A short conversation with my parents is enough to remind me just how technologically illiterate even the smartest of people in the older generation are. But while their antics on the internet of things would be just funny anecdotes, technological illiteracy is a far more serious and pervasive issue - resulting in the loss of hard earned money at best, and suicide at worst. The dimensions and variety of these crimes between the best case and worse, are staggering. Studies show that approximately 3 in 5 “netizens” - or, citizens of the internet - have been scammed - a figure that is shocking enough as it is, but made even more so by the fact that a majority of scams go unreported. A 2019 study estimates that the global economy lost over US$3.89 trillion to online fraud - and again, this is only the minuscule amount of cases that do get reported.
Considering the almost infinite scope of cyberspace, it would be impossible to address all aspects related to cyber-crime and exploitation in a single article without sacrificing some degree of depth and/or focus. Today therefore, we’ll deal with cyber fraud that, on average, mostly affects the older generation as they (quite inelegantly) attempt to muddle through these confusing novelties “The Facebook” and “The YouTube”, as they call them. I’ve come to realise, after much thought, that the demographic most vulnerable to scams and fake news are so because, having grown up in an environment where all media they consumed - be it print or television - went through some sort of vetting process. So baby boomers and their parents expect such levels of integrity of information and content to exist on the internet too. This explains the proliferation of fake news and conspiracy theorists which are greatly affecting the world order negatively - as in the case of the appointment of Donald Trump, Brexit, and effective precautions not being taken against COVID-19. A Princeton University study found that people 65 years of age or older are seven times more likely to share and engage with fake news than those aged 18-29. They simply lack digital media literacy necessary to reliably determine the trustworthiness of news online.
"People 65 years of age or older are seven times more likely to share and engage with fake news than those aged 18-29. "
The negatives don’t end merely at digital illiteracy, and transcend into a governmental, and therefore societal problem. If anything truly epitomises the scope of the older generation’s lack of understanding of how the internet works, and how pervasive the negative implications of this are, it is Mark Zuckerberg’s hearing in the US Congress just last year, where Congress, comprising a majority of sexagenarians, questioned the CEO of Facebook about intricacies of the social media app, asking profoundly uninformed (read stupid) questions such as whether Facebook could see emails sent on WhatsApp, which Facebook owns. You don’t send emails via WhatsApp, and WhatsApp is encrypted, meaning it can’t (ostensibly) be accessed by outsiders. The average age of the lawmakers at the hearing was 62, and their technological illiteracy was staggering, and as these (mostly older generation) government officials MAKE the laws, it is pervasively more damaging than being just another sob story or an anecdote. The decisions they make with little to no understanding of these matters affect all citizens - not only in their own countries, but given the borders-free nature of the internet, but the whole world.
To combat cyber crime, it is imperative that already existing - albeit frail, inefficient and flawed - agreements governing transnational evidence gathering and prosecution, are not only honoured but made more effective too. Furthermore, exponentially increasing the speed with which legal action is taken against perpetrators is vital to ensuring that cyber laws serve their purpose, as the very nature of the internet makes perpetrators hard to track down.
With this in mind, an analysis of Sri Lanka’s proposed cyber laws - imperfect yet encouraging, is in order.
Comprehensive ambit and unambiguous wording - the most important factors when drafting laws and legislature - is significantly lacking in the Proposed Cyber Security Bill of Sri Lanka. Problems abound including : Unclear wording.
Lack of a cohesive National Cyber Security strategy - including glaringly deficient in social media based security procedures.
Considerably low standards for the position of Director General of the proposed Cyber Security Agency.
Impractically high ones - ie. minimum requirement of 25 years experience for appointment as Members of the Agency. (Consequently, members would be ’seniors’ - an especially problematic factor as rapid developments in cyberspace require contemporaneous and dynamic teams to deal with it).
The Agency’s resources and efficacy being surely diluted and compromised due to it being short on strategies, long on responsibilities.
While length does not always equate depth, it should say something for the incompleteness of the Sri Lankan Bill that there are only 6 interpretations of cyber security (perhaps half a page) as opposed to four pages worth in Singapore’s Bill. Thoroughness is especially important with regards to cyber law given the scope and the variety of cyber attacks, and yet there’s neither a clear technical or legal definition for the minimum level of cyber security to be achieved nor a standard set for the desired level of cyber resilience for the country.
One of the biggest issues with the Bill, and one that epitomises the shortcomings of many Sri Lankan institutions, is the excessive and conflicting bureaucracy that would necessarily come about as a result of the three different bodies being involved in a single task force. Tedious and superfluous levels of coordination between the three bodies would render most of their efforts unproductive. Instead, a team of highly competent cyber security experts should be appointed with specific tenure, as in Singapore’s 2018 Cyber Security Act. EU’s advanced and comprehensive Cyber laws too should be a model we base Sri Lanka’s Cyber Framework upon.
"To combat cyber crime, it is imperative that the already existing laws not only honoured but made more effective"
Quite apart from legislation, there are many precautions that we netizens could and should take too, to safeguard ourselves from cyber criminals. Being more aware of how to spot a scam, and therefore avoid it, changing passwords often and varying them amongst accounts are the most basic yet most effective measures. However, if you do find yourself being a victim of cyber crime, the non-profit organisation ‘Hithawathi’ - seemingly the only easily accessible help centre so far for cyber matters in Sri Lanka, helps guide victims through relevant procedures, and connects them to relevant authorities.
I must admit that before I commenced my research for this article, I was quite convinced that the people most at risk of cyber crimes were those of the older generation. However, the threat to Cyber security that my generation both poses and faces is far beyond anything that has come before. My next article, therefore, will deal with millennials and Gen Z’s, and their role in cyberspace.
If you would like more information and resources, please visit my blog sisterinlaw.wixsite.com/serika