Growing up digital natives - with a considerable portion of our formative years with access to the internet, Gen Zs and millennial are far more reckless with our information, what we share online, and who we give our personal information to. That quiz you took last week that told you to answer a few simple questions to find out ‘what sort of bread you are’... could well be stealing your data. In 2018, through just one Facebook quiz alone, over 60,000 Facebook users’ data was compromised by hackers. Admittedly, a quiz exposing you to cyber crimes is less likely, but what about the fact that you’ve been using the same three passwords for the past five years for all sites you sign into (akin to using the same key for your front door, car, safe, and workplace)? Or the fact that you’ve told your best friend or your significant other your instagram password (leaving said key in your postbox and letting everyone know)? Or the fact that you keep pressing “remind me later” when your computer prompts you to update it? While this may have a multitude of implications for your safety online - such as leaving you vulnerable to identity theft, blackmail and even financial loss - it is likely to have even greater repercussions in and on your workplace. 

 

A study shows that 70% of employers aren’t confident about their cyber security holding up under the influx of millennials soon to enter the workforce. 1 in 10 millennials (aged 18-24) fell victim to phishing scams, compared to 1 in 20 Boomers (over 55 years old) with millennials losing around 5% of their income to scams every year.   

The reason for millennials’ and Gen Zs’ cavalier attitude to internet safety stems mostly from the fact that they don’t believe their information is of sufficient interest or value to attract theft. Studies show that nearly 25% of millennials surveyed considered themselves not ‘interesting enough’ to be targets of cyber criminals. I too am certainly guilty of thinking this, but every piece of information is interesting and of value to people wishing to access it - whether it be to collect your preferences, sell your internet habits to companies (data mining), or scam you financially. With an average attention span of 8 seconds, and the constant need (craving even) for instant gratification, millennials and Gen Zs hardly stop to consider the ramifications of their internet activity. While the older generation would be more cautious about which online stores they give their information to, or with whom they share their passwords, we hardly give it a second thought.   

 

 

Furthermore, the risks cyber interaction pose to the younger generation are also very personal. Cyber bullying, non-consensual distribution or publication of teenagers’ nude pictures, and identity theft on social media are all very real problems inherently harmful to the psyche and mental well-being of the younger generation. These crimes fall under the wider umbrella of Cyber Violence and Exploitation (CVE). The sharing of intimate/explicit images seems to have become an expression of trust and fidelity among couples, but the aftermath, a cause for hurt and hate. It is also important to note that the sharing of nudes is far more prevalent than one would assume, and this is a problem that isn’t concentrated only in Colombo, but countrywide too. Often, the receivers of nudes will share and distribute these - either as a way of ‘getting back’ at their partners after a messy breakup, or because they’re offered money by sites and groups that carefully and methodically collect and catalogue these for commercial gain.  

Another issue is cyber-bullying and identity theft. Many people I know have had their pictures used on accounts that aren’t theirs. . Even more people have been victim to some sort of cyber bullying - rendered even worse by the rise of such apps as “Tellonym” and “Sayatme” which allow people to send anonymous messages.   

 

 

In the case of leaked intimate images, or cyber bullying, or identity-theft, teenagers must be given adequate and accessible recourse, and made to feel safe contacting law enforcement as a natural reaction of first resort, rather than later, or not at all. Existing measures which include having to write to the Director of the CID and request a meeting are far too tedious, not to mention humiliating, for victims. This is why so many choose to keep quiet, as seen in a survey conducted by the National Centre for Cyber-Security in Sri Lanka (CERT), which revealed that 14% of the youth surveyed were victims of identity theft, 11% had their accounts hacked, and 9% stated that their photos were abused. Alarmingly though, 71% of respondents admitted to taking no action against the perpetrators. The launch of Policing Cyber Violence: Standard Operating Procedure (SOP) for the Sri Lankan Police in 2020 as well as the increased involvement of the Sri Lanka Police Women and Children’sBureau as part of the response mechanism, is certainly a step in the right direction.   

In my research for this article, I contacted the not-for-profit organisation Hithawathi that seems to be the only non Governmental organisation providing quick and easily accessible counseling and help for cyber related incidents. They informed me that they have direct contact with Facebook; so any Facebook, WhatsApp, or Instagram related issues could be reported to them instead of through the apps which provide only automated responses. Moreover, they help victims through the process of obtaining legal recourse and by guiding them through steps such as contacting CERT or the police.   

 

 

Awareness about safe internet practices must also be established at a grassroots level. Surely, isn’t learning theory of football and volleyball for two whole terms (mandatory in the local curriculum!) preposterously inconsequential in comparison to enlightening children on how to keep safe in the environment that will very soon - if not already - be the biggest part of their lives ?   

The recognition that ‘cyber education’ is just as important a subject as math and science, and its subsequent integration into the subjects social studies, civics, and health education, is vital to ensure a safe future. Schools and the government must therefore place far more emphasis on, and create awareness about, cyber jobs, such that Sri Lanka may expand and strengthen our cyber workforce.   

 

As mentioned in my previous article, Sri Lanka’s cyber laws have few effective frameworks or proposed strategies to deal with social media abuses. Social media platforms’ responses to abuses of and on their platforms are disappointingly performative - Facebook, for example, despite proclaiming crackdowns on abusive and harmful speech, responds to reports of abuse in most languages other than English as “not violating community guidelines”.   

The EU’s enactment of legal safeguards are far from perfect, but whatever degree of dynamism they have could certainly be emulated by Sri Lanka. Laws such as enforcing the obligation to collect basic statistical data on cyber crimes to help prevent and be prepared for future attacks, and raising comprehensively the level of criminal penalties are important and necessary to be promulgated immediately. Ad hoc projects that safeguard and ensure high standards of data protection must be established as well as supported both at legal and policy levels, such that maximum efficiency is ensured through delegation. Overall, Sri Lankan laws must become far more progressive, as well as responsive, and policymakers must come to terms with the fact that policy-making cannot continue as it is - slow, inefficient and hopelessly bureaucratic - if we are to be realistically proactive in dealing with cyber crime.  

The compromising of accounts of heads of states and other prominent Twitter users like Joe Biden, Barack Obama, Jeff Bezos and Elon Musk just last month, in the biggest Twitter hack ever, is a case study that epitomises the effect of millenials and Gen Zs on cyberspace, and is just a precursor of what is to come. That three young adults, only 17, 19, and 20 years old managed to hack into some of the most prominent people’s accounts by manipulating Twitter employees - mostly millennials - to give them their credentials, is an example of how technology has ‘democratised’ the ability to commit serious attacks, as well as how widespread the impacts of a few people’s - in this case, the Twitter employees’ unsafe internet habits are.  

 

While internet technology is possibly the biggest advancement in human history, it is also proven to be the biggest risk. Unless we take proper precautions, both nationally, internationally and at individual levels, we’d soon be living in a dystopian world. Think I’m fear-mongering? Well, we thought a pandemic such as COVID-19 only existed in dystopian novels and movies, yet here we are ...