A new Draft Bill on Online Safety was recently published in the Gazette of 15th September (issued on 19th September). As stated, the objectives of the Bill are to ‘to establish an online Safety Commission; to make provisions to prohibit online communication of certain statements of fact in Sri Lanka; prevent the use of online accounts and inauthentic online accounts for prohibited purposes; make provisions to identify and declare online locations used for prohibited purposes in Sri Lanka; and to suppress the financing and other support of communication of false statements of fact.’ Many provisions of the new Bill appear to be modelled on Singapore’s Protection from Online Falsehoods and Manipulation Act (POFMA). However, there are significant differences. In the following sections we highlight some of the differences, based on an initial reading of the two documents. 
A new Draft Bill on Online Safety was recently published in the Gazette of 15th September (issued on 19th September). As stated, the objectives of the Bill are to ‘to establish an online Safety Commission; to make provisions to prohibit online communication of certain statements of fact in Sri Lanka; prevent the use of online accounts and inauthentic online accounts for prohibited purposes; make provisions to identify and declare online locations used for prohibited purposes in Sri Lanka; and to suppress the financing and other support of communication of false statements of fact.’ Many provisions of the new Bill appear to be modelled on Singapore’s Protection from Online Falsehoods and Manipulation Act (POFMA). However, there are significant differences. In the following sections we highlight some of the differences, based on an initial reading of the two documents.
On May 23rd 2019, the Government of Sri Lanka posted the Draft Cyber Security Bill on the SL CERT website and invited public comments/input. LIRNEasia submitted comments in response to the SL CERT’s request. Our written comments submitted on 5th June 2019 are available through the link below Comments on the Cyber Security Bill – Sri Lanka 2019 Subsequently in August 2023, the Government of Sri Lanka posted an updated version of the Cyber Security Bill and invited public comments. LIRNEasia once again submitted written comments on 18th August 2023, which can be accessed here. Comments on the Cyber Security Bill – Sri Lanka 2023 The report below analyses the extent to which the input submitted by LIRNEasia in 2019 has been taken into account in the updated (August 2023) version of the proposed Bill
LIRNEasia submitted a response to the Ministry of Technology’s invitation to comment on the Cyber Security Bill uploaded to the website of Sri Lanka CERT in August 2023 (www.cert.gov.lk). The submission addresses specific concerns related to the requirement for accreditation of Cyber Security service providers, the composition of the Cyber Security Regulatory Authority and the definition of the term Critical National Information Infrastructure.
Hearing the many reports on prosecutions under section 66(d) of the Law that was enacted in 2013, I went back to my files. In the extensive comments we provided there is nothing that refers to the offenses sections. The offenses chapter is peculiarly drafted. Section 65 is similar to what is found in any law that requires a license to be obtained for a specified activity. Section 67 is again a necessary section, specifying the penalty for using equipment without a license.
There is no debate that the laws governing the telecom/ICT sector in Sri Lanka are among the most convoluted. So I have some sympathy for the people who write about it. But I assume they are paid for their work and they have a duty to check their facts. The excerpt below is just one example of the erroneous analysis that is published in documents with international circulation, and then get quoted and reified as the truth about Sri Lanka: Under a constitutional amendment forced through by the Rajapaksa regime and ratified in 2011—which also removed presidential term limits—the president was able to appoint the heads and members of all commissions, subverting legislative guarantees for the independence of the TRC and other statutory institutions.[36] In April 2015, President Sirisena and his interim government were able to undo this stranglehold on democratic processes by introducing and ratifying the 19th Amendment to the Constitution, which empowered independent commissions in the country and restored term limits to the presidency.
The most current draft of the the Sri Lanka Freedom of Information bill that is about to be presented to Cabinet has removed Parliament and Cabinet from its purview. They were included in the definition of “public authorities” who were bound to respond to information requests by citizens in the previous draft (at that time the Law was called the Right to Information Act). This appears to miss the essence of RTI, as I point out in a guest column in the Daily Mirror today: Freedom of Information (also known as Right to Information or RTI) laws are based on Principal-Agent theory. The public (the Principal) has delegated the task of running the country to the state, comprising officials as well as political authorities (the Agents). But the public (the Principal) cannot adequately monitor the Agents because of a radical information asymmetry.
A few days back, I included the following in a guest column for the Financial Times: Most of the 192 words specifying the Right to Information (RTI) as a fundamental right are superfluous. There is an entire bill in third draft that probably includes the very same language (if it does not, the Constitutional language will override it). All that is needed in the Constitution is one sentence “Subject to law, every person shall have a right of access to official information which is in the possession, custody or control of a public authority.” This was in the context of larger lament on the state of legislative drafting in Sri Lanka. What belongs in subsidiary legislation gets dumped into legislation.
The much anticipated Myanmar Telecommunications Law (Law 13 of 2013) was approved by both houses of the Myanmar Legislature and was given Presidential assent. Our analysis of the law is not yet complete, but here are some first thoughts: There is considerable and unnecessary overlap of powers and functions between the Ministry and Department. Positioning the Ministry as the authority to appeal departmental decisions may make it the de facto regulator. This goes beyond the usual concern about the Ministry also having responsibility for the incumbent operator MPT. The explicit authority given to the Ministry to clarify technical terms in the law appears to position it as a supra regulator even after the promised creation of the independent regulatory authority.
The timeline below depends on the regulations (by-laws) being approved. The news story suggest they have been. We know that they are open for comments. We plan to give comments by the Dec 2 deadline. So unless the licenses are being developed in parallel, the chances of issuance by year end are not that good.
The legislature has completed its work and the bill awaits the President’s signature. But the actual legislation with 70 amendments from what potential investors saw is yet to see the light. And most of the detail (“the devil is in the detail”) will be in subsidiary legislation. Another nugget that has emerged is that Ooredoo is planning to invest USD 15 billion while Telenor is planning to invest USD 2 billion. MP Phone Myint Aung said the move would mean “international operators can launch their operations.
Telecomasia.net quotes the New Light of Myanmar, government publication, to the effect that the law now has only one step more to go: Presidential approval. Myanmar parliament has passed the telecom bill which will allow the nation’s mobile licensees to commence operation. The Pyidaungsu Hluttaw (Union Assembly) approved the Communications Bill this week, state-run New Light of Myanmar said on Wednesday. “As the Pyidaungsu Hluttaw approved the Communications Bill, [state-run telco] MPT and international operators can launch their operations,” the paper cites MP U Phone Myint Aung as saying.
It appears that previously expressed hopes for a good law on telecom emerging from the recesses of Nay Pyi Taw were overly optimistic: Information-technology experts and entrepreneurs have proposed amendments to Myanmar’s telecommunications bill that was made public last month. Khun Oo, president of the Myanmar Computer Federation, said the information and communications technology sector could develop rapidly, but it could also decline because of the new law. Ye Yint Win, president of the Myanmar Computer Professionals Association, said: “According to Section 4 Article 7, every telecommunications services will need a licence. Web-development businesses, e-commerce businesses and individuals who want to sell their applications will also need licences. So [the law] needs to separate and identify the services that need licences and those that do not need licences, as it can harm freedom of creation and small enterprises.
The Wall Street Journal reports that legislative action is required for permitting competition in Myanmar telecom market: Officials have enacted an investment law with guarantees against nationalization and have proposed tax reform. However, these don’t go far enough. The state still controls the most lucrative industries, since a 1989 law restricts private enterprise in oil and gas, mining and telecom. This makes it imperative that the retrograde ITU sponsored draft law be thrown out and a piece of legislation appropriate for the 21st century be adopted.
Daw Aung San Suu Kyi was in Bangkok for the World Economic Forum. One of the questions she was asked was “what sectors she would look to promote first?” The summary of her answer was that the telecom sector is important as the need to have mobile phone for development is real and will look to support advancement in this field. She wants to target what she calls “low-hanging fruits” sectors to create jobs and bring Burmese migrant workers home. There is no doubt that telecom, especially voice and data communication over wireless platforms, is a low hanging fruit.
One hopes that the new law takes into account all the lessons we have learned in telecom reform in Asia in the past few decades. According to Nomura, a new telecom law, which could allow for more licenses (up to 5) and direct or indirect foreign operator participation, is currently in final stages of drafting.The telecom sector in Myanmar is likely to be on the radar for most telcos for incremental investment. Unstable politics and bottlenecks, including: 1) high handset prices ($45-600); 2) SIM registration cost of $150-200; 3) long waiting periods (up to 2 years) and connection hurdles; 4) poor networks and coverage; and 5) lack of competition have hampered growth. The government is now targeting 50 percent wireless penetration by 2015, implying a 50 percent CAGR.
The following quote in a recent article by a Sri Lankan disaster management expert in the government newspaper caught my attention: There was a time gap of nearly three hours between the time Indonesia was affected and the time that Sri Lanka was affected and also the coastline was hit by the wave at different times. Even within Sri Lanka, the Eastern shores were hit first, which gradually spread to North, South and finally the West. The country simply did not have an early warning and dissemination system. This was the first I had heard anyone in government admit even indirectly that many lives could have been saved if the government had communicated to the media the information it received from the Navy and STF on the East Coast. I thank the writer for that.