THE observations that Transparency International Bangladesh has made on the Cyber Security Rules 2004 — consequent on the Cyber Security Act 2003 passed in September 2023 — suggest that the government has not made the course correction that it needed even after repeated criticism of the law by the well-meaning section of society. The organisation has noted — at a press conference on the proposed Cyber Security Rules 2024 jointly held along with Article 19 in Dhaka on June 13 — that the rules could very well be a handle to control the rights of citizens. The executive director of the organisation notes that the Cyber Security Act is nothing short of the Digital Security Act 2018 but only differently packaged and the 2023 law remains equally arbitrary as the 2018 law. And, the proposed rules, put into the final form retaining the contradictions of the Cyber Security, are highly likely to remain largely ineffective. The organisation’s executive director also says that the Cyber Security Act is modelled on the Digital Security Act and the proposed rules are not much different as the 19 rules of the proposal are a verbatim reproduction of the Digital Security Rules 2020. The 2023 law could well, therefore, be a weapon against the free access to information and the free speech that information technology has facilitated.
While Transparency International Bangladesh thinks that the Cyber Security Act 2023 is restrictive, mostly undemocratic and, therefore, a hindrance to the freedom of expression, the stakeholders who attended the press conference say that there are no provisions or sections in the law or, even, the proposed rules that could ensure the transparency and accountability of the Cyber Security Agency, which is said to have earlier been the same as the Digital Security Agency, set up under the 2018 law, just renamed. The stakeholders also deplore the absence of an independent supervisory commission which could add to the risks of the violation of citizens’ right to privacy and to the possibility of inroads into the privacy of citizens by government-controlled agencies. All this leaves the scope wide open for the abuse and misuse of the 2023 legislation the way the 2018 law did. Most of the major attacks on critical information infrastructure in the past were carried out from outside the country and the rules propose no provision on how to take action in such events. Schedule 2 of the proposed rules seeks to deal with digital forensic processes with an accent on devices and file systems but it overlooks other customised apps and software. In all, it seems that there appears a veil of deceit drawn over the government’s move regarding the legislation and the rules. And, all this brings to the fore a strong intent of the government not to heed what experts say about the law as its ultimate motive is to use it as a device to make inroads into citizens’ privacy, to meddle with free access to information and to harm free speech.
The stakeholders recommend that the government should, first, overhaul the legislation, purging it of all incongruity, vagueness and constraining factors, conforming to international instruments and then re-draft the rules. The government must heed the public advice.
