Ten years ago, a leading private telecommunications company cut off all call and data services for hundreds of thousands of families in the North and East. There was no big outcry. There was no judicial order or review of the suspension of these services. It just happened.
Mobile telephony and data services were introduced to the North after the Ceasefire Agreement in 2002. On my first visit to Jaffna on the A9 in early 2002, singed and mostly topless Palmyra trees dotted the landscape. By my last visit in 2006, before war broke out again, red and white towers with their large transponders stood out in sharp contrast to the flat plains and colours of the landscape. At the time, surveys conducted in the region suggested that the customers in the area generated some of the highest revenue for the mobile companies, spending around 12% of their monthly income on telecommunications. In early 2007, the State telecoms provider blocked telephony and data services over its network, despite the fact that upon inquiry, the Telecommunications Regulatory Commission (TRC) was unaware of any directive to this effect. On all these documented occasions, it was possibly the Ministry of Defence that ordered the disruption. The companies simply carried out extra-legal orders, knowing they had the backing of the State. Well before the Snowden revelations, throughout the final stages of the war and even for years after 2009, pervasive and invasive electronic surveillance on specific individuals, institutions and geographic areas continued without any judicial or Parliamentary oversight. A few of us raised concerns, wrote to media and issued press releases. We were either perceived to be helping the LTTE and shouted at, or more politely, just ignored. The pursuit of tackling terrorism required the suspension of civil liberties. The private sector in Sri Lanka were more than willing to go along with the government’s arbitrary orders so long as they saw a return of investment in the long-term and retained a foothold in key markets, including government tenders.
Sri Lanka’s smart patriots also supported another dumb idea – citizens.lk, with technology and support at the time from the private sector. The website, which miraculously still partly survives as a testimony to the Orwellian conditions we were all subject to, is almost a parody of itself. On the homepage, the privacy of the data submitted to the website is guaranteed by none other than the Ministry of Defence itself, which is akin to entrusting the crocodile that’s about to eat you with the safekeeping of one’s wallet. At the peak of operations, Gotabaya Rajapaksa even had a bus that went around generating registrations on this site. No judicial review. No Parliamentary debate or approval. No information around what the data was used for, by whom, over what time and for what purposes. Without a hint of irony, a leading Sunday newspaper in 2012, reporting on the registrations to the site, noted that “professional and polite police officers manning state-of-the-art mobile registration units keep tabs on who you are and what you’re up to”.
A new report by David Kaye, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression will not be read by the majority of Sri Lankans. It is however a vital report for study, in that it robustly examines the role and relevance of private corporations in securing the freedom of expression. This matters, even if you are not on or a fan of social media. Emails, text messages and even voice calls now entirely rely on the same infrastructure as that which millions of others use to surf the web, check their Facebook profiles and upload photos to Instagram. Private corporations like telecoms providers have an incredible wealth of data around their customers and those they interact with. This is called meta-data – information around what you do, and who you are in touch with. This data alone, over time, can reveal travel patterns, spending and reading habits, religious, sexual and political preferences, plus details around networks of friends and contacts. Concerns around surveillance in Sri Lanka persist even under yahapalanaya. The decisions around the significant investments considered by the State to covertly conduct surveillance operations remains in the dark. All telecoms companies were partial to the edicts of the Ministry of Defence. The UN Special Rapporteur calls them out on this and suggests corporations that don’t act to protect the rights of customers are in effect, supporting violations of human rights by way of omission. Under the Rajapaksas, the uncritical, supine and adulatory support of and association with the government suggested something much darker – that for profit, gain or preferential access, corporations would willingly hand over customer data, disrupt services, conduct surveillance operations outsourced to them, provide technical assistance around covert monitoring operations and look closely at all traffic on their networks to lock into communications within certain networks, deemed inconvenient. In fact, the Special Rapporteur’s report notes a global trend around the use of technology to undermine rights and indiscriminately surveil populations. Sadly, even under the Sirisena-Wickremesinghe administration, clientalism and favouritism trumps privacy, adherence to judicial norms and international human rights and other legal obligations of companies. What this means is that if you own a telephone or any device that regularly connects to the internet and is used to communicate with others, your telecoms company can use it to find details of your private life without any oversight or consent and pass on this information to the government.
Ten years ago, those most affected by the disruption of telecoms services were out of sight, and largely out of mind. They were not us, they were far away, and frankly, who knew who was and wasn’t a terrorist? The excuses to justify surveillance and the blanket disruption of communications were many, and all anchored to terrorism or national security considerations. Today we complain vociferously around connectivity that fails to match up to advertised speeds, poor cell reception and coverage or the high taxes on data. It is however still rare to find companies being held accountable for what they do with the data on customers they collect, often for what’s called ‘business intelligence’ – the way a company can leverage its customer base to generate more profit. Business intelligence platforms though are often turnkey surveillance investments, and telecoms companies in Sri Lanka have an atrocious track record of securing rights, especially those of the most vulnerable. The UN makes it very clear – companies have a duty of care towards customers, and moreover, legal obligations, when dealing with governments and their requests.
The risk of focussing on digital issues is that it remains a domain of great mystery and little importance, especially for an older, less web-savvy generation. What’s often forgotten is that the laws that govern interactions over the Internet have an immediate, deep and enduring impact on everyone. It impacts how and what we say to each other. It impacts how we seek to change a government. It impacts how we seek to release information into the public domain about wrongdoing and corruption. It impacts our work, travel, relationships and legacy. Even under yahapalanaya, there is a clear interest in maintaining the structures of surveillance in a country that is post-war, but not post-fear. This must be resisted. Arguably, private corporations like telcos may also need customers to help them fight intrusive, extra-legal requests for information. This isn’t about aiding or abetting terrorism or undermining national security. Mass surveillance is incontestably incompatible with the good life promised under the present government. It is not just the State that needs to be reminded of this. All telecoms and internet service providers also do.
First published in The Sunday Island, 19 June 2016