Legal Reforms for Information and Communication Technologies

Legal Reforms for Information and Communication Technologies

The advancement in Information and Communications Technology (ICT) infrastructure has resulted in an unprecedented level of worldwide communication and information sharing and today we are witnessing the steady growth of information based commerce, thus creating a new era of globalization.

Jayantha Fernando

Information Technology


As Thomas Friedman points out, the new era of Globalization “is not just a phenomenon and not just a passing trend. It is the international system that replaced the Cold War system. Globalization is the integration of capital, technology and information across national borders, in a way that is creating a single global market and, to some degree, a global village”.2

The new developments in Information and Communication Technologies have significantly affected the traditional legal concepts and brought about the necessity for the review and the reform of the law receptive to modern electronic dimensions. The role of the law is to recognise, regulate human conduct and to enforce such regulation. The traditional law recognised and regulated the manual and mechanical aspects of human conduct and enforced such regulations and they are no longer valid or appropriate in the modern context. Some of the key areas where reform ought to be considered are enumerated below.


Intellectual Property Rights in Information Technology based products have grown rapidly in importance even in Sri Lanka. Although the Code of Intellectual Property Act of 1979 (which was inspired and based on the WIPO model and incorporated internationally recognised principles) does not expressly contain provisions to

This article is awarded the Gold Medal in the category of Information Technology in the Millennium Legal Writing Competition for Juniors conducted by the Bar Association Law Journal with the assistance of the Legal and Judicial Reforms Project of the

Ministry of Justice.

protect Computer Software, Section 7 of the Code protects original literary, artistic and scientific works. There are several decisions of Commonwealth countries which have held that Computer Programs are protectable as literary works3. These decisions could have persuasive value in Sri Lankan Courts, which are often guided by the decisions of Courts from countries in the British Commonwealth. Traditionally, in almost all commonwealth jurisdictions, Computer Software whether it be programs, databases, Computer files, preparatory design materiel and all associated printed documentation are all protected under the Copyright Law.

The obligations placed on Sri Lanka under the TRIPS Convention required Sri Lanka to update the Code of Intellectual Property to meet the minimum requirements placed by the Convention. Thus, the IPR Reform Commission was re-established in 1998. It is expected that the series of amendments suggested by the Commission will result in the introduction of several new internationally recognised concepts, rectify ambiguities created by decisions of Courts and incorporate minimum obligations imposed by the TRIPS Agreement.

2.1.1 IPR Reforms receptive to Information Technology

On the 9th of June, 2000 an Amendment to the Code of Intellectual Property was placed before Parliament. The effect of the Amendment (which now has legal effect-Act No. 40 of 2000) is the inclusion of Computer Programs as a protected work within the ambit of literary, scientific and artistic works under Section 7(2) of the Code of Intellectual Property. In addition, the words “Computer” and “Computer Program” have been defined in accordance with the Model Provisions for

the protection of Computer Software prepared by WIPO. Thus, Sri Lanka has complied with Article 10 (1) of the TRIPS Agreement4 requiring countries to provide adequate and meaningful protection to intellectual property rights in Computer Software. It is expected that further amendments proposed by the Commission would contain provisions governing the reproduction and the adaptation of the Computer program by the lawful owner, with a proviso that the copy or adaptation is used for archival or replacement purposes and for the purposes for which it was originally obtained.

However, in the future, attention may have to be given to Article 4 of the WIPO Copyright Treaty (1996), which provides for the protection of computer Programs “… whatever may be the mode or form of their expression”, although very few countries have ratified the treaties.

2.1.2 Effect of the WIPO “Internet Treaties”(1996)

In December 1996 two new treaties were concluded by the WIPO

The WCT strengthens the existing protection given to literary and artistic works such as books, computer programs, music, photography, paintings, sculptures and films which enables their creators to control certain uses of their works. The WPPT strengthens the existing law of Related Rights which protects those involved in presenting works to the public, such as producers of phonograms and sound recordings.

Both treaties require countries to provide a framework of basic rights, allowing creators to control and/ or be compensated for the various ways in which their creations are used and enjoyed by others. More importantly the treaties ensure that the creators and/ or the owners of those rights will be adequately and effectively protected when their works are disseminated through new technologies and communication systems such as the Internet. Thus, the treaties clarify: (a) that the traditional right of reproduction continues to apply in the digital environment, including the storage of materiel in the digital form in an electronic medium, and (b) that the owners of rights can control the manner in which their creations are made available online to individual consumers at a time and place chosen by the consumer, eg., at home via the Internet5. It is in the aforesaid context that Article 4 of the WCT, provides for the protection of computer Programs “… whatever may be the mode or form of their expression”.

According to a release published by WIPO6 “The two treaties also break new ground by requiring countries to provide not only the rights themselves, but also two

types of technological adjuncts to the rights. They are intended to ensure that right-holders can effectively use technology to protect their rights and to license their works online. The 1st method, know as the “anti-circumvention” provision, tackles the problem of hacking, requiring countries to provide adequate legal protection and effective remedies against those persons circumventing technological measures used by right-holders to protect their rights (eg- by using encryption technology) when their creations are disseminated on the Internet”. The 2nd adjunct safeguards the reliability and integrity of the online marketplace by requiring countries to prohibit the deliberate alteration or deletion of electronic “rights management information”: that is, information which accompanies any protected materiel available on-line, which identifies the work, its creator, performer, or owner, and the terms and conditions for its use.

Another salient feature of the Treaties is that they contain provisions enabling countries to have reasonable flexibility in establishing exceptions or limitations to rights in the digital environment. Countries are permitted, in appropriate circumstances, to grant exceptions for usage deemed to be in the public interest, such as non-profit educational purposes and research. This is to ensure a fair balance of interest between the owners of rights and the consuming public.

Any future law reform initiative should take note of their contents in order to ensure that Sri Lanka is not left behind in the new global economy.

3.0 Electronic Commerce

The advent of e-commerce and the use of the digital medium as an alternative to physical transactions, have created some novel legal issues where there are no clear answers. For communication and transactions occurring over a faceless network, there is a need for reliable methods to authenticate a person’s identity and to ensure the integrity of the electronically transmitted documents7.

Statistics have shown that traffic on the Internet doubles every 100 days and predictions are that business-to-business Electronic Commerce (E-commerce) transactions would reach USD 3 Trillion by the year 2003. Several Sri Lankan Companies have established sites and “portals” to facilitate internet trading (eg and ). Several jurisdictions (including India- IT Act of June 2000) have realised the potential of e-commerce and introduced suitable Legislative framework to facilitate all forms of Electronic transactions.

One of the foremost Legal issues concerning E-commerce is whether a contract could be validly concluded when all dealings between the contracting parties are carried out using some form of electronic

communication. Some contracts may be concluded verbally and sometimes may even arise by implications from the conduct of the parties. In these situations disputes may arise as to what was agreed between the parties and it may be necessary to establish the authenticity and accuracy (or integrity) of electronic messages. In several jurisdictions, including Sri Lanka, statutory provisions impose barriers to electronic forms of contracting, especially with regard to enforceability, by requiring that contracts be in writing and signed by the parties to the contract8.

For instance the Sri Lankan Prevention Frauds Ordinance of 1840 provides that “No promise, contract, bargain or agreement, unless it be in writing and signed by the party making the same, or by some person thereto lawfully authorized by him or her, shall be of force or avail in Law …” for any of the purposes stipulated therein.9 Unlike the interpretation provisions of several jurisdictions, which defines “writing”10, the Sri Lankan Interpretation Ordinance, does not have a definition for “writing”. However the Ordinance contains a definition for “sign”, which cannot be used in the contemporary context. Similar constraints exist in several other statues”

3.1. Electronic Signatures

Electronic Signatures12 provides a mechanism to reliably and securely prove the origin, receipt and integrity of information, to identify the parties involved and to associate those parties with the contents of the communication transacted over the electronic media. Achieving these goals will enable parties involved in electronic commercial transactions to assess any associated risk, such as whether there is a likelihood of the transaction being able to be successfully completed, whether it can be repudiated or challenged, and whether the recipient will have legal recourse in such circumstances irrespective of the location of the parties13. Electronic Signature technologies ensure security and certainty to electronic commerce. The most common and time-tested technology is the Digital Signature14.

Many jurisdictions overseas have enacted or drafted legislation to facilitate the use of Electronic Signatures. At present the law in Sri Lanka does not recognise any form of Electronic Signatures which can perform the functions of a handwritten signature.

3.1.2 Certification Authorities

In an electronic commercial transaction where Digital Signature technology is used (see Note 12), the recipient of the message has to have access to the signer’s public key in order to verify the identity of the signer and the integrity of the message. The recipient must also have assurance that the signer’s public key corresponds to the private key. Since a public and private key pair has

no intrinsic association with a particular individual, being simply a pair of numbers, an additional mechanism is needed to securely and reliably associate a particular person or entity to a particular key pair. This is done through the use of Trusted Third Parties (TTP) or Certification Authorities.

Binding the identity of a particular entity to a particular key-pair is one of the core functions of a Certification Authority (CA). This prevents parties from either denying or repudiating contractual commitments. A Certification Authority (CA) could either be a public or a private body and performs the aforesaid functions by issuing Digital Certificates that verifies the authenticity and identity of the Signatory to a document. Additionally, certificates could attest to attributes of a person other than identity, which might include, for example, their authority to act on behalf of a corporate entity in a particular transaction. Thus, with improved technology and with increase in usage CA’s could ensure reliability and accuracy of information transmitted through electronic media and would help overcome the evidentiary barriers to such transactions15.

Many Jurisdictions16 have concluded that it is necessary to licence certification authorities. In some of them licencing is voluntary although there are statutory granted advantages to the use of a certificate issued by a Licenced CA. Such statutes provide that digitally signed messages, assuming that they are verified by a certificate issued by a licenced CA, will be treated as self-authenticating documents i.e that there will be a legal presumption that the person whose name is associated with the signature is, in fact, the person who signed the document17.

Issues relating to identification procedures, levels and types of certificates, limitations on certificates and a host of other related matters are matters of considerable debate internationally.

3.1.3 Proof of Electronic Commercial Transactions

Another area of the law where difficulties will arise is in relation to the use of electronic documents as Evidence. The Law of Evidence in Sri Lanka, which is governed by the Evidence Ordinance of 1895, regulates the admissibility and reception of information in Legal proceedings. In terms of this Law only oral or documentary evidence is admissible. The preferred medium of evidence is direct Oral Evidence and original documents. A copy, duplicate or reproduction of the original document is regarded as secondary evidence. Computer Evidence is not admissible under the Evidence Ordinance.

In terms of Section 67 of the Sri Lankan Evidence Ordinance proof of signature and handwriting of a person alleged to have signed or written a document is required. It was held in Robins vs Grogan that “a

document cannot be used in evidence until its genuineness has been either admitted or established by proof which should be given before the document is accepted by the Court. Where there has been no admission as to the execution of a document which has been produced, it becomes necessary to prove the handwriting”18. Therefore, Section 67 has the effect of requiring proof of signature by reference only to handwritten signatures.

The Evidence (Special Provisions) Act of 1995 is the

only law in Sri Lanka that deal specifically with electronic dimensions of modern human activity and provides for

(a) the admissibility of information produced by computers and

(b) facts recorded by other electronic devices.

The law also provides for presumptions and procedures facilitating the efficient handling of admissible information whilst enabling the opposing party to challenge and inspect the information sought to be produced under the said Act. The Special Provisions Act, does not provide for the admissibility of man made documents transacted through the Electronic medium or human representations made through the electronic medium. Therefore it could be argued that the law of evidence in Sri Lanka-does not contain provisions to facilitate E-commerce19.

Further, the law of evidence in Sri Lanka still maintains the requirement that original documents should be accompanied by the testimony of the maker of the document in order to overcome the hearsay restrictions. Copies, duplicates and reproductions of the original are considered to be secondary and are admissible subject to several restrictions. The Hearsay rule was abolished in the UK in Civil Proceedings by the Civil Evidence Act of 1995. The various restrictions to the admissibility of evidence by insistence on the original when available, the primary and secondary evidence rules have been done away with or applied in very limited circumstances. The emphasis in many Jurisdictions are now shifting towards reliability and accuracy of the information rather than the admissibility of information20.

3.1.4 Legal Reform to facilitate Electronic Transactions

When considering the issues described above as well as statutory provisions which are barriers to E-Commerce in Sri Lanka, there is an imperative requirement for suitable Legal framework to facilitate electronic transactions in Sri Lanka. The requirement for such legislation arises from the same concerns that have made legislation a necessity in other countries.

The question required to be answered justifying the requirement to have Laws to facilitate Electronic Transactions is: How far down the road will it take us?

Can the various types of legislation move e-commerce in the right direction, or might they cause unintended detours? Should we simply wait for disputes to arise and leave it to judges to transform the legal landscape? Do the laws that work remarkably well and provide predictability in the traditional, paper-based commercial world translate line for line and serve as adequate mile markers for companies blazing trails to more efficient commerce on the new electronic frontier? Given the explosion of e-commerce activity, is legislation even necessary, or are there inherent limits to the growth of e-commerce that legislation could help to overcome?

Legislation can, and perhaps should, be designed and enacted to accomplish two goals: (1) to remove barriers (actual and perceived) to e-commerce, and (2) to enable and promote the desirable public policy goal of e-commerce by helping to establish “trust” and “predictability needed by parties doing business online. These two goals might be best accomplished by enacting legislation that preserves freedom of contract while recognizing that, because parties don’t always resolve all issues by prior contractual agreement, limited default rules should apply when such unresolved issues do arise.

A Quick glance at the electronic signature legislation currently enacted or under consideration reveals that legislation ranges from a minimalist approach that simply authorizes the use of electronic signatures in very limited circumstances, to legislation that establishes some evidentiary presumptions and default provisions that parties can contract out of, to a very formal and highly regulatory approach governing the manner in which digital signatures may be used and certification authorities may operate21.

Whilst it is essential to provide legislation providing technology neutrality so that one technology will not be given preference over another, we must be careful as we draft electronic signature legislation not to let neutrality become an excuse to avoid addressing legitimate new issues raised by a unique technology, or worse, use neutrality as a means to discriminate against the development of those technologies which may be seen as facilitating secure e-commerce.

The UNCITRAL Model Law on E-commerce

Initiatives calling upon Governments to remove Legal Barriers to Electronic Commerce was the feature of the work of UNCITRAL with the adoption of the Model Law on E-commerce in 1996. The UNCITRAL Model Law establishes rules that validate and recognise contracts formed through electronic means, sets default rules for contract formation and governance of electronic contract performance, defines the characteristics of a valid electronic writing and an original document, provides for the recognition of electronic signatures for legal and commercial purposes, and supports the

admission of computer evidence in courts and arbitration proceedings22.

The text was settled by UNCITRAL as a Model Law, rather than as a treaty or convention, in order to provide a template for national legislatures and serve as a guide for individuals using electronic commerce in drafting contracts to overcome any legal difficulties presented by electronic commerce.

Article 7 of the UNCITRAL Model Law on E-commerce, concentrates upon two functions of a signature: the identity of a person and their approval of the content of the data message. Article 7 goes on to discuss the method by which these functions may be achieved. While it does not define what method would satisfy these requirements, it states that the method should be as reliable as appropriate for the purpose for which the message was generated or communicated, in the light of all relevant circumstances, including any relevant agreement.

Work has also been undertaken by UNCITRAL to provide for a Uniform Electronic Signature Regime which would satisfy electronic signature requirements across jurisdictions. The Report of the Working Group is expected to be finalised by the end of year 2000.

4.0 Conclusion

In the aforesaid circumstances, it is essential to introduces Statutory Provisions in Sri Lanka that will facilitate electronic transactions. Such a Legislative framework should recognise that information generated, stored or communicated in an electronic form is acceptable as authentic for all purposes as provided for in the UNCITRAL Model Law on E-Commerce. Further, legislation should also recognise a technical method (preferably technology neutral) that will enable parties to identify themselves with the communication / information which is stored or communicated other than in the traditional signature form (i.e by placing an Electronic Signature).

Sri Lanka also needs to be aware of international trends and developments in relation to electronic signature legislation before considering an appropriate framework for E-commerce. Since the use of these authentication methods will relate to both domestic and international transactions, without this awareness, Sri Lanka could find itself creating an unnecessary impediment to electronic commerce by introducing commercially restrictive or unworkable legislation or legislation which adopts a radically different approach to that taken in other jurisdictions23.

Therefore until the laws and procedures in Sri Lanka are streamlined to meet the challenges posed by E-commerce, it may not be feasible to take disputes of small value to Courts of Law for determination. It is important to note that Commerce and Business does

not wait for the establishment of a Legal Infrastructure to resolve disputes through the judicial system. Current estimates are that 95% of the Electronic Transactions are concluded without any dispute or any dissatisfaction. In a minority of cases where disputes do arise, it is recommended that such disputes be referred to Alternate Dispute Resolution (ADR) mechanisms such as Expert determination, Mediation and Arbitration. In fact most trade related disputes are resolved in this manner.


2 The Lexus and the Olive Tree by Thomas Freed man 1999-

1 st Edition – cover page

3 Autodesk Inc. vs Dyason [1992] RPC 575

vs Richards [1983] F S R 73.

4 Requires that Computer Programs be protected as literary and artistic works

5 Source – WIPO

6 The WIPO Internet Treaties – WIPO

7 E-Commerce, Electronic Signatures & Certification Authorities

– Jayantha Fernando BASL Journal [1999] Vol VIII Part I Page 77 8 ibid

9 Section 18

10 Eg – Singapore Interpretations Act

11 Eg – See section 4 of the Sale of Goods Ordinance & Section 3(1) of the Bills of Exchange Ordinance

12 “Electronic signature” is a generic, technology-neutral term that refers to the universe of all of the various methods by which one can “sign” an electronic record. Although all electronic signatures are represented digitally (i.e., as a series of ones and zeroes), they can take many forms and can be created by many different technologies. Examples of electronic signatures include: a name typed at the end of an e-mail message by the sender

13 Electronic Signature Technology – Report of the E-commerce Expert Group (Australia)

14 A digital signature can be defined to mean a transformation of a record using an asymmetric crypto system and a hash function so that a person having the initial message and the signer’s public key can accurately determine (a) whether the transformation was created using the private key that corresponds to the signer’s public key

digitally signed using a private key only a person with access to the public key can decipher or verify the signature. The private key will not decipher or verify the digital signature. Although the keys of the pair are mathematically related, if the asymmetric crypto system has been designed and implemented securely it is virtually unfeasible to derive the private key from knowledge of the public key. So, although many people may know the public key of a given signer and use it to verify the signer’s signatures, they cannot discover the signer’s private key and use it to forge digital signatures. The mathematics involved ensure that the probability of two persons having the same key pair or two messages having the same hash is low enough for both to be considered to be substantially unique – Source -Rivest, Shamir & Addleman “a method for obtaining digital signatures”

15 Ecommerce, Electronic Signatures & Certification Authorities – Jayantha Fernando BASL Journal [1999] Vol VIII Part I

16 Including Singapore, Malaysia, Hong Kong and India

17 Micheal Froomkin-“Essential Role of Trusted third Parties” – 79 Oregan Law Review

18 Per Howard C J, (1942)43 NLR 269, 270

19 E-Commerce, Electronic Signatures & Certification Authorities – Jayantha Fernando BASL Journal [1999] Vol VIII Part I

20 Kolitha Dharmawardene- Effect of the Law of Evidence on E-Commerce – Int’ IT Conference -CINTEC, Oct 1999

21 “Electronic Signature Legislation as a vehicle for advancing E-Commerce” by Ruthhill Bro & T J Smedinghoff- The John Marshall Journal of Computer and IT Law – Vol XVII, No. 3

22 Report by the Expert Group on E-Commerce – Australia

23 E-Commerce, Electronic Signatures & Certification Authorities -jayantha Fernando BASL Journal [1999] Vol VIII Part I