Effects of privatisation of SLT on national security: A citizen’s perspective

by Nimal Gunatilleke
nimsavg@gmail.com

The report of the Parliamentary Sectoral Oversight Committee (PSOC) on National Security, titled, ‘The Effects of Privatisation of Sri Lanka Telecom on National Security’ was presented to the Parliament on 09 June by its Chairman Sarath Weerasekera, MP. It was almost immediately countered by the government by issuing a statement by the Presidential Media Division that the policy decision taken pertaining to the privatisation of Sri Lanka Telecom (SLT) will not compromise national security.

However, the PSOC report has opposed the privatisation of Sri Lanka Telecom PLC as matters sensitive to national security could be compromised if SLT is further privatised. Sri Lanka Telecom – the national information and communications technology solution provider and the leading broadband and backbone infrastructure services provider in the country – is already partially privatised with international companies holding 44.98% of the stake and the government holding 49.5%. The PSOC opined that further privatisation would expose the country’s critical communication infrastructure/sensitive information to private entities whose profit-oriented interests could compromise national security.

The PSOC report warns inter alia that the government must ensure that non-state actors do not have easy access to vital information that can be detrimental to national security. National security, it reports that is not merely the protection against military attacks, but it involves non-military dimensions such as economic security, energy security, food security, etc., and most importantly cyber security, which in turn, could affect our sovereignty. It further states that cybersecurity has become an indispensable component of national security crucial to prevent unauthorized access, data breaches, and disruptions in communications. As an example, the PSOC report quotes the LTTE international network under its “Tamil Eelam Cyber Force” which has already launched multiple attacks on Sri Lankan cyberspace. Several Sri Lankan government websites including its Ministry of Health website, foreign employment and Public Administration websites, and the Sri Lanka Embassy website in China have been hacked in the recent past by the ‘Tamil Eelam Cyber Force’ with their own admission to it while displaying on their website the much-publicized motto – We Never Forget! We Never Forgive! (Tamil Eelam Cyber Force@CyberEelam; https://twitter.com/CyberEelam ).

The PSOC report recommends, as a compromise, that while retaining or buying back segments of the SLT affecting national security, the remainder can be divested through Private Public Partnership ensuring critical infrastructure is protected and all government regulations are strictly adhered to. This would enable the government to ensure national security and exit if necessary. It further says that anyone/organisation with any involvement with extremists in any form should not be allowed to buy any share or have any control over our national assets.

The response of the President’s Media Division to this PSOC report was that it lacks a logical or scientific data analysis pertaining to the subject of national security. The PMD further states that in order to address the deficiencies, it is necessary to examine the operation and regulation of information and communication technology service providers in Sri Lanka, analyse financial data related to the sector, understand Sri Lanka’s national ambitions in this field, assess the available capital capacity, and conduct a comprehensive study of global trends.

The former Director General of the Telecommunications Regulatory Authority of Sri Lanka (TRASL) Professor Rohan Samarajeewa too, opined that the privatisation of SLT does not pose a threat to national security. He has suggested that privatisation with appropriate controls allows for investment and urged authorities to consider their recommendations seriously. He claimed that government communications are mostly done on popular global search engines (like Google-Gmail). Prof. Samarajeeva argued that privatisation does not mean government data is being compromised since data centres in Sri Lanka, including those of the telecom company and Dialog, are rented to store government data. According to Prof Samarajiva, one way to address national security concerns is to ensure the stringent functioning of SLT’s management. As an example, he suggests that with regard to data records, special safeguards can be put in place in addition to safeguards provided by the new Data Protection Act. This has also been referred to in the PMD response.

With respect to global trends in communication technology vis a-vis cybersecurity referred to in the PMD response, there is a wide range of opinions and news reports appearing on the web, which need to be carefully analyzed in order to benefit from them to safeguard our national interests.

Global Trends in the communication technology trade war:

In recent years, more advanced digital communication technologies have taken over the use of popular search engines like Google-Gmail. Some examples are instant messaging (IM), voice-over-Internet Protocol (VoIP) services like Whatsapp, social networking services like Facebook, YouTube, and Twitter, and Video conferencing apps like Zoom, etc. with Artificial Intelligence technology inputs. These have revolutionised the marketplace requiring frequent cyber security upgrades to be in place, especially with the emergence of the next-generation mobile communications technology – the fifth-generation (or 5G).

At the global scale, as any layman of the subject like myself would understand it, there is currently intense warfare going on in cyberspace, with the potential of the 5G technology being exploited for spying and also to sabotage communication on critical public utility infrastructure – everything from electric power, and water supply to sewage disposal, communication networks, and key financial centers thus compromising national security. This configuration of 5G networks means that there are many more points of entry for a hostile power or group to conduct cyber warfare against the critical infrastructure of a target nation or community. It is claimed that in the future, cyber espionage could replace ‘bullets and bombs’ through ‘bits and bytes’ bolstering cyber-attack capabilities on national security priorities. Spy agencies can readily tap into the undersea communication cables landing on one’s territory. Intelligence agencies the world over consider these submarine cables as ‘a surveillance gold mine’ with the attendant potential risk of eavesdropping and/or cyberattacks.

The undersea cables appear to be central to the US-China technology competition with spilling-over effects on other nations, as well. According to TeleGeography, a Washington-based telecommunications research firm, there are more than 400 active cables running along the seafloor across the globe, carrying over 95% of all international internet traffic. More than US$ 10 trillion worth of financial transactions is claimed to be transmitted via these cables every day, according to teleGeography estimates. These data conduits, which transmit everything from emails and banking transactions to military secrets, are vulnerable to sabotage attacks and espionage.

As a result, a cyber-technology-related proxy war between major superpower camps is emerging at a rapid pace. It could eventually determine who achieves economic and military dominance for decades to come, making references to their respective national security, at a time of war. According to a Reuters report (by Joe Brock) dated March 24, 2023, a successful US government campaign has helped the American subsea cable company Subcom LLC beat China’s HMN Tech to win a US$ 600 million contract to build the underwater cable system known as Southeast Asia-Middle East-Western Europe 6 (SeaMeWe6) connecting Singapore to France via India and Sri Lanka, the Middle East, and the Mediterranean countries.

Reuters reports that the US has also apparently worked to pressurise third parties, forcing the World Bank to scrap plans to connect up Pacific island nations to prevent a Chinese company from getting the contract in 2021, and then working to stop a vast, 19,000 km-long connection running from East Asia to India (and Sri Lanka), the Middle East, and Mediterranean countries from being built using HMN Tech cable. It goes on further to say that the US ambassadors in at least six of these en route countries including Singapore, Bangladesh, and Sri Lanka have written to local telecom carriers suggesting that picking SubCom is “an important opportunity to enhance commercial and security cooperation with the United States” or face US sanctions, otherwise. In addition, they have apparently offered the usual carrot as a reward (complementing the above-reported sticks of coercion) such as training grants to several countries en route to the cable network. Sri Lanka Telecom has apparently received US$ 600,000 for this purpose, according to the same Reuters report.

The PSOC report has correctly recognized that the SLT must ensure adequate countermeasures for above mentioned cyber-attacks such as firewalls, electronic surveillance, access control devices, etc. It further recounts the following: The private companies may not commit sufficient funds to ensure the above as national security is not their priority. Hence privatization would increase vulnerability to cyber threats. Private companies have a legal obligation to maximize profits for their shareholders and as such, will not always operate in the public interest. The public may have limited or no oversight over the operations of a private company and consequently making it difficult to hold them accountable for any wrongdoing.

Although the immediate response of the President’s Media Division to this PSOC report was that it lacks a logical or scientific data analysis pertaining to the subject of national security, our reading of the report is somewhat different from that of the PMD, especially considering the sensitivities and vulnerabilities associated with rapidly evolving global communication technology.

According to local media reports, one of several purposes of the controversial visit early this year by the 20-member US defence delegation includes access to submarine telecommunications cables and data, for which the US is apparently willing to provide prior intelligence on terrorist attacks in Sri Lanka.

Sri Lanka is evidently caught between the devil and the deep blue sea for being located in a geostrategic position abundantly endowed with strategically important natural resources. While being at the center of the Indian Ocean Sea Lanes of Communication (SLOC) with extensive ocean and land-based mineral resources, including premium grade graphite and rare earth elements, some political analysts are of the view that Sri Lanka suffers from a ‘Paradox of Plenty’ or perhaps, a geostrategic ‘Resource Curse’. This phenomenon often afflicts countries blessed with abundant natural resources, like Sri Lanka.

Despite being endowed with this politico-geostrategic wealth, the Sri Lanka Government is still up against tough bargaining with the IMF on its current debt restructuring process. A strong case needs to be presented by the Government in one voice resisting the privatization of profit-making institutions, especially those vitally important for national security, as correctly identified in the PSOC report on ‘The Effects of Privatization of Sri Lanka Telecom on National Security’.

It is heartening to learn that the government has taken a step backward towards delaying its formal endorsement of the plan to further privatize the SLT while seeking expert views in the meantime. In the interim, upgrading the laws such as the Computer Crime Act, Electronic Transaction Act, Right to Information Act, Banking Act, Telecommunication Act, Intellectual Property Act, and Data Protection Act, is also necessary to plug any glaring loopholes in the cybersecurity frontier to safeguard national security against emerging cyber threats referred to above.