The Sri Lanka Model: The Impact of Civil Advocacy on Tech Policy

In his seminal work on dissecting the shortcomings of tech-centric development projects, the computer scientist Kentaro Toyama outlines a framework of how stakeholders in any capacity should view technology. According to his “Law of Amplification,” technology’s primary effect is in amplifying the status quo – making the good greater, and the bad worse. While this perspective was initially established as a critique of technological determinism and utopianism, it appropriately extends to how policymakers, particularly those in the Global Majority, need to think about the regulation of data privacy, content moderation, and social media.

By understanding how contextual social problems arise as a result of widening disparities caused by phenomena such as economic inequality, religious nationalism, political corruption, gender-based violence, ethnic conflicts, and racial and caste discrimination, communities can mobilize civil society, journalists, lawyers, and other grassroots activists to distinguish factors of social exclusion to be mitigated and social inclusion to be amplified by pervasive technology. The utilization of this mentality in tech policy can be seen most explicitly in the case of Sri Lanka.

On September 18th, 2023 the national government of Sri Lanka published a bill that outlined a series of measures aimed at targeting rampant disinformation and harassment on social media. This proposed law is called the Online Safety Bill – the same title the UK gave its landmark legislation. While the corresponding Sri Lankan initiative appears to include necessary protections for disinformation and incitements to violence, it is packaged with dangerous stipulations that purportedly defend against national security threats and distress.

The first major red flag is in how loosely terms like “national security threats” and “distress” are used within the confines of the bill. These terms are employed throughout with no legal precedent and without context, leaving the execution of these provisions to the interpretations of an Online Safety Commission, a uniform regulatory body to be established as part of the bill itself to oversee its implementation. The creation of this type of oversight was another big red flag: because the commission was to be composed solely of individuals appointed by the President, the Sri Lankan government would be in charge of deciding what constitutes “national security.” This means that if any content online is perceived as controversial to a governing body with a history of intolerance to public criticism, it can be taken down irrevocably. The Commission, which would also have investigative powers, could determine other penalties if a perceived offense is committed, giving the executive branch direct influence over “due process.”

In addition to widespread scrutiny from civil society, the Asia Internet Coalition (AIC), representing the perspective of Big Tech companies like Meta and Google, decried the bill as a direct infringement of freedom of expression. Ironically, part of the frustration felt by the government was in how precarious their communication with these tech companies has been. But even though Big Tech may not be directly responsible for the passage of human rights-infringing legislation, tech companies are complicit in reinforcing a cycle of colonial detachment from the realities of formerly colonized countries with largely economically disenfranchised populations. Their negligence and the policy response to it ultimately results in the widening of existing disparities in class, gender, religion, and caste, especially because these platforms are so deeply entrenched in these countries. Militant nationalists and authoritarian strongmen exploit these disparities to violent ends, culminating a cycle of profit prioritization and extrapolation of populism.

This was best evidenced in early 2022, when an international policy think tank in Sri Lanka called Factum drafted and launched a Code of Practice for Online Safety in conjunction with the AIC that collated perspectives and insights from across the country and inclusive of civil society, journalists, and lawyers. Similar to self-regulatory mechanisms published by the European Union, this Code aims to hold Big Tech accountable through public-facing compliance to a shared commitment to improve content moderation response and compliance. Through islandwide consultations with a vast group of stakeholders and several rounds of amendments to reflect the concerns from those consultations, the Code was refined to accommodate the lived experiences and struggles of the grassroots populace.

Two of the key issues raised were on Technology-Facilitated Gender-Based Violence (TFGBV), and the lack of proactive response from platforms to complaints made and inaccuracies in content moderation for content in local languages. In the case of TFGBV, the group that created the Code was steadfast on the inclusion of online sexual exploitation and abuse as a material consideration to be tackled by tech companies, even in the face of some pushback. Inadequate regulation in countries like Sri Lanka has been a persistent issue, and it boils down to the continued lack of investment and transparency around moderation by tech firms for smaller, non-English speaking markets. After delays in signing onto the Code by tech companies, the Code was tabled and the controversial Online Safety Bill was pushed forward.

As of now, about 50 petitions from across every sector have been filed with the Supreme Court of Sri Lanka to protest against the passage of the Online Safety Bill in its current state. After two weeks of public opposition, the Attorney General announced that the Bill would undergo modifications through 31 amendments, making it one of the most contested pieces of legislation in Sri Lankan Supreme Court history. While this development is reason for some optimism, there is still political pressure for the architects of the Bill to pass it as quickly as possible with limited consultation (which has yet to materialize). This should factor in when we think of the necessity of the Bill as well as the contents versus the alleged purpose of "online safety." When proponents and longtime advocates for online safety are this intensely against the Bill, we must consider why.

One of the most neglected concerns in the Bill, and in most digital rights legislation in general, is the strengthening of existing institutions to deal with online harms. The Sri Lanka Online Safety Bill may indeed pose a threat to tech companies, requiring them to comply with cumbersome new regulations. But, as the Law of Amplification states, what is truly concerning is how Sri Lanka’s status quo – economic instability, public distrust in authorities, a history of weaponization of laws related to expression – will be amplified through the Bill and its ambiguous terms like “national security” and “distress.” Tech giants may simply exit the small market and continue avoiding compliance; but the cost for Sri Lankans is a vital space of civic discourse and dissent.

But throughout Sri Lanka's history, a resilient population has always managed to navigate oppressive instruments honed to stifle expression. Perhaps what is needed now is a strategic and collaborative effort to hold this new Bill to account to ensure it performs its functions free of corrupt political influence.