no oversight as to when the airline has been ordered to request ID
and when they are requesting it on their own imperative.
The act is formally divided into 8 titles:
1. Reform of the intelligence community also known as the National Security
Intelligence Reform Act of 2004 which monitors the improvement of
education for the intelligence community, additional improvements of
intelligence activities, privacy and civil liberties etc.
2. Federal Bureau of Investigation which is responsible for Federal Bureau of
Investigation", concerns intelligence within the Federal Bureau of
Investigation.
3. "Security clearances"
4. "Transportation security" - deals with "Aviation Security" "Air Cargo
Security" "Maritime Security" "General Provisions
5. National Strategy for Transportation Security" -
6. "Border protection, immigration, and visa matters"
7. "Terrorism prevention" - Individual Terrorists as Agents of Foreign Powers
Money Laundering and Terrorist Financing additional Enforcement Tools
8. "Implementation of 9/11 Commission recommendations", also known as the
9/11 Commission Implementation Act of 2004 that monitors the diplomacy,
foreign aid, and the military in the war on terrorism, terrorist travel and
effective screening, national preparedness, homeland security etc.
9. "Other matters"
3.2 Case Law related to IT Law

7
With the advancements of information technology such as e-Commerce, mobile and
satellite communication, bio-informatics, social networks and data mining and data
warehousing, people tend to use IT related services more frequently due to the ease of
use, availability, user friendliness etc. But compared to the traditional paper based
services there are some drawbacks with these technologies specially with the authenticity
and privacy. Therefore the computer based crimes such as hacking, violation of
copyrights have become more popular with the criminals due the lack of awareness of
the user and the difficulty to trap them with the low. Therefore users need to be careful
about ensuring their own protection while obtaining the benefits of the modern
information technology trends. Hence rule and regulations has been established to ensure
the protection of civilians.

There are several categories of acts prevailing for the IT law under Case law such as,
Florida Electronic Security Act
Illinois Electronic Commerce Security Act
Texas Penal Code - Computer Crimes Statute
Maine Criminal Code - Computer Crimes
Singapore Electronic Transactions Act
Malaysia Computer Crimes Act
Malaysia Digital Signature Act
UNCITRAL Model Law on Electronic Commerce
Information Technology Act 2000 of India

Florida Electronic Security Act

In 1996, Florida legislators passed the Electronic Signature Act. The introduction to the
act explains that technological advances mean "that the use of electronic pleadings,
interrogatories, depositions, and briefs is becoming possible and practical." The act
describes the advantages of allowing electronic signatures to equal written signatures
legally. Lawmakers write that it will ease and increase commerce in Florida as well as
reduce the amount of paper that businesses are using daily. The act also says each party in
the contract must agree to electronic signatures for them to be valid by law. Florida

8
Statute 15.16 says people can submit legal documents electronically and they will remain
valid in the Department of State. The statute also says the electronic transmission of
records such as photographs, diagrams, facsimiles and prints have the same "force and
effect as originals" for use as evidence. This includes electronic filing of legal documents
using electronic signatures, as well as using email addresses as valid forms of
communication and notification under the law.

Illinois Electronic Commerce Security Act

The Electronic Commerce Security Act (the ECSA) becomes effective on July 1,
1999.The ECSA overrides the Statute of Frauds in two important respects. Electronic
records, which are information transmitted by and stored within computers, now satisfy
the requirement of writing. Electronic signatures, which are symbols (letters, numbers,
etc.) generated by a computer that are intended to authenticate an electronic record, now
satisfy the requirement of a signature. As noted above, electronic signatures will probably
be a string of letters, numbers, and other symbols rather than a copy of your handwritten
signature. This string may be accessible only by, for example, the use of a secret
password. If you carelessly enable an unauthorized person to gain access to that
password, who then uses it to purchase merchandise, you may be obliged to pay the
vendor who innocently relied on the password even if you never received the goods.
The ECSA represents yet another step down the information superhighway. The way in
which the world is conducting business is dramatically changing. Business owners will
either adapt to those changes or disappear like the dinosaurs and buggy whip
manufacturers.

Texas Penal Code - Computer Crimes Statute

As a result of the proliferation of computers in our society, a need was felt for laws
specifically designed to protect computers from harmful conduct. Starting in 1978, the
states began to pass laws specifically creating crimes involving the misuse of computer.
The Texas legislature created the first Texas Computer Crimes effective September 1,
1985. These crimes constitute Chapter 33 of the Texas Penal Code, entitled "Computer
Crimes". These offenses have been rewritten by the legislature several times since they
were first created. The most recent revision was effective September 1, 1994. Although

9
the laws as they currently exist still protect against the same conduct, they are
considerably different from the laws that were enacted in 1985.
"Breach of Computer Security" makes it a crime to knowingly access another person's
computer without the 'effective consent of the owner'. Interestingly, the name for this
offense originated with a requirement in the original law that the actor breaches" a
computer security system in order to commit this offense. The legislature removed the
requirement that a security system be involved in the offense, but did not change the
name of the offense.

This law simply provides:

"A person commits an offense if the person knowingly accesses a computer, computer
network, or computer system without the effective consent of the owner."

In a nutshell, it is a crime in Texas to use someone else computer, without proper consent
of the computer's owner. It is important to note that an individual does not have to
damage or change anything in order to be guilty of a crime. It is a common myth that
"just looking" at computer data is never a crime. But it is now. This offense prohibits
more than just the unauthorized use of the computer. It also prohibits authorized users
from using a computer for an unauthorized purpose. The statute states that consent is not
'effective' if 'used for a purpose other than that for which the consent was given'.

Maine Criminal Code - Computer Crimes

Under the Maine Revised Statute Title 17-A : MAINE CRIMINAL CODE :chapter 18 ,it
is defined Computer Crimes related to Maine Criminal Code. Starting with the definition
of few terms related to computer systems, networks and crimes like access, Computer,
computer information, computer program, computer software, computer virus, and etc.
Then it is defined the criminal invasion of computer privacy and aggravated criminal
invasion of Computer Privacy. After that the prosecution of invasion of Computer Privacy
is defined related to the location of the person with the location of the resources, location
of a software or a program copied and location of a particular virus is been made. Finally
there is added jurisdiction to prosecute.

Singapore Electronic Transaction Act

10
The Electronic Transactions Act (ETA) (Cap 88) was first enacted in July 1998 to provide
a legal foundation for electronic signatures, and to give predictability and certainty to
contracts formed electronically. In July 2010, the ETA was repealed and re-enacted to
provide for the continuing security and use of electronic transactions. Singapore was one
of the first countries in the world to enact a law that addresses issues that arise in the
context of electronic contracts and digital signatures, and continues this trend by being
amongst the first to implement the United Nations Convention on the Use of Electronic
Communications in International Contracts, adopted by the General Assembly of the
United Nations on 23rd November 2005 (the UN Convention).

The ETA addresses the following issues:

Commercial code for e-commerce transactions Use of electronic applications for
public sector.
Liability of network service providers.
Provision for the development of security procedures such as Public Key
Infrastructure (PKI) and biometrics.

Malaysia Computer Crimes Act (CCA)

The CCA 97 was given its Royal Assent on June 18, 1997 but was only enforced on June
1, 2000. CCA 97 main concerns are offences due to the misuse of computers and
complement the existing criminal legislation. CCA 97 is in fact has a lot of similarity with
the UK Computer Misuse Act 1990 in terms of the offences but differs in several ways. It
is different in that CCA 97 gave an interpretation of computers, computer networks,
output, data, functions, programs and premises. The interpretation of a computer in CCA
97 is summarized as any electronic machines that are programmable and has the facility
for data storage. The CCA 97 also covers a wider range of offences compared to CMA
1990 which only covers 3 aspects of computer misuse: unauthorized access, unauthorized
access with intent to commit or facilitate other crime and unauthorized modification. The
three other offences included in CCA 97 are wrongful communication, abetment and
attempts punishable as offences and presumptions.
Besides that, it also covers on obstruction of search.

Malaysia Digital Signature Act

11
The Digital Signature Act was enacted in 1997 and came into effect on 1st Oct 1998. The
first total revision was in 2002, the second in 2006. This Act incorporates all amendments
up to 1 January 2006, which provides the licensing framework for the provision of digital
signatures including the type of services, the qualification requirements, the application
and registration fees.
The emergence of digital signatures aroused with the idea of secure communication
between two transactional parties. As internet is an open network which is open for lots of
problems regarding identity, manipulation of information, interference of third parties
security and commitment has become major issues in online transactions. This act
introduces and implements the usage of digital signatures in online commercial
transactions.

UNCITRAL Model Law on Electronic Commerce

The United Nations Commission on International Trade Law (UNCITRAL) Model Law
in Electronic Commerce was promulgated in 1996 to facilitate electronic commerce and
electronic government. But it has no reference to Internet. It establishes rules and norms
for validate and recognize contracts formed through electronic means. Also it sets rules
for governing electronic contracts and forming contracts while defining the characteristics
of valid electronic writing and of original document. It provides the acceptability of
electronic signatures for legal and commercial purposes. further it supports the admission
of computer evidence in courts and arbitrary proceedings. This law is intended to
facilitate electronic commerce by providing national legislators with internationally
accepted laws.

Information Technology Act 2000 of India

The Parliament of India has passed its first Cyberlaw, the Information Technology Act,
2000 which provides the legal infrastructure for E-commerce in India. The said Act has
received the assent of the President of India and has become the law of the land in India.
The objective of The Information Technology Act, 2000 as defined there:-
"to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as
"electronic methods of communication and storage of information, to facilitate electronic
filing of documents with the Government agencies and further to amend the Indian Penal

12
Code, the Indian Evidence Act, 1872, the Banker's Book Evidence Act, 1891 and the
Reserve Bank of India Act, 1934 and for matters connected therewith or incidental
thereto."
4. Conclusion
The development of information technology is apparently visible despite of the country
you live in. The key feature of IT is that it is always making sure of improving the
existing technologies to a new level. Whatever the activity or field, information
technology actually has a huge say to the enhancement of it. But the development of
information technology leads to more complex and advanced illegal operations. In fact
misusing of internet services and utilization of software for unfair deeds has been
becoming familiar day by day. For the purpose of preventing such illegal circumstances
and providing a fair value and honor to actual owners of intellectual properties,
information technology law was enacted. As information technology is considerably
shrinking the world these issues become global and therefore Sri Lanka also have to face
the same fate. But due to Sri Lankas tag of a developing country, all these laws are
improving at snails pace. Sri Lanka is still deficient of some areas of legal protection.
The main reason for this is actually the dynamic nature the information technology which
makes the protection over the illegal operations hard. Due to the complexity of new
technologies it is somewhat easy to sneak through any barrier in order to commit
malpractices such as unauthorized usage of intellectual property in information
technology sources and cybercrimes. However in a continuously improving field like
information technology you cannot set up laws forever as every single day a new trend of
illegal operation can occur. Therefore it is important to continuously amend the IT law
according to the prevailing trends.

13
References

1. Dias, L. Sri Lankan Perspective in Meeting the Cyber Crime Challenge.ppt. Retrieved
From https://www.scribd.com/presentation/87028721/Sri-Lankan-Perspective-in-
Meeting-the-Cyber-Crime-Challenge
2. Electronic Signature. (05.07.2016) . Retreived from. https://en.wikipedia.org /wiki/
Electronic_signature
3. Electronic Transactions Act of Singapore. (n.d). Retrieved from
http://unpan1.un.org /intradoc/groups/public/documents/apcity/unpan025623.pdf
4. Fernando, J. (19.08.2010). Business Governance of Information Technology the CXO
Perspective Legal Framework. Retrieved from http://www.slideshare.net
/tomwinfrey/jayantha-fernando-llm-it
5. Malaysian Computer Crime Act in 1997. (n.d). Retrieved from http://unpan1.un.org/
intradoc/groups/public/documents/APCITY/UNPAN025630.pdf
6. Online Digital Signature Authority. (n.d.) E-Signature. http://www.e-signature.com/e-
signature-law/
7. Parliament of the Democratic Socialist Republic of Sri Lanka, Computer Crime Act
No.24 of 2007.(n.d). Retrieved from http://www.slcert.gov.lk/Downloads/Acts/
Computer_Crimes_Act_No_24_of_2007(E).pdf
8. Parliament of the Democratic Socialist Republic of Sri Lanka, Electronic
Transactions Act No.19 of 2006. Retrieved from http://www.slcert.gov.lk/
Downloads/Acts/ElectronicTransactionActParliamentver(E).pdf
9. Property Law. (30.01.2012). Retrieved from http://www.bu.edu/bucflp/
files/2012/01/Intellectual-Property-Act-No.-36.pdf

14