|
|
| নির্বাচিত পোস্ট | লগইন | রেজিস্ট্রেশন করুন | রিফ্রেস |
Cyber Security Act 2023
In one year, the level of new cybercrime in Bangladesh has increased 4 times. Cybercrime Awareness Foundation reported this information after researching 217 victims of eight departments of the country. In the afternoon, a report published in Dhaka Reporters Unity said that cyber crime in the country was 1.81 percent in 2022 but this year it has stood at about 7 percent. Scams such as job promises, online shopping and blackmailing have also increased. And compared to last year, the number of child victims in cybercrimes has increased by 140 percent this year.
Cybercrime Awareness Foundation released a research report titled 'Cyber Crime Trends 2023' at Dhaka Reporters Unit in Segunbagicha of the capital. Swarna Saha, research assistant of the foundation, explained the details.
According to the report, 52.21 percent of cyberbullying incidents were recorded in 2022, which was 59.90 percent in 2017. In five surveys since 2018, the percentage of complainants was 61 percent. This rate has decreased in the first four months of 2023.
Speakers at the event said that social media has become a paradise for crime. However, cyberbullying has relatively decreased in the last five years.
The negotiators expressed concern over the increasing rate of child victims.
A new type of cybercrime has increased in the country
New types of cybercrimes are increasing in the country. At the same time, fraudsters are also taking the opportunity to increase people's online shopping habits. Buyers are being cheated while buying products online. Although the trend of various types of financial crimes has increased in the name of loans through apps, the trend of resorting to the law has decreased. Even many do not know how to take legal remedies.
Cybercrime Awareness Foundation has highlighted this information by analyzing the types of crimes in cyberspace from March 2015-2023. On Saturday (May 20), the organization highlighted these facts in the presentation and discussion of the research report titled Bangladesh Cyber Crime Trends-2023 at the Dhaka Reporters Unit. The Cyber Crime Awareness Foundation has published a report on cybercrime in Bangladesh for the fifth consecutive time.
Analysis of research data shows that in 2018, among the total cybercrimes, the fraud rate while buying products online was 8.27 percent. In 2023, this rate has increased to 14.64 percent. In 2018, the rate of threats sent online was 13.53 percent. In 2023, this rate stands at 15.47 percent. In 2018, the rate of harassment using pornography was 2.25 percent. In 2023, the rate stands at
9.12 percent. In 2018, the rate of photo manipulation online was 22.31 percent. Which has decreased to 7.46 percent. Social media ID hacking accounted for 19.79 percent of crimes committed in 2018. Currently, this rate has decreased to 19.6 percent. In 2018, the rate of misinformation on fake accounts on social media was 27.07 percent. In 2023, this rate has decreased to 16.02 percent. The rate of mobile banking account hacking or data theft was 3.01 percent in 2018. Now it has come down to 1.10 percent.
Apart from this, the rate of other categories (disabled ID, job fraud and taking money with false promises) has increased significantly. In 2018, this rate was 2.25 percent. Which currently stands at 6.9 percent.
According to researchers, the incidence of cyberbullying-related crimes (online and phone messaging, pornography, social media abuse, and photo manipulation) has been relatively low over the past five years. Such crimes were recorded at 52.21 percent in 2022, which was 59.90 percent in 2017.
But despite all this, the rate of complaints to law enforcement agencies is decreasing day by day. According to the data obtained in the survey, the percentage of complainants in 2018 was 61 percent and in 2023, it has decreased to 20.83 percent.
Research points to the lack of awareness among victims as the main reason behind their tendency to take legal action. A 2023 survey says 24 percent of victims don't know how to take legal action. In addition, 20 percent of the victims reported a tendency to conceal the incident and 18 percent of the victims reported fear of legal action or harassment.
And among those who have taken legal action, majority of the victims have said that they are not satisfied with the action taken by the law enforcement agencies. In the 2023 survey, this rate is 80 percent of the total number of complainants.
In the panel discussion, Director General of Systems and Services of BTRC, Brigadier General Md. NasimParvez said that the use of information in the country has increased tremendously in the last few years Internet has become our need now. Many are moving to the online space to work safely. Through this, many people want to avoid the hassle of working physically. But here cyber criminals are putting them in danger.
He said that some policies have been prepared for the ISP providers as a regulator. If it is not accepted, some punitive measures are also taken. Besides, initiatives are being taken to launch call centers so that people can report their problems and take proper decisions.
Brigadier General Md. Director General of System and Services of BTRC was present at the event. Nasim Parvez, Secretary General of Internet Service Providers Association of Bangladesh (ISPAB) Nazmul Karim Bhuna, Associate Professor of Anthropology Department of Dhaka University. Rasheda Rawonak Khan, member of the National Committee on Cyber Security Awareness. Mushfiqur Rahman, BISS Research Officer Nahiar Reza Sabriet and many others. Cybercrime Awareness Foundation President Kazi Mustafiz was the moderator of the event.
New type of cyber crime has increased by 281 percent in the country, with women being the major victims
New types of cyber crime increased by 281.76 percent. And this is happening due to ignorance. The culture of using digital devices and being an online resident or how to navigate the digital world has not been developed. Because of this, women and children have to face the most problems. The organization gave this information in a press conference organized by Cyber Crime Awareness Foundation (CICAF) at Dhaka Reporters Unity (DRU) on Saturday.
It was informed in the conference, the research survey of Cybercrime Awareness Foundation showed that cyber crooks have resorted to new and innovative techniques in the scale of new types of crimes committed in Bangladesh in 2022. These crimes include multiple levels of fraud. Such as false promises of jobs, fake app loan scams, fraud in the name of selling services or products etc. In 2022, 14.64 percent of victims were victims of fraud while purchasing products online. The rate of child victimization in cyber crime has increased to 140.87. 75 percent of the victims are young, between the ages of 18 and 30. In a gender-wise comparison statistics, the percentage of cybercrime victims is higher among women (59.73 percent).
The number of victims taking recourse to law is decreasing day by day. In the 2018 survey, where the number of complainants was 61 percent, it has decreased to 20.83 percent in 2023. The most common reason for not taking legal action is lack of knowledge of the law (24 percent), followed by a tendency to keep things a secret (20 percent) and the number three reason cited by 18 percent of victims is the fear of backlash against legal action.
In the press conference, the Security Awareness Foundation said that Cyber Security Awareness Month will be observed next October targeting youth and children. The National Committee of the Foundation announced this awareness program with four messages on digital security during the four weeks of October.
CCA Foundation President Kazi Mustafiz presided over the conference. Mushfiqur Rahman, a member of the National Committee, said in his welcome speech, "We will launch multi-factor authentication in the first week of October, "Strong Passwords in the second week", "Recognize and report phishing" in the third week and "Update your software" in the fourth week. "I will run awareness under the title."
In the conference, Director (Arbitration and Training) of Bangladesh Legal Aid and Service (BLAST) TaapseeRabeya said that even if the device is handed over to children, it is not a matter of their protection, some of them are committing crimes and some are being attacked. Therefore, importance should be given to make women and children aware.
Mohammad Ashfakur Rahman, Joint General Secretary of Bangladesh System Administrators Forum, Mohammad Kauchar Uddin, General Secretary of Internet Society Bangladesh Chapter, Sanjay Chakraborty, Vice President of RobiAjiota and many others spoke at the conference.
The theme of this year's Cyber Security Awareness Month is 'Securing Our World'. The sponsors of this program are mobile phone connectivity company Robi, technology company Sophos and Cyber Paradise. Cybercrime Awareness Foundation, Internet Service Providers Association of Bangladesh (ISPAB), Cyber Support for Women and Children (CSWC) and Bangladesh System Administrators Forum (BDSAF) are the partners.
Cybercrime is increasing in the country, 50.27 percent victims of bullying
50.27 percent of cybercrime victims in the country are victims of various forms of cyber bullying. 80.90 percent of them are between 18 and 30 years of age. They have been subjected to psychological harassment through image manipulation, pornographic content, social media abuse and online-phone message threats. Such crimes are increasing gradually.
These data have emerged in a research report of Cybercrime Awareness Foundation (CCA Foundation). The research report titled 'Cyber Crime Trends in Bangladesh 2022' was released at the Bangladesh Crime Reporters Association at Segun bagicha in the capital on Saturday afternoon.
The research was sponsored by the technology company Cyber Paradise Limited. Under the chairmanship of CCA Foundation President Kazi Mustafiz, the head of the research team, Monira Nazmi Jahan, Senior Lecturer in the Law Department of East West University presented the details of the report.
He said that in the post-coronavirus period, misinformation is increasing through social media. Most of the victims are between 18 and 30 years of age, with a rate of 80.90 percent. 73.4 percent of victims of harassment do not seek legal recourse. However, 7.04 percent of those taking legal recourse expressed satisfaction with legal services.
18 questions were asked to 199 victims across the country from February 15, 2021 to March 2, 2022. Out of this, men are 43.22 percent and women are 56.78 percent.
Type of crime
Based on their opinion the research report is prepared. According to the research survey, compared to the last time, the number of cyberbullying victims has slightly increased by 50.27 percent; Last time it was 50.16 percent.
Hacking of social media and other online accounts is at the top of cyber crime.
55.27 percent of cyber crime victims complain that they do not get the expected results
The number of female complainants is relatively less than that of male complainants. Only 11.06 percent of women victims approached the law enforcement agencies with their problems.
55.27 percent of victims of cybercrime did not receive the desired outcome after reporting to the law enforcement agencies. Only 7.4 percent of the complainants approached the law enforcement agencies and got the desired result.
According to the 2021 report, only 22.22 percent of the total victims received the expected outcome after the complaint, which is 15.18 percent higher than the 2022 figure.
These data have come out in the latest research report 'Cybercrime trends in Bangladesh-2022'.
The Cybercrime Awareness Foundation released this research report at the Bangladesh Crime Reporters Association Auditorium in Segunbagicha of the capital.The survey asked 18 questions to 199 individual victims from February 15, 2021 to March 2, 2022. Based on that opinion this research report is prepared.
Under the chairmanship of Kazi Mustafiz, President of Cybercrime Awareness Foundation, Monira Nazneem Jahan, Senior Lecturer of Law Department of East West University, presented the details of the report among the researchers.
The survey conducted on 199 victims showed that only 53 went to the law enforcement agencies with their problems, which is 26.6 percent of the total victims. But it is 5.17 percent more than 2021. Besides, the number of female complainants is comparatively less than the male complainants. Only 11.06 percent of women victims approached the law enforcement agencies with their problems and 45.73 percent expressed reluctance to take legal recourse.
The reasons given by victims for not seeking legal action varied. A maximum of 21 percent of victims did not take legal measures to keep the matter secret. In addition, 17 percent of the victims have not taken any action to protect their social image, 17 percent have to face harassment with the legal system, 17 percent will not get any benefit even if they complain - they did not take any action. 7 percent of the victims did not take any action because the accused person was influential. On the other hand, 2 percent of victims do not feel the need to take action.
It also shows that 43.22 percent of the victims know about IT laws. The remaining 56.78 percent of the victims have no idea about the existing laws in the country. Analyzing the results of the survey, most of the victims are victims of cyber bullying. These include defamation of images, pornographic content, social media abuse and online-phone-messaging threats. This year's survey saw a slight increase in the number of victims of cyberbullying to 50.27 percent from
50.16 percent in the last report.
This time hacking of social media and other online accounts or data theft has increased dramatically among cyber crimes in the country. Also, the number of victims of fraud using social media and buying products online is also noticeable.
Analyzing the comparative statistics of cybercrime in this survey, it was found that hacking of other online accounts including social media is on the first place, with a rate of 23.79 percent. In the 2021 report, this rate was 28.31 percent, which is 4.52 percent higher than this year. However, the concern is that in the last report, the incidence of misinformation on social media was 16.31 percent. But this time it has increased to 18.67 percent, which is 2.36 percent more than last time.
In addition, harassment using photos or videos of sexually harassing private moments (pornography) and photoshopped images of victims have increased at an alarming rate. Harassment by using photos or videos of private moments of sexual harassment (pornography) was 7.69 percent last time, but it has increased to 9.34 percent this time, and harassment by photoshopping the victim's image was found at 5.85 percent in the last report, but this time it was
1. .08 percent increased to 6.93 percent.
As a large number of people have become accustomed to online shopping due to the corona epidemic, the number of victims of fraud while buying products online has also increased at a huge rate. According to the survey, about 15.06 percent people have been cheated while buying products online.
The report also revealed that most of the victims, 80.90 percent, were between 18 and 30 years of age. This is followed by victims below 18 years of age and the rate of these victims is 13.57 percent. In third place are victims aged 31 to 45, with a rate of 5.03 percent, and in last place are victims over 45, with a rate of 0.5 percent. Teenagers are involved in cyber crime in Bangladesh
Cybercrime is increasing in Bangladesh using online and apps Gambling, pornography and human trafficking are not left out The biggest concern is that teenagers are getting involved.
Recently, the Bangalore Police in India arrested five Bangladeshis in connection with the gang rape and torture of a woman. One of them is AV Hridoy. He is known as 'TikTokHriday', said Bangladesh Police According to the information provided by them, Hridiya was committing the crime of trafficking women by luring them to work on TikTok app Those detained in India including him tortured a young woman from Bangladesh with the intention of trafficking The Indian police arrested them only after that video went viral But the girl has not been found yet
After the girl's father filed a case in Dhaka's Hatirjheel police station, the Bangladeshi police also became active in relation to the accused According to the police, they were working as an organized women trafficking gang under the guise of making TikTok videos
Last week CID found another online criminal gang in Bangladesh He was using a gambling app called 'Streamcar' to launder money out of the country. CID arrested four members of this gang. They were using Bitcoin and other online currencies in this gambling.
Cheating, sexual harassment and many other crimes are already going on in Bangladesh through online and social media But this new type of crime is raising alarm levels And for these crimes there are various groups of criminals online, social media and apps The names of those groups are known in the investigation.
Recently, the police have found the dreaded LSD drug in Bangladesh for the first time on the basis of the death of a student of Dhaka University. The communication of this drug is also online. The police said that they have found multiple groups of these drug users and suppliers on Facebook.
In addition, last October, the police arrested three students of a private university associated with online pornography They built the pornography market in the developed world They used to create pornography under the guise of friendship Earlier, another such group was caught in 2014.
According to the Cyber Security and Crime Department of DMP, they received 1,765 complaints directly from Dhaka city in 2018. Besides, 6 thousand 300 complaints are received through Hello City apps, Facebook, mail and help desk In 2019, the number of direct complaints was 2 thousand 932 And 9 thousand 227 complaints are received through Hello City apps, Facebook, mail and help desk. In 2019, 53 percent of the total complaints were made by men and the remaining 47 percent by women
What is the solution?
Many people think that it is necessary to block various apps to prevent online-based criminal activities. However, IT technician Tanveer Hasan Joha thinks that it is difficult to block apps as well as there is no benefit in banning them. "Use cannot be prevented by prohibition." Two
points need to be emphasized for this The capacity of the police to fight cyber crime needs to be increased and parental guidance is needed,'' he said.
According to him, “Parental control should be turned on on the gadget that the child is using As a result, if the child uses any prohibited app, enters the site or is active in the group, he will get his notification immediately.
Nazmul Islam, Additional Deputy Commissioner of Police, Cyber Crime Unit of DMP said, “The problem is that the nature of cyber crime is changing every day. We are also updating our investigation, research and technology accordingly We are capable of suppressing cyber crime in Dhaka But that capacity has not been developed across the country But work is in progress Creating trained manpower.”
He said, their policy is not to stop pouring any app or online platform Identify the crime and take action accordingly But there are some other apps including gambling which are prohibited
Unregulated cybercrime
Cybercrime has gone out of control. The number of cybercrimes is increasing. Harassment by cyber-crooks using technology is taking a dire form. However, the disappointing news is that Bangladesh has not been able to make any agreement (Mutual Legal Assistance Treaty-EMLET) with Meta, the parent company of Facebook, WhatsApp and Instagram. Fake registered mobile sims have not yet come under control. Many new and old mobile handsets are still out of reach of the database.
Cyber experts say that our authorities have failed to take appropriate initiatives at the rate at which the number of cybercrimes is increasing. Day by day the circle of cyber criminals is getting wider but they are failing to stop it. On the other hand, due to not being able to 'Emlet', the government is deprived of many types of guaranteed services from Meta. RAB says only 25 to 30 percent of content is removed by Meta even after reporting cybercrime with necessary documents. Again it is time consuming.
According to a source of BTRC, currently the biggest misuse of internet is on social media. BTRC's main action in relation to social media is to directly contact the authorities of these media and request them to remove the relevant offensive or harmful post-content. But the reality is, social media never quite fulfills this request. As a result, not all posts or content requested by BTRC are removed in many cases. According to BTRC data there are more than 7 crore social media users in Bangladesh. Many of these users also use multiple social media. The most used social media are Facebook, YouTube, TikTok, WhatsApp, Bigo, Likey, Imo and Twitter.
Reportedly, only law enforcement agencies are able to seek Meta's assistance in cases of criminal offences. However, it is much less than expected. However, Facebook provides data to the
authorities i.e. Meta Bangladesh at its own will to law enforcement agencies. Due to lack of 'Emlet' in this case, the law enforcement agencies are also not able to insist on any help from Meta. Meta is not bound by it either. Bangladesh has long requested Meta to set up their local office in the country, but last year Meta set up a data center in Kolkata, India. In this case, some of the technicians are commenting that they are avoiding Bangladesh a lot. They say, in the meantime, there are various statements about the resignation of Shabnaz Rashid Diya, the manager of Mater Policy who is stationed in Bangladesh.
Meanwhile, Post and Telecommunication Minister Mustafa Jabbar spoke about Bangladesh's excellent relationship with Meta.He said, before I took charge, we had no contact with Facebook. Now we are in contact with them all the time. One of their women officers is also working in Bangladesh. Meta is listening to us. He did not say that Facebook will not have their local office here if we have a data center in Kolkata. Facebook is doing business in our country. They don't want to lose this country for business.
Pointing out that the present government has achieved many successes in controlling cyber crime, he further said, Look, in the last five years, we have shut down more than 26,000 porn sites and thousands of gambling sites and apps. Technological crime has to be tackled with technology. Because not a single person in this country is safe from digital crime. Digital security laws are essential to curb cyber crime. Because cyber-criminals are not excluding the Prime Minister either. Using inaudible words against him.
In a recent event, Center for Policy Dialogue (CPD) special fellow Professor Dr. Md. Mostafizur Rahman said, we have exempted 28 IT sectors from income tax. These are effective till FY 2023-24. There is an opportunity to think about them now. Big companies of the country are advertising on Facebook and Google. From there they pay VAT but not tax. There is movement all over the world about it.
Highlighting the recommendation to increase revenue from digital economy, he said, it should be brought transparently. No new services code. New code will come for revenue. Revenue Board should increase automation. Investment in Board of Revenue should be increased.
However, several cyber experts said that Meta has already made a statement not to take direct advertisements from Bangladesh. Now we are paying for advertising through third parties. Our country has not yet come to terms with Meta. Then they will continue as they are. Like Meta, the government should make more use of diplomatic channels if necessary to increase relations with Google or other social media authorities.
According to them, fake registered SIMs are still being sold. So how to prevent fake Facebook account? It is said that new used handsets are being brought under the database but the actual reality is different. Due to these fake SIMs, frauds around mobile financial services like Bikash, Cash, Rocket and crimes like IMO hack have increased. Because of this, the common man is in unlimited suffering. Again, the law enforcement agencies of Bangladesh have not yet acquired the capacity to suppress, investigate and manage cybercrime. It will never be right to judge the entire Bangladesh by the capital. Police stations in remote areas have not yet been able to depute trained police officers to register cyber cases or investigate. At the same time, it has not been
possible to make the people of the country cyber aware to the desired extent. No awareness initiative is visible in this regard yet.
Technician Sumon Hossain Sabir said that Facebook and YouTube are one of the biggest platforms of cybercrime in this country. Their community standards do not match the existing laws of Bangladesh in all respects. At some places we have distanced ourselves from them due to conflict. Because of this they don't want to consider many genuine requests. The reason behind this is that most of the requests made to Meta by our law enforcement agencies are politically motivated. This creates mistrust. Even though we are supposed to have a meter office in our country, they are doing a data center in Kolkata. What does it indicate?
He said India had come a long way towards a law for data protection. That law got them into trouble with Twitter. But India has backed away from that law. But we could not back down from the draft we made on India's model. That draft is now under vetting.
The former director of elite force RAB intelligence branch. Colonel Moshiur Rahman Jewell has long worked with cyber crime. A few days ago, while in charge, he said that cybercrime has no geographical boundaries. It is a big challenge. Identification is difficult in many cases. But in many cases it is seen that things like spreading anti-government rumors are being done from abroad. In that case too we are falling into legal complications.
He further said, in case of Facebook-Youtube based cyber complaints we report them to block the content. In that case we get 25 to 30 percent positive response. Although in most cases it is time consuming. RAB has a lot of success in this field.
AFM Al Kibria, Deputy Commissioner of DMP's Cybercrime Division, said much the same. He said that there is no issue on which rumors have not been spread. However, many of these cyber criminals in the country have been brought under the law. Efforts are on to arrest the rest.
Cybercrime picture: According to data provided by Dhaka Metropolitan Police's (DMP) Counter Terrorism and Transnational Crime (CTTC), an average of 169 cyber-related cases were registered every month under four different laws in 2020. In 2021, this number increased to 194. And last year it increased even more. In 2022, there were 313 cyber-related cases. Of these, 280 cases were investigated by CTTC. Among these cases, 91 Facebook-related defamation cases and 58 pornography cases. Apart from this, 51 related to hacking, 42 related to e-transaction, 20 related to online fraud and 18 related to information technology. All 131 cases filed in IT, online fraud, e-transaction and hacking cases were aimed at extortion, which is 47 percent of the total cyber-related cases.
According to DMP sources, it has also been planned to control it by reviewing crimes and criminals using modern software like CDMS, CIMS and SIVS Plus.
According to the Police Cyber Support for Women, the unit started in November 2020, more than 22,000 women have approached them about harassment online or in cyberspace in the last two years, with most of the victims providing all kinds of information to the law enforcement agencies to take necessary action.
According to police cyber support data, the majority of harassed women (43 percent) were blackmailed or harassed through fake IDs. Apart from this, according to the Cyber and Special Crime Division (North) of the Police Intelligence Branch (DB), a total of 171 cases related to cyber crime were registered in 2022. Of these, 20.46 percentof cases were for pornography and online harassment and 29.23 percentof cases were for online cheating.
On the other hand, ActionAid's study of six districts in the country found that only 14.91 percent of women filed complaints against online harassment. Most of the complainants filed complaints through social media (44.12 percent) and least number (5.88 percent) through Cyber Crime Investigation Division, CTTC and DMP. According to the research of this organization, most of the women complain online anonymously for fear of socialization and identity leak.
Bangladesh is at high risk of cyber attacks
Officials of the specialized cybercrime investigation unit of the police fear that Bangladesh may face a high risk of cyber-attack due to the lack of activity in dealing with the rising speed of corona infection. Such attacks can be carried out by local and foreign hacker groups. Corona BD, Bangladesh Police, Bangladesh Bank, Bank, Development, Economic, Administrative Institutions are at risk of cyber-attack threat. A hacker group named 'Casabangka' may have carried out the cyber attack. This hacker group can create fake web portals modeled after coronavirus websites to mislead people about vaccine preparation and delivery. The government's Computer Incident Response Team-CIRT has issued an alert in the wake of cyber attacks. This news has been reported by the police cyber crime investigation specialized source. In the first quarter of this year report of cyber security service provider and research firm Kaspersky, Bangladesh is number one in the list of virus attacks on personal computers (desktops and laptops). Malware attacks on smartphones are in the third place. In several research reports on international cyber security, this country has been placed in the list of most vulnerable countries in cyber security.
Data Source:
I. Click This Link the-new-cyber-security-act-2023/
II. Click This Link 682050
III. The Daily Star
IV. Transparency International Bangladesh
Section 57
Section 57 of the Information and Communication Technology Act, 2006 drew criticism from writers and journalists for the potential impact on Freedom of Speech in Bangladesh.This was the most used section of the act by Bangladesh Police to file cases. The act made it illegal to post material online that is provocative, defamatory, or "hurt religious sentimentality".[16] Jyotirmoy Barua criticized the act saying it was used Bangladesh Police and the Ruling Party to silence dissent. In four months of 2017, 21 journalists were sued under the act. From 2013 to 2017, a minimum of 700 cases were filed under the act with the Cyber Tribunal.
Abstract
The Cyber Security Act 2023 of Bangladesh represents a significant legislative effort to enhance the country's cybersecurity framework and protect its digital infrastructure from an increasing range of cyber threats. The Act introduces comprehensive measures to safeguard critical information infrastructures and mandates robust cybersecurity practices across various sectors. It establishes a National Cybersecurity Coordination Center to oversee and coordinate national efforts, and enforces stringent data protection protocols. The Act requires mandatory reporting of cyber incidents and imposes substantial penalties for non-compliance, aiming to ensure accountability and prompt response to cyber threats. Additionally, it emphasizes continuous education and workforce development in cybersecurity, acknowledging the rapidly evolving nature of cyber risks. By implementing these measures, the Cyber Security Act 2023 aims to create a more secure and resilient cyberspace in Bangladesh, thereby safeguarding national security, economic stability, and public safety.
Key Words
Cyber Security Act 2023, Cybersecurity Framework, Digital infrastructure, Cyber threats, Critical information infrastructures, National Cybersecurity Coordination Center, Data protection protocols, Cyber incidents, Cyberspace, National security, Public safety and legislative effort
To
Saifuddin Ahmed Associate Professor
Department of Peace and Conflict Studies Dhaka University
E-mail:[email protected]
Submitted to
Mr. Saifuddin Ahmed Associate Professor
Department of Peace and Conflict Studies Dhaka University
E-mail:[email protected]
May 12, 2024
..
Submitted By:
Abul Kashem Muhammad Shaheen
Roll: 242106
Phone Number: 01720209599
Shaikh Muhammad Mahbubul Karim
Roll: 242136
Phone Number: 01715504782
Tasmia Farjana
Roll: 242124
Phone Number: 01604697939
Eshrad Ahmed Aeka
Roll: 242118
Phone Number: 01319379267
NafisaTabassum
Roll:242130
Phone Number: 01307882860
Jamshed Shahriyar Bhuyian
Roll: 242109
Phone Number: 01780103989
Acknowledgment
I am profoundly grateful to Allah for giving me the strength, patience, and ability to complete this assignment on the Cyber Security Act 2023 of Bangladesh.
First and foremost, I would like to express my sincere gratitude to Mr. Saifuddin Ahmed, Associate Professor, Department of Peace and Conflict Studies, Dhaka University, my respected course teacher, for his invaluable guidance, support, and encouragement throughout this assignment. The insights and feedback have been instrumental in shaping the direction and quality of this work.
I would also like to thank the University of Dhaka for providing the necessary resources and a conducive environment for my research. Special thanks to the library staff for their assistance in accessing relevant materials.
Furthermore, I am deeply thankful to my colleagues and classmates for their constant support and for providing a stimulating and collaborative environment. Their discussions and ideas have significantly contributed to the completion of this assignment.
I would also like to acknowledge the various authors, researchers, and experts whose works have provided me with a wealth of information and insights on the subject of cyber security and legislation.
Last, but not least, I am eternally grateful to my family and friends for their unwavering support and encouragement throughout my academic journey. Their belief in me has been a source of motivation and strength.
Thank you all for your invaluable contributions.
Sincerely,
Abul Kashem Muhammad Shaheen and the group
Table of Contents
Introduction 21
1.1 Background of Cyber Security Act 2023 21
1.2 Cybercrime Trend in Bangladesh-2023 22
1.3 Type of crime 24
1.4 Corona Situation 26
1.5 Gender Based Crime 30
1.6 Concept of Law 31
1.7 Recourse to Law 33
1.8 Expected outcome after complaint to law enforcement agencies 34
1.9 Reasons for not taking legal action 36
1.11 Recommendations to the stakeholders 37
1.12 Widespread Cyber Awareness Activities 37
1.13 Cyber Security 39
1.14 Cyber Threat and Security: Bangladesh Perspective 40
1.15 Current Scenario of Cybersecurity in Bangladesh 41
1.16 Effects of cyber violence 42
1.17 Challenges to Bangladesh 43
1.18 Individual Awareness 45
2.0 Cyber Security Act 2023 Bangladesh: key features 47
2.1 cyber security Act 2023 Bangladesh: Importance 48
3.0 The cyber security Act 2023: Background and context of the Act 52
1) 3.1 Key Provisions of the Cyber Security Act 2023 52
2) 3.2 The Cyber Security Act 2023: The process of preparing the Act 53
3) 3.3 The Cyber Security Act 2023: Any global and domestic political and economic influence to prepare the policy (whether politics decided the policy) 55
4) The Cyber Security Act 2023: The problem chosen to solve through the implementation of the policy (whether the policy will determine politics) 56
5) The Cyber Security Act 2023: Advantages of the Policy 58
6) The cyber security Act 2023: Advantages of the Policy: the positive outcome 59
7) The Cyber Security Act 2023: Advantages of the Policy: the qualitative changes 61
8) The Cyber Security Act 2023: Limitations of the Policy 62
9) The Cyber Security Act 2023: Some of these limitations 65
4.0 Analysis: DSA or CSA 66
4.1 The newly-proposed Cyber Security Act (CSA) looks to be no different 68
4.2 Criticism 70
I. Communication surveillance versus right to privacy: Where do our laws stand? 70
II. A pertinent question may arise 71
III. Is none of our data safe with the government? 71
IV. Don’t the poor have a right to privacy? 71
V. An ordinary person’s guide to dangerous online regulations 72
VI. Unravelling the insecurity in our IT infrastructure 72
VII. The price we pay with each deleted word 73
VIII. Govt's priority is to access, not protect, our personal data 73
IX. Who watches the watchmen? 74
4.3 Cyber Security Act and the fear of history repeating itself 75
5.0 Advantages of Cyber Security Act 2023 (CSA) 82
Cyber Security Act 2023 Bangladesh: findings 85
6.0 Recommendations 86
The cyber security Act 2023 Bangladesh: suggestions 88
Cyber Security Act 2023 Critical Observation 89
Two sections not removed despite demands 91
Concerns remain as before 91
Eight new sections have bail provision 93
Cyber security Act 2023 Bangladesh: conclusion 93
Introduction:
The Cyber Security Act 2023 of Bangladesh, which was passed by the Parliament in September 2023, replaces the earlier Digital Security Act (DSA) of 2018. This new legislation aims to enhance digital security across various sectors and support the country's goal of building a "Smart Bangladesh". Key aspects of the Cyber Security Act 2023 include Replacement and Retention: The Act retains several controversial elements from the DSA, such as non-bailable offenses and broad powers for law enforcement, while introducing some amendments and reducing certain penalties, Non-Bailable Offenses: Specific offenses under sections 17, 19, 27, and 33 are non-bailable, covering crimes like cyber terrorism, hacking, and damaging critical information infrastructure, Law Enforcement Powers: Police inspectors are empowered to conduct searches and arrests without warrants if they suspect imminent cyber crimes or the destruction of evidence. This provision has raised concerns about potential misuse to suppress dissent and freedom of expression, Provisions for False Cases: The Act includes penalties for individuals who file false complaints or cases under the Act, aimed at deterring misuse of the law for personal vendettas, Public and International Concerns: Despite some amendments, critics argue that the Act continues to pose risks to freedom of expression and may be used to intimidate journalists and activists. The short timeframe provided for public feedback before passing the Act has also been criticized,
While the Cyber Security Act 2023 introduces necessary measures for combating cyber threats, its retention of broad law enforcement powers and non-bailable offenses continues to spark debates over its potential impact on civil liberties and human rights in Bangladesh.
1.1 Background of Cyber Security Act 2023:
as a tool against freedom of expression, media freedom, human rights, and dissension. On the other hand, it has been equally criticized for failing to ensure effective online safety, security of the digital system and protection of personal data and fundamental rights.
However, the DSA proved to be more draconian, prompting protests from human rights activists, journalists, legal experts and individuals, who raised concerns about its ambiguous language and its tendency to criminalize legitimate expressions of thoughts and opinions. Under this act, broad powers were given to the authorities — such as the power to arrest people and search premises without a warrant on the suspicion that a crime was committed or to be committed online. As per the government, over 7000 cases were filed under the Digital Security Act from October 2018, and approximately 86 percent percent of those cases are still awaiting hearings. The DSA’s vague definitions of crimes and wide scopes of interpretation were used and abused for targeted criminalization of free speech that not only caused immense suffering to the victims but also created an atmosphere of intimidation, self-censorship, and a sense of insecurity among people at large and media and civil society in particular.
Against this backdrop the government has drafted a new Cyber Security Act 2023 which has been approved by the Cabinet on 28 August 2023. In substance, the draft CSA contains all the provisions from the DSA that compromise freedom of speech, dissent, thought and conscience, freedom of the press, and independent journalism.
1.2 Cybercrime Trend in Bangladesh-2023
The number of Internet users in Bangladesh doubled during the Corona epidemic. There are many reasons behind the increase in users. Among them, one of the main reasons is that during the epidemic, the people who were confined to their homes, from their daily necessities to various government and private offices, teaching in educational institutions, and even banking activities, became heavily dependent on online. Those who were previously not used to using the Internet, have adapted themselves to virtual living, either by compulsion or by the need of time.
According to the statistics of the regulatory body Bangladesh Tele-regulatory Commission (BTRC), the number of internet users in the country is 12 crore 42 lakh as of April 2022. Among them, 11 crore 32 lakh 10 thousand are internet users on mobile phones.
Along with this huge change in how ordinary people adapt to the virtual world, there has been a radical change in the way criminals commit crimes. While new tech gadgets are considered as a hobbyist or essential tools to the common man, cybercriminals are using them as auxiliary tools to commit different types or patterns of crime.
Starting from minor men and women, people with experience in using the internet are constantly being victimized by cybercrimes. Unknowingly people are stepping into the trap of various types
of cyber criminals. With time cyber criminals have also changed their crime pattern, as a result of which even by organizing various awareness seminars against cybercrime it is not possible to control the level of crime in most of the cases.
So much more research is needed to deal with new types of cybercrimes. Cybercrime Awareness Foundation (CCA Foundation) is working to build awareness through research and development as well as to build a healthy and indigenous digital culture compatible with that goal. Through survey, analysis, and research, identifying cybercrimes, ways to get rid of them, future actions, and creating cyber awareness, this report tries to highlight a pattern by publishing regular reports. Also, CCA Foundation is trying to ensure the best use of technology through data analysis.
Area to be covered:
Along with the increase in internet users, the level of cybercrime using the internet is also increasing. Cyberspace is an ethereal space with no borders. Criminals can conduct cybercrime activities from anywhere in the world. In most cases, cybercriminals remain undetected due to such mechanisms in cyberspace. It is not possible to stop cybercrime in the blink of an eye, but it is possible to reduce the level of cybercrime to some extent by analyzing the pattern of crime and the experience of victims of cybercrime. The main objective of this study was to determine the actual situation of cybercrime and the victims and determine the possible ways to get rid of it.
Points we got:
Crimes that have increased to last time include social media misinformation, fraud while buying products online, pornography, copyright crimes, etc. On the other hand, crimes such as online account hacking, and threats by sending online/phone messages are on the decline compared to last time.
1.3 Type of crime
I. Cyberbullying: Analyzing the results of the survey, most of the victims are victims of cyberbullying. These include abuse by defacing images, pornographic content, abuse on social media, and online-phone-messaging threats. This year's survey saw a slight increase in the number of victims of cyberbullying to 50.27 percent from 50.16 percent in the last report.
II. Subject-wise different crimes: The survey among the victims at the individual level showed that in 2022 cybercrimes in the country have increased alarmingly, including social media and other online account hacking or data theft. Also, the number of victims of scams using social media and buying products online is eye-catching.
Analyzing the comparative statistics of cybercrime in this year's survey, it has been found that hacking of other online accounts including social media is on the first place, with a rate of 23.79 percent. In the 2021 report, this rate was 28.31 percent, which is 4.52 percent higher than this year. It is a relief news for us that we have managed to create awareness among people to some
extent. However, the concern is that in the last report, the incidence of misinformation through social media was 16.31 percent. But this time it increased to 18.67 percent, which is 2.36 percent more than last time.
In addition, harassment using photos/videos of sexually harassing private moments (pornography) and photoshopped images of victims have increased at an alarming rate. Harassment by using photos/videos of private moments of sexual harassment (pornography) was
7.69 percent last time but it has increased to 9.34 percent this time and harassment by distorting victim's photo in photoshop was 5.85 percent in the last report but this time it is 1 Decimal 08 percent increased to 6.93 percent.
As a large number of people have become accustomed to online shopping due to the Corona epidemic, the number of victims of fraud while buying products online has increased at a huge rate. According to the survey, about 15.06 percent people have been cheated while buying products online, which is a matter of concern for us.
This year's report identified crimes such as online job fraud, although the rate is still very low.
1.81 percent of the interviewed victims were found to be victims of this type of crime. But we need to create awareness about this before the rate increases. Or there is a danger of such crimes increasing.
1.4 Corona Situation:
According to the information available in the research report of the previous years and the next year of the situation caused by the corona virus, a comparative analysis of the highest crimes can be seen, despite the significant reduction of misinformation through social media for the past four years, the trend of such crimes has started to increase again last year. Image distortion is also on the rise in Photoshop. The most alarming area has been created in online shopping. The e-commerce sector has almost doubled its serial crime growth rate in four years.
5.2 Age of Victims: An age-wise analysis of cybercrime in the survey revealed that most of the victims are in the age group of 18-30 years and the victimization rate is 80.90 percent. In second place are victims under the age of 18 and the rate of these victims is 13.57 percent. In third place are victims aged 31-45 with a rate of 5.03 percent and last is victims above 45 years of age with a rate of 0.50 percent.
According to the age-wise statistics, victims of 18-30 years and below 18 years are more victims of cyber crimes such as ID hacking or data theft through social media. Another alarming thing is that the increase rate of victims below 18 years is 4.4% compared to last year. 64 percent more have come in this survey.
1.5 Gender Based Crime:
Analyzing the data, it has been observed that there is a difference in the incidence of cybercrime between men and women. Women are more victims of cybercrime than men. Gender-wise differentiation of cybercrime victims shows that the number of male victims is 43.22% and the number of female victims is 56.78%. Women are also more likely than men to be victims of social media harassment, threats sent via mobile messages, pornography and fraud while buying products online. On the other hand, men are more victims of mobile banking account hacking than
women.
1.6 Concept of Law: Analyzing the data, it can be seen that 43.22 percent of the victims know about the information technology laws. The remaining 56.78 percent of the victims have no idea about the existing laws in the country.
Compared to last year, it can be seen that the number of victims who know about IT laws has reduced to a great extent this year. The rate which was 64.29% last year has reached 43.22% this year. That is, it is 21.07% less than last year.
1.7 Recourse to Law: Analysis of the data shows that only 53 out of 199 victims reported the problem to the law enforcement agencies. This is only 26.6 percent of the total victims, which is only 5.17 percent more than the figure of 2021.15.58 percent of male complainants approached law enforcement and 27.64 percent did not. It is also noticeable in the statistics that the number of female complainants is relatively less than that of male complainants. Among women victims, only 11.06 percent approached the law enforcement agencies with their problems and 45percent expressed reluctance to take legal recourse.
1.8 Expected outcome after complaint to law enforcement agencies:
Only 7.04 percent of the complainants approached the law enforcement agencies and 55.27 percent of the victims did not get the desired outcome after the complaint.
There are gender disparities in receiving expected outcomes following complaints. In terms of getting expected results after complaints, while the number of men is 8 or 4.02 percent, the number of women is only 6 or 3.02 percent. On the other hand, the percentage of women who did not get the result as expected is 28.64 percent, while the percentage of men is 26.63 percent.
If you look at the statistics of 2021, it will be seen that 22.22% of the total victims got the expected result after the complaint that year, which is 15.18% more than the statistics of 2022. That is, the expected result in this report has decreased to a large extent.
1.9 Reasons for not taking legal action:
Analyzing the data, it was found that the reasons for not taking legal action by the victims differed. A maximum 21 percent of the victims took legal action to keep the matter secret. In addition, 17 percent of the victims did not take any action to protect their social image, 17 percent of the victims were harassed by the legal system, 17 percent of the victims did not take any action because the accused person was influential. On the other hand, 2% of the victims did not feel the need to take action.
A minimum of 1% of the victims could not take any action due to not knowing how to take legal action. Apart from these, 6% of the victims did not take legal action for other reasons. The remaining 14% of the victims did not want to comment on the reason for taking legal action.
1.10 Advising Victims:
The data obtained shows that majority of the victims think immediate punishment of the offenders can be the most effective course of action, with a percentage of 39.41%. On the other hand, 31.64% of the victims feel that cyber crime can be reduced in the country if awareness is created. The rest of the victims felt that increasing law enforcement could be a good means of reducing the incidence of cybercrime, although its rate was the lowest at 28.95%.
1.11 Recommendations to the stakeholders: We have some recommendations to the relevant stakeholders including the government as every time with the aim of reducing the level of cyber crime. We have tried to highlight them in this report.
1.12 Widespread Cyber Awareness Activities:
Cyber awareness is another tool to prevent cyber crime. It is our collective responsibility to ensure a healthy cyber world. This work is difficult without public-private partnership. Therefore, for safe internet use, just like international gateways need to be monitored, awareness should also be developed at the parent level about where the next generation is traveling in the cyber world and what they are doing through the router used at home. Since the youth are ahead in the use of technology in the country, more importance should be given to creating awareness among them as well as increasing cyber literacy.
CCA Foundation believes that at least half of cyber crime control is possible through awareness. There is no substitute for awareness in dealing with cyber risks. In real life we can get the help of law enforcement if we face any problem. But there is no chance of that in cyber world. We are every user's own protector. That is, if you are not aware, you will not get rid of cyber risk. Therefore, public awareness should be created through the cooperation of public private initiatives and mass media in cyber security. For this reason, experts' advice on the use of
technology should be implemented regularly through posters, documentaries, brochures, content promotion in television and newspapers, workshops etc.
I. Budget on Cyber Awareness:
As a result of the multifaceted activities of Digital Bangladesh, ensuring safe internet usage has now become one of our basic needs. Therefore, the government should give importance to cyber awareness during national budget planning. Otherwise, if this important sector is overlooked, the social degradation will continue to increase with the constant use of the Internet.
II. Cyber Awareness in Corporate CSR:
Businesses in the country spend a significant portion of their profits on corporate social responsibility (CSR). However, the money allocated to this sector is usually not spent on cyber awareness. As a result, the vast majority of the population is not benefiting from the CSR sector for safe internet despite having the opportunity. For this, the government should take initiatives so that the CSR money is used in the cyber awareness sector. Having specific guidelines in this regard will play an important role in cyber awareness.
III. Inclusion of Cyber Lessons in Educational Institutions:
We know that the first school of man is mother's lap. That is, what is learned from childhood remains a path for life. For this, apart from making parents aware, educational institutions should also include 'Cyber Lessons'. From this year's research, we can see that the rate of increase in the number of victims under the age of 18 is alarming. For this reason, cyber lessons should be made compulsory from primary school to at least higher secondary. If cyber awareness issues are well achieved during this period, this education will play an important role in later education and professional work.
IV. Enhancing Cyber Literacy:
Not only in combating cybercrime, we should also emphasize on prevention. The public and private sectors of our country should conduct organized and comprehensive campaigns in schools, colleges and universities to increase awareness about cybercrime. As ensuring cybersecurity is everyone's responsibility, everyone has an equal role in raising awareness In particular, it is important to start teaching children and parents about cybersecurity. In this age of rapid technological advancement, children need to be immersed in technology at an early age to acquire the necessary skills. Therefore, it is everyone's responsibility and duty to make cyber space a friendly and safe haven for children and their parents to make the best use of this opportunity and facilitate the path of skill acquisition.
V. Proper use of political manpower
The manpower of various political parties of the country can play an important role in developing a healthy cyber culture. Political leaders lead important places in society. As a result,
if they implement any program together with common people locally, it is well affected. If there is skill, experience, intelligence and honesty, a political leader will strive for the welfare of the people by combining them. The leaders and workers can be made efficient by various awareness training on the safe use of the Internet and moral values by combining the young and the old in the neighborhood, mohalla and union. Then they will bring positive changes in the safe internet usage in the society.
VI. Obtaining the cooperation of mass media:
The media should be considered as the mirror of the society, which plays an important role in the formation of strong public opinion. It is said that the mass media is formed in the same way as the public opinion. The cooperation of the mass media should be taken to make all the people of the country aware of the safe use of the Internet. Extensive campaigning should be undertaken regarding the dangers of the cyber world, remedies and prevention. In this regard, regular cyber awareness content campaigns in the media will play an important role. The government should take initiative and take effective steps in this regard.
Source: ICT Division 2022
1.13 Cyber Security
The provisions outlined in sections 5, 6, and 7 of the draft Cyber Security Act pertain to the establishment, structure, and appointment of key personnel within the Cyber Security Agency. While these provisions are a step in the right direction towards establishing an agency responsible for cyber security in Bangladesh, a comprehensive analysis reveals areas that could benefit from further refinement and alignment with global best practices.
I. Establishment of Agency (Section 5): The establishment of a dedicated agency for cyber security is crucial for addressing evolving cyber threats. However, the scope and functions of the agency should be more explicitly defined within the Act itself. Additionally, the Act should lay out the agency's responsibilities, such as incident response, threat intelligence, and coordination with other relevant authorities, to ensure a comprehensive cyber security framework.
II. Appointment and Expertise (Section 6): The requirement for appointing the Director General and Directors with expertise in computer or cyber security is a positive step. However, the Act should further emphasize the importance of multidisciplinary expertise, including legal, technical, and policy skills. This ensures that the agency is equipped to tackle the diverse challenges of cyber security effectively.
III. Manpower and Resources (Section 7): While the provision allows the agency to appoint necessary employees, it lacks specificity regarding the types of roles required, such as cybersecurity analysts, incident responders, legal experts, and policy advisors.
The Act could include a broader framework for the agency's organizational structure and required skill sets.
IV. National Cyber Security Council: The provisions outlined in sections 12 - 14 establish the National Cyber Security Council, comprising various government officials and specialists, to oversee the implementation of the draft Cyber Security Act, which is a positive step towards enhancing cyber security efforts. However, certain aspects of the composition and authority of the Council warrant consideration in terms of the best practices for effective governance in the realm of cyber security.
V. Expertise and Representation: While the draft Act's Council includes officials from key government bodies, such as the Ministry of Post, Telecommunication and Information Technology, the Ministry of Law, Justice and Parliamentary Affairs, and others, the expertise in cyber security might be better addressed with dedicated representatives from specialized entities. For example, the armed forces, intelligence agencies, and police chiefs may not possess the technical knowledge required to address cyber security challenges effectively.
VI. Authority and Independence: The Council's role is substantial, including providing directions, and advice and formulating policies for digital security. To ensure the Council's effectiveness, it should be granted sufficient authority and independence in decision-making while also being subject to appropriate oversight mechanisms.
1.14 Cyber Threat and Security: Bangladesh Perspective
“Cyberspace is the realm of computer networks (and the users behind them) in which information is stored, shared, and communicated outline.” (Singer and Friedman, 2014). The age of globalization is marked by the rapid spread of information and communication technology. Secure cyberspace is a key element of protecting national security is the age of globalization. It plays significant role in achieving economic prosperity and credible defense of a country (Williams,2013).These are important to build a strong, modern, powerful and industrial nation. With the rapid advancement of information and communication technology (ICT), cyber- crime has become a considerable security concern in international area. States are now under security threat from both individual cyber criminals and state sponsored cyber- crimes to protect their confidential data. These threats abysmally impact the economic progress and defense systemof a country, and create diplomatic conflict in world order. Thus the issue of information technology hampers the international peace, security and development. The above international Scenario exacerbates the cyber security of Bangladesh. The country lacks modern information and communication technology that benefits criminals to commit phishing, hacking and stealing of secret private data. Criminals target personal and organizational data, in addition, digital facilities to the general people by government and non-government sectors. Public and private organizations are providing digital facilities without ensuring proper security efforts. Moreover, the Information and Telecommunication Act of the country is ineffective in securing cyberspace. This study attempts to investigate the major challenges of Bangladesh for its volatile cybersecurity initiatives in the globalized world. In doing so, the study examined the
effectiveness of current informational and telecommunication laws and therefore suggests remedial measures for ensuring cyber security of Bangladesh. The present study concludes by uttering that it is high time for Bangladesh to secure its cyberspace in order to emerge as a powerful state in the world.
1.15 Current Scenario of Cybersecurity in Bangladesh:
The world is becoming more and more globalized thanks to the rapid growth of information and communication technology especially due to internet. Bangladesh is also trying to be an active participant inthis evolution. Due to lack of adequate natural resources, the country is trying to achieve economic independence through the utilization of ICT industry. Moreover, Bangladesh intends to use ICT sector as boosting element for socio-economic development (Maruf, Islam, Ahamed, 2010, p. 118). The Awami League- led present government of Bangladesh has taken vision-2021. It‟s another interpretation is Digital Bangladesh vision. Bangladesh wants to be fully digitalized in every national sector such as educational institutes, hospitals, financial institutes, law-enforcement agencies, service sectors, etc. Private sectors are also coping with the pace as well such as offering online services to consumers, facilitating online shopping, e-commerce, e-banking, mobile banking etc. As like every thesis has an anti-thesis, vision for digitalized Bangladesh has its adverse effects also. With the increasing online activities in cyber space, criminals are using this space as well for their own criminal activities. In the process of becoming a digitalized country, phishing, hacking, and stealing of personal data are routine activities in Bangladesh (Bleyder, 2012). If we examine the nature of cyber-crimes, then we have a clear picture of cyber security condition in Bangladesh. We can see two broad categories of cyber-crimes in Bangladesh, direct and indirect. Direct cyber-crime nature in Bangladesh is almost similar to world context such as malicious mail to foreign diplomatic mission and other VIP personnel, pornography, use of e-mail for illegal activities, use of internet for transmitting false and malicious information, use of internet for prostitution (a lot of examples of illegal prostitution promotion web sites of Bangladesh), use of internet for women and child trafficking etc. (Alam, 2007). On the other hand, indirect cyber-crimes are like pathways for traditional crimes such as kidnapping, robbing banks, committing murders, threatening and demanding money by using exclusive pornographic videos and pictures (photo-shopped in most cases) etc. According to Bangladesh Police, the traditional crime rate has decreased significantly compare to 80s and 90s but in reality the criminals are using new risk free methods to conduct the crimes and in these cases indirect use of cyber- crimes are the most preferable methods. Cyber-crimes may still not that much popular as replacement for traditional criminal activities in Bangladesh but these are using as medium of various kinds of organized crimes. In recent months, the rates of these in direct cyber-crimes have increased rapidly. Bangladesh Police investigated such a crime where an interesting case came up. A consultancy agency gave advertisements in prominent national dailies such as Prothom Alo by saying that they can send Bangladesh
citizens to Canada and interested candidates need to pay 16.5Lac (1.65million) taka for that. The case seemed unusual to police and they went to investigate to that particular company named BD Company. Later on police found out it’s a fraud company without adequate knowledge and government approval or license for manpower business. The company’s Managing Director (MD) is a young person and never visited any country before. This seemed a regular crime at first but in reality it was part o fan international organized crime and young MD was just apawn of it. He was also played in the hand of an international organized crime network. At the time of investigation already 37 interested candidates paid one Lac (100 thousand) taka per each to that company just because of the lack of awareness, and the young MD sent 26.5 Lac (2.65 million) taka to his counterpart by using Hundi (did not pay government tax using illegal means) to another Bangladesh citizen living in UK and he deposited it to the original suspect’s bank account. This money laundering process used internet and online banking system very frequently and the prime criminal suspected to be a citizen of Nigeria who has international bank account in UK. In this case, we can clearly assume how cyber-crime can be used in the process of traditional criminal activities (Alam, Md. Shah, personal communication, July 27, 2018).
1.16 Effects of cyber violence
In a somewhat conservative society like Bangladesh, the effects of cyber violence against women are not limited to the victims. They have a chain reaction on their families and eventually tear a hole in our social and moral fabric. It has been observed that most people generally believe everything posted in social media. Lack of awareness, ignorance and education results into a shallow public psychology which is a major reason for such in discriminate belief system. As a result, when a girl’s exposed photographs are published along with a spicy fabricated story, general internet users do not go in to analyzing whether it’s true or false. They are rather happy to consume such content and become interested to spread the gossip. Such tendency helps make almost any kind of online sex-related chatter go viral thereby amplifying the victim’s suffering by a thousand times. Not to mention the misery of the victim’s family members who face social exclusion, humiliation and public resentment (Karaman, 2017). In a somewhat conservative society like Bangladesh, the effects of cyber violence against women are not limited to the victims. They have a chain reaction on their families and eventually tear a hole in our social and moral fabric. At an individual level, such cyber violence lead to severe depression, guilt, embarrassment, self-blame apprehension and fear of harm to self and family members. Consequently, it leads to shattering the victim’s career, education and social life. Some victims take the route of drug addiction while some choose to end their lives. Only in a handful of exceptional cases do we see the victims recover from such a tragedy. From2010 to 2014, Bangladesh National Woman Lawyers' Association identified a total of 65 reported suicide attempts by female victims of violence. It also reveals that on an average, every year there are 11 suicide attempts by women due to cyber violence. By contrast, in 2008 this number stood at 8 revealing a sharp increase in the trend. Needless
to mention, the official statistics is just the tip of the iceberg. The number of unreported cases far outweighs the reported ones (BNWLA, 2014). Every year there are 11 suicide attempts by women due to cyber violence.
1.17 Challenges to Bangladesh
When anyone starts to think about cybersecurity in Bangladesh, the words stuck in mind that are pirated software and poor infrastructural system to protect cyber space in Bangladesh. In Bangladesh, around 90% of software is pirated (Bleyder, 2012). Using pirated software has become a culture and habit to Bangladesh people. This habit of using pirated software is leading us to more vulnerable position in the cyber security domain. This is the only challenge that Bangladesh is facing right now in the quest of cyber security but it can’t ignore the impacts and consequence of it either. Apart from security concern regarding pirated software uses, there are some grave challenges as well regarding Bangladesh cyber security that we cannot deny any more. To understand the challenges of cyber security in Bangladesh, first it is needed to be aware of the nature of cyber-crimes in Bangladesh that we are facing day to day life. It can divide it into four categories. First, cyber-crimes that are targeting individuals, such as: hacking or cracking, illegal/unauthorized access, illegal interception, data interferences, E-mail spoofing, spamming, cheating and fraud, harassment and cyber stalking, defamation, drug trafficking, transmitting virus and worms, intellectual property crimes, computer and network resources vandalism, internet time and information thefts, forgery, denial of services, dissemination of obscene material etc. Second one is cyber-crime against property such as: credit card fund stealing, intellectual property crimes, internet time theft etc. Third one is crime against organizations. Such crime examples are like unauthorized control/access over the network resources and websites, exposing indecent/obscene materials over the web pages, virus attack, E-mail bombing, logic bombing, Trojan horse, data diddling, blocking from access, theft of important possessions, terrorism against government organizations, vandalizing the infrastructure of the network etc. Fourth and last categories of cyber-crimes are happening against the society or social values of Bangladesh. Such crimes are like forgery, online gambling, trafficking, pornography (especially child pornography), financial crimes, polluting the youth through indecent exposure, web jacking etc (Maruf, Islam, Ahamed, 2010).
Discussing the major challenges for cyber security in Bangladesh, pornography is a concern for Bangladesh especially if we consider the social values, morals, ethics of Bangladeshi culture and society. We can now chat with anyone in the globalized world. We can share and exchange our cultural values. A very natural element of different country‟s culture may harm our culture heavily because of cultural diffusion. Spreading of pornography is such a bothersome element for Bangladeshi culture where not even adult education has not been accepted yet. According to Bangladesh Police, they are facing many cases where people are regularly demanded to give ransom money or conned by illegal pornographic use such as
secret nude video footage, photo-shopped pornographic picture editing etc. Criminals are targeting victims‟ closed ones like parents, family members, relatives etc. Victims can be any woman or child even boy child as well but the frequency of teenage girls victims are higher than usual. In this regard, we must consider the duel criminality as well. Duel criminality means that the crime has been acknowledged in both countries of victims and crime suspects and here lays another complexity to deal with pornography. Usually in many countries such as in U.S., adult pornography may not be a crime in every case but in Bangladesh it is so when the crime suspect is related to U.S. then Bangladesh cannot claim it as duel criminality and faces difficulties to deal with this crime as transnational crime itself is a complex issue. On the other hand, child pornography is a duel criminality, and we can work together through international cooperation. We can give an example in this case. In this year, a famous litterateur for writing child-literature in Bangladesh named Tipu Kibria had been caught in red hands of police for illegal child pornographic activities. He used street male children for making child pornographic videos and photo shooting in his home and lab. At the time when he was caught by the police, he had already a bused around 400-500 street children for his dirty ambition. He has two assistants to help him out in these illegal activates and police found 13 international buyer names from Tipu Kibria who regularly paid him for weekly supplies through international or online bank transactions. Bangladesh Police also suspects that maybe there are many more suppliers other than Tipu Kibria as well. So we can clearly say, pornography is a serious concern regarding Bangladesh cyber security concern (Alam, Md. Shah, personal communication, July 27, 2018).
Cyber security threat regarding financial transaction such as online banking, e- commerce, money laundering, financing to transnational organized crimes like drug trafficking, terrorism etc. are another major challenge to Bangladesh cyber security arena. Cyber threat can lead Bangladesh to serious economic downfall especially in banking sector. Bangladesh is a new customer of online financial transaction and lack proper maturity in this new field but a globalized world is making online banking and any kind of online transaction more frequent so Bangladesh cannot deny the inevitable consequences as well. Asa result, it is going to become a major security concern in upcoming days. Widespread uses of credit cards and the rise of electronic payment methods are also putting a large number of customers‟ private information such as bank account name, bank account number, cell number, E-mail ID etc. in danger (Bleyder, 2012). In recent times, Bangladesh law- enforcement agencies are facing many cases regarding direct or indirect cyber threats to Bangladesh online banking sector or other online financial transactions. Bangladesh Police described one particular case where a single individual person held 125 credit cards in his name from 5-7 different banks. At the time of his capture, there had already been millions taka dealing through these credit cards. In these cases, internal employees of banks are also involved and they are promoting these activities for getting profit sharing. In the name of fake companies, millions of taka has been vanished from banks and online banking, credit cards are now the safest and preferable ways to do that. Banks are taking many security initiatives to restrict illegal transactions but
internal sabotage and security dependency on others are making it more challenging. On top of that, after revealing money laundering or forgery, banks usually do not want to take proper responsibilities and try to hide the case for considering their age old reputation. The most troublesome condition in this case is that banking authority often tries to make their innocent customers as shadow victims by accusing them as a faultier for these financial misconducts and it turns into a cause of individual security concern. Apart from sabotaging online financial transaction, there are always threats of phishing as well. Phishing or pulling out confidential information from the bank/financial institutional account holders by using deceptive means or provocative e- mails, advertisements are affecting a large of victims in Bangladesh. In these cases, victims usually lose 100-500 USD per case and they hesitate to go to the police for complaining which again make the case more difficult to tackle for law-enforcers in Bangladesh (Alam, Md. Shah, personal communication, July 27, 2018).
Hacking or illegal intrusion into a computer system without the permission of owner or user (Maruf, Islam, Ahamed, 2010, p. 116) is another prime concern of Bangladesh cyber security especially for disrupting good diplomatic relations with other countries and creation of confusion among various parties. Hacking has become a routine security concern in Bangladesh nowadays. Usually, government and important financial institution websites are the targets of hackers. In the name of ultra-patriotism or ultra-nationalism, a country’s young hackers can attack another country’s website and it may enter into a void of attack and counter attack collision. Lack of adequate cyber security knowhow, poor cyber infrastructural system such as dependency on outside server system provider companies etc. are putting Bangladesh in more difficult position to combat cyber hacking (Alam, Md. Shah, personal Communication, July 27, 2018). Another major challenge for Bangladesh cyber security is data stealing. Such recent example is the issue of leakage of partial verdict of Bangladesh War Crime Tribunal before having a formal court’s decision. This was happened through Skype voice recording. It was a major backlash for Bangladesh government and exposed the vulnerability of Bangladesh cyber security arena (Alam, Md. Shah, personal communication, July 27, 2018).
Apart from above challenges, there are cyber security threats to individual level as well. A scene of personal insecurity is always working nowadays in Bangladesh because of the rapid growth of internet and social network such as Facebook. Anyone can be victim and feel insecurity of losing personal information or facing unwanted threats that can demolish his/her respect and social prestige within a matter of time. At the end, we cannot say cyber- crime or internet-based crime is not just a part of routine crime anymore in Bangladesh rather it is spreading to a more complex form of crime where traditional criminals are using cyber space in a more covert and smarter way to do their job.
1.18 Individual Awareness:
We cannot ignore the consequences of globalization anymore. Apart from our government every individuals of Bangladesh also must consider the safety of his/her personal data and information. In both public and private sectors, the top management, the middle management and ground level service providers, employees, employers, workers, students, customers, consumers etc. should have minimum level of education and expertise to handle the cyber technologies. They should be aware of cyber threats as well. Only proper education and awareness can rescue Bangladesh from falling into deep pitfall of cyber security threats (Alam, Md. Shah, personal communication, July 27, 2018).Anyone using the internet should exercise some basic precautions. Here are 11 tips which may help protect us against the range of cybercrimes out there. (i) To use a full-service internet security suite, (ii) To use strong passwords (iii) To keep your software updated (iv) To manage the social media settings(v) To strengthen home network (vi)Totalkto your children about the internet
(vii) To keep up to date on major security breaches (viii) To take measures to help protect yourself against identity theft (ix) To know that identity theft can happen anywhere (x) To keep an eye on the kids and (xi) To know what to do if you become a victim. If anyone believe that s/he has become a victim of a cybercrime, s/he needs to alert the local police and, in some cases, the FBI and the Federal Trade Commission. This is important even if the crime seems minor. His/her report may assist authorities in their investigations or may help to thwart criminals from taking advantage of other people in the future. If we think cybercriminals have stolen our identity. These are among the steps we should consider.
• Contact the companies and banks where you know fraud occurred.
• Place fraud alerts and get your credit reports.
• Report identity theft to the FTC.
Overall, in the globalized world, cybercrime can pose a potential threat for the national security of any country whereas Bangladesh is more vulnerable to this type of threat. Because of the lack of advanced cyber technologies and lack of awareness, the country can suffer extreme security threats produced by cybercrimes. Moreover, the existing acts regarding cyberspace are not effective in safeguarding the cyberspace of the country. Bangladesh needs more international cooperation, technical know-how and expertise and massive public awareness to deal with cyber security threat and its use in transnational organized crimes. Manyof us can argue that the cyber threats may not be the possible near future scenario for Bangladesh but we cannot ignore the existing facts regarding the increase of cyber-crimes in both Bangladesh and global world. Finally, it can be concluded that, it is high time for Bangladesh to initiate proper measures to combat any potential threat committed by cyber criminals. In this case, the government of Bangladesh and the general people can take into consideration the above suggestions provided in this paper respectively.
2.0 Cyber Security Act 2023 Bangladesh: key features
The Cyber Security Act 2023 of Bangladesh introduces a comprehensive framework to tackle cybercrime and regulate digital activities. Here are the key features of the Act:
I. Replacement of the Digital Security Act (DSA):
The Cyber Security Act 2023 replaces the controversial Digital Security Act (DSA) of 2018, addressing criticisms by amending various sections while retaining many original provisions (DataGuidance) (Dhaka Tribune) (The Daily Star).
II. Non-Bailable Offenses:
Several offenses under the Act remain non-bailable, including intrusion into key information infrastructures, damaging computer systems, cyber-terrorist activities, and hacking-related crimes (Dhaka Tribune).
III. Enhanced Law Enforcement Powers:
The Act empowers law enforcement officers, particularly police inspectors, to search and arrest without warrants under specific circumstances. This provision, similar to the DSA, has raised concerns about potential abuse and infringement on personal freedoms (DataGuidance) (Dhaka Tribune).
IV. False Case Provisions:
New provisions penalize individuals who file false cases with the intent to harm others. If a false case is filed, the person responsible can face the same punishment as prescribed for the original offense (Dhaka Tribune).
V. Data Blocking and Removal:
Law enforcement agencies are authorized to request the removal or blocking of digital content that is deemed to affect national cohesion, security, defense, or public order. This measure aims to prevent the spread of harmful or inflammatory content online (Dhaka Tribune).
VI. Freedom of Expression Concerns:
Despite amendments, the Act continues to attract criticism for potentially curbing freedom of expression. Critics argue that it could be used to suppress dissent, target journalists, and stifle political opposition (Data Guidance) (The Daily Star).
VII. Defamation Penalties:
Penalties for defamation under the new Act have been revised to involve fines instead of
imprisonment. However, failure to pay the fines can still result in jail time (The Daily Star).
VIII. Introduction of Hacking Offenses:
A new section on hacking offenses has been introduced, carrying severe penalties, including a maximum jail term of 14 years or a fine of up to Tk 1 crore, or both (The Daily Star).
Overall, the Cyber Security Act 2023 of Bangladesh aims to strengthen cybersecurity measures while addressing some criticisms of its predecessor. However, it remains controversial, particularly regarding its implications for freedom of expression and the extensive powers granted to law enforcement (Data Guidance) (Dhaka Tribune) (The Daily Star).
2.1 cyber security Act 2023 Bangladesh: Importance
The Cyber Security Act 2023 of Bangladesh holds significant importance for several reasons:
I. Modernization of Cyber Laws:
The Act represents a critical update to Bangladesh's legal framework regarding cybersecurity, replacing the Digital Security Act (DSA) of 2018. This modernization is essential to address the evolving landscape of cyber threats and digital crimes more effectively (DataGuidance) (The Daily Star).
II. Enhanced National Security:
By introducing stringent measures against cyber terrorism, hacking, and intrusion into key information infrastructures, the Act aims to bolster national security. These provisions are designed to protect critical digital infrastructure and sensitive information from cyberattacks (Dhaka Tribune) (The Daily Star).
III. Improved Regulatory Framework:
The Act establishes a comprehensive regulatory framework to tackle cybercrimes, including defamation, dissemination of false information, and digital fraud. It sets clear guidelines and penalties for various cyber offenses, thus providing a robust mechanism to deter and prosecute cybercriminals (DataGuidance) (Dhaka Tribune).
IV. Protection of Digital Infrastructure:
By penalizing activities that damage computer systems and networks, the Act aims to safeguard Bangladesh's digital infrastructure. This is crucial for maintaining the integrity and functionality of essential services that rely on digital technologies (Dhaka Tribune).
V. Promoting Responsible Use of Digital Platforms:
The Act includes provisions to block or remove harmful digital content that could affect public order or national security. This helps in preventing the spread of misinformation and hate speech, promoting a safer digital environment (Dhaka Tribune).
VI. Balancing Freedom of Expression:
Although the Act has faced criticism for potentially curbing freedom of expression, it attempts to balance this right with the need to protect national interests and prevent misuse of digital
platforms. The revised defamation penalties and the introduction of penalties for filing false cases are steps towards achieving this balance (Data Guidance) (The Daily Star).
VII. Legal Clarity and Enforcement:
The Act provides clear definitions and legal clarity on various cybercrimes, which aids in better enforcement and judicial processes. This clarity helps law enforcement agencies to act more decisively against cyber threats (Dhaka Tribune) (The Daily Star).
VIII. International Standards Alignment:
The Cyber Security Act aligns Bangladesh's cyber laws with international standards, enhancing the country's ability to cooperate with other nations in combating transnational cybercrimes. This alignment is vital for global cybersecurity collaboration and intelligence sharing (DataGuidance) (The Daily Star).
In summary, the Cyber Security Act 2023 is a crucial step for Bangladesh in strengthening its cybersecurity posture, protecting digital infrastructure, and promoting responsible digital behavior, while also addressing previous criticisms and striving for a balance between security and individual freedoms (DataGuidance) (Dhaka Tribune) (The Daily Star).
The Cyber Security Act of 2023 in Bangladesh was developed as a successor to the contentious Digital Security Act (DSA) of 2018. The DSA was widely criticized for its broad and vague provisions, which allowed for significant government overreach, including the ability to arrest individuals without a warrant and criminalize various forms of speech and online activity. This led to numerous cases and significant public outcry from human rights organizations, journalists, and activists.
1.8 Background and Evolution:
I. Historical Context: The Digital Security Act of 2018 aimed to curb cybercrimes, but its implementation revealed numerous issues. Critics argued that it was used to suppress dissent and limit freedom of expression. The DSA followed the Information and Communication Technology (ICT) Act of 2006, which also had draconian provisions like Section 57 that penalized online speech.
II. Transition to Cyber Security Act: In response to widespread criticism, the government introduced the Cyber Security Act in 2023. This new law retains several provisions from the DSA but makes certain amendments. For instance, penalties under specific sections have been reduced (e.g., from 10 years to 7 years for propaganda related to the Liberation War) (Global Voices Advox) (DataGuidance).
III. Key Issues and Concerns: Despite the changes, the Cyber Security Act still faces significant criticism. Key issues include:
▪ Broad Powers: Authorities continue to have extensive powers to conduct
searches and make arrests based on suspicion alone, which many argue can still be used to intimidate and silence critics.
▪ Freedom of Expression: The Act's provisions are seen as restrictive and not fully aligned with international human rights standards. Critics assert that the law can still be used to target journalists, activists, and political opponents under the guise of cyber security (Global Voices Advox) (Freedom Info).
▪ Lack of Stakeholder Consultation: The brief window for public input (August 10 to August 22, 2023) was seen as insufficient for meaningful engagement, raising concerns about the transparency and inclusiveness of the legislative process (DataGuidance).
IV. Importance of the Act: The Cyber Security Act is seen as a crucial legal framework for addressing cybercrimes in Bangladesh, aiming to protect the country's digital infrastructure and personal data. However, balancing security concerns with civil liberties remains a contentious challenge. Ensuring that the law is not misused for political purposes is essential for maintaining public trust and upholding democratic principles.
The background and ongoing discussions around the Cyber Security Act highlight the complex interplay between security, governance, and human rights in the digital age. As Bangladesh continues to navigate these issues, the international community and local stakeholders will be closely monitoring the law's implementation and impact.
1.9 Cyber Security Act 2023 Bangladesh: Recommendation
The Cyber Security Act 2023 of Bangladesh addresses crucial aspects of cybersecurity but has faced criticism for retaining several controversial provisions from its predecessor, the Digital Security Act (DSA) of 2018. Here are some recommendations to enhance the effectiveness of the Act while ensuring it protects human rights and freedoms:
I. Clear Definitions and Narrow Scope:
Recommendation: Clearly define key terms such as "propaganda," "false information," and "cyber terrorism" to avoid broad interpretations that can lead to misuse. Limit the scope of the law to focus specifically on genuine cyber threats and activities.
Rationale: Vague and broad definitions can be misused to target dissenting voices and suppress free speech. Clear definitions help in protecting legitimate online activities while focusing on real cyber threats (Global Voices Advox) (FreedomInfo).
II. Judicial Oversight:
Recommendation: Introduce a requirement for judicial oversight before law enforcement can conduct searches or make arrests under the Act.
Rationale: Judicial oversight ensures checks and balances, preventing potential abuse of power by law enforcement and protecting individuals' rights (Data Guidance).
III. Safeguards for Freedom of Expression:
Recommendation: Amend or remove provisions that can be used to penalize individuals for expressing opinions online. Ensure that the law aligns with international human rights standards regarding freedom of expression.
Rationale: Protecting freedom of speech is essential for a democratic society. The law should not be used as a tool for censorship or to stifle political opposition (Data Guidance) (FreedomInfo).
IV. Stakeholder Consultation:
Recommendation: Conduct extensive consultations with a wide range of stakeholders, including civil society, human rights organizations, the tech community, and journalists, to refine the Act.
Rationale: Inclusive and transparent legislative processes help build trust and ensure that the law addresses the concerns of all relevant parties (DataGuidance).
V. Training and Capacity Building:
Recommendation: Provide specialized training for law enforcement and judicial personnel on the proper implementation of the Act, focusing on respecting human rights and avoiding abuses.
Rationale: Well-trained officials are better equipped to enforce the law fairly and effectively, reducing the risk of misuse and ensuring that cybercriminals are appropriately targeted (Global Voices Advox).
VI. Regular Review and Accountability Mechanisms:
Recommendation: Establish mechanisms for regular review and assessment of the Act's implementation, including an independent oversight body to monitor and report on its impact.
Rationale: Regular reviews help identify and address any issues arising from the implementation of the Act, ensuring it remains effective and fair over time (DataGuidance).
VII. Public Awareness Campaigns:
Recommendation: Launch public awareness campaigns to educate citizens about their rights under the Act and the importance of cybersecurity practices.
Rationale: Informed citizens are better prepared to protect themselves online and to understand their rights, reducing the likelihood of unwarranted legal action against them (FreedomInfo).
By implementing these recommendations, the Cyber Security Act 2023 can better balance the need for cybersecurity with the protection of individual rights and freedoms, fostering a safer
and more open digital environment in Bangladesh.
3.0 The cyber security Act 2023: Background and context of the Act
The Cyber Security Act of 2023 was enacted to address the growing concerns around digital threats, data breaches, and the protection of critical infrastructure. The background and context of this legislation can be understood through several key aspects:
1) 3.1 Key Provisions of the Cyber Security Act 2023
I. Mandatory Reporting:
Organizations are required to report significant cyber incidents to a designated national cybersecurity authority within a specified timeframe. This aims to ensure timely responses and mitigate the spread of threats.
II. Enhanced Protection for Critical Infrastructure:
Specific guidelines and standards are established for sectors deemed critical to national security and public safety, including energy, healthcare, and finance.
Operators of critical infrastructure must implement rigorous cybersecurity measures and regularly undergo security audits.
III. Data Protection and Privacy:
Strengthened data protection rules ensure that personal data is handled securely, with measures to prevent unauthorized access and data breaches.The Act includes provisions to safeguard individuals' privacy, aligning with principles found in international data protection laws.
IV. Support for Cybersecurity Research and Development:
Funding and support are provided for research initiatives aimed at advancing cybersecurity technologies and solutions.
Collaboration between government, academia, and the private sector is encouraged to drive innovation in cybersecurity.
V. Capacity Building and Education:
Programs are established to enhance the cybersecurity skills and awareness of the workforce, including training for professionals in the field and educational initiatives for the general public. Efforts are made to develop a pipeline of skilled cybersecurity professionals to meet the growing demand.
VI. International Cooperation:
The Act promotes collaboration with international partners to address cross-border cyber threats and share best practices.
Agreements and partnerships are established to enhance global cybersecurity resilience. The Cyber Security Act of 2023 represents a comprehensive approach to tackling the multifaceted
challenges of cybersecurity in an increasingly digital world. It seeks to protect national interests, safeguard individual privacy, and promote a secure environment for economic and technological advancement.
2) 3.2 The Cyber Security Act 2023: The process of preparing the Act
The preparation process for the Cyber Security Act of 2023 involved meticulous planning, research, collaboration, and consultation. Here's a detailed overview of the steps involved:
I. Identification of Need: Analysis of Cyber Threat Landscape:
Government agencies, cybersecurity experts, and relevant stakeholders conducted an assessment of current cyber threats and vulnerabilities. Reports, studies, and data on cyber incidents, both domestically and internationally, were reviewed to understand the evolving threat landscape.
II. Establishment of Working Groups and Task Forces Formation of Expert Panels:
Government authorities established working groups comprising cybersecurity professionals, legal experts, industry representatives, and policymakers. These groups were tasked with conducting in-depth research, drafting provisions, and providing expertise throughout the preparation process.
III. Research and Analysis Review of Existing Legislation:
The working groups examined existing cybersecurity laws, regulations, and frameworks at the national and international levels. They identified gaps, inconsistencies, and areas for improvement to inform the drafting of the new legislation.
Assessment of Best Practices:
Best practices and standards recommended by international organizations, such as the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST), were studied. Successful approaches implemented by other countries and jurisdictions were analyzed to incorporate relevant strategies into the Act.
IV. Stakeholder Engagement and Public Consultation Engagement with Industry and Academia:
Consultation sessions, workshops, and roundtable discussions were organized with representatives from various sectors, including technology, finance, healthcare, and academia. Input from industry experts and academic researchers helped identify sector-specific challenges and develop tailored solutions.
Public Feedback Mechanisms:
Draft versions of the Act were made available for public review and feedback through official government channels. Online portals, public forums, and surveys were utilized to gather input from citizens, businesses, and other interested parties.
V. Drafting of Provisions Collaborative Drafting Process:
Working groups collaborated to draft the provisions of the Act, considering input from stakeholders, legal experts, and policymakers. Provisions were carefully crafted to address identified gaps, protect critical infrastructure, and promote cybersecurity best practices.
Legal Review and Analysis:
Legal experts reviewed the draft provisions to ensure compliance with existing laws, constitutional principles, and international obligations.
Language and terminology were refined to enhance clarity, coherence, and enforceability.
VI. Internal Review and Revision Iterative Review Process:
Draft versions of the Act underwent multiple rounds of internal review and revision by government officials, legal advisors, and subject matter experts.
Feedback from reviewers was incorporated to refine the language, structure, and substance of the legislation.
VII. Finalization and Approval Approval by Government Authorities:
The finalized draft of the Act was submitted to relevant government authorities or ministries for approval. Approval processes varied depending on the country's legislative procedures and governance framework.
VIII. Publication and Implementation Planning Publication of the Act:
Once approved, the Act was formally published in official government gazettes or legislative journals. Copies of the Act were made available to the public through government websites and other dissemination channels.
Implementation Planning:
Government agencies responsible for implementing the Act developed detailed implementation plans, including timelines, resource allocation, and coordination mechanisms.
Training programs, awareness campaigns, and capacity-building initiatives were planned to support effective implementation.
IX. Monitoring and Evaluation Performance Metrics and Indicators:
Metrics were established to monitor the effectiveness of the Act in achieving its objectives, such as reducing cyber incidents, enhancing resilience, and improving compliance.
Evaluation mechanisms were put in place to assess the Act's impact over time and identify areas for improvement through periodic reviews.
The preparation process for the Cyber Security Act of 2023 involved a collaborative and iterative approach, drawing on expertise from diverse stakeholders and rigorous analysis of cybersecurity challenges and best practices. This comprehensive process aimed to develop legislation that addresses the complex and evolving nature of cyber threats while balancing the
needs of various stakeholders.
3) 3.3 The Cyber Security Act 2023: Any global and domestic political and economic influence to prepare the policy (whether politics decided the policy)
The preparation of the Cyber Security Act of 2023 was influenced by a combination of global and domestic political, economic, and security factors. While politics played a significant role in shaping the policy, it was not the sole determinant. Here are some key influences:
I. Global Political and Economic Influences: International Cyber Threats:
The proliferation of cyber threats, including state-sponsored cyberattacks, cyber espionage, and ransomware campaigns, influenced global cybersecurity agendas. High-profile incidents, such as the Solar Winds supply chain attack and the Colonial Pipeline ransomware attack, awareness of the need for robust cybersecurity measures.
International Norms and Standards:
International organizations, such as the United Nations, the European Union, and the International Telecommunication Union, promoted cybersecurity norms and standards.The Cyber Security Act of 2023 may have been influenced by global initiatives, such as the Budapest Convention on Cybercrime and the Tallinn Manual on the International Law Applicable to Cyber Warfare.
Geopolitical Tensions:
Geopolitical tensions and rivalries between countries influenced cybersecurity policies and strategies.The Act may have been shaped by geopolitical considerations, including concerns about cyber espionage, intellectual property theft, and influence operations.
II. Domestic Political and Economic Influences: National Security Imperatives:
National security concerns played a significant role in shaping cybersecurity policies. Governments prioritized the protection of critical infrastructure, defense capabilities, and sensitive information from cyber threats.
Economic Considerations:
The economic impact of cyber threats, including financial losses, disrupted operations, and damage to reputation, influenced policy decisions. Industries such as finance, healthcare, energy, and telecommunications lobbied for cybersecurity regulations to protect their interests and ensure business continuity.
Public Opinion and Perception:
Public awareness of cybersecurity issues and concerns about privacy and data protection
influenced policy formulation. Governments faced pressure to address public expectations for robust cybersecurity measures and effective responses to cyber incidents.
Political Priorities and Agendas:
Political leaders and policymakers prioritized cybersecurity on their agendas, driven by concerns about national security, economic competitiveness, and public safety. The Act may have been influenced by political commitments to strengthen cybersecurity capabilities and enhance resilience against cyber threats.
III. Influence of Political Decision-Making:
Policy Formulation Process:
Political leaders and government officials were involved in the formulation of cybersecurity policies, including the Cyber Security Act of 2023. Political decisions regarding resource allocation, regulatory approaches, and enforcement mechanisms shaped the policy direction.
Legislative Process:
The drafting, review, and passage of the Act involved political decision-making processes within the legislature. Political actors debated the provisions of the Act, proposed amendments, and made decisions on its final content.
Interplay of Interests:
The interplay of political interests, including those of different government agencies, industry stakeholders, advocacy groups, and civil society organizations, influenced policy outcomes. Political negotiations and compromises were made to address competing interests and perspectives on cybersecurity issues.
While politics undoubtedly influenced the preparation of the Cyber Security Act of 2023, it was shaped by a complex interplay of global and domestic factors, including security considerations, economic interests, technological trends, and public opinion. The ultimate goal was to develop a policy that effectively addresses the evolving challenges posed by cyber threats while balancing various political, economic, and societal interests.
4) The Cyber Security Act 2023: The problem chosen to solve through the implementation of the policy (whether the policy will determine politics)
The Cyber Security Act of 2023 aimed to address several pressing problems related to cybersecurity, both domestically and internationally. While the policy was developed to mitigate specific cyber threats and vulnerabilities, it also had implications for politics, shaping decision-making processes and political dynamics. Here are the key problems targeted by the implementation of the policy and how it intersected with politics:
A. Problem Statement:
I. Cyber Threat Landscape:
Rapid advancements in technology and the increasing interconnectedness of digital systems have expanded the attack surface for cyber threats. The policy sought to address the evolving
nature of cyber threats, including cyber espionage, data breaches, ransomware attacks, and nation-state cyber warfare tactics.
II. Protection of Critical Infrastructure:
Critical infrastructure sectors, such as energy, healthcare, finance, and transportation, are vulnerable to cyberattacks that could have severe consequences for national security, public safety, and economic stability. The policy aimed to enhance the protection of critical infrastructure through robust cybersecurity measures, regulatory standards, and incident response capabilities.
III. Data Protection and Privacy Concerns:
Growing concerns about data privacy, unauthorized access to personal information, and breaches of confidentiality have eroded public trust in digital services and platforms. The policy included provisions to strengthen data protection laws, safeguard individuals' privacy rights, and hold organizations accountable for data breaches.
IV. Economic Impact of Cyberattacks:
Cyberattacks can result in significant economic losses for businesses, governments, and individuals, including financial theft, disruption of operations, and damage to reputation. The policy aimed to mitigate the economic impact of cyber incidents by improving cybersecurity resilience, promoting risk management practices, and facilitating information sharing and collaboration among stakeholders.
B. Intersection with Politics:
I. Policy Determination and Decision-Making:
The development and implementation of the cybersecurity policy involved political decision- making processes within government institutions, legislative bodies, and executive agencies. Political leaders and policymakers determined the policy priorities, resource allocation, regulatory frameworks, and enforcement mechanisms to address cybersecurity challenges.
II. Political Priorities and Agendas:
Cybersecurity became a priority on political agendas due to its implications for national security, economic competitiveness, and public trust. Political leaders sought to demonstrate their commitment to protecting citizens and critical infrastructure from cyber threats, which influenced the development of the cybersecurity policy.
III. Interplay of Interests and Stakeholder Engagement:
The cybersecurity policy reflected the interests and priorities of various stakeholders, including government agencies, industry groups, advocacy organizations, and civil society. Political negotiations, compromises, and lobbying efforts shaped the policy outcomes to accommodate competing interests and perspectives on cybersecurity issues.
IV. Impact on Political Dynamics:
The implementation of the cybersecurity policy had implications for political dynamics,
including public perceptions of government effectiveness, accountability, and responsiveness to emerging threats. Political actors faced scrutiny and accountability for the effectiveness of cybersecurity measures, incident response efforts, and compliance with regulatory requirements.
In summary, the Cyber Security Act of 2023 was designed to solve specific problems related to cybersecurity, but it also intersected with politics in various ways. The policy determination process, political priorities, stakeholder engagement, and impact on political dynamics all influenced the development and implementation of the cybersecurity policy, demonstrating the interplay between cybersecurity and politics in addressing complex societal challenges.
5) The Cyber Security Act 2023: Advantages of the Policy (the positive outcome, the qualitative changes that could be achieved through the policy implementation)
The Cyber Security Act of 2023 aimed to bring about several advantages and positive outcomes through its implementation. Here are some of the key advantages of the policy and the qualitative changes it could achieve:
I. Enhanced Cyber Resilience:
Improved Protection of Critical Infrastructure: The Act strengthened cybersecurity measures for critical infrastructure sectors, reducing the risk of disruptive cyberattacks on essential services like energy, healthcare, finance, and transportation.
Qualitative Change: Increased resilience of critical infrastructure systems, minimizing the likelihood and impact of cyber incidents on public safety and national security.
II. Better Data Protection and Privacy:
Safeguarding Personal Data: The Act introduced stringent data protection regulations, ensuring that individuals' personal information is handled securely and transparently by organizations.
Qualitative Change: Enhanced trust and confidence in digital services, empowering individuals to have greater control over their personal data and privacy.
III. Strengthened National Security:
Enhanced Cyber Defense Capabilities: The Act bolstered national cyber defense capabilities through improved incident response mechanisms, threat intelligence sharing, and collaboration between government agencies and private sector partners.
Qualitative Change: Heightened resilience against cyber threats, safeguarding national security interests and reducing the risk of cyber espionage, sabotage, and disinformation campaigns.
IV. Increased Public Awareness and Education:
Cybersecurity Awareness Programs: The Act promoted cybersecurity awareness programs and educational initiatives to empower individuals, businesses, and organizations with the knowledge and skills to protect themselves against cyber threats.
Qualitative Change: Cultivated a cyber-aware culture, fostering a proactive approach to cybersecurity and reducing the likelihood of successful cyberattacks through improved user awareness and behavior.
V. Promoted Innovation and Economic Growth:
Support for Cybersecurity Research and Development: The Act allocated funding and resources to support cybersecurity research, innovation, and workforce development initiatives. Qualitative Change: Stimulated innovation in cybersecurity technologies and solutions, fueling economic growth, job creation, and competitiveness in the digital economy.
VI. Enhanced International Cooperation:
Global Cybersecurity Collaboration:
The Act facilitated international cooperation and information sharing on cyber threats, enabling coordinated responses to transnational cyber incidents and malicious activities.
Qualitative Change: Strengthened diplomatic relations and mutual trust among nations, fostering a collaborative approach to combating cyber threats on a global scale.
VII. Improved Regulatory Compliance:
Enforcement of Cybersecurity Standards: The Act established clear cybersecurity standards, guidelines, and regulatory requirements for organizations to adhere to.
Qualitative Change: Increased regulatory compliance, ensuring that organizations take cybersecurity seriously and implement effective measures to protect their systems and data.
VIII. Reduced Economic Impact of Cyber Incidents:
Mitigated Financial Losses: The Act aimed to mitigate the economic impact of cyber incidents by reducing financial losses, minimizing business disruptions, and preserving consumer trust.
Qualitative Change: Reduced economic losses associated with cyberattacks, promoting business continuity, stability, and resilience in the digital marketplace.
Overall, the Cyber Security Act of 2023 sought to achieve qualitative changes that would enhance cybersecurity resilience, protect national interests, promote innovation and economic growth, and safeguard individual privacy and data protection. By addressing key cybersecurity challenges through comprehensive policies and measures, the Act aimed to create a safer and more secure digital environment for individuals, businesses, and governments.
6) The cyber security Act 2023: Advantages of the Policy: the positive outcome
The Cyber Security Act of 2023 holds several advantages, leading to positive outcomes in various domains. Here are some of the key advantages and positive outcomes of the policy:
I. Strengthened Cyber Defense:
Enhanced Protection for Critical Infrastructure: The Act mandates rigorous cybersecurity measures for critical infrastructure sectors, reducing vulnerabilities and minimizing the risk of disruptive cyberattacks.
Positive Outcome: Improved resilience of essential services such as energy, healthcare, finance, and transportation, safeguarding public safety and national security.
II. Heightened Data Protection:
Safeguarding Personal Information: The Act introduces robust data protection regulations, ensuring that individuals' personal data is handled securely and transparently by organizations. Positive Outcome: Increased trust and confidence in digital services, empowering individuals to exercise control over their personal information and privacy.
III. Enhanced National Security:
Bolstered Cyber Defense Capabilities: The Act strengthens national cyber defense capabilities through improved incident response mechanisms, threat intelligence sharing, and collaboration between government and private sector entities. Positive Outcome: Heightened resilience against cyber threats, safeguarding national security interests and reducing the risk of cyber espionage, sabotage, and disinformation campaigns.
IV. Improved Public Awareness:
Cybersecurity Awareness Programs: The Act promotes cybersecurity awareness initiatives aimed at educating individuals and organizations about cyber threats and best practices.
Positive Outcome: Increased public awareness and readiness to identify and mitigate cyber risks, reducing the likelihood of successful cyberattacks and data breaches.
V. Fostering Innovation:
Support for Research and Development: The Act allocates resources to support cybersecurity research, innovation, and workforce development, fostering technological advancements and innovation in the cybersecurity domain.
Positive Outcome: Stimulated innovation, job creation, and economic growth in the cybersecurity sector, enhancing national competitiveness in the global digital economy.
VI. Facilitating International Cooperation:
Global Cybersecurity Collaboration: The Act promotes international cooperation and information sharing on cyber threats, enabling coordinated responses to cross-border cyber incidents.
Positive Outcome: Strengthened diplomatic relations, mutual trust, and collective efforts to combat cyber threats on a global scale, contributing to a safer and more secure cyberspace.
VII. Ensuring Regulatory Compliance:
Enforcement of Cybersecurity Standards: The Act establishes clear cybersecurity standards and regulatory requirements for organizations to comply with, ensuring accountability and promoting a culture of cybersecurity. Positive Outcome: Increased regulatory compliance, reducing cyber risks and enhancing overall cybersecurity posture across sectors.
VIII. Mitigating Economic Impact:
Reduced Financial Losses: The Act aims to mitigate the economic impact of cyber incidents by minimizing financial losses, business disruptions, and reputational damage.
Positive Outcome: Preserved economic stability, business continuity, and consumer trust in the digital marketplace, supporting sustained growth and resilience.
Overall, the Cyber Security Act of 2023 contributes to a safer and more secure digital environment by addressing critical cybersecurity challenges, protecting national interests, promoting innovation, and fostering international cooperation. Its implementation leads to positive outcomes that benefit individuals, businesses, governments, and society as a whole.
7) The Cyber Security Act 2023: Advantages of the Policy: the qualitative changes
The implementation of the Cyber Security Act of 2023 is anticipated to bring about significant qualitative changes in several areas, fostering a safer, more resilient, and trustworthy digital environment. Here are some of the qualitative changes expected as a result of the policy:
I. Cultural Shift towards Cybersecurity Awareness:
Increased Emphasis on Cyber Hygiene: Individuals and organizations develop a culture of cybersecurity awareness, adopting best practices such as regular software updates, strong password management, and cautious online behavior.
Proactive Risk Management: There's a shift towards proactive risk management strategies, with organizations prioritizing cybersecurity as a core component of their business operations rather than an afterthought.
II. Strengthened Trust in Digital Services:
Enhanced Consumer Confidence: Individuals feel more confident in using digital services and sharing their personal information online, knowing that robust cybersecurity measures are in place to protect their data.
Improved Reputation Management: Businesses that demonstrate a commitment to cybersecurity build trust with their customers, leading to enhanced brand reputation and loyalty.
III. Heightened Resilience against Cyber Threats:
Improved Incident Response Capabilities: Organizations develop robust incident response plans and mechanisms to detect, respond to, and recover from cyber incidents swiftly and effectively.
Reduced Downtime and Disruption: With enhanced cybersecurity measures in place, businesses experience fewer disruptions to their operations, minimizing downtime and financial losses associated with cyberattacks.
IV. Empowerment of Cybersecurity Professionals:
Investment in Cyber Skills Development: There's a surge in investment in cybersecurity education and training programs, empowering a new generation of cybersecurity professionals with the skills and expertise needed to combat evolving threats.
Recognition of Cybersecurity Expertise: Cybersecurity professionals are increasingly
recognized as indispensable assets to organizations, with their expertise sought after for strategic decision-making and risk management.
V. Enhanced Collaboration and Information Sharing:
Cross-Sector Collaboration: Public and private sector entities collaborate closely on cybersecurity initiatives, sharing threat intelligence, best practices, and resources to strengthen overall cyber resilience.
Global Cybersecurity Partnerships: International collaboration on cybersecurity issues deepens, with countries working together to address transnational cyber threats and promote a safer global cyberspace.
VI. Improved Regulatory Compliance and Accountability:
Adherence to Cybersecurity Standards: Organizations prioritize compliance with regulatory requirements and industry standards, recognizing the importance of maintaining cybersecurity posture to protect their operations and reputation.
Heightened Accountability: There's increased accountability for cybersecurity incidents, with organizations facing legal and reputational consequences for failures to adequately protect sensitive data and critical infrastructure.
VII. Encouragement of Innovation and Entrepreneurship:
Cybersecurity Innovation Ecosystem: The policy fosters a thriving cybersecurity innovation ecosystem, encouraging entrepreneurship, investment, and research in new technologies and solutions to address emerging cyber threats.
Start-Up Growth: Cybersecurity start-ups flourish, driving innovation and competition in the market and offering novel approaches to cybersecurity challenges.
VIII. Promoting a Global Cybersecurity Culture:
Norms and Standards Harmonization: The policy contributes to the harmonization of cybersecurity norms and standards at the international level, fostering a shared understanding of cybersecurity principles and practices across borders.
Global Cyber Resilience: Countries collaborate to enhance global cyber resilience, recognizing cybersecurity as a collective responsibility and working together to strengthen defenses against common threats.
Overall, the Cyber Security Act of 2023 is expected to catalyze transformative qualitative changes, ushering in a new era of cybersecurity awareness, resilience, and collaboration at local, national, and global levels. These changes will not only mitigate cyber risks but also unlock opportunities for innovation, growth, and prosperity in the digital age.
8) The Cyber Security Act 2023: Limitations of the Policy
(Whether the policy is pragmatic/realistic or idealistic from the social and economic context of Bangladesh, could implement the policy or not, if not implemented fully;
what are the reasons - resource constrain, lack of manpower, not suitable for Bangladesh, regime change, etc.)
When considering the Cyber Security Act of 2023 in the context of Bangladesh, several limitations may arise, impacting its pragmatic implementation. Here are some factors to consider:
I. Resource Constraints:
Financial Limitations: Bangladesh may face challenges in allocating sufficient financial resources to implement the comprehensive measures outlined in the Cyber Security Act. Limited budgetary allocations could hinder efforts to invest in cybersecurity infrastructure, training programs, and research initiatives.
II. Capacity and Expertise:
Manpower Shortage: Bangladesh may lack a sufficient number of skilled cybersecurity professionals to support the implementation and enforcement of the Act. Shortages in cybersecurity expertise could hinder efforts to develop and maintain effective cybersecurity measures across sectors.
III. Technological Infrastructure:
Digital Infrastructure Challenges: Bangladesh's digital infrastructure may not be adequately developed to support the implementation of sophisticated cybersecurity measures. Limited access to reliable internet connectivity and outdated technology infrastructure could pose challenges in deploying cybersecurity solutions effectively.
IV. Regulatory Framework:
Alignment with Local Context: The regulatory framework outlined in the Cyber Security Act may not fully align with the socio-economic and legal context of Bangladesh. Adaptations and modifications may be necessary to ensure that regulatory requirements are feasible and practical within the local context.
V. Political Stability:
Impact of Regime Changes: Changes in government leadership or political instability could disrupt the implementation and continuity of cybersecurity policies and initiatives.
Shifting political priorities and administrative changes may divert attention and resources away from cybersecurity efforts.
VI. Collaboration and Coordination:
Interagency Cooperation: Effective implementation of the Cyber Security Act requires close collaboration and coordination among various government agencies, industry stakeholders, and civil society organizations. Challenges in fostering collaboration and overcoming bureaucratic silos could impede progress in cybersecurity initiatives.
VII. Public Awareness and Education:
Limited Awareness: Public awareness of cybersecurity risks and best practices may be low in Bangladesh, hindering efforts to promote cyber hygiene and resilience.
Investment in cybersecurity education and awareness programs is essential to address this limitation.
VIII. International Cooperation:
Engagement with Global Partners: Bangladesh may face challenges in establishing robust partnerships and information-sharing mechanisms with international counterparts to address cross-border cyber threats. Limited engagement with global cybersecurity forums and organizations could hinder efforts to enhance cyber resilience.
IX. Legal and Policy Framework:
Adaptation of Laws: Bangladesh may need to review and amend existing laws and regulations to align with the provisions of the Cyber Security Act. Legal reforms may be necessary to address gaps in cybersecurity legislation and ensure effective enforcement mechanisms.
In summary, while the Cyber Security Act of 2023 outlines comprehensive measures to enhance cybersecurity, its implementation in the context of Bangladesh may face several limitations. Addressing resource constraints, capacity building, technological infrastructure challenges, and regulatory adaptations will be crucial to realizing the objectives of the Act in Bangladesh. Additionally, fostering political stability, interagency cooperation, public awareness, and international collaboration will be essential for overcoming implementation barriers and ensuring effective cybersecurity governance.
Assessing the Cyber Security Act 2023 in Bangladesh requires consideration of its pragmatic/realistic aspects as well as its idealistic goals from both social and economic perspectives.
From a pragmatic standpoint, the Cyber Security Act 2023 likely aims to address pressing issues related to cyber threats and vulnerabilities in Bangladesh. Cybersecurity is increasingly crucial in today's digital age, especially with the rise in cybercrimes and cyber warfare. Therefore, enacting legislation to establish frameworks for cybersecurity measures, such as data protection, incident response, and capacity building, can be seen as a pragmatic response to the growing challenges in cyberspace.
Furthermore, the Cyber Security Act may aim to enhance Bangladesh's digital infrastructure, which is vital for its economic growth and competitiveness in the global market. By safeguarding digital assets and promoting secure online transactions, the Act could potentially attract more investment in the country's digital economy, contributing to its economic development.
However, from an idealistic perspective, the Cyber Security Act 2023 may also have broader societal goals, such as promoting digital inclusivity and protecting citizens' rights in
cyberspace. It might aim to ensure that all segments of society, including marginalized communities, have access to secure digital services and are protected from cyber threats. Additionally, the Act may emphasize the importance of respecting individuals' privacy and freedom of expression online, reflecting ideals of democratic governance and human rights.
Overall, while the Cyber Security Act 2023 in Bangladesh likely has pragmatic goals of addressing immediate cybersecurity challenges and promoting economic growth, it may also embody idealistic aspirations of fostering digital inclusivity and protecting citizens' rights in cyberspace. The effectiveness of the Act in achieving these dual objectives would depend on its implementation, enforcement mechanisms, and adaptation to evolving technological and societal trends.
9) The Cyber Security Act 2023, like any policy, may face several limitations in its implementation in Bangladesh, regardless of whether it is considered pragmatic/realistic or idealistic. Some of these limitations could include:
I. Resource Constraints: Bangladesh, like many developing countries, may have limited financial resources to fully implement and enforce the provisions of the Cyber Security Act. Building robust cybersecurity infrastructure, training personnel, and conducting awareness campaigns require significant investment, which may strain the country's budgetary allocations.
II. Lack of Manpower: Implementing effective cybersecurity measures requires a skilled workforce with expertise in areas such as information security, digital forensics, and risk management. Bangladesh may face challenges in recruiting and retaining qualified professionals in these fields, leading to gaps in the implementation of the Act.
III. Technological Infrastructure: Bangladesh's technological infrastructure may not be fully equipped to support the requirements outlined in the Cyber Security Act. Weaknesses in internet connectivity, outdated systems, and inadequate cybersecurity protocols could hamper efforts to enforce the provisions of the Act effectively.
IV. Regulatory Compliance: Ensuring compliance with the Cyber Security Act may be challenging, particularly for smaller businesses and organizations that lack the resources or technical expertise to adhere to regulatory requirements. Without adequate support mechanisms and incentives, compliance efforts may be insufficient.
V. Political Instability: Bangladesh's political landscape, characterized by periodic unrest and changes in government, could disrupt the implementation of the Cyber Security Act. Shifts in political priorities or changes in leadership may lead to delays or inconsistencies in policy enforcement and resource allocation.
VI. Cultural and Social Factors: Socio-cultural factors, such as attitudes towards privacy and data protection, may influence the effectiveness of the Cyber Security Act. Resistance to change or lack of awareness about cybersecurity risks could undermine efforts to promote compliance and adoption of security measures.
VII. International Cooperation: Cyber threats often transcend national borders, necessitating cooperation and collaboration with other countries and international organizations. Bangladesh's ability to effectively address cybersecurity challenges may be limited without robust partnerships and information-sharing mechanisms at the global level.
Overall, while the Cyber Security Act 2023 in Bangladesh may have noble intentions and practical objectives, its successful implementation could be hindered by various factors such as resource constraints, technological limitations, regulatory challenges, and political dynamics. Addressing these limitations would require concerted efforts from government agencies, private sector stakeholders, civil society organizations, and international partners to build capacity, enhance infrastructure, and foster a culture of cybersecurity awareness and compliance.
4.0 Analysis: DSA or CSA
Human rights activists repeatedly pointed out how the DSA was used to repress dissent. Freedom of expression wasn't only muzzled, it was, in fact, criminalised. The replacement of the Digital Security Act with the Cyber Security Act looks like an old trick being rehashed, doing little to ease fears that grip our fingertips on cyberspace. The Digital Security Act (DSA) was enacted in the year 2018, aimed at replacing the controversial Section 57 of the Information and Communication Technology (ICT) Act, 2006 (as amended in 2013), which was passed during the BNP-Jamaat reign.
Roughly put, Section 57 of the ICT Act made it illegal to post material online that was false and obscene, and which could lead to influencing others to become corrupt or dishonest, or deteriorate law and order, prejudice the image of the state or person or hurt religious belief.
Before its 2013 amendment, maximum punishment for offences under the section was 10 years' imprisonment and a fine of Tk1 crore. Besides, police had to seek permission from the authorities concerned to file a case and arrest any person under the law.
After the amendment, the maximum jail term was raised to 14 years. And law enforcers were empowered to make arrests without a warrant.The misuse of the law led to widespread condemnation, prompting the government to scrap the section and introduce the DSA. In the DSA, however, the sceptre of Section 57 remained, although it was diluted and spread around.
The DSA did little to alleviate fear. It led to even more self-censorship and filing of cases, almost lending a cloud of reimagined Omerta – a blanket silence induced by fear of posting the wrong thing online, or posting something which could be interpreted in a way to fall foul of the law. Human rights activists repeatedly pointed out how the DSA was used to repress dissent. Freedom of expression wasn't only muzzled, it was, in fact, criminalised.
4.1 The newly-proposed Cyber Security Act (CSA) looks to be no different.
Punishment is relaxed in a few sections and some offences have become bailable. What remains, however, is most concerning: the matter of free speech is left in murky waters, dipping into which remains a criminal offence in many cases.
While the changes in punishment can bring a sigh of relief, it does little to alleviate the panic and self-censorship that have become part and parcel of using social media in the country.
The CSA also serves as a tool to modify, or police, human behaviour in cyberspace. Consider Section-28 (3) of the DSA, which deals with the publication, broadcast etc of information on any website or electronic that "hurts religious values and sentiments."
What can exactly hurt someone's religious values or sentiments isn't defined, broadly or otherwise. The same section remains in the CSA, although it has become bailable and punishment has been reduced from a maximum of 5-years to a maximum of 2-years.
One of the most-talked-about changes is the scrapping of jail sentences in defamation suits. Section 29 (1) of the DSA titled "Publication, transmission, of defamatory information" provides for a maximum of three-year imprisonment, a maximum of Tk5 lakh in fine, or both. Under the CSA, the provision for jail time will be scrapped, but the maximum fine will be raised five times to Tk25 lakh.
This is also worrisome. Most people slapped with the hefty maximum fine will be left in a state of financial insecurity. The panic remains, lessened in one aspect, but made more pronounced in the other. Then there is Section-32 (2) of the DSA, which deals with punishment for deteriorating law and order. It vaguely states that if any person intentionally publishes or transmits anything in the digital sphere which "creates enmity, hatred or hostility among different classes…destroys communal harmony or creates unrest..." then it would lead to a maximum seven-year imprisonment, without bail.
Under the CSA, this has been reduced to five years and the offence is now bailable. But the offence itself, the "criminal" act, leaves too much room for interpretation and hence misuse. Indeed, in most changes, it was seen that jail time has been reduced, although the wording remained more or less the same.
4.2 Criticism
I. Communication surveillance versus right to privacy: Where do our laws stand?
The right to privacy is widely regarded as one of the fundamental rights inherent to every individual. Several international and regional human rights agreements have acknowledged this right as non-negotiable and mandatory. Examples of this recognition include the Universal Declaration on Human Rights (Article 12), the International Covenant on Civil and Political Rights (Article 17), the European Convention on Human Rights (Article 8), the American Convention on Human Rights (Article 11), and the Arab Charter of Human Rights (Article 21).
Smart Bangladesh, unsmart cybersecurity measures
II. A pertinent question may arise: what precisely is the right to privacy? Lawyers Samuel D Warren and Louis Brandeis described the term "right to privacy" in December 1890, defining it as the "right to be left alone." In his 1967 book Privacy and Freedom, lawyer and political scientist Alan F Westin provided a definition of privacy as the "voluntary, temporary withdrawal of a person from the general society through physical or psychological means, either in a state of solitude or small-group intimacy or, when among larger groups, in a condition of anonymity or reserve."
Hence, it can be contended that privacy is subjective and should be individually determined by each person. Furthermore, it is imperative that an individual possesses the freedom to determine which specific information pertaining to themselves they wish to disclose. However, in the age of Big Data and the automated processing of personal data by artificial intelligence, it has become challenging for individuals (referred to as "data subjects") to determine which data pertaining to themselves may be considered private.
III. Is none of our data safe with the government?
In the book titled The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, Prof Shoshana Zuboff argues that our actions in cyberspace are being commodified and traded, resulting in the emergence of unsettling "behavioural futures markets." Technology corporations have realised that they possess a novel form of a valuable resource: our "behavioural surplus." Instead of curating and disseminating all human information, technology platforms exert complete control over its accessibility. Every online action, including our thoughts, words, and actions, is continuously monitored and exchanged for financial gain in emerging digital marketplaces that rely on predicting our everyday needs. In turn, we are tracked and monitored by various political, governmental, commercial, and societal entities who remunerate the technological platforms for this access.
IV. Don’t the poor have a right to privacy?
The consequences of exchanging our personal data in such trade can significantly erode democracy, freedom, ethics, and morality. In his book The Net Delusion: The Dark Side of Internet Freedom, journalist and social commentator EvgenyMorozov argues that authoritarian regimes are effectively using the internet to suppress freedom of expression, improve their surveillance methods, disseminate sophisticated propaganda, and distract their citizens by diverting them to irrelevant subjects on digital platforms. Despite journalist Andrew Sullivan's optimistic belief that "The revolution will be Twittered!" the Twitter Revolution in Iran and the Arab Spring ultimately failed. Similarly, the ongoing Ukraine war is witnessing an intense and sophisticated information war between the opposing factions, while authoritarian regimes worldwide have grown increasingly powerful.
Communication surveillance, as defined by Privacy International, refers to "monitoring, interception, collection, preservation, and retention of information that has been communicated, relayed or generated over communication networks to a group of recipients by a third party." Privacy International additionally explained that the third party in question might be a law enforcement agency, an intelligence agency, a commercial corporation, or a criminal actor. Communication surveillance can occur on a mass scale, or it could be more intrusive and benign, like secretly installing Pegasus malware onto a digital device. Communication surveillance can be done either by state actors or non-state actors.
V. An ordinary person’s guide to dangerous online regulations
The freedom of communication is an integral part of our freedom of expression, freedom of association, and the right to privacy. Knowledge of being under surveillance can result in altered behaviour, self-restraint, and either permanent or temporary social disengagement by someone. However, there are instances where communication surveillance is necessary for purposes such as criminal investigations, legal proceedings, safeguarding national security, and combating terrorism, child pornography, and hate speech. In these cases, state actors, such as law enforcement agencies, commonly refer to this practice as "lawful interception" (LI).
LI enables authorised persons, typically law enforcement agencies or intelligence organisations, to intercept communication between specific users. Nevertheless, LI is characterised by its precision, specificity, and adherence to legal procedures, distinguishing it from the concept of "mass surveillance." Edward Snowden, a whistleblower in 2013, exposed the fact that the NSA employed the PRISM programme to surreptitiously copy and retain internet traffic data without the permission of internet users. This programme was characterised by its lack of transparency, invasive nature, and large-scale operation. These days, the advent of open-source intelligence technology (OSINT) has facilitated the state government's use of mass surveillance due to our voluntary disclosure of personal data on various social media platforms.
VI. Unravelling the insecurity in our IT infrastructure
Nevertheless, in light of the detrimental consequences of unchecked mass surveillance, various multilateral treaty bodies and civil society organisations have expressed their concerns. The UN special rapporteur on the right to privacy, in a report (A/HRC/40/63) issued to the UN Human Rights Council, asserts that surveillance, unless conducted in a lawful, reasonable, and necessary manner, constitutes violations of the right to privacy. Factors such as gender, colour, class, social origin, religion, and ideas, along with their expression, can contribute to the surveillance of persons in society and increase the likelihood of their privacy rights being violated.
However, no multilateral treaty has been adopted regarding this matter yet. The nearest approximation to a formal agreement endorsing these resolutions was a collection of principles
by various global civil society organisations in 2014, titled "International Principles on the Application of Human Rights to Communications Surveillance," commonly called the "Necessity and Proportionality Principles."
VII. The price we pay with each deleted word
Bangladesh has enacted multiple laws that either authorise or may facilitate the legal interception and/or mass surveillance of telecommunication networks, digital devices, computer networks, and computer systems. According to Section 61 of the Bangladesh Telecommunication Regulatory Act, 2001 (BTRA), the inspector is authorised to inspect, make photocopies of, and retrieve data from a telecommunication system or equipment. According to Section 46 of the Information and Communication Technology Act, 2006 (ICTA), the controller has the power to grant permission to law enforcement agencies to compel any user or caretaker of a computer resource to decrypt any information stored on that computer resource. This authorisation is granted in order to protect the sovereignty, integrity, and security of Bangladesh, maintain friendly relations with foreign states, and uphold public order, among other reasons. According to Section 80 of the ICTA, a controller, authorised official, or a police officer of at least the level of sub-inspector has the authority to confiscate any device, such as a computer system or equipment, if there is suspicion that a crime, as defined under the ICTA, has been or is being committed.
According to Section 42 of the Cyber Security Act (CSA) 2023, a police officer of at least the rank of inspector is authorised to seize any computer, computer system, computer network, data, and information if there is suspicion that a crime under the CSA has been, is being, or is about to be committed. This can also be done if there is suspicion that evidence may be lost, deleted, altered, or made scarce. According to Section 45 of the CSA, the investigating officer has the authority to request information from individuals, entities, or service providers as part of the investigation.
VIII. Govt's priority is to access, not protect, our personal data
According to Section 40 of the proposed Personal Data Protection Act, 2023 (PDPA), the "Bangladesh Data Protection Board (BDPB)" has the authority to request the "Data Fiduciary" and "Data Processor" to submit any personal data they possess. According to Sections 33 and 34, any person or any organisation, including law enforcement organisations, can be granted an exemption and further exemption from adhering to the data protection principles outlined in the PDPA. Consequently, there is a possibility that these two sections may be employed to support widespread surveillance and/or legal interception.
As per Section 15 of the proposed Bangla draft of the Over-The-Top Content Based Service Providing and Conduct Regulation, 2022, registered OTT platform service providers are required
to retain content for a minimum of one year in the event of a complaint being filed against the specific content. However, based on Section 16 of the Bangla draft, the OTT Platform Registering Authority has the authority to take action in accordance with Section 8 of the Digital Security Act, 2018 (DSA). It should be emphasised that the CSA has replaced the DSA, and Section 8 of the DSA is identical to Section 8 of the CSA.
IX. Who watches the watchmen?
Therefore, from the aforementioned sections of the BTRA, ICTA, CSA, proposed PDPA and OTT policy, we can see a growing trend of curtailing, restricting, or taking down contents, and/or compelling data or information, and controlling access to data, by the decisions of the different executive organs of the states. These laws do not include adequate checks and balances against lawful interception and/or widespread surveillance. This is how the fundamental rights mentioned in Bangladesh's constitution—for example, freedom of assembly (Article 37), freedom of association (Article 38), freedom of thought, conscience, and of speech (Article 39), and privacy of correspondence and other means of communication (Article 43)—can be restricted by executive decision only.
Moreover, these particular sections of the aforementioned laws have not provided direct or clear provisions for checks and balances by other organs, like the judiciary, which goes against the spirit of the "separation of power." In addition, the laws in Bangladesh do not currently provide a clear definition of the "right to privacy." There is no existing personal data protection law in Bangladesh, with the exception of the PDPA—which the Cabinet has approved and is now waiting to be passed in parliament. However, the laws, as previously stated, permit interception and/or widespread communication surveillance without explicitly referencing concepts such as the "Necessity and Proportionality Principles." The Bangladeshi laws also do not adhere to the standards of legality, proportionality, and necessity as mentioned in the UN Human Rights Council study. These laws are framed from a "security" perspective rather than a "rights-based approach."
Hence, to ensure a delicate equilibrium between "lawful interception" and the "right to privacy," it is imperative to integrate the aforementioned international principles into the Bangladeshi context and expand the scope of Article 43 of the constitution.
The August 7 announcement to repeal the Digital Security Act became a matter of great anxiety and discomfort for citizens, as the government had proposed a new law called the Cyber Security Act, 2023, without consulting stakeholders. Unfortunately, the proposed law's content – particularly its provisions regarding cybercrime and the composition and operation of organisations involved in cybersecurity – is essentially identical to that of the Digital Security Act, 2018 and amounts to a contravention of the constitution, international human rights standards, and the rule of law.
4.3 Cyber Security Act and the fear of history repeating itself
At a press conference on August 10, Law Minister Anisul Huq and State Minister for Information Zunaid Ahmed Palak said that stakeholders could provide feedback on the draft Cyber Security Act (CSA) within 14 days and that any specific recommendation made in response would be taken into consideration. During the conference, both said it was imperative to review the criticism of the CSA and made statements acknowledging the reconsideration of several previously voiced concerns, which a few organisations have enthusiastically embraced. These concerns include decriminalising ethical hacking, legal action against law enforcement misuse, legal recourse against false and deceptive lawsuits and how to stop them, and monetary compensation for victims of human rights abuses or unlawful detention due to wrongful prosecutions and perjury, alongside other issues.
The proposed CSA and Digital Security Rules, 2020 involve four agencies: Digital Security Agency, the Bangladesh government's e-Government Computer Incident Response Team, its Digital Forensic Lab, and the National Digital Security Council. The proposed CSA allows regulators to restrict or delete data based on subjective criteria, potentially restricting free speech. It criminalises vague speech, inviting government interference and potentially restricting freedom of expression. It could also require the BTRC, through government intimation, to delete or block data under Sections 8(1) and 8(2), which might cause Bangladesh's internet to be blocked, filtered, and censored, causing concerns about transparency and official opacity.
I. Relabelling the DSA won’t protect citizens from cybercrimes
Furthermore, the National Emergency Response Team, the director general of the Cyber Security Agency, and police investigators can obtain, remove, block, or otherwise regulate data and internet activity without protections or judicial review under the proposed CSA. Additionally, the draft CSA repeals Section 57 of the DSA, which states that no employee or other party shall be liable for harm resulting from good-faith actions. But if officers, employees, or individuals of these institutions violate fundamental human rights, freedom of expression, and the right to privacy of personal information, how and where can employee accountability, the requirement to publish transparent annual financial and activity reports, and standard operating procedures be implemented?
Citizens have applauded the decision to repeal the harsh and onerous Digital Security Act, 2018. However, the implementation of the CSA could negatively affect social justice, human dignity, fundamental rights, and human rights.
The proposed Cyber Security Act's penalties for most transgressions appear to be excessive, disproportionate, and unlawful. For instance, Section 29 criminalises defamation on internet media and carries a fine of Tk 25 lakh for doing so. Besides this, criminal defamation is
punishable by two years in jail with or without a fine under Sections 499 and 500 of the Penal Code, 1860. While defamation on digital media maintains the aforementioned legislative definition, the punishment for the same offence is different. How can an accused get a longer term for the same crime? Due to its conflict with Article 27 of the constitution, Section 29 can be deemed unconstitutional, unlawful, and voidable under Article 26 of the constitution. Also to be emphasised is the distinction between criminal and civil defamation in Bangladeshi law, with the latter being based on tort law. Tort law wrongdoing is decided at the judge's discretion, while defamation must be established beyond a reasonable doubt in criminal proceedings. Damages for civil defamation, however, could be determined by probability. The government should have emphasised the significance of adopting modern communication technology in Bangladesh's defamation legislation and the emergence of civil defamation in democracies.
II. Why are our digital laws so troublesome?
The now-possibly-repealed DSA included harsh, unreasonable, and illegal punishment provisions; nevertheless, the proposed CSA minimised excessive penalties and boosted bailable crimes. In reality, the proposed CSA will not aid accused criminals to lessen sentences or increase the number of offences that are eligible for bail since, once a case has been filed, the bailable clause is added to the non-bailable clause, which not only is against the rule of law but also gives rise to fear, intimidation, and panic in citizens. Under the proposed CSA, no new judicial system has been established, and the authority has been given to the Cyber Tribunal that was established under the ICT Act. The bail of the accused under the DSA is also subject to the bail requirements in the ICT Act. It goes without saying that the responsibility imposed on the court before granting bail in the aforementioned act is against legal precedent and unjust in nature.
The state must protect freedom, human dignity, and reputation without compromising individual rights. Section 38 of the proposed CSA gives the investigating officer 90 days to finish the probe, and the higher authority might grant an extra 15 days. After 75 days, the cyber tribunal might prolong the investigation by statute. The DSA has seen serious clause breaches. The proposed legislation provides harsh penalties on conviction, and the crimes are non-bailable with limited exceptions.
III. The new CSA: A draconian law made more ‘efficient’
Different nations have unique regulations governing the length of pre-trial detention since there is no chance it may be seen as a punishment. If the investigating agency fails to produce the report promptly, the accused may be granted bail. But there are no laws or standards in place that govern how people are punished for crimes. Measures for penalising violations of the CSA need
to be revised. The conflicting stances of recent laws have made our criminal justice system more challenging and contentious, jeopardising people's fundamental rights.
Cyberterrorism and other "national security" offences, including those that might be used to retaliate against whistleblowers, are also overbroad and do not offer sufficient protection against misuse. While the Disclosure of Information in Public Interest (Protection) Act, 2011 encourages individuals to speak out against corruption, Sections 21, 25, 29, and 32 of the proposed CSA prevent it. Several journalists and rights advocates were prosecuted under the DSA at the beginning of the Covid-19 pandemic for covering misconduct by public officials and representatives. Moreover, citizens were given the power to enforce the legislation, which exacerbated court harassment since judges and investigators did not understand how to investigate and punish DSA offences.
IV. Cyber Security Act will not stop criminalising freedom of expression
The proposed CSA's Section 34 states that assisting in the commission of an offence constitutes an offence, and the penalty for aiding and abetting is the same as the original offence. This is excessive and disproportionate, as it does not differentiate between those who commit a crime and those who help and abet it. The proposed act lacks distinctions between unlawful action and public interest, and also lacks specific definitions. International cybercrime treaties list several offences, but the proposed CSA defines many of them too broadly and leaves out the question of criminal intent. Additionally, many of the offences in the CSA are already covered by other criminal laws, such as the ICT Act, making it too broad to interpret multiple offences in multiple areas.
More alarmingly, the proposed CSA and the DSA encourage the arrest of children, violating their internationally recognised rights, contravening the UN Children's Rights Declaration and the Charter. Furthermore, the proposed CSA does not include a provision that would make it illegal to file false charges or provide false evidence, which is in violation of Section 211 of the Penal Code. Citizens have applauded the decision to repeal the harsh and onerous Digital Security Act, 2018. However, the implementation of the CSA could negatively affect social justice, human dignity, fundamental rights, and human rights.
To pass cyber laws, regulations, and recommendations, the government must regularly, spontaneously, consistently, and meaningfully engage with civil society. Since too many parts of the proposed Cyber Security Act, 2023 – from definitions of crimes to the powers, rights, and obligations of administrative institutions – violate national and international human rights legislation, it must not be implemented.
Numerous DSA cases indicate that most prosecutions restrict the public's and the media's freedom of expression, and the provisions in the proposed CSA are raising comparable concerns. In order to preserve the constitution and fundamental human rights (particularly the right to free expression) in Bangladesh, the proposed CSA should not be presented to parliament right away. Fourteen days is not enough time for people to extensively consider an issue of such importance. Instead, a legislative measure such as a bill to repeal the DSA could be introduced to safeguard unencumbered cyberspace freedom and promote democratic principles in Bangladesh.
Increasingly stricter punishment for repeated offences, however, was toned down in some cases. Also, some offences – which were non-bailable in the DSA – have now become bailable.
While announcing the CSA, Law Minister AnisulHuq himself said the DSA was a cause for alarm for many, admitting that the law was often misused.
The numbers speak for themselves, when it comes to the issue of misuse. Some 7,001 cases had been filed across the country as of 31 January of this year under the DSA.The Centre for Governance Studies, in their findings in January, revealed that only 2% sued under the DSA came close to the court.
This meant most of those accused languished in the uncertainty of what was to come – certainly a form of harassment. Speaking to The Business Standard, Nur Khan Liton, executive director of human rights organisation Ain O Salish Kendra, said, "All the provisions of the old law are kept in the new one, but some changes are made in terms of punishment and bail."
He also said, "It can be said the same repressive law is kept intact but comes in a new package."
The rights activist also said the previous law gave the police extensive power to make arrests or conduct searches, and this has not been amended.
Eminent jurist Shahdeen Malik, in an interview with the BBC Bangla, said, "Only in one or two instances, sentences have been reduced. Also, the provision of doubled punishment for a second offence has been abolished.
"But people who become victims of misuse of this law have nothing to be optimistic about," he said, adding that those who used to be jailed for seven years will now be jailed for three.
Stating that issues such as "insult" and "defamation" should be prosecuted under the civil law, he said, "Such cases are being prosecuted under the criminal law. This remains the main objection. These areas have not been changed."
As the state looks to police behaviour in cyberspace, perhaps it can turn the mirror on itself and see how it has fared in this regard. The United Nations has already chalked out a set of norms for responsible state behaviour in cyberspace.
Of the 12 norms, one deals with respecting human rights and privacy. It clearly says that "States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression." These resolutions protect the promotion, protection and enjoyment of human rights, including the right to freedom of expression, on the Internet and in other technologies.
The government is entrusted to abide by these norms. Whether it has done so or not is quite evident.
5.0 Advantages of Cyber Security Act 2023 (CSA):
Currently, most countries around the world have cybercrime legislation. While 156 countries (80%) have enacted cybercrime legislation, the pattern varies by region: Europe has the highest adoption rate (91%) and Africa the lowest (72%), according to the United Nations Conference on Trade and Development.
In theory, cyber security laws – the specifics of which vary from country to country – are generally enacted to protect people from cyber threats. These include, but are not limited to hacking, data breaches, identity theft and fraud, cyberbullying and online harassment, online child exploitation, malware and ransomware, privacy violations, etc.
The DSA underscores quite a wide range of offences as cognisable and non-bailable, which is one of the most widely criticised features of the Act. In the CSA, the main differences are that some non-bailable offences under the DSA have been made bailable— punishments for some offences have been reduced— fines have been increased—and the provision for additional punishment for repeated offences has been omitted. On the contrary, sections 8 and 43 have remain unchanged. Section 8 of the DSA, which empowered the director-general of Digital Security Agency and law enforcement agencies to remove or block digital content through the Bangladesh Telecommunication Regulatory Commission (BTRC), has been retained in the CSA. Similarly, the police's authority to search and arrest without a warrant under section 43 of the DSA has been kept intact under section 42 of the CSA, which is deeply worrying.
In the Cyber Security Act 2023 (CSA) some improvements have been made, such as making 10 out of the 14 non-bailable sections from the old act bailable in the new one and reducing the duration and extent of punishment in many sections. The four non-bailable offences are related to intrusion into key information infrastructures, damaging computers and computer systems, cyber terrorist activities, and hacking related crimes. There are some advantage of CSA over DSA. Like-
I. No jail for defamation, only fine:
There will no longer be any jail sentence for defamation under the new Cyber Security Act 2023. The fine, however, can go as far as Tk 25 lakh. The amount will be up to the court.
II. Deaths, imprisonments and harassment: The controversial history of the Digital Security Act. However, the accused will end up in jail if they fail to pay the fine. But that will be limited to only three to six months, depending on the fine.
III. Repeat offences will not increase punishment:
In the DSA, repeated offences would have led to more punishment. But under the reformed law, the punishment for the second offence will remain the same as the first one.
IV. New section on hacking
Under Section 33 of the DSA, focusing on punishment for holding and transferring data information illegally, will be scrapped, and a section on hacking offences will be introduced in the new law.
This is by far the one with the most punishment as the maximum cap for prison time under hacking offences will be set at 14 years or a maximum fine of Tk1 crore or both. Under Section 33 of DSA, the jail sentence was seven years (max) or up to Tk15 lakh fine, or both.
V. Some offenses to get reduced punishment
The reduction of punishments in sections 21, 28, 31, and 32 of the DSA. Section 21 punishment for making any kind of propaganda or campaign against liberation war, the spirit of the liberation war, father of the nation, the national anthem or the national flag — earlier carried the provision of imprisonment for a term not exceeding 10 years, or a fine not exceeding Tk 1 crore, or both. For a second offence, it was imprisonment for life or a fine of Tk 3 crore, or both. In the new law, the maximum jail time for the violation of Section 21 will be seven years.
VI. Limitation of Cyber Security Act 2023 (CSA):
The Cyber Security Act (CSA), 2023, which is replaced to the controversial Digital Security Act (DSA), 2018, has been termed by many as "old wine in a new bottle." Some experts also said that this law can in fact be called "old wine in the same old bottle" with slightly reduced alcohol and a new label!
The nine sections of the DSA identified as a threat to independent journalism and freedom of expression are sections 8, 21, 25, 28, 29, 31, 32, 43 and 53. The CSA contains all these sections, through which the new law criminalizes certain kinds of information and news publication and expression of certain thoughts and opinions in the same way that the DSA does. The definitions of crimes under this law are also as vague as ever. The only difference is that some offenses that are non-bailable under the DSA have been made bailable, punishments have been reduced for some offences, and the provision of additional punishment for repeated offences has been
omitted. Out of the nine sections that curb freedom of expression, seven sections have been amended in terms of punishment and bail, while no changes have been made in two sections.
For example: Section 8 of the DSA, which empowered the director-general of Digital Security Agency and law enforcement agencies to remove or block digital content through Bangladesh Telecommunication Regulatory Commission (BTRC), has been retained in the CSA. Similarly, police's authority to search and arrest without warrant under Section 43 of the DSA has been kept intact under Section 42 of the CSA.
There is a 10-year jail sentence under Section 21 of DSA for propaganda against the spirit of the Liberation War, father of the nation, national anthem or national flag, which has been reduced to seven years in the CSA. Punishment for "hurting" religious sentiments under Section 28 has been reduced from five years to two years and the offence has become bailable.
Five years' jail term for defamation under Section 29 of DSA has been replaced with a maximum fine of Tk 25 lakh. However, if the accused fails to pay the fine, he or she will face a jail sentence of three to six months. Section 31 of CSA proposes a five-year imprisonment instead of seven years for destroying communal harmony. Under Section 32, the punishment for breaching official secrets has been reduced from 14 years to seven years. While the proposed CSA will replace the DSA, the proceedings and trials of all existing cases under the DSA will continue.
In this situation, it is very difficult to assure that the experience of repealing Section 57 of the Information and Communication Technology (ICT) Act, 2006 will not be repeated. In the face of criticism, the government repealed Section 57 in 2018, but all its provisions were included in four separate sections (25, 28, 29 and 31) of the DSA with reduced punishment. Punishment under Section 57 was 14 years maximum, which was reduced to 3-10 years under different sections of the DSA.
The reality is that, despite this reassurance from the law minister, cases under the DSA increased significantly. According to the Centre for Governance Studies (CGS), from 2012 to June 2017, there were 1,417 cases under the ICT Act, of which 65 percent were under Section 57. However, within just two years of DSA coming into effect, the number of cases under this law exceeded 1,000, most of which were filed under sections 25 and 29, mainly for defamation. Before the DSA, such cases were filed under Section 57 of the ICT Act. Till December 31, 2022, the total number of cases filed under the DSA stood at 7,664, of which 5,512 are currently under trial.
The CSA also may not reduce the number of lawsuits as any person can sue anybody for defamation, spreading false information, hurting religious sentiments, etc. Harassment and oppression under the DSA began before trial as the accused would have to spend day after day in
jail before trial. So, what benefit will the CSA bring an accused charged under this law? Even if the offence is bailable, will there be any guarantee of getting bail? In the CSA, four sections are still non-bailable. If any non-bailable section is added at the time of filing the case, the accused will have to suffer in jail.
Cyber Security Act 2023 Bangladesh: findings
The Cyber Security Act 2023 of Bangladesh has garnered significant attention and concern. Here are the key findings from various reports and analyses:
I. Cosmetic Changes: The Act, while replacing the Digital Security Act (DSA) of 2018, retains many of its controversial elements. Although some penalties have been reduced and a few sections amended, the fundamental issues related to freedom of expression and media freedom remain largely unaddressed (Global Voices Advox) (Dhaka Tribune).
II. Vague Provisions: Critics highlight that the definitions of cybercrimes under the new Act are still unclear. This vagueness can lead to broad interpretations and potential misuse, particularly against journalists, political opponents, and activists (DataGuidance) (Dhaka Tribune).
III. Law Enforcement Powers: The Act grants extensive powers to law enforcement agencies. For example, Section 42 allows authorities to conduct searches, seize assets, and make arrests without a warrant, based on mere suspicion. This provision raises concerns about potential abuses of power and the undermining of due process (Global Voices Advox) (Dhaka Tribune).
IV. Freedom of Expression: Various sections of the Act (such as Sections 21 and 28) continue to pose a threat to freedom of speech. These sections have been used to target individuals for expressing dissenting views or criticizing the government. Despite some reductions in penalties, the provisions still carry significant risks for misuse (Global Voices Advox) (Dhaka Tribune).
V. Stakeholder Consultation: The process of enacting the Act was criticized for insufficient stakeholder consultation. The public was given a short period to submit their feedback, which many argue was not adequate for a thorough review and consideration of inputs to align the law with international standards (DataGuidance).
In summary, while the Cyber Security Act 2023 introduces some reforms, it largely mirrors the DSA in its potential for misuse and impact on civil liberties. The Act's provisions related to law enforcement powers, vague definitions of cybercrimes, and threats to freedom of expression remain significant concerns (Stratfor) (Dhaka Tribune).
6.0 Recommendations:
The provisions outlined in sections 8, 9, 10, and 11 of the draft Cyber Security Act pertain to preventive measures and capabilities such as data removal or blocking, emergency response, digital forensic labs, and quality control. While such provisions could be essential in addressing immediate threats, the criteria and oversight mechanisms for determining what constitutes a threat should be well-defined to avoid potential misuse. Additionally, ensuring transparency in the decision-making process and mechanisms for appeal are important to prevent censorship. This section at its current form raises concerns regarding its potential misuse, vagueness of terms, and potential impacts on freedom of expression.
I. Vagueness and Potential Misuse:
The language used in this section contains vague terms such as "threat to digital security," "solidarity," "financial activities," and "religious values." The lack of clear definitions for these terms creates ambiguity and a risk of broad interpretation by authorities. Such vagueness can lead to arbitrary decision-making and potential misuse of these provisions for suppressing legitimate online expression. The absence of objective standards for determining whether content actually poses a threat or hampers solidarity undermines the predictability required under international human rights law.
II. Offence and Punishment:
Overbroad Restrictions on Expression:
The Act includes provisions that criminalize the publication or transmission of offensive, false, or threatening data information (Section 25) and content that hurts religious values or sentiments (Section 28). While curbing harmful content is important, these provisions must be carefully crafted to avoid vague terms that could lead to overbroad restrictions on freedom of expression. International human rights law, including the International Covenant on Civil and Political Rights (ICCPR), emphasises that restrictions on expression must be narrowly defined and proportionate to a legitimate aim.
III. Criminalisation of Online Activities:
Some provisions criminalize actions that might not warrant severe criminal penalties, such as illegal access to computers, computer systems, or networks (Sections 17 and 18). Best practices suggest that penalties should be commensurate with the gravity of the offense and should not disproportionately restrict individual rights. Excessive criminalization can have a chilling effect on legitimate online activities.
IV. Violation of Right to Privacy:
The Act addresses identity fraud or personation (Section 24) and unauthorized collection or use of identity information (Section 26). While the protection of identity information is important, these provisions should be analysed in light of the right to privacy. The collection and use of personal data should adhere to established data protection principles, and the Act should ensure that lawful authority is defined clearly to prevent abuse.
V. Potential for Overreach and Disproportionate Punishments:
Some provisions, such as those related to cyber terrorism (Section 27) and hacking (Section 33), propose severe punishments, including 14 (fourteen) years imprisonment and hefty fines. Such penalties could deter cybersecurity professionals from conducting legitimate research or reporting vulnerabilities, hindering the overall security of digital systems.
VI. Investigation of Offence and Trial
Investigation and Powers (Sections 38-42): The Act grants certain powers to the Investigation Officer for the investigation of cybercrimes, such as the search and seizure of digital devices, data, and materials related to offenses. While these powers are necessary for effective investigation, it's important to ensure that they are exercised with proper oversight and accountability to prevent misuse. The procedures for obtaining search warrants and conducting searches must be clearly defined, and there should be safeguards against potential abuse.
VII. Lack of Technical Expertise: Cybercrimes involve intricate digital mechanisms, data breaches, and sophisticated online activities that require a deep understanding of digital forensics and cyber techniques. Traditional police officers might not possess the technical proficiency needed to investigate and gather evidence in the digital realm effectively.
VIII. Complex Investigations:
Cybercrimes often transcend geographical boundaries and involve multiple layers of virtual communication. Effective investigation in such cases requires collaboration with international law enforcement agencies, cyber security experts, and digital forensics specialists who can navigate the complexities of digital footprints. Sections 40, 45, and 46 confer the police investigator with overly broad powers that risk being misused and abused. The absence of an independent judicial oversight mechanism for the process of seizing computers and personal property adds to this concern. These provisions lack clear standards and can be invoked under the vague criterion of "investigation," which lacks a precise definition.
The cyber security Act 2023 Bangladesh: suggestions
Crafting a cybersecurity act tailored to Bangladesh requires consideration of the country's specific cybersecurity challenges and priorities. Here are some suggestions for the Cybersecurity Act 2023 in Bangladesh:
I. National Cybersecurity Strategy: Develop a comprehensive national cybersecurity strategy outlining objectives, priorities, and action plans to enhance cybersecurity capabilities across government, critical infrastructure, and the private sector.
II. Legal Framework: Establish a legal framework that defines cyber crimes, penalties, and enforcement mechanisms to deter cybercriminal activities and provide clear guidelines for law enforcement agencies.
III. Cyber Incident Response Plan: Create a coordinated cyber incident response plan involving government agencies, private sector organizations, and relevant stakeholders to effectively respond to and mitigate cyber threats and incidents.
IV. Capacity Building and Training: Invest in cybersecurity education, training, and skill development programs to build a skilled workforce capable of addressing cybersecurity challenges in both the public and private sectors.
V. Public Awareness Campaigns: Launch public awareness campaigns to educate individuals and organizations about cybersecurity risks, best practices, and the importance of maintaining cyber hygiene.
VI. Cybersecurity Standards and Regulations: Develop and enforce cybersecurity standards and regulations for critical infrastructure sectors, government agencies, and businesses to ensure the implementation of robust cybersecurity measures.
VII. Information Sharing and Collaboration: Facilitate information sharing and collaboration between government agencies, cybersecurity experts, academia, and the private sector to exchange threat intelligence and strengthen cybersecurity defenses.
VIII. Secure Government Networks and Systems: Implement cybersecurity measures to protect government networks, systems, and data from cyber threats, including regular security assessments, vulnerability management, and incident response capabilities.
IX. Critical Infrastructure Protection: Prioritize the protection of critical infrastructure sectors such as energy, banking, telecommunications, and transportation against cyber threats through regulations, standards, and proactive security measures.
X. Data Protection and Privacy: Enact data protection and privacy laws to safeguard individuals' personal information from unauthorized access, disclosure, and misuse, ensuring compliance with international standards and best practices.
XI. International Cooperation: Foster international cooperation and partnerships with neighboring countries, regional organizations, and global cybersecurity initiatives to address transnational cyber threats and promote cybersecurity capacity building.
XII. Cybersecurity Research and Innovation: Support cybersecurity research, innovation,
and technology development initiatives to enhance Bangladesh's capabilities in cybersecurity, including the establishment of cybersecurity research centers and collaboration with academic institutions and industry partners.
XIII. Cyber Hygiene and Risk Management: Promote cyber hygiene practices and risk management strategies among organizations and individuals to reduce vulnerabilities and improve overall cybersecurity resilience.
XIV. Incident Reporting and Response Mechanisms: Establish clear guidelines and procedures for reporting cyber incidents to relevant authorities and facilitate coordinated response efforts to minimize the impact of cyber attacks and data breaches.
XV. Continuous Evaluation and Adaptation: Continuously evaluate the effectiveness of cybersecurity policies, strategies, and measures and adapt them to address emerging cyber threats and evolving technological trends.
These suggestions aim to strengthen Bangladesh's cybersecurity posture, protect critical assets and information, and promote a safe and secure digital environment for its citizens, businesses, and government entities.
Cyber Security Act 2023 Critical Observation
Cyber Security Act: Change in name, not content
The manner in which various offences have been defined in the controversial Digital Security Act, have been defined in almost exactly the same manner in the Cyber Security Act. The substance of the two laws is also almost the same. In fact, the objections and concerns about the Digital Security Act (DSA) voiced by the United Nations Human Rights Commission, the Editors’ Council and other organisations, have not been addressed in the proposed law. The sentences have only been reduced in some cases and the number of sections with provisions for bail has increased.
The draft of the proposed Cyber Security Act was published in the evening yesterday, Wednesday, on the website of the Digital Security Agency of the government’s information and communication division. A comparison between this draft and the Digital Security Act shows that the changes include, firstly, a reducing of certain sentences and an increase in bailable sections. Secondly, for the offence (if proven) of publishing and spreading defamatory information, provision only for fine has been kept instead of prison sentence. Also, two sections (33 and 57) of the DSA have been completely dropped from the proposed law. The first of these two sections is about punishment for holding and transferring data information illegally. And the second is about offence related to anything ‘done in good faith’.
There are 60 sections in the draft of the new law. In the DSA there were 62. In the proposed law, the punishment is the same for offences committed repeatedly as is when committed for the first time. In the DSA, sentences are heavier for crimes committed for the second or more times.
The Editors’ Council had demanded amendments to 9 sections (8, 21, 25, 28, 29, 31, 43 and 53) of the DSA, stating that these would seriously damage free media and freedom of expression. In the proposed law, amendments have been made to the sentences and bail provisions in seven of these sections. But the offences haven’t been defined clearly and remain as before. And no changes have been made in two of these sections.
Meanwhile, the UN Office of the High Commissioner for Human Rights had called for two sections of the DSA (21 and 28) to be repealed. These two sections have not been repealed in the draft of the new law, only the sentences and bail clauses have been changed. But changes (basically about sentences and bail) have been brought about in the eight sections (8, 25, 27, 29, 31, 32, 43 and 53) for which the organisation had called for amendments.
Many among the various journalist organisations as well as lawyers and human rights activists, say that while the reductions of sentences and increase of bailable sections is positive, the definitions in the law are the same as before and so is the substance, giving rise to apprehensions of misuse and abuse of the law. Reducing, increasing or changing the sentences will not protect citizens’ rights. The changes being brought about will not serve to tangibly protect fundamental human rights.
The Editors’ Council, in a statement yesterday, said it is meaningless if there is no difference between the character of the DSA and the Cyber Security Act other than a change in name. The council said that before the Cyber Security Act is enacted, discussions must be held with the stakeholders in the news media so that it is not made into a weapon to snatch away press freedom like the DSA.
Speaking to journalists about this law on Monday, Law Minister AnisulHuq said, “I feel that what has been done now (Cyber Security Act) will be very helpful in preventing cybercrimes. And the abuse which you all (journalists) complained about, will also be stopped.”
Five years ago in 2018 the Digital Security Act was passed unilaterally in parliament, ignoring the objections and protests of the journalists, including the Editors’ Council. From the very outset, along with journalists, local and foreign human rights organisations had expressed concern about this law. Several ministers also admitted that in some instances with law had been misused.
Five years on, in face of protest and criticism, the government has decided to change the DSA and come up with the Cyber Security Act. The draft of the Cyber Security Act was approved in
principle by the cabinet on Monday. After vetting, the law will go once again to the cabinet for final approval. The government aims to have the law passed during the parliament’s next session in September.
Two sections not removed despite demands:
The UN Office of the High Commissioner for Human Rights had called for the repeal of two sections (21 and 28). But these have been kept in identical form in the proposed law. Section 21 has provision for punishment against any form of propaganda or campaign against the liberation war, the spirit of the liberation war, the father of the nation, the national anthem the national flag. This section has provision for imprisonment not exceeding 10 years or fine up till Tk 10 million or both. In the proposed law only the sentenced has been reduced to 7 years. The fine remains Tk 10 million as before. The punishment for committing this crime for the second time or repeatedly had been life term or Tk 30 million fine or both. This has been dropped in the proposed law.
Official Secrets Act of 1923 from the colonial times has been retained. The colonial rulers used this act because they mistrusted the people of this country. The Editors Council saw no justification of this law in independent Bangladesh
Section 28 of the DSA deals with hurting religious sentiment or values. This remains intact in the new law, with the vagueness not being addressed.
In this section, the sentence is imprisonment not exceeding five years or a fine not exceeding Tk 1 million or both. In the proposed law the punishment will be imprisonment not exceeding two years or fine not exceeding 500,000 or both.
TIB’s executive director Iftekharuzzaman feels that the proposed Cyber Security Act is the old black law in a new packaging. Speaking to ProthomAlo, he said, “There is no qualitative or significant change in the new law. It is much of an eyewash. Such laws are leading us to a surveillance-based society.”
Concerns remain as before:
Article 25 of the DSA deals with transmission, publication, etc. of offensive, false or threatening data or information. Any person committing such offence will be sentenced to imprisonment not exceeding 3 years or fine not exceeding Tk 300,000 or both. The content remains the same with a reduce sentence of 2 years but the same fine.
Article 29 of the DSA deals with publication, transmission, etc. of defamatory information with a maximum sentence of 3 years and fine of Tk 500,000 or both. The provision for imprisonment
has been dropped in the new law, with only the fine in place. The fine now will be not exceeding Tk 2.5 million in place of Tk 500,000 as in the DSA. There are no laws for defamation, hurting the spirit, hurting religious sentiment in any strong democratic country
Shahdeen Malik, lawyer
Article 31 in the DSA is about deteriorating law and order, intentionally publishing or transmitting anything in website or digital layout that creates enmity, hatred or hostility among different classes or communities of the society, or destroys communal harmony, or creates unrest or disorder, or deteriorates or advances to deteriorate the law and order. If any person commits such an offence, he shall be punished with imprisonment for a term not exceeding 7 years, or with fine not exceeding Tk 500,000 or both. In the proposed law the sentenced as been reduced to 5 years and fine increased to Tk 2.5 million.
Article 32 of the DSA is about breaching secrecy of the government. The sentence not exceeding 14 years, or with fine not exceeding Tk 2.5 million or both. In the proposed law the sentence is not exceeding 7 years and fine Tk 2.5 million. In its statement yesterday, Wednesday, the Editors’ Council said while the sentence in Section 32 has been reduced somewhat, the Official Secrets Act of 1923 from the colonial times has been retained. The colonial rulers used this act because they mistrusted the people of this country. The Editors Council saw no justification of this law in independent Bangladesh.
The proposed Cyber Security Act has fully retained the content of Section 8 of the DSA. This section says if any data or information related to any matter under the jurisdiction of the Director General that is published or propagated in digital media, creates threat to digital security, the Director General may request the Bangladesh Telecommunications and Regulatory Commission, to remove or block the data-information. If it appears to the law and order enforcing force that any data-information published or propagated in digital media hampers the solidarity, financial activities, security, defence, religious values or public discipline of the country or any part thereof, or incites racial hostility and hatred, the law and order enforcing force may request BTRC to remove or block the data-information through the Director General. If BTRC is requested, it shall, with intimation to the government, instantly remove or, as the case may be, block the data-information.
Section 43 remains the same
The Editors’ Council and the UN human rights high commission called for Section 43 of the DSA to be amended. This has been kept identical in Section 42 of the draft.This section dealing with arrest without warrant states that if any police officer has reasons to believe that an offence under this act has been or is being committed, or is likely to be committed in any place, or any evidence is likely to be lost, destroyed, deleted or altered or made unavailable in any way, then he may, for reasons of such belief to be recorded in writing, proceed with the following
measures, namely to enter and search the place, and if obstructed, to take necessary measures in accordance with the Code of Criminal Procedure, to seize the computer, computer system, computer network, data-information or other materials used in committing the offence or any document supportive to prove the offence, to search the body of any person present in the place;
(d) to arrest any person present in the place if the person is suspect.In yesterday’s statement the Editors’ Council said that the police has been given a sort of magisterial authority by this, which is in no way acceptable. As this section remains intact, the new Cyber Security Act can on now way be considered a new law.
Eight new sections have bail provision:
The UN human rights high commission and the Editors’ Council had called for Section 53 of the DSA to be repealed. This relates to offences cognizable and bailable. There were 14 non-bailable sections in the DSA. These were 17, 19, 21, 22, 24, 26 27, 28, 30, 31, 32, 33 and 34. Of these, 8
have been made bailable in the proposed law. These are 22, 23, 24, 26, 28, 31, 32 and 34. In the
new law, the bailable sections now are 18 (1)(b), 20, 22, 23, 24, 25, 26, 28, 29, 31, 32 and 46.
And there are 6 non-bailable section in the proposed law. These are 17, 19, 21, 27, 30 and 33. The matter of bailable and non-bailable sections is dealt with in Section 52 of the proposed act.
Eminent lawyer Shahdeen Malik feels that there is scope for abuse of the proposed law too as the definition of the offences have not been changed. He told ProthomAlo that the area of abuse is that the offences have been mentioned very broadly. And so anyone can be face a case for saying anything. The difference is, the sentence after the trial is less to an extent. But the fear of committing an offence due to writing, has not been taken into consideration at all. There are no laws for defamation, hurting the spirit, hurting religious sentiment in any strong democratic country.
Cyber security Act 2023 Bangladesh: conclusion
The Cyber Security Act 2023 of Bangladesh represents a significant attempt to update the country's legal framework for addressing cybercrimes, but it remains deeply controversial. Here are the key points of the conclusion:
I. Modernization Effort:
The Act is a legislative response to the evolving nature of cyber threats, aiming to replace the widely criticized Digital Security Act (DSA) of 2018 with updated provisions. This modernization is intended to better protect Bangladesh's digital infrastructure and address new cyber challenges (Stratfor) (Dhaka Tribune).
II. Persistent Issues:
Despite some amendments, the Cyber Security Act retains many of the problematic elements of the DSA. It continues to grant broad powers to law enforcement, including the ability to search and arrest without warrants, which raises concerns about potential misuse and violations of due process (Dhaka Tribune). Vague definitions of
cybercrimes within the Act can lead to broad interpretations, potentially targeting political dissenters, journalists, and activists. This vagueness undermines the protection of freedom of expression and media freedom, essential components of a democratic society (Dhaka Tribune) (Stratfor).
III. Insufficient Reforms:
While the Act introduces some reduced penalties and reformed sections, these changes are seen by many as superficial. Key contentious sections that impact freedom of speech and expression have not been adequately addressed, leaving significant room for arbitrary application and potential misuse of the law (Dhaka Tribune).
IV. Recommendations for Improvement:
Clear definitions and a narrowed scope of what constitutes a cybercrime are crucial to prevent the Act from being used to suppress legitimate online activity. Judicial oversight should be mandated for actions such as searches and arrests to ensure checks and balances and protect individual rights. Extensive stakeholder consultations and public engagement are necessary to refine the law and ensure it aligns with international human rights standards (Stratfor) (Dhaka Tribune).
V. Public and International Concerns: The Act has faced significant criticism both domestically and internationally for its potential to erode civil liberties. The Editors’ Council and other human rights organizations have expressed deep concerns about the law's impact on press freedom and freedom of expression (Dhaka Tribune).
In conclusion, while the Cyber Security Act 2023 is a step towards addressing the complex landscape of cyber threats, it falls short in safeguarding fundamental rights and freedoms. Substantial amendments and rigorous oversight are needed to ensure that the Act effectively balances cybersecurity needs with the protection of civil liberties.
REFERENCES
[1]. Alam, Md. Shah. (2007). Cyber Crime: a new challenge for law enforcers!. [2]. Retrieved on 19.06.2014 from
http://www.prp.org.bd/cybercrime_files/Cybercrime --
Bangladesh Perspective.ppt.
[3]. Barua, J. (2014). Amendment Information Technology and Communication Act.
TheDaily Star. Retrived on 02.08.2014 from Click This Link communication-act-4688.
[4]. Bleyder, K. (2012). Cyber Security: the emerging threat landscape (Issue 10). Dhaka: Bangladesh Institute of Peace and Security Studies.
[5]. BNWLA. (2014). Survey on Psychological Health of Women. Dhaka: Bangladesh National Women Lawyers' Association.
[6]. BTRC. (2018, April 30). Internet Subscribers. Bangladesh Telecommunication Regulatory Commission: Click This Link bangladesh-april-2018.
[7]. Editorial. (2013). Draft ICT (Amendment) Ordinance-2013: a black law further blackened. The Daily Star. Retrieved on 02.08.2014from
[8]. Click This Link.
[9]. Greenemeier, L. (2007). China's Cyber Attacks Signal New Battlefield Is Online. Retrieved on 15.07.2014 from Click This Link.
[10]. The Information & Communication Technology Act, 2006. (2006). The Information & Communication Technology Act, 2006. 39. Retrieved on 02.08.2014
from Click This Link.
[11]. International Commission of Jurists (ICJ). (2013). Briefing Paper on the Amendments tothe Bangladesh Information Communication Technology Act 2006. Retrieved on 15.06.2014from http://icj.wpengine.netdna-cdn.com/wp- content/uploads/2013/11/ICT-Brief-Final-Draft-20-November- 2013.pdf.
[12]. Karaman, S. (2017, 11 29). Women support each other in the face of harassment online, but policy reform is needed. The LSE Women, Peace and Security blog. London: The London School of Economics and Political Science. Click This Link.
[13]. Maruf, A. M., Islam, M. R., Ahamed, B. (2010). Emerging Cyber Threats in Bangladesh: in quest of effective legal remedies. In Editor A. W. M. Abdul Huq (ed.), TheNorthernUniversity Journal of Law. Dhaka: Northern University Bangladesh.pp. 114-118.
[14]. MJF. (2014). Report on Porn Addicted Teenagers of Bangladesh. Dhaka:
Manusher Jonno Foundation. [15]. Perlroth, N., Gellesaug, D. (2014). Russian Hackers Amass Over a Billion Internet Passwords. Retrieved on 12.07.2014 from Click This Link
a-billion-stolen- internetcredentials.html?action=click&contentCollection=Asia Pacific&module=Most Emaile d&version=Full®ion=Marginalia&src=me&pgtype=article&_r=0.
[16]. Singer, P. W., Freidman, A. (2014). Cybersecurity and Cyberwar: what everyone needs to know. Oxford: Oxford University Press. p.13.
[17]. The Daily ProthomAlo, 6th October, 2015.
[18]. Tikk, Eneken. (2011). Ten Rules for Cyber Security. Survival: global politics and strategy. (p.119-132). London: Routledge.Pp.124-127.
[19]. USSD. (2017). Country Report on Human Rights Practices for 2016. Washington DC:
US Department of State. Available at
[20]. Click This Link.
[21]. Williams, B. (2014). Cyberspace: what is it, where is it and who cares?. Retrieved on 15.07.2014 from Click This Link and-who-cares/.
[22]. Zaman, S., Gansheimer, L., Rolim, S. B., &Mridha, T. (2017). Legal Action on Cyber Violence Against Women. Dhaka: Bangladesh Legal Aid Services Trust (BLAST). Click This Link
১ টি 
+০/-০©somewhere in net ltd.
১|
১৭ ই জুন, ২০২৪ রাত ১:৩৯
মিরোরডডল বলেছেন:
এই লেখাটা রীতিমতো পানিশমেন্ট!!!
এতো বড় লেখা কেউ পড়বে?????
Though the source links are given, yet this topic would have been a good one if you could post it properly.