TIB concerned over certain provisions of proposed Cyber Security Ordinance

Transparency International Bangladesh, or TIB, has raised alarm over certain provisions of the proposed Cyber Security Ordinance by the interim government that it says repeat the "repressive" elements of the Cyber Security and Digital Security Acts from the Awami League government's tenure.

At a news conference on Tuesday, TIB voiced "deep concern" over the new law, stating that many of its provisions pose risks to citizens' freedom of expression, dissent, press freedom, and the right to organise.

TIB's Executive Director Iftekharuzzaman said, "The Cyber Security Ordinance retains numerous provisions from the repressive Digital Security Act and Cyber Security Act, which will create an excessively restrictive and surveillance-based legal framework."

"Upon reviewing the ordinance, we find it largely reflects the agenda and rhetoric of a fallen authoritarian government. Several provisions exhibit repetition of the previous DSA or CSA," he added.

On Nov 7, the interim government made a policy decision to repeal the Cyber Security Act, which had gained infamy as a “black law”.

On Dec 1, the government’s Information and Communication Technology, or ICT, Division published the draft of the Cyber Security Ordinance 2024 on its website, inviting opinions by Dec 4.

Twenty days later, on Dec 24, the interim cabinet gave final approval to the draft ordinance. The president is expected to issue the ordinance thereafter.

TIB raised concerns about the process of drafting the ordinance, highlighting the use of "complex and ambiguous words, phrases, and concepts" in some sections and questioned the allocation of only four days for stakeholders to provide feedback.

It added that the ordinance was approved hastily, without allowing stakeholders adequate time for proper review, which it described as entirely unwarranted.

 “We believe the ordinance, in its current form, does not reflect the aspirations of the people. We hope it will be thoroughly revised through discussions with relevant stakeholders before proceeding to its final stage, ensuring that Bangladesh’s constitutional commitments and obligations under the Universal Declaration of Human Rights and related international human rights conventions are upheld,” said Iftekharuzzaman.

TIB’s observations were presented at the press conference by Muhammad Ershadul Karim, associate professor at the Faculty of Law and Emerging Technologies, University of Malaya, Malaysia.

TIB pointed out that the structure and content of the Cyber Security Ordinance are not aligned with international best practices.

While the ordinance attempts to integrate issues related to cyber security, cybercrime, and freedom of expression, its use of ambiguous and complex language has made it confusing for both the general public and experts.

Moreover, the absence of clear definitions for terms such as "artificial intelligence", "blockchain”, and "quantum computing" could create challenges in the practical application of the law.

TIB observed that the powers granted to the director general of the Cyber Security Agency???and law enforcement in the ordinance are consistent with those in the previous Cyber Security Act.

The organisation also flagged that definitions of terms such as "computer", "data repository”, and "computer system" in Section 2 are overly broad and inconsistent with technological realities, potentially leading to problems in enforcement.

 “The review also found that the title and structure of the ordinance do not meet international standards,” said Ershadul Karim.

He explained that combining cyber security, cybercrime, and freedom of expression under a single title has led to confusion.

Section 8(2), which proposes extending law enforcement’s powers, could lead to political misuse or infringement on citizens' internet rights, he added.

For Sections 16 and 17, TIB recommended incorporating clear provisions for certified monitoring processes and measures to address breaches in cyber security.

Regarding Section 25, Karim noted that its broad and ambiguous inclusion of issues like cyberbullying, defamation, harassment, or blackmail could misinterpret legitimate criticism as "harassment" or "defamation”, thereby threatening citizens’ freedom of expression.

 “This section should be revised to align with the Constitution and international human rights law,” he urged.

Executive Director Iftekharuzzaman observed, “This ordinance risks undermining citizens’ freedom of speech, freedom of expression, an independent press, and the right to organise.”

 “Although it is claimed that the ordinance will ensure digital rights for the people, we see a continuation of the controlling and surveillance-centric features of past draconian laws.”

He added, “By using complex and ambiguous terms and phrases, the ordinance leaves room for misuse. It attempts to encompass multiple cyber security-related issues, resulting in a muddled framework.”

 “The ordinance’s drafting process did not include input from relevant stakeholders, nor was adequate time provided for proper review.

 “Instead, it was approved hastily. It is concerning to see such a controlling and surveillance-based ordinance passed under the initiative of an interim government supposedly committed to anti-discriminatory values.”

The ordinance also considers offending religious sentiments as a crime, despite lacking a clear definition of what constitutes such an offence, he noted.

 “If clauses addressing religious sentiments are to be included, they should not be limited to religious values alone. Any statements that attack the principles of equality, secularism, and non-discrimination should also be considered equally unacceptable.”

The press conference was attended by TIB Advisor Sumaiya Khair and Outreach and Communication Director Mohammad Towhidul Islam.