Significant concerns have been raised over Sri Lankan Internet service providers (ISPs) blocking news-related websites. Currently, there are two ISPs listed in the Colombo Stock Exchange.
Blocking of Colombo Telegraph generated much concern, including from the opposition leader and the international press institute, there are many other news, opinion and related websites which are also blocked by Sri Lankan ISPs.
Most of the attention and speculation have focused on the government, blaming it for the blockade. However, with many of the blocked sites, there is apparently no evidence of the blockade being legally instituted by the government.
This opens another dimension of concern. If the blockades are illegal (not done in conformity with the law) and the Sri Lankan ISPs are complicit in such illegal blockades, they would then be vulnerable to legal action in the future from any of their subscribers, or even a virtual Class Action/Representative Action suit suing for past damages on behalf of millions of subscribers. Larger the subscriber base of the ISP, the greater the vulnerability.
Legal constraints on imposition of blockades
Under the Sri Lanka Telecommunications Act, the Telecommunications Regulatory Commission (TRC) of Sri Lanka, licenses and exercises oversight of ISPs. The TRC is required to ‘take such regulatory measures as may be prescribed to comply with any general or special directions that may be given to it from time to time by the Government of Sri Lanka’ (Section 5(f)), or ‘in writing’ by the Minister for the subject of Media (section 66).
However, the Act does not grant the TRC any express right to issue on ISPs, any arbitrary directive to block or restrict access to some websites at its own discretion. To the contrary, among the general objects of the Act are ‘to ensure that operators are able to carry out their obligations for providing a reliable and efficient service free of undue delay, hindrance or impediment’ (Section 4(f)).
Legality-Test: Any restriction requested of ISPs by the TRC is lawful only when it is directed by published decisions of the government (i.e. prescribed) or written directions of the minister.
These constraints show that those who framed the law have been wise and responsible. They have recognised the importance of providing a reliable and efficient service free of undue delay, hindrance or impediment and of protecting the freedom of thought and conscience, guaranteed by the constitution, by not allowing arbitrary or undue restriction of access to information on the Internet. But have the ISPs in Sri Lanka taken cognizance of these constraints on lawful conduct?
Test of lawful conduct by ISPs
Three matters are clear with regard to the ISPs.
1. No other authority, not even the president, is empowered to give a directive to the ISPs, apart from the TRC –directives to the ISPs can be lawful only when they come through the TRC.
2. Directives from the TRC should have been received in writing by the ISPs and available for examination by a court of law. Principles of administrative law wouldn’t ascribe credibility to claims of receiving directives only orally.
3. The TRC has no power to issue directives at its whim and fancy. The directives of the TRC are lawful only when they conform to the Legality-Test.
Therefore, if an ISP is not able to establish that the blocking of a website was done with proper due diligence in respect of the above, then the ISP can be accused of having acted illegally. To establish that it did not act illegally, an ISP would need to be able to provide evidence of a request from the TRC which cites the relevant published decisions of the government or asserts itself to be based on written directives of the minister.
However, the Act does not grant the TRC any express right to issue on ISPs, any arbitrary directive to block or restrict access to some websites at its own discretion
For example, prohibited content, such as obscene publications, pornographic or paedophilic content can be blocked and such blockades are clearly referable to a specific, clear violation of a law (e.g. Obscene Publications Act).
But what is the law that can be referred to in the selective blocking of news and related websites? What are the published decisions of government or written directives of the minister under which these blockades are implemented? If ISPs do not possess written directives from TRC that claim to conform to these requirements, in blocking a website, they would be vulnerable to legal action by their subscribers.
Subscriber’s right to know and ISP culpability
Any customer of an ISP has a basic right to know the limits imposed on the service for which she is paying. Therefore, all customers of ISPs should be able to request and receive a list of sites that are being blocked by the ISP and the reasons for the blockades imposed.
It is curious that despite the significant public concerns no Sri Lankan ISP has so far made the list of sites that they block public. The failure to share this information can be seen as increasing their culpability, in the event that the blockades themselves are one day found to be illegal.
Learning from Google
Google is an Internet giant that is heavily reliant on governments to provide them access to operate, and is also pressured by governments and politicians to act in ways that are inimical to the public interest. Google deals with this in two ways: (1) refusing or resisting requests that are not lawful or not in the public interest (2) publishing requests made and how they were handled, to inform their users. Google’s transparency report can be found here: www.google.com/transparencyreport.
These examples of how Google dealt with requests from governments, between January and June 2014, can be a guide for Sri Lankan ISPs (from Google’s current transparency report):
Brazil: We received a court order to remove 107 blog posts and search results for linking to information that criticized a local government official for allegedly corrupt hiring practices. We appealed because the order did not specify why it was illegal and did not remove the content. (i.e. refused due to the legal basis not being clarified).
Argentina: We received a phone call to remove a Google Autocomplete entry linking a politician’s name with an illicit drug. We did not remove the entry (i.e. refused, with no written request and no legal basis).
United States: We received 27 requests from a federal government agency to suspend 89 apps from the Google Play store that allegedly infringed its trademark rights. After reviewing the apps in question with respect to those trademarks, we removed 76 apps. (i.e. selectively complied after evaluating legal basis and its application).
France: We received a request from local officials to remove six blog posts about their town because they allegedly defamed the town, its mayor and other elected officials. We did not remove the blog posts. (i.e. refused, with allegation not being legally established).
In addition to such details, Google publishes a range of statistics on the sources, types and number of requests it receives from governments to block websites. Sri Lankan ISPs, however, seem to be concealing such information from their customers who keep them in business.
In the Lanka Marine Services Ltd, Waters-Edge and Sri Lanka Insurance Corporation cases Sri Lankan courts have established that private companies cannot escape the consequences of wrongful conduct by hiding behind the coat-tails of government officials. The courts held culpable not only government officials who acted wrongfully against the public interest, but also the private companies that went along with those actions. Sri Lankan courts could follow that precedent in the future. ISPs should take note. Quick action towards Google-like transparency and ensuring legal conformity could help safeguard the future value of their shares.
It is curious that despite the significant public concerns no Sri Lankan ISP has so far made the list of sites that they block public
(Verité Research provides strategic analysis and advice to governments and the private sector in Asia. Comments welcome, email email@example.com)