Recently, the Sectoral Oversight Committee (SOC) on National Security stated that it will not recommend the privatization of Sri Lanka Telecom (SLT), citing national security concerns. The committee’s report raises numerous complaints about the potential security risks of divesting the State Owned Enterprise to a private entity. Unfortunately, the report offers little to no specifics and instead relies on general speculation. While the government itself is yet to offer any formative action regarding the supposed security risks to SLT, it’s worth looking at the issues raised in the committee’s assessment.
Your personal data might be exposed
One of the biggest arguments pertains to the risk of personal data exposure that comes with privatizing SLT. The report offers examples like geo-fencing, path tracking, browser data shopping, and remote device shutdown as some of the malicious operations that would be possible with a private operator. The report also points out how VVIPs could be at risk where call records “can be easily extracted from billing systems/network elements and passed to wrong hands.” It also warns of a “high risk of information of important subscribers getting leaked out or snooped out” where voice and data could be passed on to a third party.
The report goes on to state that the privatization of the SLT could hinder the government’s efforts in ensuring “non-state actors do not have easy access to vital information that would affect National Security.” Additionally, it mentions how a cyber attack could cripple services for the average consumer as well as compromise internet infrastructure at the national level owing to the potential leakage of sensitive information.
However, the report fails to offer specifics beyond the general terminology. More importantly, it’s worth noting that none of the cyber security concerns necessarily comes down to private ownership of a telecom operator. Rather, one could argue that a strong regulatory system focusing on security and data privacy would mitigate cyber security risks far more effectively. After all, if a third-party entity could acquire a telecom operator like SLT and compromise Sri Lanka’s internet infrastructure as comprehensively as the SOC claims, it speaks more about Sri Lanka’s digital vulnerability than a malicious private company.
It’s also ironic considering how even under government ownership, tech platforms have been compromised on numerous occasions over the years. Whether it’s the alarming lack of SSL certificates or government sites getting routinely hacked, the country’s track record on the subject doesn’t garner any favors.
A privately-owned SLT could create security risks and break the law
The report also goes out of its way to cast private companies in a villainous role. For instance, the SOC claims that “privatization would increase vulnerability to cyber threats” as these entities wouldn’t commit funding to focus on cyber security. Another concern alleges that a private company could potentially create security risks owing to the fact that these companies may not come with “the same level of accountability and oversight as public entities.” Although if history was any indication, one may actually hope a private entity’s level of accountability and oversight doesn’t match that of the government.
There’s also mention of the adherence to laws such as the Personal Data Protection Act No.09 of 2022 and Right to Information Act No.12 of 2016, Telecommunication Act No.25 of 1991, and others. Interestingly in an attempt to drive a point about national security, the SOC specifically mentions that a privately-owned SLT could simply not comply with the law. While it’s unclear what the actual argument here is, it’s still a bizarre statement to come from a parliamentary body of all institutions.
The SOC goes on to point the finger at the idea that private companies may not fund a telco’s operations in hopes of modernization. However, the committee’s arguments hold little water in a landscape where existing operators already invest millions of dollars every year towards building its infrastructure. In fact, Dialog alone pumped USD 152.4 million to upgrade its own network last year.
The terrorist argument
Another noticeable point about the report repeatedly is that it kept bringing up the war, which is weird even for something about national security concerns over privatizing a state-owned telecom entity. The terrorism argument is something that is constantly being brought up in the political stage in lieu of gaining voting power. The report wasted no time in chronicling the government’s war efforts against the LTTE and how these efforts relied on telecom services. The SOC’s argument is that under the ownership of a private entity, such defense operations could potentially be compromised. In translation, selling off SLT to a private company could open up the enterprise to terrorist attacks in cyberspace.
Furthermore, the report alleges that SLT’s privatization would mean the operator “may not corporate as government-owned telecom” as it did during wartime. On the other hand, Sri Lanka also has a history of government-imposed social media bans during the past few years. Let’s also not forget that last year at the height of the protests, the government reportedly attempted to restrict the internet, only to be thwarted by the telcos themselves. So perhaps it’s worth recommending the government clean its own skeletons in the closet as opposed to playing the “government always has the public’s interest” card.
It happened in the UK
The SOC draws one notable example of how privatizing telecom could pose national security risks in the form of the UK’s decision to privatize telecom. However, it’s worth noting that today, a lot of countries around the world don’t operate state-owned telecom companies. Whether it’s Australia, Germany, or the US, many markets have opted for privatizing the telecom sector over the past few decades.
Incidentally, should the Sri Lankan government cite the UK as its primary case study, it’s also worth exploring how the region is looking to tackle national security concerns in the modern environment. Back in 2019, when allegations against Huawei over Chinese infiltration concerns came into the global conversation, the UK prompted to halt utilizing Huawei’s networking infrastructure. Following its own investigations, the government went on to ban the Chinese operator from its network and stated that Huawei will be removed from its 5G networks by 2027.
Meanwhile, Sri Lanka’s telecom sector including SLT continues to rely on Huawei, particularly with regard to 5G deployment. To date, authorities are yet to raise questions on the matter, much less conduct investigations to address national security concerns. In actuality, the SL government has stated that it sees no national security threat when it comes to Huawei and 5G infrastructure deployment in the country. It would be interesting to see how the SOC on national security would view this in present circumstances.
Much ado about nothing?
Expressing his views on the SOC’s opposition to SLT’s privatization, former Director General of TRCSL and LIRNEasia founder Prof. Rohan Samarajiva calls the report’s claims baseless. He points out that one way to address national security concerns would be to build SLT’s management to operate in a more stringent capacity as well as to ensure adequate resources for investing in backup facilities. With regard to the idea that a private entity could compromise customer data, Prof. Samarajiva states that the Data Protection Act includes provisions that could potentially handle this type of issue, and if needed, additional safeguards could be set up.
Interestingly, it’s not only the former Director General of TRCSL who found the report dismissive. The President’s office itself issued a statement on the lackluster nature of the SOC’s report. As per the President’s Media Division, the government says it believes the report lacks any logical or scientific data analysis on the national security concern issues on privatizing SLT.
Although unlikely, it remains to be seen if the government will walk back on its plans to privatize the telecom operator. The statement goes on to specify that the government will take a decision in an upcoming cabinet meeting where the SOC’s report will be considered along with “recommendations from the ICT sector.”
“The effects of the privatization of Sri Lanka Telecom on National Security” report offers a lot of tinfoil-hat thinking. Yet, the question of specifics surrounding potential national security concerns, if at all, remains unanswered.
In reality, the report sounds less like a valid national security concern and more like a last-minute assignment submission if the answers were crafted by an AI chatbot. Here’s hoping the government’s eventual decision offers more comprehensive reasoning.
The full report by the Sectoral Oversight Committee on National Security can be found here.
GIPHY App Key not set. Please check settings