News
Top European cybercrime buster shares strategies with Lankan experts
In a bid to hone the skills of the Sri Lanka Police Department in tackling cybercrimes and to develop related common standards and operating procedures, a top European expert was here on an advisory mission last week.
Catching up with the Sunday Times, during his brief stay in Colombo, Virgil Spiridon, Head of Operations of the Cybercrime Program Office, which comes under the Directorate General of Human Rights and Rule of Law of the Council of Europe, says Sri Lanka as the first South Asian country to have ratified the Budapest Convention on Cybercrime has already become an example of best practices in dealing with cybercrimes.
The visit of Mr. Spiridon, a former Deputy Chief of the Romanian Police, was facilitated by the Legal Advisor of the Information and Communication Technology Agency of Sri Lanka (ICTA), Sri Lanka CERT and the Criminal Investigation Division from Sri Lanka Police.
The European digital crime investigations pioneer, who set up the Romanian Cybercrime Unit, shared with Sri Lankan experts some of the globally benchmarked practices in terms of electronic evidence gathering beyond national borders, nabbing of nefarious internet sites and computer forensic activities. Romania had been the Eastern European catalyst in fighting cybercrime and the campaign received more muscle with the setting up of the Cybercrime Unit and, moreover, after aligning the country’s laws with the Budapest Convention, he says.
The Budapest Convention, which is the first and so far the most relevant instrument in international law governing cybercrime, is not merely an instrument but also a reflection of the experience of several countries, notes the cybercrime expert. “It is all about fostering a sense of community, a balancing act of championing human rights and providing protection against cyber violence.”
The convention, as the ICTA Director/Legal Advisor Jayantha Fernando informs, is an ‘instrument focusing on the Rule of Law, due to the inherent human rights safeguards governing procedures for gathering of electronic evidence’. In addition to being an international law instrument, the convention has provisions for capacity building for its signatories, under the project called Global Action Against Cybercrime (GLACY). This, as the ICTA Legal Chief notes, is done at regional and international levels.
The Strasbourg Cybercrime Committee established by the Convention, of which Mr. Fernando is an elected Bureau member, is led by the Council of Europe and does regular assessments of performance of countries on issues related to implementing the Convention domestically and how they cooperate with other countries.
“It’s a continuous process,” says Mr. Fernando, adding that this recently concluded mission of the Council of Europe experts is a response to a request made by the Sri Lanka Police Department in December last year. The capacity building work also extends to the Sri Lanka Judges’ Institute and other relevant stakeholders, such as the Attorney General’s Department from time-to-time.
“The Budapest Convention is unique, so much so a country just does not become a signatory and wait but is engaged in a collective bid to combat cybercrime,” says the ICTA Legal Chief.
Commenting on restoring our national image by de-listing from the money laundering Black List, Mr. Fernando says that authorities should use the Budapest Cybercrime Convention also as a tool, as per recommendation 36 of FATF, because the proceeds of Cybercrime could be considered as predicate offences for money laundering.
Roshan Chandraguptha, Principal Information Security Engineer of Sri Lanka Computer Emergency Readiness Team (CERT) reveals that his organization received 3,600 social media related cybercrime complaints in 2017. Most of them concern fake accounts in social media, largely the Facebook. “These also include cases where pictures of some individuals were being published in certain websites without their consent. There are also cases of their social media accounts/email accounts being hacked as a result of their passwords being shared.”
Sri Lanka CERT provides technical assistance to any party requiring assistance in dealing with cyber incidents and/or cybercrimes. Support from other CERTs- both regional and international, are sought in this effort to help the general public as well as law enforcement agencies. Sri Lanka CERT’s mandate, as Mr. Chandraguptha notes, extends to carrying out public awareness about the threats the people could face in the cyber world and the prevention techniques and technical solutions available.